]>
Commit | Line | Data |
---|---|---|
014436e1 PS |
1 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/ipv4/nf_conntrack_icmp.h linux-libc-headers-2.6.11.0/include/linux/netfilter/ipv4/nf_conntrack_icmp.h |
2 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/ipv4/nf_conntrack_icmp.h 1970-01-01 01:00:00.000000000 +0100 | |
3 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/ipv4/nf_conntrack_icmp.h 2005-03-13 13:50:15.000000000 +0100 | |
4 | @@ -0,0 +1,17 @@ | |
5 | +/* | |
6 | + * ICMP tracking. | |
7 | + * | |
8 | + * Derived from include/linux/netfiter_ipv4/ip_conntrack_icmp.h | |
9 | + */ | |
ac0c4b1f | 10 | + |
014436e1 PS |
11 | +#ifndef _NF_CONNTRACK_ICMP_H |
12 | +#define _NF_CONNTRACK_ICMP_H | |
13 | +#include <asm/atomic.h> | |
ac0c4b1f | 14 | + |
014436e1 PS |
15 | +struct nf_ct_icmp |
16 | +{ | |
17 | + /* Optimization: when number in == number out, forget immediately. */ | |
18 | + atomic_t count; | |
19 | +}; | |
ac0c4b1f | 20 | + |
014436e1 PS |
21 | +#endif /* _NF_CONNTRACK_ICMP_H */ |
22 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/ipv4/nf_conntrack_ipv4.h linux-libc-headers-2.6.11.0/include/linux/netfilter/ipv4/nf_conntrack_ipv4.h | |
23 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/ipv4/nf_conntrack_ipv4.h 1970-01-01 01:00:00.000000000 +0100 | |
24 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/ipv4/nf_conntrack_ipv4.h 2005-03-13 13:50:15.000000000 +0100 | |
25 | @@ -0,0 +1,40 @@ | |
26 | +/* | |
27 | + * IPv4 support for nf_conntrack. | |
28 | + * | |
29 | + * 23 Mar 2004: Yasuyuki Kozakai @ USAGI <yasuyuki.kozakai@toshiba.co.jp> | |
30 | + * - move L3 protocol dependent part from include/linux/netfilter_ipv4/ | |
31 | + * ip_conntarck.h | |
32 | + */ | |
0fc89030 | 33 | + |
014436e1 PS |
34 | +#ifndef _NF_CONNTRACK_IPV4_H |
35 | +#define _NF_CONNTRACK_IPV4_H | |
36 | + | |
37 | +#ifdef CONFIG_IP_NF_NAT_NEEDED | |
38 | +#include <linux/netfilter_ipv4/ip_nat.h> | |
39 | + | |
40 | +/* per conntrack: nat application helper private data */ | |
41 | +union ip_conntrack_nat_help { | |
42 | + /* insert nat helper private data here */ | |
43 | +}; | |
44 | + | |
45 | +struct nf_conntrack_ipv4_nat { | |
46 | + struct ip_nat_info info; | |
47 | + union ip_conntrack_nat_help help; | |
48 | +#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \ | |
49 | + defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE) | |
50 | + int masq_index; | |
51 | +#endif | |
52 | +}; | |
53 | +#endif /* CONFIG_IP_NF_NAT_NEEDED */ | |
54 | + | |
55 | +struct nf_conntrack_ipv4 { | |
56 | +#ifdef CONFIG_IP_NF_NAT_NEEDED | |
57 | + struct nf_conntrack_ipv4_nat *nat; | |
58 | +#endif | |
59 | +}; | |
60 | + | |
61 | +/* Returns new sk_buff, or NULL */ | |
62 | +struct sk_buff * | |
63 | +nf_ct_ipv4_ct_gather_frags(struct sk_buff *skb); | |
64 | + | |
65 | +#endif /*_NF_CONNTRACK_IPV4_H*/ | |
66 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/ipv6/nf_conntrack_icmpv6.h linux-libc-headers-2.6.11.0/include/linux/netfilter/ipv6/nf_conntrack_icmpv6.h | |
67 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/ipv6/nf_conntrack_icmpv6.h 1970-01-01 01:00:00.000000000 +0100 | |
68 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/ipv6/nf_conntrack_icmpv6.h 2005-03-13 13:50:15.000000000 +0100 | |
69 | @@ -0,0 +1,27 @@ | |
70 | +/* | |
71 | + * ICMPv6 tracking. | |
72 | + * | |
73 | + * 21 Apl 2004: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp> | |
74 | + * - separated from nf_conntrack_icmp.h | |
75 | + * | |
76 | + * Derived from include/linux/netfiter_ipv4/ip_conntrack_icmp.h | |
77 | + */ | |
78 | + | |
79 | +#ifndef _NF_CONNTRACK_ICMPV6_H | |
80 | +#define _NF_CONNTRACK_ICMPV6_H | |
81 | +#include <asm/atomic.h> | |
82 | + | |
83 | +#ifndef ICMPV6_NI_QUERY | |
84 | +#define ICMPV6_NI_QUERY 139 | |
85 | +#endif | |
86 | +#ifndef ICMPV6_NI_REPLY | |
87 | +#define ICMPV6_NI_REPLY 140 | |
88 | +#endif | |
89 | + | |
90 | +struct nf_ct_icmpv6 | |
91 | +{ | |
92 | + /* Optimization: when number in == number out, forget immediately. */ | |
93 | + atomic_t count; | |
94 | +}; | |
95 | + | |
96 | +#endif /* _NF_CONNTRACK_ICMPV6_H */ | |
97 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_core.h linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_core.h | |
98 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_core.h 1970-01-01 01:00:00.000000000 +0100 | |
99 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_core.h 2005-03-13 13:50:15.000000000 +0100 | |
100 | @@ -0,0 +1,72 @@ | |
101 | +/* | |
102 | + * This header is used to share core functionality between the | |
103 | + * standalone connection tracking module, and the compatibility layer's use | |
104 | + * of connection tracking. | |
105 | + * | |
106 | + * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp> | |
107 | + * - generalize L3 protocol dependent part. | |
108 | + * | |
109 | + * Derived from include/linux/netfiter_ipv4/ip_conntrack_core.h | |
110 | + */ | |
111 | + | |
112 | +#ifndef _NF_CONNTRACK_CORE_H | |
113 | +#define _NF_CONNTRACK_CORE_H | |
114 | + | |
115 | +#include <linux/netfilter.h> | |
116 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
117 | + | |
118 | +/* This header is used to share core functionality between the | |
119 | + standalone connection tracking module, and the compatibility layer's use | |
120 | + of connection tracking. */ | |
121 | +extern unsigned int nf_conntrack_in(int pf, | |
122 | + unsigned int hooknum, | |
123 | + struct sk_buff **pskb); | |
124 | + | |
125 | +extern int nf_conntrack_init(void); | |
126 | +extern void nf_conntrack_cleanup(void); | |
127 | + | |
128 | +struct nf_conntrack_l3proto; | |
129 | +extern struct nf_conntrack_l3proto *nf_ct_find_l3proto(u_int16_t pf); | |
130 | +/* Like above, but you already have conntrack read lock. */ | |
131 | +extern struct nf_conntrack_l3proto *__nf_ct_find_l3proto(u_int16_t l3proto); | |
132 | + | |
133 | +struct nf_conntrack_protocol; | |
134 | + | |
135 | +extern int | |
136 | +nf_ct_get_tuple(const struct sk_buff *skb, | |
137 | + unsigned int nhoff, | |
138 | + unsigned int dataoff, | |
139 | + u_int16_t l3num, | |
140 | + u_int8_t protonum, | |
141 | + struct nf_conntrack_tuple *tuple, | |
142 | + const struct nf_conntrack_l3proto *l3proto, | |
143 | + const struct nf_conntrack_protocol *protocol); | |
144 | + | |
145 | +extern int | |
146 | +nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, | |
147 | + const struct nf_conntrack_tuple *orig, | |
148 | + const struct nf_conntrack_l3proto *l3proto, | |
149 | + const struct nf_conntrack_protocol *protocol); | |
150 | + | |
151 | +/* Find a connection corresponding to a tuple. */ | |
152 | +extern struct nf_conntrack_tuple_hash * | |
153 | +nf_conntrack_find_get(const struct nf_conntrack_tuple *tuple, | |
154 | + const struct nf_conn *ignored_conntrack); | |
155 | + | |
156 | +extern int __nf_conntrack_confirm(struct sk_buff **pskb); | |
157 | + | |
158 | +/* Confirm a connection: returns NF_DROP if packet must be dropped. */ | |
159 | +static inline int nf_conntrack_confirm(struct sk_buff **pskb) | |
160 | +{ | |
161 | + if ((*pskb)->nfct | |
162 | + && !is_confirmed((struct nf_conn *)(*pskb)->nfct)) | |
163 | + return __nf_conntrack_confirm(pskb); | |
164 | + return NF_ACCEPT; | |
165 | +} | |
166 | + | |
167 | +extern void __nf_conntrack_attach(struct sk_buff *nskb, struct sk_buff *skb); | |
168 | + | |
169 | +extern struct list_head *nf_conntrack_hash; | |
170 | +extern struct list_head nf_conntrack_expect_list; | |
171 | +DECLARE_RWLOCK_EXTERN(nf_conntrack_lock); | |
172 | +#endif /* _NF_CONNTRACK_CORE_H */ | |
173 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_ftp.h linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_ftp.h | |
174 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_ftp.h 1970-01-01 01:00:00.000000000 +0100 | |
175 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_ftp.h 2005-03-13 23:01:16.000000000 +0100 | |
176 | @@ -0,0 +1,48 @@ | |
177 | +/* | |
178 | + * nf_conntrack_ftp.h | |
179 | + * | |
180 | + * Definitions and Declarations for FTP tracking. | |
181 | + * | |
182 | + * Derived from include/linux/netfiter_ipv4/ip_conntrack_ftp.h | |
183 | + * | |
184 | + * 16 Dec 2003: Yasuyuki Kozakai @ USAGI <yasuyuki.kozakai@toshiba.co.jp> | |
185 | + * - IPv6 support. | |
186 | + */ | |
187 | + | |
188 | +#ifndef _NF_CONNTRACK_FTP_H | |
189 | +#define _NF_CONNTRACK_FTP_H | |
190 | +/* FTP tracking. */ | |
191 | + | |
192 | +enum nf_ct_ftp_type | |
193 | +{ | |
194 | + /* PORT command from client */ | |
195 | + NF_CT_FTP_PORT, | |
196 | + /* PASV response from server */ | |
197 | + NF_CT_FTP_PASV, | |
198 | + /* EPRT command from client */ | |
199 | + NF_CT_FTP_EPRT, | |
200 | + /* EPSV response from server */ | |
201 | + NF_CT_FTP_EPSV, | |
202 | +}; | |
203 | + | |
204 | +#define NUM_SEQ_TO_REMEMBER 2 | |
205 | +/* This structure exists only once per master */ | |
206 | +struct nf_ct_ftp_master { | |
207 | + /* Valid seq positions for cmd matching after newline */ | |
208 | + u_int32_t seq_aft_nl[NF_CT_DIR_MAX][NUM_SEQ_TO_REMEMBER]; | |
209 | + /* 0 means seq_match_aft_nl not set */ | |
210 | + int seq_aft_nl_num[NF_CT_DIR_MAX]; | |
211 | +}; | |
212 | + | |
213 | +struct nf_conntrack_expect; | |
214 | + | |
215 | +/* For NAT to hook in when we find a packet which describes what other | |
216 | + * connection we should expect. */ | |
217 | +extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, | |
218 | + enum nf_conntrack_info ctinfo, | |
219 | + enum nf_ct_ftp_type type, | |
220 | + unsigned int matchoff, | |
221 | + unsigned int matchlen, | |
222 | + struct nf_conntrack_expect *exp, | |
223 | + u32 *seq); | |
224 | +#endif /* _NF_CONNTRACK_FTP_H */ | |
225 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack.h linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack.h | |
226 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack.h 1970-01-01 01:00:00.000000000 +0100 | |
227 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack.h 2005-03-13 23:01:06.000000000 +0100 | |
228 | @@ -0,0 +1,54 @@ | |
229 | +/* | |
230 | + * Connection state tracking for netfilter. This is separated from, | |
231 | + * but required by, the (future) NAT layer; it can also be used by an iptables | |
232 | + * extension. | |
233 | + * | |
234 | + * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp> | |
235 | + * - generalize L3 protocol dependent part. | |
236 | + * | |
237 | + * Derived from include/linux/netfiter_ipv4/ip_conntrack.h | |
238 | + */ | |
239 | + | |
240 | +#ifndef _NF_CONNTRACK_H | |
241 | +#define _NF_CONNTRACK_H | |
242 | + | |
243 | +enum nf_conntrack_info | |
244 | +{ | |
245 | + /* Part of an established connection (either direction). */ | |
246 | + NF_CT_ESTABLISHED, | |
247 | + | |
248 | + /* Like NEW, but related to an existing connection, or ICMP error | |
249 | + (in either direction). */ | |
250 | + NF_CT_RELATED, | |
251 | + | |
252 | + /* Started a new connection to track (only | |
253 | + NF_CT_DIR_ORIGINAL); may be a retransmission. */ | |
254 | + NF_CT_NEW, | |
255 | + | |
256 | + /* >= this indicates reply direction */ | |
257 | + NF_CT_IS_REPLY, | |
258 | + | |
259 | + /* Number of distinct NF_CT types (no NEW in reply dirn). */ | |
260 | + NF_CT_NUMBER = NF_CT_IS_REPLY * 2 - 1 | |
261 | +}; | |
262 | + | |
263 | +/* Bitset representing status of connection. */ | |
264 | +enum nf_conntrack_status { | |
265 | + /* It's an expected connection: bit 0 set. This bit never changed */ | |
266 | + NF_S_EXPECTED_BIT = 0, | |
267 | + NF_S_EXPECTED = (1 << NF_S_EXPECTED_BIT), | |
268 | + | |
269 | + /* We've seen packets both ways: bit 1 set. Can be set, not unset. */ | |
270 | + NF_S_SEEN_REPLY_BIT = 1, | |
271 | + NF_S_SEEN_REPLY = (1 << NF_S_SEEN_REPLY_BIT), | |
272 | + | |
273 | + /* Conntrack should never be early-expired. */ | |
