9921f2b9a241750e4730fc7d486687c6a32779f4 |
|
10-Oct-2012 |
Jan Engelhardt <jengelh@inai.de> |
build: resolve compile abort in libxt_limit on RHEL5 libxt_limit.c: In function 'print_rate': libxt_limit.c:124: error: 'INFINITY' undeclared (first use in this function) The default mode of glibc-2.15's <features.h> sets "-D_POSIX_C_SOURCE=200809L", and therefore "-D_ISOC99_SOURCE". However, on þe olde RHEL 5's glibc-2.5, it only has "-D_POSIX_C_SOURCE=200112L". Explicitly draw in the definition of INFINITY by always defining _ISOC99_SOURCE. By doing this, we are moving off of the default set, so _BSD_SOURCE also needs to be explicitly set to get at IFNAMSIZ that is used in xt_hashlimit.h. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_hashlimit.c
|
9d69da4bdb1d546218d168b72f12ac8aa042e3d8 |
|
28-Jul-2012 |
Jan Engelhardt <jengelh@inai.de> |
libxt_*limit: avoid division by zero It was possible to specify -A mychain -m hashlimit --hashlimit 600059/minute; this would convert to r->avg=0, which subsequently causes a division by zero when printing with -S mychain. 1. Avoid division by zero in print_rate by printing infinity instead. 2. Rewrite the test in parse_rate to properly reject too high rates. Signed-off-by: Jan Engelhardt <jengelh@inai.de>
/external/iptables/extensions/libxt_hashlimit.c
|
abdef13f36b63758f8775eb86febd96bf062df6f |
|
08-May-2012 |
Florian Westphal <fw@strlen.de> |
libxt_hashlimit: add support for byte-based operation allows --hashlimit-(upto|above) Xb/s [ --hashlimit-burst Yb ] to make hashlimit match when X bytes/second are exceeded; optionally, Y bytes will not be matched (i.e. bursted). [ Pablo fixed minor compilation warning in this patch with gcc-4.6 and x86_64 ] libxt_hashlimit.c: In function ‘parse_bytes’: libxt_hashlimit.c:216:6: warning: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘uint64_t’ [-Wformat] Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_hashlimit.c
|
4a56bcbd49ef20a0203017c15ab1cec9bb140d1a |
|
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: observe new default gc-expire time when saving Since a while, --htable-gc-expire defaults to the chosen time quantum instead of 10 fixed seconds, which leads the expiry value to be always printed, which is redundant. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
de1f06dca906bfcb82d7c7c2d555fbf3229d12b6 |
|
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: remove inversion from hashlimit rev 0 Revision 0 indeed did not have inversion support, nor presence of --hashlimit-above. This glitch was added in v1.4.11~16^2~10. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
c148c4ad2e28b94125c0c9954a887f0a473d598b |
|
21-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: default htable-expire must be in milliseconds Bug goes back to v1.4.12~3^2~11. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
68146dad91611bd8d6d12c8ba27219130d99607b |
|
22-Jun-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: use a more obvious expiry value by default Due to the previous default expiry of 10 sec, "--hashlimit 1/min" would allow matching up to 6/min if a properly timed. To do what the user expects, the minimum expiry must equal the selected time quantum however. Cc: Jan Rovner <jan.rovner@diadema.cz> Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
fe02f76e013941a7f65f57f297d3177bcfeb0623 |
|
04-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
e88a7c2c7175742b58b6aa03f2b5aba2d80330a1 |
|
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove redundant init functions The main program already zeroes the per-extension data block. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
73866357e4a7a0fdc1b293bf8863fee2bd56da9e |
|
18-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: do not print trailing whitespaces Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
d09b6d591ca7d7d7575cb6aa20384c9830f777ab |
|
08-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove no longer necessary default: cases Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
7ac405297ec38449b30e3b05fd6bf2082fd3d803 |
|
07-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: use C99/POSIX types "u_int" was a non-standardized extension predating C99 on some platforms. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e |
|
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
dd2bbe0b614ad60fb2e267863471836aae424425 |
|
24-Jun-2010 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: always print burst value iptables -L lists the burst value, and so should iptables -S. I was certainly surprised to see it gone even when explicitly specifying --hashlimit-burst 5 on the command line. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
bbe83862a5e1baf15f7c923352d4afdf59bc70e2 |
|
24-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iptables/extensions: make bundled options work again When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
bf97128c7262f17a02fec41cdae75b472ba77f88 |
|
03-Nov-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
f2a77520693f0a6dd1df1f87be4b81913961c1f5 |
|
25-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: collapse data variables to use multi-reg calls Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
