]>
Commit | Line | Data |
---|---|---|
e82ff9cd | 1 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter.h linux-2.6.0-test11/include/linux/netfilter.h |
2 | --- linux-2.6.0-test11.org/include/linux/netfilter.h 2003-11-26 21:44:11.000000000 +0100 | |
3 | +++ linux-2.6.0-test11/include/linux/netfilter.h 2003-12-10 23:13:24.656327752 +0100 | |
4 | @@ -23,6 +23,7 @@ | |
5 | <= 0x2000 is used for protocol-flags. */ | |
6 | #define NFC_UNKNOWN 0x4000 | |
7 | #define NFC_ALTERED 0x8000 | |
8 | +#define NFC_TRACE 0x10000 | |
9 | ||
10 | #ifdef __KERNEL__ | |
11 | #include <linux/config.h> | |
12 | @@ -99,6 +100,24 @@ | |
13 | ||
14 | extern struct list_head nf_hooks[NPROTO][NF_MAX_HOOKS]; | |
15 | ||
16 | +typedef void nf_logfn(unsigned int hooknum, | |
17 | + const struct sk_buff *skb, | |
18 | + const struct net_device *in, | |
19 | + const struct net_device *out, | |
20 | + const char *prefix); | |
21 | + | |
22 | +/* Function to register/unregister log function. */ | |
23 | +int nf_log_register(int pf, nf_logfn *logfn); | |
24 | +void nf_log_unregister(int pf, nf_logfn *logfn); | |
25 | + | |
26 | +/* Calls the registered backend logging function */ | |
27 | +void nf_log_packet(int pf, | |
28 | + unsigned int hooknum, | |
29 | + const struct sk_buff *skb, | |
30 | + const struct net_device *in, | |
31 | + const struct net_device *out, | |
32 | + const char *fmt, ...); | |
33 | + | |
34 | /* Activate hook; either okfn or kfree_skb called, unless a hook | |
35 | returns NF_STOLEN (in which case, it's up to the hook to deal with | |
36 | the consequences). | |
37 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_helpers.h linux-2.6.0-test11/include/linux/netfilter_helpers.h | |
38 | --- linux-2.6.0-test11.org/include/linux/netfilter_helpers.h 1970-01-01 01:00:00.000000000 +0100 | |
39 | +++ linux-2.6.0-test11/include/linux/netfilter_helpers.h 2003-12-10 23:14:12.889995120 +0100 | |
40 | @@ -0,0 +1,133 @@ | |
41 | +/* | |
42 | + * Helpers for netfiler modules. This file provides implementations for basic | |
43 | + * functions such as strncasecmp(), etc. | |
44 | + * | |
45 | + * gcc will warn for defined but unused functions, so we only include the | |
46 | + * functions requested. The following macros are used: | |
47 | + * NF_NEED_STRNCASECMP nf_strncasecmp() | |
48 | + * NF_NEED_STRTOU16 nf_strtou16() | |
49 | + * NF_NEED_STRTOU32 nf_strtou32() | |
50 | + */ | |
51 | +#ifndef _NETFILTER_HELPERS_H | |
52 | +#define _NETFILTER_HELPERS_H | |
53 | + | |
54 | +/* Only include these functions for kernel code. */ | |
55 | +#ifdef __KERNEL__ | |
56 | + | |
57 | +#include <linux/ctype.h> | |
58 | +#define iseol(c) ( (c) == '\r' || (c) == '\n' ) | |
59 | + | |
60 | +/* | |
61 | + * The standard strncasecmp() | |
62 | + */ | |
63 | +#ifdef NF_NEED_STRNCASECMP | |
64 | +static int | |
65 | +nf_strncasecmp(const char* s1, const char* s2, u_int32_t len) | |
66 | +{ | |
67 | + if (s1 == NULL || s2 == NULL) | |
68 | + { | |
69 | + if (s1 == NULL && s2 == NULL) | |
70 | + { | |
71 | + return 0; | |
72 | + } | |
73 | + return (s1 == NULL) ? -1 : 1; | |
74 | + } | |
75 | + while (len > 0 && tolower(*s1) == tolower(*s2)) | |
76 | + { | |
77 | + len--; | |
78 | + s1++; | |
79 | + s2++; | |
80 | + } | |
81 | + return ( (len == 0) ? 0 : (tolower(*s1) - tolower(*s2)) ); | |
82 | +} | |
83 | +#endif /* NF_NEED_STRNCASECMP */ | |
84 | + | |
85 | +/* | |
86 | + * Parse a string containing a 16-bit unsigned integer. | |
87 | + * Returns the number of chars used, or zero if no number is found. | |
88 | + */ | |
89 | +#ifdef NF_NEED_STRTOU16 | |
90 | +static int | |
91 | +nf_strtou16(const char* pbuf, u_int16_t* pval) | |
92 | +{ | |
93 | + int n = 0; | |
94 | + | |
95 | + *pval = 0; | |
96 | + while (isdigit(pbuf[n])) | |
97 | + { | |
98 | + *pval = (*pval * 10) + (pbuf[n] - '0'); | |
99 | + n++; | |
100 | + } | |
101 | + | |
102 | + return n; | |
103 | +} | |
104 | +#endif /* NF_NEED_STRTOU16 */ | |
105 | + | |
106 | +/* | |
107 | + * Parse a string containing a 32-bit unsigned integer. | |
108 | + * Returns the number of chars used, or zero if no number is found. | |
109 | + */ | |
110 | +#ifdef NF_NEED_STRTOU32 | |
111 | +static int | |
112 | +nf_strtou32(const char* pbuf, u_int32_t* pval) | |
113 | +{ | |
114 | + int n = 0; | |
115 | + | |
116 | + *pval = 0; | |
117 | + while (pbuf[n] >= '0' && pbuf[n] <= '9') | |
118 | + { | |
119 | + *pval = (*pval * 10) + (pbuf[n] - '0'); | |
120 | + n++; | |
121 | + } | |
122 | + | |
123 | + return n; | |
124 | +} | |
125 | +#endif /* NF_NEED_STRTOU32 */ | |
126 | + | |
127 | +/* | |
128 | + * Given a buffer and length, advance to the next line and mark the current | |
129 | + * line. | |
130 | + */ | |
131 | +#ifdef NF_NEED_NEXTLINE | |
132 | +static int | |
133 | +nf_nextline(char* p, uint len, uint* poff, uint* plineoff, uint* plinelen) | |
134 | +{ | |
135 | + uint off = *poff; | |
136 | + uint physlen = 0; | |
137 | + | |
138 | + if (off >= len) | |
139 | + { | |
140 | + return 0; | |
141 | + } | |
142 | + | |
143 | + while (p[off] != '\n') | |
144 | + { | |
145 | + if (len-off <= 1) | |
146 | + { | |
147 | + return 0; | |
148 | + } | |
149 | + | |
150 | + physlen++; | |
151 | + off++; | |
152 | + } | |
153 | + | |
154 | + /* if we saw a crlf, physlen needs adjusted */ | |
155 | + if (physlen > 0 && p[off] == '\n' && p[off-1] == '\r') | |
156 | + { | |
157 | + physlen--; | |
158 | + } | |
159 | + | |
160 | + /* advance past the newline */ | |
161 | + off++; | |
162 | + | |
163 | + *plineoff = *poff; | |
164 | + *plinelen = physlen; | |
165 | + *poff = off; | |
166 | + | |
167 | + return 1; | |
168 | +} | |
169 | +#endif /* NF_NEED_NEXTLINE */ | |
170 | + | |
171 | +#endif /* __KERNEL__ */ | |
172 | + | |
173 | +#endif /* _NETFILTER_HELPERS_H */ | |
174 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_cuseeme.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_cuseeme.h | |
175 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_cuseeme.h 1970-01-01 01:00:00.000000000 +0100 | |
176 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_cuseeme.h 2003-12-10 23:13:55.776596752 +0100 | |
177 | @@ -0,0 +1,70 @@ | |
178 | +#ifndef _IP_CT_CUSEEME | |
179 | +#define _IP_CT_CUSEEME | |
180 | + | |
181 | +#define CUSEEME_PORT 7648 | |
182 | + | |
183 | +/* These structs come from the 2.2 ip_masq_cuseeme code... */ | |
184 | + | |
185 | +#pragma pack(1) | |
186 | +/* CuSeeMe data header */ | |
187 | +struct cu_header { | |
188 | + u_int16_t dest_family; | |
189 | + u_int16_t dest_port; | |
190 | + u_int32_t dest_addr; | |
191 | + int16_t family; | |
192 | + u_int16_t port; | |
193 | + u_int32_t addr; | |
194 | + u_int32_t seq; | |
195 | + u_int16_t msg; | |
196 | + u_int16_t data_type; | |
197 | + /* possible values: | |
198 | + * 1 small video | |
199 | + * 2 big video | |
200 | + * 3 audio | |
201 | + * 100 acknowledge connectivity when there | |
202 | + * is nothing else to send | |
203 | + * 101 OpenContinue packet | |
204 | + * 104 display a text message and | |
205 | + * disconnect (used by reflector to | |
206 | + * kick clients off) | |
207 | + * 105 display a text message (welcome | |
208 | + * message from reflector) | |
209 | + * 106 exchanged among reflectors for | |
210 | + * reflector interoperation | |
211 | + * 107 carry aux stream data when there is | |
212 | + * no video to piggy-back on | |
213 | + * 108 obsolete (used in Mac alpha version) | |
214 | + * 109 obsolete (used in Mac alpha version) | |
215 | + * 110 used for data rate control | |
216 | + * 111 used for data rate control | |
217 | + * 256 aux data control messages | |
218 | + * 257 aux data packets | |
219 | + * */ | |
220 | + u_int16_t packet_len; | |
221 | +}; | |
222 | + | |
223 | +/* Open Continue Header */ | |
224 | +struct oc_header { | |
225 | + struct cu_header cu_head; | |
226 | + u_int16_t client_count; /* Number of client info structs */ | |
227 | + u_int32_t seq_no; | |
228 | + char user_name[20]; | |
229 | + char stuff[4]; /* Flags, version stuff, etc */ | |
230 | +}; | |
231 | + | |
232 | +/* Client info structures */ | |
233 | +struct client_info { | |
234 | + u_int32_t address; /* Client address */ | |
235 | + char stuff[8]; /* Flags, pruning bitfield, packet counts, etc */ | |
236 | +}; | |
237 | +#pragma pack() | |
238 | + | |
239 | +/* This structure is per expected connection */ | |
240 | +struct ip_ct_cuseeme_expect { | |
