]> git.ipfire.org Git - thirdparty/iptables.git/log
projects / thirdparty / iptables.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
thirdparty/iptables.git
14 years agolibxt_policy: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Fri, 6 May 2011 15:45:12 +0000 (17:45 +0200)] 
libxt_policy: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_HOSTMASK support
commit | commitdiff | tree
Jan Engelhardt [Thu, 5 May 2011 12:19:25 +0000 (14:19 +0200)] 
libxtables: XTTYPE_HOSTMASK support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_hashlimit: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 4 May 2011 21:18:57 +0000 (23:18 +0200)] 
libxt_hashlimit: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_PLEN support
commit | commitdiff | tree
Jan Engelhardt [Wed, 4 May 2011 15:25:54 +0000 (17:25 +0200)] 
libxtables: XTTYPE_PLEN support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: flag invalid uses of XTOPT_PUT
commit | commitdiff | tree
Jan Engelhardt [Thu, 5 May 2011 10:53:14 +0000 (12:53 +0200)] 
libxtables: flag invalid uses of XTOPT_PUT

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: do not overlay addr and mask parts, and cleanup
commit | commitdiff | tree
Jan Engelhardt [Wed, 4 May 2011 14:41:13 +0000 (16:41 +0200)] 
libxtables: do not overlay addr and mask parts, and cleanup

XTTYPE_HOSTMASK will require that what has now become haddr,
hmask/hlen are not overlays of another. Thus relax the structure and
always set all members of the {haddr, hmask, hlen} triplet now for all
types that touch any of the members.

Add some more comments and clean out ONEHOST.

14 years agolibxt_recent: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 4 May 2011 10:30:15 +0000 (12:30 +0200)] 
libxt_recent: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_connlimit: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 1 May 2011 19:52:25 +0000 (21:52 +0200)] 
libxt_connlimit: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: support for XTTYPE_PLENMASK
commit | commitdiff | tree
Jan Engelhardt [Mon, 2 May 2011 00:13:16 +0000 (02:13 +0200)] 
libxtables: support for XTTYPE_PLENMASK

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_NFLOG: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 1 May 2011 14:27:46 +0000 (16:27 +0200)] 
libxt_NFLOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_IDLETIMER: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 1 May 2011 14:11:31 +0000 (16:11 +0200)] 
libxt_IDLETIMER: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_statistic: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Mon, 2 May 2011 16:26:31 +0000 (18:26 +0200)] 
libxt_statistic: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_DOUBLE support
commit | commitdiff | tree
Jan Engelhardt [Mon, 2 May 2011 16:09:59 +0000 (18:09 +0200)] 
libxtables: XTTYPE_DOUBLE support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_statistic: increase precision on create and dump
commit | commitdiff | tree
Jan Engelhardt [Mon, 2 May 2011 14:38:11 +0000 (16:38 +0200)] 
libxt_statistic: increase precision on create and dump

Currently, libxt_statistic only dumps the probability with a
granularity of 1/1000000. Assuming only stuffed packets with 1440
bytes payload, this would match approximately every 1.341 GB, which is
pretty low for a high-volume router. Trying to match any larger
interval than that (e.g. 2 GB) will cause libxt_statistic to output
"--probability 0.000000", and when restored, will cause it to never
match again.

Bump the dump precision to what xt_statistic can really do, and adjust
the manpage to include a word about it.

Furthermore, employ explicit rounding when reading the argument from
the command line, because the previous implicit conversion would use
truncation, which is not very exact.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_statistic: streamline and document possible placement of negation
commit | commitdiff | tree
Jan Engelhardt [Mon, 2 May 2011 14:29:18 +0000 (16:29 +0200)] 
libxt_statistic: streamline and document possible placement of negation

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoextensions: const annotations
commit | commitdiff | tree
Jan Engelhardt [Fri, 6 May 2011 22:05:24 +0000 (00:05 +0200)] 
extensions: const annotations

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: output name of extension on rev detect failure
commit | commitdiff | tree
Jan Engelhardt [Thu, 5 May 2011 10:54:52 +0000 (12:54 +0200)] 
libxtables: output name of extension on rev detect failure

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_owner: remove ifdef IPT_COMM_OWNER
commit | commitdiff | tree
Jan Engelhardt [Fri, 6 May 2011 19:58:38 +0000 (21:58 +0200)] 
libxt_owner: remove ifdef IPT_COMM_OWNER

Ever since we keep a copy of the header files anyway, IPT_COMM_OWNER
is always available.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoextensions: remove bogus use of XT_GETOPT_TABLEEND
commit | commitdiff | tree
Jan Engelhardt [Sat, 7 May 2011 02:01:25 +0000 (04:01 +0200)] 
extensions: remove bogus use of XT_GETOPT_TABLEEND

Commit v1.4.8-36-g32b8e61 added this end marker in a little too many
places: at non-getopt places. Fix that.

