]>
Commit | Line | Data |
---|---|---|
0166a474 | 1 | Netfilter SNAP 20040518 |
2 | included: | |
3 | PENDING/expect-evict-order | |
4 | PENDING/init_conntrack-optimize | |
5 | PENDING/ipt_helper-invert-fix | |
6 | PENDING/nf-log | |
7 | PENDING/nf_reset | |
8 | PENDING/orphaned-expect-fix | |
9 | PENDING/proc-no-internal-targets | |
10 | BASE/HOPLIMIT | |
11 | BASE/IPV4OPTSSTRING | |
12 | BASE/NETLINK // fix socket -> sk_socket | |
13 | BASE/REJECT | |
14 | BASE/TTL | |
15 | BASE/connlimit | |
16 | BASE/dstlimit | |
17 | BASE/fuzzy | |
18 | BASE/ipv4options | |
19 | BASE/mport | |
20 | BASE/nth | |
21 | BASE/osf // fix socket -> sk_socket | |
22 | BASE/pool // added EXPORT_SYMBOL(ip_pool_mod, ip_pool_match) | |
23 | BASE/psd | |
24 | BASE/quota | |
25 | BASE/random | |
26 | BASE/realm | |
27 | BASE/sctp | |
28 | BASE/time | |
29 | BASE/u32 | |
30 | EXTRA/CONNMARK | |
31 | EXTRA/IPMARK | |
32 | EXTRA/ROUTE | |
33 | EXTRA/TARPIT // fix Makefile.ladd and req patch for 2.6 | |
34 | EXTRA/TRACE | |
35 | EXTRA/XOR | |
36 | EXTRA/addrtype | |
37 | EXTRA/eggdrop-conntrack | |
38 | EXTRA/h323-conntrack-nat | |
39 | EXTRA/ipsec-01-output-hooks | |
40 | EXTRA/ipsec-02-input-hooks | |
41 | EXTRA/ipsec-03-policy-lookup | |
42 | EXTRA/ipsec-04-policy-check | |
43 | EXTRA/ipt_helper-any | |
44 | EXTRA/mms-conntrack-nat | |
45 | EXTRA/owner-socketlookup | |
46 | EXTRA/ownercmd | |
47 | EXTRA/policy | |
48 | EXTRA/quake3-conntrack-nat | |
49 | EXTRA/rsh | |
50 | EXTRA/rtsp-conntrack | |
51 | EXTRA/sctp-conntrack-nat | |
2540e23f | 52 | EXTRA/string // required unclean module - included - req fix |
0166a474 | 53 | EXTRA/talk-conntrack-nat |
54 | ||
55 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter.h linux-2.6.6/include/linux/netfilter.h | |
56 | --- linux-2.6.6.org/include/linux/netfilter.h 2004-05-10 04:32:37.000000000 +0200 | |
2540e23f | 57 | +++ linux-2.6.6/include/linux/netfilter.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 58 | @@ -23,6 +23,7 @@ |
59 | <= 0x2000 is used for protocol-flags. */ | |
60 | #define NFC_UNKNOWN 0x4000 | |
61 | #define NFC_ALTERED 0x8000 | |
62 | +#define NFC_TRACE 0x10000 | |
63 | ||
64 | #ifdef __KERNEL__ | |
65 | #include <linux/config.h> | |
66 | @@ -137,12 +138,14 @@ | |
67 | /* This is gross, but inline doesn't cut it for avoiding the function | |
68 | call in fast path: gcc doesn't inline (needs value tracking?). --RR */ | |
69 | #ifdef CONFIG_NETFILTER_DEBUG | |
70 | -#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ | |
71 | - nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN) | |
72 | +#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \ | |
73 | +(!(cond) \ | |
74 | + ? (okfn)(skb) \ | |
75 | + : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN)) | |
76 | #define NF_HOOK_THRESH nf_hook_slow | |
77 | #else | |
78 | -#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ | |
79 | -(list_empty(&nf_hooks[(pf)][(hook)]) \ | |
80 | +#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \ | |
81 | +(!(cond) || list_empty(&nf_hooks[(pf)][(hook)]) \ | |
82 | ? (okfn)(skb) \ | |
83 | : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN)) | |
84 | #define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \ | |
85 | @@ -150,6 +153,8 @@ | |
86 | ? (okfn)(skb) \ | |
87 | : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), (thresh))) | |
88 | #endif | |
89 | +#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ | |
90 | + NF_HOOK_COND((pf), (hook), (skb), (indev), (outdev), (okfn), 1) | |
91 | ||
92 | int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb, | |
93 | struct net_device *indev, struct net_device *outdev, | |
94 | @@ -182,7 +187,24 @@ | |
95 | ||
96 | #else /* !CONFIG_NETFILTER */ | |
97 | #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) | |
98 | +#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) (okfn)(skb) | |
99 | #endif /*CONFIG_NETFILTER*/ | |
100 | ||
101 | +#ifdef CONFIG_XFRM | |
102 | +#ifdef CONFIG_IP_NF_NAT_NEEDED | |
103 | +struct flowi; | |
104 | +extern void nf_nat_decode_session4(struct sk_buff *skb, struct flowi *fl); | |
105 | + | |
106 | +static inline void | |
107 | +nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) | |
108 | +{ | |
109 | + if (family == AF_INET) | |
110 | + nf_nat_decode_session4(skb, fl); | |
111 | +} | |
112 | +#else /* CONFIG_IP_NF_NAT_NEEDED */ | |
113 | +#define nf_nat_decode_session(skb,fl,family) | |
114 | +#endif /* CONFIG_IP_NF_NAT_NEEDED */ | |
115 | +#endif /* CONFIG_XFRM */ | |
116 | + | |
117 | #endif /*__KERNEL__*/ | |
118 | #endif /*__LINUX_NETFILTER_H*/ | |
119 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_helpers.h linux-2.6.6/include/linux/netfilter_helpers.h | |
