]>
Commit | Line | Data |
---|---|---|
4130fc20 | 1 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter.h linux-2.6.0-test11/include/linux/netfilter.h |
2 | --- linux-2.6.0-test11.org/include/linux/netfilter.h 2003-11-26 21:44:11.000000000 +0100 | |
0c98d228 | 3 | +++ linux-2.6.0-test11/include/linux/netfilter.h 2003-12-11 10:23:17.221319936 +0100 |
4130fc20 | 4 | @@ -23,6 +23,7 @@ |
5 | <= 0x2000 is used for protocol-flags. */ | |
6 | #define NFC_UNKNOWN 0x4000 | |
7 | #define NFC_ALTERED 0x8000 | |
8 | +#define NFC_TRACE 0x10000 | |
9 | ||
10 | #ifdef __KERNEL__ | |
11 | #include <linux/config.h> | |
12 | @@ -99,6 +100,24 @@ | |
13 | ||
14 | extern struct list_head nf_hooks[NPROTO][NF_MAX_HOOKS]; | |
15 | ||
16 | +typedef void nf_logfn(unsigned int hooknum, | |
17 | + const struct sk_buff *skb, | |
18 | + const struct net_device *in, | |
19 | + const struct net_device *out, | |
20 | + const char *prefix); | |
21 | + | |
22 | +/* Function to register/unregister log function. */ | |
23 | +int nf_log_register(int pf, nf_logfn *logfn); | |
24 | +void nf_log_unregister(int pf, nf_logfn *logfn); | |
25 | + | |
26 | +/* Calls the registered backend logging function */ | |
27 | +void nf_log_packet(int pf, | |
28 | + unsigned int hooknum, | |
29 | + const struct sk_buff *skb, | |
30 | + const struct net_device *in, | |
31 | + const struct net_device *out, | |
32 | + const char *fmt, ...); | |
33 | + | |
34 | /* Activate hook; either okfn or kfree_skb called, unless a hook | |
35 | returns NF_STOLEN (in which case, it's up to the hook to deal with | |
36 | the consequences). | |
37 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_helpers.h linux-2.6.0-test11/include/linux/netfilter_helpers.h | |
38 | --- linux-2.6.0-test11.org/include/linux/netfilter_helpers.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 39 | +++ linux-2.6.0-test11/include/linux/netfilter_helpers.h 2003-12-11 10:24:06.854774504 +0100 |
4130fc20 | 40 | @@ -0,0 +1,133 @@ |
41 | +/* | |
42 | + * Helpers for netfiler modules. This file provides implementations for basic | |
43 | + * functions such as strncasecmp(), etc. | |
44 | + * | |
45 | + * gcc will warn for defined but unused functions, so we only include the | |
46 | + * functions requested. The following macros are used: | |
47 | + * NF_NEED_STRNCASECMP nf_strncasecmp() | |
48 | + * NF_NEED_STRTOU16 nf_strtou16() | |
49 | + * NF_NEED_STRTOU32 nf_strtou32() | |
50 | + */ | |
51 | +#ifndef _NETFILTER_HELPERS_H | |
52 | +#define _NETFILTER_HELPERS_H | |
53 | + | |
54 | +/* Only include these functions for kernel code. */ | |
55 | +#ifdef __KERNEL__ | |
56 | + | |
57 | +#include <linux/ctype.h> | |
58 | +#define iseol(c) ( (c) == '\r' || (c) == '\n' ) | |
59 | + | |
60 | +/* | |
61 | + * The standard strncasecmp() | |
62 | + */ | |
63 | +#ifdef NF_NEED_STRNCASECMP | |
64 | +static int | |
65 | +nf_strncasecmp(const char* s1, const char* s2, u_int32_t len) | |
66 | +{ | |
67 | + if (s1 == NULL || s2 == NULL) | |
68 | + { | |
69 | + if (s1 == NULL && s2 == NULL) | |
70 | + { | |
71 | + return 0; | |
72 | + } | |
73 | + return (s1 == NULL) ? -1 : 1; | |
74 | + } | |
75 | + while (len > 0 && tolower(*s1) == tolower(*s2)) | |
76 | + { | |
77 | + len--; | |
78 | + s1++; | |
79 | + s2++; | |
80 | + } | |
81 | + return ( (len == 0) ? 0 : (tolower(*s1) - tolower(*s2)) ); | |
82 | +} | |
83 | +#endif /* NF_NEED_STRNCASECMP */ | |
84 | + | |
85 | +/* | |
86 | + * Parse a string containing a 16-bit unsigned integer. | |
87 | + * Returns the number of chars used, or zero if no number is found. | |
88 | + */ | |
89 | +#ifdef NF_NEED_STRTOU16 | |
90 | +static int | |
91 | +nf_strtou16(const char* pbuf, u_int16_t* pval) | |
92 | +{ | |
93 | + int n = 0; | |
94 | + | |
95 | + *pval = 0; | |
96 | + while (isdigit(pbuf[n])) | |
97 | + { | |
98 | + *pval = (*pval * 10) + (pbuf[n] - '0'); | |
99 | + n++; | |
100 | + } | |
101 | + | |
102 | + return n; | |
103 | +} | |
104 | +#endif /* NF_NEED_STRTOU16 */ | |
105 | + | |
106 | +/* | |
107 | + * Parse a string containing a 32-bit unsigned integer. | |
108 | + * Returns the number of chars used, or zero if no number is found. | |
109 | + */ | |
110 | +#ifdef NF_NEED_STRTOU32 | |
111 | +static int | |
112 | +nf_strtou32(const char* pbuf, u_int32_t* pval) | |
113 | +{ | |
114 | + int n = 0; | |
115 | + | |
116 | + *pval = 0; | |
117 | + while (pbuf[n] >= '0' && pbuf[n] <= '9') | |
118 | + { | |
119 | + *pval = (*pval * 10) + (pbuf[n] - '0'); | |
120 | + n++; | |
121 | + } | |
122 | + | |
123 | + return n; | |
124 | +} | |
125 | +#endif /* NF_NEED_STRTOU32 */ | |
126 | + | |
127 | +/* | |
128 | + * Given a buffer and length, advance to the next line and mark the current | |
129 | + * line. | |
130 | + */ | |
131 | +#ifdef NF_NEED_NEXTLINE | |
132 | +static int | |
133 | +nf_nextline(char* p, uint len, uint* poff, uint* plineoff, uint* plinelen) | |
134 | +{ | |
135 | + uint off = *poff; | |
136 | + uint physlen = 0; | |
137 | + | |
138 | + if (off >= len) | |
139 | + { | |
140 | + return 0; | |
141 | + } | |
142 | + | |
143 | + while (p[off] != '\n') | |
144 | + { | |
145 | + if (len-off <= 1) | |
146 | + { | |
147 | + return 0; | |
148 | + } | |
149 | + | |
150 | + physlen++; | |
151 | + off++; | |
152 | + } | |
153 | + | |
154 | + /* if we saw a crlf, physlen needs adjusted */ | |
155 | + if (physlen > 0 && p[off] == '\n' && p[off-1] == '\r') | |
156 | + { | |
157 | + physlen--; | |
158 | + } | |
159 | + | |
160 | + /* advance past the newline */ | |
161 | + off++; | |
162 | + | |
163 | + *plineoff = *poff; | |
164 | + *plinelen = physlen; | |
165 | + *poff = off; | |
166 | + | |
167 | + return 1; | |
168 | +} | |
169 | +#endif /* NF_NEED_NEXTLINE */ | |
170 | + | |
171 | +#endif /* __KERNEL__ */ | |
172 | + | |
173 | +#endif /* _NETFILTER_HELPERS_H */ | |
174 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_cuseeme.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_cuseeme.h | |
175 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_cuseeme.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 176 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_cuseeme.h 2003-12-11 10:23:48.969493480 +0100 |
4130fc20 | 177 | @@ -0,0 +1,70 @@ |
178 | +#ifndef _IP_CT_CUSEEME | |
179 | +#define _IP_CT_CUSEEME | |
180 | + | |
181 | +#define CUSEEME_PORT 7648 | |
182 | + | |
183 | +/* These structs come from the 2.2 ip_masq_cuseeme code... */ | |
184 | + | |
185 | +#pragma pack(1) | |
186 | +/* CuSeeMe data header */ | |
187 | +struct cu_header { | |
188 | + u_int16_t dest_family; | |
189 | + u_int16_t dest_port; | |
190 | + u_int32_t dest_addr; | |
191 | + int16_t family; | |
192 | + u_int16_t port; | |
193 | + u_int32_t addr; | |
194 | + u_int32_t seq; | |
195 | + u_int16_t msg; | |
196 | + u_int16_t data_type; | |
197 | + /* possible values: | |
198 | + * 1 small video | |
199 | + * 2 big video | |
200 | + * 3 audio | |
201 | + * 100 acknowledge connectivity when there | |
202 | + * is nothing else to send | |
203 | + * 101 OpenContinue packet | |
204 | + * 104 display a text message and | |
205 | + * disconnect (used by reflector to | |
206 | + * kick clients off) | |
207 | + * 105 display a text message (welcome | |
208 | + * message from reflector) | |
209 | + * 106 exchanged among reflectors for | |
210 | + * reflector interoperation | |
211 | + * 107 carry aux stream data when there is | |
212 | + * no video to piggy-back on | |
213 | + * 108 obsolete (used in Mac alpha version) | |
214 | + * 109 obsolete (used in Mac alpha version) | |
215 | + * 110 used for data rate control | |
216 | + * 111 used for data rate control | |
217 | + * 256 aux data control messages | |
218 | + * 257 aux data packets | |
219 | + * */ | |
220 | + u_int16_t packet_len; | |
221 | +}; | |
222 | + | |
223 | +/* Open Continue Header */ | |
224 | +struct oc_header { | |
225 | + struct cu_header cu_head; | |
226 | + u_int16_t client_count; /* Number of client info structs */ | |
227 | + u_int32_t seq_no; | |
228 | + char user_name[20]; | |
229 | + char stuff[4]; /* Flags, version stuff, etc */ | |
230 | +}; | |
231 | + | |
232 | +/* Client info structures */ | |
233 | +struct client_info { | |
234 | + u_int32_t address; /* Client address */ | |
235 | + char stuff[8]; /* Flags, pruning bitfield, packet counts, etc */ | |
236 | +}; | |
237 | +#pragma pack() | |
238 | + | |
239 | +/* This structure is per expected connection */ | |
240 | +struct ip_ct_cuseeme_expect { | |
241 | +}; | |
242 | + | |
243 | +/* This structure exists only once per master */ | |
244 | +struct ip_ct_cuseeme_master { | |
245 | +}; | |
246 | + | |
247 | +#endif /* _IP_CT_CUSEEME */ | |
248 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack.h | |
249 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack.h 2003-11-26 21:45:37.000000000 +0100 | |
0c98d228 | 250 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack.h 2003-12-11 10:24:15.984386592 +0100 |
251 | @@ -51,19 +51,29 @@ | |
4130fc20 | 252 | |
253 | #include <linux/netfilter_ipv4/ip_conntrack_tcp.h> | |
254 | #include <linux/netfilter_ipv4/ip_conntrack_icmp.h> | |
255 | +#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h> | |
256 | ||
257 | /* per conntrack: protocol private data */ | |
258 | union ip_conntrack_proto { | |
259 | /* insert conntrack proto private data here */ | |
4130fc20 | 260 | + struct ip_ct_gre gre; |
261 | struct ip_ct_tcp tcp; | |
262 | struct ip_ct_icmp icmp; | |
263 | }; | |
0c98d228 | 264 | |
265 | union ip_conntrack_expect_proto { | |
266 | /* insert expect proto private data here */ | |
267 | + struct ip_ct_gre_expect gre; | |
4130fc20 | 268 | }; |
269 | ||
270 | /* Add protocol helper include file here */ | |
4130fc20 | 271 | +#include <linux/netfilter_ipv4/ip_conntrack_talk.h> |
272 | +#include <linux/netfilter_ipv4/ip_conntrack_rtsp.h> | |
273 | +#include <linux/netfilter_ipv4/ip_conntrack_rsh.h> | |
0c98d228 | 274 | +#include <linux/netfilter_ipv4/ip_conntrack_pptp.h> |
4130fc20 | 275 | +#include <linux/netfilter_ipv4/ip_conntrack_mms.h> |
