]>
Commit | Line | Data |
---|---|---|
98f7edcb JR |
1 | diff -urN userspace/extensions/libipt_conntrack.c userspace-raw/extensions/libipt_conntrack.c |
2 | --- userspace/extensions/libipt_conntrack.c 2003-03-04 15:50:50.000000000 +0100 | |
3 | +++ userspace-raw/extensions/libipt_conntrack.c 2003-05-05 17:42:08.000000000 +0200 | |
4 | @@ -19,7 +19,7 @@ | |
b55517db | 5 | { |
98f7edcb JR |
6 | printf( |
7 | "conntrack match v%s options:\n" | |
8 | -" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|SNAT|DNAT][,...]\n" | |
9 | +" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED|SNAT|DNAT][,...]\n" | |
10 | " State(s) to match\n" | |
11 | " [!] --ctproto proto Protocol to match; by number or name, eg. `tcp'\n" | |
12 | " --ctorigsrc [!] address[/mask]\n" | |
13 | @@ -70,6 +70,8 @@ | |
14 | sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED); | |
15 | else if (strncasecmp(state, "RELATED", strlen) == 0) | |
16 | sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_RELATED); | |
17 | + else if (strncasecmp(state, "UNTRACKED", strlen) == 0) | |
18 | + sinfo->statemask |= IPT_CONNTRACK_STATE_UNTRACKED; | |
19 | else if (strncasecmp(state, "SNAT", strlen) == 0) | |
20 | sinfo->statemask |= IPT_CONNTRACK_STATE_SNAT; | |
21 | else if (strncasecmp(state, "DNAT", strlen) == 0) | |
22 | @@ -345,6 +347,10 @@ | |
23 | printf("%sESTABLISHED", sep); | |
24 | sep = ","; | |
25 | } | |
26 | + if (statemask & IPT_CONNTRACK_STATE_UNTRACKED) { | |
27 | + printf("%sUNTRACKED", sep); | |
28 | + sep = ","; | |
29 | + } | |
30 | if (statemask & IPT_CONNTRACK_STATE_SNAT) { | |
31 | printf("%sSNAT", sep); | |
32 | sep = ","; | |
33 | diff -urN userspace/extensions/libipt_state.c userspace-raw/extensions/libipt_state.c | |
34 | --- userspace/extensions/libipt_state.c 2002-05-29 15:08:16.000000000 +0200 | |
35 | +++ userspace-raw/extensions/libipt_state.c 2003-05-05 17:39:37.000000000 +0200 | |
b55517db | 36 | @@ -14,7 +14,7 @@ |
37 | { | |
38 | printf( | |
39 | "state v%s options:\n" | |
40 | -" [!] --state [INVALID|ESTABLISHED|NEW|RELATED][,...]\n" | |
41 | +" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n" | |
42 | " State(s) to match\n" | |
43 | "\n", IPTABLES_VERSION); | |
44 | } | |
45 | @@ -43,6 +43,8 @@ | |
46 | sinfo->statemask |= IPT_STATE_BIT(IP_CT_ESTABLISHED); | |
47 | else if (strncasecmp(state, "RELATED", strlen) == 0) | |
48 | sinfo->statemask |= IPT_STATE_BIT(IP_CT_RELATED); | |
49 | + else if (strncasecmp(state, "UNTRACKED", strlen) == 0) | |
50 | + sinfo->statemask |= IPT_STATE_UNTRACKED; | |
51 | else | |
52 | return 0; | |
53 | return 1; | |
98f7edcb | 54 | @@ -117,6 +119,10 @@ |
b55517db | 55 | printf("%sESTABLISHED", sep); |
b55517db | 56 | sep = ","; |
57 | } | |
98f7edcb JR |
58 | + if (statemask & IPT_STATE_UNTRACKED) { |
59 | + printf("%sUNTRACKED", sep); | |
60 | + sep = ","; | |
61 | + } | |
b55517db | 62 | printf(" "); |
98f7edcb JR |
63 | } |
64 | ||
65 | diff -urN userspace/libiptc/libip4tc.c userspace-raw/libiptc/libip4tc.c | |
66 | --- userspace/libiptc/libip4tc.c 2002-06-12 21:22:29.000000000 +0200 | |
67 | +++ userspace-raw/libiptc/libip4tc.c 2003-05-05 17:44:05.000000000 +0200 | |
68 | @@ -435,6 +435,20 @@ | |
69 | assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n); | |
b55517db | 70 | user_offset = h->info.hook_entry[NF_IP_POST_ROUTING]; |
71 | } | |
b55517db | 72 | + } else if (strcmp(h->info.name, "raw") == 0) { |
73 | + assert(h->info.valid_hooks | |
74 | + == (1 << NF_IP_PRE_ROUTING | |
75 | + | 1 << NF_IP_LOCAL_OUT)); | |
76 | + | |
77 | + /* Hooks should be first two */ | |
78 | + assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0); | |
79 | + | |
80 | + n = get_chain_end(h, 0); | |
81 | + n += get_entry(h, n)->next_offset; | |
82 | + assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n); | |
83 | + | |
84 | + user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT]; | |
85 | + | |
98f7edcb | 86 | |
b55517db | 87 | #ifdef NF_IP_DROPPING |
88 | } else if (strcmp(h->info.name, "drop") == 0) { |