3c9ff67ba8267baa4919a0abcf5c1ecf8848f9ce |
|
07-Oct-2016 |
Liping Zhang <liping.zhang@spreadtrum.com> |
extensions: libipt_realm: add a missing space in translation We missed a blank space when do translate to nft, so if rt_realm can be mapped to name, the result looks ugly: # iptables-translate -A OUTPUT -m realm --realm 0 nft add rule ip filter OUTPUT rtclassidcosmos counter ^ Apply this patch: # iptables-translate -A OUTPUT -m realm --realm 0 nft add rule ip filter OUTPUT rtclassid cosmos counter Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_realm.c
|
7a0992da44cfb6cab0ccd1beadcf326df8773552 |
|
24-Jul-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
src: introduce struct xt_xlate_{mt,tg}_params This structure is an extensible containers of parameters, so we don't need to propagate interface updates in every extension file in case we need to add new parameters in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_realm.c
|
f035be35c749d5c5cbb7ffdbcd1c548b91bd3033 |
|
09-Jul-2016 |
Pablo M. Bermudo Garay <pablombg@gmail.com> |
xtables-translate: fix multiple spaces issue This patch fixes a multiple spaces issue. The problem arises when a rule set loaded through iptables-compat-restore is listed in nft. Before this commit, two spaces were printed after every match translation: $ sudo iptables-save *filter :INPUT ACCEPT [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 80:85 -m ttl --ttl-gt 5 -j ACCEPT COMMIT $ sudo iptables-compat-restore iptables-save $ sudo nft list ruleset table ip filter { chain INPUT { type filter hook input priority 0; policy accept; ct state related,established counter packets 0 bytes 0 accept ^^ ip protocol tcp tcp dport 80-85 ip ttl gt 5 counter packets 0 bytes 0 accept ^^ ^^ } } Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_realm.c
|
09cad6470a1ef596876879c01bd8f9148e896dbe |
|
27-Jun-2016 |
Liping Zhang <liping.zhang@spreadtrum.com> |
extensions: libipt_realm: fix order of mask and id when do nft translation Before: # iptables-translate -A INPUT -m realm --realm 1/0xf nft add rule ip filter INPUT rtclassid and 0x1 == 0xf counter Apply this patch: # iptables-translate -A INPUT -m realm --realm 1/0xf nft add rule ip filter INPUT rtclassid and 0xf == 0x1 counter Cc: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_realm.c
|
9e14d4330655a6f58bf2674f0684d8252f688c16 |
|
09-Mar-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
iptables-translate: pass ipt_entry and ip6t_entry to ->xlate() The multiport match needs it, this basically leaves ->xlate() indirection with almost the same interface as ->print(). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_realm.c
|
6b60dc5be58a5781cacc4e6f238454d5e8421760 |
|
01-Feb-2016 |
Pablo Neira Ayuso <pablo@netfilter.org> |
extensions: rename xt_buf to xt_xlate Use a more generic name for this object to prepare the introduction of other translation specific fields. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_realm.c
|
f7c26137b0d57a4c59e13ee531ccdc82cdc34e03 |
|
25-Dec-2015 |
Shivani Bhardwaj <shivanib134@gmail.com> |
extensions: libipt_realm: Add translation to nft Add translation for routing realm to nftables. Examples: $ sudo iptables-translate -A PREROUTING -m realm --realm 4 nft add rule ip filter PREROUTING rtclassid 0x4 counter $ sudo iptables-translate -A PREROUTING -m realm --realm 5/5 nft add rule ip filter PREROUTING rtclassid and 0x5 == 0x5 counter $ sudo iptables-translate -A PREROUTING -m realm ! --realm 50 nft add rule ip filter PREROUTING rtclassid != 0x32 counter Signed-off-by: Shivani Bhardwaj <shivanib134@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
/external/iptables/extensions/libipt_realm.c
|
14da56743c6cdf25da35b7b5ca7a5d201771990d |
|
27-Aug-2011 |
Jan Engelhardt <jengelh@medozas.de> |
src: resolve old macro names that are indirections Command used: git grep -f <(pcregrep -hior '(?<=#define\s)IP6?(T_\w+)(?=\s+X\1)' include/) and then fix all occurrences. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
f04d48879fea70451148d7867d5a388efe63b48f |
|
06-Mar-2011 |
Jan Engelhardt <jengelh@medozas.de> |
libipt_realm: use guided option parser Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
a239728ec064666025de2723997d87b176d57fd6 |
|
04-Apr-2011 |
Maciej Zenczykowski <maze@google.com> |
mark newly opened fds as FD_CLOEXEC (close on exec) (This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm) Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_realm.c
|
73866357e4a7a0fdc1b293bf8863fee2bd56da9e |
|
18-Dec-2010 |
Jan Engelhardt <jengelh@medozas.de> |
