d7aeda5ed45ac7ca959f12180690caa371b5b14b |
|
08-Jul-2013 |
Pablo Neira Ayuso <pablo@netfilter.org> |
ip{6}tables-restore: fix breakage due to new locking approach Since (93587a0 ip[6]tables: Add locking to prevent concurrent instances), ip{6}tables-restore does not work anymore: iptables-restore < x Another app is currently holding the xtables lock. Perhaps you want to use the -w option? do_command{6}(...) is called from ip{6}tables-restore for every iptables command contained in the rule-set file. Thus, hitting the lock error after the second command. Fix it by bypassing the locking in the ip{6}tables-restore path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/include/iptables.h
|
1639fe86579f86f5f6a954a9b0adde2e16ad1980 |
|
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: combine common types: _handle No real API/ABI change incurred, since the definition of the structs' types is not visible anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/include/iptables.h
|
7e5e866a36a76c153e5903b8251f90cfe07a1d34 |
|
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: replace ipt_chainlabel by xt_chainlabel Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/include/iptables.h
|
f56b8a8bf4b1041cb875fd8439778f35276bdb30 |
|
03-Sep-2011 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: move kernel version find routing into libxtables That way, the remaining unreferenced symbols that do appear in libipt_DNAT and libipt_SNAT as part of the new check can be resolved, and the ugly -rdynamic hack can finally be removed. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/include/iptables.h
|
c1e04bd1b057151afaf7e6138089f2fe2c1b7d1c |
|
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename do_command() to do_command4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/include/iptables.h
|
bb9fe8059f40f0dde9c780498f5af42f5aa6a179 |
|
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename print_rule() to print_rule4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/include/iptables.h
|
e5c061afabf018634a507f00df5b1d0c4bd53a37 |
|
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename delete_chain() to delete_chain4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/include/iptables.h
|
cc38d058d14e84d3008a0c0035348e0ad5f0d5d2 |
|
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename flush_entries() to flush_entries4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/include/iptables.h
|
e70844a98d125679cfe0c62e48d0f19bf175280d |
|
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
v4: rename for_each_chain() to for_each_chain4() Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/include/iptables.h
|
617d3d140f4739558dce2ef8ed01aef251cf5487 |
|
11-Feb-2009 |
Jamal Hadi Salim <hadi@cyberus.ca> |
libxtables: set names of programs Set proper name of application. Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
/external/iptables/include/iptables.h
|
47a6fd9ec9891a8040eb8fd6db3c5012c1056061 |
|
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
src: consolidate duplicate code in iptables/internal.h Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/include/iptables.h
|
c31870f9bebb3d4d082016fcfaf8c2177ae32eb2 |
|
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: move compat defines to xtables.c Addendum to commit v1.4.3-rc1-41-g77f48c2 where the macro users got moved. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/include/iptables.h
|
ea955480a8ae43aa956ac62e1aab3f9670529819 |
|
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove unused ipt_tryload macro Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/include/iptables.h
|
395e441e20ea9ab7f37122bcfd76fec527fa447b |
|
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove iptables_rule_match indirection macro Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/include/iptables.h
|
c02e80878979d2205f3d89d05548397871e598e9 |
|
10-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: decouple non-xtables parts from header Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/include/iptables.h
|
1c9015b2cb483678f153121255e10ec0bbfde3e6 |
|
10-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: remove indirections Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/include/iptables.h
|
fd1873110f8e57be578df17fc9d03536b10f4f73 |
|
10-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libiptc: remove typedef indirection Don't you hate it when iptc_handle_t *x actually is a double-indirection struct iptc_handle **? This also shows the broken constness model, since "const iptc_handle_t x" = "iptc_handle_t const x" = "struct iptc_handle *const x", which is like no const at all. Lots of things to do then. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/include/iptables.h
|
ef18e8147903885708d1c264904129af4fb636d6 |
|
04-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove dependency on libiptc headers xtables.h does not need really need libxtc.h, and we can drop it from the install as it is internal-only. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/include/iptables.h
|
96296cfb7e01298234c7fa9403619f50391620d1 |
|
13-May-2008 |
Henrik Nordstrom <henrik@henriknordstrom.net> |
iptables --list-rules command Adds iptables --list-rules (-S) command, acting as a combination of iptables --list and iptables-save. The primary motivation behind this patch is to get iptables-save like output capabilities in iptables-restore, allowing "iptables-restore -n" to be used as a consistent API to iptables for all kind of operations, not only blind updates.. As a bonus iptables also gets the capability of printing the rules as-is. This completely replaces the earlier patch which added the --rules option. Henrik Nordstrom <henrik@henriknordstrom.net>
/external/iptables/include/iptables.h
|
8b7c64d6ba156a99008fcd810cba874c73294333 |
|
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove old functions, constants
/external/iptables/include/iptables.h
|
21b41eea4724c57d2b6e5998cf38255046e43ad3 |
|
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Combine IP{,6}T_LIB_DIR into XTABLES_LIBDIR
/external/iptables/include/iptables.h
|
33690a1aec0b6309ff90066ca56285b6e43013f2 |
|
11-Feb-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Fix all remaining warnings (missing declarations, missing prototypes)
/external/iptables/include/iptables.h
|
bd9438420d92c41a5cf20a53b7a18d3ddea4216d |
|
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
rename overlapping function names Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
/external/iptables/include/iptables.h
|
08b1616e068166e016b3ee7110db10ae5d853422 |
|
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
bunch o' renames Move a few functions from iptables.c/ip6tables.c to xtables.c so they are available for combined (both AF_INET and AF_INET6) libxt modules. Rename overlapping function names. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
/external/iptables/include/iptables.h
|
a3732db1280f790b8e26b41bdcbe8b5f92b7f51b |
|
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves all declarations in iptables_common.h to xtables.h.
