[packages/iptables.git] / raw.patch.userspace

diff -urN userspace/extensions/libipt_conntrack.c userspace-raw/extensions/libipt_conntrack.c
--- userspace/extensions/libipt_conntrack.c	2003-03-04 15:50:50.000000000 +0100
+++ userspace-raw/extensions/libipt_conntrack.c	2003-05-05 17:42:08.000000000 +0200
@@ -19,7 +19,7 @@
 {
 	printf(
 "conntrack match v%s options:\n"
-" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|SNAT|DNAT][,...]\n"
+" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED|SNAT|DNAT][,...]\n"
 "				State(s) to match\n"
 " [!] --ctproto	proto		Protocol to match; by number or name, eg. `tcp'\n"
 "     --ctorigsrc  [!] address[/mask]\n"
@@ -70,6 +70,8 @@
 		sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED);
 	else if (strncasecmp(state, "RELATED", strlen) == 0)
 		sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_RELATED);
+	else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
+		sinfo->statemask |= IPT_CONNTRACK_STATE_UNTRACKED;
 	else if (strncasecmp(state, "SNAT", strlen) == 0)
 		sinfo->statemask |= IPT_CONNTRACK_STATE_SNAT;
 	else if (strncasecmp(state, "DNAT", strlen) == 0)
@@ -345,6 +347,10 @@
 		printf("%sESTABLISHED", sep);
 		sep = ",";
 	}
+	if (statemask & IPT_CONNTRACK_STATE_UNTRACKED) {
+		printf("%sUNTRACKED", sep);
+		sep = ",";
+	}
 	if (statemask & IPT_CONNTRACK_STATE_SNAT) {
 		printf("%sSNAT", sep);
 		sep = ",";
diff -urN userspace/extensions/libipt_state.c userspace-raw/extensions/libipt_state.c
--- userspace/extensions/libipt_state.c	2002-05-29 15:08:16.000000000 +0200
+++ userspace-raw/extensions/libipt_state.c	2003-05-05 17:39:37.000000000 +0200
@@ -14,7 +14,7 @@
 {
 	printf(
 "state v%s options:\n"
-" [!] --state [INVALID|ESTABLISHED|NEW|RELATED][,...]\n"
+" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n"
 "				State(s) to match\n"
 "\n", IPTABLES_VERSION);
 }
@@ -43,6 +43,8 @@
 		sinfo->statemask |= IPT_STATE_BIT(IP_CT_ESTABLISHED);
 	else if (strncasecmp(state, "RELATED", strlen) == 0)
 		sinfo->statemask |= IPT_STATE_BIT(IP_CT_RELATED);
+	else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
+		sinfo->statemask |= IPT_STATE_UNTRACKED;
 	else
 		return 0;
 	return 1;
@@ -117,6 +119,10 @@
 		printf("%sESTABLISHED", sep);
 		sep = ",";
 	}
+	if (statemask & IPT_STATE_UNTRACKED) {
+		printf("%sUNTRACKED", sep);
+		sep = ",";
+	}
 	printf(" ");
 }
 
diff -urN userspace/libiptc/libip4tc.c userspace-raw/libiptc/libip4tc.c
--- userspace/libiptc/libip4tc.c	2002-06-12 21:22:29.000000000 +0200
+++ userspace-raw/libiptc/libip4tc.c	2003-05-05 17:44:05.000000000 +0200
@@ -435,6 +435,20 @@
 			assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n);
 			user_offset = h->info.hook_entry[NF_IP_POST_ROUTING];
 		}
+	} else if (strcmp(h->info.name, "raw") == 0) {
+		assert(h->info.valid_hooks
+		       == (1 << NF_IP_PRE_ROUTING
+			   | 1 << NF_IP_LOCAL_OUT));
+
+		/* Hooks should be first two */
+		assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0);
+
+		n = get_chain_end(h, 0);
+		n += get_entry(h, n)->next_offset;
+		assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n);
+
+		user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
+
 