276 | +#include <linux/netfilter_ipv4/ip_conntrack_h323.h> | |
277 | + | |
278 | #include <linux/netfilter_ipv4/ip_conntrack_amanda.h> | |
279 | #include <linux/netfilter_ipv4/ip_conntrack_ftp.h> | |
280 | #include <linux/netfilter_ipv4/ip_conntrack_irc.h> | |
281 | @@ -71,6 +81,13 @@ | |
282 | /* per expectation: application helper private data */ | |
283 | union ip_conntrack_expect_help { | |
284 | /* insert conntrack helper private data (expect) here */ | |
4130fc20 | 285 | + struct ip_ct_talk_expect exp_talk_info; |
286 | + struct ip_ct_rtsp_master ct_rtsp_info; | |
287 | + struct ip_ct_rtsp_expect exp_rtsp_info; | |
288 | + struct ip_ct_rsh_expect exp_rsh_info; | |
0c98d228 | 289 | + struct ip_ct_pptp_expect exp_pptp_info; |
4130fc20 | 290 | + struct ip_ct_mms_expect exp_mms_info; |
291 | + struct ip_ct_h225_expect exp_h225_info; | |
292 | struct ip_ct_amanda_expect exp_amanda_info; | |
293 | struct ip_ct_ftp_expect exp_ftp_info; | |
294 | struct ip_ct_irc_expect exp_irc_info; | |
295 | @@ -85,16 +102,23 @@ | |
296 | /* per conntrack: application helper private data */ | |
297 | union ip_conntrack_help { | |
298 | /* insert conntrack helper private data (master) here */ | |
4130fc20 | 299 | + struct ip_ct_talk_master ct_talk_info; |
300 | + struct ip_ct_rsh_master ct_rsh_info; | |
0c98d228 | 301 | + struct ip_ct_pptp_master ct_pptp_info; |
4130fc20 | 302 | + struct ip_ct_mms_master ct_mms_info; |
303 | + struct ip_ct_h225_master ct_h225_info; | |
304 | struct ip_ct_ftp_master ct_ftp_info; | |
305 | struct ip_ct_irc_master ct_irc_info; | |
306 | }; | |
307 | ||
308 | #ifdef CONFIG_IP_NF_NAT_NEEDED | |
309 | #include <linux/netfilter_ipv4/ip_nat.h> | |
310 | +#include <linux/netfilter_ipv4/ip_nat_pptp.h> | |
311 | ||
312 | /* per conntrack: nat application helper private data */ | |
313 | union ip_conntrack_nat_help { | |
314 | /* insert nat helper private data here */ | |
315 | + struct ip_nat_pptp nat_pptp_info; | |
316 | }; | |
317 | #endif | |
318 | ||
319 | @@ -206,6 +230,9 @@ | |
320 | } nat; | |
321 | #endif /* CONFIG_IP_NF_NAT_NEEDED */ | |
322 | ||
323 | +#if defined(CONFIG_IP_NF_CONNTRACK_MARK) | |
324 | + unsigned long mark; | |
325 | +#endif | |
326 | }; | |
327 | ||
328 | /* get master conntrack via master expectation */ | |
329 | @@ -247,6 +274,9 @@ | |
330 | extern void ip_ct_refresh(struct ip_conntrack *ct, | |
331 | unsigned long extra_jiffies); | |
332 | ||
333 | +/* Kill conntrack */ | |
334 | +extern void ip_ct_death_by_timeout(unsigned long ul_conntrack); | |
335 | + | |
336 | /* These are for NAT. Icky. */ | |
337 | /* Call me when a conntrack is destroyed. */ | |
338 | extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack); | |
339 | @@ -268,6 +298,9 @@ | |
340 | ||
341 | extern unsigned int ip_conntrack_htable_size; | |
342 | ||
343 | +/* A fake conntrack entry which never vanishes. */ | |
344 | +extern struct ip_conntrack ip_conntrack_untracked; | |
345 | + | |
346 | /* eg. PROVIDES_CONNTRACK(ftp); */ | |
347 | #define PROVIDES_CONNTRACK(name) \ | |
348 | int needs_ip_conntrack_##name; \ | |
349 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_h323.h | |
350 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 351 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2003-12-11 10:23:51.334134000 +0100 |
4130fc20 | 352 | @@ -0,0 +1,30 @@ |
353 | +#ifndef _IP_CONNTRACK_H323_H | |
354 | +#define _IP_CONNTRACK_H323_H | |
355 | +/* H.323 connection tracking. */ | |
356 | + | |
357 | +#ifdef __KERNEL__ | |
358 | +/* Protects H.323 related data */ | |
359 | +DECLARE_LOCK_EXTERN(ip_h323_lock); | |
360 | +#endif | |
361 | + | |
362 | +/* Default H.225 port */ | |
363 | +#define H225_PORT 1720 | |
364 | + | |
365 | +/* This structure is per expected connection */ | |
366 | +struct ip_ct_h225_expect { | |
367 | + u_int16_t port; /* Port of the H.225 helper/RTCP/RTP channel */ | |
368 | + enum ip_conntrack_dir dir; /* Direction of the original connection */ | |
369 | + unsigned int offset; /* offset of the address in the payload */ | |
370 | +}; | |
371 | + | |
372 | +/* This structure exists only once per master */ | |
373 | +struct ip_ct_h225_master { | |
374 | + int is_h225; /* H.225 or H.245 connection */ | |
375 | +#ifdef CONFIG_IP_NF_NAT_NEEDED | |
376 | + enum ip_conntrack_dir dir; /* Direction of the original connection */ | |
377 | + u_int32_t seq[IP_CT_DIR_MAX]; /* Exceptional packet mangling for signal addressess... */ | |
378 | + unsigned int offset[IP_CT_DIR_MAX]; /* ...and the offset of the addresses in the payload */ | |
379 | +#endif | |
380 | +}; | |
381 | + | |
382 | +#endif /* _IP_CONNTRACK_H323_H */ | |
383 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_mms.h | |
384 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 385 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2003-12-11 10:23:55.932434952 +0100 |
4130fc20 | 386 | @@ -0,0 +1,31 @@ |
387 | +#ifndef _IP_CONNTRACK_MMS_H | |
388 | +#define _IP_CONNTRACK_MMS_H | |
389 | +/* MMS tracking. */ | |
390 | + | |
391 | +#ifdef __KERNEL__ | |
392 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
393 | + | |
394 | +DECLARE_LOCK_EXTERN(ip_mms_lock); | |
395 | + | |
396 | +#define MMS_PORT 1755 | |
397 | +#define MMS_SRV_MSG_ID 196610 | |
398 | + | |
399 | +#define MMS_SRV_MSG_OFFSET 36 | |
400 | +#define MMS_SRV_UNICODE_STRING_OFFSET 60 | |
401 | +#define MMS_SRV_CHUNKLENLV_OFFSET 16 | |
402 | +#define MMS_SRV_CHUNKLENLM_OFFSET 32 | |
403 | +#define MMS_SRV_MESSAGELENGTH_OFFSET 8 | |
404 | +#endif | |
405 | + | |
406 | +/* This structure is per expected connection */ | |
407 | +struct ip_ct_mms_expect { | |
408 | + u_int32_t len; | |
409 | + u_int32_t padding; | |
410 | + u_int16_t port; | |
411 | +}; | |
412 | + | |
413 | +/* This structure exists only once per master */ | |
414 | +struct ip_ct_mms_master { | |
415 | +}; | |
416 | + | |
417 | +#endif /* _IP_CONNTRACK_MMS_H */ | |
418 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_pptp.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_pptp.h | |
419 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_pptp.h 1970-01-01 01:00:00.000000000 +0100 | |
420 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_pptp.h 2003-11-17 09:09:34.000000000 +0100 | |
421 | @@ -0,0 +1,313 @@ | |
422 | +/* PPTP constants and structs */ | |
423 | +#ifndef _CONNTRACK_PPTP_H | |
424 | +#define _CONNTRACK_PPTP_H | |
425 | + | |
426 | +/* state of the control session */ | |
427 | +enum pptp_ctrlsess_state { | |
428 | + PPTP_SESSION_NONE, /* no session present */ | |
429 | + PPTP_SESSION_ERROR, /* some session error */ | |
430 | + PPTP_SESSION_STOPREQ, /* stop_sess request seen */ | |
431 | + PPTP_SESSION_REQUESTED, /* start_sess request seen */ | |
432 | + PPTP_SESSION_CONFIRMED, /* session established */ | |
433 | +}; | |
434 | + | |
435 | +/* state of the call inside the control session */ | |
436 | +enum pptp_ctrlcall_state { | |
437 | + PPTP_CALL_NONE, | |
438 | + PPTP_CALL_ERROR, | |
439 | + PPTP_CALL_OUT_REQ, | |
440 | + PPTP_CALL_OUT_CONF, | |
441 | + PPTP_CALL_IN_REQ, | |
442 | + PPTP_CALL_IN_REP, | |
443 | + PPTP_CALL_IN_CONF, | |
444 | + PPTP_CALL_CLEAR_REQ, | |
445 | +}; | |
446 | + | |
447 | + | |
448 | +/* conntrack private data */ | |
449 | +struct ip_ct_pptp_master { | |
450 | + enum pptp_ctrlsess_state sstate; /* session state */ | |
451 | + | |
452 | + /* everything below is going to be per-expectation in newnat, | |
453 | + * since there could be more than one call within one session */ | |
454 | + enum pptp_ctrlcall_state cstate; /* call state */ | |
455 | + u_int16_t pac_call_id; /* call id of PAC, host byte order */ | |
456 | + u_int16_t pns_call_id; /* call id of PNS, host byte order */ | |
457 | +}; | |
458 | + | |
459 | +/* conntrack_expect private member */ | |
460 | +struct ip_ct_pptp_expect { | |
461 | + enum pptp_ctrlcall_state cstate; /* call state */ | |
462 | + u_int16_t pac_call_id; /* call id of PAC */ | |
463 | + u_int16_t pns_call_id; /* call id of PNS */ | |
464 | +}; | |
465 | + | |
466 | + | |
467 | +#ifdef __KERNEL__ | |
468 | + | |
469 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
470 | +DECLARE_LOCK_EXTERN(ip_pptp_lock); | |
471 | + | |
472 | +#define IP_CONNTR_PPTP PPTP_CONTROL_PORT | |
473 | + | |
474 | +union pptp_ctrl_union { | |
475 | + void *rawreq; | |
476 | + struct PptpStartSessionRequest *sreq; | |
477 | + struct PptpStartSessionReply *srep; | |
478 | + struct PptpStopSessionReqest *streq; | |
479 | + struct PptpStopSessionReply *strep; | |
480 | + struct PptpOutCallRequest *ocreq; | |
481 | + struct PptpOutCallReply *ocack; | |
482 | + struct PptpInCallRequest *icreq; | |
483 | + struct PptpInCallReply *icack; | |
484 | + struct PptpInCallConnected *iccon; | |
485 | + struct PptpClearCallRequest *clrreq; | |
486 | + struct PptpCallDisconnectNotify *disc; | |
487 | + struct PptpWanErrorNotify *wanerr; | |
488 | + struct PptpSetLinkInfo *setlink; | |
489 | +}; | |
490 | + | |
491 | + | |
492 | + | |
493 | +#define PPTP_CONTROL_PORT 1723 | |
494 | + | |
495 | +#define PPTP_PACKET_CONTROL 1 | |
496 | +#define PPTP_PACKET_MGMT 2 | |
497 | + | |
498 | +#define PPTP_MAGIC_COOKIE 0x1a2b3c4d | |
499 | + | |
500 | +struct pptp_pkt_hdr { | |
501 | + __u16 packetLength; | |
502 | + __u16 packetType; | |
503 | + __u32 magicCookie; | |
504 | +}; | |
505 | + | |
506 | +/* PptpControlMessageType values */ | |
507 | +#define PPTP_START_SESSION_REQUEST 1 | |
508 | +#define PPTP_START_SESSION_REPLY 2 | |
509 | +#define PPTP_STOP_SESSION_REQUEST 3 | |
510 | +#define PPTP_STOP_SESSION_REPLY 4 | |
511 | +#define PPTP_ECHO_REQUEST 5 | |
512 | +#define PPTP_ECHO_REPLY 6 | |
513 | +#define PPTP_OUT_CALL_REQUEST 7 | |
514 | +#define PPTP_OUT_CALL_REPLY 8 | |
515 | +#define PPTP_IN_CALL_REQUEST 9 | |
516 | +#define PPTP_IN_CALL_REPLY 10 | |
517 | +#define PPTP_IN_CALL_CONNECT 11 | |
518 | +#define PPTP_CALL_CLEAR_REQUEST 12 | |
519 | +#define PPTP_CALL_DISCONNECT_NOTIFY 13 | |
520 | +#define PPTP_WAN_ERROR_NOTIFY 14 | |
