History log of /external/iptables/extensions/libxt_NFLOG.c
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
68c57e809f69108694cce2d502a3ed1c328d13e8 26-Jul-2016 Pablo M. Bermudo Garay <pablombg@gmail.com> xtables-translate: fix issue with quotes

Some translations included escaped quotes when they were called from
nft:

$ sudo nft list ruleset
table ip mangle {
chain FORWARD {
type filter hook forward priority -150; policy accept;
ct helper \"ftp\" counter packets 0 bytes 0
^^ ^^
}
}

This behavior is only correct when xlate functions are called from a
xtables-translate command. This patch solves that issue using a new
parameter (escape_quotes) in the xlate functions.

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
7a0992da44cfb6cab0ccd1beadcf326df8773552 24-Jul-2016 Pablo Neira Ayuso <pablo@netfilter.org> src: introduce struct xt_xlate_{mt,tg}_params

This structure is an extensible containers of parameters, so we don't
need to propagate interface updates in every extension file in case
we need to add new parameters in the future.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
f280adca86dfb8ba4d5a3d5a309f9252cc02f2ca 18-Jul-2016 Liping Zhang <liping.zhang@spreadtrum.com> extensions: libxt_NFLOG: translate to nft log snaplen if nflog-size is specified

The nflog-size was introduced by commit 7070b1f3c88a ("extensions:
libxt_NFLOG: nflog-range does not truncate packets"). Then make
the nflog-range become deprecated, because it has no effect from
the beginning.

So when we do translation, nft log snaplen is translated only if the
nflog-size is specified.

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
4bde4cc6721e460a1896bf4be2b44fb2ed05b240 18-Jul-2016 Liping Zhang <liping.zhang@spreadtrum.com> extensions: libxt_NFLOG: display nflog-size even if it is zero

The following iptables rules have the different semantics:
# iptables -A INPUT -j NFLOG
# iptables -A INPUT -j NFLOG --nflog-size 0

But they are all displayed as "-A INPUT -j NFLOG", so if
the user input the following commands, the original semantics
will be broken.
# iptables-save | iptables-restore

Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
7070b1f3c88a0c3d4e315c00cca61f05b0fbc882 24-Jun-2016 Vishwanath Pai <vpai@akamai.com> extensions: libxt_NFLOG: nflog-range does not truncate packets

The option --nflog-range has never worked, but we cannot just fix this
because users might be using this feature option and their behavior would
change. Instead add a new option --nflog-size. This option works the same
way nflog-range should have, and both of them are mutually exclusive. When
someone uses --nflog-range we print a warning message informing them that
this feature has no effect.

To indicate the kernel that the user has set --nflog-size we have to pass a
new flag XT_NFLOG_F_COPY_LEN.

Also updated the man page to reflect the new option and added tests to
extensions/libxt_NFLOG.t

Reported-by: Joe Dollard <jdollard@akamai.com>
Reviewed-by: Josh Hunt <johunt@akamai.com>
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
9e14d4330655a6f58bf2674f0684d8252f688c16 09-Mar-2016 Pablo Neira Ayuso <pablo@netfilter.org> iptables-translate: pass ipt_entry and ip6t_entry to ->xlate()

The multiport match needs it, this basically leaves ->xlate() indirection
with almost the same interface as ->print().

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
6b60dc5be58a5781cacc4e6f238454d5e8421760 01-Feb-2016 Pablo Neira Ayuso <pablo@netfilter.org> extensions: rename xt_buf to xt_xlate

Use a more generic name for this object to prepare the introduction of
other translation specific fields.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
d0125f890698dd84553db3d27eea7e36ebbdbf88 22-Dec-2015 Shivani Bhardwaj <shivanib134@gmail.com> extensions: libxt_NFLOG: Add group_info and remove multiple keywords

Add group_info with every rule as it is mandatory to consider logging to
be same type as NFLOG.
Remove multiple log keywords to avoid loading multiple log expressions
at a time.

Examples:

$ sudo iptables-translate -I INPUT -j NFLOG --nflog-threshold 2
nft insert rule ip filter INPUT counter log queue-threshold 2 group 0

$ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0"
nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" group 32

Reported-by: Arturo Borrero <arturoborreroglez@gmail.com>
Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
7a2de9b9141c96b3984f54fa1e48a0ed88c8b40c 21-Dec-2015 Shivani Bhardwaj <shivanib134@gmail.com> extensions: libxt_NFLOG: Add translation to nft

Add translation for NF Logging to nftables.

Examples:

$ sudo iptables-translate -A OUTPUT -j NFLOG --nflog-group 30
nft add rule ip filter OUTPUT counter log group 30

$ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0"
nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" log group 32

$ sudo iptables-translate -I INPUT -j NFLOG --nflog-range 256
nft insert rule ip filter INPUT counter log snaplen 256

$ sudo iptables-translate -I INPUT -j NFLOG --nflog-threshold 25
nft insert rule ip filter INPUT counter log queue-threshold 25

Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
6cfb28bb9032dcf2749ff80f88ad37b9fe5e7c2a 01-May-2011 Jan Engelhardt <jengelh@medozas.de> libxt_NFLOG: use guided option parser

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
e88a7c2c7175742b58b6aa03f2b5aba2d80330a1 18-Feb-2011 Jan Engelhardt <jengelh@medozas.de> extensions: remove redundant init functions

The main program already zeroes the per-extension data block.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
73866357e4a7a0fdc1b293bf8863fee2bd56da9e 18-Dec-2010 Jan Engelhardt <jengelh@medozas.de> iptables: do not print trailing whitespaces

Due to the use of printf("foobar "), iptables emits spaces at the
end-of-line, which looks odd to some users because it causes the
terminal to wrap even if there is seemingly nothing to print.

