| 9921f2b9a241750e4730fc7d486687c6a32779f4 |
|
10-Oct-2012 |
Jan Engelhardt <jengelh@inai.de> |
build: resolve compile abort in libxt_limit on RHEL5
libxt_limit.c: In function 'print_rate':
libxt_limit.c:124: error: 'INFINITY' undeclared (first use in
this function)
The default mode of glibc-2.15's <features.h> sets
"-D_POSIX_C_SOURCE=200809L", and therefore "-D_ISOC99_SOURCE". However,
on þe olde RHEL 5's glibc-2.5, it only has "-D_POSIX_C_SOURCE=200112L".
Explicitly draw in the definition of INFINITY by always defining
_ISOC99_SOURCE. By doing this, we are moving off of the default set, so
_BSD_SOURCE also needs to be explicitly set to get at IFNAMSIZ that is
used in xt_hashlimit.h.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_hashlimit.c
|
| 9d69da4bdb1d546218d168b72f12ac8aa042e3d8 |
|
28-Jul-2012 |
Jan Engelhardt <jengelh@inai.de> |
libxt_*limit: avoid division by zero
It was possible to specify -A mychain -m hashlimit --hashlimit
600059/minute; this would convert to r->avg=0, which subsequently
causes a division by zero when printing with -S mychain.
1. Avoid division by zero in print_rate by printing infinity
instead.
2. Rewrite the test in parse_rate to properly reject too high rates.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| abdef13f36b63758f8775eb86febd96bf062df6f |
|
08-May-2012 |
Florian Westphal <fw@strlen.de> |
libxt_hashlimit: add support for byte-based operation
allows --hashlimit-(upto|above) Xb/s [ --hashlimit-burst Yb ]
to make hashlimit match when X bytes/second are exceeded;
optionally, Y bytes will not be matched (i.e. bursted).
[ Pablo fixed minor compilation warning in this patch with gcc-4.6 and x86_64 ]
libxt_hashlimit.c: In function ‘parse_bytes’:
libxt_hashlimit.c:216:6: warning: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat]
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_hashlimit.c
|
| 4a56bcbd49ef20a0203017c15ab1cec9bb140d1a |
|
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: observe new default gc-expire time when saving
Since a while, --htable-gc-expire defaults to the chosen time quantum
instead of 10 fixed seconds, which leads the expiry value to be always
printed, which is redundant.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| de1f06dca906bfcb82d7c7c2d555fbf3229d12b6 |
|
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: remove inversion from hashlimit rev 0
Revision 0 indeed did not have inversion support, nor presence of
--hashlimit-above. This glitch was added in v1.4.11~16^2~10.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| c148c4ad2e28b94125c0c9954a887f0a473d598b |
|
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: default htable-expire must be in milliseconds
Bug goes back to v1.4.12~3^2~11.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 68146dad91611bd8d6d12c8ba27219130d99607b |
|
22-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: use a more obvious expiry value by default
Due to the previous default expiry of 10 sec, "--hashlimit 1/min"
would allow matching up to 6/min if a properly timed. To do what the
user expects, the minimum expiry must equal the selected time quantum
however.
Cc: Jan Rovner <jan.rovner@diadema.cz>
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| fe02f76e013941a7f65f57f297d3177bcfeb0623 |
|
04-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: use guided option parser
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| e88a7c2c7175742b58b6aa03f2b5aba2d80330a1 |
|
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove redundant init functions
The main program already zeroes the per-extension data block.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 73866357e4a7a0fdc1b293bf8863fee2bd56da9e |
|
18-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: do not print trailing whitespaces
Due to the use of printf("foobar "), iptables emits spaces at the
end-of-line, which looks odd to some users because it causes the
terminal to wrap even if there is seemingly nothing to print.
It may also have other points of annoyance, such as mailers
interpreting a trailing space as an indicator that the paragraph
continues when format=flowed is also on.
And git highlights trailing spaces in red, so let's avoid :)
Preexisting inconsistencies in outputting spaces in the right
spot are also addressed right away.
References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| d09b6d591ca7d7d7575cb6aa20384c9830f777ab |
|
08-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove no longer necessary default: cases
Match and target parse functions now only get option characters they
have defined themselves.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 7ac405297ec38449b30e3b05fd6bf2082fd3d803 |
|
07-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: use C99/POSIX types
"u_int" was a non-standardized extension predating C99 on some platforms.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e |
|
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
all: consistent syntax use in struct option
Try to inhibit copypasting old stuff.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| dd2bbe0b614ad60fb2e267863471836aae424425 |
|
24-Jun-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: always print burst value
iptables -L lists the burst value, and so should iptables -S. I was
certainly surprised to see it gone even when explicitly specifying
--hashlimit-burst 5 on the command line.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| bbe83862a5e1baf15f7c923352d4afdf59bc70e2 |
|
24-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iptables/extensions: make bundled options work again
When using a bundled option like "-ptcp", 'argv[optind-1]' would
logically point to "-ptcp", but this is obviously not right.
'optarg' is needed instead, which if properly offset to "tcp".
Not all places change optind-based access to optarg; where
look-ahead is needed, such as for tcp's --tcp-flags option for
example, optind is ok.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| bf97128c7262f17a02fec41cdae75b472ba77f88 |
|
03-Nov-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: hand argv to xtables_check_inverse
In going to fix NF bug #611, "argv" is needed in
xtables_check_inverse to set "optarg" to the right spot in case of an
intrapositional negation.