iptables: do not print trailing whitespaces Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
d09b6d591ca7d7d7575cb6aa20384c9830f777ab |
|
08-Jan-2011 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove no longer necessary default: cases Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
32b8e61e4e5bd405d9ad07bf9468498dfbb19f9e |
|
23-Jul-2010 |
Jan Engelhardt <jengelh@medozas.de> |
all: consistent syntax use in struct option Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
bbe83862a5e1baf15f7c923352d4afdf59bc70e2 |
|
24-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
iptables/extensions: make bundled options work again When using a bundled option like "-ptcp", 'argv[optind-1]' would logically point to "-ptcp", but this is obviously not right. 'optarg' is needed instead, which if properly offset to "tcp". Not all places change optind-based access to optarg; where look-ahead is needed, such as for tcp's --tcp-flags option for example, optind is ok. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
bf97128c7262f17a02fec41cdae75b472ba77f88 |
|
03-Nov-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: hand argv to xtables_check_inverse In going to fix NF bug #611, "argv" is needed in xtables_check_inverse to set "optarg" to the right spot in case of an intrapositional negation. References: http://bugzilla.netfilter.org/show_bug.cgi?id=611 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
4a0fbe37a9879ade6a6bf99ab105316284eb4102 |
|
24-Oct-2009 |
Jan Engelhardt <jengelh@medozas.de> |
realm: remove static initializations Save a little disk space, they are initialized to zero anyway. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
ecd48dd6ba534deea7fd4d0ce20c7b5c00f4128f |
|
08-Jun-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: remove redundant casts Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_realm.c
|
69f564e3890976461de0016cd81171ff8bfa8353 |
|
26-May-2009 |
Jan Engelhardt <jengelh@medozas.de> |
extensions: add const qualifiers in print/save functions Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
1829ed482efbc8b390cc760d012b3a4450494e1a |
|
21-Feb-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix exit_error to xtables_error Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
0f16c725aadaac7e670d632ecbaea3661ff00827 |
|
30-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
libxtables: prefix/order - move check_inverse to xtables.c This also adds a warning that intrapositional negation support is deprecated. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
213e185afbb298e6708881e4c2adffdc47a8b6da |
|
27-Jan-2009 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove redundant casts All of them are implicitly convertable without any wanted side effects. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
/external/iptables/extensions/libipt_realm.c
|
5d9678ad3eabc34ac40dfe055d7f6a8e44445a5a |
|
20-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: remove inclusion of iptables.h iptables.h and ip6tables.h only include declarations internal to iptables (specifically iptables.c and ip6tables.c), as most of the public API has been moved to xtables.h a few months ago. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_realm.c
|
03d99486d8283552705b58dc55b6085dffc38792 |
|
18-Nov-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: use NFPROTO_ constants Resync netfilter.h from the latest kernel and make use of the new NFPROTO_ constants that have been introduced. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_realm.c
|
ddac6c5bc636003d664d25c08ea3fe176565096c |
|
01-Sep-2008 |
Jan Engelhardt <jengelh@medozas.de> |
src: Update comments A number of comments are redundant, some outdated and others outright wrong in their own way. Remove and fixup. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_realm.c
|
967279231a9ecfa99f26694a954afc535c63db1d |
|
13-Aug-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Synchronize invert flag order with manpages Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
/external/iptables/extensions/libipt_realm.c
|
8b7c64d6ba156a99008fcd810cba874c73294333 |
|
15-Apr-2008 |
Jan Engelhardt <jengelh@medozas.de> |
Remove old functions, constants
/external/iptables/extensions/libipt_realm.c
|
9ee386a1b6d7704b259460152c959ab0e79e02aa |
|
29-Jan-2008 |
Max Kellermann <max@duempel.org> |
fix gcc warnings Max Kellermann <max@duempel.org>
/external/iptables/extensions/libipt_realm.c
|