Also change the definition of XT_GETOPT_TABLEEND to reference a struct
getopt member by name so that this cannot happen again.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_u32: add missing call to xtables_option_parse
commit | commitdiff | tree
Jan Engelhardt [Fri, 6 May 2011 20:40:35 +0000 (22:40 +0200)] 
libxt_u32: add missing call to xtables_option_parse

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: fix assignment in wrong offset (XTTYPE_UINT*RC)
commit | commitdiff | tree
Jan Engelhardt [Mon, 2 May 2011 00:43:15 +0000 (02:43 +0200)] 
libxtables: fix assignment in wrong offset (XTTYPE_UINT*RC)

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_tos: add inversion support back again
commit | commitdiff | tree
Jan Engelhardt [Sun, 1 May 2011 17:58:56 +0000 (19:58 +0200)] 
libxt_tos: add inversion support back again

It was unfortunately removed during the option parser switch.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_dccp: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 20 Apr 2011 08:17:33 +0000 (10:17 +0200)] 
libxt_dccp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_udp: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Tue, 19 Apr 2011 13:44:48 +0000 (15:44 +0200)] 
libxt_udp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_PORTRC support
commit | commitdiff | tree
Jan Engelhardt [Sun, 17 Apr 2011 11:33:50 +0000 (13:33 +0200)] 
libxtables: XTTYPE_PORTRC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoextensions: remove unused TOS code
commit | commitdiff | tree
Jan Engelhardt [Fri, 29 Apr 2011 00:19:52 +0000 (02:19 +0200)] 
extensions: remove unused TOS code

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_tos: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Fri, 29 Apr 2011 00:12:56 +0000 (02:12 +0200)] 
libxt_tos: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_TOS: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Thu, 28 Apr 2011 23:25:14 +0000 (01:25 +0200)] 
libxt_TOS: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoxtoptions: respect return value in xtables_getportbyname
commit | commitdiff | tree
Jan Engelhardt [Thu, 14 Apr 2011 11:54:24 +0000 (13:54 +0200)] 
xtoptions: respect return value in xtables_getportbyname

If ret was negative, ntohs may make it positive, which is undesired.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_TEE: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Thu, 14 Apr 2011 11:42:43 +0000 (13:42 +0200)] 
libxt_TEE: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agobuild: bump libxtables ABI version
commit | commitdiff | tree
Jan Engelhardt [Thu, 14 Apr 2011 11:34:18 +0000 (13:34 +0200)] 
build: bump libxtables ABI version

Adding the x6_* members to struct xtables_{match,target} caused a
change requiring a bump.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_ULOG: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Tue, 8 Mar 2011 00:24:26 +0000 (01:24 +0100)] 
libipt_ULOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_TPROXY: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 9 Feb 2011 01:15:22 +0000 (02:15 +0100)] 
libxt_TPROXY: use guided option parser

I am starting with a simple module here that does not require a
final_check function.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_PORT support
commit | commitdiff | tree
Jan Engelhardt [Mon, 14 Feb 2011 14:12:50 +0000 (15:12 +0100)] 
libxtables: XTTYPE_PORT support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_ONEHOST support
commit | commitdiff | tree
Jan Engelhardt [Mon, 14 Feb 2011 14:10:15 +0000 (15:10 +0100)] 
libxtables: XTTYPE_ONEHOST support

The bonus of the POSIX socket API is that it is almost protocol-agnostic
and that there are ready-made functions to take over the gist of address
parsing and packing.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip[6]t_LOG: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Tue, 15 Feb 2011 11:05:12 +0000 (12:05 +0100)] 
libip[6]t_LOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_SYSLOGLEVEL support
commit | commitdiff | tree
Jan Engelhardt [Tue, 15 Feb 2011 21:10:48 +0000 (22:10 +0100)] 
libxtables: XTTYPE_SYSLOGLEVEL support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_string: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 17:12:04 +0000 (18:12 +0100)] 
libxt_string: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: pass struct xt_entry_{match,target} to x6 parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 17:11:58 +0000 (18:11 +0100)] 
libxtables: pass struct xt_entry_{match,target} to x6 parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_TCPMSS: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 17:00:05 +0000 (18:00 +0100)] 
libxt_TCPMSS: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_NFQUEUE: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 16:54:50 +0000 (17:54 +0100)] 
libxt_NFQUEUE: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_CT: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 16:47:03 +0000 (17:47 +0100)] 
libxt_CT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT16 support
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 16:42:51 +0000 (17:42 +0100)] 
libxtables: XTTYPE_UINT16 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_connbytes: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 16:19:10 +0000 (17:19 +0100)] 
libxt_connbytes: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT64RC support
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 16:13:54 +0000 (17:13 +0100)] 
libxtables: XTTYPE_UINT64RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT8RC support
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 16:09:19 +0000 (17:09 +0100)] 
libxtables: XTTYPE_UINT8RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_tcpmss: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 16:04:35 +0000 (17:04 +0100)] 
libxt_tcpmss: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_length: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 16:00:49 +0000 (17:00 +0100)] 
libxt_length: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT16RC support
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 15:59:23 +0000 (16:59 +0100)] 
libxtables: XTTYPE_UINT16RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_realm: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 15:38:51 +0000 (16:38 +0100)] 
libipt_realm: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_devgroup: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 15:02:03 +0000 (16:02 +0100)] 
libxt_devgroup: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: linked-list name<->id map
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 15:24:43 +0000 (16:24 +0100)] 
libxtables: linked-list name<->id map