274 | + NF_S_ASSURED_BIT = 2, | |
275 | + NF_S_ASSURED = (1 << NF_S_ASSURED_BIT), | |
276 | + | |
277 | + /* Connection is confirmed: originating packet has left box */ | |
278 | + NF_S_CONFIRMED_BIT = 3, | |
279 | + NF_S_CONFIRMED = (1 << NF_S_CONFIRMED_BIT), | |
280 | +}; | |
281 | + | |
282 | +#endif /* _NF_CONNTRACK_H */ | |
283 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_helper.h linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_helper.h | |
284 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_helper.h 1970-01-01 01:00:00.000000000 +0100 | |
285 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_helper.h 2005-03-13 13:50:15.000000000 +0100 | |
286 | @@ -0,0 +1,50 @@ | |
287 | +/* | |
288 | + * connection tracking helpers. | |
289 | + * | |
290 | + * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp> | |
291 | + * - generalize L3 protocol dependent part. | |
292 | + * | |
293 | + * Derived from include/linux/netfiter_ipv4/ip_conntrack_helper.h | |
294 | + */ | |
295 | + | |
296 | +#ifndef _NF_CONNTRACK_HELPER_H | |
297 | +#define _NF_CONNTRACK_HELPER_H | |
298 | +#include <linux/netfilter/nf_conntrack.h> | |
299 | + | |
300 | +struct module; | |
301 | + | |
302 | +struct nf_conntrack_helper | |
303 | +{ | |
304 | + struct list_head list; /* Internal use. */ | |
305 | + | |
306 | + const char *name; /* name of the module */ | |
307 | + struct module *me; /* pointer to self */ | |
308 | + unsigned int max_expected; /* Maximum number of concurrent | |
309 | + * expected connections */ | |
310 | + unsigned int timeout; /* timeout for expecteds */ | |
311 | + | |
312 | + /* Mask of things we will help (compared against server response) */ | |
313 | + struct nf_conntrack_tuple tuple; | |
314 | + struct nf_conntrack_tuple mask; | |
315 | + | |
316 | + /* Function to call when data passes; return verdict, or -1 to | |
317 | + invalidate. */ | |
318 | + int (*help)(struct sk_buff **pskb, | |
319 | + unsigned int protoff, | |
320 | + struct nf_conn *ct, | |
321 | + enum nf_conntrack_info conntrackinfo); | |
322 | +}; | |
323 | + | |
324 | +extern int nf_conntrack_helper_register(struct nf_conntrack_helper *); | |
325 | +extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *); | |
326 | + | |
327 | +/* Allocate space for an expectation: this is mandatory before calling | |
328 | + nf_conntrack_expect_related. */ | |
329 | +extern struct nf_conntrack_expect *nf_conntrack_expect_alloc(void); | |
330 | +extern void nf_conntrack_expect_free(struct nf_conntrack_expect *exp); | |
331 | + | |
332 | +/* Add an expected connection: can have more than one per connection */ | |
333 | +extern int nf_conntrack_expect_related(struct nf_conntrack_expect *exp); | |
334 | +extern void nf_conntrack_unexpect_related(struct nf_conntrack_expect *exp); | |
335 | + | |
336 | +#endif /*_NF_CONNTRACK_HELPER_H*/ | |
337 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_l3proto.h linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_l3proto.h | |
338 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_l3proto.h 1970-01-01 01:00:00.000000000 +0100 | |
339 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_l3proto.h 2005-03-13 13:50:15.000000000 +0100 | |
340 | @@ -0,0 +1,93 @@ | |
341 | +/* | |
342 | + * Copyright (C)2003,2004 USAGI/WIDE Project | |
343 | + * | |
344 | + * Header for use in defining a given L3 protocol for connection tracking. | |
345 | + * | |
346 | + * Author: | |
347 | + * Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp> | |
348 | + * | |
349 | + * Derived from include/netfilter_ipv4/ip_conntrack_protocol.h | |
350 | + */ | |
351 | + | |
352 | +#ifndef _NF_CONNTRACK_L3PROTO_H | |
353 | +#define _NF_CONNTRACK_L3PROTO_H | |
354 | +#include <linux/seq_file.h> | |
355 | +#include <linux/netfilter/nf_conntrack.h> | |
356 | + | |
357 | +struct nf_conntrack_l3proto | |
358 | +{ | |
359 | + /* Next pointer. */ | |
360 | + struct list_head list; | |
361 | + | |
362 | + /* L3 Protocol Family number. ex) PF_INET */ | |
363 | + u_int16_t l3proto; | |
364 | + | |
365 | + /* Protocol name */ | |
366 | + const char *name; | |
367 | + | |
368 | + /* | |
369 | + * Try to fill in the third arg: nhoff is offset of l3 proto | |
370 | + * hdr. Return true if possible. | |
371 | + */ | |
372 | + int (*pkt_to_tuple)(const struct sk_buff *skb, unsigned int nhoff, | |
373 | + struct nf_conntrack_tuple *tuple); | |
374 | + | |
375 | + /* | |
376 | + * Invert the per-proto part of the tuple: ie. turn xmit into reply. | |
377 | + * Some packets can't be inverted: return 0 in that case. | |
378 | + */ | |
379 | + int (*invert_tuple)(struct nf_conntrack_tuple *inverse, | |
380 | + const struct nf_conntrack_tuple *orig); | |
381 | + | |
382 | + /* Print out the per-protocol part of the tuple. */ | |
383 | + int (*print_tuple)(struct seq_file *s, | |
384 | + const struct nf_conntrack_tuple *); | |
385 | + | |
386 | + /* Print out the private part of the conntrack. */ | |
387 | + int (*print_conntrack)(struct seq_file *s, const struct nf_conn *); | |
388 | + | |
389 | + /* Returns verdict for packet, or -1 for invalid. */ | |
390 | + int (*packet)(struct nf_conn *conntrack, | |
391 | + const struct sk_buff *skb, | |
392 | + enum nf_conntrack_info ctinfo); | |
393 | + | |
394 | + /* | |
395 | + * Called when a new connection for this protocol found; | |
396 | + * returns TRUE if it's OK. If so, packet() called next. | |
397 | + */ | |
398 | + int (*new)(struct nf_conn *conntrack, const struct sk_buff *skb); | |
399 | + | |
400 | + /* Called when a conntrack entry is destroyed */ | |
401 | + void (*destroy)(struct nf_conn *conntrack); | |
402 | + | |
403 | + /* | |
404 | + * Called before tracking. | |
405 | + * *dataoff: offset of protocol header (TCP, UDP,...) in *pskb | |
406 | + * *protonum: protocol number | |
407 | + */ | |
408 | + int (*prepare)(struct sk_buff **pskb, unsigned int hooknum, | |
409 | + unsigned int *dataoff, u_int8_t *protonum, int *ret); | |
410 | + | |
411 | + u_int32_t (*get_features)(const struct nf_conntrack_tuple *tuple); | |
412 | + | |
413 | + /* Module (if any) which this is connected to. */ | |
414 | + struct module *me; | |
415 | +}; | |
416 | + | |
417 | +extern struct nf_conntrack_l3proto *nf_ct_l3protos[AF_MAX]; | |
418 | + | |
419 | +/* Protocol registration. */ | |
420 | +extern int nf_conntrack_l3proto_register(struct nf_conntrack_l3proto *proto); | |
421 | +extern void nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto); | |
422 | + | |
423 | +static inline struct nf_conntrack_l3proto * | |
424 | +nf_ct_find_l3proto(u_int16_t l3proto) | |
425 | +{ | |
426 | + return nf_ct_l3protos[l3proto]; | |
427 | +} | |
428 | + | |
429 | +/* Existing built-in protocols */ | |
430 | +extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4; | |
431 | +extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6; | |
432 | +extern struct nf_conntrack_l3proto nf_conntrack_generic_l3proto; | |
433 | +#endif /*_NF_CONNTRACK_L3PROTO_H*/ | |
434 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_protocol.h linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_protocol.h | |
435 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_protocol.h 1970-01-01 01:00:00.000000000 +0100 | |
436 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_protocol.h 2005-03-13 13:50:15.000000000 +0100 | |
437 | @@ -0,0 +1,105 @@ | |
438 | +/* | |
439 | + * Header for use in defining a given protocol for connection tracking. | |
440 | + * | |
441 | + * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp> | |
442 | + * - generalized L3 protocol dependent part. | |
443 | + * | |
444 | + * Derived from include/linux/netfiter_ipv4/ip_conntrack_protcol.h | |
445 | + */ | |
446 | + | |
447 | +#ifndef _NF_CONNTRACK_PROTOCOL_H | |
448 | +#define _NF_CONNTRACK_PROTOCOL_H | |
449 | +#include <linux/netfilter/nf_conntrack.h> | |
450 | + | |
451 | +struct seq_file; | |
452 | + | |
453 | +struct nf_conntrack_protocol | |
454 | +{ | |
455 | + /* Next pointer. */ | |
456 | + struct list_head list; | |
457 | + | |
458 | + /* L3 Protocol number. */ | |
459 | + u_int16_t l3proto; | |
460 | + | |
461 | + /* Protocol number. */ | |
462 | + u_int8_t proto; | |
463 | + | |
464 | + /* Protocol name */ | |
465 | + const char *name; | |
466 | + | |
467 | + /* Try to fill in the third arg: dataoff is offset past network protocol | |
468 | + hdr. Return true if possible. */ | |
469 | + int (*pkt_to_tuple)(const struct sk_buff *skb, | |
470 | + unsigned int dataoff, | |
471 | + struct nf_conntrack_tuple *tuple); | |
472 | + | |
473 | + /* Invert the per-proto part of the tuple: ie. turn xmit into reply. | |
474 | + * Some packets can't be inverted: return 0 in that case. | |
475 | + */ | |
476 | + int (*invert_tuple)(struct nf_conntrack_tuple *inverse, | |
477 | + const struct nf_conntrack_tuple *orig); | |
478 | + | |
479 | + /* Print out the per-protocol part of the tuple. Return like seq_* */ | |
480 | + int (*print_tuple)(struct seq_file *s, | |
481 | + const struct nf_conntrack_tuple *); | |
482 | + | |
483 | + /* Print out the private part of the conntrack. */ | |
484 | + int (*print_conntrack)(struct seq_file *s, const struct nf_conn *); | |
485 | + | |
486 | + /* Returns verdict for packet, or -1 for invalid. */ | |
487 | + int (*packet)(struct nf_conn *conntrack, | |
488 | + const struct sk_buff *skb, | |
489 | + unsigned int dataoff, | |
490 | + enum nf_conntrack_info ctinfo, | |
491 | + int pf, | |
492 | + unsigned int hooknum); | |
493 | + | |
494 | + /* Called when a new connection for this protocol found; | |
495 | + * returns TRUE if it's OK. If so, packet() called next. */ | |
496 | + int (*new)(struct nf_conn *conntrack, const struct sk_buff *skb, | |
497 | + unsigned int dataoff); | |
498 | + | |
499 | + /* Called when a conntrack entry is destroyed */ | |
500 | + void (*destroy)(struct nf_conn *conntrack); | |
501 | + | |
502 | + int (*error)(struct sk_buff *skb, unsigned int dataoff, | |
503 | + enum nf_conntrack_info *ctinfo, | |
504 | + int pf, unsigned int hooknum); | |
505 | + | |
506 | + /* Module (if any) which this is connected to. */ | |
507 | + struct module *me; | |
508 | +}; | |
509 | + | |
510 | +/* Existing built-in protocols */ | |
511 | +extern struct nf_conntrack_protocol nf_conntrack_protocol_tcp6; | |
512 | +extern struct nf_conntrack_protocol nf_conntrack_protocol_udp4; | |
513 | +extern struct nf_conntrack_protocol nf_conntrack_protocol_udp6; | |
514 | +extern struct nf_conntrack_protocol nf_conntrack_generic_protocol; | |
515 | + | |
516 | +#define MAX_NF_CT_PROTO 256 | |
517 | +extern struct nf_conntrack_protocol **nf_ct_protos[PF_MAX]; | |
518 | + | |
519 | +extern struct nf_conntrack_protocol * | |
520 | +nf_ct_find_proto(u_int16_t l3proto, u_int8_t protocol); | |
521 | + | |
522 | +/* Protocol registration. */ | |
523 | +extern int nf_conntrack_protocol_register(struct nf_conntrack_protocol *proto); | |
524 | +extern void nf_conntrack_protocol_unregister(struct nf_conntrack_protocol *proto); | |
525 | + | |
526 | +/* Log invalid packets */ | |
527 | +extern unsigned int nf_ct_log_invalid; | |
528 | + | |
529 | +#ifdef CONFIG_SYSCTL | |
530 | +#ifdef DEBUG_INVALID_PACKETS | |
531 | +#define LOG_INVALID(proto) \ | |
532 | + (nf_ct_log_invalid == (proto) || nf_ct_log_invalid == IPPROTO_RAW) | |
0fc89030 | 533 | +#else |
014436e1 PS |
534 | +#define LOG_INVALID(proto) \ |
535 | + ((nf_ct_log_invalid == (proto) || nf_ct_log_invalid == IPPROTO_RAW) \ | |
536 | + && net_ratelimit()) | |
0fc89030 | 537 | +#endif |
014436e1 PS |
538 | +#else |
539 | +#define LOG_INVALID(proto) 0 | |
540 | +#endif /* CONFIG_SYSCTL */ | |
541 | + | |
542 | +#endif /*_NF_CONNTRACK_PROTOCOL_H*/ | |
543 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_sctp.h linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_sctp.h | |