120 | --- linux-2.6.6.org/include/linux/netfilter_helpers.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 121 | +++ linux-2.6.6/include/linux/netfilter_helpers.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 122 | @@ -0,0 +1,133 @@ |
123 | +/* | |
124 | + * Helpers for netfiler modules. This file provides implementations for basic | |
125 | + * functions such as strncasecmp(), etc. | |
126 | + * | |
127 | + * gcc will warn for defined but unused functions, so we only include the | |
128 | + * functions requested. The following macros are used: | |
129 | + * NF_NEED_STRNCASECMP nf_strncasecmp() | |
130 | + * NF_NEED_STRTOU16 nf_strtou16() | |
131 | + * NF_NEED_STRTOU32 nf_strtou32() | |
132 | + */ | |
133 | +#ifndef _NETFILTER_HELPERS_H | |
134 | +#define _NETFILTER_HELPERS_H | |
135 | + | |
136 | +/* Only include these functions for kernel code. */ | |
137 | +#ifdef __KERNEL__ | |
138 | + | |
139 | +#include <linux/ctype.h> | |
140 | +#define iseol(c) ( (c) == '\r' || (c) == '\n' ) | |
141 | + | |
142 | +/* | |
143 | + * The standard strncasecmp() | |
144 | + */ | |
145 | +#ifdef NF_NEED_STRNCASECMP | |
146 | +static int | |
147 | +nf_strncasecmp(const char* s1, const char* s2, u_int32_t len) | |
148 | +{ | |
149 | + if (s1 == NULL || s2 == NULL) | |
150 | + { | |
151 | + if (s1 == NULL && s2 == NULL) | |
152 | + { | |
153 | + return 0; | |
154 | + } | |
155 | + return (s1 == NULL) ? -1 : 1; | |
156 | + } | |
157 | + while (len > 0 && tolower(*s1) == tolower(*s2)) | |
158 | + { | |
159 | + len--; | |
160 | + s1++; | |
161 | + s2++; | |
162 | + } | |
163 | + return ( (len == 0) ? 0 : (tolower(*s1) - tolower(*s2)) ); | |
164 | +} | |
165 | +#endif /* NF_NEED_STRNCASECMP */ | |
166 | + | |
167 | +/* | |
168 | + * Parse a string containing a 16-bit unsigned integer. | |
169 | + * Returns the number of chars used, or zero if no number is found. | |
170 | + */ | |
171 | +#ifdef NF_NEED_STRTOU16 | |
172 | +static int | |
173 | +nf_strtou16(const char* pbuf, u_int16_t* pval) | |
174 | +{ | |
175 | + int n = 0; | |
176 | + | |
177 | + *pval = 0; | |
178 | + while (isdigit(pbuf[n])) | |
179 | + { | |
180 | + *pval = (*pval * 10) + (pbuf[n] - '0'); | |
181 | + n++; | |
182 | + } | |
183 | + | |
184 | + return n; | |
185 | +} | |
186 | +#endif /* NF_NEED_STRTOU16 */ | |
187 | + | |
188 | +/* | |
189 | + * Parse a string containing a 32-bit unsigned integer. | |
190 | + * Returns the number of chars used, or zero if no number is found. | |
191 | + */ | |
192 | +#ifdef NF_NEED_STRTOU32 | |
193 | +static int | |
194 | +nf_strtou32(const char* pbuf, u_int32_t* pval) | |
195 | +{ | |
196 | + int n = 0; | |
197 | + | |
198 | + *pval = 0; | |
199 | + while (pbuf[n] >= '0' && pbuf[n] <= '9') | |
200 | + { | |
201 | + *pval = (*pval * 10) + (pbuf[n] - '0'); | |
202 | + n++; | |
203 | + } | |
204 | + | |
205 | + return n; | |
206 | +} | |
207 | +#endif /* NF_NEED_STRTOU32 */ | |
208 | + | |
209 | +/* | |
210 | + * Given a buffer and length, advance to the next line and mark the current | |
211 | + * line. | |
212 | + */ | |
213 | +#ifdef NF_NEED_NEXTLINE | |
214 | +static int | |
215 | +nf_nextline(char* p, uint len, uint* poff, uint* plineoff, uint* plinelen) | |
216 | +{ | |
217 | + uint off = *poff; | |
218 | + uint physlen = 0; | |
219 | + | |
220 | + if (off >= len) | |
221 | + { | |
222 | + return 0; | |
223 | + } | |
224 | + | |
225 | + while (p[off] != '\n') | |
226 | + { | |
227 | + if (len-off <= 1) | |
228 | + { | |
229 | + return 0; | |
230 | + } | |
231 | + | |
232 | + physlen++; | |
233 | + off++; | |
234 | + } | |
235 | + | |
236 | + /* if we saw a crlf, physlen needs adjusted */ | |
237 | + if (physlen > 0 && p[off] == '\n' && p[off-1] == '\r') | |
238 | + { | |
239 | + physlen--; | |
240 | + } | |
241 | + | |
242 | + /* advance past the newline */ | |
243 | + off++; | |
244 | + | |
245 | + *plineoff = *poff; | |
246 | + *plinelen = physlen; | |
247 | + *poff = off; | |
248 | + | |
249 | + return 1; | |
250 | +} | |
251 | +#endif /* NF_NEED_NEXTLINE */ | |
252 | + | |
253 | +#endif /* __KERNEL__ */ | |
254 | + | |
255 | +#endif /* _NETFILTER_HELPERS_H */ | |
256 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack.h | |
257 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack.h 2004-05-10 04:33:20.000000000 +0200 | |
2540e23f | 258 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 259 | @@ -51,10 +51,12 @@ |
260 | ||
261 | #include <linux/netfilter_ipv4/ip_conntrack_tcp.h> | |
262 | #include <linux/netfilter_ipv4/ip_conntrack_icmp.h> | |
263 | +#include <linux/netfilter_ipv4/ip_conntrack_sctp.h> | |