This consolidates the maps from libxt_devgroup and libxt_realm.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_quota: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 15:58:24 +0000 (16:58 +0100)] 
libxt_quota: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT64 support
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 15:56:53 +0000 (16:56 +0100)] 
libxtables: XTTYPE_UINT64 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_CONNMARK: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 14:54:58 +0000 (15:54 +0100)] 
libxt_CONNMARK: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_MARK: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 14:21:24 +0000 (15:21 +0100)] 
libxt_MARK: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_MARKMASK32 support
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 13:57:44 +0000 (14:57 +0100)] 
libxtables: XTTYPE_MARKMASK32 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_u32: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 2 Mar 2011 22:06:59 +0000 (23:06 +0100)] 
libxt_u32: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_time: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 2 Mar 2011 22:03:36 +0000 (23:03 +0100)] 
libxt_time: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_state: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 2 Mar 2011 21:52:04 +0000 (22:52 +0100)] 
libxt_state: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_pkttype: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 2 Mar 2011 18:19:16 +0000 (19:19 +0100)] 
libxt_pkttype: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_physdev: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 2 Mar 2011 18:09:38 +0000 (19:09 +0100)] 
libxt_physdev: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_helper: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 2 Mar 2011 17:55:32 +0000 (18:55 +0100)] 
libxt_helper: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_comment: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Tue, 1 Mar 2011 19:16:22 +0000 (20:16 +0100)] 
libxt_comment: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_TCPOPTSTRIP: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 2 Mar 2011 21:57:52 +0000 (22:57 +0100)] 
libxt_TCPOPTSTRIP: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_SECMARK: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 2 Mar 2011 21:50:13 +0000 (22:50 +0100)] 
libxt_SECMARK: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_LED: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 6 Mar 2011 17:21:42 +0000 (18:21 +0100)] 
libxt_LED: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_DSCP: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Tue, 1 Mar 2011 19:28:24 +0000 (20:28 +0100)] 
libxt_DSCP: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_CLASSIFY: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Tue, 1 Mar 2011 19:14:16 +0000 (20:14 +0100)] 
libxt_CLASSIFY: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_AUDIT: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Tue, 1 Mar 2011 19:11:01 +0000 (20:11 +0100)] 
libxt_AUDIT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_addrtype: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Tue, 1 Mar 2011 19:02:35 +0000 (20:02 +0100)] 
libipt_addrtype: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibipt_ECN: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 2 Mar 2011 23:51:16 +0000 (00:51 +0100)] 
libipt_ECN: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip6t_ipv6header: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Tue, 1 Mar 2011 18:51:16 +0000 (19:51 +0100)] 
libip6t_ipv6header: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip[6]t_icmp: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Tue, 1 Mar 2011 17:36:15 +0000 (18:36 +0100)] 
libip[6]t_icmp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip6t_hbh: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 2 Mar 2011 23:40:43 +0000 (00:40 +0100)] 
libip6t_hbh: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip6t_dst: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Fri, 18 Feb 2011 01:11:31 +0000 (02:11 +0100)] 
libip6t_dst: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip[6]t_REJECT: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 16 Feb 2011 00:16:39 +0000 (01:16 +0100)] 
libip[6]t_REJECT: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_STRING support
commit | commitdiff | tree
Jan Engelhardt [Tue, 15 Feb 2011 21:09:21 +0000 (22:09 +0100)] 
libxtables: XTTYPE_STRING support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_esp: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 27 Feb 2011 22:56:28 +0000 (23:56 +0100)] 
libxt_esp: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip6t_frag: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Fri, 18 Feb 2011 01:17:54 +0000 (02:17 +0100)] 
libip6t_frag: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip[6]t_ah: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Wed, 16 Feb 2011 00:59:18 +0000 (01:59 +0100)] 
libip[6]t_ah: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT32RC support
commit | commitdiff | tree
Jan Engelhardt [Sun, 27 Feb 2011 22:41:10 +0000 (23:41 +0100)] 
libxtables: XTTYPE_UINT32RC support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip[6]t_hl: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Fri, 18 Feb 2011 02:20:56 +0000 (03:20 +0100)] 
libip[6]t_hl: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibip[6]t_HL: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 13 Feb 2011 02:31:54 +0000 (03:31 +0100)] 
libip[6]t_HL: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT8 support
commit | commitdiff | tree
Jan Engelhardt [Sun, 27 Feb 2011 18:03:28 +0000 (19:03 +0100)] 
libxtables: XTTYPE_UINT8 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_cluster: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 27 Feb 2011 16:52:23 +0000 (17:52 +0100)] 
libxt_cluster: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: min-max option support
commit | commitdiff | tree
Jan Engelhardt [Sun, 27 Feb 2011 16:38:34 +0000 (17:38 +0100)] 
libxtables: min-max option support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_cpu: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Fri, 18 Feb 2011 02:41:18 +0000 (03:41 +0100)] 
libxt_cpu: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: XTTYPE_UINT32 support
commit | commitdiff | tree
Jan Engelhardt [Wed, 16 Feb 2011 00:22:25 +0000 (01:22 +0100)] 
libxtables: XTTYPE_UINT32 support

