68c57e809f69108694cce2d502a3ed1c328d13e8 |
|
26-Jul-2016 |
Pablo M. Bermudo Garay <pablombg@gmail.com> |
xtables-translate: fix issue with quotes Some translations included escaped quotes when they were called from nft: $ sudo nft list ruleset table ip mangle { chain FORWARD { type filter hook forward priority -150; policy accept; ct helper \"ftp\" counter packets 0 bytes 0 ^^ ^^ } } This behavior is only correct when xlate functions are called from a xtables-translate command. This patch solves that issue using a new parameter (escape_quotes) in the xlate functions. Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
|
7a0992da44cfb6cab0ccd1beadcf326df8773552 |
|
24-Jul-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
src: introduce struct xt_xlate_{mt,tg}_params This structure is an extensible containers of parameters, so we don't need to propagate interface updates in every extension file in case we need to add new parameters in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
|
f280adca86dfb8ba4d5a3d5a309f9252cc02f2ca |
|
18-Jul-2016 |
Liping Zhang <liping.zhang@spreadtrum.com> |
extensions: libxt_NFLOG: translate to nft log snaplen if nflog-size is specified The nflog-size was introduced by commit 7070b1f3c88a ("extensions: libxt_NFLOG: nflog-range does not truncate packets"). Then make the nflog-range become deprecated, because it has no effect from the beginning. So when we do translation, nft log snaplen is translated only if the nflog-size is specified. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
|
4bde4cc6721e460a1896bf4be2b44fb2ed05b240 |
|
18-Jul-2016 |
Liping Zhang <liping.zhang@spreadtrum.com> |
extensions: libxt_NFLOG: display nflog-size even if it is zero The following iptables rules have the different semantics: # iptables -A INPUT -j NFLOG # iptables -A INPUT -j NFLOG --nflog-size 0 But they are all displayed as "-A INPUT -j NFLOG", so if the user input the following commands, the original semantics will be broken. # iptables-save | iptables-restore Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
|
7070b1f3c88a0c3d4e315c00cca61f05b0fbc882 |
|
24-Jun-2016 |
Vishwanath Pai <vpai@akamai.com> |
extensions: libxt_NFLOG: nflog-range does not truncate packets The option --nflog-range has never worked, but we cannot just fix this because users might be using this feature option and their behavior would change. Instead add a new option --nflog-size. This option works the same way nflog-range should have, and both of them are mutually exclusive. When someone uses --nflog-range we print a warning message informing them that this feature has no effect. To indicate the kernel that the user has set --nflog-size we have to pass a new flag XT_NFLOG_F_COPY_LEN. Also updated the man page to reflect the new option and added tests to extensions/libxt_NFLOG.t Reported-by: Joe Dollard <jdollard@akamai.com> Reviewed-by: Josh Hunt <johunt@akamai.com> Signed-off-by: Vishwanath Pai <vpai@akamai.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
|
9e14d4330655a6f58bf2674f0684d8252f688c16 |
|
09-Mar-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
iptables-translate: pass ipt_entry and ip6t_entry to ->xlate() The multiport match needs it, this basically leaves ->xlate() indirection with almost the same interface as ->print(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
|
6b60dc5be58a5781cacc4e6f238454d5e8421760 |
|
01-Feb-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: rename xt_buf to xt_xlate Use a more generic name for this object to prepare the introduction of other translation specific fields. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
|
d0125f890698dd84553db3d27eea7e36ebbdbf88 |
|
22-Dec-2015 |
Shivani Bhardwaj <shivanib134@gmail.com> |
extensions: libxt_NFLOG: Add group_info and remove multiple keywords Add group_info with every rule as it is mandatory to consider logging to be same type as NFLOG. Remove multiple log keywords to avoid loading multiple log expressions at a time. Examples: $ sudo iptables-translate -I INPUT -j NFLOG --nflog-threshold 2 nft insert rule ip filter INPUT counter log queue-threshold 2 group 0 $ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0" nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" group 32 Reported-by: Arturo Borrero <arturoborreroglez@gmail.com> Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
|
7a2de9b9141c96b3984f54fa1e48a0ed88c8b40c |
|
21-Dec-2015 |
Shivani Bhardwaj <shivanib134@gmail.com> |