544 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_sctp.h 1970-01-01 01:00:00.000000000 +0100 | |
545 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_sctp.h 2005-03-13 13:50:15.000000000 +0100 | |
546 | @@ -0,0 +1,30 @@ | |
547 | +/* | |
548 | + * SCTP tracking. | |
549 | + * | |
550 | + * Derived from include/linux/netfiter_ipv4/ip_conntrack_tcp.h | |
551 | + */ | |
552 | + | |
553 | +#ifndef _NF_CONNTRACK_SCTP_H | |
554 | +#define _NF_CONNTRACK_SCTP_H | |
555 | + | |
556 | +enum sctp_conntrack { | |
557 | + SCTP_CONNTRACK_NONE, | |
558 | + SCTP_CONNTRACK_CLOSED, | |
559 | + SCTP_CONNTRACK_COOKIE_WAIT, | |
560 | + SCTP_CONNTRACK_COOKIE_ECHOED, | |
561 | + SCTP_CONNTRACK_ESTABLISHED, | |
562 | + SCTP_CONNTRACK_SHUTDOWN_SENT, | |
563 | + SCTP_CONNTRACK_SHUTDOWN_RECD, | |
564 | + SCTP_CONNTRACK_SHUTDOWN_ACK_SENT, | |
565 | + SCTP_CONNTRACK_MAX | |
0fc89030 PS |
566 | +}; |
567 | + | |
014436e1 PS |
568 | +struct nf_ct_sctp |
569 | +{ | |
570 | + enum sctp_conntrack state; | |
571 | + | |
572 | + u_int32_t vtag[NF_CT_DIR_MAX]; | |
573 | + u_int32_t ttag[NF_CT_DIR_MAX]; | |
0fc89030 PS |
574 | +}; |
575 | + | |
014436e1 PS |
576 | +#endif /* _NF_CONNTRACK_SCTP_H */ |
577 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_tcp.h linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_tcp.h | |
578 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_tcp.h 1970-01-01 01:00:00.000000000 +0100 | |
579 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_tcp.h 2005-03-13 13:50:15.000000000 +0100 | |
580 | @@ -0,0 +1,63 @@ | |
581 | +/* | |
582 | + * TCP tracking. | |
583 | + * | |
584 | + * Derived from include/linux/netfiter_ipv4/ip_conntrack_tcp.h | |
585 | + */ | |
586 | + | |
587 | +#ifndef _NF_CONNTRACK_TCP_H | |
588 | +#define _NF_CONNTRACK_TCP_H | |
0fc89030 | 589 | + |
014436e1 PS |
590 | +enum tcp_conntrack { |
591 | + TCP_CONNTRACK_NONE, | |
592 | + TCP_CONNTRACK_SYN_SENT, | |
593 | + TCP_CONNTRACK_SYN_RECV, | |
594 | + TCP_CONNTRACK_ESTABLISHED, | |
595 | + TCP_CONNTRACK_FIN_WAIT, | |
596 | + TCP_CONNTRACK_CLOSE_WAIT, | |
597 | + TCP_CONNTRACK_LAST_ACK, | |
598 | + TCP_CONNTRACK_TIME_WAIT, | |
599 | + TCP_CONNTRACK_CLOSE, | |
600 | + TCP_CONNTRACK_LISTEN, | |
601 | + TCP_CONNTRACK_MAX, | |
602 | + TCP_CONNTRACK_IGNORE | |
0fc89030 PS |
603 | +}; |
604 | + | |
014436e1 PS |
605 | +/* Window scaling is advertised by the sender */ |
606 | +#define NF_CT_TCP_FLAG_WINDOW_SCALE 0x01 | |
607 | + | |
608 | +/* SACK is permitted by the sender */ | |
609 | +#define NF_CT_TCP_FLAG_SACK_PERM 0x02 | |
610 | + | |
611 | +struct nf_ct_tcp_state { | |
612 | + u_int32_t td_end; /* max of seq + len */ | |
613 | + u_int32_t td_maxend; /* max of ack + max(win, 1) */ | |
614 | + u_int32_t td_maxwin; /* max(win) */ | |
615 | + u_int8_t td_scale; /* window scale factor */ | |
616 | + u_int8_t loose; /* used when connection picked up from the middle */ | |
617 | + u_int8_t flags; /* per direction state flags */ | |
0fc89030 PS |
618 | +}; |
619 | + | |
014436e1 PS |
620 | +struct nf_ct_tcp |
621 | +{ | |
622 | + struct nf_ct_tcp_state seen[2]; /* connection parameters per direction */ | |
623 | + u_int8_t state; /* state of the connection (enum tcp_conntrack) */ | |
624 | + /* For detecting stale connections */ | |
625 | + u_int8_t last_dir; /* Direction of the last packet (enum nf_conntrack_dir) */ | |
626 | + u_int8_t retrans; /* Number of retransmitted packets */ | |
627 | + u_int8_t last_index; /* Index of the last packet */ | |
628 | + u_int32_t last_seq; /* Last sequence number seen in dir */ | |
629 | + u_int32_t last_ack; /* Last sequence number seen in opposite dir */ | |
630 | + u_int32_t last_end; /* Last seq + len */ | |
631 | +}; | |
632 | + | |
633 | +/* Need this, since this file is included before the nf_conn definition | |
634 | + * in nf_conntrack.h */ | |
635 | +struct nf_conn; | |
636 | + | |
637 | +/* Update TCP window tracking data when NAT mangles the packet */ | |
638 | +extern void nf_conntrack_tcp_update(struct sk_buff *skb, | |
639 | + unsigned int dataoff, | |
640 | + struct nf_conn *conntrack, | |
641 | + int dir); | |
642 | + | |
643 | +#endif /* _NF_CONNTRACK_TCP_H */ | |
644 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_tuple.h linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_tuple.h | |
645 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter/nf_conntrack_tuple.h 1970-01-01 01:00:00.000000000 +0100 | |
646 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter/nf_conntrack_tuple.h 2005-03-13 23:01:31.000000000 +0100 | |
647 | @@ -0,0 +1,177 @@ | |
648 | +/* | |
649 | + * Definitions and Declarations for tuple. | |
650 | + * | |
651 | + * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp> | |
652 | + * - generalize L3 protocol dependent part. | |
653 | + * | |
654 | + * Derived from include/linux/netfiter_ipv4/ip_conntrack_tuple.h | |
655 | + */ | |
0fc89030 | 656 | + |
014436e1 PS |
657 | +#ifndef _NF_CONNTRACK_TUPLE_H |
658 | +#define _NF_CONNTRACK_TUPLE_H | |
0fc89030 | 659 | + |
014436e1 PS |
660 | +/* A `tuple' is a structure containing the information to uniquely |
661 | + identify a connection. ie. if two packets have the same tuple, they | |
662 | + are in the same connection; if not, they are not. | |
663 | + | |
664 | + We divide the structure along "manipulatable" and | |
665 | + "non-manipulatable" lines, for the benefit of the NAT code. | |
666 | +*/ | |
0fc89030 | 667 | + |
014436e1 PS |
668 | +#define NF_CT_TUPLE_L3SIZE 4 |
669 | + | |
670 | +/* The l3 protocol-specific manipulable parts of the tuple: always in | |
671 | + network order! */ | |
672 | +union nf_conntrack_man_l3proto { | |
673 | + u_int32_t all[NF_CT_TUPLE_L3SIZE]; | |
674 | + u_int32_t ip; | |
675 | + u_int32_t ip6[4]; | |
0fc89030 PS |
676 | +}; |
677 | + | |
014436e1 PS |
678 | +/* The protocol-specific manipulable parts of the tuple: always in |
679 | + network order! */ | |
680 | +union nf_conntrack_man_proto | |
681 | +{ | |
682 | + /* Add other protocols here. */ | |
683 | + u_int16_t all; | |
684 | + | |
0fc89030 | 685 | + struct { |
014436e1 PS |
686 | + u_int16_t port; |
687 | + } tcp; | |
688 | + struct { | |
689 | + u_int16_t port; | |
690 | + } udp; | |
691 | + struct { | |
692 | + u_int16_t id; | |
693 | + } icmp; | |
694 | + struct { | |
695 | + u_int16_t port; | |
696 | + } sctp; | |
697 | +}; | |
698 | + | |
699 | +/* The manipulable part of the tuple. */ | |
700 | +struct nf_conntrack_man | |
701 | +{ | |
702 | + union nf_conntrack_man_l3proto u3; | |
703 | + union nf_conntrack_man_proto u; | |
704 | + /* Layer 3 protocol */ | |
705 | + u_int16_t l3num; | |
706 | +}; | |
707 | + | |
708 | +/* This contains the information to distinguish a connection. */ | |
709 | +struct nf_conntrack_tuple | |
710 | +{ | |
711 | + struct nf_conntrack_man src; | |
712 | + | |
713 | + /* These are the parts of the tuple which are fixed. */ | |
714 | + struct { | |
715 | + union { | |
716 | + u_int32_t all[NF_CT_TUPLE_L3SIZE]; | |
717 | + u_int32_t ip; | |
718 | + u_int32_t ip6[4]; | |
719 | + } u3; | |
720 | + union { | |
721 | + /* Add other protocols here. */ | |
722 | + u_int16_t all; | |
723 | + | |
0fc89030 | 724 | + struct { |
014436e1 PS |
725 | + u_int16_t port; |
726 | + } tcp; | |
727 | + struct { | |
728 | + u_int16_t port; | |
729 | + } udp; | |
730 | + struct { | |
731 | + u_int8_t type, code; | |
732 | + } icmp; | |
733 | + struct { | |
734 | + u_int16_t port; | |
735 | + } sctp; | |
736 | + } u; | |
737 | + | |
738 | + /* The protocol. */ | |
739 | + u_int8_t protonum; | |
740 | + | |
741 | + /* The direction (for tuplehash) */ | |
742 | + u_int8_t dir; | |
743 | + } dst; | |
744 | +}; | |
745 | + | |
746 | +/* This is optimized opposed to a memset of the whole structure. Everything we | |
747 | + * really care about is the source/destination unions */ | |
748 | +#define NF_CT_TUPLE_U_BLANK(tuple) \ | |
749 | + do { \ | |
750 | + (tuple)->src.u.all = 0; \ | |
751 | + (tuple)->dst.u.all = 0; \ | |
752 | + memset((tuple)->src.u3.all, 0, \ | |
753 | + sizeof(u_int32_t)*NF_CT_TUPLE_L3SIZE); \ | |
754 | + memset((tuple)->dst.u3.all, 0, \ | |
755 | + sizeof(u_int32_t)*NF_CT_TUPLE_L3SIZE); \ | |
756 | + } while (0) | |
757 | + | |
758 | +enum nf_conntrack_dir | |
759 | +{ | |
760 | + NF_CT_DIR_ORIGINAL, | |
761 | + NF_CT_DIR_REPLY, | |
762 | + NF_CT_DIR_MAX | |
763 | +}; | |
764 | + | |
765 | +static inline int nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1, | |
766 | + const struct nf_conntrack_tuple *t2) | |
767 | +{ | |
768 | + return (t1->src.u3.all[0] == t2->src.u3.all[0] && | |
769 | + t1->src.u3.all[1] == t2->src.u3.all[1] && | |
770 | + t1->src.u3.all[2] == t2->src.u3.all[2] && | |
771 | + t1->src.u3.all[3] == t2->src.u3.all[3] && | |
772 | + t1->src.u.all == t2->src.u.all && | |
773 | + t1->src.l3num == t2->src.l3num && | |
774 | + t1->dst.protonum == t2->dst.protonum); | |
775 | +} | |
776 | + | |
777 | +static inline int nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1, | |
778 | + const struct nf_conntrack_tuple *t2) | |
779 | +{ | |
780 | + return (t1->dst.u3.all[0] == t2->dst.u3.all[0] && | |
781 | + t1->dst.u3.all[1] == t2->dst.u3.all[1] && | |
782 | + t1->dst.u3.all[2] == t2->dst.u3.all[2] && | |
783 | + t1->dst.u3.all[3] == t2->dst.u3.all[3] && | |
784 | + t1->dst.u.all == t2->dst.u.all && | |
785 | + t1->src.l3num == t2->src.l3num && | |
786 | + t1->dst.protonum == t2->dst.protonum); | |
787 | +} | |
788 | + | |
789 | +static inline int nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1, | |
790 | + const struct nf_conntrack_tuple *t2) | |
791 | +{ | |
792 | + return nf_ct_tuple_src_equal(t1, t2) && nf_ct_tuple_dst_equal(t1, t2); | |
793 | +} | |
794 | + | |
795 | +static inline int nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t, | |
796 | + const struct nf_conntrack_tuple *tuple, | |
797 | + const struct nf_conntrack_tuple *mask) | |
798 | +{ | |
799 | + int count = 0; | |
800 | + | |
801 | + for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){ | |
802 | + if ((ntohs(t->src.u3.all[count]) ^ | |
803 | + ntohs(tuple->src.u3.all[count])) & | |
804 | + ntohs(mask->src.u3.all[count])) | |
805 | + return 0; | |
806 | + } | |
807 | + | |
808 | + for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++){ | |
809 | + if ((ntohs(t->dst.u3.all[count]) ^ | |
810 | + ntohs(tuple->dst.u3.all[count])) & | |
811 | + ntohs(mask->dst.u3.all[count])) | |
812 | + return 0; | |
813 | + } | |
814 | + | |
815 | + if ((t->src.u.all ^ tuple->src.u.all) & mask->src.u.all || | |
816 | + (t->dst.u.all ^ tuple->dst.u.all) & mask->dst.u.all || | |
817 | + (t->src.l3num ^ tuple->src.l3num) & mask->src.l3num || | |
818 | + (t->dst.protonum ^ tuple->dst.protonum) & mask->dst.protonum) | |
819 | + return 0; | |
820 | + | |
821 | + return 1; | |
822 | +} | |
823 | + | |
824 | +#endif /* _NF_CONNTRACK_TUPLE_H */ | |
825 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_logging.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_logging.h | |
826 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_logging.h 1970-01-01 01:00:00.000000000 +0100 | |
827 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_logging.h 2005-03-13 22:55:27.000000000 +0100 | |
e0dfec11 PS |
828 | @@ -0,0 +1,5 @@ |
829 | +/* IPv4 macros for the internal logging interface. */ | |
830 | +#ifndef __IP_LOGGING_H | |
831 | +#define __IP_LOGGING_H | |
832 | + | |
833 | +#endif /*__IP_LOGGING_H*/ | |
014436e1 PS |
834 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_nat.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_nat.h |
835 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_nat.h 2005-03-13 21:53:55.000000000 +0100 | |
836 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_nat.h 2005-03-13 22:55:37.000000000 +0100 | |
837 | @@ -39,33 +39,13 @@ | |
838 | union ip_conntrack_manip_proto min, max; | |
0fc89030 PS |
839 | }; |
840 | ||