241 | +}; | |
242 | + | |
243 | +/* This structure exists only once per master */ | |
244 | +struct ip_ct_cuseeme_master { | |
245 | +}; | |
246 | + | |
247 | +#endif /* _IP_CT_CUSEEME */ | |
248 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack.h | |
249 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack.h 2003-11-26 21:45:37.000000000 +0100 | |
250 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack.h 2003-12-10 23:22:29.227540344 +0100 | |
251 | @@ -51,10 +51,13 @@ | |
252 | ||
253 | #include <linux/netfilter_ipv4/ip_conntrack_tcp.h> | |
254 | #include <linux/netfilter_ipv4/ip_conntrack_icmp.h> | |
255 | +#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h> | |
256 | ||
257 | /* per conntrack: protocol private data */ | |
258 | union ip_conntrack_proto { | |
259 | /* insert conntrack proto private data here */ | |
260 | + struct ip_ct_gre_expect gre; | |
261 | + struct ip_ct_gre gre; | |
262 | struct ip_ct_tcp tcp; | |
263 | struct ip_ct_icmp icmp; | |
264 | }; | |
265 | @@ -64,6 +67,13 @@ | |
266 | }; | |
267 | ||
268 | /* Add protocol helper include file here */ | |
269 | +#include <linux/netfilter_ipv4/ip_conntrack_pptp.h> | |
270 | +#include <linux/netfilter_ipv4/ip_conntrack_talk.h> | |
271 | +#include <linux/netfilter_ipv4/ip_conntrack_rtsp.h> | |
272 | +#include <linux/netfilter_ipv4/ip_conntrack_rsh.h> | |
273 | +#include <linux/netfilter_ipv4/ip_conntrack_mms.h> | |
274 | +#include <linux/netfilter_ipv4/ip_conntrack_h323.h> | |
275 | + | |
276 | #include <linux/netfilter_ipv4/ip_conntrack_amanda.h> | |
277 | #include <linux/netfilter_ipv4/ip_conntrack_ftp.h> | |
278 | #include <linux/netfilter_ipv4/ip_conntrack_irc.h> | |
279 | @@ -71,6 +81,13 @@ | |
280 | /* per expectation: application helper private data */ | |
281 | union ip_conntrack_expect_help { | |
282 | /* insert conntrack helper private data (expect) here */ | |
283 | + struct ip_ct_pptp_expect exp_pptp_info; | |
284 | + struct ip_ct_talk_expect exp_talk_info; | |
285 | + struct ip_ct_rtsp_master ct_rtsp_info; | |
286 | + struct ip_ct_rtsp_expect exp_rtsp_info; | |
287 | + struct ip_ct_rsh_expect exp_rsh_info; | |
288 | + struct ip_ct_mms_expect exp_mms_info; | |
289 | + struct ip_ct_h225_expect exp_h225_info; | |
290 | struct ip_ct_amanda_expect exp_amanda_info; | |
291 | struct ip_ct_ftp_expect exp_ftp_info; | |
292 | struct ip_ct_irc_expect exp_irc_info; | |
293 | @@ -85,16 +102,23 @@ | |
294 | /* per conntrack: application helper private data */ | |
295 | union ip_conntrack_help { | |
296 | /* insert conntrack helper private data (master) here */ | |
297 | + struct ip_ct_pptp_master ct_pptp_info; | |
298 | + struct ip_ct_talk_master ct_talk_info; | |
299 | + struct ip_ct_rsh_master ct_rsh_info; | |
300 | + struct ip_ct_mms_master ct_mms_info; | |
301 | + struct ip_ct_h225_master ct_h225_info; | |
302 | struct ip_ct_ftp_master ct_ftp_info; | |
303 | struct ip_ct_irc_master ct_irc_info; | |
304 | }; | |
305 | ||
306 | #ifdef CONFIG_IP_NF_NAT_NEEDED | |
307 | #include <linux/netfilter_ipv4/ip_nat.h> | |
308 | +#include <linux/netfilter_ipv4/ip_nat_pptp.h> | |
309 | ||
310 | /* per conntrack: nat application helper private data */ | |
311 | union ip_conntrack_nat_help { | |
312 | /* insert nat helper private data here */ | |
313 | + struct ip_nat_pptp nat_pptp_info; | |
314 | }; | |
315 | #endif | |
316 | ||
317 | @@ -206,6 +230,9 @@ | |
318 | } nat; | |
319 | #endif /* CONFIG_IP_NF_NAT_NEEDED */ | |
320 | ||
321 | +#if defined(CONFIG_IP_NF_CONNTRACK_MARK) | |
322 | + unsigned long mark; | |
323 | +#endif | |
324 | }; | |
325 | ||
326 | /* get master conntrack via master expectation */ | |
327 | @@ -247,6 +274,9 @@ | |
328 | extern void ip_ct_refresh(struct ip_conntrack *ct, | |
329 | unsigned long extra_jiffies); | |
330 | ||
331 | +/* Kill conntrack */ | |
332 | +extern void ip_ct_death_by_timeout(unsigned long ul_conntrack); | |
333 | + | |
334 | /* These are for NAT. Icky. */ | |
335 | /* Call me when a conntrack is destroyed. */ | |
336 | extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack); | |
337 | @@ -268,6 +298,9 @@ | |
338 | ||
339 | extern unsigned int ip_conntrack_htable_size; | |
340 | ||
341 | +/* A fake conntrack entry which never vanishes. */ | |
342 | +extern struct ip_conntrack ip_conntrack_untracked; | |
343 | + | |
344 | /* eg. PROVIDES_CONNTRACK(ftp); */ | |
345 | #define PROVIDES_CONNTRACK(name) \ | |
346 | int needs_ip_conntrack_##name; \ | |
347 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_h323.h | |
348 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h 1970-01-01 01:00:00.000000000 +0100 | |
349 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2003-12-10 23:13:58.176231952 +0100 | |
350 | @@ -0,0 +1,30 @@ | |
351 | +#ifndef _IP_CONNTRACK_H323_H | |
352 | +#define _IP_CONNTRACK_H323_H | |
353 | +/* H.323 connection tracking. */ | |
354 | + | |
355 | +#ifdef __KERNEL__ | |
356 | +/* Protects H.323 related data */ | |
357 | +DECLARE_LOCK_EXTERN(ip_h323_lock); | |
358 | +#endif | |
359 | + | |
360 | +/* Default H.225 port */ | |
361 | +#define H225_PORT 1720 | |
362 | + | |
363 | +/* This structure is per expected connection */ | |
364 | +struct ip_ct_h225_expect { | |
365 | + u_int16_t port; /* Port of the H.225 helper/RTCP/RTP channel */ | |
366 | + enum ip_conntrack_dir dir; /* Direction of the original connection */ | |
367 | + unsigned int offset; /* offset of the address in the payload */ | |
368 | +}; | |
369 | + | |
370 | +/* This structure exists only once per master */ | |
371 | +struct ip_ct_h225_master { | |
372 | + int is_h225; /* H.225 or H.245 connection */ | |
373 | +#ifdef CONFIG_IP_NF_NAT_NEEDED | |
374 | + enum ip_conntrack_dir dir; /* Direction of the original connection */ | |
375 | + u_int32_t seq[IP_CT_DIR_MAX]; /* Exceptional packet mangling for signal addressess... */ | |
376 | + unsigned int offset[IP_CT_DIR_MAX]; /* ...and the offset of the addresses in the payload */ | |
377 | +#endif | |
378 | +}; | |
379 | + | |
380 | +#endif /* _IP_CONNTRACK_H323_H */ | |
381 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_mms.h | |
382 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h 1970-01-01 01:00:00.000000000 +0100 | |
383 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2003-12-10 23:14:02.755535792 +0100 | |
384 | @@ -0,0 +1,31 @@ | |
385 | +#ifndef _IP_CONNTRACK_MMS_H | |
386 | +#define _IP_CONNTRACK_MMS_H | |
387 | +/* MMS tracking. */ | |
388 | + | |
389 | +#ifdef __KERNEL__ | |
390 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
391 | + | |
392 | +DECLARE_LOCK_EXTERN(ip_mms_lock); | |
393 | + | |
394 | +#define MMS_PORT 1755 | |
395 | +#define MMS_SRV_MSG_ID 196610 | |
396 | + | |
397 | +#define MMS_SRV_MSG_OFFSET 36 | |
398 | +#define MMS_SRV_UNICODE_STRING_OFFSET 60 | |
399 | +#define MMS_SRV_CHUNKLENLV_OFFSET 16 | |
400 | +#define MMS_SRV_CHUNKLENLM_OFFSET 32 | |
401 | +#define MMS_SRV_MESSAGELENGTH_OFFSET 8 | |
402 | +#endif | |
403 | + | |
404 | +/* This structure is per expected connection */ | |
405 | +struct ip_ct_mms_expect { | |
406 | + u_int32_t len; | |
407 | + u_int32_t padding; | |
408 | + u_int16_t port; | |
409 | +}; | |
410 | + | |
411 | +/* This structure exists only once per master */ | |
412 | +struct ip_ct_mms_master { | |
413 | +}; | |
414 | + | |
415 | +#endif /* _IP_CONNTRACK_MMS_H */ | |
416 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_pptp.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_pptp.h | |
417 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_pptp.h 1970-01-01 01:00:00.000000000 +0100 | |
418 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_pptp.h 2003-11-17 09:09:34.000000000 +0100 | |
419 | @@ -0,0 +1,313 @@ | |
420 | +/* PPTP constants and structs */ | |
421 | +#ifndef _CONNTRACK_PPTP_H | |
422 | +#define _CONNTRACK_PPTP_H | |
423 | + | |
424 | +/* state of the control session */ | |
425 | +enum pptp_ctrlsess_state { | |
426 | + PPTP_SESSION_NONE, /* no session present */ | |
427 | + PPTP_SESSION_ERROR, /* some session error */ | |
428 | + PPTP_SESSION_STOPREQ, /* stop_sess request seen */ | |
429 | + PPTP_SESSION_REQUESTED, /* start_sess request seen */ | |
430 | + PPTP_SESSION_CONFIRMED, /* session established */ | |
431 | +}; | |
432 | + | |
433 | +/* state of the call inside the control session */ | |
434 | +enum pptp_ctrlcall_state { | |
435 | + PPTP_CALL_NONE, | |
436 | + PPTP_CALL_ERROR, | |
