Cross Reference: /external/iptables/extensions/libipt

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
7a0992da44cfb6cab0ccd1beadcf326df8773552	24-Jul-2016	Pablo Neira Ayuso <pablo@netfilter.org>	src: introduce struct xt_xlate_{mt,tg}_params This structure is an extensible containers of parameters, so we don't need to propagate interface updates in every extension file in case we need to add new parameters in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libipt_ah.c
f035be35c749d5c5cbb7ffdbcd1c548b91bd3033	09-Jul-2016	Pablo M. Bermudo Garay <pablombg@gmail.com>	xtables-translate: fix multiple spaces issue This patch fixes a multiple spaces issue. The problem arises when a rule set loaded through iptables-compat-restore is listed in nft. Before this commit, two spaces were printed after every match translation: $ sudo iptables-save *filter :INPUT ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 80:85 -m ttl --ttl-gt 5 -j ACCEPT COMMIT $ sudo iptables-compat-restore iptables-save $ sudo nft list ruleset table ip filter { chain INPUT { type filter hook input priority 0; policy accept; ct state related,established counter packets 0 bytes 0 accept ^^ ip protocol tcp tcp dport 80-85 ip ttl gt 5 counter packets 0 bytes 0 accept ^^ ^^ } } Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libipt_ah.c
9e14d4330655a6f58bf2674f0684d8252f688c16	09-Mar-2016	Pablo Neira Ayuso <pablo@netfilter.org>	iptables-translate: pass ipt_entry and ip6t_entry to ->xlate() The multiport match needs it, this basically leaves ->xlate() indirection with almost the same interface as ->print(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libipt_ah.c
6b60dc5be58a5781cacc4e6f238454d5e8421760	01-Feb-2016	Pablo Neira Ayuso <pablo@netfilter.org>	extensions: rename xt_buf to xt_xlate Use a more generic name for this object to prepare the introduction of other translation specific fields. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libipt_ah.c
b9a46ee40616582b4fca4aa395d52d048c7dbba8	24-Dec-2015	Shivani Bhardwaj <shivanib134@gmail.com>	extensions: libipt_ah: Add translation to nft Add translation for Authentication Header to nftables. Examples: $ sudo iptables-translate -A INPUT -p 51 -m ah --ahspi 500 -j DROP nft add rule ip filter INPUT ah spi 500 counter drop $ sudo iptables-translate -A INPUT -p 51 -m ah --ahspi 500:600 -j DROP nft add rule ip filter INPUT ah spi 500-600 counter drop $ sudo iptables-translate -A INPUT -p 51 -m ah ! --ahspi 50 -j DROP nft add rule ip filter INPUT ah spi != 50 counter drop Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libipt_ah.c
4264de1f270a0fac44dde8ece6fde0a879aebc8e	15-Jul-2015	Jan Engelhardt <jengelh@inai.de>	extensions: restore matching any SPI id by default This is the same as commit v1.4.15-12-g8a988f6. If no id option is given, the extensions only match packets with a zero-valued identification field. This behavior deviates from what it used to do back in v1.4.10-273-g6944f2c^. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libipt_ah.c
6944f2c8190f1c4319aeac748470c71b0ba45025	24-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxtables: have xtopt_parse_mint interpret partially-spec'd ranges When ":n" or "n:" is specified, it will now be interpreted as "0:n" and "n:<max>", respecitvely. nvals will always reflect the number of (expanded) components. This restores the functionality of options that take such partially-unspecified ranges. This makes it possible to nuke the per-matchdata init functions of some extensions and simply the extensions postparsing to the point where it only needs to check for nvals==1 or ==2. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
4d6ede0b324e5e9dcbb1d7cc2a7aebed9e56821a	16-Feb-2011	Jan Engelhardt <jengelh@medozas.de>	libip[6]t_ah: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
73866357e4a7a0fdc1b293bf8863fee2bd56da9e	18-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	iptables: do not print trailing whitespaces Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
d09b6d591ca7d7d7575cb6aa20384c9830f777ab	08-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: remove no longer necessary default: cases Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
7ac405297ec38449b30e3b05fd6bf2082fd3d803	07-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	src: use C99/POSIX types "u_int" was a non-standardized extension predating C99 on some platforms. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e	23-Jul-2010	Jan Engelhardt <jengelh@medozas.de>	all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
bbe83862a5e1baf15f7c923352d4afdf59bc70e2	24-Oct-2009	Jan Engelhardt <jengelh@medozas.de>	iptables/extensions: make bundled options work again When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
bf97128c7262f17a02fec41cdae75b472ba77f88	03-Nov-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
1829ed482efbc8b390cc760d012b3a4450494e1a	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
0f16c725aadaac7e670d632ecbaea3661ff00827	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
