129ed57b8e050e8e57deeefc2ed36ec979265d8a |
|
07-Oct-2016 |
Liping Zhang <liping.zhang@spreadtrum.com> |
extensions: libxt_iprange: handle the invert flag properly in translation If we specify the invert flag, we should put "!=" after "ip saddr/daddr", so the current translation is wrong: # iptables-translate -A OUTPUT -m iprange ! --dst-range 1.1.1.1-1.1.1.2 nft add rule ip filter OUTPUT != ip daddr 1.1.1.1-1.1.1.2 counter # ip6tables-translate -A OUTPUT -m iprange ! --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT != ip6 saddr 2003::1-2003::3 counter Apply this patch: # iptables-translate -A OUTPUT -m iprange ! --dst-range 1.1.1.1-1.1.1.2 nft add rule ip filter OUTPUT ip daddr != 1.1.1.1-1.1.1.2 counter # ip6tables-translate -A OUTPUT -m iprange ! --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT ip6 saddr != 2003::1-2003::3 counter Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_iprange.c
|
837ca1e34893c67d8e195a4132d1517cb7d4bb11 |
|
07-Oct-2016 |
Liping Zhang <liping.zhang@spreadtrum.com> |
extensions: libxt_iprange: rename "ip saddr" to "ip6 saddr" in ip6tables-xlate nft will complain the syntax error if we use "ip saddr" or "ip daddr" in ip6 family, so the current translation is wrong: # ip6tables-translate -A OUTPUT -m iprange --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT ip saddr 2003::1-2003::3 counter ^^ Apply this patch: # ip6tables-translate -A OUTPUT -m iprange --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT ip6 saddr 2003::1-2003::3 counter Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_iprange.c
|
7a0992da44cfb6cab0ccd1beadcf326df8773552 |
|
24-Jul-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
src: introduce struct xt_xlate_{mt,tg}_params This structure is an extensible containers of parameters, so we don't need to propagate interface updates in every extension file in case we need to add new parameters in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_iprange.c
|
f035be35c749d5c5cbb7ffdbcd1c548b91bd3033 |
|
09-Jul-2016 |
Pablo M. Bermudo Garay <pablombg@gmail.com> |
xtables-translate: fix multiple spaces issue This patch fixes a multiple spaces issue. The problem arises when a rule set loaded through iptables-compat-restore is listed in nft. Before this commit, two spaces were printed after every match translation: $ sudo iptables-save *filter :INPUT ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 80:85 -m ttl --ttl-gt 5 -j ACCEPT COMMIT $ sudo iptables-compat-restore iptables-save $ sudo nft list ruleset table ip filter { chain INPUT { type filter hook input priority 0; policy accept; ct state related,established counter packets 0 bytes 0 accept ^^ ip protocol tcp tcp dport 80-85 ip ttl gt 5 counter packets 0 bytes 0 accept ^^ ^^ } } Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_iprange.c
|
34c6f774f6981f4ef909495f366b58c1b646cf4b |
|
20-Jun-2016 |
Pablo M. Bermudo Garay <pablombg@gmail.com> |
extensions: iprange: remove extra space in translation Extra space was printed by iprange_xlate: # iptables-translate -A INPUT -m iprange --src-range \ 192.168.25.149-192.168.25.151 -j ACCEPT nft add rule ip filter INPUT ip saddr 192.168.25.149-192.168.25... ^^ Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_iprange.c
|
9e14d4330655a6f58bf2674f0684d8252f688c16 |
|
09-Mar-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
iptables-translate: pass ipt_entry and ip6t_entry to ->xlate() The multiport match needs it, this basically leaves ->xlate() indirection with almost the same interface as ->print(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_iprange.c
|
6b60dc5be58a5781cacc4e6f238454d5e8421760 |
|
01-Feb-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: rename xt_buf to xt_xlate Use a more generic name for this object to prepare the introduction of other translation specific fields. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_iprange.c
|
b9cd6f55374461163c6216e8d892e88102200908 |
|
21-Dec-2015 |
Shivani Bhardwaj <shivanib134@gmail.com> |
extensions: libxt_iprange: Add translation to nft Add translation for iprange to nftables. Examples: $ sudo iptables-translate -A INPUT -m iprange --src-range 192.168.25.149-192.168.25.151 -j ACCEPT nft add rule ip filter INPUT ip saddr 192.168.25.149-192.168.25.151 counter accept $ sudo iptables-translate -A INPUT -m iprange --dst-range 192.168.25.149-192.168.25.151 -j ACCEPT nft add rule ip filter INPUT ip daddr 192.168.25.149-192.168.25.151 counter accept Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_iprange.c
|
ce4b79577fa9c1ed68c36797890d39ca5ba9a8bf |
|
07-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_iprange: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
73866357e4a7a0fdc1b293bf8863fee2bd56da9e |
|
18-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: do not print trailing whitespaces Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
d09b6d591ca7d7d7575cb6aa20384c9830f777ab |
|
08-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove no longer necessary default: cases Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
7ac405297ec38449b30e3b05fd6bf2082fd3d803 |
|
07-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: use C99/POSIX types "u_int" was a non-standardized extension predating C99 on some platforms. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e |
|