437 | + PPTP_CALL_OUT_REQ, | |
438 | + PPTP_CALL_OUT_CONF, | |
439 | + PPTP_CALL_IN_REQ, | |
440 | + PPTP_CALL_IN_REP, | |
441 | + PPTP_CALL_IN_CONF, | |
442 | + PPTP_CALL_CLEAR_REQ, | |
443 | +}; | |
444 | + | |
445 | + | |
446 | +/* conntrack private data */ | |
447 | +struct ip_ct_pptp_master { | |
448 | + enum pptp_ctrlsess_state sstate; /* session state */ | |
449 | + | |
450 | + /* everything below is going to be per-expectation in newnat, | |
451 | + * since there could be more than one call within one session */ | |
452 | + enum pptp_ctrlcall_state cstate; /* call state */ | |
453 | + u_int16_t pac_call_id; /* call id of PAC, host byte order */ | |
454 | + u_int16_t pns_call_id; /* call id of PNS, host byte order */ | |
455 | +}; | |
456 | + | |
457 | +/* conntrack_expect private member */ | |
458 | +struct ip_ct_pptp_expect { | |
459 | + enum pptp_ctrlcall_state cstate; /* call state */ | |
460 | + u_int16_t pac_call_id; /* call id of PAC */ | |
461 | + u_int16_t pns_call_id; /* call id of PNS */ | |
462 | +}; | |
463 | + | |
464 | + | |
465 | +#ifdef __KERNEL__ | |
466 | + | |
467 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
468 | +DECLARE_LOCK_EXTERN(ip_pptp_lock); | |
469 | + | |
470 | +#define IP_CONNTR_PPTP PPTP_CONTROL_PORT | |
471 | + | |
472 | +union pptp_ctrl_union { | |
473 | + void *rawreq; | |
474 | + struct PptpStartSessionRequest *sreq; | |
475 | + struct PptpStartSessionReply *srep; | |
476 | + struct PptpStopSessionReqest *streq; | |
477 | + struct PptpStopSessionReply *strep; | |
478 | + struct PptpOutCallRequest *ocreq; | |
479 | + struct PptpOutCallReply *ocack; | |
480 | + struct PptpInCallRequest *icreq; | |
481 | + struct PptpInCallReply *icack; | |
482 | + struct PptpInCallConnected *iccon; | |
483 | + struct PptpClearCallRequest *clrreq; | |
484 | + struct PptpCallDisconnectNotify *disc; | |
485 | + struct PptpWanErrorNotify *wanerr; | |
486 | + struct PptpSetLinkInfo *setlink; | |
487 | +}; | |
488 | + | |
489 | + | |
490 | + | |
491 | +#define PPTP_CONTROL_PORT 1723 | |
492 | + | |
493 | +#define PPTP_PACKET_CONTROL 1 | |
494 | +#define PPTP_PACKET_MGMT 2 | |
495 | + | |
496 | +#define PPTP_MAGIC_COOKIE 0x1a2b3c4d | |
497 | + | |
498 | +struct pptp_pkt_hdr { | |
499 | + __u16 packetLength; | |
500 | + __u16 packetType; | |
501 | + __u32 magicCookie; | |
502 | +}; | |
503 | + | |
504 | +/* PptpControlMessageType values */ | |
505 | +#define PPTP_START_SESSION_REQUEST 1 | |
506 | +#define PPTP_START_SESSION_REPLY 2 | |
507 | +#define PPTP_STOP_SESSION_REQUEST 3 | |
508 | +#define PPTP_STOP_SESSION_REPLY 4 | |
509 | +#define PPTP_ECHO_REQUEST 5 | |
510 | +#define PPTP_ECHO_REPLY 6 | |
511 | +#define PPTP_OUT_CALL_REQUEST 7 | |
512 | +#define PPTP_OUT_CALL_REPLY 8 | |
513 | +#define PPTP_IN_CALL_REQUEST 9 | |
514 | +#define PPTP_IN_CALL_REPLY 10 | |
515 | +#define PPTP_IN_CALL_CONNECT 11 | |
516 | +#define PPTP_CALL_CLEAR_REQUEST 12 | |
517 | +#define PPTP_CALL_DISCONNECT_NOTIFY 13 | |
518 | +#define PPTP_WAN_ERROR_NOTIFY 14 | |
519 | +#define PPTP_SET_LINK_INFO 15 | |
520 | + | |
521 | +#define PPTP_MSG_MAX 15 | |
522 | + | |
523 | +/* PptpGeneralError values */ | |
524 | +#define PPTP_ERROR_CODE_NONE 0 | |
525 | +#define PPTP_NOT_CONNECTED 1 | |
526 | +#define PPTP_BAD_FORMAT 2 | |
527 | +#define PPTP_BAD_VALUE 3 | |
528 | +#define PPTP_NO_RESOURCE 4 | |
529 | +#define PPTP_BAD_CALLID 5 | |
530 | +#define PPTP_REMOVE_DEVICE_ERROR 6 | |
531 | + | |
532 | +struct PptpControlHeader { | |
533 | + __u16 messageType; | |
534 | + __u16 reserved; | |
535 | +}; | |
536 | + | |
537 | +/* FramingCapability Bitmap Values */ | |
538 | +#define PPTP_FRAME_CAP_ASYNC 0x1 | |
539 | +#define PPTP_FRAME_CAP_SYNC 0x2 | |
540 | + | |
541 | +/* BearerCapability Bitmap Values */ | |
542 | +#define PPTP_BEARER_CAP_ANALOG 0x1 | |
543 | +#define PPTP_BEARER_CAP_DIGITAL 0x2 | |
544 | + | |
545 | +struct PptpStartSessionRequest { | |
546 | + __u16 protocolVersion; | |
547 | + __u8 reserved1; | |
548 | + __u8 reserved2; | |
549 | + __u32 framingCapability; | |
550 | + __u32 bearerCapability; | |
551 | + __u16 maxChannels; | |
552 | + __u16 firmwareRevision; | |
553 | + __u8 hostName[64]; | |
554 | + __u8 vendorString[64]; | |
555 | +}; | |
556 | + | |
557 | +/* PptpStartSessionResultCode Values */ | |
558 | +#define PPTP_START_OK 1 | |
559 | +#define PPTP_START_GENERAL_ERROR 2 | |
560 | +#define PPTP_START_ALREADY_CONNECTED 3 | |
561 | +#define PPTP_START_NOT_AUTHORIZED 4 | |
562 | +#define PPTP_START_UNKNOWN_PROTOCOL 5 | |
563 | + | |
564 | +struct PptpStartSessionReply { | |
565 | + __u16 protocolVersion; | |
566 | + __u8 resultCode; | |
567 | + __u8 generalErrorCode; | |
568 | + __u32 framingCapability; | |
569 | + __u32 bearerCapability; | |
570 | + __u16 maxChannels; | |
571 | + __u16 firmwareRevision; | |
572 | + __u8 hostName[64]; | |
573 | + __u8 vendorString[64]; | |
574 | +}; | |
575 | + | |
576 | +/* PptpStopReasons */ | |
577 | +#define PPTP_STOP_NONE 1 | |
578 | +#define PPTP_STOP_PROTOCOL 2 | |
579 | +#define PPTP_STOP_LOCAL_SHUTDOWN 3 | |
580 | + | |
581 | +struct PptpStopSessionRequest { | |
582 | + __u8 reason; | |
583 | +}; | |
584 | + | |
585 | +/* PptpStopSessionResultCode */ | |
586 | +#define PPTP_STOP_OK 1 | |
587 | +#define PPTP_STOP_GENERAL_ERROR 2 | |
588 | + | |
589 | +struct PptpStopSessionReply { | |
590 | + __u8 resultCode; | |
591 | + __u8 generalErrorCode; | |
592 | +}; | |
593 | + | |
594 | +struct PptpEchoRequest { | |
595 | + __u32 identNumber; | |
596 | +}; | |
597 | + | |
598 | +/* PptpEchoReplyResultCode */ | |
599 | +#define PPTP_ECHO_OK 1 | |
600 | +#define PPTP_ECHO_GENERAL_ERROR 2 | |
601 | + | |
602 | +struct PptpEchoReply { | |
603 | + __u32 identNumber; | |
604 | + __u8 resultCode; | |
605 | + __u8 generalErrorCode; | |
606 | + __u16 reserved; | |
607 | +}; | |
608 | + | |
609 | +/* PptpFramingType */ | |
610 | +#define PPTP_ASYNC_FRAMING 1 | |
611 | +#define PPTP_SYNC_FRAMING 2 | |
612 | +#define PPTP_DONT_CARE_FRAMING 3 | |
613 | + | |
614 | +/* PptpCallBearerType */ | |
615 | +#define PPTP_ANALOG_TYPE 1 | |
616 | +#define PPTP_DIGITAL_TYPE 2 | |
617 | +#define PPTP_DONT_CARE_BEARER_TYPE 3 | |
618 | + | |
619 | +struct PptpOutCallRequest { | |
620 | + __u16 callID; | |
621 | + __u16 callSerialNumber; | |
622 | + __u32 minBPS; | |
623 | + __u32 maxBPS; | |
624 | + __u32 bearerType; | |
625 | + __u32 framingType; | |
626 | + __u16 packetWindow; | |
627 | + __u16 packetProcDelay; | |
628 | + __u16 reserved1; | |
629 | + __u16 phoneNumberLength; | |
630 | + __u16 reserved2; | |
631 | + __u8 phoneNumber[64]; | |
632 | + __u8 subAddress[64]; | |
633 | +}; | |
634 | + | |
635 | +/* PptpCallResultCode */ | |
636 | +#define PPTP_OUTCALL_CONNECT 1 | |
637 | +#define PPTP_OUTCALL_GENERAL_ERROR 2 | |
638 | +#define PPTP_OUTCALL_NO_CARRIER 3 | |
639 | +#define PPTP_OUTCALL_BUSY 4 | |
640 | +#define PPTP_OUTCALL_NO_DIAL_TONE 5 | |
641 | +#define PPTP_OUTCALL_TIMEOUT 6 | |
642 | +#define PPTP_OUTCALL_DONT_ACCEPT 7 | |
643 | + | |
644 | +struct PptpOutCallReply { | |
645 | + __u16 callID; | |
646 | + __u16 peersCallID; | |
647 | + __u8 resultCode; | |
648 | + __u8 generalErrorCode; | |
649 | + __u16 causeCode; | |
650 | + __u32 connectSpeed; | |
651 | + __u16 packetWindow; | |
652 | + __u16 packetProcDelay; | |
653 | + __u32 physChannelID; | |
654 | +}; | |
655 | + | |
656 | +struct PptpInCallRequest { | |
657 | + __u16 callID; | |
658 | + __u16 callSerialNumber; | |
659 | + __u32 callBearerType; | |
660 | + __u32 physChannelID; | |
661 | + __u16 dialedNumberLength; | |
662 | + __u16 dialingNumberLength; | |
663 | + __u8 dialedNumber[64]; | |
664 | + __u8 dialingNumber[64]; | |
665 | + __u8 subAddress[64]; | |
666 | +}; | |
667 | + | |
668 | +/* PptpInCallResultCode */ | |
669 | +#define PPTP_INCALL_ACCEPT 1 | |
670 | +#define PPTP_INCALL_GENERAL_ERROR 2 | |
671 | +#define PPTP_INCALL_DONT_ACCEPT 3 | |
672 | + | |
673 | +struct PptpInCallReply { | |
674 | + __u16 callID; | |
675 | + __u16 peersCallID; | |
676 | + __u8 resultCode; | |
677 | + __u8 generalErrorCode; | |
678 | + __u16 packetWindow; | |
679 | + __u16 packetProcDelay; | |
680 | + __u16 reserved; | |
681 | +}; | |
682 | + | |
683 | +struct PptpInCallConnected { | |
684 | + __u16 peersCallID; | |
685 | + __u16 reserved; | |
686 | + __u32 connectSpeed; | |
687 | + __u16 packetWindow; | |
688 | + __u16 packetProcDelay; | |
689 | + __u32 callFramingType; | |