014436e1 PS |
841 | -/* A range consists of an array of 1 or more ip_nat_range */ |
842 | -struct ip_nat_multi_range | |
843 | +/* For backwards compat: don't use in modern code. */ | |
844 | +struct ip_nat_multi_range_compat | |
845 | { | |
846 | - unsigned int rangesize; | |
847 | + unsigned int rangesize; /* Must be 1. */ | |
0fc89030 | 848 | |
014436e1 PS |
849 | /* hangs off end. */ |
850 | struct ip_nat_range range[1]; | |
851 | }; | |
852 | ||
853 | -/* Worst case: local-out manip + 1 post-routing, and reverse dirn. */ | |
854 | -#define IP_NAT_MAX_MANIPS (2*3) | |
855 | - | |
856 | -struct ip_nat_info_manip | |
857 | -{ | |
858 | - /* The direction. */ | |
859 | - u_int8_t direction; | |
860 | - | |
861 | - /* Which hook the manipulation happens on. */ | |
862 | - u_int8_t hooknum; | |
863 | - | |
864 | - /* The manipulation type. */ | |
865 | - u_int8_t maniptype; | |
866 | - | |
867 | - /* Manipulations to occur at each conntrack in this dirn. */ | |
868 | - struct ip_conntrack_manip manip; | |
869 | -}; | |
870 | - | |
871 | -#define ip_nat_multi_range ip_nat_multi_range_compat | |
872 | - | |
873 | #endif | |
874 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_queue.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_queue.h | |
875 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_queue.h 2004-10-31 20:56:03.000000000 +0100 | |
876 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_queue.h 2005-03-13 22:56:08.000000000 +0100 | |
38896796 PS |
877 | @@ -7,7 +7,7 @@ |
878 | #ifndef _IP_QUEUE_H | |
879 | #define _IP_QUEUE_H | |
e0dfec11 | 880 | |
38896796 PS |
881 | -#include <linux/if.h> |
882 | +#include <net/if.h> | |
e0dfec11 | 883 | |
38896796 PS |
884 | /* Messages sent from kernel */ |
885 | typedef struct ipq_packet_msg { | |
014436e1 PS |
886 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set.h |
887 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set.h 1970-01-01 01:00:00.000000000 +0100 | |
888 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set.h 2005-03-13 22:56:21.000000000 +0100 | |
889 | @@ -0,0 +1,293 @@ | |
890 | +#ifndef _IP_SET_H | |
891 | +#define _IP_SET_H | |
892 | + | |
893 | +/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> | |
894 | + * Patrick Schaaf <bof@bof.de> | |
895 | + * Martin Josefsson <gandalf@wlug.westbo.se> | |
896 | + * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | |
897 | + * | |
898 | + * This program is free software; you can redistribute it and/or modify | |
899 | + * it under the terms of the GNU General Public License version 2 as | |
900 | + * published by the Free Software Foundation. | |
901 | + */ | |
902 | + | |
903 | +/* | |
904 | + * A sockopt of such quality has hardly ever been seen before on the open | |
905 | + * market! This little beauty, hardly ever used: above 64, so it's | |
906 | + * traditionally used for firewalling, not touched (even once!) by the | |
907 | + * 2.0, 2.2 and 2.4 kernels! | |
908 | + * | |
909 | + * Comes with its own certificate of authenticity, valid anywhere in the | |
910 | + * Free world! | |
911 | + * | |
912 | + * Rusty, 19.4.2000 | |
913 | + */ | |
914 | +#define SO_IP_SET 83 | |
915 | + | |
916 | +/* | |
917 | + * Heavily modify by Joakim Axelsson 08.03.2002 | |
918 | + * - Made it more modulebased | |
919 | + * | |
920 | + * Additional heavy modifications by Jozsef Kadlecsik 22.02.2004 | |
921 | + * - bindings added | |
922 | + * - in order to "deal with" backward compatibility, renamed to ipset | |
923 | + */ | |
924 | + | |
925 | +/* | |
926 | + * Used so that the kernel module and ipset-binary can match their versions | |
927 | + */ | |
928 | +#define IP_SET_PROTOCOL_VERSION 2 | |
929 | + | |
930 | +#define IP_SET_MAXNAMELEN 32 /* set names and set typenames */ | |
931 | + | |
932 | +/* Lets work with our own typedef for representing an IP address. | |
933 | + * We hope to make the code more portable, possibly to IPv6... | |
934 | + * | |
935 | + * The representation works in HOST byte order, because most set types | |
936 | + * will perform arithmetic operations and compare operations. | |
937 | + * | |
938 | + * For now the type is an uint32_t. | |
939 | + * | |
940 | + * Make sure to ONLY use the functions when translating and parsing | |
941 | + * in order to keep the host byte order and make it more portable: | |
942 | + * parse_ip() | |
943 | + * parse_mask() | |
944 | + * parse_ipandmask() | |
945 | + * ip_tostring() | |
946 | + * (Joakim: where are they???) | |
947 | + */ | |
948 | + | |
949 | +typedef uint32_t ip_set_ip_t; | |
950 | + | |
951 | +/* Sets are identified by an id in kernel space. Tweak with ip_set_id_t | |
952 | + * and IP_SET_INVALID_ID if you want to increase the max number of sets. | |
953 | + */ | |
954 | +typedef uint16_t ip_set_id_t; | |
955 | + | |
956 | +#define IP_SET_INVALID_ID 65535 | |
957 | + | |
958 | +/* How deep we follow bindings */ | |
959 | +#define IP_SET_MAX_BINDINGS 6 | |
960 | + | |
961 | +/* | |
962 | + * Option flags for kernel operations (ipt_set_info) | |
963 | + */ | |
964 | +#define IPSET_SRC 0x01 /* Source match/add */ | |
965 | +#define IPSET_DST 0x02 /* Destination match/add */ | |
966 | +#define IPSET_MATCH_INV 0x04 /* Inverse matching */ | |
967 | + | |
968 | +/* | |
969 | + * Set types (flavours) | |
970 | + */ | |
971 | +#define IPSET_TYPE_IP 0 /* IP address type of set */ | |
972 | +#define IPSET_TYPE_PORT 1 /* Port type of set */ | |
973 | + | |
974 | +/* Reserved keywords */ | |
975 | +#define IPSET_TOKEN_DEFAULT ":default:" | |
976 | +#define IPSET_TOKEN_ALL ":all:" | |
977 | + | |
978 | +/* SO_IP_SET operation constants, and their request struct types. | |
979 | + * | |
980 | + * Operation ids: | |
981 | + * 0-99: commands with version checking | |
982 | + * 100-199: add/del/test/bind/unbind | |
983 | + * 200-299: list, save, restore | |
984 | + */ | |
985 | + | |
986 | +/* Single shot operations: | |
987 | + * version, create, destroy, flush, rename and swap | |
988 | + * | |
989 | + * Sets are identified by name. | |
990 | + */ | |
991 | + | |
992 | +#define IP_SET_REQ_STD \ | |
993 | + unsigned op; \ | |
994 | + unsigned version; \ | |
995 | + char name[IP_SET_MAXNAMELEN] | |
996 | + | |
997 | +#define IP_SET_OP_CREATE 0x00000001 /* Create a new (empty) set */ | |
998 | +struct ip_set_req_create { | |
999 | + IP_SET_REQ_STD; | |
1000 | + char typename[IP_SET_MAXNAMELEN]; | |
1001 | +}; | |
1002 | + | |
1003 | +#define IP_SET_OP_DESTROY 0x00000002 /* Remove a (empty) set */ | |
1004 | +struct ip_set_req_std { | |
1005 | + IP_SET_REQ_STD; | |
1006 | +}; | |
1007 | + | |
1008 | +#define IP_SET_OP_FLUSH 0x00000003 /* Remove all IPs in a set */ | |
1009 | +/* Uses ip_set_req_std */ | |
1010 | + | |
1011 | +#define IP_SET_OP_RENAME 0x00000004 /* Rename a set */ | |
1012 | +/* Uses ip_set_req_create */ | |
1013 | + | |
1014 | +#define IP_SET_OP_SWAP 0x00000005 /* Swap two sets */ | |
1015 | +/* Uses ip_set_req_create */ | |
1016 | + | |
1017 | +union ip_set_name_index { | |
1018 | + char name[IP_SET_MAXNAMELEN]; | |
1019 | + ip_set_id_t index; | |
1020 | +}; | |
1021 | + | |
1022 | +#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ | |
1023 | +struct ip_set_req_get_set { | |
1024 | + unsigned op; | |
1025 | + unsigned version; | |
1026 | + union ip_set_name_index set; | |
1027 | +}; | |
1028 | + | |
1029 | +#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ | |
1030 | +/* Uses ip_set_req_get_set */ | |
1031 | + | |
1032 | +#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ | |
1033 | +struct ip_set_req_version { | |
1034 | + unsigned op; | |
1035 | + unsigned version; | |
1036 | +}; | |
1037 | + | |
1038 | +/* Double shots operations: | |
1039 | + * add, del, test, bind and unbind. | |
1040 | + * | |
1041 | + * First we query the kernel to get the index and type of the target set, | |
1042 | + * then issue the command. Validity of IP is checked in kernel in order | |
1043 | + * to minimalize sockopt operations. | |
1044 | + */ | |
1045 | + | |
1046 | +/* Get minimal set data for add/del/test/bind/unbind IP */ | |
1047 | +#define IP_SET_OP_ADT_GET 0x00000010 /* Get set and type */ | |
1048 | +struct ip_set_req_adt_get { | |
1049 | + unsigned op; | |
1050 | + unsigned version; | |
1051 | + union ip_set_name_index set; | |
1052 | + char typename[IP_SET_MAXNAMELEN]; | |
1053 | +}; | |
1054 | + | |
1055 | +#define IP_SET_REQ_BYINDEX \ | |
1056 | + unsigned op; \ | |
1057 | + ip_set_id_t index; | |
1058 | + | |
1059 | +struct ip_set_req_adt { | |
1060 | + IP_SET_REQ_BYINDEX; | |
1061 | +}; | |
1062 | + | |
1063 | +#define IP_SET_OP_ADD_IP 0x00000101 /* Add an IP to a set */ | |
1064 | +/* Uses ip_set_req_adt, with type specific addage */ | |
1065 | + | |
1066 | +#define IP_SET_OP_DEL_IP 0x00000102 /* Remove an IP from a set */ | |
1067 | +/* Uses ip_set_req_adt, with type specific addage */ | |
1068 | + | |
1069 | +#define IP_SET_OP_TEST_IP 0x00000103 /* Test an IP in a set */ | |
1070 | +/* Uses ip_set_req_adt, with type specific addage */ | |
1071 | + | |
1072 | +#define IP_SET_OP_BIND_SET 0x00000104 /* Bind an IP to a set */ | |
1073 | +/* Uses ip_set_req_bind, with type specific addage */ | |
1074 | +struct ip_set_req_bind { | |
1075 | + IP_SET_REQ_BYINDEX; | |
1076 | + char binding[IP_SET_MAXNAMELEN]; | |
1077 | +}; | |
1078 | + | |
1079 | +#define IP_SET_OP_UNBIND_SET 0x00000105 /* Unbind an IP from a set */ | |
1080 | +/* Uses ip_set_req_bind, with type speficic addage | |
1081 | + * index = 0 means unbinding for all sets */ | |
1082 | + | |
1083 | +#define IP_SET_OP_TEST_BIND_SET 0x00000106 /* Test binding an IP to a set */ | |
1084 | +/* Uses ip_set_req_bind, with type specific addage */ | |
1085 | + | |
1086 | +/* Multiple shots operations: list, save, restore. | |
1087 | + * | |
1088 | + * - check kernel version and query the max number of sets | |
1089 | + * - get the basic information on all sets | |
1090 | + * and size required for the next step | |
1091 | + * - get actual set data: header, data, bindings | |
1092 | + */ | |
1093 | + | |
1094 | +/* Get max_sets and the index of a queried set | |
1095 | + */ | |
1096 | +#define IP_SET_OP_MAX_SETS 0x00000020 | |
1097 | +struct ip_set_req_max_sets { | |
1098 | + unsigned op; | |
1099 | + unsigned version; | |
1100 | + ip_set_id_t max_sets; /* max_sets */ | |
1101 | + ip_set_id_t sets; /* real number of sets */ | |
1102 | + union ip_set_name_index set; /* index of set if name used */ | |
1103 | +}; | |
1104 | + | |
1105 | +/* Get the id and name of the sets plus size for next step */ | |
1106 | +#define IP_SET_OP_LIST_SIZE 0x00000201 | |
1107 | +#define IP_SET_OP_SAVE_SIZE 0x00000202 | |
1108 | +struct ip_set_req_setnames { | |
1109 | + unsigned op; | |
1110 | + ip_set_id_t index; /* set to list/save */ | |
1111 | + size_t size; /* size to get setdata/bindings */ | |
1112 | + /* followed by sets number of struct ip_set_name_list */ | |
1113 | +}; | |
1114 | + | |
1115 | +struct ip_set_name_list { | |
1116 | + char name[IP_SET_MAXNAMELEN]; | |
1117 | + char typename[IP_SET_MAXNAMELEN]; | |
1118 | + ip_set_id_t index; | |
1119 | + ip_set_id_t id; | |
1120 | +}; | |
1121 | + | |
1122 | +/* The actual list operation */ | |
1123 | +#define IP_SET_OP_LIST 0x00000203 | |
1124 | +struct ip_set_req_list { | |
1125 | + IP_SET_REQ_BYINDEX; | |
1126 | + /* sets number of struct ip_set_list in reply */ | |
1127 | +}; | |
1128 | + | |
1129 | +struct ip_set_list { | |
1130 | + ip_set_id_t index; | |
1131 | + ip_set_id_t binding; | |
1132 | + u_int32_t ref; | |
1133 | + size_t header_size; /* Set header data of header_size */ | |
1134 | + size_t members_size; /* Set members data of members_size */ | |
1135 | + size_t bindings_size; /* Set bindings data of bindings_size */ | |
1136 | +}; | |
1137 | + | |
1138 | +struct ip_set_hash_list { | |
1139 | + ip_set_ip_t ip; | |
1140 | + ip_set_id_t binding; | |