213e185afbb298e6708881e4c2adffdc47a8b6da	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	src: remove redundant casts All of them are implicitly convertable without any wanted side effects. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libipt_ah.c
cea9f71f5618250a38acb21c31fbbf93a752f7d4	09-Dec-2008	Jan Engelhardt <jengelh@medozas.de>	iptables-save: output ! in position according to manpage Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> /external/iptables/extensions/libipt_ah.c
5d9678ad3eabc34ac40dfe055d7f6a8e44445a5a	20-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	src: remove inclusion of iptables.h iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> /external/iptables/extensions/libipt_ah.c
03d99486d8283552705b58dc55b6085dffc38792	18-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> /external/iptables/extensions/libipt_ah.c
ddac6c5bc636003d664d25c08ea3fe176565096c	01-Sep-2008	Jan Engelhardt <jengelh@medozas.de>	src: Update comments A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> /external/iptables/extensions/libipt_ah.c
967279231a9ecfa99f26694a954afc535c63db1d	13-Aug-2008	Jan Engelhardt <jengelh@medozas.de>	Synchronize invert flag order with manpages Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> /external/iptables/extensions/libipt_ah.c
8b7c64d6ba156a99008fcd810cba874c73294333	15-Apr-2008	Jan Engelhardt <jengelh@medozas.de>	Remove old functions, constants /external/iptables/extensions/libipt_ah.c
9ee386a1b6d7704b259460152c959ab0e79e02aa	29-Jan-2008	Max Kellermann <max@duempel.org>	fix gcc warnings Max Kellermann <max@duempel.org> /external/iptables/extensions/libipt_ah.c
59d164019340d110d302634e429320577f0db7be	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Unique names 3/6 Give symbols of libxt matches unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> /external/iptables/extensions/libipt_ah.c
830132ac9c0d270bf9dcfe85c2464e3fe8c73fb9	04-Oct-2007	Jan Engelhardt <jengelh@medozas.de>	Delete empty ->final_check() functions Deletes empty ->final_check() functions, and makes ip[6]tables checks for NULL on these. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> /external/iptables/extensions/libipt_ah.c
500f483fff529dcd88ec96b9d5054be6cd6363a0	08-Sep-2007	Patrick McHardy <kaber@trash.net>	Fix sparse warnings: non-ANSI function declarations, 0 used as pointer /external/iptables/extensions/libipt_ah.c
ea146a982e26c42f9954f140276f8deeb2edbe98	02-Sep-2007	Peter Riley <Peter.Riley@hotpop.com>	Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>) /external/iptables/extensions/libipt_ah.c
661f112072bc13a1625c4eb5983695e122ea97da	30-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	Make the option structures const. Signed-off-by: Jan Engelhardt <jengelh@gmx.de> /external/iptables/extensions/libipt_ah.c
18992db3bfdb3b695cae12b53434f560cbf8e2ae	30-Jul-2007	Jan Engelhardt <jengelh@medozas.de>	Remove the .next=NULL field. This is automatically initialized to zero. I've kept .print=NULL and .save=NULL so it stands out (since iptables will do the print/save then). Signed-off-by: Jan Engelhardt <jengelh@gmx.de> /external/iptables/extensions/libipt_ah.c
c0a9ab93f49a3d2508c95d0ca1a01c1089983731	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Fixes warning on compilation of iptables matches/targets This changes the type of arguments as follows - ipt_ip * -> void * - ipt_entry * -> void * This patch doesn't change multiport, DNAT, SNAT, MASQUERADE, REDIRECT because these need more changes (casting void * variable with intended type) /external/iptables/extensions/libipt_ah.c
193df8ee3507f0c02762c88a16916c4ea950bd99	24-Jul-2007	Yasuyuki KOZAKAI <yasuyuki@netfilter.org>	Replaces ipt_entry_* with xt_entry_* in matches/targets /external/iptables/extensions/libipt_ah.c
8caee8b9e34fed4562fcff553197c161fc9d9979	28-Dec-2004	Pablo Neira <pablo@eurodev.net>	Pablo Neira: extensions conversion to C99 structure initialization (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR) /external/iptables/extensions/libipt_ah.c
80fe35d6339b53a12ddaec41885613e4e37ed031	29-May-2002	Harald Welte <laforge@gnumonks.org>	globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent naming /external/iptables/extensions/libipt_ah.c
f0ac814a2137abe334bd0000d59e9be4721e1ddc	26-Mar-2002	Harald Welte <laforge@gnumonks.org>	fix to save() and restore() functions of ah/esp match. /external/iptables/extensions/libipt_ah.c
b77f1dafb9f35752bb9685323bcacb32a0e6ddc5	14-Mar-2002	Harald Welte <laforge@gnumonks.org>	Fix 'iptables -p !' bug (segfault when `!' used without argument) /external/iptables/extensions/libipt_ah.c
3efb6ead2e51fe1eca55bcb2b06afb4dc4b8cb7c	06-Aug-2001	Harald Welte <laforge@gnumonks.org>	- added patch to support statically linking of iptables - iptables-save/-restore is no longer experimental /external/iptables/extensions/libipt_ah.c
524518261009f3f81febfdd8398becc4a80cc941	27-Aug-2000	Rusty Russell <rusty@linuxcare.com.au>	Patch-o-matic! now included. /external/iptables/extensions/libipt_ah.c