690 | +}; | |
691 | + | |
692 | +struct PptpClearCallRequest { | |
693 | + __u16 callID; | |
694 | + __u16 reserved; | |
695 | +}; | |
696 | + | |
697 | +struct PptpCallDisconnectNotify { | |
698 | + __u16 callID; | |
699 | + __u8 resultCode; | |
700 | + __u8 generalErrorCode; | |
701 | + __u16 causeCode; | |
702 | + __u16 reserved; | |
703 | + __u8 callStatistics[128]; | |
704 | +}; | |
705 | + | |
706 | +struct PptpWanErrorNotify { | |
707 | + __u16 peersCallID; | |
708 | + __u16 reserved; | |
709 | + __u32 crcErrors; | |
710 | + __u32 framingErrors; | |
711 | + __u32 hardwareOverRuns; | |
712 | + __u32 bufferOverRuns; | |
713 | + __u32 timeoutErrors; | |
714 | + __u32 alignmentErrors; | |
715 | +}; | |
716 | + | |
717 | +struct PptpSetLinkInfo { | |
718 | + __u16 peersCallID; | |
719 | + __u16 reserved; | |
720 | + __u32 sendAccm; | |
721 | + __u32 recvAccm; | |
722 | +}; | |
723 | + | |
724 | + | |
725 | +struct pptp_priv_data { | |
726 | + __u16 call_id; | |
727 | + __u16 mcall_id; | |
728 | + __u16 pcall_id; | |
729 | +}; | |
730 | + | |
731 | +#endif /* __KERNEL__ */ | |
732 | +#endif /* _CONNTRACK_PPTP_H */ | |
733 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h | |
734 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h 1970-01-01 01:00:00.000000000 +0100 | |
735 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h 2003-11-17 09:09:34.000000000 +0100 | |
736 | @@ -0,0 +1,123 @@ | |
737 | +#ifndef _CONNTRACK_PROTO_GRE_H | |
738 | +#define _CONNTRACK_PROTO_GRE_H | |
739 | +#include <asm/byteorder.h> | |
740 | + | |
741 | +/* GRE PROTOCOL HEADER */ | |
742 | + | |
743 | +/* GRE Version field */ | |
744 | +#define GRE_VERSION_1701 0x0 | |
745 | +#define GRE_VERSION_PPTP 0x1 | |
746 | + | |
747 | +/* GRE Protocol field */ | |
748 | +#define GRE_PROTOCOL_PPTP 0x880B | |
749 | + | |
750 | +/* GRE Flags */ | |
751 | +#define GRE_FLAG_C 0x80 | |
752 | +#define GRE_FLAG_R 0x40 | |
753 | +#define GRE_FLAG_K 0x20 | |
754 | +#define GRE_FLAG_S 0x10 | |
755 | +#define GRE_FLAG_A 0x80 | |
756 | + | |
757 | +#define GRE_IS_C(f) ((f)&GRE_FLAG_C) | |
758 | +#define GRE_IS_R(f) ((f)&GRE_FLAG_R) | |
759 | +#define GRE_IS_K(f) ((f)&GRE_FLAG_K) | |
760 | +#define GRE_IS_S(f) ((f)&GRE_FLAG_S) | |
761 | +#define GRE_IS_A(f) ((f)&GRE_FLAG_A) | |
762 | + | |
763 | +/* GRE is a mess: Four different standards */ | |
764 | +struct gre_hdr { | |
765 | +#if defined(__LITTLE_ENDIAN_BITFIELD) | |
766 | + __u16 rec:3, | |
767 | + srr:1, | |
768 | + seq:1, | |
769 | + key:1, | |
770 | + routing:1, | |
771 | + csum:1, | |
772 | + version:3, | |
773 | + reserved:4, | |
774 | + ack:1; | |
775 | +#elif defined(__BIG_ENDIAN_BITFIELD) | |
776 | + __u16 csum:1, | |
777 | + routing:1, | |
778 | + key:1, | |
779 | + seq:1, | |
780 | + srr:1, | |
781 | + rec:3, | |
782 | + ack:1, | |
783 | + reserved:4, | |
784 | + version:3; | |
785 | +#else | |
786 | +#error "Adjust your <asm/byteorder.h> defines" | |
787 | +#endif | |
788 | + __u16 protocol; | |
789 | +}; | |
790 | + | |
791 | +/* modified GRE header for PPTP */ | |
792 | +struct gre_hdr_pptp { | |
793 | + __u8 flags; /* bitfield */ | |
794 | + __u8 version; /* should be GRE_VERSION_PPTP */ | |
795 | + __u16 protocol; /* should be GRE_PROTOCOL_PPTP */ | |
796 | + __u16 payload_len; /* size of ppp payload, not inc. gre header */ | |
797 | + __u16 call_id; /* peer's call_id for this session */ | |
798 | + __u32 seq; /* sequence number. Present if S==1 */ | |
799 | + __u32 ack; /* seq number of highest packet recieved by */ | |
800 | + /* sender in this session */ | |
801 | +}; | |
802 | + | |
803 | + | |
804 | +/* this is part of ip_conntrack */ | |
805 | +struct ip_ct_gre { | |
806 | + unsigned int stream_timeout; | |
807 | + unsigned int timeout; | |
808 | +}; | |
809 | + | |
810 | +/* this is part of ip_conntrack_expect */ | |
811 | +struct ip_ct_gre_expect { | |
812 | + struct ip_ct_gre_keymap *keymap_orig, *keymap_reply; | |
813 | +}; | |
814 | + | |
815 | +#ifdef __KERNEL__ | |
816 | +struct ip_conntrack_expect; | |
817 | + | |
818 | +/* structure for original <-> reply keymap */ | |
819 | +struct ip_ct_gre_keymap { | |
820 | + struct list_head list; | |
821 | + | |
822 | + struct ip_conntrack_tuple tuple; | |
823 | +}; | |
824 | + | |
825 | + | |
826 | +/* add new tuple->key_reply pair to keymap */ | |
827 | +int ip_ct_gre_keymap_add(struct ip_conntrack_expect *exp, | |
828 | + struct ip_conntrack_tuple *t, | |
829 | + int reply); | |
830 | + | |
831 | +/* change an existing keymap entry */ | |
832 | +void ip_ct_gre_keymap_change(struct ip_ct_gre_keymap *km, | |
833 | + struct ip_conntrack_tuple *t); | |
834 | + | |
835 | +/* delete keymap entries */ | |
836 | +void ip_ct_gre_keymap_destroy(struct ip_conntrack_expect *exp); | |
837 | + | |
838 | + | |
839 | +/* get pointer to gre key, if present */ | |
840 | +static inline u_int32_t *gre_key(struct gre_hdr *greh) | |
841 | +{ | |
842 | + if (!greh->key) | |
843 | + return NULL; | |
844 | + if (greh->csum || greh->routing) | |
845 | + return (u_int32_t *) (greh+sizeof(*greh)+4); | |
846 | + return (u_int32_t *) (greh+sizeof(*greh)); | |
847 | +} | |
848 | + | |
849 | +/* get pointer ot gre csum, if present */ | |
850 | +static inline u_int16_t *gre_csum(struct gre_hdr *greh) | |
851 | +{ | |
852 | + if (!greh->csum) | |
853 | + return NULL; | |
854 | + return (u_int16_t *) (greh+sizeof(*greh)); | |
855 | +} | |
856 | + | |
857 | +#endif /* __KERNEL__ */ | |
858 | + | |
859 | +#endif /* _CONNTRACK_PROTO_GRE_H */ | |
860 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_quake3.h | |
861 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 1970-01-01 01:00:00.000000000 +0100 | |
862 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 2003-12-10 23:14:06.243005616 +0100 | |
863 | @@ -0,0 +1,21 @@ | |
864 | +#ifndef _IP_CT_QUAKE3 | |
865 | +#define _IP_CT_QUAKE3 | |
866 | + | |
867 | +/* Don't confuse with 27960, often used as the Server Port */ | |
868 | +#define QUAKE3_MASTER_PORT 27950 | |
869 | + | |
870 | +struct quake3_search { | |
871 | + const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */ | |
872 | + const char *pattern; | |
873 | + size_t plen; | |
874 | +}; | |
875 | + | |
876 | +/* This structure is per expected connection */ | |
877 | +struct ip_ct_quake3_expect { | |
878 | +}; | |
879 | + | |
880 | +/* This structure exists only once per master */ | |
881 | +struct ip_ct_quake3_master { | |
882 | +}; | |
883 | + | |
884 | +#endif /* _IP_CT_QUAKE3 */ | |
885 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rpc.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rpc.h | |
886 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rpc.h 1970-01-01 01:00:00.000000000 +0100 | |
887 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rpc.h 2003-12-10 23:14:10.155410840 +0100 | |
888 | @@ -0,0 +1,68 @@ | |
889 | +/* RPC extension for IP connection tracking, Version 2.2 | |
890 | + * (C) 2000 by Marcelo Barbosa Lima <marcelo.lima@dcc.unicamp.br> | |
891 | + * - original rpc tracking module | |
892 | + * - "recent" connection handling for kernel 2.3+ netfilter | |
893 | + * | |
894 | + * (C) 2001 by Rusty Russell <rusty@rustcorp.com.au> | |
895 | + * - upgraded conntrack modules to oldnat api - kernel 2.4.0+ | |
896 | + * | |
897 | + * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au> | |
898 | + * - upgraded conntrack modules to newnat api - kernel 2.4.20+ | |
899 | + * - extended matching to support filtering on procedures | |
900 | + * | |
901 | + * ip_conntrack_rpc.h,v 2.2 2003/01/12 18:30:00 | |
902 | + * | |
903 | + * This program is free software; you can redistribute it and/or | |
904 | + * modify it under the terms of the GNU General Public License | |
905 | + * as published by the Free Software Foundation; either version | |
906 | + * 2 of the License, or (at your option) any later version. | |
907 | + ** | |
908 | + */ | |
909 | + | |
910 | +#include <asm/param.h> | |
911 | +#include <linux/sched.h> | |
912 | +#include <linux/timer.h> | |
913 | +#include <linux/stddef.h> | |
914 | +#include <linux/list.h> | |
915 | + | |
916 | +#include <linux/netfilter_ipv4/ip_conntrack_helper.h> | |
917 | + | |
918 | +#ifndef _IP_CONNTRACK_RPC_H | |
919 | +#define _IP_CONNTRACK_RPC_H | |
920 | + | |
921 | +#define RPC_PORT 111 | |
922 | + | |
923 | + | |
924 | +/* Datum in RPC packets are encoded in XDR */ | |