1141 | +}; | |
1142 | + | |
1143 | +/* The save operation */ | |
1144 | +#define IP_SET_OP_SAVE 0x00000204 | |
1145 | +/* Uses ip_set_req_list, in the reply replaced by | |
1146 | + * sets number of struct ip_set_save plus a marker | |
1147 | + * ip_set_save followed by ip_set_hash_save structures. | |
1148 | + */ | |
1149 | +struct ip_set_save { | |
1150 | + ip_set_id_t index; | |
1151 | + ip_set_id_t binding; | |
1152 | + size_t header_size; /* Set header data of header_size */ | |
1153 | + size_t members_size; /* Set members data of members_size */ | |
1154 | +}; | |
1155 | + | |
1156 | +/* At restoring, ip == 0 means default binding for the given set: */ | |
1157 | +struct ip_set_hash_save { | |
1158 | + ip_set_ip_t ip; | |
1159 | + ip_set_id_t id; | |
1160 | + ip_set_id_t binding; | |
1161 | +}; | |
1162 | + | |
1163 | +/* The restore operation */ | |
1164 | +#define IP_SET_OP_RESTORE 0x00000205 | |
1165 | +/* Uses ip_set_req_setnames followed by ip_set_restore structures | |
1166 | + * plus a marker ip_set_restore, followed by ip_set_hash_save | |
1167 | + * structures. | |
1168 | + */ | |
1169 | +struct ip_set_restore { | |
1170 | + char name[IP_SET_MAXNAMELEN]; | |
1171 | + char typename[IP_SET_MAXNAMELEN]; | |
1172 | + ip_set_id_t index; | |
1173 | + size_t header_size; /* Create data of header_size */ | |
1174 | + size_t members_size; /* Set members data of members_size */ | |
1175 | +}; | |
1176 | + | |
1177 | +static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b) | |
1178 | +{ | |
1179 | + return 4 * ((((b - a + 8) / 8) + 3) / 4); | |
1180 | +} | |
1181 | + | |
1182 | +#endif /*_IP_SET_H*/ | |
1183 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_iphash.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_iphash.h | |
1184 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_iphash.h 1970-01-01 01:00:00.000000000 +0100 | |
1185 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_iphash.h 2005-03-13 13:50:15.000000000 +0100 | |
1186 | @@ -0,0 +1,30 @@ | |
1187 | +#ifndef __IP_SET_IPHASH_H | |
1188 | +#define __IP_SET_IPHASH_H | |
1189 | + | |
1190 | +#include <linux/netfilter_ipv4/ip_set.h> | |
1191 | + | |
1192 | +#define SETTYPE_NAME "iphash" | |
1193 | +#define MAX_RANGE 0x0000FFFF | |
1194 | + | |
1195 | +struct ip_set_iphash { | |
1196 | + ip_set_ip_t *members; /* the iphash proper */ | |
1197 | + uint32_t initval; /* initval for jhash_1word */ | |
1198 | + uint32_t prime; /* prime for double hashing */ | |
1199 | + uint32_t hashsize; /* hash size */ | |
1200 | + uint16_t probes; /* max number of probes */ | |
1201 | + uint16_t resize; /* resize factor in percent */ | |
1202 | + ip_set_ip_t netmask; /* netmask */ | |
1203 | +}; | |
1204 | + | |
1205 | +struct ip_set_req_iphash_create { | |
1206 | + uint32_t hashsize; | |
1207 | + uint16_t probes; | |
1208 | + uint16_t resize; | |
1209 | + ip_set_ip_t netmask; | |
1210 | +}; | |
1211 | + | |
1212 | +struct ip_set_req_iphash { | |
1213 | + ip_set_ip_t ip; | |
1214 | +}; | |
1215 | + | |
1216 | +#endif /* __IP_SET_IPHASH_H */ | |
1217 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_ipmap.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_ipmap.h | |
1218 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_ipmap.h 1970-01-01 01:00:00.000000000 +0100 | |
1219 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_ipmap.h 2005-03-13 13:50:15.000000000 +0100 | |
1220 | @@ -0,0 +1,56 @@ | |
1221 | +#ifndef __IP_SET_IPMAP_H | |
1222 | +#define __IP_SET_IPMAP_H | |
1223 | + | |
1224 | +#include <linux/netfilter_ipv4/ip_set.h> | |
1225 | + | |
1226 | +#define SETTYPE_NAME "ipmap" | |
1227 | +#define MAX_RANGE 0x0000FFFF | |
1228 | + | |
1229 | +struct ip_set_ipmap { | |
1230 | + void *members; /* the ipmap proper */ | |
1231 | + ip_set_ip_t first_ip; /* host byte order, included in range */ | |
1232 | + ip_set_ip_t last_ip; /* host byte order, included in range */ | |
1233 | + ip_set_ip_t netmask; /* subnet netmask */ | |
1234 | + ip_set_ip_t sizeid; /* size of set in IPs */ | |
1235 | + u_int16_t hosts; /* number of hosts in a subnet */ | |
1236 | +}; | |
1237 | + | |
1238 | +struct ip_set_req_ipmap_create { | |
1239 | + ip_set_ip_t from; | |
1240 | + ip_set_ip_t to; | |
1241 | + ip_set_ip_t netmask; | |
1242 | +}; | |
1243 | + | |
1244 | +struct ip_set_req_ipmap { | |
1245 | + ip_set_ip_t ip; | |
1246 | +}; | |
1247 | + | |
1248 | +unsigned int | |
1249 | +mask_to_bits(ip_set_ip_t mask) | |
1250 | +{ | |
1251 | + unsigned int bits = 32; | |
1252 | + ip_set_ip_t maskaddr; | |
1253 | + | |
1254 | + if (mask == 0xFFFFFFFF) | |
1255 | + return bits; | |
1256 | + | |
1257 | + maskaddr = 0xFFFFFFFE; | |
1258 | + while (--bits >= 0 && maskaddr != mask) | |
1259 | + maskaddr <<= 1; | |
1260 | + | |
1261 | + return bits; | |
1262 | +} | |
1263 | + | |
1264 | +ip_set_ip_t | |
1265 | +range_to_mask(ip_set_ip_t from, ip_set_ip_t to, unsigned int *bits) | |
1266 | +{ | |
1267 | + ip_set_ip_t mask = 0xFFFFFFFE; | |
1268 | + | |
1269 | + *bits = 32; | |
1270 | + while (--(*bits) >= 0 && mask && (to & mask) != from) | |
1271 | + mask <<= 1; | |
1272 | + | |
1273 | + return mask; | |
1274 | +} | |
1275 | + | |
1276 | +#endif /* __IP_SET_IPMAP_H */ | |
1277 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_jhash.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_jhash.h | |
1278 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_jhash.h 1970-01-01 01:00:00.000000000 +0100 | |
1279 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_jhash.h 2005-03-13 13:50:15.000000000 +0100 | |
1280 | @@ -0,0 +1,148 @@ | |
1281 | +#ifndef _LINUX_IPSET_JHASH_H | |
1282 | +#define _LINUX_IPSET_JHASH_H | |
1283 | + | |
1284 | +/* This is a copy of linux/jhash.h but the types u32/u8 are changed | |
1285 | + * to __u32/__u8 so that the header file can be included into | |
1286 | + * userspace code as well. Jozsef Kadlecsik (kadlec@blackhole.kfki.hu) | |
1287 | + */ | |
1288 | + | |
1289 | +/* jhash.h: Jenkins hash support. | |
1290 | + * | |
1291 | + * Copyright (C) 1996 Bob Jenkins (bob_jenkins@burtleburtle.net) | |
1292 | + * | |
1293 | + * http://burtleburtle.net/bob/hash/ | |
1294 | + * | |
1295 | + * These are the credits from Bob's sources: | |
1296 | + * | |
1297 | + * lookup2.c, by Bob Jenkins, December 1996, Public Domain. | |
1298 | + * hash(), hash2(), hash3, and mix() are externally useful functions. | |
1299 | + * Routines to test the hash are included if SELF_TEST is defined. | |
1300 | + * You can use this free for any purpose. It has no warranty. | |
1301 | + * | |
1302 | + * Copyright (C) 2003 David S. Miller (davem@redhat.com) | |
1303 | + * | |
1304 | + * I've modified Bob's hash to be useful in the Linux kernel, and | |
1305 | + * any bugs present are surely my fault. -DaveM | |
1306 | + */ | |
1307 | + | |
1308 | +/* NOTE: Arguments are modified. */ | |
1309 | +#define __jhash_mix(a, b, c) \ | |
1310 | +{ \ | |
1311 | + a -= b; a -= c; a ^= (c>>13); \ | |
1312 | + b -= c; b -= a; b ^= (a<<8); \ | |
1313 | + c -= a; c -= b; c ^= (b>>13); \ | |
1314 | + a -= b; a -= c; a ^= (c>>12); \ | |
1315 | + b -= c; b -= a; b ^= (a<<16); \ | |
1316 | + c -= a; c -= b; c ^= (b>>5); \ | |
1317 | + a -= b; a -= c; a ^= (c>>3); \ | |
1318 | + b -= c; b -= a; b ^= (a<<10); \ | |
1319 | + c -= a; c -= b; c ^= (b>>15); \ | |
1320 | +} | |
1321 | + | |
1322 | +/* The golden ration: an arbitrary value */ | |
1323 | +#define JHASH_GOLDEN_RATIO 0x9e3779b9 | |
1324 | + | |
1325 | +/* The most generic version, hashes an arbitrary sequence | |
1326 | + * of bytes. No alignment or length assumptions are made about | |
1327 | + * the input key. | |
1328 | + */ | |
1329 | +static inline __u32 jhash(void *key, __u32 length, __u32 initval) | |
1330 | +{ | |
1331 | + __u32 a, b, c, len; | |
1332 | + __u8 *k = key; | |
1333 | + | |
1334 | + len = length; | |
1335 | + a = b = JHASH_GOLDEN_RATIO; | |
1336 | + c = initval; | |
1337 | + | |
1338 | + while (len >= 12) { | |
1339 | + a += (k[0] +((__u32)k[1]<<8) +((__u32)k[2]<<16) +((__u32)k[3]<<24)); | |
1340 | + b += (k[4] +((__u32)k[5]<<8) +((__u32)k[6]<<16) +((__u32)k[7]<<24)); | |
1341 | + c += (k[8] +((__u32)k[9]<<8) +((__u32)k[10]<<16)+((__u32)k[11]<<24)); | |
1342 | + | |
1343 | + __jhash_mix(a,b,c); | |
1344 | + | |
1345 | + k += 12; | |
1346 | + len -= 12; | |
1347 | + } | |
1348 | + | |
1349 | + c += length; | |
1350 | + switch (len) { | |
1351 | + case 11: c += ((__u32)k[10]<<24); | |
1352 | + case 10: c += ((__u32)k[9]<<16); | |
1353 | + case 9 : c += ((__u32)k[8]<<8); | |
1354 | + case 8 : b += ((__u32)k[7]<<24); | |
1355 | + case 7 : b += ((__u32)k[6]<<16); | |
1356 | + case 6 : b += ((__u32)k[5]<<8); | |
1357 | + case 5 : b += k[4]; | |
1358 | + case 4 : a += ((__u32)k[3]<<24); | |
1359 | + case 3 : a += ((__u32)k[2]<<16); | |
1360 | + case 2 : a += ((__u32)k[1]<<8); | |
1361 | + case 1 : a += k[0]; | |
1362 | + }; | |
1363 | + | |
1364 | + __jhash_mix(a,b,c); | |
1365 | + | |
1366 | + return c; | |
1367 | +} | |
1368 | + | |
1369 | +/* A special optimized version that handles 1 or more of __u32s. | |
1370 | + * The length parameter here is the number of __u32s in the key. | |
1371 | + */ | |
1372 | +static inline __u32 jhash2(__u32 *k, __u32 length, __u32 initval) | |
1373 | +{ | |
1374 | + __u32 a, b, c, len; | |
1375 | + | |
1376 | + a = b = JHASH_GOLDEN_RATIO; | |
1377 | + c = initval; | |
1378 | + len = length; | |
1379 | + | |
1380 | + while (len >= 3) { | |
1381 | + a += k[0]; | |
1382 | + b += k[1]; | |
1383 | + c += k[2]; | |
1384 | + __jhash_mix(a, b, c); | |
1385 | + k += 3; len -= 3; | |
1386 | + } | |
1387 | + | |
1388 | + c += length * 4; | |
1389 | + | |
1390 | + switch (len) { | |
1391 | + case 2 : b += k[1]; | |
1392 | + case 1 : a += k[0]; | |
1393 | + }; | |
1394 | + | |
1395 | + __jhash_mix(a,b,c); | |
1396 | + | |
1397 | + return c; | |
1398 | +} | |
1399 | + | |
1400 | + | |
1401 | +/* A special ultra-optimized versions that knows they are hashing exactly | |
1402 | + * 3, 2 or 1 word(s). | |
1403 | + * | |
1404 | + * NOTE: In partilar the "c += length; __jhash_mix(a,b,c);" normally | |
1405 | + * done at the end is not done here. | |
1406 | + */ | |
1407 | +static inline __u32 jhash_3words(__u32 a, __u32 b, __u32 c, __u32 initval) | |
1408 | +{ | |
1409 | + a += JHASH_GOLDEN_RATIO; | |
1410 | + b += JHASH_GOLDEN_RATIO; | |
1411 | + c += initval; | |
1412 | + | |
1413 | + __jhash_mix(a, b, c); | |
1414 | + | |
1415 | + return c; | |
1416 | +} | |
1417 | + | |
1418 | +static inline __u32 jhash_2words(__u32 a, __u32 b, __u32 initval) | |
1419 | +{ | |
1420 | + return jhash_3words(a, b, 0, initval); | |
1421 | +} | |
1422 | + | |
1423 | +static inline __u32 jhash_1word(__u32 a, __u32 initval) | |
1424 | +{ | |
1425 | + return jhash_3words(a, 0, 0, initval); | |
1426 | +} | |
1427 | + | |
1428 | +#endif /* _LINUX_IPSET_JHASH_H */ | |
1429 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_macipmap.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_macipmap.h | |
1430 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_macipmap.h 1970-01-01 01:00:00.000000000 +0100 | |
1431 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_macipmap.h 2005-03-13 13:50:15.000000000 +0100 | |
1432 | @@ -0,0 +1,38 @@ | |
1433 | +#ifndef __IP_SET_MACIPMAP_H | |
1434 | +#define __IP_SET_MACIPMAP_H | |
1435 | + | |
1436 | +#include <linux/netfilter_ipv4/ip_set.h> | |
1437 | + | |
1438 | +#define SETTYPE_NAME "macipmap" | |
1439 | +#define MAX_RANGE 0x0000FFFF | |
1440 | + | |
1441 | +/* general flags */ | |
1442 | +#define IPSET_MACIP_MATCHUNSET 1 | |
1443 | + | |
1444 | +/* per ip flags */ | |
1445 | +#define IPSET_MACIP_ISSET 1 | |
1446 | + | |
1447 | +struct ip_set_macipmap { | |
1448 | + void *members; /* the macipmap proper */ | |
1449 | + ip_set_ip_t first_ip; /* host byte order, included in range */ | |
1450 | + ip_set_ip_t last_ip; /* host byte order, included in range */ | |
