Cross Reference: /external/iptables/extensions/libxt

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
129ed57b8e050e8e57deeefc2ed36ec979265d8a	07-Oct-2016	Liping Zhang <liping.zhang@spreadtrum.com>	extensions: libxt_iprange: handle the invert flag properly in translation If we specify the invert flag, we should put "!=" after "ip saddr/daddr", so the current translation is wrong: # iptables-translate -A OUTPUT -m iprange ! --dst-range 1.1.1.1-1.1.1.2 nft add rule ip filter OUTPUT != ip daddr 1.1.1.1-1.1.1.2 counter # ip6tables-translate -A OUTPUT -m iprange ! --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT != ip6 saddr 2003::1-2003::3 counter Apply this patch: # iptables-translate -A OUTPUT -m iprange ! --dst-range 1.1.1.1-1.1.1.2 nft add rule ip filter OUTPUT ip daddr != 1.1.1.1-1.1.1.2 counter # ip6tables-translate -A OUTPUT -m iprange ! --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT ip6 saddr != 2003::1-2003::3 counter Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libxt_iprange.c
837ca1e34893c67d8e195a4132d1517cb7d4bb11	07-Oct-2016	Liping Zhang <liping.zhang@spreadtrum.com>	extensions: libxt_iprange: rename "ip saddr" to "ip6 saddr" in ip6tables-xlate nft will complain the syntax error if we use "ip saddr" or "ip daddr" in ip6 family, so the current translation is wrong: # ip6tables-translate -A OUTPUT -m iprange --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT ip saddr 2003::1-2003::3 counter ^^ Apply this patch: # ip6tables-translate -A OUTPUT -m iprange --src-range 2003::1-2003::3 nft add rule ip6 filter OUTPUT ip6 saddr 2003::1-2003::3 counter Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libxt_iprange.c
7a0992da44cfb6cab0ccd1beadcf326df8773552	24-Jul-2016	Pablo Neira Ayuso <pablo@netfilter.org>	src: introduce struct xt_xlate_{mt,tg}_params This structure is an extensible containers of parameters, so we don't need to propagate interface updates in every extension file in case we need to add new parameters in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libxt_iprange.c
f035be35c749d5c5cbb7ffdbcd1c548b91bd3033	09-Jul-2016	Pablo M. Bermudo Garay <pablombg@gmail.com>	xtables-translate: fix multiple spaces issue This patch fixes a multiple spaces issue. The problem arises when a rule set loaded through iptables-compat-restore is listed in nft. Before this commit, two spaces were printed after every match translation: $ sudo iptables-save *filter :INPUT ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 80:85 -m ttl --ttl-gt 5 -j ACCEPT COMMIT $ sudo iptables-compat-restore iptables-save $ sudo nft list ruleset table ip filter { chain INPUT { type filter hook input priority 0; policy accept; ct state related,established counter packets 0 bytes 0 accept ^^ ip protocol tcp tcp dport 80-85 ip ttl gt 5 counter packets 0 bytes 0 accept ^^ ^^ } } Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libxt_iprange.c
34c6f774f6981f4ef909495f366b58c1b646cf4b	20-Jun-2016	Pablo M. Bermudo Garay <pablombg@gmail.com>	extensions: iprange: remove extra space in translation Extra space was printed by iprange_xlate: # iptables-translate -A INPUT -m iprange --src-range \ 192.168.25.149-192.168.25.151 -j ACCEPT nft add rule ip filter INPUT ip saddr 192.168.25.149-192.168.25... ^^ Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libxt_iprange.c
9e14d4330655a6f58bf2674f0684d8252f688c16	09-Mar-2016	Pablo Neira Ayuso <pablo@netfilter.org>	iptables-translate: pass ipt_entry and ip6t_entry to ->xlate() The multiport match needs it, this basically leaves ->xlate() indirection with almost the same interface as ->print(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libxt_iprange.c