925 | +#define IXDR_GET_INT32(buf) ((u_int32_t) ntohl((uint32_t)*buf)) | |
926 | + | |
927 | +/* Fast timeout, to deny DoS atacks */ | |
928 | +#define EXP (60 * HZ) | |
929 | + | |
930 | +/* Normal timeouts */ | |
931 | +#define EXPIRES (180 * HZ) | |
932 | + | |
933 | +/* For future conections RPC, using client's cache bindings | |
934 | + * I'll use ip_conntrack_lock to lock these lists */ | |
935 | + | |
936 | +/* This identifies each request and stores protocol */ | |
937 | +struct request_p { | |
938 | + struct list_head list; | |
939 | + | |
940 | + u_int32_t xid; | |
941 | + u_int32_t ip; | |
942 | + u_int16_t port; | |
943 | + | |
944 | + /* Protocol */ | |
945 | + u_int16_t proto; | |
946 | + | |
947 | + struct timer_list timeout; | |
948 | +}; | |
949 | + | |
950 | +static inline int request_p_cmp(const struct request_p *p, u_int32_t xid, | |
951 | + u_int32_t ip, u_int32_t port) { | |
952 | + return (p->xid == xid && p->ip == ip && p->port); | |
953 | + | |
954 | +} | |
955 | + | |
956 | +#endif /* _IP_CONNTRACK_RPC_H */ | |
957 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rsh.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rsh.h | |
958 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 1970-01-01 01:00:00.000000000 +0100 | |
959 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 2003-12-10 23:14:11.556197888 +0100 | |
960 | @@ -0,0 +1,35 @@ | |
961 | +/* RSH extension for IP connection tracking, Version 1.0 | |
962 | + * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au> | |
963 | + * based on HW's ip_conntrack_irc.c | |
964 | + * | |
965 | + * ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26 | |
966 | + * | |
967 | + * This program is free software; you can redistribute it and/or | |
968 | + * modify it under the terms of the GNU General Public License | |
969 | + * as published by the Free Software Foundation; either version | |
970 | + * 2 of the License, or (at your option) any later version. | |
971 | + */ | |
972 | +#ifndef _IP_CONNTRACK_RSH_H | |
973 | +#define _IP_CONNTRACK_RSH_H | |
974 | + | |
975 | +#ifdef __KERNEL__ | |
976 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
977 | + | |
978 | +DECLARE_LOCK_EXTERN(ip_rsh_lock); | |
979 | +#endif | |
980 | + | |
981 | + | |
982 | +#define RSH_PORT 514 | |
983 | + | |
984 | +/* This structure is per expected connection */ | |
985 | +struct ip_ct_rsh_expect | |
986 | +{ | |
987 | + u_int16_t port; | |
988 | +}; | |
989 | + | |
990 | +/* This structure exists only once per master */ | |
991 | +struct ip_ct_rsh_master { | |
992 | +}; | |
993 | + | |
994 | +#endif /* _IP_CONNTRACK_RSH_H */ | |
995 | + | |
996 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h | |
997 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 1970-01-01 01:00:00.000000000 +0100 | |
998 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 2003-12-10 23:14:12.890994968 +0100 | |
999 | @@ -0,0 +1,68 @@ | |
1000 | +/* | |
1001 | + * RTSP extension for IP connection tracking. | |
1002 | + * (C) 2003 by Tom Marshall <tmarshall@real.com> | |
1003 | + * based on ip_conntrack_irc.h | |
1004 | + * | |
1005 | + * This program is free software; you can redistribute it and/or | |
1006 | + * modify it under the terms of the GNU General Public License | |
1007 | + * as published by the Free Software Foundation; either version | |
1008 | + * 2 of the License, or (at your option) any later version. | |
1009 | + */ | |
1010 | +#ifndef _IP_CONNTRACK_RTSP_H | |
1011 | +#define _IP_CONNTRACK_RTSP_H | |
1012 | + | |
1013 | +/* #define IP_NF_RTSP_DEBUG */ | |
1014 | +#define IP_NF_RTSP_VERSION "0.01" | |
1015 | + | |
1016 | +/* port block types */ | |
1017 | +typedef enum { | |
1018 | + pb_single, /* client_port=x */ | |
1019 | + pb_range, /* client_port=x-y */ | |
1020 | + pb_discon /* client_port=x/y (rtspbis) */ | |
1021 | +} portblock_t; | |
1022 | + | |
1023 | +/* We record seq number and length of rtsp headers here, all in host order. */ | |
1024 | + | |
1025 | +/* | |
1026 | + * This structure is per expected connection. It is a member of struct | |
1027 | + * ip_conntrack_expect. The TCP SEQ for the conntrack expect is stored | |
1028 | + * there and we are expected to only store the length of the data which | |
1029 | + * needs replaced. If a packet contains multiple RTSP messages, we create | |
1030 | + * one expected connection per message. | |
1031 | + * | |
1032 | + * We use these variables to mark the entire header block. This may seem | |
1033 | + * like overkill, but the nature of RTSP requires it. A header may appear | |
1034 | + * multiple times in a message. We must treat two Transport headers the | |
1035 | + * same as one Transport header with two entries. | |
1036 | + */ | |
1037 | +struct ip_ct_rtsp_expect | |
1038 | +{ | |
1039 | + u_int32_t len; /* length of header block */ | |
1040 | + portblock_t pbtype; /* Type of port block that was requested */ | |
1041 | + u_int16_t loport; /* Port that was requested, low or first */ | |
1042 | + u_int16_t hiport; /* Port that was requested, high or second */ | |
1043 | +#if 0 | |
1044 | + uint method; /* RTSP method */ | |
1045 | + uint cseq; /* CSeq from request */ | |
1046 | +#endif | |
1047 | +}; | |
1048 | + | |
1049 | +/* This structure exists only once per master */ | |
1050 | +struct ip_ct_rtsp_master | |
1051 | +{ | |
1052 | + /* Empty (?) */ | |
1053 | +}; | |
1054 | + | |
1055 | + | |
1056 | +#ifdef __KERNEL__ | |
1057 | + | |
1058 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
1059 | + | |
1060 | +#define RTSP_PORT 554 | |
1061 | + | |
1062 | +/* Protects rtsp part of conntracks */ | |
1063 | +DECLARE_LOCK_EXTERN(ip_rtsp_lock); | |
1064 | + | |
1065 | +#endif /* __KERNEL__ */ | |
1066 | + | |
1067 | +#endif /* _IP_CONNTRACK_RTSP_H */ | |
1068 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_talk.h | |
1069 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h 1970-01-01 01:00:00.000000000 +0100 | |
1070 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2003-12-10 23:14:15.479601440 +0100 | |
1071 | @@ -0,0 +1,152 @@ | |
1072 | +#ifndef _IP_CONNTRACK_TALK_H | |
1073 | +#define _IP_CONNTRACK_TALK_H | |
1074 | +/* TALK tracking. */ | |
1075 | + | |
1076 | +#ifdef __KERNEL__ | |
1077 | +#include <linux/in.h> | |
1078 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
1079 | + | |
1080 | +/* Protects talk part of conntracks */ | |
1081 | +DECLARE_LOCK_EXTERN(ip_talk_lock); | |
1082 | +#endif | |
1083 | + | |
1084 | + | |
1085 | +#define TALK_PORT 517 | |
1086 | +#define NTALK_PORT 518 | |
1087 | + | |
1088 | +/* talk structures and constants from <protocols/talkd.h> */ | |
1089 | + | |
1090 | +/* | |
1091 | + * 4.3BSD struct sockaddr | |
1092 | + */ | |
1093 | +struct talk_addr { | |
1094 | + u_int16_t ta_family; | |
1095 | + u_int16_t ta_port; | |
1096 | + u_int32_t ta_addr; | |
1097 | + u_int32_t ta_junk1; | |
1098 | + u_int32_t ta_junk2; | |
1099 | +}; | |
1100 | + | |
1101 | +#define TALK_OLD_NSIZE 9 | |
1102 | +#define TALK_NSIZE 12 | |
1103 | +#define TALK_TTY_NSIZE 16 | |
1104 | + | |
1105 | +/* | |
1106 | + * Client->server request message formats. | |
1107 | + */ | |
1108 | +struct talk_msg { | |
1109 | + u_char type; /* request type, see below */ | |
1110 | + char l_name[TALK_OLD_NSIZE];/* caller's name */ | |
1111 | + char r_name[TALK_OLD_NSIZE];/* callee's name */ | |
1112 | + u_char pad; | |
1113 | + u_int32_t id_num; /* message id */ | |
1114 | + int32_t pid; /* caller's process id */ | |
1115 | + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */ | |
1116 | + struct talk_addr addr; /* old (4.3) style */ | |
1117 | + struct talk_addr ctl_addr; /* old (4.3) style */ | |
1118 | +}; | |
1119 | + | |
1120 | +struct ntalk_msg { | |
1121 | + u_char vers; /* protocol version */ | |
1122 | + u_char type; /* request type, see below */ | |
1123 | + u_char answer; /* not used */ | |
1124 | + u_char pad; | |
1125 | + u_int32_t id_num; /* message id */ | |
1126 | + struct talk_addr addr; /* old (4.3) style */ | |
1127 | + struct talk_addr ctl_addr; /* old (4.3) style */ | |
1128 | + int32_t pid; /* caller's process id */ | |
1129 | + char l_name[TALK_NSIZE];/* caller's name */ | |
1130 | + char r_name[TALK_NSIZE];/* callee's name */ | |
1131 | + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */ | |
1132 | +}; | |
1133 | + | |
1134 | +struct ntalk2_msg { | |
1135 | + u_char vers; /* talk protocol version */ | |
