Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
adam.huang
Pkg Iptables
Commits
c2234165
Commit
c2234165
authored
Feb 10, 2017
by
Arturo Borrero Gonzalez
Browse files
Merge tag 'upstream/1.6.1'
Upstream version 1.6.1
parents
475b9a99
f1f129da
Changes
156
Show whitespace changes
Inline
Side-by-side
extensions/libip6t_LOG.c
View file @
c2234165
...
...
@@ -189,22 +189,44 @@ static int LOG_xlate(struct xt_xlate *xl,
(
const
struct
ip6t_log_info
*
)
params
->
target
->
data
;
unsigned
int
i
=
0
;
xt_xlate_add
(
xl
,
"log
"
);
xt_xlate_add
(
xl
,
"log"
);
if
(
strcmp
(
loginfo
->
prefix
,
""
)
!=
0
)
{
if
(
params
->
escape_quotes
)
xt_xlate_add
(
xl
,
"prefix
\\\"
%s
\\\"
"
,
loginfo
->
prefix
);
xt_xlate_add
(
xl
,
"
prefix
\\\"
%s
\\\"
"
,
loginfo
->
prefix
);
else
xt_xlate_add
(
xl
,
"prefix
\"
%s
\"
"
,
loginfo
->
prefix
);
xt_xlate_add
(
xl
,
"
prefix
\"
%s
\"
"
,
loginfo
->
prefix
);
}
for
(
i
=
0
;
i
<
ARRAY_SIZE
(
ip6t_log_xlate_names
);
++
i
)
if
(
loginfo
->
level
==
ip6t_log_xlate_names
[
i
].
level
&&
loginfo
->
level
!=
LOG_DEFAULT_LEVEL
)
{
xt_xlate_add
(
xl
,
"level %s"
,
xt_xlate_add
(
xl
,
"
level %s"
,
ip6t_log_xlate_names
[
i
].
name
);
break
;
}
if
((
loginfo
->
logflags
&
IP6T_LOG_MASK
)
==
IP6T_LOG_MASK
)
{
xt_xlate_add
(
xl
,
" flags all"
);
}
else
{
if
(
loginfo
->
logflags
&
(
IP6T_LOG_TCPSEQ
|
IP6T_LOG_TCPOPT
))
{
const
char
*
delim
=
" "
;
xt_xlate_add
(
xl
,
" flags tcp"
);
if
(
loginfo
->
logflags
&
IP6T_LOG_TCPSEQ
)
{
xt_xlate_add
(
xl
,
" sequence"
);
delim
=
","
;
}
if
(
loginfo
->
logflags
&
IP6T_LOG_TCPOPT
)
xt_xlate_add
(
xl
,
"%soptions"
,
delim
);
}
if
(
loginfo
->
logflags
&
IP6T_LOG_IPOPT
)
xt_xlate_add
(
xl
,
" flags ip options"
);
if
(
loginfo
->
logflags
&
IP6T_LOG_UID
)
xt_xlate_add
(
xl
,
" flags skuid"
);
if
(
loginfo
->
logflags
&
IP6T_LOG_MACDECODE
)
xt_xlate_add
(
xl
,
" flags ether"
);
}
return
1
;
}
static
struct
xtables_target
log_tg6_reg
=
{
...
...
extensions/libip6t_LOG.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
j
LOG
;
-
j
LOG
;
OK
-
j
LOG
--
log
-
prefix
"
test:
";
=
;
OK
-
j
LOG
--
log
-
prefix
"
test:
"
--
log
-
level
1
;
=
;
OK
# iptables displays the log-level output using the number; not the string
-
j
LOG
--
log
-
prefix
"
test:
"
--
log
-
level
alert
;
-
j
LOG
--
log
-
prefix
"
test:
"
--
log
-
level
1
;
OK
-
j
LOG
--
log
-
prefix
"
test:
"
--
log
-
tcp
-
sequence
;
=
;
OK
-
j
LOG
--
log
-
prefix
"
test:
"
--
log
-
tcp
-
options
;
=
;
OK
-
j
LOG
--
log
-
prefix
"
test:
"
--
log
-
ip
-
options
;
=
;
OK
-
j
LOG
--
log
-
prefix
"
test:
"
--
log
-
uid
;
=
;
OK
-
j
LOG
--
log
-
prefix
"
test:
"
--
log
-
level
bad
;;
FAIL
-
j
LOG
--
log
-
prefix
;;
FAIL
extensions/libip6t_MASQUERADE.t
deleted
100644 → 0
View file @
475b9a99
:
POSTROUTING
*nat
-
j
MASQUERADE
;
=
;
OK
-
j
MASQUERADE
--
random
;
=
;
OK
-
p
tcp
-
j
MASQUERADE
--
to
-
ports
1024
;
=
;
OK
-
p
udp
-
j
MASQUERADE
--
to
-
ports
1024
-
65535
;
=
;
OK
-
p
udp
-
j
MASQUERADE
--
to
-
ports
1024
-
65536
;;
FAIL
-
p
udp
-
j
MASQUERADE
--
to
-
ports
-
1
;;
FAIL
extensions/libip6t_NETMAP.t
deleted
100644 → 0
View file @
475b9a99
:
PREROUTING
,
INPUT
,
OUTPUT
,
POSTROUTING
*nat
-
j
NETMAP
--
to
dead::
/
64
;
=
;
OK
-
j
NETMAP
--
to
dead::
beef
;
=
;
OK
extensions/libip6t_REDIRECT.t
deleted
100644 → 0
View file @
475b9a99
:
PREROUTING
,
OUTPUT
*nat
-
p
tcp
-
j
REDIRECT
--
to
-
ports
42
;
=
;
OK
-
p
udp
-
j
REDIRECT
--
to
-
ports
42
-
1234
;
=
;
OK
-
p
tcp
-
j
REDIRECT
--
to
-
ports
42
-
1234
--
random
;
=
;
OK
-
j
REDIRECT
--
to
-
ports
42
;;
FAIL
extensions/libip6t_REJECT.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
j
REJECT
;
=
;