6b60dc5be58a5781cacc4e6f238454d5e8421760	01-Feb-2016	Pablo Neira Ayuso <pablo@netfilter.org>	extensions: rename xt_buf to xt_xlate Use a more generic name for this object to prepare the introduction of other translation specific fields. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libxt_iprange.c
b9cd6f55374461163c6216e8d892e88102200908	21-Dec-2015	Shivani Bhardwaj <shivanib134@gmail.com>	extensions: libxt_iprange: Add translation to nft Add translation for iprange to nftables. Examples: $ sudo iptables-translate -A INPUT -m iprange --src-range 192.168.25.149-192.168.25.151 -j ACCEPT nft add rule ip filter INPUT ip saddr 192.168.25.149-192.168.25.151 counter accept $ sudo iptables-translate -A INPUT -m iprange --dst-range 192.168.25.149-192.168.25.151 -j ACCEPT nft add rule ip filter INPUT ip daddr 192.168.25.149-192.168.25.151 counter accept Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /external/iptables/extensions/libxt_iprange.c
ce4b79577fa9c1ed68c36797890d39ca5ba9a8bf	07-May-2011	Jan Engelhardt <jengelh@medozas.de>	libxt_iprange: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
73866357e4a7a0fdc1b293bf8863fee2bd56da9e	18-Dec-2010	Jan Engelhardt <jengelh@medozas.de>	iptables: do not print trailing whitespaces Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
d09b6d591ca7d7d7575cb6aa20384c9830f777ab	08-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	extensions: remove no longer necessary default: cases Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
7ac405297ec38449b30e3b05fd6bf2082fd3d803	07-Jan-2011	Jan Engelhardt <jengelh@medozas.de>	src: use C99/POSIX types "u_int" was a non-standardized extension predating C99 on some platforms. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e	23-Jul-2010	Jan Engelhardt <jengelh@medozas.de>	all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
ada4ff6155a02b0aed8400e46f34e72c91e36277	21-Apr-2010	Vincent Bernat <bernat@luffy.cx>	iprange: fix xt_iprange v0 parsing iprange_parse() was incomplete and did not include parsed ranges into ipt_iprange_info structure resulting in always adding range 0.0.0.0-0.0.0.0 in the kernel. Moreover, when using --dst-range, error messages may display --src-range instead. Fix this too. Signed-off-by: Vincent Bernat <bernat@luffy.cx> Signed-off-by: Patrick McHardy <kaber@trash.net> /external/iptables/extensions/libxt_iprange.c
350661a6eb089f3e54e67e022db9e16ea280499f	31-Jan-2010	Jan Engelhardt <jengelh@medozas.de>	includes: header updates Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
bf97128c7262f17a02fec41cdae75b472ba77f88	03-Nov-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
7fa7329fc972513021131416dbd9d535141bd2ea	18-Sep-2009	Jan Engelhardt <jengelh@medozas.de>	iprange: roll address parsing into a loop /external/iptables/extensions/libxt_iprange.c
648a7bafa7acc33d986f113275a20199a6ad2aaa	18-Sep-2009	Jan Engelhardt <jengelh@medozas.de>	iprange: warn on reverse range /external/iptables/extensions/libxt_iprange.c
a10a12afee2083d240a304ceac7f3d9902a6f60a	18-Sep-2009	Jan Engelhardt <jengelh@medozas.de>	iprange: do accept non-ranges for xt_iprange v1 [fill in details] /external/iptables/extensions/libxt_iprange.c
f2a77520693f0a6dd1df1f87be4b81913961c1f5	25-Jun-2009	Jan Engelhardt <jengelh@medozas.de>	extensions: collapse data variables to use multi-reg calls Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
1829ed482efbc8b390cc760d012b3a4450494e1a	21-Feb-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
0f16c725aadaac7e670d632ecbaea3661ff00827	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