1136 | + u_char type; /* request type */ | |
1137 | + u_char answer; /* */ | |
1138 | + u_char extended; /* !0 if additional parts */ | |
1139 | + u_int32_t id_num; /* message id number (dels) */ | |
1140 | + struct talk_addr addr; /* target address */ | |
1141 | + struct talk_addr ctl_addr; /* reply to address */ | |
1142 | + int32_t pid; /* caller's process id */ | |
1143 | + char l_name[TALK_NSIZE]; /* caller's name */ | |
1144 | + char r_name[TALK_NSIZE]; /* callee's name */ | |
1145 | + char r_tty[TALK_TTY_NSIZE]; /* callee's tty */ | |
1146 | +}; | |
1147 | + | |
1148 | +/* | |
1149 | + * Server->client response message formats. | |
1150 | + */ | |
1151 | +struct talk_response { | |
1152 | + u_char type; /* type of request message, see below */ | |
1153 | + u_char answer; /* response to request message, see below */ | |
1154 | + u_char pad[2]; | |
1155 | + u_int32_t id_num; /* message id */ | |
1156 | + struct talk_addr addr; /* address for establishing conversation */ | |
1157 | +}; | |
1158 | + | |
1159 | +struct ntalk_response { | |
1160 | + u_char vers; /* protocol version */ | |
1161 | + u_char type; /* type of request message, see below */ | |
1162 | + u_char answer; /* response to request message, see below */ | |
1163 | + u_char pad; | |
1164 | + u_int32_t id_num; /* message id */ | |
1165 | + struct talk_addr addr; /* address for establishing conversation */ | |
1166 | +}; | |
1167 | + | |
1168 | +struct ntalk2_response { | |
1169 | + u_char vers; /* protocol version */ | |
1170 | + u_char type; /* type of request message */ | |
1171 | + u_char answer; /* response to request */ | |
1172 | + u_char rvers; /* Version of answering vers*/ | |
1173 | + u_int32_t id_num; /* message id number */ | |
1174 | + struct talk_addr addr; /* address for connection */ | |
1175 | + /* This is at the end to compatiblize this with NTALK version. */ | |
1176 | + char r_name[TALK_NSIZE]; /* callee's name */ | |
1177 | +}; | |
1178 | + | |
1179 | +#define TALK_STR(data, talk_str, member) ((struct talk_str *)data)->member) | |
1180 | +#define TALK_RESP(data, ver, member) (ver ? ((struct ntalk_response *)data)->member : ((struct talk_response *)data)->member) | |
1181 | +#define TALK_MSG(data, ver, member) (ver ? ((struct ntalk_msg *)data)->member : ((struct talk_msg *)data)->member) | |
1182 | + | |
1183 | +#define TALK_VERSION 0 /* protocol versions */ | |
1184 | +#define NTALK_VERSION 1 | |
1185 | +#define NTALK2_VERSION 2 | |
1186 | + | |
1187 | +/* message type values */ | |
1188 | +#define LEAVE_INVITE 0 /* leave invitation with server */ | |
1189 | +#define LOOK_UP 1 /* check for invitation by callee */ | |
1190 | +#define DELETE 2 /* delete invitation by caller */ | |
1191 | +#define ANNOUNCE 3 /* announce invitation by caller */ | |
1192 | +/* NTALK2 */ | |
1193 | +#define REPLY_QUERY 4 /* request reply data from local daemon */ | |
1194 | + | |
1195 | +/* answer values */ | |
1196 | +#define SUCCESS 0 /* operation completed properly */ | |
1197 | +#define NOT_HERE 1 /* callee not logged in */ | |
1198 | +#define FAILED 2 /* operation failed for unexplained reason */ | |
1199 | +#define MACHINE_UNKNOWN 3 /* caller's machine name unknown */ | |
1200 | +#define PERMISSION_DENIED 4 /* callee's tty doesn't permit announce */ | |
1201 | +#define UNKNOWN_REQUEST 5 /* request has invalid type value */ | |
1202 | +#define BADVERSION 6 /* request has invalid protocol version */ | |
1203 | +#define BADADDR 7 /* request has invalid addr value */ | |
1204 | +#define BADCTLADDR 8 /* request has invalid ctl_addr value */ | |
1205 | +/* NTALK2 */ | |
1206 | +#define NO_CALLER 9 /* no-one calling answer from REPLY */ | |
1207 | +#define TRY_HERE 10 /* Not on this machine, try this */ | |
1208 | +#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */ | |
1209 | +#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */ | |
1210 | + | |
1211 | +/* We don't really need much for talk */ | |
1212 | +struct ip_ct_talk_expect | |
1213 | +{ | |
1214 | + /* Port that was to be used */ | |
1215 | + u_int16_t port; | |
1216 | +}; | |
1217 | + | |
1218 | +/* This structure exists only once per master */ | |
1219 | +struct ip_ct_talk_master | |
1220 | +{ | |
1221 | +}; | |
1222 | + | |
1223 | +#endif /* _IP_CONNTRACK_TALK_H */ | |
1224 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_tuple.h | |
1225 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2003-11-26 21:44:58.000000000 +0100 | |
1226 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2003-12-10 23:13:04.122449376 +0100 | |
1227 | @@ -14,7 +14,7 @@ | |
1228 | union ip_conntrack_manip_proto | |
1229 | { | |
1230 | /* Add other protocols here. */ | |
1231 | - u_int16_t all; | |
1232 | + u_int32_t all; | |
1233 | ||
1234 | struct { | |
1235 | u_int16_t port; | |
1236 | @@ -25,6 +25,9 @@ | |
1237 | struct { | |
1238 | u_int16_t id; | |
1239 | } icmp; | |
1240 | + struct { | |
1241 | + u_int32_t key; | |
1242 | + } gre; | |
1243 | }; | |
1244 | ||
1245 | /* The manipulable part of the tuple. */ | |
1246 | @@ -44,7 +47,7 @@ | |
1247 | u_int32_t ip; | |
1248 | union { | |
1249 | /* Add other protocols here. */ | |
1250 | - u_int16_t all; | |
1251 | + u_int64_t all; | |
1252 | ||
1253 | struct { | |
1254 | u_int16_t port; | |
1255 | @@ -55,6 +58,11 @@ | |
1256 | struct { | |
1257 | u_int8_t type, code; | |
1258 | } icmp; | |
1259 | + struct { | |
1260 | + u_int16_t protocol; | |
1261 | + u_int8_t version; | |
1262 | + u_int32_t key; | |
1263 | + } gre; | |
1264 | } u; | |
1265 | ||
1266 | /* The protocol. */ | |
1267 | @@ -80,10 +88,16 @@ | |
1268 | #ifdef __KERNEL__ | |
1269 | ||
1270 | #define DUMP_TUPLE(tp) \ | |
1271 | -DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \ | |
1272 | +DEBUGP("tuple %p: %u %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u\n", \ | |
1273 | (tp), (tp)->dst.protonum, \ | |
1274 | - NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \ | |
1275 | - NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all)) | |
1276 | + NIPQUAD((tp)->src.ip), ntohl((tp)->src.u.all), \ | |
1277 | + NIPQUAD((tp)->dst.ip), ntohl((tp)->dst.u.all)) | |
1278 | + | |
1279 | +#define DUMP_TUPLE_RAW(x) \ | |
1280 | + DEBUGP("tuple %p: %u %u.%u.%u.%u:0x%08x -> %u.%u.%u.%u:0x%08x\n",\ | |
1281 | + (x), (x)->dst.protonum, \ | |
1282 | + NIPQUAD((x)->src.ip), ntohl((x)->src.u.all), \ | |
1283 | + NIPQUAD((x)->dst.ip), ntohl((x)->dst.u.all)) | |
1284 | ||
1285 | #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL) | |
1286 | ||
1287 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_nat_pptp.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_nat_pptp.h | |
1288 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_nat_pptp.h 1970-01-01 01:00:00.000000000 +0100 | |
1289 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_nat_pptp.h 2003-11-17 09:09:34.000000000 +0100 | |
1290 | @@ -0,0 +1,11 @@ | |
1291 | +/* PPTP constants and structs */ | |
1292 | +#ifndef _NAT_PPTP_H | |
1293 | +#define _NAT_PPTP_H | |
1294 | + | |
1295 | +/* conntrack private data */ | |
1296 | +struct ip_nat_pptp { | |
1297 | + u_int16_t pns_call_id; /* NAT'ed PNS call id */ | |
1298 | + u_int16_t pac_call_id; /* NAT'ed PAC call id */ | |
1299 | +}; | |
1300 | + | |
1301 | +#endif /* _NAT_PPTP_H */ | |
1302 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_pool.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_pool.h | |
1303 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_pool.h 1970-01-01 01:00:00.000000000 +0100 | |
1304 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_pool.h 2003-12-10 23:13:39.981997896 +0100 | |
1305 | @@ -0,0 +1,64 @@ | |
1306 | +#ifndef _IP_POOL_H | |
1307 | +#define _IP_POOL_H | |
1308 | + | |
1309 | +/***************************************************************************/ | |
1310 | +/* This program is free software; you can redistribute it and/or modify */ | |
1311 | +/* it under the terms of the GNU General Public License as published by */ | |
1312 | +/* the Free Software Foundation; either version 2 of the License, or */ | |
1313 | +/* (at your option) any later version. */ | |
1314 | +/* */ | |
1315 | +/* This program is distributed in the hope that it will be useful, */ | |
1316 | +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ | |
1317 | +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ | |
1318 | +/* GNU General Public License for more details. */ | |