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_CONNSECMARK: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 27 Feb 2011 15:50:22 +0000 (16:50 +0100)] 
libxt_CONNSECMARK: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: provide better final_check
commit | commitdiff | tree
Jan Engelhardt [Thu, 10 Feb 2011 15:57:37 +0000 (16:57 +0100)] 
libxtables: provide better final_check

This passes the per-extension data block to the new x6_fcheck function
pointer, which can then do last alterations without using hacks
like global variables (think libxt_statistic).

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_socket: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Fri, 18 Feb 2011 02:22:52 +0000 (03:22 +0100)] 
libxt_socket: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxt_CHECKSUM: use guided option parser
commit | commitdiff | tree
Jan Engelhardt [Sun, 27 Feb 2011 15:54:27 +0000 (16:54 +0100)] 
libxt_CHECKSUM: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agolibxtables: guided option parser
commit | commitdiff | tree
Jan Engelhardt [Mon, 7 Feb 2011 03:00:50 +0000 (04:00 +0100)] 
libxtables: guided option parser

This patchset seeks to drastically reduce the code in the individual
extensions by centralizing their argument parsing (breakdown of
strings), validation, and in part, assignment.

As a secondary goal, this reduces the number of static storage duration
variables in flight.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoextensions: add missing checks for specific flags (2)
commit | commitdiff | tree
Jan Engelhardt [Tue, 1 Mar 2011 18:48:10 +0000 (19:48 +0100)] 
extensions: add missing checks for specific flags (2)

Addendum to v1.4.10-75-g4e5d4bf. It does not make sense to use
ipv6header's --soft without specifying any options.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agomark newly opened fds as FD_CLOEXEC (close on exec)
commit | commitdiff | tree
Maciej Zenczykowski [Mon, 4 Apr 2011 13:30:32 +0000 (15:30 +0200)] 
mark newly opened fds as FD_CLOEXEC (close on exec)

(This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm)

Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoman pages: allow underscores in match and target names
commit | commitdiff | tree
Maciej Zenczykowski [Mon, 4 Apr 2011 13:29:40 +0000 (15:29 +0200)] 
man pages: allow underscores in match and target names

Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoiptables: documentation for iptables and ip6tables "security" tables
commit | commitdiff | tree
Mark Montague [Mon, 4 Apr 2011 12:54:52 +0000 (14:54 +0200)] 
iptables: documentation for iptables and ip6tables "security" tables

Add documentation for the iptables and ip6tables "security" tables.
Based on http://lwn.net/Articles/267140/ and kernel source.

Signed-off-by: Mark Montague <mark@catseye.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoiptables: add manual page section for AUDIT target
commit | commitdiff | tree
Thomas Graf [Wed, 16 Mar 2011 15:30:09 +0000 (16:30 +0100)] 
iptables: add manual page section for AUDIT target

Signed-off-by: Thomas Graf <tgraf@redhat.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
14 years agoiptables: add -C to check for existing rules
commit | commitdiff | tree
Stefan Tomanek [Tue, 8 Mar 2011 21:42:51 +0000 (22:42 +0100)] 
iptables: add -C to check for existing rules

It is often useful to check whether a specific rule is already present
in a chain without actually modifying the iptables config.

Services like fail2ban usually employ techniques like grepping through
the output of "iptables -L" which is quite error prone.

This patch adds a new operation -C to the iptables command which
mostly works like -D; it can detect and indicate the existence of the
specified rule by modifying the exit code. The new operation
TC_CHECK_ENTRY uses the same code as the -D operation, whose functions
got a dry-run parameter appended.

Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
next
Mirror of git://git.netfilter.org/iptables