521 | +#define PPTP_SET_LINK_INFO 15 | |
522 | + | |
523 | +#define PPTP_MSG_MAX 15 | |
524 | + | |
525 | +/* PptpGeneralError values */ | |
526 | +#define PPTP_ERROR_CODE_NONE 0 | |
527 | +#define PPTP_NOT_CONNECTED 1 | |
528 | +#define PPTP_BAD_FORMAT 2 | |
529 | +#define PPTP_BAD_VALUE 3 | |
530 | +#define PPTP_NO_RESOURCE 4 | |
531 | +#define PPTP_BAD_CALLID 5 | |
532 | +#define PPTP_REMOVE_DEVICE_ERROR 6 | |
533 | + | |
534 | +struct PptpControlHeader { | |
535 | + __u16 messageType; | |
536 | + __u16 reserved; | |
537 | +}; | |
538 | + | |
539 | +/* FramingCapability Bitmap Values */ | |
540 | +#define PPTP_FRAME_CAP_ASYNC 0x1 | |
541 | +#define PPTP_FRAME_CAP_SYNC 0x2 | |
542 | + | |
543 | +/* BearerCapability Bitmap Values */ | |
544 | +#define PPTP_BEARER_CAP_ANALOG 0x1 | |
545 | +#define PPTP_BEARER_CAP_DIGITAL 0x2 | |
546 | + | |
547 | +struct PptpStartSessionRequest { | |
548 | + __u16 protocolVersion; | |
549 | + __u8 reserved1; | |
550 | + __u8 reserved2; | |
551 | + __u32 framingCapability; | |
552 | + __u32 bearerCapability; | |
553 | + __u16 maxChannels; | |
554 | + __u16 firmwareRevision; | |
555 | + __u8 hostName[64]; | |
556 | + __u8 vendorString[64]; | |
557 | +}; | |
558 | + | |
559 | +/* PptpStartSessionResultCode Values */ | |
560 | +#define PPTP_START_OK 1 | |
561 | +#define PPTP_START_GENERAL_ERROR 2 | |
562 | +#define PPTP_START_ALREADY_CONNECTED 3 | |
563 | +#define PPTP_START_NOT_AUTHORIZED 4 | |
564 | +#define PPTP_START_UNKNOWN_PROTOCOL 5 | |
565 | + | |
566 | +struct PptpStartSessionReply { | |
567 | + __u16 protocolVersion; | |
568 | + __u8 resultCode; | |
569 | + __u8 generalErrorCode; | |
570 | + __u32 framingCapability; | |
571 | + __u32 bearerCapability; | |
572 | + __u16 maxChannels; | |
573 | + __u16 firmwareRevision; | |
574 | + __u8 hostName[64]; | |
575 | + __u8 vendorString[64]; | |
576 | +}; | |
577 | + | |
578 | +/* PptpStopReasons */ | |
579 | +#define PPTP_STOP_NONE 1 | |
580 | +#define PPTP_STOP_PROTOCOL 2 | |
581 | +#define PPTP_STOP_LOCAL_SHUTDOWN 3 | |
582 | + | |
583 | +struct PptpStopSessionRequest { | |
584 | + __u8 reason; | |
585 | +}; | |
586 | + | |
587 | +/* PptpStopSessionResultCode */ | |
588 | +#define PPTP_STOP_OK 1 | |
589 | +#define PPTP_STOP_GENERAL_ERROR 2 | |
590 | + | |
591 | +struct PptpStopSessionReply { | |
592 | + __u8 resultCode; | |
593 | + __u8 generalErrorCode; | |
594 | +}; | |
595 | + | |
596 | +struct PptpEchoRequest { | |
597 | + __u32 identNumber; | |
598 | +}; | |
599 | + | |
600 | +/* PptpEchoReplyResultCode */ | |
601 | +#define PPTP_ECHO_OK 1 | |
602 | +#define PPTP_ECHO_GENERAL_ERROR 2 | |
603 | + | |
604 | +struct PptpEchoReply { | |
605 | + __u32 identNumber; | |
606 | + __u8 resultCode; | |
607 | + __u8 generalErrorCode; | |
608 | + __u16 reserved; | |
609 | +}; | |
610 | + | |
611 | +/* PptpFramingType */ | |
612 | +#define PPTP_ASYNC_FRAMING 1 | |
613 | +#define PPTP_SYNC_FRAMING 2 | |
614 | +#define PPTP_DONT_CARE_FRAMING 3 | |
615 | + | |
616 | +/* PptpCallBearerType */ | |
617 | +#define PPTP_ANALOG_TYPE 1 | |
618 | +#define PPTP_DIGITAL_TYPE 2 | |
619 | +#define PPTP_DONT_CARE_BEARER_TYPE 3 | |
620 | + | |
621 | +struct PptpOutCallRequest { | |
622 | + __u16 callID; | |
623 | + __u16 callSerialNumber; | |
624 | + __u32 minBPS; | |
625 | + __u32 maxBPS; | |
626 | + __u32 bearerType; | |
627 | + __u32 framingType; | |
628 | + __u16 packetWindow; | |
629 | + __u16 packetProcDelay; | |
630 | + __u16 reserved1; | |
631 | + __u16 phoneNumberLength; | |
632 | + __u16 reserved2; | |
633 | + __u8 phoneNumber[64]; | |
634 | + __u8 subAddress[64]; | |
635 | +}; | |
636 | + | |
637 | +/* PptpCallResultCode */ | |
638 | +#define PPTP_OUTCALL_CONNECT 1 | |
639 | +#define PPTP_OUTCALL_GENERAL_ERROR 2 | |
640 | +#define PPTP_OUTCALL_NO_CARRIER 3 | |
641 | +#define PPTP_OUTCALL_BUSY 4 | |
642 | +#define PPTP_OUTCALL_NO_DIAL_TONE 5 | |
643 | +#define PPTP_OUTCALL_TIMEOUT 6 | |
644 | +#define PPTP_OUTCALL_DONT_ACCEPT 7 | |
645 | + | |
646 | +struct PptpOutCallReply { | |
647 | + __u16 callID; | |
648 | + __u16 peersCallID; | |
649 | + __u8 resultCode; | |
650 | + __u8 generalErrorCode; | |
651 | + __u16 causeCode; | |
652 | + __u32 connectSpeed; | |
653 | + __u16 packetWindow; | |
654 | + __u16 packetProcDelay; | |
655 | + __u32 physChannelID; | |
656 | +}; | |
657 | + | |
658 | +struct PptpInCallRequest { | |
659 | + __u16 callID; | |
660 | + __u16 callSerialNumber; | |
661 | + __u32 callBearerType; | |
662 | + __u32 physChannelID; | |
663 | + __u16 dialedNumberLength; | |
664 | + __u16 dialingNumberLength; | |
665 | + __u8 dialedNumber[64]; | |
666 | + __u8 dialingNumber[64]; | |
667 | + __u8 subAddress[64]; | |
668 | +}; | |
669 | + | |
670 | +/* PptpInCallResultCode */ | |
671 | +#define PPTP_INCALL_ACCEPT 1 | |
672 | +#define PPTP_INCALL_GENERAL_ERROR 2 | |
673 | +#define PPTP_INCALL_DONT_ACCEPT 3 | |
674 | + | |
675 | +struct PptpInCallReply { | |
676 | + __u16 callID; | |
677 | + __u16 peersCallID; | |
678 | + __u8 resultCode; | |
679 | + __u8 generalErrorCode; | |
680 | + __u16 packetWindow; | |
681 | + __u16 packetProcDelay; | |
682 | + __u16 reserved; | |
683 | +}; | |
684 | + | |
685 | +struct PptpInCallConnected { | |
686 | + __u16 peersCallID; | |
687 | + __u16 reserved; | |
688 | + __u32 connectSpeed; | |
689 | + __u16 packetWindow; | |
690 | + __u16 packetProcDelay; | |
691 | + __u32 callFramingType; | |
692 | +}; | |
693 | + | |
694 | +struct PptpClearCallRequest { | |
695 | + __u16 callID; | |
696 | + __u16 reserved; | |
697 | +}; | |
698 | + | |
699 | +struct PptpCallDisconnectNotify { | |
700 | + __u16 callID; | |
701 | + __u8 resultCode; | |
702 | + __u8 generalErrorCode; | |
703 | + __u16 causeCode; | |
704 | + __u16 reserved; | |
705 | + __u8 callStatistics[128]; | |
706 | +}; | |
707 | + | |
708 | +struct PptpWanErrorNotify { | |
709 | + __u16 peersCallID; | |
710 | + __u16 reserved; | |
711 | + __u32 crcErrors; | |
712 | + __u32 framingErrors; | |
713 | + __u32 hardwareOverRuns; | |
714 | + __u32 bufferOverRuns; | |
715 | + __u32 timeoutErrors; | |
716 | + __u32 alignmentErrors; | |
717 | +}; | |
718 | + | |
719 | +struct PptpSetLinkInfo { | |
720 | + __u16 peersCallID; | |
721 | + __u16 reserved; | |
722 | + __u32 sendAccm; | |
723 | + __u32 recvAccm; | |
724 | +}; | |
725 | + | |
726 | + | |
727 | +struct pptp_priv_data { | |
728 | + __u16 call_id; | |
729 | + __u16 mcall_id; | |
730 | + __u16 pcall_id; | |
731 | +}; | |
732 | + | |
733 | +#endif /* __KERNEL__ */ | |
734 | +#endif /* _CONNTRACK_PPTP_H */ | |
735 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h | |
736 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h 1970-01-01 01:00:00.000000000 +0100 | |
737 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h 2003-11-17 09:09:34.000000000 +0100 | |
738 | @@ -0,0 +1,123 @@ | |
739 | +#ifndef _CONNTRACK_PROTO_GRE_H | |
740 | +#define _CONNTRACK_PROTO_GRE_H | |
741 | +#include <asm/byteorder.h> | |
742 | + | |
743 | +/* GRE PROTOCOL HEADER */ | |
744 | + | |
745 | +/* GRE Version field */ | |
746 | +#define GRE_VERSION_1701 0x0 | |
747 | +#define GRE_VERSION_PPTP 0x1 | |
748 | + | |
749 | +/* GRE Protocol field */ | |
750 | +#define GRE_PROTOCOL_PPTP 0x880B | |
751 | + | |
752 | +/* GRE Flags */ | |
753 | +#define GRE_FLAG_C 0x80 | |
754 | +#define GRE_FLAG_R 0x40 | |
755 | +#define GRE_FLAG_K 0x20 | |
756 | +#define GRE_FLAG_S 0x10 | |
757 | +#define GRE_FLAG_A 0x80 | |
758 | + | |
759 | +#define GRE_IS_C(f) ((f)&GRE_FLAG_C) | |
760 | +#define GRE_IS_R(f) ((f)&GRE_FLAG_R) | |
761 | +#define GRE_IS_K(f) ((f)&GRE_FLAG_K) | |
762 | +#define GRE_IS_S(f) ((f)&GRE_FLAG_S) | |
763 | +#define GRE_IS_A(f) ((f)&GRE_FLAG_A) | |
764 | + | |
765 | +/* GRE is a mess: Four different standards */ | |
766 | +struct gre_hdr { | |
767 | +#if defined(__LITTLE_ENDIAN_BITFIELD) | |
768 | + __u16 rec:3, | |
769 | + srr:1, | |
770 | + seq:1, | |
771 | + key:1, | |
772 | + routing:1, | |
773 | + csum:1, | |
774 | + version:3, | |
775 | + reserved:4, | |
776 | + ack:1; | |
777 | +#elif defined(__BIG_ENDIAN_BITFIELD) | |
778 | + __u16 csum:1, | |
779 | + routing:1, | |
780 | + key:1, | |
781 | + seq:1, | |
782 | + srr:1, | |
783 | + rec:3, | |
784 | + ack:1, | |
785 | + reserved:4, | |
786 | + version:3; | |
787 | +#else | |
788 | +#error "Adjust your <asm/byteorder.h> defines" | |
789 | +#endif | |
790 | + __u16 protocol; | |
791 | +}; | |
792 | + | |
793 | +/* modified GRE header for PPTP */ | |
794 | +struct gre_hdr_pptp { | |
795 | + __u8 flags; /* bitfield */ | |
796 | + __u8 version; /* should be GRE_VERSION_PPTP */ | |
797 | + __u16 protocol; /* should be GRE_PROTOCOL_PPTP */ | |
798 | + __u16 payload_len; /* size of ppp payload, not inc. gre header */ | |
799 | + __u16 call_id; /* peer's call_id for this session */ | |
800 | + __u32 seq; /* sequence number. Present if S==1 */ | |
801 | + __u32 ack; /* seq number of highest packet recieved by */ | |
802 | + /* sender in this session */ | |
803 | +}; | |
804 | + | |
805 | + | |
806 | +/* this is part of ip_conntrack */ | |
807 | +struct ip_ct_gre { | |
808 | + unsigned int stream_timeout; | |
809 | + unsigned int timeout; | |
810 | +}; | |
811 | + | |
812 | +/* this is part of ip_conntrack_expect */ | |
813 | +struct ip_ct_gre_expect { | |
814 | + struct ip_ct_gre_keymap *keymap_orig, *keymap_reply; | |
815 | +}; | |
816 | + | |
817 | +#ifdef __KERNEL__ | |
818 | +struct ip_conntrack_expect; | |
819 | + | |
820 | +/* structure for original <-> reply keymap */ | |
821 | +struct ip_ct_gre_keymap { | |
822 | + struct list_head list; | |
823 | + | |
824 | + struct ip_conntrack_tuple tuple; | |
825 | +}; | |
826 | + | |
827 | + | |
828 | +/* add new tuple->key_reply pair to keymap */ | |
829 | +int ip_ct_gre_keymap_add(struct ip_conntrack_expect *exp, | |
830 | + struct ip_conntrack_tuple *t, | |
831 | + int reply); | |
832 | + | |
833 | +/* change an existing keymap entry */ | |
834 | +void ip_ct_gre_keymap_change(struct ip_ct_gre_keymap *km, | |
835 | + struct ip_conntrack_tuple *t); | |