264 | ||
265 | /* per conntrack: protocol private data */ | |
266 | union ip_conntrack_proto { | |
267 | /* insert conntrack proto private data here */ | |
268 | + struct ip_ct_sctp sctp; | |
269 | struct ip_ct_tcp tcp; | |
270 | struct ip_ct_icmp icmp; | |
271 | }; | |
272 | @@ -64,6 +66,11 @@ | |
273 | }; | |
274 | ||
275 | /* Add protocol helper include file here */ | |
276 | +#include <linux/netfilter_ipv4/ip_conntrack_talk.h> | |
277 | +#include <linux/netfilter_ipv4/ip_conntrack_rtsp.h> | |
278 | +#include <linux/netfilter_ipv4/ip_conntrack_rsh.h> | |
279 | +#include <linux/netfilter_ipv4/ip_conntrack_mms.h> | |
280 | +#include <linux/netfilter_ipv4/ip_conntrack_h323.h> | |
281 | #include <linux/netfilter_ipv4/ip_conntrack_amanda.h> | |
282 | #include <linux/netfilter_ipv4/ip_conntrack_ftp.h> | |
283 | #include <linux/netfilter_ipv4/ip_conntrack_irc.h> | |
284 | @@ -71,6 +78,11 @@ | |
285 | /* per expectation: application helper private data */ | |
286 | union ip_conntrack_expect_help { | |
287 | /* insert conntrack helper private data (expect) here */ | |
288 | + struct ip_ct_talk_expect exp_talk_info; | |
289 | + struct ip_ct_rtsp_expect exp_rtsp_info; | |
290 | + struct ip_ct_rsh_expect exp_rsh_info; | |
291 | + struct ip_ct_mms_expect exp_mms_info; | |
292 | + struct ip_ct_h225_expect exp_h225_info; | |
293 | struct ip_ct_amanda_expect exp_amanda_info; | |
294 | struct ip_ct_ftp_expect exp_ftp_info; | |
295 | struct ip_ct_irc_expect exp_irc_info; | |
296 | @@ -85,6 +97,11 @@ | |
297 | /* per conntrack: application helper private data */ | |
298 | union ip_conntrack_help { | |
299 | /* insert conntrack helper private data (master) here */ | |
300 | + struct ip_ct_talk_master ct_talk_info; | |
301 | + struct ip_ct_rtsp_master ct_rtsp_info; | |
302 | + struct ip_ct_rsh_master ct_rsh_info; | |
303 | + struct ip_ct_mms_master ct_mms_info; | |
304 | + struct ip_ct_h225_master ct_h225_info; | |
305 | struct ip_ct_ftp_master ct_ftp_info; | |
306 | struct ip_ct_irc_master ct_irc_info; | |
307 | }; | |
308 | @@ -207,6 +224,10 @@ | |
309 | } nat; | |
310 | #endif /* CONFIG_IP_NF_NAT_NEEDED */ | |
311 | ||
312 | +#if defined(CONFIG_IP_NF_CONNTRACK_MARK) | |
313 | + unsigned long mark; | |
314 | +#endif | |
315 | + | |
316 | }; | |
317 | ||
318 | /* get master conntrack via master expectation */ | |
319 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_h323.h | |
320 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 321 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 322 | @@ -0,0 +1,31 @@ |
323 | +#ifndef _IP_CONNTRACK_H323_H | |
324 | +#define _IP_CONNTRACK_H323_H | |
325 | +/* H.323 connection tracking. */ | |
326 | + | |
327 | +#ifdef __KERNEL__ | |
328 | +/* Protects H.323 related data */ | |
329 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
330 | +DECLARE_LOCK_EXTERN(ip_h323_lock); | |
331 | +#endif | |
332 | + | |
333 | +/* Default H.225 port */ | |
334 | +#define H225_PORT 1720 | |
335 | + | |
336 | +/* This structure is per expected connection */ | |
337 | +struct ip_ct_h225_expect { | |
338 | + u_int16_t port; /* Port of the H.225 helper/RTCP/RTP channel */ | |
339 | + enum ip_conntrack_dir dir; /* Direction of the original connection */ | |
340 | + unsigned int offset; /* offset of the address in the payload */ | |
341 | +}; | |
342 | + | |
343 | +/* This structure exists only once per master */ | |
344 | +struct ip_ct_h225_master { | |
345 | + int is_h225; /* H.225 or H.245 connection */ | |
346 | +#ifdef CONFIG_IP_NF_NAT_NEEDED | |
347 | + enum ip_conntrack_dir dir; /* Direction of the original connection */ | |
348 | + u_int32_t seq[IP_CT_DIR_MAX]; /* Exceptional packet mangling for signal addressess... */ | |
349 | + unsigned int offset[IP_CT_DIR_MAX]; /* ...and the offset of the addresses in the payload */ | |
350 | +#endif | |
351 | +}; | |
352 | + | |
353 | +#endif /* _IP_CONNTRACK_H323_H */ | |
354 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_mms.h | |
355 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 356 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 357 | @@ -0,0 +1,31 @@ |
358 | +#ifndef _IP_CONNTRACK_MMS_H | |
359 | +#define _IP_CONNTRACK_MMS_H | |
360 | +/* MMS tracking. */ | |
361 | + | |
362 | +#ifdef __KERNEL__ | |
363 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
364 | + | |
365 | +DECLARE_LOCK_EXTERN(ip_mms_lock); | |
366 | + | |
367 | +#define MMS_PORT 1755 | |
368 | +#define MMS_SRV_MSG_ID 196610 | |
369 | + | |
370 | +#define MMS_SRV_MSG_OFFSET 36 | |
371 | +#define MMS_SRV_UNICODE_STRING_OFFSET 60 | |
372 | +#define MMS_SRV_CHUNKLENLV_OFFSET 16 | |
373 | +#define MMS_SRV_CHUNKLENLM_OFFSET 32 | |