/external/iptables/include/iptables.h
|
5cd1ff53a500256997519ec1d871750773c44803 |
|
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves IPPROTO_* and IP[6]T_LIB_DIR definitions to xtables.h
/external/iptables/include/iptables.h
|
04f8c54dc52e19096d31d94593bd1040716afe4d |
|
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Moves some duplicated functions in ip[6]tables.c to xtables.c string_to_number_ll, string_to_number_l, string_to_number, service_to_port, parse_port, parse_interface, are moved.
/external/iptables/include/iptables.h
|
0d502bcdbc97ed359e84f6a21dfa0049b3b60a6c |
|
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Introduces xtables match/target registration - moves lib_dir to xtables.c - introduces struct pfinfo which has protocol family dependent infomations. - unifies load_ip[6]tables_ko() and moves them as load_xtables_ko() - introduces xt_{match,match_rule,target,tryload} and replaces ip[6]t_* with them - unifies following functions and move them to xtables.c - find_{match,find_target} - compatible_revision, compatible_{match,target}_revision - introduces xtables_register_{match,target} and make register_{match,target}[6] call them. xtables_register_* register ONLY matches/targets matched protocol family Some concepts: - source compatibility for libip[6]t_xxx.c with warning on compilation not binary compatibility. - binary compatibility between 2.4/2.6 kernel and iptables/ip6tables, of cause. - xtables is enough to support only one address family at runtime. Then xtables keeps infomations of only the focused address famiy in struct afinfo.
/external/iptables/include/iptables.h
|
9561606bd938ed4b2614716a08a2856d4ef5e995 |
|
11-Jan-2007 |
Patrick McHardy <kaber@trash.net> |
Add UDPLITE multiport support
/external/iptables/include/iptables.h
|
267a57007e69d8f316dea80f79ce2560459e0c30 |
|
29-Nov-2006 |
Pablo Neira Ayuso <pablo@netfilter.org> |
Fix /etc/network usage (Pablo Neira) http://bugs.debian.org/398082 iptables 1.3.5 and 1.3.6 appear to read /etc/networks, but the information is lost somewhere with 1.3.6. # cat /etc/networks foonet 10.0.0.0 # strace -s 255 -o /tmp/foo iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.5 [1] ACCEPT all opt -- in * out * 10.0.0.0/8 -> 0.0.0.0/0 # strace -s 255 -o /tmp/bar iptables -v -A INPUT -s foonet/8 -j ACCEPT #1.3.6 [2] iptables v1.3.6: host/network `foonet.0.0.0' not found Try `iptables -h' or 'iptables --help' for more information. 1. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.5.txt 2. http://people.debian.org/~ljlane/stuff/strace-iptables-1.3.6.txt
/external/iptables/include/iptables.h
|
c1eae41e1957db56aaf7afcafa2f097042fa4217 |
|
25-Jul-2006 |
Patrick McHardyJesper Brouer <kaber@trash.nethawk@diku.dk> |
Revert "proto_to_name duplication" patch, as noticed by Yasuyuki it can cause invalid arguments to get accepted.
/external/iptables/include/iptables.h
|
a6c1d926f6c3c00e0c1875d80b9579c95bde2cfa |
|
22-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
proto_to_name duplication (Phil Oester <kernel@linuxace.com>) Update multiport match to use the iptables version of proto_to_name instead of reinventing the wheel.
/external/iptables/include/iptables.h
|
dbac8ad71c3c418fd8a62c08211885a38177b725 |
|
20-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
reduce parse_*_port duplication (Phil Oester <kernel@linuxace.com>) The below patch (dependent upon my 'reduce service_to_port duplication' patch) centralizes the parse_*_port functions into parse_port.
/external/iptables/include/iptables.h
|
58179b1d0d1722ea16028aa2ea9d74afc86dd5dc |
|
20-Jul-2006 |
Phil Oester <kernel@linuxace.com> |
reduce service_to_port duplication (Phil Oester <kernel@linuxace.com>) The service_to_port function is used in a number of places, and could benefit from some centralization instead of being duplicated everywhere.
/external/iptables/include/iptables.h
|
2452bafd9810e8560717f10af8e26f8a3ac4f4cf |
|
28-Apr-2006 |
Patrick McHardy <kaber@trash.net> |
Add DCCP/SCTP support to multiport. Patch for kernel will go in 2.6.18.