836 | + | |
837 | +/* delete keymap entries */ | |
838 | +void ip_ct_gre_keymap_destroy(struct ip_conntrack_expect *exp); | |
839 | + | |
840 | + | |
841 | +/* get pointer to gre key, if present */ | |
842 | +static inline u_int32_t *gre_key(struct gre_hdr *greh) | |
843 | +{ | |
844 | + if (!greh->key) | |
845 | + return NULL; | |
846 | + if (greh->csum || greh->routing) | |
847 | + return (u_int32_t *) (greh+sizeof(*greh)+4); | |
848 | + return (u_int32_t *) (greh+sizeof(*greh)); | |
849 | +} | |
850 | + | |
851 | +/* get pointer ot gre csum, if present */ | |
852 | +static inline u_int16_t *gre_csum(struct gre_hdr *greh) | |
853 | +{ | |
854 | + if (!greh->csum) | |
855 | + return NULL; | |
856 | + return (u_int16_t *) (greh+sizeof(*greh)); | |
857 | +} | |
858 | + | |
859 | +#endif /* __KERNEL__ */ | |
860 | + | |
861 | +#endif /* _CONNTRACK_PROTO_GRE_H */ | |
862 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_quake3.h | |
863 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 864 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 2003-12-11 10:24:00.844688176 +0100 |
4130fc20 | 865 | @@ -0,0 +1,21 @@ |
866 | +#ifndef _IP_CT_QUAKE3 | |
867 | +#define _IP_CT_QUAKE3 | |
868 | + | |
869 | +/* Don't confuse with 27960, often used as the Server Port */ | |
870 | +#define QUAKE3_MASTER_PORT 27950 | |
871 | + | |
872 | +struct quake3_search { | |
873 | + const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */ | |
874 | + const char *pattern; | |
875 | + size_t plen; | |
876 | +}; | |
877 | + | |
878 | +/* This structure is per expected connection */ | |
879 | +struct ip_ct_quake3_expect { | |
880 | +}; | |
881 | + | |
882 | +/* This structure exists only once per master */ | |
883 | +struct ip_ct_quake3_master { | |
884 | +}; | |
885 | + | |
886 | +#endif /* _IP_CT_QUAKE3 */ | |
887 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rpc.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rpc.h | |
888 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rpc.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 889 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rpc.h 2003-12-11 10:24:04.354154656 +0100 |
4130fc20 | 890 | @@ -0,0 +1,68 @@ |
891 | +/* RPC extension for IP connection tracking, Version 2.2 | |
892 | + * (C) 2000 by Marcelo Barbosa Lima <marcelo.lima@dcc.unicamp.br> | |
893 | + * - original rpc tracking module | |
894 | + * - "recent" connection handling for kernel 2.3+ netfilter | |
895 | + * | |
896 | + * (C) 2001 by Rusty Russell <rusty@rustcorp.com.au> | |
897 | + * - upgraded conntrack modules to oldnat api - kernel 2.4.0+ | |
898 | + * | |
899 | + * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au> | |
900 | + * - upgraded conntrack modules to newnat api - kernel 2.4.20+ | |
901 | + * - extended matching to support filtering on procedures | |
902 | + * | |
903 | + * ip_conntrack_rpc.h,v 2.2 2003/01/12 18:30:00 | |
904 | + * | |
905 | + * This program is free software; you can redistribute it and/or | |
906 | + * modify it under the terms of the GNU General Public License | |
907 | + * as published by the Free Software Foundation; either version | |
908 | + * 2 of the License, or (at your option) any later version. | |
909 | + ** | |
910 | + */ | |
911 | + | |
912 | +#include <asm/param.h> | |
913 | +#include <linux/sched.h> | |
914 | +#include <linux/timer.h> | |
915 | +#include <linux/stddef.h> | |
916 | +#include <linux/list.h> | |
917 | + | |
918 | +#include <linux/netfilter_ipv4/ip_conntrack_helper.h> | |
919 | + | |
920 | +#ifndef _IP_CONNTRACK_RPC_H | |
921 | +#define _IP_CONNTRACK_RPC_H | |
922 | + | |
923 | +#define RPC_PORT 111 | |
924 | + | |
925 | + | |
926 | +/* Datum in RPC packets are encoded in XDR */ | |
927 | +#define IXDR_GET_INT32(buf) ((u_int32_t) ntohl((uint32_t)*buf)) | |
928 | + | |
929 | +/* Fast timeout, to deny DoS atacks */ | |
930 | +#define EXP (60 * HZ) | |
931 | + | |
932 | +/* Normal timeouts */ | |
933 | +#define EXPIRES (180 * HZ) | |
934 | + | |
935 | +/* For future conections RPC, using client's cache bindings | |
936 | + * I'll use ip_conntrack_lock to lock these lists */ | |
937 | + | |
938 | +/* This identifies each request and stores protocol */ | |
939 | +struct request_p { | |
940 | + struct list_head list; | |
941 | + | |
942 | + u_int32_t xid; | |
943 | + u_int32_t ip; | |
944 | + u_int16_t port; | |
945 | + | |
946 | + /* Protocol */ | |
947 | + u_int16_t proto; | |
948 | + | |
949 | + struct timer_list timeout; | |
950 | +}; | |
951 | + | |
952 | +static inline int request_p_cmp(const struct request_p *p, u_int32_t xid, | |
953 | + u_int32_t ip, u_int32_t port) { | |
954 | + return (p->xid == xid && p->ip == ip && p->port); | |
955 | + | |
956 | +} | |
957 | + | |
958 | +#endif /* _IP_CONNTRACK_RPC_H */ | |
959 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rsh.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rsh.h | |
960 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 961 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 2003-12-11 10:24:05.586967240 +0100 |
4130fc20 | 962 | @@ -0,0 +1,35 @@ |
963 | +/* RSH extension for IP connection tracking, Version 1.0 | |
964 | + * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au> | |
965 | + * based on HW's ip_conntrack_irc.c | |
966 | + * | |
967 | + * ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26 | |
968 | + * | |
969 | + * This program is free software; you can redistribute it and/or | |
970 | + * modify it under the terms of the GNU General Public License | |
971 | + * as published by the Free Software Foundation; either version | |
972 | + * 2 of the License, or (at your option) any later version. | |
973 | + */ | |
974 | +#ifndef _IP_CONNTRACK_RSH_H | |
975 | +#define _IP_CONNTRACK_RSH_H | |
976 | + | |
977 | +#ifdef __KERNEL__ | |
978 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
979 | + | |
980 | +DECLARE_LOCK_EXTERN(ip_rsh_lock); | |
981 | +#endif | |
982 | + | |
983 | + | |
984 | +#define RSH_PORT 514 | |
985 | + | |
986 | +/* This structure is per expected connection */ | |
987 | +struct ip_ct_rsh_expect | |
988 | +{ | |
989 | + u_int16_t port; | |
990 | +}; | |
991 | + | |
992 | +/* This structure exists only once per master */ | |
993 | +struct ip_ct_rsh_master { | |
994 | +}; | |
995 | + | |
996 | +#endif /* _IP_CONNTRACK_RSH_H */ | |
997 | + | |
998 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h | |
999 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1000 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 2003-12-11 10:24:06.854774504 +0100 |
4130fc20 | 1001 | @@ -0,0 +1,68 @@ |
1002 | +/* | |
1003 | + * RTSP extension for IP connection tracking. | |
1004 | + * (C) 2003 by Tom Marshall <tmarshall@real.com> | |
1005 | + * based on ip_conntrack_irc.h | |
1006 | + * | |
1007 | + * This program is free software; you can redistribute it and/or | |
1008 | + * modify it under the terms of the GNU General Public License | |
1009 | + * as published by the Free Software Foundation; either version | |
1010 | + * 2 of the License, or (at your option) any later version. | |
1011 | + */ | |
1012 | +#ifndef _IP_CONNTRACK_RTSP_H | |
1013 | +#define _IP_CONNTRACK_RTSP_H | |
1014 | + | |
1015 | +/* #define IP_NF_RTSP_DEBUG */ | |
1016 | +#define IP_NF_RTSP_VERSION "0.01" | |
1017 | + | |
1018 | +/* port block types */ | |
1019 | +typedef enum { | |
1020 | + pb_single, /* client_port=x */ | |
1021 | + pb_range, /* client_port=x-y */ | |
1022 | + pb_discon /* client_port=x/y (rtspbis) */ | |
1023 | +} portblock_t; | |
1024 | + | |
1025 | +/* We record seq number and length of rtsp headers here, all in host order. */ | |
1026 | + | |
1027 | +/* | |
1028 | + * This structure is per expected connection. It is a member of struct | |
1029 | + * ip_conntrack_expect. The TCP SEQ for the conntrack expect is stored | |
1030 | + * there and we are expected to only store the length of the data which | |
1031 | + * needs replaced. If a packet contains multiple RTSP messages, we create | |
1032 | + * one expected connection per message. | |
1033 | + * | |
1034 | + * We use these variables to mark the entire header block. This may seem | |
1035 | + * like overkill, but the nature of RTSP requires it. A header may appear | |
1036 | + * multiple times in a message. We must treat two Transport headers the | |
1037 | + * same as one Transport header with two entries. | |
1038 | + */ | |
1039 | +struct ip_ct_rtsp_expect | |
1040 | +{ | |
1041 | + u_int32_t len; /* length of header block */ | |
1042 | + portblock_t pbtype; /* Type of port block that was requested */ | |
1043 | + u_int16_t loport; /* Port that was requested, low or first */ | |
1044 | + u_int16_t hiport; /* Port that was requested, high or second */ | |
1045 | +#if 0 | |
1046 | + uint method; /* RTSP method */ | |
1047 | + uint cseq; /* CSeq from request */ | |
1048 | +#endif | |
1049 | +}; | |
1050 | + | |
1051 | +/* This structure exists only once per master */ | |
1052 | +struct ip_ct_rtsp_master | |
1053 | +{ | |
1054 | + /* Empty (?) */ | |
1055 | +}; | |
1056 | + | |
1057 | + | |
1058 | +#ifdef __KERNEL__ | |
1059 | + | |
1060 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
1061 | + | |
1062 | +#define RTSP_PORT 554 | |
1063 | + | |
1064 | +/* Protects rtsp part of conntracks */ | |
1065 | +DECLARE_LOCK_EXTERN(ip_rtsp_lock); | |
1066 | + | |
1067 | +#endif /* __KERNEL__ */ | |
1068 | + | |
1069 | +#endif /* _IP_CONNTRACK_RTSP_H */ | |
1070 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_talk.h | |
1071 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1072 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2003-12-11 10:24:09.248410616 +0100 |
4130fc20 | 1073 | @@ -0,0 +1,152 @@ |
1074 | +#ifndef _IP_CONNTRACK_TALK_H | |
1075 | +#define _IP_CONNTRACK_TALK_H | |
1076 | +/* TALK tracking. */ | |
1077 | + | |
1078 | +#ifdef __KERNEL__ | |
1079 | +#include <linux/in.h> | |
1080 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
1081 | + | |