1e01b0b82f70b0b11dcfbced485dbe7aeac4fb8c	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - ascii to ipaddr/ipmask input Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7	30-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - ipaddr/ipmask to ascii output Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
a41545ca7cde43e0ba53260ba74bd9bf74025a68	27-Jan-2009	Jan Engelhardt <jengelh@medozas.de>	libxtables: prefix/order - param_act Changes: exittype -> xtables_exittype P_* -> XTF_* flags Signed-off-by: Jan Engelhardt <jengelh@medozas.de> /external/iptables/extensions/libxt_iprange.c
03d99486d8283552705b58dc55b6085dffc38792	18-Nov-2008	Jan Engelhardt <jengelh@medozas.de>	src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> /external/iptables/extensions/libxt_iprange.c
240eee607ab7e5bb9f671b7ceba40e2940182f61	23-Oct-2008	Thomas Jarosch <thomas.jarosch@intra2net.com>	Fix compile error in libxt_iprange.c using gcc 4.3.2 In file included from libxt_iprange.c:9: ../include/linux/netfilter.h:43: error: field 'in' has incomplete type ../include/linux/netfilter.h:44: error: field 'in6' has incomplete type libxt_iprange.c: In function 'parse_iprange': libxt_iprange.c:46: error: dereferencing pointer to incomplete type libxt_iprange.c:53: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt4_parse': libxt_iprange.c:117: error: dereferencing pointer to incomplete type libxt_iprange.c:121: error: dereferencing pointer to incomplete type libxt_iprange.c:136: error: dereferencing pointer to incomplete type libxt_iprange.c:140: error: dereferencing pointer to incomplete type libxt_iprange.c: In function 'iprange_mt6_parse': libxt_iprange.c:167: error: dereferencing pointer to incomplete type libxt_iprange.c:171: error: dereferencing pointer to incomplete type libxt_iprange.c:186: error: dereferencing pointer to incomplete type libxt_iprange.c:190: error: dereferencing pointer to incomplete type Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com> /external/iptables/extensions/libxt_iprange.c
bfb7e0b84b5d732e378a3fcbb4132fdbd9938766	01-Sep-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_iprange: fix option names There is no --src-ip, just --src-range. (Same for --dst-range.) Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> /external/iptables/extensions/libxt_iprange.c
6a0cd58f7e444137eb757695f917e46eb14201c8	13-Jun-2008	Jan Engelhardt <jengelh@medozas.de>	iprange: kernel flags were not set The --src-range and --dst-range parameters did not set the IPRANGE_* flags in struct xt_iprange_mtinfo. Reported-by: Maxim Britov <maxim.britov@gmail.com> Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net> /external/iptables/extensions/libxt_iprange.c
8b7c64d6ba156a99008fcd810cba874c73294333	15-Apr-2008	Jan Engelhardt <jengelh@medozas.de>	Remove old functions, constants /external/iptables/extensions/libxt_iprange.c
dbe6c3b74ee847707181f1fe28b2975b4a8ab425	01-Apr-2008	James King <t.james.king@gmail.com>	[IPTABLES]: libxt_iprange: Fix IP validation logic IP address validation logic was inverted, causing valid addresses to be rejected. Signed-off-by: James King <t.james.king@gmail.com> /external/iptables/extensions/libxt_iprange.c
9ee386a1b6d7704b259460152c959ab0e79e02aa	29-Jan-2008	Max Kellermann <max@duempel.org>	fix gcc warnings Max Kellermann <max@duempel.org> /external/iptables/extensions/libxt_iprange.c
fc11b0b24ca2f808adcca3fd6b1aad581538171d	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_iprange r1 Add support for xt_iprange revision 1 Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> /external/iptables/extensions/libxt_iprange.c
41daaa0cfbb1cb6b80a2ce2571f9f92f164f0228	20-Jan-2008	Jan Engelhardt <jengelh@medozas.de>	libxt_iprange r0 Move libipt_iprange to libxt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> /external/iptables/extensions/libxt_iprange.c