It may also have other points of annoyance, such as mailers
interpreting a trailing space as an indicator that the paragraph
continues when format=flowed is also on.
And git highlights trailing spaces in red, so let's avoid :)

Preexisting inconsistencies in outputting spaces in the right
spot are also addressed right away.

References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
d09b6d591ca7d7d7575cb6aa20384c9830f777ab 08-Jan-2011 Jan Engelhardt <jengelh@medozas.de> extensions: remove no longer necessary default: cases

Match and target parse functions now only get option characters they
have defined themselves.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e 23-Jul-2010 Jan Engelhardt <jengelh@medozas.de> all: consistent syntax use in struct option

Try to inhibit copypasting old stuff.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
bf97128c7262f17a02fec41cdae75b472ba77f88 03-Nov-2009 Jan Engelhardt <jengelh@medozas.de> libxtables: hand argv to xtables_check_inverse

In going to fix NF bug #611, "argv" is needed in
xtables_check_inverse to set "optarg" to the right spot in case of an
intrapositional negation.

References: http://bugzilla.netfilter.org/show_bug.cgi?id=611
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
c5e85736c207f211d82d2878a5781f512327dfce 12-Jun-2009 Jan Engelhardt <jengelh@medozas.de> extensions: collapse registration structures

There are no different code paths between IPV4 and IPV6, so
data can be consolidated here.

text data bss dec hex filename
243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586]
243613 9428 2576 255617 3e681 ip6tables-static[after.i586]
-144 -2784

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
1829ed482efbc8b390cc760d012b3a4450494e1a 21-Feb-2009 Jan Engelhardt <jengelh@medozas.de> libxtables: prefix exit_error to xtables_error

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
0f16c725aadaac7e670d632ecbaea3661ff00827 30-Jan-2009 Jan Engelhardt <jengelh@medozas.de> libxtables: prefix/order - move check_inverse to xtables.c

This also adds a warning that intrapositional negation support
is deprecated.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
a0baae85f8159f03d52535934aa9b3a375e0f1f3 30-Jan-2009 Jan Engelhardt <jengelh@medozas.de> libxtables: prefix - parse and escaped output func

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
03d99486d8283552705b58dc55b6085dffc38792 18-Nov-2008 Jan Engelhardt <jengelh@medozas.de> src: use NFPROTO_ constants

Resync netfilter.h from the latest kernel and make use of the new
NFPROTO_ constants that have been introduced.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_NFLOG.c
8b7c64d6ba156a99008fcd810cba874c73294333 15-Apr-2008 Jan Engelhardt <jengelh@medozas.de> Remove old functions, constants
/external/iptables/extensions/libxt_NFLOG.c
9ee386a1b6d7704b259460152c959ab0e79e02aa 29-Jan-2008 Max Kellermann <max@duempel.org> fix gcc warnings

Max Kellermann <max@duempel.org>
/external/iptables/extensions/libxt_NFLOG.c
a5d099400fd6f9ad3880dda10f85d2aa36b5ec65 29-Jan-2008 Max Kellermann <max@duempel.org> escape strings

Max Kellermann <max@duempel.org>
/external/iptables/extensions/libxt_NFLOG.c
b4ef34f5be162ffcfe53f5f5fa93541691161580 29-Jan-2008 Max Kellermann <max@duempel.org> use size_t

Max Kellermann <max@duempel.org>
/external/iptables/extensions/libxt_NFLOG.c
932e648f38ac16b1ea14c1f66f23951388448c5a 04-Oct-2007 Jan Engelhardt <jengelh@medozas.de> Unique names 2/6

Give symbols of libxt targets unique names (1/3).

Adds unique prefixes to all functions (most of them - especially the hook
functions) so that debugging programs can unambiguously map a symbol to an
address. Also unifies the names of the xtables_match/xtables_target structs,
(based upon libxt_connmark.c/libip6t_*.c).

Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libxt_NFLOG.c
830132ac9c0d270bf9dcfe85c2464e3fe8c73fb9 04-Oct-2007 Jan Engelhardt <jengelh@medozas.de> Delete empty ->final_check() functions

Deletes empty ->final_check() functions, and makes ip[6]tables
checks for NULL on these.

Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libxt_NFLOG.c
500f483fff529dcd88ec96b9d5054be6cd6363a0 08-Sep-2007 Patrick McHardy <kaber@trash.net> Fix sparse warnings: non-ANSI function declarations, 0 used as pointer
/external/iptables/extensions/libxt_NFLOG.c
ea146a982e26c42f9954f140276f8deeb2edbe98 02-Sep-2007 Peter Riley <Peter.Riley@hotpop.com> Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)
/external/iptables/extensions/libxt_NFLOG.c
a16e11418405980334734e9edda6b705aea31f8e 04-Aug-2007 Yasuyuki KOZAKAIYasuyuki KOZAKAI <yasuyuki@netfilter.orgyasuyuki@netfilter.org> Unifies libip[6]t_NFLOG into libxt_NFLOG
/external/iptables/extensions/libxt_NFLOG.c
9bbf867821db55bd6e109934b9aa871322405767 04-Aug-2007 Yasuyuki KOZAKAI <yasuyuki@netfilter.org> Revert commit 6990.
That log is not correct and .NF_LOG-testx has incorrect mode.
/external/iptables/extensions/libxt_NFLOG.c
8338c88a83ac3828459b36332d340cbaa8e0607f 04-Aug-2007 Yasuyuki KOZAKAIYasuyuki KOZAKAI <yasuyuki@netfilter.orgyasuyuki@netfilter.org> Unifies libip[6]t_state into libxt_state
/external/iptables/extensions/libxt_NFLOG.c