| 03ae6a709b089d07897be270e4d5fa378294e821 |
|
06-Apr-2015 |
Arturo Borrero Gonzalez <aborrero@nfdev2.cica.es> |
ebtables-compat: fix misplaced function attribute on ebt_print_error()
xtables-eb.c:305:1: warning: empty declaration
} __attribute__((noreturn, format(printf,2,3)));
^
xtables-eb.c:311:2: warning: initialization makes '__attribute__((noreturn))' qualified function pointer from unqualified
.exit_err = ebt_print_error,
^
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| d7c61fe15ef7f04c8ecb6724bb5dd0eae1c5e4ca |
|
11-Mar-2015 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: add a bridge-specific exit_error function
Previous to this patch, error reporting in ebtables-compat was like:
% ebtables-compat xxx
(null) v1.4.21: Bad argument : 'xxx'
Try `(null) -h' or '(null) --help' for more information.
While the original ebtables was:
% ebtables xxx
Bad argument : 'xxx'.
With this patch, we switch to:
% ebtables-compat xxx
Bad argument : 'xxx'.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| af72a05656c7524febb52ffe2c7eed6ccf1f84ee |
|
04-Mar-2015 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: add support for limit extension
Add support for the ebtables limit extension (match),
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
/external/iptables/iptables/xtables-eb.c
|
| bdc668637bc1e71020db4ec83d116821ef07d183 |
|
03-Mar-2015 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: support nflog extension
Let's give support for the nflog extension (a watcher).
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| fe97f60e5d2a968638286036db67e3a4e17f095d |
|
09-Feb-2015 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: add watchers support
ebtables watchers are targets which always return EBT_CONTINUE.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| db0e29a96982806c98eb5525e2b5edf48935c857 |
|
03-Feb-2015 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: finish target infrastructure
Signed-off-by: Arturo Borrero <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| 936e65d472ca9f9bc64bff835d00877a3c6e2d17 |
|
03-Feb-2015 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: call extensions final checks
Let's call extensions final checks.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| 535ede97cd78a10ea4aaad249a6576fbf37aebc3 |
|
30-Jan-2015 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: add mark_m match extension
Translate mark_m match extension to the xtables-compat environment.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| 49479aa12a158001bf1e4104b248e533f5038cf3 |
|
19-Jan-2015 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: add 'ip' match extension
This patch adds the 'ip' match extension to ebtables-compat.
It involves adapting old ebtables extension code to the xtables-compat
environment.
For testing:
% sudo ebtables-compat -p 0x0800 --ip-src 1.1.1.1 -j ACCEPT
The patch includes a cached copy of the extension kernel header.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| c5c011a13395ceab661eb2d5774487e1215ca9e7 |
|
19-Jan-2015 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: prevent same matches to be included multiple times
Using two matches options results in two copies of the match being included
in the nft rule.
Example before this patch:
% ebtables-compat -A FORWARD -p 0x0800 --ip-src 10.0.0.1 --ip-dst 10.0.0.2 -j ACCEPT
% ebtables-compat -L
[...]
-p 0x0800 --ip-src 10.0.0.1 --ip-dst 10.0.0.2 --ip-src 10.0.0.1 --ip-dst 10.0.0.2 -j ACCEPT
Example with this patch:
% ebtables-compat -A FORWARD -p 0x0800 --ip-src 10.0.0.1 --ip-dst 10.0.0.2 -j ACCEPT
% ebtables-compat -L
[...]
% -p 0x0800 --ip-src 10.0.0.1 --ip-dst 10.0.0.2 -j ACCEPT
[Note: the br_ip extension comes in a follow-up patch]
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| 16331e1a3f592a6cb2d5e8eb64ea2e112d997e97 |
|
19-Jan-2015 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: prevent options overwrite
Parsing options will be overwritten if every time we load a match
the extension options are merged to the original options.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| 0e65c922fc0d51a8dff1a779863d4ae559aa9a4a |
|
23-Dec-2014 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
ebtables-compat: fix counter listing
With this patch:
% sudo ebtables-compat -L --Lc
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
-j ACCEPT , pcnt = 123 -- bcnt = 123
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| 6aa7d1c26d0a3b0c909bbf13aa0ef6b179615433 |
|
17-Dec-2014 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
extensions: add ebt 802_3 extension
This patch adds the first ebtables extension to ebtables-compat.
The original 802_3 code is adapted to the xtables environment.
I tried to mimic as much as possible the original ebtables code paths.
With this patch, ebtables-compat is able to send the 802_3 match to the kernel,
but the kernel-to-userspace path is not tested and should be adjusted
in follow-up patches.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| 84b69ea462eb2159ce6bde83d6bcf2eac0098f87 |
|
24-Nov-2014 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
iptables: xtables-eb: fix renaming of chains
Renaming of chains is not working. and ebtables-compat gets:
libnftnl: attribute 0 assertion failed in chain.c:159
This patch brings back the parser code of the original ebtables tool:
http://git.netfilter.org/ebtables.old-history/tree/userspace/ebtables2/ebtables.c#n652
I adapted the original parser code to fit in the new environment. Also tried to
keep original error messages as much as possible.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| 4a48ec94c233a125a371eced5dc161df557576d9 |
|
24-Nov-2014 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
iptables: xtables-eb: user-defined chains default policy is always RETURN
The RETURN default policy is mandatory in user-defined chains.
Builtin chains must have one of ACCEPT or DROP.
So, with this patch, ebtables-compat ends with:
Command: Result:
-L Always RETURN for user-defined chains
-P builtin RETURN Policy RETURN only allowed for user defined chains
-P builtin ACCEPT|DROP ok
-P userdefined RETURN|ACCEPT|DROP Policy XYZ not allowed for user defined chains
-N userdefined ok
-N userdefined -P RETURN|ACCEPT|DROP Policy XYZ not allowed for user defined chains
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| aadc93b1988a80a6b15dbefc57387fe65fb98870 |
|
17-Nov-2014 |
Arturo Borrero <arturo.borrero.glez@gmail.com> |
iptables: xtables-eb: delete extra 'policy' printf
This message doesn't exist in the original ebtables tool.
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| 902e92ceedba96d3241fa8ff701c061cd53a197d |
|
09-Oct-2014 |
Pablo Neira Ayuso <pablo@netfilter.org> |
ebtables-compat: use ebtables_command_state in bootstrap code
And introduce fake ebt_entry.
This gets the code in sync in other existing compat tools. This
will likely allow to consolidate common infrastructure.
This code is still quite experimental.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|
| da871de2a6efb576b6378a66222c0871f4282e96 |
|
09-Oct-2014 |
Pablo Neira Ayuso <pablo@netfilter.org> |
nft: bootstrap ebtables-compat
This patch bootstraps ebtables-compat, the ebtables compatibility
software upon nf_tables.
[ Original patches:
http://patchwork.ozlabs.org/patch/395544/
http://patchwork.ozlabs.org/patch/395545/
http://patchwork.ozlabs.org/patch/395546/
I have also forward port them on top of the current git HEAD, otherwise
compilation breaks.
This bootstrap is experimental, this still needs more work. --Pablo ]
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/iptables/xtables-eb.c
|