374 | +#define MMS_SRV_MESSAGELENGTH_OFFSET 8 | |
375 | +#endif | |
376 | + | |
377 | +/* This structure is per expected connection */ | |
378 | +struct ip_ct_mms_expect { | |
379 | + u_int32_t len; | |
380 | + u_int32_t padding; | |
381 | + u_int16_t port; | |
382 | +}; | |
383 | + | |
384 | +/* This structure exists only once per master */ | |
385 | +struct ip_ct_mms_master { | |
386 | +}; | |
387 | + | |
388 | +#endif /* _IP_CONNTRACK_MMS_H */ | |
389 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_quake3.h | |
390 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 391 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 392 | @@ -0,0 +1,21 @@ |
393 | +#ifndef _IP_CT_QUAKE3 | |
394 | +#define _IP_CT_QUAKE3 | |
395 | + | |
396 | +/* Don't confuse with 27960, often used as the Server Port */ | |
397 | +#define QUAKE3_MASTER_PORT 27950 | |
398 | + | |
399 | +struct quake3_search { | |
400 | + const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */ | |
401 | + const char *pattern; | |
402 | + size_t plen; | |
403 | +}; | |
404 | + | |
405 | +/* This structure is per expected connection */ | |
406 | +struct ip_ct_quake3_expect { | |
407 | +}; | |
408 | + | |
409 | +/* This structure exists only once per master */ | |
410 | +struct ip_ct_quake3_master { | |
411 | +}; | |
412 | + | |
413 | +#endif /* _IP_CT_QUAKE3 */ | |
414 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_rsh.h linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_rsh.h | |
415 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 416 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 417 | @@ -0,0 +1,35 @@ |
418 | +/* RSH extension for IP connection tracking, Version 1.0 | |
419 | + * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au> | |
420 | + * based on HW's ip_conntrack_irc.c | |
421 | + * | |
422 | + * ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26 | |
423 | + * | |
424 | + * This program is free software; you can redistribute it and/or | |
425 | + * modify it under the terms of the GNU General Public License | |
426 | + * as published by the Free Software Foundation; either version | |
427 | + * 2 of the License, or (at your option) any later version. | |
428 | + */ | |
429 | +#ifndef _IP_CONNTRACK_RSH_H | |
430 | +#define _IP_CONNTRACK_RSH_H | |
431 | + | |
432 | +#ifdef __KERNEL__ | |
433 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
434 | + | |
435 | +DECLARE_LOCK_EXTERN(ip_rsh_lock); | |
436 | +#endif | |
437 | + | |
438 | + | |
439 | +#define RSH_PORT 514 | |
440 | + | |
441 | +/* This structure is per expected connection */ | |
442 | +struct ip_ct_rsh_expect | |
443 | +{ | |
444 | + u_int16_t port; | |
445 | +}; | |
446 | + | |
447 | +/* This structure exists only once per master */ | |
448 | +struct ip_ct_rsh_master { | |
449 | +}; | |
450 | + | |
451 | +#endif /* _IP_CONNTRACK_RSH_H */ | |
452 | + | |
453 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h | |
454 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 455 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 456 | @@ -0,0 +1,68 @@ |
457 | +/* | |
458 | + * RTSP extension for IP connection tracking. | |
459 | + * (C) 2003 by Tom Marshall <tmarshall@real.com> | |
460 | + * based on ip_conntrack_irc.h | |
461 | + * | |
462 | + * This program is free software; you can redistribute it and/or | |
463 | + * modify it under the terms of the GNU General Public License | |
464 | + * as published by the Free Software Foundation; either version | |
465 | + * 2 of the License, or (at your option) any later version. | |
466 | + */ | |
467 | +#ifndef _IP_CONNTRACK_RTSP_H | |
468 | +#define _IP_CONNTRACK_RTSP_H | |
469 | + | |
470 | +/* #define IP_NF_RTSP_DEBUG */ | |
471 | +#define IP_NF_RTSP_VERSION "0.01" | |
472 | + | |
473 | +/* port block types */ | |
474 | +typedef enum { | |
475 | + pb_single, /* client_port=x */ | |
476 | + pb_range, /* client_port=x-y */ | |
477 | + pb_discon /* client_port=x/y (rtspbis) */ | |
478 | +} portblock_t; | |
479 | + | |
480 | +/* We record seq number and length of rtsp headers here, all in host order. */ | |
481 | + | |
482 | +/* | |
483 | + * This structure is per expected connection. It is a member of struct | |
484 | + * ip_conntrack_expect. The TCP SEQ for the conntrack expect is stored | |
485 | + * there and we are expected to only store the length of the data which | |
486 | + * needs replaced. If a packet contains multiple RTSP messages, we create | |
487 | + * one expected connection per message. | |
488 | + * | |
489 | + * We use these variables to mark the entire header block. This may seem | |