59d164019340d110d302634e429320577f0db7be |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Unique names 3/6 Give symbols of libxt matches unique names (2/3). Adds unique prefixes to all functions (most of them - especially the hook functions) so that debugging programs can unambiguously map a symbol to an address. Also unifies the names of the xtables_match/xtables_target structs, (based upon libxt_connmark.c/libip6t_*.c). Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libipt_realm.c
|
0e2abed11985e16215559cefd90625f99317b96c |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Constify data structures Constify more data structures. Make functions static. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libipt_realm.c
|
d3daa435a4790111ac6d6d0b0da2721081160341 |
|
04-Oct-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Remove stray NULLs Mixing member accessors (non-named vs named) is not good. Remove stray NULL. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libipt_realm.c
|
500f483fff529dcd88ec96b9d5054be6cd6363a0 |
|
08-Sep-2007 |
Patrick McHardy <kaber@trash.net> |
Fix sparse warnings: non-ANSI function declarations, 0 used as pointer
/external/iptables/extensions/libipt_realm.c
|
ea146a982e26c42f9954f140276f8deeb2edbe98 |
|
02-Sep-2007 |
Peter Riley <Peter.Riley@hotpop.com> |
Remove last vestiges of NFC (Peter Riley <Peter.Riley@hotpop.com>)
/external/iptables/extensions/libipt_realm.c
|
661f112072bc13a1625c4eb5983695e122ea97da |
|
30-Jul-2007 |
Jan Engelhardt <jengelh@medozas.de> |
Make the option structures const. Signed-off-by: Jan Engelhardt <jengelh@gmx.de>
/external/iptables/extensions/libipt_realm.c
|
c0a9ab93f49a3d2508c95d0ca1a01c1089983731 |
|
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Fixes warning on compilation of iptables matches/targets This changes the type of arguments as follows - ipt_ip * -> void * - ipt_entry * -> void * This patch doesn't change multiport, DNAT, SNAT, MASQUERADE, REDIRECT because these need more changes (casting void * variable with intended type)
/external/iptables/extensions/libipt_realm.c
|
193df8ee3507f0c02762c88a16916c4ea950bd99 |
|
24-Jul-2007 |
Yasuyuki KOZAKAI <yasuyuki@netfilter.org> |
Replaces ipt_entry_* with xt_entry_* in matches/targets
/external/iptables/extensions/libipt_realm.c
|
ca9d8c221f0e10cc8dd0c79e922a1dc73ae0ca5f |
|
02-Sep-2006 |
Simon Lodal <simon@parknet.dk> |
Named realm (Simon Lodal <simon@parknet.dk>) Optionally read realm values from /etc/iproute2/rt_realms
/external/iptables/extensions/libipt_realm.c
|
a895b9cfd9b5c20111cb442f9b7b14c774d1d544 |
|
24-May-2006 |
Simon Lodal <simonl@parknet.dk> |
Use lowercase letters for match name (Simon Lodal <simonl@parknet.dk>)
/external/iptables/extensions/libipt_realm.c
|
8115e5425721cd610b6390c3d4c24540773b0520 |
|
14-Feb-2005 |
Pablo Neira <pablo@eurodev.net> |
Kill NFC_* stuff in iptables (Pablo Neira <pablo@eurodev.net>) Fixes build with conntrack event patch for 2.6
/external/iptables/extensions/libipt_realm.c
|
69558bf5d1acbc9112b7568d9db6aec2efa0fd7a |
|
13-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
Allow "--realm ! foo" and "! --realm foo" (Closes: #297)
/external/iptables/extensions/libipt_realm.c
|
61d274fc47d0a69a2b4aa005a3a786774f1200c9 |
|
08-Feb-2005 |
Harald Welte <laforge@gnumonks.org> |
try to fix realm save/restore issue (Adresses: #297)
/external/iptables/extensions/libipt_realm.c
|
8caee8b9e34fed4562fcff553197c161fc9d9979 |
|
28-Dec-2004 |
Pablo Neira <pablo@eurodev.net> |
Pablo Neira: extensions conversion to C99 structure initialization (I removed the revision stuff for the moment, but this needs to go in before the code moves too much --RR)
/external/iptables/extensions/libipt_realm.c
|
4066ee9e891e1d482cb90fb7c47213bfa6f3fb5b |
|
22-Sep-2004 |
Simon Lodal <simonl@parknet.dk> |
realm: fix inversion (Simon Lodal)
/external/iptables/extensions/libipt_realm.c
|
80fe35d6339b53a12ddaec41885613e4e37ed031 |
|
29-May-2002 |
Harald Welte <laforge@gnumonks.org> |
globally replace NETFILTER_VERSION with IPTABLES_VERSION to have consistent naming
/external/iptables/extensions/libipt_realm.c
|
b77f1dafb9f35752bb9685323bcacb32a0e6ddc5 |
|
14-Mar-2002 |
Harald Welte <laforge@gnumonks.org> |
Fix 'iptables -p !' bug (segfault when `!' used without argument)
/external/iptables/extensions/libipt_realm.c
|
2e2d3f394f40ef4ac9f213652b2976e0911cb05c |
|
02-Sep-2001 |
Harald Welte <laforge@gnumonks.org> |
fix comment
/external/iptables/extensions/libipt_realm.c
|
d6aa9666bebfe9fa1d87ce8d77c40704cd6a6199 |
|
30-Jul-2001 |
Sampsa Ranta <sampsa@netsonic.fi> |
added realm match from Sampsa Ranta
/external/iptables/extensions/libipt_realm.c
|