1319 | +/* */ | |
1320 | +/* You should have received a copy of the GNU General Public License */ | |
1321 | +/* along with this program; if not, write to the Free Software */ | |
1322 | +/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/ | |
1323 | +/***************************************************************************/ | |
1324 | + | |
1325 | +/* A sockopt of such quality has hardly ever been seen before on the open | |
1326 | + * market! This little beauty, hardly ever used: above 64, so it's | |
1327 | + * traditionally used for firewalling, not touched (even once!) by the | |
1328 | + * 2.0, 2.2 and 2.4 kernels! | |
1329 | + * | |
1330 | + * Comes with its own certificate of authenticity, valid anywhere in the | |
1331 | + * Free world! | |
1332 | + * | |
1333 | + * Rusty, 19.4.2000 | |
1334 | + */ | |
1335 | +#define SO_IP_POOL 81 | |
1336 | + | |
1337 | +typedef int ip_pool_t; /* pool index */ | |
1338 | +#define IP_POOL_NONE ((ip_pool_t)-1) | |
1339 | + | |
1340 | +struct ip_pool_request { | |
1341 | + int op; | |
1342 | + ip_pool_t index; | |
1343 | + u_int32_t addr; | |
1344 | + u_int32_t addr2; | |
1345 | +}; | |
1346 | + | |
1347 | +/* NOTE: I deliberately break the first cut ippool utility. Nobody uses it. */ | |
1348 | + | |
1349 | +#define IP_POOL_BAD001 0x00000010 | |
1350 | + | |
1351 | +#define IP_POOL_FLUSH 0x00000011 /* req.index, no arguments */ | |
1352 | +#define IP_POOL_INIT 0x00000012 /* from addr to addr2 incl. */ | |
1353 | +#define IP_POOL_DESTROY 0x00000013 /* req.index, no arguments */ | |
1354 | +#define IP_POOL_ADD_ADDR 0x00000014 /* add addr to pool */ | |
1355 | +#define IP_POOL_DEL_ADDR 0x00000015 /* del addr from pool */ | |
1356 | +#define IP_POOL_HIGH_NR 0x00000016 /* result in req.index */ | |
1357 | +#define IP_POOL_LOOKUP 0x00000017 /* result in addr and addr2 */ | |
1358 | +#define IP_POOL_USAGE 0x00000018 /* result in addr */ | |
1359 | +#define IP_POOL_TEST_ADDR 0x00000019 /* result (0/1) returned */ | |
1360 | + | |
1361 | +#ifdef __KERNEL__ | |
1362 | + | |
1363 | +/* NOTE: ip_pool_match() and ip_pool_mod() expect ADDR to be host byte order */ | |
1364 | +extern int ip_pool_match(ip_pool_t pool, u_int32_t addr); | |
1365 | +extern int ip_pool_mod(ip_pool_t pool, u_int32_t addr, int isdel); | |
1366 | + | |
1367 | +#endif | |
1368 | + | |
1369 | +#endif /*_IP_POOL_H*/ | |
1370 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_queue.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_queue.h | |
1371 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_queue.h 2003-11-26 21:45:32.000000000 +0100 | |
1372 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_queue.h 2003-12-10 23:14:19.439999368 +0100 | |
1373 | @@ -47,10 +47,20 @@ | |
1374 | unsigned char payload[0]; /* Optional replacement packet */ | |
1375 | } ipq_verdict_msg_t; | |
1376 | ||
1377 | +typedef struct ipq_vwmark_msg { | |
1378 | + unsigned int value; /* Verdict to hand to netfilter */ | |
1379 | + unsigned long id; /* Packet ID for this verdict */ | |
1380 | + size_t data_len; /* Length of replacement data */ | |
1381 | + unsigned char payload[0]; /* Optional replacement packet */ | |
1382 | + unsigned long nfmark; /* Mark for the Packet */ | |
1383 | +} ipq_vwmark_msg_t; | |
1384 | + | |
1385 | + | |
1386 | typedef struct ipq_peer_msg { | |
1387 | union { | |
1388 | ipq_verdict_msg_t verdict; | |
1389 | ipq_mode_msg_t mode; | |
1390 | + ipq_vwmark_msg_t vwmark; | |
1391 | } msg; | |
1392 | } ipq_peer_msg_t; | |
1393 | ||
1394 | @@ -67,6 +77,7 @@ | |
1395 | #define IPQM_MODE (IPQM_BASE + 1) /* Mode request from peer */ | |
1396 | #define IPQM_VERDICT (IPQM_BASE + 2) /* Verdict from peer */ | |
1397 | #define IPQM_PACKET (IPQM_BASE + 3) /* Packet from kernel */ | |
1398 | -#define IPQM_MAX (IPQM_BASE + 4) | |
1399 | +#define IPQM_VWMARK (IPQM_BASE + 4) /* Verdict and mark from peer */ | |
1400 | +#define IPQM_MAX (IPQM_BASE + 5) | |
1401 | ||
1402 | #endif /*_IP_QUEUE_H*/ | |
1403 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_tables.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_tables.h | |
1404 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ip_tables.h 2003-11-26 21:44:17.000000000 +0100 | |
1405 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ip_tables.h 2003-12-10 23:13:24.656327752 +0100 | |
1406 | @@ -134,6 +134,12 @@ | |
1407 | /* Back pointer */ | |
1408 | unsigned int comefrom; | |
1409 | ||
1410 | + /* Name of the chain */ | |
1411 | + char *chainname; | |
1412 | + | |
1413 | + /* Rule number in the chain. */ | |
1414 | + u_int32_t rulenum; | |
1415 | + | |
1416 | /* Packet and byte counters. */ | |
1417 | struct ipt_counters counters; | |
1418 | ||
1419 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_addrtype.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_addrtype.h | |
1420 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_addrtype.h 1970-01-01 01:00:00.000000000 +0100 | |
1421 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_addrtype.h 2003-12-10 23:13:51.091309024 +0100 | |
1422 | @@ -0,0 +1,11 @@ | |
1423 | +#ifndef _IPT_ADDRTYPE_H | |
1424 | +#define _IPT_ADDRTYPE_H | |
1425 | + | |
1426 | +struct ipt_addrtype_info { | |
1427 | + u_int16_t source; /* source-type mask */ | |
1428 | + u_int16_t dest; /* dest-type mask */ | |
1429 | + int invert_source; | |
1430 | + int invert_dest; | |
1431 | +}; | |
1432 | + | |
1433 | +#endif | |
1434 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_condition.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_condition.h | |
1435 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_condition.h 1970-01-01 01:00:00.000000000 +0100 | |
1436 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_condition.h 2003-12-10 23:13:53.355964744 +0100 | |
1437 | @@ -0,0 +1,11 @@ | |
1438 | +#ifndef __IPT_CONDITION_MATCH__ | |
1439 | +#define __IPT_CONDITION_MATCH__ | |
1440 | + | |
1441 | +#define CONDITION_NAME_LEN 32 | |
1442 | + | |
1443 | +struct condition_info { | |
1444 | + char name[CONDITION_NAME_LEN]; | |
1445 | + int invert; | |
1446 | +}; | |
1447 | + | |
1448 | +#endif | |
1449 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_connlimit.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_connlimit.h | |
1450 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_connlimit.h 1970-01-01 01:00:00.000000000 +0100 | |
1451 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_connlimit.h 2003-12-10 23:13:26.810000344 +0100 | |
1452 | @@ -0,0 +1,12 @@ | |
1453 | +#ifndef _IPT_CONNLIMIT_H | |
1454 | +#define _IPT_CONNLIMIT_H | |
1455 | + | |
1456 | +struct ipt_connlimit_data; | |
1457 | + | |
1458 | +struct ipt_connlimit_info { | |
1459 | + int limit; | |
1460 | + int inverse; | |
1461 | + u_int32_t mask; | |
1462 | + struct ipt_connlimit_data *data; | |
1463 | +}; | |
1464 | +#endif /* _IPT_CONNLIMIT_H */ | |
1465 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_connmark.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_connmark.h | |
1466 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_connmark.h 1970-01-01 01:00:00.000000000 +0100 | |
1467 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_connmark.h 2003-12-10 23:13:54.582778240 +0100 | |
1468 | @@ -0,0 +1,9 @@ | |
1469 | +#ifndef _IPT_CONNMARK_H | |
1470 | +#define _IPT_CONNMARK_H | |
1471 | + | |
1472 | +struct ipt_connmark_info { | |
1473 | + unsigned long mark, mask; | |
1474 | + u_int8_t invert; | |
1475 | +}; | |
1476 | + | |
1477 | +#endif /*_IPT_CONNMARK_H*/ | |
1478 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_CONNMARK.h | |
1479 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
1480 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2003-12-10 23:13:54.582778240 +0100 | |
1481 | @@ -0,0 +1,15 @@ | |
1482 | +#ifndef _IPT_CONNMARK_H_target | |
1483 | +#define _IPT_CONNMARK_H_target | |
1484 | + | |
1485 | +enum { | |
1486 | + IPT_CONNMARK_SET = 0, | |
1487 | + IPT_CONNMARK_SAVE, | |
1488 | + IPT_CONNMARK_RESTORE | |
1489 | +}; | |
1490 | + | |
1491 | +struct ipt_connmark_target_info { | |
1492 | + unsigned long mark; | |
1493 | + u_int8_t mode; | |
1494 | +}; | |
1495 | + | |
1496 | +#endif /*_IPT_CONNMARK_H_target*/ | |
1497 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_conntrack.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_conntrack.h | |
1498 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_conntrack.h 2003-11-26 21:45:07.000000000 +0100 | |