1082 | +/* Protects talk part of conntracks */ | |
1083 | +DECLARE_LOCK_EXTERN(ip_talk_lock); | |
1084 | +#endif | |
1085 | + | |
1086 | + | |
1087 | +#define TALK_PORT 517 | |
1088 | +#define NTALK_PORT 518 | |
1089 | + | |
1090 | +/* talk structures and constants from <protocols/talkd.h> */ | |
1091 | + | |
1092 | +/* | |
1093 | + * 4.3BSD struct sockaddr | |
1094 | + */ | |
1095 | +struct talk_addr { | |
1096 | + u_int16_t ta_family; | |
1097 | + u_int16_t ta_port; | |
1098 | + u_int32_t ta_addr; | |
1099 | + u_int32_t ta_junk1; | |
1100 | + u_int32_t ta_junk2; | |
1101 | +}; | |
1102 | + | |
1103 | +#define TALK_OLD_NSIZE 9 | |
1104 | +#define TALK_NSIZE 12 | |
1105 | +#define TALK_TTY_NSIZE 16 | |
1106 | + | |
1107 | +/* | |
1108 | + * Client->server request message formats. | |
1109 | + */ | |
1110 | +struct talk_msg { | |
1111 | + u_char type; /* request type, see below */ | |
1112 | + char l_name[TALK_OLD_NSIZE];/* caller's name */ | |
1113 | + char r_name[TALK_OLD_NSIZE];/* callee's name */ | |
1114 | + u_char pad; | |
1115 | + u_int32_t id_num; /* message id */ | |
1116 | + int32_t pid; /* caller's process id */ | |
1117 | + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */ | |
1118 | + struct talk_addr addr; /* old (4.3) style */ | |
1119 | + struct talk_addr ctl_addr; /* old (4.3) style */ | |
1120 | +}; | |
1121 | + | |
1122 | +struct ntalk_msg { | |
1123 | + u_char vers; /* protocol version */ | |
1124 | + u_char type; /* request type, see below */ | |
1125 | + u_char answer; /* not used */ | |
1126 | + u_char pad; | |
1127 | + u_int32_t id_num; /* message id */ | |
1128 | + struct talk_addr addr; /* old (4.3) style */ | |
1129 | + struct talk_addr ctl_addr; /* old (4.3) style */ | |
1130 | + int32_t pid; /* caller's process id */ | |
1131 | + char l_name[TALK_NSIZE];/* caller's name */ | |
1132 | + char r_name[TALK_NSIZE];/* callee's name */ | |
1133 | + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */ | |
1134 | +}; | |
1135 | + | |
1136 | +struct ntalk2_msg { | |
1137 | + u_char vers; /* talk protocol version */ | |
1138 | + u_char type; /* request type */ | |
1139 | + u_char answer; /* */ | |
1140 | + u_char extended; /* !0 if additional parts */ | |
1141 | + u_int32_t id_num; /* message id number (dels) */ | |
1142 | + struct talk_addr addr; /* target address */ | |
1143 | + struct talk_addr ctl_addr; /* reply to address */ | |
1144 | + int32_t pid; /* caller's process id */ | |
1145 | + char l_name[TALK_NSIZE]; /* caller's name */ | |
1146 | + char r_name[TALK_NSIZE]; /* callee's name */ | |
1147 | + char r_tty[TALK_TTY_NSIZE]; /* callee's tty */ | |
1148 | +}; | |
1149 | + | |
1150 | +/* | |
1151 | + * Server->client response message formats. | |
1152 | + */ | |
1153 | +struct talk_response { | |
1154 | + u_char type; /* type of request message, see below */ | |
1155 | + u_char answer; /* response to request message, see below */ | |
1156 | + u_char pad[2]; | |
1157 | + u_int32_t id_num; /* message id */ | |
1158 | + struct talk_addr addr; /* address for establishing conversation */ | |
1159 | +}; | |
1160 | + | |
1161 | +struct ntalk_response { | |
1162 | + u_char vers; /* protocol version */ | |
1163 | + u_char type; /* type of request message, see below */ | |
1164 | + u_char answer; /* response to request message, see below */ | |
1165 | + u_char pad; | |
1166 | + u_int32_t id_num; /* message id */ | |
1167 | + struct talk_addr addr; /* address for establishing conversation */ | |
1168 | +}; | |
1169 | + | |
1170 | +struct ntalk2_response { | |
1171 | + u_char vers; /* protocol version */ | |
1172 | + u_char type; /* type of request message */ | |
1173 | + u_char answer; /* response to request */ | |
1174 | + u_char rvers; /* Version of answering vers*/ | |
1175 | + u_int32_t id_num; /* message id number */ | |
1176 | + struct talk_addr addr; /* address for connection */ | |
1177 | + /* This is at the end to compatiblize this with NTALK version. */ | |
1178 | + char r_name[TALK_NSIZE]; /* callee's name */ | |
1179 | +}; | |
1180 | + | |
1181 | +#define TALK_STR(data, talk_str, member) ((struct talk_str *)data)->member) | |
1182 | +#define TALK_RESP(data, ver, member) (ver ? ((struct ntalk_response *)data)->member : ((struct talk_response *)data)->member) | |
1183 | +#define TALK_MSG(data, ver, member) (ver ? ((struct ntalk_msg *)data)->member : ((struct talk_msg *)data)->member) | |
1184 | + | |
1185 | +#define TALK_VERSION 0 /* protocol versions */ | |
1186 | +#define NTALK_VERSION 1 | |
1187 | +#define NTALK2_VERSION 2 | |
1188 | + | |
1189 | +/* message type values */ | |
1190 | +#define LEAVE_INVITE 0 /* leave invitation with server */ | |
1191 | +#define LOOK_UP 1 /* check for invitation by callee */ | |
1192 | +#define DELETE 2 /* delete invitation by caller */ | |
1193 | +#define ANNOUNCE 3 /* announce invitation by caller */ | |
1194 | +/* NTALK2 */ | |
1195 | +#define REPLY_QUERY 4 /* request reply data from local daemon */ | |
1196 | + | |
1197 | +/* answer values */ | |
1198 | +#define SUCCESS 0 /* operation completed properly */ | |
1199 | +#define NOT_HERE 1 /* callee not logged in */ | |
1200 | +#define FAILED 2 /* operation failed for unexplained reason */ | |
1201 | +#define MACHINE_UNKNOWN 3 /* caller's machine name unknown */ | |
1202 | +#define PERMISSION_DENIED 4 /* callee's tty doesn't permit announce */ | |
1203 | +#define UNKNOWN_REQUEST 5 /* request has invalid type value */ | |
1204 | +#define BADVERSION 6 /* request has invalid protocol version */ | |
1205 | +#define BADADDR 7 /* request has invalid addr value */ | |
1206 | +#define BADCTLADDR 8 /* request has invalid ctl_addr value */ | |
1207 | +/* NTALK2 */ | |
1208 | +#define NO_CALLER 9 /* no-one calling answer from REPLY */ | |
1209 | +#define TRY_HERE 10 /* Not on this machine, try this */ | |
1210 | +#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */ | |
1211 | +#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */ | |
1212 | + | |
1213 | +/* We don't really need much for talk */ | |
1214 | +struct ip_ct_talk_expect | |
1215 | +{ | |
1216 | + /* Port that was to be used */ | |
1217 | + u_int16_t port; | |
1218 | +}; | |
1219 | + | |
1220 | +/* This structure exists only once per master */ | |
1221 | +struct ip_ct_talk_master | |
1222 | +{ | |
1223 | +}; | |
1224 | + | |
1225 | +#endif /* _IP_CONNTRACK_TALK_H */ | |
1226 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_tuple.h | |
1227 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2003-11-26 21:44:58.000000000 +0100 | |
0c98d228 | 1228 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2003-12-11 10:23:59.480895504 +0100 |
4130fc20 | 1229 | @@ -14,7 +14,7 @@ |
1230 | union ip_conntrack_manip_proto | |
1231 | { | |
1232 | /* Add other protocols here. */ | |
1233 | - u_int16_t all; | |
1234 | + u_int32_t all; | |
1235 | ||
1236 | struct { | |
1237 | u_int16_t port; | |
1238 | @@ -25,6 +25,9 @@ | |
1239 | struct { | |
1240 | u_int16_t id; | |
1241 | } icmp; | |
1242 | + struct { | |
1243 | + u_int32_t key; | |
1244 | + } gre; | |
1245 | }; | |
1246 | ||
1247 | /* The manipulable part of the tuple. */ | |
1248 | @@ -44,7 +47,7 @@ | |
1249 | u_int32_t ip; | |
1250 | union { | |
1251 | /* Add other protocols here. */ | |
1252 | - u_int16_t all; | |
1253 | + u_int64_t all; | |
1254 | ||
1255 | struct { | |
1256 | u_int16_t port; | |
1257 | @@ -55,6 +58,11 @@ | |
1258 | struct { | |
1259 | u_int8_t type, code; | |
1260 | } icmp; | |
1261 | + struct { | |
1262 | + u_int16_t protocol; | |
1263 | + u_int8_t version; | |
1264 | + u_int32_t key; | |
1265 | + } gre; | |
1266 | } u; | |
1267 | ||
1268 | /* The protocol. */ | |
1269 | @@ -80,10 +88,16 @@ | |
1270 | #ifdef __KERNEL__ | |
1271 | ||
1272 | #define DUMP_TUPLE(tp) \ | |
1273 | -DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \ | |
1274 | +DEBUGP("tuple %p: %u %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u\n", \ | |
1275 | (tp), (tp)->dst.protonum, \ | |
1276 | - NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \ | |
1277 | - NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all)) | |
1278 | + NIPQUAD((tp)->src.ip), ntohl((tp)->src.u.all), \ | |
1279 | + NIPQUAD((tp)->dst.ip), ntohl((tp)->dst.u.all)) | |
1280 | + | |
1281 | +#define DUMP_TUPLE_RAW(x) \ | |
1282 | + DEBUGP("tuple %p: %u %u.%u.%u.%u:0x%08x -> %u.%u.%u.%u:0x%08x\n",\ | |
1283 | + (x), (x)->dst.protonum, \ | |
1284 | + NIPQUAD((x)->src.ip), ntohl((x)->src.u.all), \ | |
1285 | + NIPQUAD((x)->dst.ip), ntohl((x)->dst.u.all)) | |
1286 | ||
1287 | #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL) | |
1288 | ||
1289 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_nat_pptp.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_nat_pptp.h | |
1290 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_nat_pptp.h 1970-01-01 01:00:00.000000000 +0100 | |
1291 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_nat_pptp.h 2003-11-17 09:09:34.000000000 +0100 | |
1292 | @@ -0,0 +1,11 @@ | |
1293 | +/* PPTP constants and structs */ | |
1294 | +#ifndef _NAT_PPTP_H | |
1295 | +#define _NAT_PPTP_H | |
1296 | + | |
1297 | +/* conntrack private data */ | |
1298 | +struct ip_nat_pptp { | |
1299 | + u_int16_t pns_call_id; /* NAT'ed PNS call id */ | |
1300 | + u_int16_t pac_call_id; /* NAT'ed PAC call id */ | |
1301 | +}; | |
1302 | + | |
1303 | +#endif /* _NAT_PPTP_H */ | |
1304 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_pool.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_pool.h | |
1305 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_pool.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1306 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_pool.h 2003-12-11 10:23:32.943929736 +0100 |
4130fc20 | 1307 | @@ -0,0 +1,64 @@ |
1308 | +#ifndef _IP_POOL_H | |
1309 | +#define _IP_POOL_H | |
1310 | + | |
1311 | +/***************************************************************************/ | |
1312 | +/* This program is free software; you can redistribute it and/or modify */ | |