OK
# manpage for IPv6 variant of REJECT does not show up for some reason?
-
j
REJECT
--
reject
-
with
icmp6
-
no
-
route
;
=
;
OK
-
j
REJECT
--
reject
-
with
icmp6
-
adm
-
prohibited
;
=
;
OK
-
j
REJECT
--
reject
-
with
icmp6
-
addr
-
unreachable
;
=
;
OK
-
j
REJECT
--
reject
-
with
icmp6
-
port
-
unreachable
;
=
;
OK
-
j
REJECT
--
reject
-
with
icmp6
-
policy
-
fail
;
=
;
OK
-
j
REJECT
--
reject
-
with
icmp6
-
reject
-
route
;
=
;
OK
-
p
tcp
-
j
REJECT
--
reject
-
with
tcp
-
reset
;
=
;
OK
-
j
REJECT
--
reject
-
with
tcp
-
reset
;;
FAIL
extensions/libip6t_SNAT.t
deleted
100644 → 0
View file @
475b9a99
:
POSTROUTING
*nat
-
j
SNAT
--
to
-
source
dead::
beef
;
=
;
OK
-
j
SNAT
--
to
-
source
dead::
beef
-
dead::
fee7
;
=
;
OK
-
p
tcp
-
j
SNAT
--
to
-
source
[
dead::
beef
]:
1025
-
65535
;
=
;
OK
-
p
tcp
-
j
SNAT
--
to
-
source
[
dead::
beef
-
dead::
fee7
]:
1025
-
65535
;
=
;
OK
-
p
tcp
-
j
SNAT
--
to
-
source
[
dead::
beef
-
dead::
fee7
]:
1025
-
65536
;;
FAIL
-
j
SNAT
;;
FAIL
extensions/libip6t_SNPT.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
POSTROUTING
*mangle
-
j
SNPT
--
src
-
pfx
dead::
/64 --dst-pfx 1c3::/
64
;
=
;
OK
-
j
SNPT
--
src
-
pfx
dead::
beef
--
dst
-
pfx
1
c3::
/
64
;;
FAIL
-
j
SNPT
--
src
-
pfx
dead::
/
64
;;
FAIL
-
j
SNPT
--
dst
-
pfx
dead::
/
64
;;
FAIL
-
j
SNPT
;;
FAIL
extensions/libip6t_ah.c
View file @
c2234165
...
...
@@ -152,8 +152,13 @@ static int ah_xlate(struct xt_xlate *xl,
space
=
" "
;
}
if
(
ahinfo
->
hdrres
!=
0
)
if
(
ahinfo
->
hdrres
!=
0
)
{
xt_xlate_add
(
xl
,
"%sah reserved %u"
,
space
,
ahinfo
->
hdrres
);
space
=
" "
;
}
if
(
!
space
[
0
])
/* plain '-m ah' */
xt_xlate_add
(
xl
,
"meta l4proto ah"
);
return
1
;
}
...
...
extensions/libip6t_ah.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
m ah --a
hspi
0
;
=
;
OK
-
m ah --a
hspi
4294967295
;
=
;
OK
-
m ah --a
hspi
0
:
4294967295
;
-
m ah;OK
-m a
h
!