1451 | + u_int32_t flags; | |
1452 | +}; | |
1453 | + | |
1454 | +struct ip_set_req_macipmap_create { | |
1455 | + ip_set_ip_t from; | |
1456 | + ip_set_ip_t to; | |
1457 | + u_int32_t flags; | |
1458 | +}; | |
1459 | + | |
1460 | +struct ip_set_req_macipmap { | |
1461 | + ip_set_ip_t ip; | |
1462 | + unsigned char ethernet[ETH_ALEN]; | |
1463 | +}; | |
1464 | + | |
1465 | +struct ip_set_macip { | |
1466 | + unsigned short flags; | |
1467 | + unsigned char ethernet[ETH_ALEN]; | |
1468 | +}; | |
1469 | + | |
1470 | +#endif /* __IP_SET_MACIPMAP_H */ | |
1471 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_malloc.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_malloc.h | |
1472 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_malloc.h 1970-01-01 01:00:00.000000000 +0100 | |
1473 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_malloc.h 2005-03-13 22:59:30.000000000 +0100 | |
1474 | @@ -0,0 +1,4 @@ | |
1475 | +#ifndef _IP_SET_MALLOC_H | |
1476 | +#define _IP_SET_MALLOC_H | |
1477 | + | |
1478 | +#endif /*_IP_SET_MALLOC_H*/ | |
1479 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_nethash.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_nethash.h | |
1480 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_nethash.h 1970-01-01 01:00:00.000000000 +0100 | |
1481 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_nethash.h 2005-03-13 22:59:44.000000000 +0100 | |
1482 | @@ -0,0 +1,47 @@ | |
1483 | +#ifndef __IP_SET_NETHASH_H | |
1484 | +#define __IP_SET_NETHASH_H | |
1485 | + | |
1486 | +#include <linux/netfilter_ipv4/ip_set.h> | |
1487 | + | |
1488 | +#define SETTYPE_NAME "nethash" | |
1489 | +#define MAX_RANGE 0x0000FFFF | |
1490 | + | |
1491 | +struct ip_set_nethash { | |
1492 | + ip_set_ip_t *members; /* the nethash proper */ | |
1493 | + uint32_t initval; /* initval for jhash_1word */ | |
1494 | + uint32_t prime; /* prime for double hashing */ | |
1495 | + uint32_t hashsize; /* hash size */ | |
1496 | + uint16_t probes; /* max number of probes */ | |
1497 | + uint16_t resize; /* resize factor in percent */ | |
1498 | + unsigned char cidr[30]; /* CIDR sizes */ | |
1499 | +}; | |
1500 | + | |
1501 | +struct ip_set_req_nethash_create { | |
1502 | + uint32_t hashsize; | |
1503 | + uint16_t probes; | |
1504 | + uint16_t resize; | |
1505 | +}; | |
1506 | + | |
1507 | +struct ip_set_req_nethash { | |
1508 | + ip_set_ip_t ip; | |
1509 | + unsigned char cidr; | |
1510 | +}; | |
1511 | + | |
1512 | +static unsigned char shifts[] = {255, 253, 249, 242, 225, 193, 129, 1}; | |
1513 | + | |
1514 | +static inline ip_set_ip_t | |
1515 | +pack(ip_set_ip_t ip, unsigned char cidr) | |
1516 | +{ | |
1517 | + ip_set_ip_t addr, *paddr = &addr; | |
1518 | + unsigned char n, t, *a; | |
1519 | + | |
1520 | + addr = htonl(ip & (0xFFFFFFFF << (32 - (cidr)))); | |
1521 | + n = cidr / 8; | |
1522 | + t = cidr % 8; | |
1523 | + a = &((unsigned char *)paddr)[n]; | |
1524 | + *a = *a /(1 << (8 - t)) + shifts[t]; | |
1525 | + | |
1526 | + return ntohl(addr); | |
1527 | +} | |
1528 | + | |
1529 | +#endif /* __IP_SET_NETHASH_H */ | |
1530 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_portmap.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_portmap.h | |
1531 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_portmap.h 1970-01-01 01:00:00.000000000 +0100 | |
1532 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_portmap.h 2005-03-13 13:50:15.000000000 +0100 | |
1533 | @@ -0,0 +1,25 @@ | |
1534 | +#ifndef __IP_SET_PORTMAP_H | |
1535 | +#define __IP_SET_PORTMAP_H | |
1536 | + | |
1537 | +#include <linux/netfilter_ipv4/ip_set.h> | |
1538 | + | |
1539 | +#define SETTYPE_NAME "portmap" | |
1540 | +#define MAX_RANGE 0x0000FFFF | |
1541 | +#define INVALID_PORT (MAX_RANGE + 1) | |
1542 | + | |
1543 | +struct ip_set_portmap { | |
1544 | + void *members; /* the portmap proper */ | |
1545 | + ip_set_ip_t first_port; /* host byte order, included in range */ | |
1546 | + ip_set_ip_t last_port; /* host byte order, included in range */ | |
1547 | +}; | |
1548 | + | |
1549 | +struct ip_set_req_portmap_create { | |
1550 | + ip_set_ip_t from; | |
1551 | + ip_set_ip_t to; | |
1552 | +}; | |
1553 | + | |
1554 | +struct ip_set_req_portmap { | |
1555 | + ip_set_ip_t port; | |
1556 | +}; | |
1557 | + | |
1558 | +#endif /* __IP_SET_PORTMAP_H */ | |
1559 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_prime.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_prime.h | |
1560 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_set_prime.h 1970-01-01 01:00:00.000000000 +0100 | |
1561 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_set_prime.h 2005-03-13 13:50:15.000000000 +0100 | |
1562 | @@ -0,0 +1,34 @@ | |
1563 | +#ifndef __IP_SET_PRIME_H | |
1564 | +#define __IP_SET_PRIME_H | |
1565 | + | |
1566 | +static inline unsigned make_prime_bound(unsigned nr) | |
1567 | +{ | |
1568 | + unsigned long long nr64 = nr; | |
1569 | + unsigned long long x = 1; | |
1570 | + nr = 1; | |
1571 | + while (x <= nr64) { x <<= 2; nr <<= 1; } | |
1572 | + return nr; | |
1573 | +} | |
1574 | + | |
1575 | +static inline int make_prime_check(unsigned nr) | |
1576 | +{ | |
1577 | + unsigned x = 3; | |
1578 | + unsigned b = make_prime_bound(nr); | |
1579 | + while (x <= b) { | |
1580 | + if (0 == (nr % x)) return 0; | |
1581 | + x += 2; | |
1582 | + } | |
1583 | + return 1; | |
1584 | +} | |
1585 | + | |
1586 | +static unsigned make_prime(unsigned nr) | |
1587 | +{ | |
1588 | + if (0 == (nr & 1)) nr--; | |
1589 | + while (nr > 1) { | |
1590 | + if (make_prime_check(nr)) return nr; | |
1591 | + nr -= 2; | |
1592 | + } | |
1593 | + return 2; | |
1594 | +} | |
1595 | + | |
1596 | +#endif /* __IP_SET_PRIME_H */ | |
1597 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_tables.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_tables.h | |
1598 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ip_tables.h 2005-03-13 21:53:55.000000000 +0100 | |
1599 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ip_tables.h 2005-03-13 22:59:58.000000000 +0100 | |
1600 | @@ -101,7 +102,8 @@ | |
0fc89030 PS |
1601 | |
1602 | /* Values for "flag" field in struct ipt_ip (general ip structure). */ | |
1603 | #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ | |
1604 | -#define IPT_F_MASK 0x01 /* All possible flag bits mask. */ | |
1605 | +#define IPT_F_GOTO 0x02 /* Set if jump is a goto */ | |
1606 | +#define IPT_F_MASK 0x03 /* All possible flag bits mask. */ | |
1607 | ||
1608 | /* Values for "inv" field in struct ipt_ip. */ | |
1609 | #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ | |
014436e1 PS |
1610 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_account.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_account.h |
1611 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_account.h 1970-01-01 01:00:00.000000000 +0100 | |
1612 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_account.h 2005-03-13 13:50:15.000000000 +0100 | |
0fc89030 | 1613 | @@ -0,0 +1,26 @@ |
4f894449 PS |
1614 | +/* |
1615 | + * accounting match (ipt_account.c) | |
0fc89030 | 1616 | + * (C) 2003,2004 by Piotr Gasidlo (quaker@barbara.eu.org) |
4f894449 | 1617 | + * |
0fc89030 | 1618 | + * Version: 0.1.7 |
4f894449 PS |
1619 | + * |
1620 | + * This software is distributed under the terms of GNU GPL | |
1621 | + */ | |
1622 | + | |
1623 | +#ifndef _IPT_ACCOUNT_H_ | |
1624 | +#define _IPT_ACCOUNT_H_ | |
1625 | + | |
1626 | +#define IPT_ACCOUNT_NAME_LEN 64 | |
1627 | + | |
0fc89030 PS |
1628 | +#define IPT_ACCOUNT_NAME "ipt_account" |
1629 | +#define IPT_ACCOUNT_VERSION "0.1.7" | |
1630 | + | |
4f894449 PS |
1631 | +struct t_ipt_account_info { |
1632 | + char name[IPT_ACCOUNT_NAME_LEN]; | |
1633 | + u_int32_t network; | |
1634 | + u_int32_t netmask; | |
0fc89030 | 1635 | + int shortlisting:1; |
4f894449 PS |
1636 | +}; |
1637 | + | |
1638 | +#endif | |
0fc89030 | 1639 | + |
014436e1 PS |
1640 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_fuzzy.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_fuzzy.h |
1641 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_fuzzy.h 1970-01-01 01:00:00.000000000 +0100 | |
1642 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_fuzzy.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
1643 | @@ -0,0 +1,21 @@ |
1644 | +#ifndef _IPT_FUZZY_H | |
1645 | +#define _IPT_FUZZY_H | |
1646 | + | |
1647 | +#include <linux/param.h> | |
1648 | +#include <linux/types.h> | |
1649 | + | |
1650 | +#define MAXFUZZYRATE 10000000 | |
1651 | +#define MINFUZZYRATE 3 | |
1652 | + | |
1653 | +struct ipt_fuzzy_info { | |
1654 | + u_int32_t minimum_rate; | |
1655 | + u_int32_t maximum_rate; | |
1656 | + u_int32_t packets_total; | |
1657 | + u_int32_t bytes_total; | |
1658 | + u_int32_t previous_time; | |
1659 | + u_int32_t present_time; | |
1660 | + u_int32_t mean_rate; | |
1661 | + u_int8_t acceptance_rate; | |
1662 | +}; | |
1663 | + | |
1664 | +#endif /*_IPT_FUZZY_H*/ | |
014436e1 PS |
1665 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_geoip.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_geoip.h |
1666 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_geoip.h 1970-01-01 01:00:00.000000000 +0100 | |
1667 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_geoip.h 2005-03-13 13:50:15.000000000 +0100 | |
1668 | @@ -0,0 +1,50 @@ | |
1669 | +/* ipt_geoip.h header file for libipt_geoip.c and ipt_geoip.c | |
1670 | + * | |
1671 | + * This program is free software; you can redistribute it and/or modify | |
1672 | + * it under the terms of the GNU General Public License as published by | |
1673 | + * the Free Software Foundation; either version 2 of the License, or | |
1674 | + * (at your option) any later version. | |
1675 | + * | |
1676 | + * Copyright (c) 2004 Cookinglinux | |
1677 | + */ | |
1678 | +#ifndef _IPT_GEOIP_H | |
1679 | +#define _IPT_GEOIP_H | |
1680 | + | |
1681 | +#define IPT_GEOIP_SRC 0x01 /* Perform check on Source IP */ | |
1682 | +#define IPT_GEOIP_DST 0x02 /* Perform check on Destination IP */ | |
1683 | +#define IPT_GEOIP_INV 0x04 /* Negate the condition */ | |
1684 | + | |
1685 | +#define IPT_GEOIP_MAX 15 /* Maximum of countries */ | |
1686 | + | |
1687 | +struct geoip_subnet { | |
1688 | + u_int32_t begin; | |
1689 | + u_int32_t end; | |
1690 | +}; | |
1691 | + | |
1692 | +struct geoip_info { | |
1693 | + struct geoip_subnet *subnets; | |
1694 | + u_int32_t count; | |
1695 | + u_int32_t ref; | |
1696 | + u_int16_t cc; | |
1697 | + struct geoip_info *next; | |
1698 | + struct geoip_info *prev; | |
1699 | +}; | |
1700 | + | |
1701 | +struct ipt_geoip_info { | |
1702 | + u_int8_t flags; | |
1703 | + u_int8_t count; | |
1704 | + u_int16_t cc[IPT_GEOIP_MAX]; | |
1705 | + | |
1706 | + /* Used internally by the kernel */ | |
1707 | + struct geoip_info *mem[IPT_GEOIP_MAX]; | |
1708 | + u_int8_t *refcount; | |
1709 | + | |
1710 | + /* not implemented yet: | |
1711 | + void *fini; | |
1712 | + */ | |
1713 | +}; | |
1714 | + | |
1715 | +#define COUNTRY(cc) (cc >> 8), (cc & 0x00FF) | |
1716 | + | |
1717 | +#endif | |
1718 | + | |
1719 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_IMQ.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_IMQ.h | |
1720 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_IMQ.h 1970-01-01 01:00:00.000000000 +0100 | |
1721 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_IMQ.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
1722 | @@ -0,0 +1,8 @@ |
1723 | +#ifndef _IPT_IMQ_H | |
1724 | +#define _IPT_IMQ_H | |
1725 | + | |
1726 | +struct ipt_imq_info { | |
ac0c4b1f | 1727 | + unsigned int todev; /* target imq device */ |
bab37e86 PS |
1728 | +}; |
1729 | + | |
1730 | +#endif /* _IPT_IMQ_H */ | |
014436e1 PS |
1731 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_IPMARK.h |
1732 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
