1 --- userspace/iptables.c.orig Sun Mar 25 21:55:04 2001
2 +++ userspace/iptables.c Thu May 10 23:28:04 2001
4 #define OPT_FRAGMENT 0x00200U
5 #define OPT_LINENUMBERS 0x00400U
6 #define OPT_COUNTERS 0x00800U
7 -#define NUMBER_OF_OPT 12
8 +#define OPT_LOG 0x01000U
9 +#define NUMBER_OF_OPT 13
10 static const char optflags[NUMBER_OF_OPT]
11 -= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', 'f', '3', 'c'};
12 += { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', 'f', '3', 'c', 'l'};
14 static struct option original_opts[] = {
15 { "append", 1, 0, 'A' },
17 { "line-numbers", 0, 0, '0' },
18 { "modprobe", 1, 0, 'M' },
19 { "set-counters", 1, 0, 'c' },
20 + { "log", 0, 0, 'l' },
25 static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
26 /* Well, it's better than "Re: Linux vs FreeBSD" */
28 - /* -n -s -d -p -j -v -x -i -o -f --line */
29 -/*INSERT*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x'},
30 -/*DELETE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x'},
31 -/*DELETE_NUM*/{'x','x','x','x','x',' ','x','x','x','x','x'},
32 -/*REPLACE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x'},
33 -/*APPEND*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x'},
34 -/*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' '},
35 -/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
36 -/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
37 -/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
38 -/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x'},
39 -/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x'},
40 -/*CHECK*/ {'x','+','+','+','x',' ','x',' ',' ',' ','x'},
41 -/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x'}
42 + /* -n -s -d -p -j -v -x -i -o -f --line -c -l */
43 +/*INSERT*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x', ' ',' '},
44 +/*DELETE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x', 'x',' '},
45 +/*DELETE_NUM*/{'x','x','x','x','x',' ','x','x','x','x','x', 'x','x'},
46 +/*REPLACE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x', ' ',' '},
47 +/*APPEND*/ {'x',' ',' ',' ',' ',' ','x',' ',' ',' ','x', ' ',' '},
48 +/*LIST*/ {' ','x','x','x','x',' ',' ','x','x','x',' ', 'x','x'},
49 +/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x','x', 'x','x'},
50 +/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x','x', 'x','x'},
51 +/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x', 'x','x'},
52 +/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x','x', 'x','x'},
53 +/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x','x', 'x','x'},
54 +/*CHECK*/ {'x','+','+','+','x',' ','x',' ',' ',' ','x', 'x','x'},
55 +/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x','x', 'x','x'}
58 static int inverse_for_options[NUMBER_OF_OPT] =
60 /* -i */ IPT_INV_VIA_IN,
61 /* -o */ IPT_INV_VIA_OUT,
62 /* -f */ IPT_INV_FRAG,
69 const char *program_version;
71 " --table -t table table to manipulate (default: `filter')\n"
72 " --verbose -v verbose mode\n"
73 " --line-numbers print line numbers when listing\n"
74 +" --log -l turn on kernel logging of matched packets\n"
75 +" for rule-debugging purposes\n"
76 " --exact -x expand numbers (display exact values)\n"
77 "[!] --fragment -f match second or further fragments only\n"
78 " --modprobe=<command> try to insert modules using this command\n"
80 fputs("opt ", stdout);
81 fputc(fw->ip.invflags & IPT_INV_FRAG ? '!' : '-', stdout);
82 fputc(flags & IPT_F_FRAG ? 'f' : '-', stdout);
83 + fputc(flags & IPT_F_LOG ? 'l' : '-', stdout);
90 while ((c = getopt_long(argc, argv,
91 - "-A:C:D:R:I:L::F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:",
92 + "-A:C:D:R:I:L::F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:l",
96 @@ -1951,6 +1958,12 @@
98 set_option(&options, OPT_LINENUMBERS, &fw.ip.invflags,
103 + set_option(&options, OPT_LOG, &fw.ip.invflags,
105 + fw.ip.flags |= IPT_F_LOG;
109 --- userspace/ip6tables.c.orig Thu Mar 14 12:02:26 2002
110 +++ userspace/ip6tables.c Wed May 8 15:26:28 2002
112 #define OPT_VIANAMEOUT 0x00100U
113 #define OPT_LINENUMBERS 0x00200U
114 #define OPT_COUNTERS 0x00400U
115 -#define NUMBER_OF_OPT 11
116 +#define OPT_LOG 0x01000U
117 +#define NUMBER_OF_OPT 12
118 static const char optflags[NUMBER_OF_OPT]