490 | + * like overkill, but the nature of RTSP requires it. A header may appear | |
491 | + * multiple times in a message. We must treat two Transport headers the | |
492 | + * same as one Transport header with two entries. | |
493 | + */ | |
494 | +struct ip_ct_rtsp_expect | |
495 | +{ | |
496 | + u_int32_t len; /* length of header block */ | |
497 | + portblock_t pbtype; /* Type of port block that was requested */ | |
498 | + u_int16_t loport; /* Port that was requested, low or first */ | |
499 | + u_int16_t hiport; /* Port that was requested, high or second */ | |
500 | +#if 0 | |
501 | + uint method; /* RTSP method */ | |
502 | + uint cseq; /* CSeq from request */ | |
503 | +#endif | |
504 | +}; | |
505 | + | |
506 | +/* This structure exists only once per master */ | |
507 | +struct ip_ct_rtsp_master | |
508 | +{ | |
509 | + /* Empty (?) */ | |
510 | +}; | |
511 | + | |
512 | + | |
513 | +#ifdef __KERNEL__ | |
514 | + | |
515 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
516 | + | |
517 | +#define RTSP_PORT 554 | |
518 | + | |
519 | +/* Protects rtsp part of conntracks */ | |
520 | +DECLARE_LOCK_EXTERN(ip_rtsp_lock); | |
521 | + | |
522 | +#endif /* __KERNEL__ */ | |
523 | + | |
524 | +#endif /* _IP_CONNTRACK_RTSP_H */ | |
525 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_sctp.h linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_sctp.h | |
526 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 527 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 528 | @@ -0,0 +1,25 @@ |
529 | +#ifndef _IP_CONNTRACK_SCTP_H | |
530 | +#define _IP_CONNTRACK_SCTP_H | |
531 | +/* SCTP tracking. */ | |
532 | + | |
533 | +enum sctp_conntrack { | |
534 | + SCTP_CONNTRACK_NONE, | |
535 | + SCTP_CONNTRACK_CLOSED, | |
536 | + SCTP_CONNTRACK_COOKIE_WAIT, | |
537 | + SCTP_CONNTRACK_COOKIE_ECHOED, | |
538 | + SCTP_CONNTRACK_ESTABLISHED, | |
539 | + SCTP_CONNTRACK_SHUTDOWN_SENT, | |
540 | + SCTP_CONNTRACK_SHUTDOWN_RECD, | |
541 | + SCTP_CONNTRACK_SHUTDOWN_ACK_SENT, | |
542 | + SCTP_CONNTRACK_MAX | |
543 | +}; | |
544 | + | |
545 | +struct ip_ct_sctp | |
546 | +{ | |
547 | + enum sctp_conntrack state; | |
548 | + | |
549 | + u_int32_t vtag[IP_CT_DIR_MAX]; | |
550 | + u_int32_t ttag[IP_CT_DIR_MAX]; | |
551 | +}; | |
552 | + | |
553 | +#endif /* _IP_CONNTRACK_SCTP_H */ | |
554 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_talk.h | |
555 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 556 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 557 | @@ -0,0 +1,152 @@ |
558 | +#ifndef _IP_CONNTRACK_TALK_H | |
559 | +#define _IP_CONNTRACK_TALK_H | |
560 | +/* TALK tracking. */ | |
561 | + | |
562 | +#ifdef __KERNEL__ | |
563 | +#include <linux/in.h> | |
564 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
565 | + | |
566 | +/* Protects talk part of conntracks */ | |
567 | +DECLARE_LOCK_EXTERN(ip_talk_lock); | |
568 | +#endif | |
569 | + | |
570 | + | |
571 | +#define TALK_PORT 517 | |
572 | +#define NTALK_PORT 518 | |
573 | + | |
574 | +/* talk structures and constants from <protocols/talkd.h> */ | |
575 | + | |
576 | +/* | |
577 | + * 4.3BSD struct sockaddr | |
578 | + */ | |
579 | +struct talk_addr { | |
580 | + u_int16_t ta_family; | |
581 | + u_int16_t ta_port; | |
582 | + u_int32_t ta_addr; | |
583 | + u_int32_t ta_junk1; | |
584 | + u_int32_t ta_junk2; | |
585 | +}; | |
586 | + | |
587 | +#define TALK_OLD_NSIZE 9 | |
588 | +#define TALK_NSIZE 12 | |
589 | +#define TALK_TTY_NSIZE 16 | |
590 | + | |
591 | +/* | |
592 | + * Client->server request message formats. | |
593 | + */ | |
594 | +struct talk_msg { | |
595 | + u_char type; /* request type, see below */ | |
596 | + char l_name[TALK_OLD_NSIZE];/* caller's name */ | |
597 | + char r_name[TALK_OLD_NSIZE];/* callee's name */ | |
598 | + u_char pad; | |
599 | + u_int32_t id_num; /* message id */ | |
600 | + int32_t pid; /* caller's process id */ | |
601 | + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */ | |
602 | + struct talk_addr addr; /* old (4.3) style */ | |
603 | + struct talk_addr ctl_addr; /* old (4.3) style */ | |
604 | +}; | |
605 | + | |
606 | +struct ntalk_msg { | |
607 | + u_char vers; /* protocol version */ | |
608 | + u_char type; /* request type, see below */ | |
609 | + u_char answer; /* not used */ | |
610 | + u_char pad; | |
611 | + u_int32_t id_num; /* message id */ | |
612 | + struct talk_addr addr; /* old (4.3) style */ | |
613 | + struct talk_addr ctl_addr; /* old (4.3) style */ | |
614 | + int32_t pid; /* caller's process id */ | |
615 | + char l_name[TALK_NSIZE];/* caller's name */ | |
616 | + char r_name[TALK_NSIZE];/* callee's name */ | |
617 | + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */ | |
618 | +}; | |
619 | + | |
620 | +struct ntalk2_msg { | |
621 | + u_char vers; /* talk protocol version */ | |
622 | + u_char type; /* request type */ | |
623 | + u_char answer; /* */ | |
624 | + u_char extended; /* !0 if additional parts */ | |
625 | + u_int32_t id_num; /* message id number (dels) */ | |
626 | + struct talk_addr addr; /* target address */ | |
627 | + struct talk_addr ctl_addr; /* reply to address */ | |
628 | + int32_t pid; /* caller's process id */ | |
629 | + char l_name[TALK_NSIZE]; /* caller's name */ | |
630 | + char r_name[TALK_NSIZE]; /* callee's name */ | |
631 | + char r_tty[TALK_TTY_NSIZE]; /* callee's tty */ | |
632 | +}; | |
633 | + | |
634 | +/* | |
635 | + * Server->client response message formats. | |
636 | + */ | |
637 | +struct talk_response { | |
638 | + u_char type; /* type of request message, see below */ | |
639 | + u_char answer; /* response to request message, see below */ | |
640 | + u_char pad[2]; | |
641 | + u_int32_t id_num; /* message id */ | |
642 | + struct talk_addr addr; /* address for establishing conversation */ | |
643 | +}; | |
644 | + | |
645 | +struct ntalk_response { | |
646 | + u_char vers; /* protocol version */ | |
647 | + u_char type; /* type of request message, see below */ | |
648 | + u_char answer; /* response to request message, see below */ | |
649 | + u_char pad; | |
650 | + u_int32_t id_num; /* message id */ | |
651 | + struct talk_addr addr; /* address for establishing conversation */ | |
652 | +}; | |
653 | + | |
654 | +struct ntalk2_response { | |
655 | + u_char vers; /* protocol version */ | |
656 | + u_char type; /* type of request message */ | |
657 | + u_char answer; /* response to request */ | |
658 | + u_char rvers; /* Version of answering vers*/ | |
659 | + u_int32_t id_num; /* message id number */ | |
660 | + struct talk_addr addr; /* address for connection */ | |
661 | + /* This is at the end to compatiblize this with NTALK version. */ | |
662 | + char r_name[TALK_NSIZE]; /* callee's name */ | |
663 | +}; | |
664 | + | |
665 | +#define TALK_STR(data, talk_str, member) ((struct talk_str *)data)->member) | |
666 | +#define TALK_RESP(data, ver, member) (ver ? ((struct ntalk_response *)data)->member : ((struct talk_response *)data)->member) | |
667 | +#define TALK_MSG(data, ver, member) (ver ? ((struct ntalk_msg *)data)->member : ((struct talk_msg *)data)->member) | |
668 | + | |
669 | +#define TALK_VERSION 0 /* protocol versions */ | |
670 | +#define NTALK_VERSION 1 | |
671 | +#define NTALK2_VERSION 2 | |
672 | + | |
673 | +/* message type values */ | |
674 | +#define LEAVE_INVITE 0 /* leave invitation with server */ | |
675 | +#define LOOK_UP 1 /* check for invitation by callee */ | |
676 | +#define DELETE 2 /* delete invitation by caller */ | |
677 | +#define ANNOUNCE 3 /* announce invitation by caller */ | |
678 | +/* NTALK2 */ | |
679 | +#define REPLY_QUERY 4 /* request reply data from local daemon */ | |
680 | + | |
681 | +/* answer values */ | |
682 | +#define SUCCESS 0 /* operation completed properly */ | |
683 | +#define NOT_HERE 1 /* callee not logged in */ | |
684 | +#define FAILED 2 /* operation failed for unexplained reason */ | |
685 | +#define MACHINE_UNKNOWN 3 /* caller's machine name unknown */ | |
686 | +#define PERMISSION_DENIED 4 /* callee's tty doesn't permit announce */ | |
687 | +#define UNKNOWN_REQUEST 5 /* request has invalid type value */ | |
688 | +#define BADVERSION 6 /* request has invalid protocol version */ | |
689 | +#define BADADDR 7 /* request has invalid addr value */ | |
690 | +#define BADCTLADDR 8 /* request has invalid ctl_addr value */ | |
691 | +/* NTALK2 */ | |
692 | +#define NO_CALLER 9 /* no-one calling answer from REPLY */ | |
693 | +#define TRY_HERE 10 /* Not on this machine, try this */ | |
694 | +#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */ | |
695 | +#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */ | |
696 | + | |
697 | +/* We don't really need much for talk */ | |
698 | +struct ip_ct_talk_expect | |
699 | +{ | |
700 | + /* Port that was to be used */ | |
701 | + u_int16_t port; | |
702 | +}; | |
703 | + | |
704 | +/* This structure exists only once per master */ | |
705 | +struct ip_ct_talk_master | |
706 | +{ | |
707 | +}; | |
708 | + | |
709 | +#endif /* _IP_CONNTRACK_TALK_H */ | |
710 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_tuple.h | |
711 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-05-10 04:32:54.000000000 +0200 | |
2540e23f | 712 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 713 | @@ -25,6 +25,9 @@ |
714 | struct { | |
715 | u_int16_t id; | |
716 | } icmp; | |