1733 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_IPMARK.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
1734 | @@ -0,0 +1,13 @@ |
1735 | +#ifndef _IPT_IPMARK_H_target | |
1736 | +#define _IPT_IPMARK_H_target | |
1737 | + | |
1738 | +struct ipt_ipmark_target_info { | |
1739 | + unsigned long andmask; | |
1740 | + unsigned long ormask; | |
1741 | + unsigned int addr; | |
1742 | +}; | |
1743 | + | |
1744 | +#define IPT_IPMARK_SRC 0 | |
1745 | +#define IPT_IPMARK_DST 1 | |
1746 | + | |
1747 | +#endif /*_IPT_IPMARK_H_target*/ | |
014436e1 PS |
1748 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_ipp2p.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_ipp2p.h |
1749 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_ipp2p.h 1970-01-01 01:00:00.000000000 +0100 | |
1750 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_ipp2p.h 2005-03-13 13:50:15.000000000 +0100 | |
1751 | @@ -0,0 +1,29 @@ | |
1752 | +#ifndef __IPT_IPP2P_H | |
1753 | +#define __IPT_IPP2P_H | |
1754 | +#define IPP2P_VERSION "0.7.2" | |
1755 | + | |
1756 | +struct ipt_p2p_info { | |
1757 | + int cmd; | |
1758 | + int debug; | |
1759 | +}; | |
1760 | + | |
1761 | +#endif //__IPT_IPP2P_H | |
1762 | + | |
1763 | +#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/ | |
1764 | +#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/ | |
1765 | +#define SHORT_HAND_NONE 5 /* no short hand*/ | |
1766 | + | |
1767 | +#define IPP2P_EDK 2 | |
1768 | +#define IPP2P_DATA_KAZAA 8 | |
1769 | +#define IPP2P_DATA_EDK 16 | |
1770 | +#define IPP2P_DATA_DC 32 | |
1771 | +#define IPP2P_DC 64 | |
1772 | +#define IPP2P_DATA_GNU 128 | |
1773 | +#define IPP2P_GNU 256 | |
1774 | +#define IPP2P_KAZAA 512 | |
1775 | +#define IPP2P_BIT 1024 | |
1776 | +#define IPP2P_APPLE 2048 | |
1777 | +#define IPP2P_SOUL 4096 | |
1778 | +#define IPP2P_WINMX 8192 | |
1779 | +#define IPP2P_ARES 16384 | |
1780 | + | |
1781 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_ipv4options.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_ipv4options.h | |
1782 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_ipv4options.h 1970-01-01 01:00:00.000000000 +0100 | |
1783 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_ipv4options.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
1784 | @@ -0,0 +1,21 @@ |
1785 | +#ifndef __ipt_ipv4options_h_included__ | |
1786 | +#define __ipt_ipv4options_h_included__ | |
1787 | + | |
1788 | +#define IPT_IPV4OPTION_MATCH_SSRR 0x01 /* For strict source routing */ | |
1789 | +#define IPT_IPV4OPTION_MATCH_LSRR 0x02 /* For loose source routing */ | |
1790 | +#define IPT_IPV4OPTION_DONT_MATCH_SRR 0x04 /* any source routing */ | |
1791 | +#define IPT_IPV4OPTION_MATCH_RR 0x08 /* For Record route */ | |
1792 | +#define IPT_IPV4OPTION_DONT_MATCH_RR 0x10 | |
1793 | +#define IPT_IPV4OPTION_MATCH_TIMESTAMP 0x20 /* For timestamp request */ | |
1794 | +#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP 0x40 | |
1795 | +#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT 0x80 /* For router-alert */ | |
1796 | +#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100 | |
1797 | +#define IPT_IPV4OPTION_MATCH_ANY_OPT 0x200 /* match packet with any option */ | |
1798 | +#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT 0x400 /* match packet with no option */ | |
1799 | + | |
1800 | +struct ipt_ipv4options_info { | |
1801 | + u_int16_t options; | |
1802 | +}; | |
1803 | + | |
1804 | + | |
1805 | +#endif /* __ipt_ipv4options_h_included__ */ | |
014436e1 PS |
1806 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_nth.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_nth.h |
1807 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_nth.h 1970-01-01 01:00:00.000000000 +0100 | |
1808 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_nth.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
1809 | @@ -0,0 +1,19 @@ |
1810 | +#ifndef _IPT_NTH_H | |
1811 | +#define _IPT_NTH_H | |
1812 | + | |
1813 | +#include <linux/param.h> | |
1814 | +#include <linux/types.h> | |
1815 | + | |
1816 | +#ifndef IPT_NTH_NUM_COUNTERS | |
1817 | +#define IPT_NTH_NUM_COUNTERS 16 | |
1818 | +#endif | |
1819 | + | |
1820 | +struct ipt_nth_info { | |
1821 | + u_int8_t every; | |
1822 | + u_int8_t not; | |
1823 | + u_int8_t startat; | |
1824 | + u_int8_t counter; | |
1825 | + u_int8_t packet; | |
1826 | +}; | |
1827 | + | |
1828 | +#endif /*_IPT_NTH_H*/ | |
014436e1 PS |
1829 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_osf.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_osf.h |
1830 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_osf.h 1970-01-01 01:00:00.000000000 +0100 | |
1831 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_osf.h 2005-03-13 23:00:33.000000000 +0100 | |
1832 | @@ -0,0 +1,91 @@ | |
0fc89030 PS |
1833 | +/* |
1834 | + * ipt_osf.h | |
1835 | + * | |
1836 | + * Copyright (c) 2003 Evgeniy Polyakov <johnpol@2ka.mipt.ru> | |
1837 | + * | |
1838 | + * | |
1839 | + * This program is free software; you can redistribute it and/or modify | |
1840 | + * it under the terms of the GNU General Public License as published by | |
1841 | + * the Free Software Foundation; either version 2 of the License, or | |
1842 | + * (at your option) any later version. | |
1843 | + * | |
1844 | + * This program is distributed in the hope that it will be useful, | |
1845 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
1846 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
1847 | + * GNU General Public License for more details. | |
1848 | + * | |
1849 | + * You should have received a copy of the GNU General Public License | |
1850 | + * along with this program; if not, write to the Free Software | |
1851 | + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
1852 | + */ | |
1853 | + | |
1854 | +#ifndef _IPT_OSF_H | |
1855 | +#define _IPT_OSF_H | |
1856 | + | |
1857 | +#define MAXGENRELEN 32 | |
1858 | +#define MAXDETLEN 64 | |
1859 | + | |
1860 | +#define IPT_OSF_GENRE 1 | |
1861 | +#define IPT_OSF_SMART 2 | |
1862 | +#define IPT_OSF_LOG 4 | |
1863 | +#define IPT_OSF_NETLINK 8 | |
1864 | + | |
1865 | +#define IPT_OSF_LOGLEVEL_ALL 0 | |
1866 | +#define IPT_OSF_LOGLEVEL_FIRST 1 | |
1867 | + | |
0fc89030 PS |
1868 | +struct ipt_osf_info |
1869 | +{ | |
1870 | + char genre[MAXGENRELEN]; | |
1871 | + int len; | |
1872 | + unsigned long flags; | |
1873 | + int loglevel; | |
1874 | + int invert; /* UNSUPPORTED */ | |
1875 | +}; | |
1876 | + | |
1877 | +struct osf_wc | |
1878 | +{ | |
1879 | + char wc; | |
1880 | + unsigned long val; | |
1881 | +}; | |
1882 | + | |
1883 | +/* This struct represents IANA options | |
1884 | + * http://www.iana.org/assignments/tcp-parameters | |
1885 | + */ | |
1886 | +struct osf_opt | |
1887 | +{ | |
1888 | + unsigned char kind; | |
1889 | + unsigned char length; | |
1890 | + struct osf_wc wc; | |
1891 | +}; | |
1892 | + | |
014436e1 | 1893 | + |
ac0c4b1f | 1894 | +struct __list_head { |
014436e1 | 1895 | + struct __list_head *next, *prev; |
ac0c4b1f PS |
1896 | +}; |
1897 | + | |
0fc89030 PS |
1898 | +struct osf_finger |
1899 | +{ | |
ac0c4b1f | 1900 | + struct __list_head flist; |
0fc89030 PS |
1901 | + struct osf_wc wss; |
1902 | + unsigned char ttl; | |
1903 | + unsigned char df; | |
1904 | + unsigned long ss; | |
1905 | + unsigned char genre[MAXGENRELEN]; | |
1906 | + unsigned char version[MAXGENRELEN], subtype[MAXGENRELEN]; | |
1907 | + | |
1908 | + /* Not needed, but for consistency with original table from Michal Zalewski */ | |
1909 | + unsigned char details[MAXDETLEN]; | |
1910 | + | |
1911 | + int opt_num; | |
1912 | + struct osf_opt opt[MAX_IPOPTLEN]; /* In case it is all NOP or EOL */ | |
1913 | + | |
1914 | +}; | |
1915 | + | |
1916 | +struct ipt_osf_nlmsg | |
1917 | +{ | |
1918 | + struct osf_finger f; | |
1919 | + struct iphdr ip; | |
1920 | + struct tcphdr tcp; | |
1921 | +}; | |
1922 | + | |
1923 | +#endif /* _IPT_OSF_H */ | |
014436e1 PS |
1924 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_policy.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_policy.h |
1925 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_policy.h 1970-01-01 01:00:00.000000000 +0100 | |
1926 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_policy.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
1927 | @@ -0,0 +1,52 @@ |
1928 | +#ifndef _IPT_POLICY_H | |
1929 | +#define _IPT_POLICY_H | |
1930 | + | |
1931 | +#define POLICY_MAX_ELEM 4 | |
1932 | + | |
1933 | +enum ipt_policy_flags | |
1934 | +{ | |
1935 | + POLICY_MATCH_IN = 0x1, | |
1936 | + POLICY_MATCH_OUT = 0x2, | |
1937 | + POLICY_MATCH_NONE = 0x4, | |
1938 | + POLICY_MATCH_STRICT = 0x8, | |
1939 | +}; | |
1940 | + | |
1941 | +enum ipt_policy_modes | |
1942 | +{ | |
1943 | + POLICY_MODE_TRANSPORT, | |
1944 | + POLICY_MODE_TUNNEL | |
1945 | +}; | |
1946 | + | |
1947 | +struct ipt_policy_spec | |
1948 | +{ | |
1949 | + u_int8_t saddr:1, | |
1950 | + daddr:1, | |
1951 | + proto:1, | |
1952 | + mode:1, | |
1953 | + spi:1, | |
1954 | + reqid:1; | |
1955 | +}; | |
1956 | + | |
1957 | +struct ipt_policy_elem | |
1958 | +{ | |
1959 | + u_int32_t saddr; | |
1960 | + u_int32_t smask; | |
1961 | + u_int32_t daddr; | |
1962 | + u_int32_t dmask; | |
1963 | + u_int32_t spi; | |
1964 | + u_int32_t reqid; | |
1965 | + u_int8_t proto; | |
1966 | + u_int8_t mode; | |
1967 | + | |
1968 | + struct ipt_policy_spec match; | |
1969 | + struct ipt_policy_spec invert; | |
1970 | +}; | |
1971 | + | |
1972 | +struct ipt_policy_info | |
1973 | +{ | |
1974 | + struct ipt_policy_elem pol[POLICY_MAX_ELEM]; | |
1975 | + u_int16_t flags; | |
1976 | + u_int16_t len; | |
1977 | +}; | |
1978 | + | |
1979 | +#endif /* _IPT_POLICY_H */ | |
014436e1 PS |
1980 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_set.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_set.h |
1981 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_set.h 1970-01-01 01:00:00.000000000 +0100 | |
1982 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_set.h 2005-03-13 13:50:15.000000000 +0100 | |
1983 | @@ -0,0 +1,21 @@ | |
1984 | +#ifndef _IPT_SET_H | |
1985 | +#define _IPT_SET_H | |
bab37e86 | 1986 | + |
014436e1 | 1987 | +#include <linux/netfilter_ipv4/ip_set.h> |
e0dfec11 | 1988 | + |
014436e1 PS |
1989 | +struct ipt_set_info { |
1990 | + ip_set_id_t index; | |
1991 | + u_int32_t flags[IP_SET_MAX_BINDINGS + 1]; | |
1992 | +}; | |
e0dfec11 | 1993 | + |
014436e1 PS |
1994 | +/* match info */ |
1995 | +struct ipt_set_info_match { | |
1996 | + struct ipt_set_info match_set; | |
e0dfec11 PS |
1997 | +}; |
1998 | + | |
014436e1 PS |
1999 | +struct ipt_set_info_target { |
2000 | + struct ipt_set_info add_set; | |
2001 | + struct ipt_set_info del_set; | |
2002 | +}; | |
e0dfec11 | 2003 | + |
014436e1 PS |
2004 | +#endif /*_IPT_SET_H*/ |
2005 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_string.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_string.h | |
2006 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_string.h 1970-01-01 01:00:00.000000000 +0100 | |
2007 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_string.h 2005-03-13 18:21:35.000000000 +0100 | |
bab37e86 PS |
2008 | @@ -0,0 +1,21 @@ |
2009 | +#ifndef _IPT_STRING_H | |
2010 | +#define _IPT_STRING_H | |
2011 | + | |
2012 | +/* *** PERFORMANCE TWEAK *** | |
2013 | + * Packet size and search string threshold, | |
2014 | + * above which sublinear searches is used. */ | |
2015 | +#define IPT_STRING_HAYSTACK_THRESH 100 | |
2016 | +#define IPT_STRING_NEEDLE_THRESH 20 | |
2017 | + | |
2018 | +#define BM_MAX_NLEN 256 | |
2019 | +#define BM_MAX_HLEN 1024 | |
2020 | + | |
2021 | +typedef char *(*proc_ipt_search) (char *, char *, int, int); | |
2022 | + | |
2023 | +struct ipt_string_info { | |
2024 | + char string[BM_MAX_NLEN]; | |
2025 | + u_int16_t invert; | |
2026 | + u_int16_t len; | |
2027 | +}; | |
2028 | + | |
2029 | +#endif /* _IPT_STRING_H */ | |
014436e1 PS |