extensions: libxt_NFLOG: Add translation to nft Add translation for NF Logging to nftables. Examples: $ sudo iptables-translate -A OUTPUT -j NFLOG --nflog-group 30 nft add rule ip filter OUTPUT counter log group 30 $ sudo iptables-translate -A FORWARD -j NFLOG --nflog-group 32 --nflog-prefix "Prefix 1.0" nft add rule ip filter FORWARD counter log prefix \"Prefix 1.0\" log group 32 $ sudo iptables-translate -I INPUT -j NFLOG --nflog-range 256 nft insert rule ip filter INPUT counter log snaplen 256 $ sudo iptables-translate -I INPUT -j NFLOG --nflog-threshold 25 nft insert rule ip filter INPUT counter log queue-threshold 25 Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libxt_NFLOG.c
|
6cfb28bb9032dcf2749ff80f88ad37b9fe5e7c2a |
|
01-May-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libxt_NFLOG: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
|
e88a7c2c7175742b58b6aa03f2b5aba2d80330a1 |
|
18-Feb-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove redundant init functions The main program already zeroes the per-extension data block. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
|
73866357e4a7a0fdc1b293bf8863fee2bd56da9e |
|
18-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: do not print trailing whitespaces Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
|
d09b6d591ca7d7d7575cb6aa20384c9830f777ab |
|
08-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove no longer necessary default: cases Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
|
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e |
|
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
|
bf97128c7262f17a02fec41cdae75b472ba77f88 |
|
03-Nov-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
|
c5e85736c207f211d82d2878a5781f512327dfce |
|
12-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: collapse registration structures There are no different code paths between IPV4 and IPV6, so data can be consolidated here. text data bss dec hex filename 243757 12212 2576 258545 3f1f1 ip6tables-static[before.i586] 243613 9428 2576 255617 3e681 ip6tables-static[after.i586] -144 -2784 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
|
1829ed482efbc8b390cc760d012b3a4450494e1a |
|
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
|
0f16c725aadaac7e670d632ecbaea3661ff00827 |
|
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
|
a0baae85f8159f03d52535934aa9b3a375e0f1f3 |
|
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix - parse and escaped output func Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libxt_NFLOG.c
|
03d99486d8283552705b58dc55b6085dffc38792 |
|
18-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libxt_NFLOG.c
|
8b7c64d6ba156a99008fcd810cba874c73294333 |
|
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove old functions, constants
/external/iptables/extensions/libxt_NFLOG.c
|
9ee386a1b6d7704b259460152c959ab0e79e02aa |
|
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
fix gcc warnings Max Kellermann <max@duempel.org>
/external/iptables/extensions/libxt_NFLOG.c
|
a5d099400fd6f9ad3880dda10f85d2aa36b5ec65 |
|
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
escape strings Max Kellermann <max@duempel.org>
/external/iptables/extensions/libxt_NFLOG.c
|
b4ef34f5be162ffcfe53f5f5fa93541691161580 |
|
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
use size_t Max Kellermann <max@duempel.org>
/external/iptables/extensions/libxt_NFLOG.c
|
932e648f38ac16b1ea14c1f66f23951388448c5a |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique names 2/6 Give symbols of libxt targets unique names (1/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libxt_NFLOG.c
|
830132ac9c0d270bf9dcfe85c2464e3fe8c73fb9 |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Delete empty ->final_check() functions Deletes empty ->final_check() functions, and makes ip[6]tables checks for NULL on these. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libxt_NFLOG.c
|
500f483fff529dcd88ec96b9d5054be6cd6363a0 |
|
08-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix sparse warnings: non-ANSI function declarations, 0 used as pointer
/external/iptables/extensions/libxt_NFLOG.c
|
ea146a982e26c42f9954f140276f8deeb2edbe98 |
|
02-Sep-2007 |
Peter Riley <Peter.Riley@hotpop.com> |
Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)
/external/iptables/extensions/libxt_NFLOG.c
|
a16e11418405980334734e9edda6b705aea31f8e |
|
04-Aug-2007 |
Yasuyuki KOZAKAIYasuyuki KOZAKAI <yasuyuki@netfilter.orgyasuyuki@netfilter.org> |
Unifies libip[6]t_NFLOG into libxt_NFLOG
/external/iptables/extensions/libxt_NFLOG.c
|
9bbf867821db55bd6e109934b9aa871322405767 |
|
04-Aug-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Revert commit 6990. That log is not correct and .NF_LOG-testx has incorrect mode.
/external/iptables/extensions/libxt_NFLOG.c
|
8338c88a83ac3828459b36332d340cbaa8e0607f |
|
04-Aug-2007 |
Yasuyuki KOZAKAIYasuyuki KOZAKAI <yasuyuki@netfilter.orgyasuyuki@netfilter.org> |
Unifies libip[6]t_state into libxt_state
/external/iptables/extensions/libxt_NFLOG.c
|