References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| f2a77520693f0a6dd1df1f87be4b81913961c1f5 |
|
25-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: collapse data variables to use multi-reg calls
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| c5e85736c207f211d82d2878a5781f512327dfce |
|
12-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: collapse registration structures
There are no different code paths between IPV4 and IPV6, so
data can be consolidated here.
text data bss dec hex filename
243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586]
243613 9428 2576 255617 3e681 ip6tables-static[after.i586]
-144 -2784
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 2c69b55e55f2efc5a334b87ccdceaa9de0ecb658 |
|
30-Apr-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: replace open-coded sizeof by ARRAY_SIZE
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 69f564e3890976461de0016cd81171ff8bfa8353 |
|
26-May-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: add const qualifiers in print/save functions
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| bf02bd290c03fd47b256258e06157f4d9d76e46d |
|
24-Mar-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: add missing space for iptables-save output
Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=568
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 1829ed482efbc8b390cc760d012b3a4450494e1a |
|
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix exit_error to xtables_error
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 0f16c725aadaac7e670d632ecbaea3661ff00827 |
|
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - move check_inverse to xtables.c
This also adds a warning that intrapositional negation support
is deprecated.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| a41545ca7cde43e0ba53260ba74bd9bf74025a68 |
|
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - param_act
Changes:
exittype -> xtables_exittype
P_* -> XTF_* flags
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 5f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507 |
|
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - strtoui
This commit also throws out the redundant string_to_number_*.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| e917bca09924435f3fca23c01042543b1826c81e |
|
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: use UINT_MAX constants over open-coded numbers (2/2)
Use the handy constants for ranges.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 03d99486d8283552705b58dc55b6085dffc38792 |
|
18-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: use NFPROTO_ constants
Resync netfilter.h from the latest kernel and make use of the new
NFPROTO_ constants that have been introduced.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_hashlimit.c
|
| 81bd58838403fc8c4a63840f0af42deebe6d4a20 |
|
04-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: update comments part II
A number of comments are redundant, some outdated and others outright
wrong in their own way. Remove and fixup.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_hashlimit.c
|
| ddac6c5bc636003d664d25c08ea3fe176565096c |
|
01-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: Update comments
A number of comments are redundant, some outdated and others outright
wrong in their own way. Remove and fixup.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_hashlimit.c
|
| 04c97954d5933fc935616f69a8e63944d5c6cec4 |
|
04-Aug-2008 |
Phil Oester <kernel@linuxace.com> |
iptables-save: fix hashlimit output
In bugzilla 550, Xeb notes that the --hashlimit-htable-gcinterval
argument is saved incorrectly. Patch below corrects.
Patch-from: Xeb <xeb@mail.ru>
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_hashlimit.c
|
| ef18e8147903885708d1c264904129af4fb636d6 |
|
04-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove dependency on libiptc headers
xtables.h does not need really need libxtc.h, and we can drop it from
the install as it is internal-only.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_hashlimit.c
|
| 8b7c64d6ba156a99008fcd810cba874c73294333 |
|
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove old functions, constants
/external/iptables/extensions/libxt_hashlimit.c
|
| 9a8c77fc8df3155747c34dcea79b7834a2a9a40a |
|
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Add support for xt_hashlimit match revision 1
/external/iptables/extensions/libxt_hashlimit.c
|
| dbb77543ad6afe29e9a1881b2d4fc212de621a55 |
|
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Fix -Wshadow warnings and clean up xt_sctp.h
Note: xt_sctp.h is still not merged upstream in the kernel as of
this commit. But a refactoring was really needed.
/external/iptables/extensions/libxt_hashlimit.c
|
| 9ee386a1b6d7704b259460152c959ab0e79e02aa |
|
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
fix gcc warnings
Max Kellermann <max@duempel.org>
/external/iptables/extensions/libxt_hashlimit.c
|
| da75a5a4ed43d3a822b9a75d6fbbfc2e06ccfbfa |
|
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit checks
Add checks for libxt_hashlimit so that options cannot be passed twice
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 181dead3f13befe02769ef479bcbb51801b7fc4e |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique symbols 1/6
Give symbols of libxt matches unique names (1/3).
Adds unique prefixes to all functions (most of them - especially the hook
functions) so that debugging programs can unambiguously map a symbol to an
address. Also unifies the names of the xtables_match/xtables_target structs,
(based upon libxt_connmark.c/libip6t_*.c).
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 0e2abed11985e16215559cefd90625f99317b96c |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Constify data structures
Constify more data structures. Make functions static.
Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libxt_hashlimit.c
|
| 500f483fff529dcd88ec96b9d5054be6cd6363a0 |
|
08-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix sparse warnings: non-ANSI function declarations, 0 used as pointer
/external/iptables/extensions/libxt_hashlimit.c
|
| ea146a982e26c42f9954f140276f8deeb2edbe98 |
|
02-Sep-2007 |
Peter Riley <Peter.Riley@hotpop.com> |
Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)
/external/iptables/extensions/libxt_hashlimit.c
|
| d62a9db1295608ef98394b830703389973346716 |
|
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_hashlimit into libxt_hashlimit
/external/iptables/extensions/libxt_hashlimit.c
|