2030 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_time.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_time.h |
2031 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_time.h 1970-01-01 01:00:00.000000000 +0100 | |
2032 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_time.h 2005-03-13 13:50:15.000000000 +0100 | |
e0dfec11 | 2033 | @@ -0,0 +1,15 @@ |
bab37e86 PS |
2034 | +#ifndef __ipt_time_h_included__ |
2035 | +#define __ipt_time_h_included__ | |
2036 | + | |
2037 | + | |
2038 | +struct ipt_time_info { | |
2039 | + u_int8_t days_match; /* 1 bit per day. -SMTWTFS */ | |
2040 | + u_int16_t time_start; /* 0 < time_start < 23*60+59 = 1439 */ | |
2041 | + u_int16_t time_stop; /* 0:0 < time_stat < 23:59 */ | |
2042 | + u_int8_t kerneltime; /* ignore skb time (and use kerneltime) or not. */ | |
e0dfec11 PS |
2043 | + time_t date_start; |
2044 | + time_t date_stop; | |
bab37e86 PS |
2045 | +}; |
2046 | + | |
2047 | + | |
2048 | +#endif /* __ipt_time_h_included__ */ | |
014436e1 PS |
2049 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_TTL.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_TTL.h |
2050 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_TTL.h 1970-01-01 01:00:00.000000000 +0100 | |
2051 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_TTL.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
2052 | @@ -0,0 +1,21 @@ |
2053 | +/* TTL modification module for IP tables | |
2054 | + * (C) 2000 by Harald Welte <laforge@gnumonks.org> */ | |
2055 | + | |
2056 | +#ifndef _IPT_TTL_H | |
2057 | +#define _IPT_TTL_H | |
2058 | + | |
2059 | +enum { | |
2060 | + IPT_TTL_SET = 0, | |
2061 | + IPT_TTL_INC, | |
2062 | + IPT_TTL_DEC | |
2063 | +}; | |
2064 | + | |
2065 | +#define IPT_TTL_MAXMODE IPT_TTL_DEC | |
2066 | + | |
2067 | +struct ipt_TTL_info { | |
2068 | + u_int8_t mode; | |
2069 | + u_int8_t ttl; | |
2070 | +}; | |
2071 | + | |
2072 | + | |
2073 | +#endif | |
014436e1 PS |
2074 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_u32.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_u32.h |
2075 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_u32.h 1970-01-01 01:00:00.000000000 +0100 | |
2076 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_u32.h 2005-03-13 18:31:34.000000000 +0100 | |
0fc89030 PS |
2077 | @@ -0,0 +1,40 @@ |
2078 | +#ifndef _IPT_U32_H | |
2079 | +#define _IPT_U32_H | |
2080 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
2081 | + | |
2082 | +enum ipt_u32_ops | |
2083 | +{ | |
2084 | + IPT_U32_AND, | |
2085 | + IPT_U32_LEFTSH, | |
2086 | + IPT_U32_RIGHTSH, | |
2087 | + IPT_U32_AT | |
2088 | +}; | |
2089 | + | |
2090 | +struct ipt_u32_location_element | |
2091 | +{ | |
2092 | + u_int32_t number; | |
2093 | + u_int8_t nextop; | |
2094 | +}; | |
2095 | +struct ipt_u32_value_element | |
2096 | +{ | |
2097 | + u_int32_t min; | |
2098 | + u_int32_t max; | |
2099 | +}; | |
2100 | +/* *** any way to allow for an arbitrary number of elements? | |
2101 | + for now I settle for a limit of 10 of each */ | |
2102 | +#define U32MAXSIZE 10 | |
2103 | +struct ipt_u32_test | |
2104 | +{ | |
2105 | + u_int8_t nnums; | |
2106 | + struct ipt_u32_location_element location[U32MAXSIZE+1]; | |
2107 | + u_int8_t nvalues; | |
2108 | + struct ipt_u32_value_element value[U32MAXSIZE+1]; | |
2109 | +}; | |
2110 | + | |
2111 | +struct ipt_u32 | |
2112 | +{ | |
2113 | + u_int8_t ntests; | |
2114 | + struct ipt_u32_test tests[U32MAXSIZE+1]; | |
2115 | +}; | |
2116 | + | |
2117 | +#endif /*_IPT_U32_H*/ | |
014436e1 PS |
2118 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_XOR.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_XOR.h |
2119 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv4/ipt_XOR.h 1970-01-01 01:00:00.000000000 +0100 | |
2120 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv4/ipt_XOR.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
2121 | @@ -0,0 +1,9 @@ |
2122 | +#ifndef _IPT_XOR_H | |
2123 | +#define _IPT_XOR_H | |
2124 | + | |
2125 | +struct ipt_XOR_info { | |
2126 | + char key[30]; | |
2127 | + u_int8_t block_size; | |
2128 | +}; | |
2129 | + | |
2130 | +#endif /* _IPT_XOR_H */ | |
014436e1 PS |
2131 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6_logging.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6_logging.h |
2132 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6_logging.h 1970-01-01 01:00:00.000000000 +0100 | |
2133 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6_logging.h 2005-03-13 22:51:05.000000000 +0100 | |
38896796 | 2134 | @@ -0,0 +1,5 @@ |
e0dfec11 PS |
2135 | +/* IPv6 macros for the nternal logging interface. */ |
2136 | +#ifndef __IP6_LOGGING_H | |
2137 | +#define __IP6_LOGGING_H | |
2138 | + | |
e0dfec11 | 2139 | +#endif /*__IP6_LOGGING_H*/ |
014436e1 PS |
2140 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_fuzzy.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h |
2141 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_fuzzy.h 1970-01-01 01:00:00.000000000 +0100 | |
2142 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_fuzzy.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
2143 | @@ -0,0 +1,21 @@ |
2144 | +#ifndef _IP6T_FUZZY_H | |
2145 | +#define _IP6T_FUZZY_H | |
2146 | + | |
2147 | +#include <linux/param.h> | |
2148 | +#include <linux/types.h> | |
2149 | + | |
2150 | +#define MAXFUZZYRATE 10000000 | |
2151 | +#define MINFUZZYRATE 3 | |
2152 | + | |
2153 | +struct ip6t_fuzzy_info { | |
2154 | + u_int32_t minimum_rate; | |
2155 | + u_int32_t maximum_rate; | |
2156 | + u_int32_t packets_total; | |
2157 | + u_int32_t bytes_total; | |
2158 | + u_int32_t previous_time; | |
2159 | + u_int32_t present_time; | |
2160 | + u_int32_t mean_rate; | |
2161 | + u_int8_t acceptance_rate; | |
2162 | +}; | |
2163 | + | |
2164 | +#endif /*_IP6T_FUZZY_H*/ | |
014436e1 PS |
2165 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_HL.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_HL.h |
2166 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_HL.h 1970-01-01 01:00:00.000000000 +0100 | |
2167 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_HL.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
2168 | @@ -0,0 +1,22 @@ |
2169 | +/* Hop Limit modification module for ip6tables | |
2170 | + * Maciej Soltysiak <solt@dns.toxicfilms.tv> | |
2171 | + * Based on HW's TTL module */ | |
2172 | + | |
2173 | +#ifndef _IP6T_HL_H | |
2174 | +#define _IP6T_HL_H | |
2175 | + | |
2176 | +enum { | |
2177 | + IP6T_HL_SET = 0, | |
2178 | + IP6T_HL_INC, | |
2179 | + IP6T_HL_DEC | |
2180 | +}; | |
2181 | + | |
2182 | +#define IP6T_HL_MAXMODE IP6T_HL_DEC | |
2183 | + | |
2184 | +struct ip6t_HL_info { | |
2185 | + u_int8_t mode; | |
2186 | + u_int8_t hop_limit; | |
2187 | +}; | |
2188 | + | |
2189 | + | |
2190 | +#endif | |
014436e1 PS |
2191 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_IMQ.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_IMQ.h |
2192 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_IMQ.h 1970-01-01 01:00:00.000000000 +0100 | |
2193 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_IMQ.h 2005-03-13 13:50:15.000000000 +0100 | |
ac0c4b1f PS |
2194 | @@ -0,0 +1,8 @@ |
2195 | +#ifndef _IP6T_IMQ_H | |
2196 | +#define _IP6T_IMQ_H | |
2197 | + | |
2198 | +struct ip6t_imq_info { | |
2199 | + unsigned int todev; /* target imq device */ | |
2200 | +}; | |
2201 | + | |
2202 | +#endif /* _IP6T_IMQ_H */ | |
014436e1 PS |
2203 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_nth.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_nth.h |
2204 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_nth.h 1970-01-01 01:00:00.000000000 +0100 | |
2205 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_nth.h 2005-03-13 13:50:15.000000000 +0100 | |
bab37e86 PS |
2206 | @@ -0,0 +1,19 @@ |
2207 | +#ifndef _IP6T_NTH_H | |
2208 | +#define _IP6T_NTH_H | |
2209 | + | |
2210 | +#include <linux/param.h> | |
2211 | +#include <linux/types.h> | |
2212 | + | |
2213 | +#ifndef IP6T_NTH_NUM_COUNTERS | |
2214 | +#define IP6T_NTH_NUM_COUNTERS 16 | |
2215 | +#endif | |
2216 | + | |
2217 | +struct ip6t_nth_info { | |
2218 | + u_int8_t every; | |
2219 | + u_int8_t not; | |
2220 | + u_int8_t startat; | |
2221 | + u_int8_t counter; | |
2222 | + u_int8_t packet; | |
2223 | +}; | |
2224 | + | |
2225 | +#endif /*_IP6T_NTH_H*/ | |
014436e1 PS |
2226 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_owner.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_owner.h |
2227 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_owner.h 2004-10-31 20:56:06.000000000 +0100 | |
2228 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_owner.h 2005-03-13 13:50:15.000000000 +0100 | |
2229 | @@ -6,12 +6,14 @@ | |
2230 | #define IP6T_OWNER_GID 0x02 | |
2231 | #define IP6T_OWNER_PID 0x04 | |
2232 | #define IP6T_OWNER_SID 0x08 | |
2233 | +#define IP6T_OWNER_COMM 0x10 | |
2234 | ||
2235 | struct ip6t_owner_info { | |
2236 | uid_t uid; | |
2237 | gid_t gid; | |
2238 | pid_t pid; | |
2239 | pid_t sid; | |
2240 | + char comm[16]; | |
2241 | u_int8_t match, invert; /* flags */ | |
2242 | }; | |
2243 | ||
2244 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_policy.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_policy.h | |
2245 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_policy.h 1970-01-01 01:00:00.000000000 +0100 | |
2246 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_policy.h 2005-03-13 13:50:15.000000000 +0100 | |
1a75cf76 | 2247 | @@ -0,0 +1,52 @@ |
e0dfec11 PS |
2248 | +#ifndef _IP6T_POLICY_H |
2249 | +#define _IP6T_POLICY_H | |
2250 | + | |
2251 | +#define POLICY_MAX_ELEM 4 | |
2252 | + | |
2253 | +enum ip6t_policy_flags | |
2254 | +{ | |
2255 | + POLICY_MATCH_IN = 0x1, | |
2256 | + POLICY_MATCH_OUT = 0x2, | |
2257 | + POLICY_MATCH_NONE = 0x4, | |
2258 | + POLICY_MATCH_STRICT = 0x8, | |
2259 | +}; | |
2260 | + | |
2261 | +enum ip6t_policy_modes | |
2262 | +{ | |
2263 | + POLICY_MODE_TRANSPORT, | |
2264 | + POLICY_MODE_TUNNEL | |
2265 | +}; | |
2266 | + | |
2267 | +struct ip6t_policy_spec | |
2268 | +{ | |
2269 | + u_int8_t saddr:1, | |
2270 | + daddr:1, | |
2271 | + proto:1, | |
2272 | + mode:1, | |
2273 | + spi:1, | |
2274 | + reqid:1; | |
2275 | +}; | |
2276 | + | |
2277 | +struct ip6t_policy_elem | |
2278 | +{ | |
2279 | + struct in6_addr saddr; | |
2280 | + struct in6_addr smask; | |
2281 | + struct in6_addr daddr; | |
2282 | + struct in6_addr dmask; | |
2283 | + u_int32_t spi; | |
2284 | + u_int32_t reqid; | |
2285 | + u_int8_t proto; | |
2286 | + u_int8_t mode; | |
2287 | + | |
2288 | + struct ip6t_policy_spec match; | |
2289 | + struct ip6t_policy_spec invert; | |
2290 | +}; | |
2291 | + | |
2292 | +struct ip6t_policy_info | |
2293 | +{ | |
2294 | + struct ip6t_policy_elem pol[POLICY_MAX_ELEM]; | |
2295 | + u_int16_t flags; | |
2296 | + u_int16_t len; | |
2297 | +}; | |
2298 | + | |
2299 | +#endif /* _IP6T_POLICY_H */ | |
014436e1 PS |
2300 | diff -uNr linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_REJECT.h linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_REJECT.h |
2301 | --- linux-libc-headers-2.6.11.0.orig/include/linux/netfilter_ipv6/ip6t_REJECT.h 1970-01-01 01:00:00.000000000 +0100 | |
2302 | +++ linux-libc-headers-2.6.11.0/include/linux/netfilter_ipv6/ip6t_REJECT.h 2005-03-13 13:50:15.000000000 +0100 | |
0fc89030 PS |
2303 | @@ -0,0 +1,18 @@ |
2304 | +#ifndef _IP6T_REJECT_H | |
2305 | +#define _IP6T_REJECT_H | |
2306 | + | |
2307 | +enum ip6t_reject_with { | |
2308 | + IP6T_ICMP6_NO_ROUTE, | |
2309 | + IP6T_ICMP6_ADM_PROHIBITED, | |
2310 | + IP6T_ICMP6_NOT_NEIGHBOUR, | |
2311 | + IP6T_ICMP6_ADDR_UNREACH, | |
2312 | + IP6T_ICMP6_PORT_UNREACH, | |
2313 | + IP6T_ICMP6_ECHOREPLY, | |
2314 | + IP6T_TCP_RESET | |
2315 | +}; | |
2316 | + | |
2317 | +struct ip6t_reject_info { | |
2318 | + enum ip6t_reject_with with; /* reject type */ | |
2319 | +}; | |
2320 | + | |
2321 | +#endif /*_IP6T_REJECT_H*/ |