--
ahspi
0
;
=
;
OK
# ERROR: should fail: iptables -A FORWARD -t mangle -j CLASSIFY --set-class 1:-1
# -m ah --ahres;=;OK
# ERROR: line 7 (cannot find: ip6tables -I INPUT -m ah --ahlen 32
# -m ah --ahlen 32;=;OK
-
m ah --a
hspi
-
1
;;
FAIL
-
m ah --a
hspi
4294967296
;;
FAIL
-
m ah --a
hspi
invalid
;;
FAIL
-
m ah --a
hspi
0
:
invalid
;;
FAIL
-
m ah --a
hspi
;;
FAIL
-
m
ah
;
=
;
OK
extensions/libip6t_dst.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
m dst --ds
t
-
len
0
;
=
;
OK
-
m dst --ds
t
-
opts
149
:
92
,
12
:
12
,
123
:
12
;
=
;
OK
-
m dst ! --ds
t
-
len
42
;
=
;
OK
-
m dst --ds
t
-
len
42
--
dst
-
opts
149
:
92
,
12
:
12
,
123
:
12
;
=
;
OK
extensions/libip6t_eui64.t
deleted
100644 → 0
View file @
475b9a99
:
PREROUTING
*raw
-
m eui64;=;OK
:INPUT,FORWARD
*filte
r
-
m eui64;=;OK
:OUTPUT
-m eui
64
;;
FAIL
extensions/libip6t_frag.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
m frag --f
ragid
1
:
42
;
=
;
OK
-
m frag --f
raglen
42
;
=
;
OK
-
m frag --f
ragres
;
=
;
OK
-
m frag --f
ragfirst
;
=
;
OK
-
m frag --f
ragmore
;
=
;
OK
-
m frag --f
raglast
;
=
;
OK
-
m frag ! --f
ragid
1
!
--
fraglen
42
--
fragres
--
fragfirst
;
=
;
OK
-
m frag --f
ragfirst
--
fragmore
;
=
;
OK
-
m frag --f
ragfirst
--
fraglast
;
=
;
OK
-
m frag --f
raglast
--
fragmore
;;
FAIL
extensions/libip6t_hbh.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
m hbh
;
=
;
OK
-
m hbh
--
hbh
-
len
42
;
=
;
OK
-
m hbh
!
--
hbh
-
len
42
;
=
;
OK
-
m hbh
--
hbh
-
len
42
--
hbh
-
opts
1
:
2
,
23
:
42
,
4
:
6
,
8
:
10
,
42
,
23
,
4
:
5
;
=
;
OK
extensions/libip6t_hl.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
m hl;;FAIL
-m hl
--
hl
-
eq
42
;
=
;
OK
-
m hl ! --hl
-
eq
42
;
=
;
OK
-
m hl --hl
-
lt
42
;
=
;
OK
-
m hl --hl
-
gt
42
;
=
;
OK
-
m hl --hl
-
gt
42
--
hl
-
eq
42
;;
FAIL
-
m hl --hl
-
gt
;;
FAIL
extensions/libip6t_icmp6.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
m icmpv6;;FAIL
-p ip
v6
-
icmp
-
m icmp6 --icmp
v6
-
type
1
/
0
;
=
;
OK
-
p
ipv6
-
icmp
-
m icmp6 --icmp
v6
-
type
2
;
=
;
OK
# cannot use option twice:
-
p
ipv6
-
icmp
-
m icmp6 --icmp
v6
-
type
no
-
route
--
icmpv6
-
type
packet
-
too
-
big
;;
FAIL
extensions/libip6t_ipv6header.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
m ipv6header --header hop-by-hop;=;OK
-m ip
v6header
--
header
hop
-
by
-
hop
--
soft
;
=
;
OK
-
m ipv6header --header ip
v6
-
nonxt
;
=
;
OK
extensions/libip6t_mh.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
m mh;;FAIL
-p mo
bility
-
header
-
m mh;=;OK
-p mo
bility
-
header
-
m mh --m
h
-
type
1
;
=
;
OK
-
p
mobility
-
header
-
m mh ! --m
h
-
type
4
;
=
;
OK
-
p
mobility
-
header
-
m mh --m
h
-
type
4
:
123
;
=
;
OK
extensions/libip6t_rt.t
deleted
100644 → 0
View file @
475b9a99
:
INPUT
,
FORWARD
,
OUTPUT
-
m rt --r
t
-
type
0
--
rt
-
segsleft
1
:
23
--
rt
-
len
42
--
rt
-
0
-
res
;
=
;
OK
-
m rt --r
t
-
type
0
!
--
rt
-
segsleft
1
:
23
!
--
rt
-
len
42
--
rt
-
0
-
res
;
=
;
OK
-
m rt ! --r
t
-
type
1
!
--
rt
-
segsleft
12
:
23
!
--
rt
-
len
42
;
=
;
OK
-
m
rt
;
=
;
OK
extensions/libipt_DNAT.t
deleted
100644 → 0
View file @
475b9a99
:
PREROUTING
*nat
-
j
DNAT
--
to
-
destination
1.1.1.1
;
=
;
OK
-
j
DNAT
--
to
-
destination
1.1.1.1
-
1.1.1.10
;
=
;
OK
-
p
tcp
-
j
DNAT
--
to
-
destination
1.1.1.1
:
1025
-
65535
;
=
;
OK
-
p
tcp
-
j
DNAT
--
to
-
destination
1.1.1.1
-
1.1.1.10
:
1025
-
65535
;
=
;
OK
-
p
tcp
-
j
DNAT
--
to
-
destination
1.1.1.1
-
1.1.1.10
:
1025
-
65536
;;
FAIL
-
j
DNAT
;;
FAIL
Prev
1
2
3
4
5
6
…
8
Next
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment