[iptables] libxt_policy: use bounded strtoui
Patrick McHardy
netfilter-cvslog-bounces at lists.netfilter.org
Mon Feb 23 17:55:55 CET 2009
Gitweb: http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=da68957303dea58632466d79d52f83bcbbca8925
commit da68957303dea58632466d79d52f83bcbbca8925
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Feb 21 04:00:21 2009 +0100
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 04:01:48 2009 +0100
libxt_policy: use bounded strtoui
reqid and SPI can only have a value in the range 0..UINT32_MAX, not
the entire range of the "long" type. Also throw an error if the
incoming string does not look like a pure number.
"Replaces" commit 6db2ded2f22a7e78743c86af523b8430876582e9.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit afe6b357db60c7d70379a27360c10a352bf55203
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Feb 21 03:44:36 2009 +0100
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 03:44:36 2009 +0100
extensions: remove unwanted/add needed includes for IPv4 exts
Most touched files do not use anything from ip_tables.h, so
remove that #include. multiport instead, does need it (ipt_entry).
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2bc9d348e11820567685670147bd58deef2f938f
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Feb 21 03:40:27 2009 +0100
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 03:40:27 2009 +0100
extensions: remove unwanted/add needed includes for IPv6 exts
Most touched files do not use anything from ip6_tables.h, so
remove that #include. multiport instead, does need it (ip6t_entry).
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1829ed482efbc8b390cc760d012b3a4450494e1a
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Feb 21 03:29:44 2009 +0100
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 03:29:44 2009 +0100
libxtables: prefix exit_error to xtables_error
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit bddcb92d1f0f76d21c4469b1667c8199c9fab126
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Sat Feb 21 02:48:11 2009 +0100
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 02:48:11 2009 +0100
libxtables: inline and remove unused OPTION_OFFSET macro
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1791a45b279db742d6de35ea8dc1ad9dda4acb73
Author: Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Fri Feb 20 16:39:54 2009 +0100
Commit: Jan Engelhardt <jengelh at medozas.de>
CommitDate: Sat Feb 21 02:46:22 2009 +0100
doc: resynchronize manpage with in-code help
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
via da68957303dea58632466d79d52f83bcbbca8925 (commit)
via afe6b357db60c7d70379a27360c10a352bf55203 (commit)
via 2bc9d348e11820567685670147bd58deef2f938f (commit)
via 1829ed482efbc8b390cc760d012b3a4450494e1a (commit)
via bddcb92d1f0f76d21c4469b1667c8199c9fab126 (commit)
via 1791a45b279db742d6de35ea8dc1ad9dda4acb73 (commit)
from 6db2ded2f22a7e78743c86af523b8430876582e9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit da68957303dea58632466d79d52f83bcbbca8925
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Feb 21 04:00:21 2009 +0100
libxt_policy: use bounded strtoui
reqid and SPI can only have a value in the range 0..UINT32_MAX, not
the entire range of the "long" type. Also throw an error if the
incoming string does not look like a pure number.
"Replaces" commit 6db2ded2f22a7e78743c86af523b8430876582e9.
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit afe6b357db60c7d70379a27360c10a352bf55203
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Feb 21 03:44:36 2009 +0100
extensions: remove unwanted/add needed includes for IPv4 exts
Most touched files do not use anything from ip_tables.h, so
remove that #include. multiport instead, does need it (ipt_entry).
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 2bc9d348e11820567685670147bd58deef2f938f
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Feb 21 03:40:27 2009 +0100
extensions: remove unwanted/add needed includes for IPv6 exts
Most touched files do not use anything from ip6_tables.h, so
remove that #include. multiport instead, does need it (ip6t_entry).
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1829ed482efbc8b390cc760d012b3a4450494e1a
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Feb 21 03:29:44 2009 +0100
libxtables: prefix exit_error to xtables_error
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit bddcb92d1f0f76d21c4469b1667c8199c9fab126
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Sat Feb 21 02:48:11 2009 +0100
libxtables: inline and remove unused OPTION_OFFSET macro
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
commit 1791a45b279db742d6de35ea8dc1ad9dda4acb73
Author: Jan Engelhardt <jengelh at medozas.de>
Date: Fri Feb 20 16:39:54 2009 +0100
doc: resynchronize manpage with in-code help
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
-----------------------------------------------------------------------
extensions/dscp_helper.c | 4 +-
extensions/libip6t_HL.c | 17 ++++----
extensions/libip6t_LOG.c | 27 ++++++-------
extensions/libip6t_REJECT.c | 5 +-
extensions/libip6t_ah.c | 12 +++---
extensions/libip6t_dst.c | 24 ++++++------
extensions/libip6t_frag.c | 18 ++++----
extensions/libip6t_hbh.c | 24 ++++++------
extensions/libip6t_hl.c | 11 ++---
extensions/libip6t_icmp6.c | 10 ++--
extensions/libip6t_ipv6header.c | 13 +++---
extensions/libip6t_mh.c | 7 +--
extensions/libip6t_policy.c | 65 ++++++++++++++++---------------
extensions/libip6t_rt.c | 32 ++++++++--------
extensions/libipt_CLUSTERIP.c | 39 +++++++++----------
extensions/libipt_DNAT.c | 24 ++++++------
extensions/libipt_ECN.c | 17 ++++----
extensions/libipt_LOG.c | 27 ++++++-------
extensions/libipt_MASQUERADE.c | 10 ++--
extensions/libipt_MIRROR.c | 1 -
extensions/libipt_NETMAP.c | 15 +++----
extensions/libipt_REDIRECT.c | 12 +++---
extensions/libipt_REJECT.c | 5 +-
extensions/libipt_SAME.c | 15 +++----
extensions/libipt_SET.c | 11 ++---
extensions/libipt_SNAT.c | 22 +++++-----
extensions/libipt_TTL.c | 15 +++----
extensions/libipt_ULOG.c | 27 ++++++-------
extensions/libipt_addrtype.c | 23 +++++------
extensions/libipt_ah.c | 8 ++--
extensions/libipt_ecn.c | 11 ++---
extensions/libipt_icmp.c | 8 ++--
extensions/libipt_policy.c | 63 ++++++++++++++++--------------
extensions/libipt_realm.c | 6 +-
extensions/libipt_set.c | 8 ++--
extensions/libipt_set.h | 18 ++++----
extensions/libipt_ttl.c | 15 +++----
extensions/libxt_CLASSIFY.c | 6 +-
extensions/libxt_CONNMARK.c | 20 +++++-----
extensions/libxt_CONNSECMARK.c | 10 ++--
extensions/libxt_DSCP.c | 10 ++--
extensions/libxt_MARK.c | 16 ++++----
extensions/libxt_NFLOG.c | 24 ++++++------
extensions/libxt_NFQUEUE.c | 4 +-
extensions/libxt_RATEEST.c | 20 +++++-----
extensions/libxt_SECMARK.c | 8 ++--
extensions/libxt_TCPMSS.c | 8 ++--
extensions/libxt_TCPOPTSTRIP.c | 10 ++--
extensions/libxt_TOS.c | 4 +-
extensions/libxt_TPROXY.c | 2 +-
extensions/libxt_comment.c | 6 +-
extensions/libxt_connbytes.c | 10 ++--
extensions/libxt_connlimit.c | 10 ++--
extensions/libxt_connmark.c | 4 +-
extensions/libxt_conntrack.c | 54 +++++++++++++-------------
extensions/libxt_dccp.c | 14 +++---
extensions/libxt_dscp.c | 10 ++--
extensions/libxt_esp.c | 10 ++--
extensions/libxt_hashlimit.c | 32 ++++++++--------
extensions/libxt_helper.c | 4 +-
extensions/libxt_iprange.c | 10 ++--
extensions/libxt_length.c | 8 ++--
extensions/libxt_limit.c | 10 ++--
extensions/libxt_mac.c | 6 +-
extensions/libxt_mark.c | 4 +-
extensions/libxt_multiport.c | 28 +++++++------
extensions/libxt_owner.c | 4 +-
extensions/libxt_physdev.c | 4 +-
extensions/libxt_pkttype.c | 4 +-
extensions/libxt_quota.c | 6 +-
extensions/libxt_rateest.c | 44 ++++++++++----------
extensions/libxt_recent.c | 12 +++---
extensions/libxt_sctp.c | 18 ++++----
extensions/libxt_state.c | 8 ++--
extensions/libxt_statistic.c | 32 ++++++++--------
extensions/libxt_string.c | 38 +++++++++---------
extensions/libxt_tcp.c | 18 ++++----
extensions/libxt_tcpmss.c | 6 +-
extensions/libxt_time.c | 36 +++++++++---------
extensions/libxt_tos.c | 4 +-
extensions/libxt_u32.c | 30 +++++++-------
extensions/libxt_udp.c | 6 +-
extensions/tos_values.c | 6 +-
include/xtables.h.in | 3 +-
ip6tables-restore.c | 26 ++++++------
ip6tables-save.c | 8 ++--
ip6tables.8.in | 6 +-
ip6tables.c | 77 +++++++++++++++++++------------------
iptables-restore.c | 26 ++++++------
iptables-save.c | 8 ++--
iptables-xml.c | 16 ++++----
iptables.8.in | 6 +-
iptables.c | 81 ++++++++++++++++++++-------------------
xtables.c | 2 +-
94 files changed, 778 insertions(+), 788 deletions(-)
Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
diff --git a/ip6tables.8.in b/ip6tables.8.in
index 3d19a4c..a31887e 100644
--- a/ip6tables.8.in
+++ b/ip6tables.8.in
@@ -30,16 +30,16 @@ ip6tables - IPv6 packet filter administration
\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-D\fP} \fIchain
rule-specification\fP [\fIoptions...\fP]
.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP [\fIrulenum\fP]
+\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP \fIchain\fP [\fIrulenum\fP]
\fIrule-specification\fP [\fIoptions...\fP]
.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-R\fP \fIrulenum
+\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-R\fP \fIchain rulenum
rule-specification\fP [\fIoptions...\fP]
.PP
\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-D\fP \fIchain rulenum\fP
[\fIoptions...\fP]
.PP
-\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP]
+\fBip6tables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP [\fIrulenum\fP]]
.PP
\fBip6tables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP}
[\fIchain\fP] [\fIoptions...\fP]
diff --git a/ip6tables.c b/ip6tables.c
index 06c0a60..7847ebc 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -240,7 +240,8 @@ exit_printhelp(struct xtables_rule_match *matches)
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
-" %s -[RI] chain rulenum rule-specification [options]\n"
+" %s -I chain [rulenum] rule-specification [options]\n"
+" %s -R chain rulenum rule-specification [options]\n"
" %s -D chain rulenum [options]\n"
" %s -[LS] [chain [rulenum]] [options]\n"
" %s -[FZ] [chain] [options]\n"
@@ -250,7 +251,7 @@ exit_printhelp(struct xtables_rule_match *matches)
" %s -h (print this help information)\n\n",
prog_name, prog_vers, prog_name, prog_name,
prog_name, prog_name, prog_name, prog_name,
- prog_name, prog_name, prog_name);
+ prog_name, prog_name, prog_name, prog_name);
printf(
"Commands:\n"
diff --git a/iptables.8.in b/iptables.8.in
index 2bbd9a7..10dcb73 100644
--- a/iptables.8.in
+++ b/iptables.8.in
@@ -27,13 +27,13 @@ iptables - administration tool for IPv4 packet filtering and NAT
.SH SYNOPSIS
\fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-A\fP|\fB\-D\fP} \fIchain\fP \fIrule-specification\fP
.PP
-\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP [\fIrulenum\fP] \fIrule-specification\fP
+\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-I\fP \fIchain\fP [\fIrulenum\fP] \fIrule-specification\fP
.PP
-\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-R\fP \fIrulenum rule-specification\fP
+\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-R\fP \fIchain rulenum rule-specification\fP
.PP
\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-D\fP \fIchain rulenum\fP
.PP
-\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP]
+\fBiptables\fP [\fB\-t\fP \fItable\fP] \fB\-S\fP [\fIchain\fP [\fIrulenum\fP]]
.PP
\fBiptables\fP [\fB\-t\fP \fItable\fP] {\fB\-F\fP|\fB\-L\fP|\fB\-Z\fP} [\fIchain\fP] [\fIoptions...\fP]
.PP
diff --git a/iptables.c b/iptables.c
index a8e97c7..8448c18 100644
--- a/iptables.c
+++ b/iptables.c
@@ -254,7 +254,8 @@ exit_printhelp(struct xtables_rule_match *matches)
printf("%s v%s\n\n"
"Usage: %s -[AD] chain rule-specification [options]\n"
-" %s -[RI] chain rulenum rule-specification [options]\n"
+" %s -I chain [rulenum] rule-specification [options]\n"
+" %s -R chain rulenum rule-specification [options]\n"
" %s -D chain rulenum [options]\n"
" %s -[LS] [chain [rulenum]] [options]\n"
" %s -[FZ] [chain] [options]\n"
@@ -264,7 +265,7 @@ exit_printhelp(struct xtables_rule_match *matches)
" %s -h (print this help information)\n\n",
prog_name, prog_vers, prog_name, prog_name,
prog_name, prog_name, prog_name, prog_name,
- prog_name, prog_name, prog_name);
+ prog_name, prog_name, prog_name, prog_name);
printf(
"Commands:\n"
More information about the netfilter-cvslog
mailing list