1313 | +/* it under the terms of the GNU General Public License as published by */ | |
1314 | +/* the Free Software Foundation; either version 2 of the License, or */ | |
1315 | +/* (at your option) any later version. */ | |
1316 | +/* */ | |
1317 | +/* This program is distributed in the hope that it will be useful, */ | |
1318 | +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ | |
1319 | +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ | |
1320 | +/* GNU General Public License for more details. */ | |
1321 | +/* */ | |
1322 | +/* You should have received a copy of the GNU General Public License */ | |
1323 | +/* along with this program; if not, write to the Free Software */ | |
1324 | +/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/ | |
1325 | +/***************************************************************************/ | |
1326 | + | |
1327 | +/* A sockopt of such quality has hardly ever been seen before on the open | |
1328 | + * market! This little beauty, hardly ever used: above 64, so it's | |
1329 | + * traditionally used for firewalling, not touched (even once!) by the | |
1330 | + * 2.0, 2.2 and 2.4 kernels! | |
1331 | + * | |
1332 | + * Comes with its own certificate of authenticity, valid anywhere in the | |
1333 | + * Free world! | |
1334 | + * | |
1335 | + * Rusty, 19.4.2000 | |
1336 | + */ | |
1337 | +#define SO_IP_POOL 81 | |
1338 | + | |
1339 | +typedef int ip_pool_t; /* pool index */ | |
1340 | +#define IP_POOL_NONE ((ip_pool_t)-1) | |
1341 | + | |
1342 | +struct ip_pool_request { | |
1343 | + int op; | |
1344 | + ip_pool_t index; | |
1345 | + u_int32_t addr; | |
1346 | + u_int32_t addr2; | |
1347 | +}; | |
1348 | + | |
1349 | +/* NOTE: I deliberately break the first cut ippool utility. Nobody uses it. */ | |
1350 | + | |
1351 | +#define IP_POOL_BAD001 0x00000010 | |
1352 | + | |
1353 | +#define IP_POOL_FLUSH 0x00000011 /* req.index, no arguments */ | |
1354 | +#define IP_POOL_INIT 0x00000012 /* from addr to addr2 incl. */ | |
1355 | +#define IP_POOL_DESTROY 0x00000013 /* req.index, no arguments */ | |
1356 | +#define IP_POOL_ADD_ADDR 0x00000014 /* add addr to pool */ | |
1357 | +#define IP_POOL_DEL_ADDR 0x00000015 /* del addr from pool */ | |
1358 | +#define IP_POOL_HIGH_NR 0x00000016 /* result in req.index */ | |
1359 | +#define IP_POOL_LOOKUP 0x00000017 /* result in addr and addr2 */ | |
1360 | +#define IP_POOL_USAGE 0x00000018 /* result in addr */ | |
1361 | +#define IP_POOL_TEST_ADDR 0x00000019 /* result (0/1) returned */ | |
1362 | + | |
1363 | +#ifdef __KERNEL__ | |
1364 | + | |
1365 | +/* NOTE: ip_pool_match() and ip_pool_mod() expect ADDR to be host byte order */ | |
1366 | +extern int ip_pool_match(ip_pool_t pool, u_int32_t addr); | |
1367 | +extern int ip_pool_mod(ip_pool_t pool, u_int32_t addr, int isdel); | |
1368 | + | |
1369 | +#endif | |
1370 | + | |
1371 | +#endif /*_IP_POOL_H*/ | |
1372 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_queue.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_queue.h | |
1373 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_queue.h 2003-11-26 21:45:32.000000000 +0100 | |
0c98d228 | 1374 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_queue.h 2003-12-11 10:24:12.844863872 +0100 |
4130fc20 | 1375 | @@ -47,10 +47,20 @@ |
1376 | unsigned char payload[0]; /* Optional replacement packet */ | |
1377 | } ipq_verdict_msg_t; | |
1378 | ||
1379 | +typedef struct ipq_vwmark_msg { | |
1380 | + unsigned int value; /* Verdict to hand to netfilter */ | |
1381 | + unsigned long id; /* Packet ID for this verdict */ | |
1382 | + size_t data_len; /* Length of replacement data */ | |
1383 | + unsigned char payload[0]; /* Optional replacement packet */ | |
1384 | + unsigned long nfmark; /* Mark for the Packet */ | |
1385 | +} ipq_vwmark_msg_t; | |
1386 | + | |
1387 | + | |
1388 | typedef struct ipq_peer_msg { | |
1389 | union { | |
1390 | ipq_verdict_msg_t verdict; | |
1391 | ipq_mode_msg_t mode; | |
1392 | + ipq_vwmark_msg_t vwmark; | |
1393 | } msg; | |
1394 | } ipq_peer_msg_t; | |
1395 | ||
1396 | @@ -67,6 +77,7 @@ | |
1397 | #define IPQM_MODE (IPQM_BASE + 1) /* Mode request from peer */ | |
1398 | #define IPQM_VERDICT (IPQM_BASE + 2) /* Verdict from peer */ | |
1399 | #define IPQM_PACKET (IPQM_BASE + 3) /* Packet from kernel */ | |
1400 | -#define IPQM_MAX (IPQM_BASE + 4) | |
1401 | +#define IPQM_VWMARK (IPQM_BASE + 4) /* Verdict and mark from peer */ | |
1402 | +#define IPQM_MAX (IPQM_BASE + 5) | |
1403 | ||
1404 | #endif /*_IP_QUEUE_H*/ | |
1405 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_tables.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_tables.h | |
1406 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_tables.h 2003-11-26 21:44:17.000000000 +0100 | |
0c98d228 | 1407 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_tables.h 2003-12-11 10:23:17.222319784 +0100 |
4130fc20 | 1408 | @@ -134,6 +134,12 @@ |
1409 | /* Back pointer */ | |
1410 | unsigned int comefrom; | |
1411 | ||
1412 | + /* Name of the chain */ | |
1413 | + char *chainname; | |
1414 | + | |
1415 | + /* Rule number in the chain. */ | |
1416 | + u_int32_t rulenum; | |
1417 | + | |
1418 | /* Packet and byte counters. */ | |
1419 | struct ipt_counters counters; | |
1420 | ||
1421 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_addrtype.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_addrtype.h | |
1422 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_addrtype.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1423 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_addrtype.h 2003-12-11 10:23:44.236213048 +0100 |
4130fc20 | 1424 | @@ -0,0 +1,11 @@ |
1425 | +#ifndef _IPT_ADDRTYPE_H | |
1426 | +#define _IPT_ADDRTYPE_H | |
1427 | + | |
1428 | +struct ipt_addrtype_info { | |
1429 | + u_int16_t source; /* source-type mask */ | |
1430 | + u_int16_t dest; /* dest-type mask */ | |
1431 | + int invert_source; | |
1432 | + int invert_dest; | |
1433 | +}; | |
1434 | + | |
1435 | +#endif | |
1436 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_condition.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_condition.h | |
1437 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_condition.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1438 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_condition.h 2003-12-11 10:23:46.621850376 +0100 |
4130fc20 | 1439 | @@ -0,0 +1,11 @@ |
1440 | +#ifndef __IPT_CONDITION_MATCH__ | |
1441 | +#define __IPT_CONDITION_MATCH__ | |
1442 | + | |
1443 | +#define CONDITION_NAME_LEN 32 | |
1444 | + | |
1445 | +struct condition_info { | |
1446 | + char name[CONDITION_NAME_LEN]; | |
1447 | + int invert; | |
1448 | +}; | |
1449 | + | |
1450 | +#endif | |
1451 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_connlimit.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_connlimit.h | |
1452 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_connlimit.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1453 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_connlimit.h 2003-12-11 10:23:19.417985992 +0100 |
4130fc20 | 1454 | @@ -0,0 +1,12 @@ |
1455 | +#ifndef _IPT_CONNLIMIT_H | |
1456 | +#define _IPT_CONNLIMIT_H | |
1457 | + | |
1458 | +struct ipt_connlimit_data; | |
1459 | + | |
1460 | +struct ipt_connlimit_info { | |
1461 | + int limit; | |
1462 | + int inverse; | |
1463 | + u_int32_t mask; | |
1464 | + struct ipt_connlimit_data *data; | |
1465 | +}; | |
1466 | +#endif /* _IPT_CONNLIMIT_H */ | |
1467 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_connmark.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_connmark.h | |
1468 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_connmark.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1469 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_connmark.h 2003-12-11 10:23:47.827667064 +0100 |
4130fc20 | 1470 | @@ -0,0 +1,9 @@ |
1471 | +#ifndef _IPT_CONNMARK_H | |
1472 | +#define _IPT_CONNMARK_H | |
1473 | + | |
1474 | +struct ipt_connmark_info { | |
1475 | + unsigned long mark, mask; | |
1476 | + u_int8_t invert; | |
1477 | +}; | |
1478 | + | |
1479 | +#endif /*_IPT_CONNMARK_H*/ | |
1480 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_CONNMARK.h | |
1481 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1482 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2003-12-11 10:23:47.828666912 +0100 |
4130fc20 | 1483 | @@ -0,0 +1,15 @@ |
1484 | +#ifndef _IPT_CONNMARK_H_target | |
1485 | +#define _IPT_CONNMARK_H_target | |
1486 | + | |
1487 | +enum { | |
1488 | + IPT_CONNMARK_SET = 0, | |
1489 | + IPT_CONNMARK_SAVE, | |
1490 | + IPT_CONNMARK_RESTORE | |
1491 | +}; | |
1492 | + | |
1493 | +struct ipt_connmark_target_info { | |
1494 | + unsigned long mark; | |
1495 | + u_int8_t mode; | |
1496 | +}; | |
1497 | + | |
1498 | +#endif /*_IPT_CONNMARK_H_target*/ | |
1499 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_conntrack.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_conntrack.h | |
1500 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_conntrack.h 2003-11-26 21:45:07.000000000 +0100 | |
0c98d228 | 1501 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_conntrack.h 2003-12-11 10:23:17.222319784 +0100 |
4130fc20 | 1502 | @@ -10,6 +10,7 @@ |
1503 | ||
1504 | #define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) | |
1505 | #define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) | |
1506 | +#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) | |
1507 | ||
1508 | /* flags, invflags: */ | |
1509 | #define IPT_CONNTRACK_STATE 0x01 | |
1510 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_dstlimit.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_dstlimit.h | |
1511 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_dstlimit.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1512 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_dstlimit.h 2003-12-11 10:23:20.526817424 +0100 |
4130fc20 | 1513 | @@ -0,0 +1,36 @@ |
1514 | +#ifndef _IPT_DSTLIMIT_H | |
1515 | +#define _IPT_DSTLIMIT_H | |
