| 945353a25bbb2dbf88128c27a9169851da6ebf05 |
|
20-Jun-2013 |
Phil Oester <kernel@linuxace.com> |
ip6tables: don't print out /128
Similar to how iptables does not print /32 on IPv4 addresses, ip6tables
should not print out /128 on IPv6 addresses.
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@soleta.eu>
/external/iptables/libxtables/xtables.c
|
| 17fd36631d3ca17b581be9acb8ab054931b5a917 |
|
27-May-2013 |
Phil Oester <kernel@linuxace.com> |
xtables: improve get_modprobe handling
In bug #455, Dmitry V. Levin proposed a more robust get_modprobe
implementation. The patch below is a version of his patch,
updated to apply to current git.
This closes bug #455.
Signed-off-by: Phil Oester <kernel@linuxace.com>
Signed-off-by: Pablo Neira Ayuso <pablo@soleta.eu>
/external/iptables/libxtables/xtables.c
|
| 2f655ede64e07a861e3ec50150f572ed98755013 |
|
29-Oct-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxtables: add xtables_print_num
This function is used both by iptables and ip6tables, and
refactorize to avoid longer than 80-chars per column lines
of code.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/libxtables/xtables.c
|
| d1e7922a587a239e16e0dbe654e63f76e1375e49 |
|
04-Jan-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxtables: add xtables_rule_matches_free
This function is shared by iptables and ip6tables.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/libxtables/xtables.c
|
| dd43527cb6bdf3d469100850ca10dcd2fb761304 |
|
07-Oct-2012 |
Jan Engelhardt <jengelh@inai.de> |
iptables: restore NOTRACK functionality, target aliasing
Commit v1.4.16-1-g2aaa7ec is testing for real_name (not) being NULL
which was always false (true). real_name was never NULL, so cs->jumpto
would always be used, which rendered -j NOTRACK unusable, since the
chosen real name.revision is for example NOTRACK.1, which does not exist
at the kernel side.
# ./iptables/xtables-multi main4 -t raw -A foo -j NOTRACK
dbg: Using NOTRACK.1
WARNING: The NOTRACK target is obsolete. Use CT instead.
iptables: Protocol wrong type for socket.
To reasonably support the extra-special verdict names, make it so that
real_name remains NULL when an extension defined no alias, which we can
then use to determine whether the user entered an alias name (which
needs to be followed) or not.
[ I have mangled this patch to remove a comment unnecessarily large.
BTW, this patch gets this very close to the initial target aliasing
proposal --pablo ]
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/libxtables/xtables.c
|
| c436dad7cfdd80ca4a05ceed556c39babc266f55 |
|
27-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
iptables: support for match aliases
This patch allows for match names listed on the command line to be
rewritten to new names and revisions, like we did for targets before.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
/external/iptables/libxtables/xtables.c
|
| cd2f9bdbb7f9b737e5d640aafeb78bcd8e3a7adf |
|
04-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
iptables: support for target aliases
This patch allows for target names listed on the command line to be
rewritten to new names and revisions.
As before, we will pick a revision that is supported by the kernel - now
including real_name in the search. This gives us the possibility to test
for many action names.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
/external/iptables/libxtables/xtables.c
|
| 954b76c317f641b7faf33cc26931d45585cc0dea |
|
27-Sep-2012 |
Jan Engelhardt <jengelh@inai.de> |
libxtables: consolidate preference logic
Alias support will require testing for more conditions, so move the
revision comparison code into a separate function where it can be
shared between matches and targets.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
/external/iptables/libxtables/xtables.c
|
| a96166c24eaac1c91bed4815c09e91733409d888 |
|
14-Jul-2012 |
Pablo Neira Ayuso <pablo@netfilter.org> |
libxtables: add xtables_ip[6]mask_to_cidr
This patch adds generic functions to return the mask in CIDR
notation whenever is possible.
This patch also simplifies xtables_ip[6]mask_to_numeric, that
now use these new two functions.
This patch also bumps libxtables_vcurrent and libxtables_vage
since we added a couple new interfaces (thanks to Jan Engelhardt
for his little reminder on this).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/libxtables/xtables.c
|
| 8816e91cddef785c78b3598c7c41a1f88be08f5a |
|
18-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
build: restore build order of modules
iptables(exe) requires libext.a, but extensions/ require libxtables.la
(in iptables/). This circular dependency does not work out, so
separate libxtables into its own directory and put it in front.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/libxtables/xtables.c
|