/external/iptables/include/iptables.h
|
a258ad7002ae4b4f366800f512db938fb78d0661 |
|
03-Mar-2006 |
Joszef Kadlecsik <kadlec@blackhole.kfki.hu> |
Multiple matches of the same type can be specified on the commandline. If two or more matches of the same type are detected then the options are assumed to be grouped in order to tell which option belongs to which match: ... -m foo ... <options0> ... -m foo ... <options1> ... Otherwise the commandline parsing is unmodified.
/external/iptables/include/iptables.h
|
f5b86e698be2f1f96c974a4af176269f5c677596 |
|
22-Dec-2005 |
Jones Desougi <jones@ingate.com> |
Fix probing for supported revisions (Jones Desougi <jones@ingate.com>) Bugzilla #413
/external/iptables/include/iptables.h
|
8cf65913bb6353bf0e92eab0669d1c4c53b43623 |
|
19-Sep-2005 |
Phil Oester <kernel@linuxace.com> |
Kernels higher than 2.6.10 don't support multiple --to arguments in DNAT and SNAT targets. At present, the error is somewhat vague: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables: Invalid argument But if we want current iptables to work with kernels <= 2.6.10, we cannot simply disallow this in all cases. So the below patch adds kernel version checking to iptables, and utilizes it in [DS]NAT. Now, users will see a more informative error: # iptables -t nat -A foo -j SNAT --to 1.2.3.4 --to 2.3.4.5 iptables v1.3.3: Multiple --to-source not supported This generic infrastructure (shamelessly lifted from procps btw) may come in handy in the future for other changes. This fixes bugzilla #367. (Phil Oester)
/external/iptables/include/iptables.h
|
9867e814492275cabfbccd6b30375b0e23eb10cb |
|
22-Jun-2005 |
Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp> |
reduce code replication of parse_interface() (Yasuyuki Kozakai)
/external/iptables/include/iptables.h
|
3aef54dce4f9bbe0b466478fd33a1d3131efbbb8 |
|
03-Jan-2005 |
Rusty Russell <rusty@rustcorp.com.au> |
Extension revision number support (if kernel supports the getsockopts). Enhance MARK match with second revision. Committed in anticipation of the kernel patch being applied.
/external/iptables/include/iptables.h
|
357d59dcfcbd125e2aa8c07b30cea9635efec2a7 |
|
27-Dec-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Fix setting lib_dir in ip*tables-{save,restore}
/external/iptables/include/iptables.h
|
db0422f80d353e7040f18344ca3e74bb0ba10e31 |
|
04-Mar-2004 |
Harald Welte <laforge@gnumonks.org> |
add definition for IPPROTO_SCTP for systems with old header files
/external/iptables/include/iptables.h
|
78cafdaf474a333fa39efab4aa4c9aed88ab9518 |
|
02-Feb-2004 |
Martin Josefsson <gandalf@wlug.westbo.se> |
Make sure to use matches in the order they are given when calling do_command() multiple times.
/external/iptables/include/iptables.h
|
63e9063a660809385fd17edb94da044c7c884e02 |
|
03-Mar-2003 |
Illes Marci <marci@balabit.hu> |
make iptables-restore print the line number in case of an error (Illes Marci <marci@balabit.hu>)
/external/iptables/include/iptables.h
|
b93c79862b47f227ac908430a2c9f16b4ecc0631 |
|
06-Dec-2001 |
Marc Boucher <marc@mbsi.ca> |
Export addr_to_anyname(), mask_to_dotted(), parse_hostnetworkmask() and parse_protocol() as they are needed by the upcoming ipt_conntrack match module.
/external/iptables/include/iptables.h
|
3efb6ead2e51fe1eca55bcb2b06afb4dc4b8cb7c |
|
06-Aug-2001 |
Harald Welte <laforge@gnumonks.org> |
- added patch to support statically linking of iptables - iptables-save/-restore is no longer experimental
/external/iptables/include/iptables.h
|
a114e9e8be802ab744d442449b3ec7de03c58621 |
|
01-Dec-2000 |
Harald Welte <laforge@gnumonks.org> |
make iptables-restore and iptables-save work again
/external/iptables/include/iptables.h
|
b6db33196870d3ec401a7ca87234dd2bc379c413 |
|
27-Aug-2000 |
Jan Echternach <echter@informatik.uni-rostock.de> |
Jan Echternach's const tweak.
/external/iptables/include/iptables.h
|
79dee0702b18c8ea1d1f7a2b1f6b29349466986b |
|
02-May-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
IPv6 enhancements.
/external/iptables/include/iptables.h
|
edf14cf4b5edb148d7473f067d95e7bd1316900b |
|
19-Apr-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Changes to allow matching (for delete) on part of a rule, for rules which change in the kernel (eg. ipt_limit).
/external/iptables/include/iptables.h
|
e6869a8f59d779ff4d5a0984c86d80db70784962 |
|
20-Mar-2000 |
Marc Boucher <marc@mbsi.ca> |
reorganized tree after kernel merge
/external/iptables/include/iptables.h
|