1516 | + | |
1517 | +/* timings are in milliseconds. */ | |
1518 | +#define IPT_DSTLIMIT_SCALE 10000 | |
1519 | +/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 | |
1520 | + seconds, or one every 59 hours. */ | |
1521 | + | |
1522 | +/* details of this structure hidden by the implementation */ | |
1523 | +struct ipt_dstlimit_htable; | |
1524 | + | |
1525 | +#define IPT_DSTLIMIT_HASH_DIP 0x0001 | |
1526 | +#define IPT_DSTLIMIT_HASH_DPT 0x0002 | |
1527 | +#define IPT_DSTLIMIT_HASH_SIP 0x0004 | |
1528 | + | |
1529 | +struct ipt_dstlimit_info { | |
1530 | + u_int32_t mode; /* bitmask of IPT_DSTLIMIT_HASH_* */ | |
1531 | + u_int32_t avg; /* Average secs between packets * scale */ | |
1532 | + u_int32_t burst; /* Period multiplier for upper limit. */ | |
1533 | + | |
1534 | + /* user specified */ | |
1535 | + unsigned int size; /* how many buckets */ | |
1536 | + unsigned int max; /* max number of entries */ | |
1537 | + unsigned int gc_interval; /* gc interval */ | |
1538 | + unsigned int expire; /* when do entries expire? */ | |
1539 | + char name [IFNAMSIZ]; /* name */ | |
1540 | + | |
1541 | + struct ipt_dstlimit_htable *hinfo; | |
1542 | + | |
1543 | + /* Used internally by the kernel */ | |
1544 | + union { | |
1545 | + void *ptr; | |
1546 | + struct ipt_dstlimit_info *master; | |
1547 | + } u; | |
1548 | +}; | |
1549 | +#endif /*_IPT_DSTLIMIT_H*/ | |
1550 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_fuzzy.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_fuzzy.h | |
1551 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_fuzzy.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1552 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_fuzzy.h 2003-12-11 10:23:22.734481808 +0100 |
4130fc20 | 1553 | @@ -0,0 +1,21 @@ |
1554 | +#ifndef _IPT_FUZZY_H | |
1555 | +#define _IPT_FUZZY_H | |
1556 | + | |
1557 | +#include <linux/param.h> | |
1558 | +#include <linux/types.h> | |
1559 | + | |
1560 | +#define MAXFUZZYRATE 10000000 | |
1561 | +#define MINFUZZYRATE 3 | |
1562 | + | |
1563 | +struct ipt_fuzzy_info { | |
1564 | + u_int32_t minimum_rate; | |
1565 | + u_int32_t maximum_rate; | |
1566 | + u_int32_t packets_total; | |
1567 | + u_int32_t bytes_total; | |
1568 | + u_int32_t previous_time; | |
1569 | + u_int32_t present_time; | |
1570 | + u_int32_t mean_rate; | |
1571 | + u_int8_t acceptance_rate; | |
1572 | +}; | |
1573 | + | |
1574 | +#endif /*_IPT_FUZZY_H*/ | |
1575 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_IPMARK.h | |
1576 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1577 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_IPMARK.h 2003-12-11 10:23:52.557947952 +0100 |
4130fc20 | 1578 | @@ -0,0 +1,13 @@ |
1579 | +#ifndef _IPT_IPMARK_H_target | |
1580 | +#define _IPT_IPMARK_H_target | |
1581 | + | |
1582 | +struct ipt_ipmark_target_info { | |
1583 | + unsigned long andmask; | |
1584 | + unsigned long ormask; | |
1585 | + unsigned int addr; | |
1586 | +}; | |
1587 | + | |
1588 | +#define IPT_IPMARK_SRC 0 | |
1589 | +#define IPT_IPMARK_DST 1 | |
1590 | + | |
1591 | +#endif /*_IPT_IPMARK_H_target*/ | |
1592 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_ipv4options.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_ipv4options.h | |
1593 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_ipv4options.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1594 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_ipv4options.h 2003-12-11 10:23:25.055129016 +0100 |
4130fc20 | 1595 | @@ -0,0 +1,21 @@ |
1596 | +#ifndef __ipt_ipv4options_h_included__ | |
1597 | +#define __ipt_ipv4options_h_included__ | |
1598 | + | |
1599 | +#define IPT_IPV4OPTION_MATCH_SSRR 0x01 /* For strict source routing */ | |
1600 | +#define IPT_IPV4OPTION_MATCH_LSRR 0x02 /* For loose source routing */ | |
1601 | +#define IPT_IPV4OPTION_DONT_MATCH_SRR 0x04 /* any source routing */ | |
1602 | +#define IPT_IPV4OPTION_MATCH_RR 0x08 /* For Record route */ | |
1603 | +#define IPT_IPV4OPTION_DONT_MATCH_RR 0x10 | |
1604 | +#define IPT_IPV4OPTION_MATCH_TIMESTAMP 0x20 /* For timestamp request */ | |
1605 | +#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP 0x40 | |
1606 | +#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT 0x80 /* For router-alert */ | |
1607 | +#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100 | |
1608 | +#define IPT_IPV4OPTION_MATCH_ANY_OPT 0x200 /* match packet with any option */ | |
1609 | +#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT 0x400 /* match packet with no option */ | |
1610 | + | |
1611 | +struct ipt_ipv4options_info { | |
1612 | + u_int16_t options; | |
1613 | +}; | |
1614 | + | |
1615 | + | |
1616 | +#endif /* __ipt_ipv4options_h_included__ */ | |
1617 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_mark.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_mark.h | |
1618 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_mark.h 2003-11-26 21:45:46.000000000 +0100 | |
0c98d228 | 1619 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_mark.h 2003-12-11 10:24:14.940545280 +0100 |
4130fc20 | 1620 | @@ -1,9 +1,16 @@ |
1621 | #ifndef _IPT_MARK_H | |
1622 | #define _IPT_MARK_H | |
1623 | ||
1624 | +enum { | |
1625 | + IPT_MARK_BIT_OP_NONE, | |
1626 | + IPT_MARK_BIT_OP_AND, | |
1627 | + IPT_MARK_BIT_OP_OR | |
1628 | +}; | |
1629 | + | |
1630 | struct ipt_mark_info { | |
1631 | unsigned long mark, mask; | |
1632 | u_int8_t invert; | |
1633 | + u_int8_t bit_op; | |
1634 | }; | |
1635 | ||
1636 | #endif /*_IPT_MARK_H*/ | |
1637 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_mport.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_mport.h | |
1638 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_mport.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1639 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_mport.h 2003-12-11 10:23:27.304787016 +0100 |
4130fc20 | 1640 | @@ -0,0 +1,24 @@ |
1641 | +#ifndef _IPT_MPORT_H | |
1642 | +#define _IPT_MPORT_H | |
1643 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
1644 | + | |
1645 | +#define IPT_MPORT_SOURCE (1<<0) | |
1646 | +#define IPT_MPORT_DESTINATION (1<<1) | |
1647 | +#define IPT_MPORT_EITHER (IPT_MPORT_SOURCE|IPT_MPORT_DESTINATION) | |
1648 | + | |
1649 | +#define IPT_MULTI_PORTS 15 | |
1650 | + | |
1651 | +/* Must fit inside union ipt_matchinfo: 32 bytes */ | |
1652 | +/* every entry in ports[] except for the last one has one bit in pflags | |
1653 | + * associated with it. If this bit is set, the port is the first port of | |
1654 | + * a portrange, with the next entry being the last. | |
1655 | + * End of list is marked with pflags bit set and port=65535. | |
1656 | + * If 14 ports are used (last one does not have a pflag), the last port | |
1657 | + * is repeated to fill the last entry in ports[] */ | |
1658 | +struct ipt_mport | |
1659 | +{ | |
1660 | + u_int8_t flags:2; /* Type of comparison */ | |
1661 | + u_int16_t pflags:14; /* Port flags */ | |
1662 | + u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */ | |
1663 | +}; | |
1664 | +#endif /*_IPT_MPORT_H*/ | |
1665 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_NETLINK.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_NETLINK.h | |
1666 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_NETLINK.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1667 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_NETLINK.h 2003-12-11 10:23:28.409619056 +0100 |
4130fc20 | 1668 | @@ -0,0 +1,27 @@ |
1669 | +#ifndef _IPT_FWMON_H | |
1670 | +#define _IPT_FWMON_H | |
1671 | + | |
1672 | +/* Bitmask macros */ | |
1673 | +#define MASK(x,y) (x & y) | |
1674 | +#define MASK_SET(x,y) x |= y | |
1675 | +#define MASK_UNSET(x,y) x &= ~y | |
1676 | + | |
1677 | +#define USE_MARK 0x00000001 | |
1678 | +#define USE_DROP 0x00000002 | |
1679 | +#define USE_SIZE 0x00000004 | |
1680 | + | |
1681 | +struct ipt_nldata | |
1682 | +{ | |
1683 | + unsigned int flags; | |
1684 | + unsigned int mark; | |
1685 | + unsigned int size; | |
1686 | +}; | |
1687 | + | |
1688 | +/* Old header */ | |
1689 | +struct netlink_t { | |
1690 | + unsigned int len; | |
1691 | + unsigned int mark; | |
1692 | + char iface[IFNAMSIZ]; | |
1693 | +}; | |
1694 | + | |
1695 | +#endif /*_IPT_FWMON_H*/ | |
1696 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_nth.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_nth.h | |
1697 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_nth.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1698 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_nth.h 2003-12-11 10:23:30.639280096 +0100 |
4130fc20 | 1699 | @@ -0,0 +1,19 @@ |
1700 | +#ifndef _IPT_NTH_H | |
1701 | +#define _IPT_NTH_H | |
1702 | + | |
1703 | +#include <linux/param.h> | |
1704 | +#include <linux/types.h> | |
1705 | + | |
1706 | +#ifndef IPT_NTH_NUM_COUNTERS | |
1707 | +#define IPT_NTH_NUM_COUNTERS 16 | |
1708 | +#endif | |
1709 | + | |
1710 | +struct ipt_nth_info { | |
1711 | + u_int8_t every; | |
1712 | + u_int8_t not; | |
1713 | + u_int8_t startat; | |
1714 | + u_int8_t counter; | |
1715 | + u_int8_t packet; | |
1716 | +}; | |
1717 | + | |
1718 | +#endif /*_IPT_NTH_H*/ | |
1719 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_osf.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_osf.h | |
1720 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_osf.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1721 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_osf.h 2003-12-11 10:23:31.785105904 +0100 |
4130fc20 | 1722 | @@ -0,0 +1,121 @@ |
1723 | +/* | |
1724 | + * ipt_osf.h | |
1725 | + * | |
1726 | + * Copyright (c) 2003 Evgeniy Polyakov <johnpol@2ka.mipt.ru> | |
1727 | + * | |
1728 | + * | |
1729 | + * This program is free software; you can redistribute it and/or modify | |
1730 | + * it under the terms of the GNU General Public License as published by | |
1731 | + * the Free Software Foundation; either version 2 of the License, or | |
1732 | + * (at your option) any later version. | |
1733 | + * | |