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
ada4ff6155a02b0aed8400e46f34e72c91e36277 |
|
21-Apr-2010 |
Vincent Bernat <bernat@luffy.cx> |
iprange: fix xt_iprange v0 parsing iprange_parse() was incomplete and did not include parsed ranges into ipt_iprange_info structure resulting in always adding range 0.0.0.0-0.0.0.0 in the kernel. Moreover, when using --dst-range, error messages may display --src-range instead. Fix this too. Signed-off-by: Vincent Bernat <bernat@luffy.cx> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_iprange.c
|
350661a6eb089f3e54e67e022db9e16ea280499f |
|
31-Jan-2010 |
Jan Engelhardt <jengelh@medozas.de> |
includes: header updates Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
bf97128c7262f17a02fec41cdae75b472ba77f88 |
|
03-Nov-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
7fa7329fc972513021131416dbd9d535141bd2ea |
|
18-Sep-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iprange: roll address parsing into a loop
/external/iptables/extensions/libxt_iprange.c
|
648a7bafa7acc33d986f113275a20199a6ad2aaa |
|
18-Sep-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iprange: warn on reverse range
/external/iptables/extensions/libxt_iprange.c
|
a10a12afee2083d240a304ceac7f3d9902a6f60a |
|
18-Sep-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iprange: do accept non-ranges for xt_iprange v1 [fill in details]
/external/iptables/extensions/libxt_iprange.c
|
f2a77520693f0a6dd1df1f87be4b81913961c1f5 |
|
25-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: collapse data variables to use multi-reg calls Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
1829ed482efbc8b390cc760d012b3a4450494e1a |
|
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
0f16c725aadaac7e670d632ecbaea3661ff00827 |
|
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
1e01b0b82f70b0b11dcfbced485dbe7aeac4fb8c |
|
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - ascii to ipaddr/ipmask input Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7 |
|
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - ipaddr/ipmask to ascii output Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
a41545ca7cde43e0ba53260ba74bd9bf74025a68 |
|
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_iprange.c
|
03d99486d8283552705b58dc55b6085dffc38792 |
|
18-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_iprange.c
|
240eee607ab7e5bb9f671b7ceba40e2940182f61 |
|
23-Oct-2008 |
Thomas Jarosch <thomas.jarosch@intra2net.com> |
Fix compile error in libxt_iprange.c using gcc 4.3.2 In file included from libxt_iprange.c:9: ../include/linux/netfilter.h:43: error: field 'in' has incomplete type ../include/linux/netfilter.h:44: error: field 'in6' has incomplete type libxt_iprange.c: In function 'parse_iprange': libxt_iprange.c:46: error: dereferencing pointer to incomplete type libxt_iprange.c:53: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt4_parse': libxt_iprange.c:117: error: dereferencing pointer to incomplete type libxt_iprange.c:121: error: dereferencing pointer to incomplete type libxt_iprange.c:136: error: dereferencing pointer to incomplete type libxt_iprange.c:140: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt6_parse': libxt_iprange.c:167: error: dereferencing pointer to incomplete type libxt_iprange.c:171: error: dereferencing pointer to incomplete type libxt_iprange.c:186: error: dereferencing pointer to incomplete type libxt_iprange.c:190: error: dereferencing pointer to incomplete type Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
/external/iptables/extensions/libxt_iprange.c
|
bfb7e0b84b5d732e378a3fcbb4132fdbd9938766 |
|
01-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_iprange: fix option names There is no --src-ip, just --src-range. (Same for --dst-range.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_iprange.c
|
6a0cd58f7e444137eb757695f917e46eb14201c8 |
|
13-Jun-2008 |
Jan Engelhardt <jengelh@medozas.de> |
iprange: kernel flags were not set The --src-range and --dst-range parameters did not set the IPRANGE_* flags in struct xt_iprange_mtinfo. Reported-by: Maxim Britov <maxim.britov@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_iprange.c
|
8b7c64d6ba156a99008fcd810cba874c73294333 |
|
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove old functions, constants
/external/iptables/extensions/libxt_iprange.c
|
dbe6c3b74ee847707181f1fe28b2975b4a8ab425 |
|
01-Apr-2008 |
James King <t.james.king@gmail.com> |
[IPTABLES]: libxt_iprange: Fix IP validation logic IP address validation logic was inverted, causing valid addresses to be rejected. Signed-off-by: James King <t.james.king@gmail.com>
/external/iptables/extensions/libxt_iprange.c
|
9ee386a1b6d7704b259460152c959ab0e79e02aa |
|
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
fix gcc warnings Max Kellermann <max@duempel.org>
/external/iptables/extensions/libxt_iprange.c
|
fc11b0b24ca2f808adcca3fd6b1aad581538171d |
|
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_iprange r1 Add support for xt_iprange revision 1 Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
/external/iptables/extensions/libxt_iprange.c
|
41daaa0cfbb1cb6b80a2ce2571f9f92f164f0228 |
|
20-Jan-2008 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_iprange r0 Move libipt_iprange to libxt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
/external/iptables/extensions/libxt_iprange.c
|