717 | + struct { | |
718 | + u_int16_t port; | |
719 | + } sctp; | |
720 | }; | |
721 | ||
722 | /* The manipulable part of the tuple. */ | |
723 | @@ -55,6 +58,9 @@ | |
724 | struct { | |
725 | u_int8_t type, code; | |
726 | } icmp; | |
727 | + struct { | |
728 | + u_int16_t port; | |
729 | + } sctp; | |
730 | } u; | |
731 | ||
732 | /* The protocol. */ | |
733 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_pool.h linux-2.6.6/include/linux/netfilter_ipv4/ip_pool.h | |
734 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_pool.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 735 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_pool.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 736 | @@ -0,0 +1,64 @@ |
737 | +#ifndef _IP_POOL_H | |
738 | +#define _IP_POOL_H | |
739 | + | |
740 | +/***************************************************************************/ | |
741 | +/* This program is free software; you can redistribute it and/or modify */ | |
742 | +/* it under the terms of the GNU General Public License as published by */ | |
743 | +/* the Free Software Foundation; either version 2 of the License, or */ | |
744 | +/* (at your option) any later version. */ | |
745 | +/* */ | |
746 | +/* This program is distributed in the hope that it will be useful, */ | |
747 | +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ | |
748 | +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ | |
749 | +/* GNU General Public License for more details. */ | |
750 | +/* */ | |
751 | +/* You should have received a copy of the GNU General Public License */ | |
752 | +/* along with this program; if not, write to the Free Software */ | |
753 | +/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/ | |
754 | +/***************************************************************************/ | |
755 | + | |
756 | +/* A sockopt of such quality has hardly ever been seen before on the open | |
757 | + * market! This little beauty, hardly ever used: above 64, so it's | |
758 | + * traditionally used for firewalling, not touched (even once!) by the | |
759 | + * 2.0, 2.2 and 2.4 kernels! | |
760 | + * | |
761 | + * Comes with its own certificate of authenticity, valid anywhere in the | |
762 | + * Free world! | |
763 | + * | |
764 | + * Rusty, 19.4.2000 | |
765 | + */ | |
766 | +#define SO_IP_POOL 81 | |
767 | + | |
768 | +typedef int ip_pool_t; /* pool index */ | |
769 | +#define IP_POOL_NONE ((ip_pool_t)-1) | |
770 | + | |
771 | +struct ip_pool_request { | |
772 | + int op; | |
773 | + ip_pool_t index; | |
774 | + u_int32_t addr; | |
775 | + u_int32_t addr2; | |
776 | +}; | |
777 | + | |
778 | +/* NOTE: I deliberately break the first cut ippool utility. Nobody uses it. */ | |
779 | + | |
780 | +#define IP_POOL_BAD001 0x00000010 | |
781 | + | |
782 | +#define IP_POOL_FLUSH 0x00000011 /* req.index, no arguments */ | |
783 | +#define IP_POOL_INIT 0x00000012 /* from addr to addr2 incl. */ | |
784 | +#define IP_POOL_DESTROY 0x00000013 /* req.index, no arguments */ | |
785 | +#define IP_POOL_ADD_ADDR 0x00000014 /* add addr to pool */ | |
786 | +#define IP_POOL_DEL_ADDR 0x00000015 /* del addr from pool */ | |
787 | +#define IP_POOL_HIGH_NR 0x00000016 /* result in req.index */ | |
788 | +#define IP_POOL_LOOKUP 0x00000017 /* result in addr and addr2 */ | |
789 | +#define IP_POOL_USAGE 0x00000018 /* result in addr */ | |
790 | +#define IP_POOL_TEST_ADDR 0x00000019 /* result (0/1) returned */ | |
791 | + | |
792 | +#ifdef __KERNEL__ | |
793 | + | |
794 | +/* NOTE: ip_pool_match() and ip_pool_mod() expect ADDR to be host byte order */ | |
795 | +extern int ip_pool_match(ip_pool_t pool, u_int32_t addr); | |
796 | +extern int ip_pool_mod(ip_pool_t pool, u_int32_t addr, int isdel); | |
797 | + | |
798 | +#endif | |
799 | + | |
800 | +#endif /*_IP_POOL_H*/ | |
801 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ip_tables.h linux-2.6.6/include/linux/netfilter_ipv4/ip_tables.h | |
802 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ip_tables.h 2004-05-10 04:32:37.000000000 +0200 | |
2540e23f | 803 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ip_tables.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 804 | @@ -104,7 +104,8 @@ |
805 | ||
806 | /* Values for "flag" field in struct ipt_ip (general ip structure). */ | |
807 | #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ | |
808 | -#define IPT_F_MASK 0x01 /* All possible flag bits mask. */ | |
809 | +#define IPT_F_GOTO 0x02 /* Set if jump is a goto */ | |
810 | +#define IPT_F_MASK 0x03 /* All possible flag bits mask. */ | |
811 | ||
812 | /* Values for "inv" field in struct ipt_ip. */ | |