 #ifdef NF_IP_DROPPING
 	} else if (strcmp(h->info.name, "drop") == 0) {
Commit	Line	Data
98f7edcb JR	1	diff -urN userspace/extensions/libipt_conntrack.c userspace-raw/extensions/libipt_conntrack.c
	2	--- userspace/extensions/libipt_conntrack.c 2003-03-04 15:50:50.000000000 +0100
	3	+++ userspace-raw/extensions/libipt_conntrack.c 2003-05-05 17:42:08.000000000 +0200
	4	@@ -19,7 +19,7 @@
b55517db	5	{
98f7edcb JR	6	printf(
	7	"conntrack match v%s options:\n"
	8	-" [!] --ctstate [INVALID\|ESTABLISHED\|NEW\|RELATED\|SNAT\|DNAT][,...]\n"
	9	+" [!] --ctstate [INVALID\|ESTABLISHED\|NEW\|RELATED\|UNTRACKED\|SNAT\|DNAT][,...]\n"
	10	" State(s) to match\n"
	11	" [!] --ctproto proto Protocol to match; by number or name, eg. `tcp'\n"
	12	" --ctorigsrc [!] address[/mask]\n"
	13	@@ -70,6 +70,8 @@
	14	sinfo->statemask \|= IPT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED);
	15	else if (strncasecmp(state, "RELATED", strlen) == 0)
	16	sinfo->statemask \|= IPT_CONNTRACK_STATE_BIT(IP_CT_RELATED);
	17	+ else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
	18	+ sinfo->statemask \|= IPT_CONNTRACK_STATE_UNTRACKED;
	19	else if (strncasecmp(state, "SNAT", strlen) == 0)
	20	sinfo->statemask \|= IPT_CONNTRACK_STATE_SNAT;
	21	else if (strncasecmp(state, "DNAT", strlen) == 0)
	22	@@ -345,6 +347,10 @@
	23	printf("%sESTABLISHED", sep);
	24	sep = ",";
	25	}
	26	+ if (statemask & IPT_CONNTRACK_STATE_UNTRACKED) {
	27	+ printf("%sUNTRACKED", sep);
	28	+ sep = ",";
	29	+ }
	30	if (statemask & IPT_CONNTRACK_STATE_SNAT) {
	31	printf("%sSNAT", sep);
	32	sep = ",";
	33	diff -urN userspace/extensions/libipt_state.c userspace-raw/extensions/libipt_state.c
	34	--- userspace/extensions/libipt_state.c 2002-05-29 15:08:16.000000000 +0200
	35	+++ userspace-raw/extensions/libipt_state.c 2003-05-05 17:39:37.000000000 +0200
b55517db	36	@@ -14,7 +14,7 @@
	37	{
	38	printf(
	39	"state v%s options:\n"
	40	-" [!] --state [INVALID\|ESTABLISHED\|NEW\|RELATED][,...]\n"
	41	+" [!] --state [INVALID\|ESTABLISHED\|NEW\|RELATED\|UNTRACKED][,...]\n"
	42	" State(s) to match\n"
	43	"\n", IPTABLES_VERSION);
	44	}
	45	@@ -43,6 +43,8 @@
	46	sinfo->statemask \|= IPT_STATE_BIT(IP_CT_ESTABLISHED);
	47	else if (strncasecmp(state, "RELATED", strlen) == 0)
	48	sinfo->statemask \|= IPT_STATE_BIT(IP_CT_RELATED);
	49	+ else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
	50	+ sinfo->statemask \|= IPT_STATE_UNTRACKED;
	51	else
	52	return 0;
	53	return 1;
98f7edcb	54	@@ -117,6 +119,10 @@
b55517db	55	printf("%sESTABLISHED", sep);
b55517db	56	sep = ",";
b55517db	57	}
98f7edcb JR	58	+ if (statemask & IPT_STATE_UNTRACKED) {
	59	+ printf("%sUNTRACKED", sep);
	60	+ sep = ",";
	61	+ }
b55517db	62	printf(" ");
98f7edcb JR	63	}
	64
	65	diff -urN userspace/libiptc/libip4tc.c userspace-raw/libiptc/libip4tc.c
	66	--- userspace/libiptc/libip4tc.c 2002-06-12 21:22:29.000000000 +0200
	67	+++ userspace-raw/libiptc/libip4tc.c 2003-05-05 17:44:05.000000000 +0200
	68	@@ -435,6 +435,20 @@
	69	assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n);
b55517db	70	user_offset = h->info.hook_entry[NF_IP_POST_ROUTING];
b55517db	71	}
b55517db	72	+ } else if (strcmp(h->info.name, "raw") == 0) {
	73	+ assert(h->info.valid_hooks
	74	+ == (1 << NF_IP_PRE_ROUTING
	75	+ \| 1 << NF_IP_LOCAL_OUT));
	76	+
	77	+ /* Hooks should be first two */
	78	+ assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0);
	79	+
	80	+ n = get_chain_end(h, 0);
	81	+ n += get_entry(h, n)->next_offset;
	82	+ assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n);
	83	+
	84	+ user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
	85	+
98f7edcb	86
b55517db	87	#ifdef NF_IP_DROPPING
b55517db	88	} else if (strcmp(h->info.name, "drop") == 0) {