7a0992da44cfb6cab0ccd1beadcf326df8773552 |
|
24-Jul-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
src: introduce struct xt_xlate_{mt,tg}_params This structure is an extensible containers of parameters, so we don't need to propagate interface updates in every extension file in case we need to add new parameters in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_ah.c
|
f035be35c749d5c5cbb7ffdbcd1c548b91bd3033 |
|
09-Jul-2016 |
Pablo M. Bermudo Garay <pablombg@gmail.com> |
xtables-translate: fix multiple spaces issue This patch fixes a multiple spaces issue. The problem arises when a rule set loaded through iptables-compat-restore is listed in nft. Before this commit, two spaces were printed after every match translation: $ sudo iptables-save *filter :INPUT ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 80:85 -m ttl --ttl-gt 5 -j ACCEPT COMMIT $ sudo iptables-compat-restore iptables-save $ sudo nft list ruleset table ip filter { chain INPUT { type filter hook input priority 0; policy accept; ct state related,established counter packets 0 bytes 0 accept ^^ ip protocol tcp tcp dport 80-85 ip ttl gt 5 counter packets 0 bytes 0 accept ^^ ^^ } } Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_ah.c
|
9e14d4330655a6f58bf2674f0684d8252f688c16 |
|
09-Mar-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
iptables-translate: pass ipt_entry and ip6t_entry to ->xlate() The multiport match needs it, this basically leaves ->xlate() indirection with almost the same interface as ->print(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_ah.c
|
6b60dc5be58a5781cacc4e6f238454d5e8421760 |
|
01-Feb-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: rename xt_buf to xt_xlate Use a more generic name for this object to prepare the introduction of other translation specific fields. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_ah.c
|
b9a46ee40616582b4fca4aa395d52d048c7dbba8 |
|
24-Dec-2015 |
Shivani Bhardwaj <shivanib134@gmail.com> |
extensions: libipt_ah: Add translation to nft Add translation for Authentication Header to nftables. Examples: $ sudo iptables-translate -A INPUT -p 51 -m ah --ahspi 500 -j DROP nft add rule ip filter INPUT ah spi 500 counter drop $ sudo iptables-translate -A INPUT -p 51 -m ah --ahspi 500:600 -j DROP nft add rule ip filter INPUT ah spi 500-600 counter drop $ sudo iptables-translate -A INPUT -p 51 -m ah ! --ahspi 50 -j DROP nft add rule ip filter INPUT ah spi != 50 counter drop Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_ah.c
|
4264de1f270a0fac44dde8ece6fde0a879aebc8e |
|
15-Jul-2015 |
Jan Engelhardt <jengelh@inai.de> |
extensions: restore matching any SPI id by default This is the same as commit v1.4.15-12-g8a988f6. If no id option is given, the extensions only match packets with a zero-valued identification field. This behavior deviates from what it used to do back in v1.4.10-273-g6944f2c^. Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_ah.c
|
6944f2c8190f1c4319aeac748470c71b0ba45025 |
|
24-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: have xtopt_parse_mint interpret partially-spec'd ranges When ":n" or "n:" is specified, it will now be interpreted as "0:n" and "n:<max>", respecitvely. nvals will always reflect the number of (expanded) components. This restores the functionality of options that take such partially-unspecified ranges. This makes it possible to nuke the per-matchdata init functions of some extensions and simply the extensions postparsing to the point where it only needs to check for nvals==1 or ==2. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
4d6ede0b324e5e9dcbb1d7cc2a7aebed9e56821a |
|
16-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libip[6]t_ah: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
73866357e4a7a0fdc1b293bf8863fee2bd56da9e |
|
18-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: do not print trailing whitespaces Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
d09b6d591ca7d7d7575cb6aa20384c9830f777ab |
|
08-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove no longer necessary default: cases Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
7ac405297ec38449b30e3b05fd6bf2082fd3d803 |
|
07-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: use C99/POSIX types "u_int" was a non-standardized extension predating C99 on some platforms. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e |
|
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
bbe83862a5e1baf15f7c923352d4afdf59bc70e2 |
|
24-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iptables/extensions: make bundled options work again When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
bf97128c7262f17a02fec41cdae75b472ba77f88 |
|
03-Nov-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
1829ed482efbc8b390cc760d012b3a4450494e1a |
|
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
0f16c725aadaac7e670d632ecbaea3661ff00827 |
|