813 | #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ | |
814 | @@ -134,6 +135,12 @@ | |
815 | /* Back pointer */ | |
816 | unsigned int comefrom; | |
817 | ||
818 | + /* Name of the chain */ | |
819 | + char *chainname; | |
820 | + | |
821 | + /* Rule number in the chain. */ | |
822 | + u_int32_t rulenum; | |
823 | + | |
824 | /* Packet and byte counters. */ | |
825 | struct ipt_counters counters; | |
826 | ||
827 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-2.6.6/include/linux/netfilter_ipv4/ipt_CONNMARK.h | |
828 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 829 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 830 | @@ -0,0 +1,25 @@ |
831 | +#ifndef _IPT_CONNMARK_H_target | |
832 | +#define _IPT_CONNMARK_H_target | |
833 | + | |
834 | +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> | |
835 | + * by Henrik Nordstrom <hno@marasystems.com> | |
836 | + * | |
837 | + * This program is free software; you can redistribute it and/or modify | |
838 | + * it under the terms of the GNU General Public License as published by | |
839 | + * the Free Software Foundation; either version 2 of the License, or | |
840 | + * (at your option) any later version. | |
841 | + */ | |
842 | + | |
843 | +enum { | |
844 | + IPT_CONNMARK_SET = 0, | |
845 | + IPT_CONNMARK_SAVE, | |
846 | + IPT_CONNMARK_RESTORE | |
847 | +}; | |
848 | + | |
849 | +struct ipt_connmark_target_info { | |
850 | + unsigned long mark; | |
851 | + unsigned long mask; | |
852 | + u_int8_t mode; | |
853 | +}; | |
854 | + | |
855 | +#endif /*_IPT_CONNMARK_H_target*/ | |
856 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-2.6.6/include/linux/netfilter_ipv4/ipt_IPMARK.h | |
857 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 858 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ipt_IPMARK.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 859 | @@ -0,0 +1,13 @@ |
860 | +#ifndef _IPT_IPMARK_H_target | |
861 | +#define _IPT_IPMARK_H_target | |
862 | + | |
863 | +struct ipt_ipmark_target_info { | |
864 | + unsigned long andmask; | |
865 | + unsigned long ormask; | |
866 | + unsigned int addr; | |
867 | +}; | |
868 | + | |
869 | +#define IPT_IPMARK_SRC 0 | |
870 | +#define IPT_IPMARK_DST 1 | |
871 | + | |
872 | +#endif /*_IPT_IPMARK_H_target*/ | |
873 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ipt_MARK.h linux-2.6.6/include/linux/netfilter_ipv4/ipt_MARK.h | |
874 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ipt_MARK.h 2004-05-10 04:32:26.000000000 +0200 | |
2540e23f | 875 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ipt_MARK.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 876 | @@ -1,8 +1,15 @@ |
877 | #ifndef _IPT_MARK_H_target | |
878 | #define _IPT_MARK_H_target | |
879 | ||
880 | +enum { | |
881 | + IPT_MARK_SET, | |
882 | + IPT_MARK_AND, | |
883 | + IPT_MARK_OR | |
884 | +}; | |
885 | + | |
886 | struct ipt_mark_target_info { | |
887 | unsigned long mark; | |
888 | + u_int8_t mode; | |
889 | }; | |
890 | ||
891 | #endif /*_IPT_MARK_H_target*/ | |
892 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ipt_NETLINK.h linux-2.6.6/include/linux/netfilter_ipv4/ipt_NETLINK.h | |
893 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ipt_NETLINK.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 894 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ipt_NETLINK.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 895 | @@ -0,0 +1,27 @@ |
896 | +#ifndef _IPT_FWMON_H | |
897 | +#define _IPT_FWMON_H | |
898 | + | |
899 | +/* Bitmask macros */ | |
900 | +#define MASK(x,y) (x & y) | |
901 | +#define MASK_SET(x,y) x |= y | |
902 | +#define MASK_UNSET(x,y) x &= ~y | |
903 | + | |
904 | +#define USE_MARK 0x00000001 | |
905 | +#define USE_DROP 0x00000002 | |
906 | +#define USE_SIZE 0x00000004 | |
907 | + | |
908 | +struct ipt_nldata | |
909 | +{ | |
910 | + unsigned int flags; | |
911 | + unsigned int mark; | |
912 | + unsigned int size; | |
913 | +}; | |
914 | + | |
915 | +/* Old header */ | |
916 | +struct netlink_t { | |
917 | + unsigned int len; | |
918 | + unsigned int mark; | |
919 | + char iface[IFNAMSIZ]; | |
920 | +}; | |
921 | + | |
922 | +#endif /*_IPT_FWMON_H*/ | |
923 | diff -Nur --exclude '*.orig' linux-2.6.6.org/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-2.6.6/include/linux/netfilter_ipv4/ipt_ROUTE.h | |
924 | --- linux-2.6.6.org/include/linux/netfilter_ipv4/ipt_ROUTE.h 1970-01-01 01:00:00.000000000 +0100 | |
2540e23f | 925 | +++ linux-2.6.6/include/linux/netfilter_ipv4/ipt_ROUTE.h 2004-05-18 14:28:50.000000000 +0200 |
0166a474 | 926 | @@ -0,0 +1,22 @@ |
927 | +/* Header file for iptables ipt_ROUTE target | |
928 | + * | |
929 |