c5e85736c207f211d82d2878a5781f512327dfce |
|
12-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: collapse registration structures There are no different code paths between IPV4 and IPV6, so data can be consolidated here. text data bss dec hex filename 243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586] 243613 9428 2576 255617 3e681 ip6tables-static[after.i586] -144 -2784 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
2c69b55e55f2efc5a334b87ccdceaa9de0ecb658 |
|
30-Apr-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: replace open-coded sizeof by ARRAY_SIZE Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
69f564e3890976461de0016cd81171ff8bfa8353 |
|
26-May-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: add const qualifiers in print/save functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
bf02bd290c03fd47b256258e06157f4d9d76e46d |
|
24-Mar-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit: add missing space for iptables-save output Reference: http://bugzilla.netfilter.org/show_bug.cgi?id=568 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
1829ed482efbc8b390cc760d012b3a4450494e1a |
|
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
0f16c725aadaac7e670d632ecbaea3661ff00827 |
|
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
a41545ca7cde43e0ba53260ba74bd9bf74025a68 |
|
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
5f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507 |
|
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - strtoui This commit also throws out the redundant string_to_number_*. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
e917bca09924435f3fca23c01042543b1826c81e |
|
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: use UINT_MAX constants over open-coded numbers (2/2) Use the handy constants for ranges. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_hashlimit.c
|
03d99486d8283552705b58dc55b6085dffc38792 |
|
18-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_hashlimit.c
|
81bd58838403fc8c4a63840f0af42deebe6d4a20 |
|
04-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: update comments part II A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_hashlimit.c
|
ddac6c5bc636003d664d25c08ea3fe176565096c |
|
01-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: Update comments A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_hashlimit.c
|
04c97954d5933fc935616f69a8e63944d5c6cec4 |
|
04-Aug-2008 |
Phil Oester <kernel@linuxace.com> |
iptables-save: fix hashlimit output In bugzilla 550, Xeb notes that the --hashlimit-htable-gcinterval argument is saved incorrectly. Patch below corrects. Patch-from: Xeb <xeb@mail.ru> Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_hashlimit.c
|
ef18e8147903885708d1c264904129af4fb636d6 |
|
04-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove dependency on libiptc headers xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_hashlimit.c
|
8b7c64d6ba156a99008fcd810cba874c73294333 |
|
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove old functions, constants
/external/iptables/extensions/libxt_hashlimit.c
|
9a8c77fc8df3155747c34dcea79b7834a2a9a40a |
|
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Add support for xt_hashlimit match revision 1
/external/iptables/extensions/libxt_hashlimit.c
|
dbb77543ad6afe29e9a1881b2d4fc212de621a55 |
|
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Fix -Wshadow warnings and clean up xt_sctp.h Note: xt_sctp.h is still not merged upstream in the kernel as of this commit. But a refactoring was really needed.
/external/iptables/extensions/libxt_hashlimit.c
|
9ee386a1b6d7704b259460152c959ab0e79e02aa |
|
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
fix gcc warnings Max Kellermann <max@duempel.org>
/external/iptables/extensions/libxt_hashlimit.c
|
da75a5a4ed43d3a822b9a75d6fbbfc2e06ccfbfa |
|
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_hashlimit checks Add checks for libxt_hashlimit so that options cannot be passed twice Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
/external/iptables/extensions/libxt_hashlimit.c
|
181dead3f13befe02769ef479bcbb51801b7fc4e |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique symbols 1/6 Give symbols of libxt matches unique names (1/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libxt_hashlimit.c
|
0e2abed11985e16215559cefd90625f99317b96c |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Constify data structures Constify more data structures. Make functions static. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libxt_hashlimit.c
|
500f483fff529dcd88ec96b9d5054be6cd6363a0 |
|
08-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix sparse warnings: non-ANSI function declarations, 0 used as pointer
/external/iptables/extensions/libxt_hashlimit.c
|
ea146a982e26c42f9954f140276f8deeb2edbe98 |
|
02-Sep-2007 |
Peter Riley <Peter.Riley@hotpop.com> |
Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)
/external/iptables/extensions/libxt_hashlimit.c
|
d62a9db1295608ef98394b830703389973346716 |
|
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Unifies libip[6]t_hashlimit into libxt_hashlimit
/external/iptables/extensions/libxt_hashlimit.c
|