1734 | + * This program is distributed in the hope that it will be useful, | |
1735 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
1736 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
1737 | + * GNU General Public License for more details. | |
1738 | + * | |
1739 | + * You should have received a copy of the GNU General Public License | |
1740 | + * along with this program; if not, write to the Free Software | |
1741 | + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
1742 | + */ | |
1743 | + | |
1744 | +#ifndef _IPT_OSF_H | |
1745 | +#define _IPT_OSF_H | |
1746 | + | |
1747 | +#define MAXGENRELEN 32 | |
1748 | +#define MAXDETLEN 64 | |
1749 | + | |
1750 | +#include <linux/list.h> | |
1751 | + | |
1752 | +struct ipt_osf_info | |
1753 | +{ | |
1754 | + char genre[MAXGENRELEN]; | |
1755 | + int len; | |
1756 | + int invert; /* UNSUPPORTED */ | |
1757 | +}; | |
1758 | + | |
1759 | +struct osf_wc | |
1760 | +{ | |
1761 | + char wc; | |
1762 | + unsigned long val; | |
1763 | +}; | |
1764 | + | |
1765 | +/* This struct represents IANA options | |
1766 | + * http://www.iana.org/assignments/tcp-parameters | |
1767 | + */ | |
1768 | +struct osf_opt | |
1769 | +{ | |
1770 | + unsigned char kind; | |
1771 | + unsigned char length; | |
1772 | + struct osf_wc wc; | |
1773 | +}; | |
1774 | + | |
1775 | +#ifdef __KERNEL__ | |
1776 | + | |
1777 | +struct osf_finger | |
1778 | +{ | |
1779 | + struct list_head flist; | |
1780 | + struct osf_wc wss; | |
1781 | + unsigned char ttl; | |
1782 | + unsigned char df; | |
1783 | + unsigned long ss; | |
1784 | + char genre[MAXGENRELEN]; | |
1785 | + char version[MAXGENRELEN], subtype[MAXGENRELEN]; | |
1786 | + | |
1787 | + /* Not needed, but for consistency with original table from Michal Zalewski */ | |
1788 | + char details[MAXDETLEN]; | |
1789 | + | |
1790 | + int opt_num; | |
1791 | + struct osf_opt opt[MAX_IPOPTLEN]; /* In case it is all NOP or EOL */ | |
1792 | + | |
1793 | +}; | |
1794 | + | |
1795 | +/* Defines for IANA option kinds */ | |
1796 | + | |
1797 | +#define OSFOPT_EOL 0 /* End of options */ | |
1798 | +#define OSFOPT_NOP 1 /* NOP */ | |
1799 | +#define OSFOPT_MSS 2 /* Maximum segment size */ | |
1800 | +#define OSFOPT_WSO 3 /* Window scale option */ | |
1801 | +#define OSFOPT_SACKP 4 /* SACK permitted */ | |
1802 | +#define OSFOPT_SACK 5 /* SACK */ | |
1803 | +#define OSFOPT_ECHO 6 | |
1804 | +#define OSFOPT_ECHOREPLY 7 | |
1805 | +#define OSFOPT_TS 8 /* Timestamp option */ | |
1806 | +#define OSFOPT_POCP 9 /* Partial Order Connection Permitted */ | |
1807 | +#define OSFOPT_POSP 10 /* Partial Order Service Profile */ | |
1808 | +/* Others are not used in current OSF */ | |
1809 | + | |
1810 | +static struct osf_opt IANA_opts[] = | |
1811 | +{ | |
1812 | + {0, 1,}, | |
1813 | + {1, 1,}, | |
1814 | + {2, 4,}, | |
1815 | + {3, 3,}, | |
1816 | + {4, 2,}, | |
1817 | + {5, 1 ,}, /* SACK length is not defined */ | |
1818 | + {6, 6,}, | |
1819 | + {7, 6,}, | |
1820 | + {8, 10,}, | |
1821 | + {9, 2,}, | |
1822 | + {10, 3,}, | |
1823 | + {11, 1,}, /* CC: Suppose 1 */ | |
1824 | + {12, 1,}, /* the same */ | |
1825 | + {13, 1,}, /* and here too */ | |
1826 | + {14, 3,}, | |
1827 | + {15, 1,}, /* TCP Alternate Checksum Data. Length is not defined */ | |
1828 | + {16, 1,}, | |
1829 | + {17, 1,}, | |
1830 | + {18, 3,}, | |
1831 | + {19, 18,}, | |
1832 | + {20, 1,}, | |
1833 | + {21, 1,}, | |
1834 | + {22, 1,}, | |
1835 | + {23, 1,}, | |
1836 | + {24, 1,}, | |
1837 | + {25, 1,}, | |
1838 | + {26, 1,}, | |
1839 | +}; | |
1840 | + | |
1841 | +#endif /* __KERNEL__ */ | |
1842 | + | |
1843 | +#endif /* _IPT_OSF_H */ | |
1844 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_pool.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_pool.h | |
1845 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_pool.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1846 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_pool.h 2003-12-11 10:23:32.943929736 +0100 |
4130fc20 | 1847 | @@ -0,0 +1,25 @@ |
1848 | +#ifndef _IPT_POOL_H | |
1849 | +#define _IPT_POOL_H | |
1850 | + | |
1851 | +#include <linux/netfilter_ipv4/ip_pool.h> | |
1852 | + | |
1853 | +#define IPT_POOL_INV_SRC 0x00000001 | |
1854 | +#define IPT_POOL_INV_DST 0x00000002 | |
1855 | +#define IPT_POOL_DEL_SRC 0x00000004 | |
1856 | +#define IPT_POOL_DEL_DST 0x00000008 | |
1857 | +#define IPT_POOL_INV_MOD_SRC 0x00000010 | |
1858 | +#define IPT_POOL_INV_MOD_DST 0x00000020 | |
1859 | +#define IPT_POOL_MOD_SRC_ACCEPT 0x00000040 | |
1860 | +#define IPT_POOL_MOD_DST_ACCEPT 0x00000080 | |
1861 | +#define IPT_POOL_MOD_SRC_DROP 0x00000100 | |
1862 | +#define IPT_POOL_MOD_DST_DROP 0x00000200 | |
1863 | + | |
1864 | +/* match info */ | |
1865 | +struct ipt_pool_info | |
1866 | +{ | |
1867 | + ip_pool_t src; | |
1868 | + ip_pool_t dst; | |
1869 | + unsigned flags; | |
1870 | +}; | |
1871 | + | |
1872 | +#endif /*_IPT_POOL_H*/ | |
1873 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_psd.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_psd.h | |
1874 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_psd.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1875 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_psd.h 2003-12-11 10:23:34.085756152 +0100 |
4130fc20 | 1876 | @@ -0,0 +1,40 @@ |
1877 | +#ifndef _IPT_PSD_H | |
1878 | +#define _IPT_PSD_H | |
1879 | + | |
1880 | +#include <linux/param.h> | |
1881 | +#include <linux/types.h> | |
1882 | + | |
1883 | +/* | |
1884 | + * High port numbers have a lower weight to reduce the frequency of false | |
1885 | + * positives, such as from passive mode FTP transfers. | |
1886 | + */ | |
1887 | +#define PORT_WEIGHT_PRIV 3 | |
1888 | +#define PORT_WEIGHT_HIGH 1 | |
1889 | + | |
1890 | +/* | |
1891 | + * Port scan detection thresholds: at least COUNT ports need to be scanned | |
1892 | + * from the same source, with no longer than DELAY ticks between ports. | |
1893 | + */ | |
1894 | +#define SCAN_MIN_COUNT 7 | |
1895 | +#define SCAN_MAX_COUNT (SCAN_MIN_COUNT * PORT_WEIGHT_PRIV) | |
1896 | +#define SCAN_WEIGHT_THRESHOLD SCAN_MAX_COUNT | |
1897 | +#define SCAN_DELAY_THRESHOLD (HZ * 3) | |
1898 | + | |
1899 | +/* | |
1900 | + * Keep track of up to LIST_SIZE source addresses, using a hash table of | |
1901 | + * HASH_SIZE entries for faster lookups, but limiting hash collisions to | |
1902 | + * HASH_MAX source addresses per the same hash value. | |
1903 | + */ | |
1904 | +#define LIST_SIZE 0x100 | |
1905 | +#define HASH_LOG 9 | |
1906 | +#define HASH_SIZE (1 << HASH_LOG) | |
1907 | +#define HASH_MAX 0x10 | |
1908 | + | |
1909 | +struct ipt_psd_info { | |
1910 | + unsigned int weight_threshold; | |
1911 | + unsigned int delay_threshold; | |
1912 | + unsigned short lo_ports_weight; | |
1913 | + unsigned short hi_ports_weight; | |
1914 | +}; | |
1915 | + | |
1916 | +#endif /*_IPT_PSD_H*/ | |
1917 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_quota.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_quota.h | |
1918 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_quota.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1919 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_quota.h 2003-12-11 10:23:35.183589256 +0100 |
4130fc20 | 1920 | @@ -0,0 +1,11 @@ |
1921 | +#ifndef _IPT_QUOTA_H | |
1922 | +#define _IPT_QUOTA_H | |
1923 | + | |
1924 | +/* print debug info in both kernel/netfilter module & iptable library */ | |
1925 | +//#define DEBUG_IPT_QUOTA | |
1926 | + | |
1927 | +struct ipt_quota_info { | |
1928 | + u_int64_t quota; | |
1929 | +}; | |
1930 | + | |
1931 | +#endif /*_IPT_QUOTA_H*/ | |
1932 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_random.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_random.h | |
1933 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_random.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1934 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_random.h 2003-12-11 10:23:37.415249992 +0100 |
4130fc20 | 1935 | @@ -0,0 +1,11 @@ |
1936 | +#ifndef _IPT_RAND_H | |
1937 | +#define _IPT_RAND_H | |
1938 | + | |
1939 | +#include <linux/param.h> | |
1940 | +#include <linux/types.h> | |
1941 | + | |
1942 | +struct ipt_rand_info { | |
1943 | + u_int8_t average; | |
1944 | +}; | |
1945 | + | |
1946 | +#endif /*_IPT_RAND_H*/ | |
1947 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_realm.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_realm.h | |
1948 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_realm.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1949 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_realm.h 2003-12-11 10:23:38.552077168 +0100 |
4130fc20 | 1950 | @@ -0,0 +1,9 @@ |
1951 | +#ifndef _IPT_REALM_H | |
1952 | +#define _IPT_REALM_H | |
1953 | + | |
1954 | +struct ipt_realm_info { | |
1955 | + u_int32_t id; | |
1956 | + u_int32_t mask; | |
1957 | + u_int8_t invert; | |
1958 | +}; | |
1959 | +#endif /*_IPT_REALM_H*/ | |
1960 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_REJECT.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_REJECT.h | |
1961 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_REJECT.h 2003-11-26 21:45:21.000000000 +0100 | |
0c98d228 | 1962 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_REJECT.h 2003-12-11 10:24:13.907702296 +0100 |
4130fc20 | 1963 | @@ -15,6 +15,7 @@ |
1964 | ||
1965 | struct ipt_reject_info { | |
1966 | enum ipt_reject_with with; /* reject type */ | |
1967 | + u_int8_t fake_source_address; /* 1: fake src addr with original packet dest, 0: no fake */ | |
1968 | }; | |
1969 | ||
1970 | -#endif /*_IPT_REJECT_H*/ | |
1971 | +#endif /* _IPT_REJECT_H */ | |
1972 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_ROUTE.h | |
1973 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_ROUTE.h 1970-01-01 01:00:00.000000000 +0100 | |
0c98d228 | 1974 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_ROUTE.h 2003-12-11 10:24:02.013510488 +0100 |
4130fc20 | 1975 | @@ -0,0 +1,22 @@ |
1976 | +/* Header file for iptables ipt_ROUTE target | |
1977 | + * | |
1978 |