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
213e185afbb298e6708881e4c2adffdc47a8b6da |
|
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove redundant casts All of them are implicitly convertable without any wanted side effects. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_ah.c
|
cea9f71f5618250a38acb21c31fbbf93a752f7d4 |
|
09-Dec-2008 |
Jan Engelhardt <jengelh@medozas.de> |
iptables-save: output ! in position according to manpage Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_ah.c
|
5d9678ad3eabc34ac40dfe055d7f6a8e44445a5a |
|
20-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove inclusion of iptables.h iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_ah.c
|
03d99486d8283552705b58dc55b6085dffc38792 |
|
18-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_ah.c
|
ddac6c5bc636003d664d25c08ea3fe176565096c |
|
01-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: Update comments A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_ah.c
|
967279231a9ecfa99f26694a954afc535c63db1d |
|
13-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Synchronize invert flag order with manpages Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_ah.c
|
8b7c64d6ba156a99008fcd810cba874c73294333 |
|
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove old functions, constants
/external/iptables/extensions/libipt_ah.c
|
9ee386a1b6d7704b259460152c959ab0e79e02aa |
|
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
fix gcc warnings Max Kellermann <max@duempel.org>
/external/iptables/extensions/libipt_ah.c
|
59d164019340d110d302634e429320577f0db7be |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique names 3/6 Give symbols of libxt matches unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libipt_ah.c
|
830132ac9c0d270bf9dcfe85c2464e3fe8c73fb9 |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Delete empty ->final_check() functions Deletes empty ->final_check() functions, and makes ip[6]tables checks for NULL on these. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libipt_ah.c
|
500f483fff529dcd88ec96b9d5054be6cd6363a0 |
|
08-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix sparse warnings: non-ANSI function declarations, 0 used as pointer
/external/iptables/extensions/libipt_ah.c
|
ea146a982e26c42f9954f140276f8deeb2edbe98 |
|
02-Sep-2007 |
Peter Riley <Peter.Riley@hotpop.com> |
Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)
/external/iptables/extensions/libipt_ah.c
|
661f112072bc13a1625c4eb5983695e122ea97da |
|
30-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Make the option structures const. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libipt_ah.c
|
18992db3bfdb3b695cae12b53434f560cbf8e2ae |
|
30-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Remove the .next=NULL field. This is automatically initialized to zero. I've kept .print=NULL and .save=NULL so it stands out (since iptables will do the print/save then). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libipt_ah.c
|
c0a9ab93f49a3d2508c95d0ca1a01c1089983731 |
|
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Fixes warning on compilation of iptables matches/targets This changes the type of arguments as follows - ipt_ip * -> void * - ipt_entry * -> void * This patch doesn't change multiport, DNAT, SNAT, MASQUERADE, REDIRECT because these need more changes (casting void * variable with intended type)
/external/iptables/extensions/libipt_ah.c
|
193df8ee3507f0c02762c88a16916c4ea950bd99 |
|
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Replaces ipt_entry_* with xt_entry_* in matches/targets
/external/iptables/extensions/libipt_ah.c
|
8caee8b9e34fed4562fcff553197c161fc9d9979 |
|
28-Dec-2004 |
Pablo Neira <pablo@eurodev.net> |
Pablo Neira: extensions conversion to C99 structure initialization (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR)
/external/iptables/extensions/libipt_ah.c
|
80fe35d6339b53a12ddaec41885613e4e37ed031 |
|
29-May-2002 |
Harald Welte <laforge@gnumonks.org> |
globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent naming
/external/iptables/extensions/libipt_ah.c
|
f0ac814a2137abe334bd0000d59e9be4721e1ddc |
|
26-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
fix to save() and restore() functions of ah/esp match.
/external/iptables/extensions/libipt_ah.c
|
b77f1dafb9f35752bb9685323bcacb32a0e6ddc5 |
|
14-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
Fix 'iptables -p !' bug (segfault when `!' used without argument)
/external/iptables/extensions/libipt_ah.c
|
3efb6ead2e51fe1eca55bcb2b06afb4dc4b8cb7c |
|
06-Aug-2001 |
Harald Welte <laforge@gnumonks.org> |
- added patch to support statically linking of iptables - iptables-save/-restore is no longer experimental
/external/iptables/extensions/libipt_ah.c
|
524518261009f3f81febfdd8398becc4a80cc941 |
|
27-Aug-2000 |
Rusty Russell <rusty@linuxcare.com.au> |
Patch-o-matic! now included.
/external/iptables/extensions/libipt_ah.c
|