119 -= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', '3', 'c'};
120 += { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', '3', 'c', 'l'};
122 static struct option original_opts[] = {
123 { "append", 1, 0, 'A' },
125 { "line-numbers", 0, 0, '0' },
126 { "modprobe", 1, 0, 'M' },
127 { "set-counters", 1, 0, 'c' },
128 + { "log", 0, 0, 'l' },
132 @@ -159,20 +160,20 @@
133 static char commands_v_options[NUMBER_OF_CMD][NUMBER_OF_OPT] =
134 /* Well, it's better than "Re: Linux vs FreeBSD" */
136 - /* -n -s -d -p -j -v -x -i -o --line */
137 -/*INSERT*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x'},
138 -/*DELETE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x'},
139 -/*DELETE_NUM*/{'x','x','x','x','x',' ','x','x','x','x'},
140 -/*REPLACE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x'},
141 -/*APPEND*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x'},
142 -/*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' '},
143 -/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x'},
144 -/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x'},
145 -/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x'},
146 -/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x'},
147 -/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x'},
148 -/*CHECK*/ {'x','+','+','+','x',' ','x',' ',' ','x'},
149 -/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x'}
150 + /* -n -s -d -p -j -v -x -i -o --line -l */
151 +/*INSERT*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x', ' '},
152 +/*DELETE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x', ' '},
153 +/*DELETE_NUM*/{'x','x','x','x','x',' ','x','x','x','x', 'x'},
154 +/*REPLACE*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x', ' '},
155 +/*APPEND*/ {'x',' ',' ',' ',' ',' ','x',' ',' ','x', ' '},
156 +/*LIST*/ {' ','x','x','x','x',' ',' ','x','x',' ', 'x'},
157 +/*FLUSH*/ {'x','x','x','x','x',' ','x','x','x','x', 'x'},
158 +/*ZERO*/ {'x','x','x','x','x',' ','x','x','x','x', 'x'},
159 +/*NEW_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x', 'x'},
160 +/*DEL_CHAIN*/ {'x','x','x','x','x',' ','x','x','x','x', 'x'},
161 +/*SET_POLICY*/{'x','x','x','x','x',' ','x','x','x','x', 'x'},
162 +/*CHECK*/ {'x','+','+','+','x',' ','x',' ',' ','x', 'x'},
163 +/*RENAME*/ {'x','x','x','x','x',' ','x','x','x','x', 'x'}
166 static int inverse_for_options[NUMBER_OF_OPT] =
169 /* -i */ IP6T_INV_VIA_IN,
170 /* -o */ IP6T_INV_VIA_OUT,
176 const char *program_version;
178 " --table -t table table to manipulate (default: `filter')\n"
179 " --verbose -v verbose mode\n"
180 " --line-numbers print line numbers when listing\n"
181 +" --log -l turn on kernel logging of matching packets\n"
182 +" for rule-debugging purposes\n"
183 " --exact -x expand numbers (display exact values)\n"
184 /*"[!] --fragment -f match second or further fragments only\n"*/
185 " --modprobe=<command> try to insert modules using this command\n"
186 @@ -1187,7 +1191,7 @@
187 if (format & FMT_OPTIONS) {
188 if (format & FMT_NOTABLE)
189 fputs("opt ", stdout);
190 - fputc(' ', stdout); /* Invert flag of FRAG */
191 + fputc(flags & IP6T_F_LOG ? 'l' : '-', stdout);
192 fputc(' ', stdout); /* -f */
195 @@ -1709,7 +1713,7 @@
198 while ((c = getopt_long(argc, argv,
199 - "-A:C:D:R:I:L::F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xc:",
200 + "-A:C:D:R:I:L::F::Z::N:X::E:P:Vh::o:p:s:d:j:i:bvnt:m:xcl:",
201 opts, NULL)) != -1) {
204 @@ -1978,6 +1982,12 @@
209 + set_option(&options, OPT_LOG, &fw.ipv6.invflags,
211 + fw.ipv6.flags |= IP6T_F_LOG;
217 --- userspace/iptables.8.orig Fri Feb 23 10:08:13 2001
218 +++ userspace/iptables.8 Thu May 10 23:24:42 2001
220 When adding or inserting rules into a chain, use
222 to load any necessary modules (targets, match extensions, etc).
225 +Turn on kernel logging of matching packets for rule-debugging
226 +purposes. When this option is set for a rule, the kernel
227 +will print the table name, chain name and rule number with some
228 +information of all matching packets (like most IP header fields)
233 +If you want regular logging, please use the
237 +target extensions instead! Logging by the
239 +flag can be slower than via the target extensions.
241 iptables can use extended packet matching modules. These are loaded
242 in two ways: implicitly, when