1499 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_conntrack.h 2003-12-10 23:13:24.657327600 +0100 | |
1500 | @@ -10,6 +10,7 @@ | |
1501 | ||
1502 | #define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) | |
1503 | #define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) | |
1504 | +#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) | |
1505 | ||
1506 | /* flags, invflags: */ | |
1507 | #define IPT_CONNTRACK_STATE 0x01 | |
1508 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_dstlimit.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_dstlimit.h | |
1509 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_dstlimit.h 1970-01-01 01:00:00.000000000 +0100 | |
1510 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_dstlimit.h 2003-12-10 23:13:27.868839376 +0100 | |
1511 | @@ -0,0 +1,36 @@ | |
1512 | +#ifndef _IPT_DSTLIMIT_H | |
1513 | +#define _IPT_DSTLIMIT_H | |
1514 | + | |
1515 | +/* timings are in milliseconds. */ | |
1516 | +#define IPT_DSTLIMIT_SCALE 10000 | |
1517 | +/* 1/10,000 sec period => max of 10,000/sec. Min rate is then 429490 | |
1518 | + seconds, or one every 59 hours. */ | |
1519 | + | |
1520 | +/* details of this structure hidden by the implementation */ | |
1521 | +struct ipt_dstlimit_htable; | |
1522 | + | |
1523 | +#define IPT_DSTLIMIT_HASH_DIP 0x0001 | |
1524 | +#define IPT_DSTLIMIT_HASH_DPT 0x0002 | |
1525 | +#define IPT_DSTLIMIT_HASH_SIP 0x0004 | |
1526 | + | |
1527 | +struct ipt_dstlimit_info { | |
1528 | + u_int32_t mode; /* bitmask of IPT_DSTLIMIT_HASH_* */ | |
1529 | + u_int32_t avg; /* Average secs between packets * scale */ | |
1530 | + u_int32_t burst; /* Period multiplier for upper limit. */ | |
1531 | + | |
1532 | + /* user specified */ | |
1533 | + unsigned int size; /* how many buckets */ | |
1534 | + unsigned int max; /* max number of entries */ | |
1535 | + unsigned int gc_interval; /* gc interval */ | |
1536 | + unsigned int expire; /* when do entries expire? */ | |
1537 | + char name [IFNAMSIZ]; /* name */ | |
1538 | + | |
1539 | + struct ipt_dstlimit_htable *hinfo; | |
1540 | + | |
1541 | + /* Used internally by the kernel */ | |
1542 | + union { | |
1543 | + void *ptr; | |
1544 | + struct ipt_dstlimit_info *master; | |
1545 | + } u; | |
1546 | +}; | |
1547 | +#endif /*_IPT_DSTLIMIT_H*/ | |
1548 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_fuzzy.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_fuzzy.h | |
1549 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_fuzzy.h 1970-01-01 01:00:00.000000000 +0100 | |
1550 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_fuzzy.h 2003-12-10 23:13:30.016512880 +0100 | |
1551 | @@ -0,0 +1,21 @@ | |
1552 | +#ifndef _IPT_FUZZY_H | |
1553 | +#define _IPT_FUZZY_H | |
1554 | + | |
1555 | +#include <linux/param.h> | |
1556 | +#include <linux/types.h> | |
1557 | + | |
1558 | +#define MAXFUZZYRATE 10000000 | |
1559 | +#define MINFUZZYRATE 3 | |
1560 | + | |
1561 | +struct ipt_fuzzy_info { | |
1562 | + u_int32_t minimum_rate; | |
1563 | + u_int32_t maximum_rate; | |
1564 | + u_int32_t packets_total; | |
1565 | + u_int32_t bytes_total; | |
1566 | + u_int32_t previous_time; | |
1567 | + u_int32_t present_time; | |
1568 | + u_int32_t mean_rate; | |
1569 | + u_int8_t acceptance_rate; | |
1570 | +}; | |
1571 | + | |
1572 | +#endif /*_IPT_FUZZY_H*/ | |
1573 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_IPMARK.h | |
1574 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
1575 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_IPMARK.h 2003-12-10 23:13:59.369050616 +0100 | |
1576 | @@ -0,0 +1,13 @@ | |
1577 | +#ifndef _IPT_IPMARK_H_target | |
1578 | +#define _IPT_IPMARK_H_target | |
1579 | + | |
1580 | +struct ipt_ipmark_target_info { | |
1581 | + unsigned long andmask; | |
1582 | + unsigned long ormask; | |
1583 | + unsigned int addr; | |
1584 | +}; | |
1585 | + | |
1586 | +#define IPT_IPMARK_SRC 0 | |
1587 | +#define IPT_IPMARK_DST 1 | |
1588 | + | |
1589 | +#endif /*_IPT_IPMARK_H_target*/ | |
1590 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_ipv4options.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_ipv4options.h | |
1591 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_ipv4options.h 1970-01-01 01:00:00.000000000 +0100 | |
1592 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_ipv4options.h 2003-12-10 23:13:32.270170272 +0100 | |
1593 | @@ -0,0 +1,21 @@ | |
1594 | +#ifndef __ipt_ipv4options_h_included__ | |
1595 | +#define __ipt_ipv4options_h_included__ | |
1596 | + | |
1597 | +#define IPT_IPV4OPTION_MATCH_SSRR 0x01 /* For strict source routing */ | |
1598 | +#define IPT_IPV4OPTION_MATCH_LSRR 0x02 /* For loose source routing */ | |
1599 | +#define IPT_IPV4OPTION_DONT_MATCH_SRR 0x04 /* any source routing */ | |
1600 | +#define IPT_IPV4OPTION_MATCH_RR 0x08 /* For Record route */ | |
1601 | +#define IPT_IPV4OPTION_DONT_MATCH_RR 0x10 | |
1602 | +#define IPT_IPV4OPTION_MATCH_TIMESTAMP 0x20 /* For timestamp request */ | |
1603 | +#define IPT_IPV4OPTION_DONT_MATCH_TIMESTAMP 0x40 | |
1604 | +#define IPT_IPV4OPTION_MATCH_ROUTER_ALERT 0x80 /* For router-alert */ | |
1605 | +#define IPT_IPV4OPTION_DONT_MATCH_ROUTER_ALERT 0x100 | |
1606 | +#define IPT_IPV4OPTION_MATCH_ANY_OPT 0x200 /* match packet with any option */ | |
1607 | +#define IPT_IPV4OPTION_DONT_MATCH_ANY_OPT 0x400 /* match packet with no option */ | |
1608 | + | |
1609 | +struct ipt_ipv4options_info { | |
1610 | + u_int16_t options; | |
1611 | +}; | |
1612 | + | |
1613 | + | |
1614 | +#endif /* __ipt_ipv4options_h_included__ */ | |
1615 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_mark.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_mark.h | |
1616 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_mark.h 2003-11-26 21:45:46.000000000 +0100 | |
1617 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_mark.h 2003-12-10 23:14:21.806639584 +0100 | |
1618 | @@ -1,9 +1,16 @@ | |
1619 | #ifndef _IPT_MARK_H | |
1620 | #define _IPT_MARK_H | |
1621 | ||
1622 | +enum { | |
1623 | + IPT_MARK_BIT_OP_NONE, | |
1624 | + IPT_MARK_BIT_OP_AND, | |
1625 | + IPT_MARK_BIT_OP_OR | |
1626 | +}; | |
1627 | + | |
1628 | struct ipt_mark_info { | |
1629 | unsigned long mark, mask; | |
1630 | u_int8_t invert; | |
1631 | + u_int8_t bit_op; | |
1632 | }; | |
1633 | ||
1634 | #endif /*_IPT_MARK_H*/ | |
1635 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_mport.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_mport.h | |
1636 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_mport.h 1970-01-01 01:00:00.000000000 +0100 | |
1637 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_mport.h 2003-12-10 23:13:34.440840280 +0100 | |
1638 | @@ -0,0 +1,24 @@ | |
1639 | +#ifndef _IPT_MPORT_H | |
1640 | +#define _IPT_MPORT_H | |
1641 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
1642 | + | |
1643 | +#define IPT_MPORT_SOURCE (1<<0) | |
1644 | +#define IPT_MPORT_DESTINATION (1<<1) | |
1645 | +#define IPT_MPORT_EITHER (IPT_MPORT_SOURCE|IPT_MPORT_DESTINATION) | |
1646 | + | |
1647 | +#define IPT_MULTI_PORTS 15 | |
1648 | + | |
1649 | +/* Must fit inside union ipt_matchinfo: 32 bytes */ | |
1650 | +/* every entry in ports[] except for the last one has one bit in pflags | |
1651 | + * associated with it. If this bit is set, the port is the first port of | |
1652 | + * a portrange, with the next entry being the last. | |
1653 | + * End of list is marked with pflags bit set and port=65535. | |
1654 | + * If 14 ports are used (last one does not have a pflag), the last port | |
1655 | + * is repeated to fill the last entry in ports[] */ | |
1656 | +struct ipt_mport | |
1657 | +{ | |
1658 | + u_int8_t flags:2; /* Type of comparison */ | |
1659 | + u_int16_t pflags:14; /* Port flags */ | |
1660 | + u_int16_t ports[IPT_MULTI_PORTS]; /* Ports */ | |
1661 | +}; | |
1662 | +#endif /*_IPT_MPORT_H*/ | |
1663 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_NETLINK.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_NETLINK.h | |
1664 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_NETLINK.h 1970-01-01 01:00:00.000000000 +0100 | |
1665 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_NETLINK.h 2003-12-10 23:13:35.507678096 +0100 | |
1666 | @@ -0,0 +1,27 @@ | |
1667 | +#ifndef _IPT_FWMON_H | |
1668 | +#define _IPT_FWMON_H | |
1669 | + | |
1670 | +/* Bitmask macros */ | |
1671 | +#define MASK(x,y) (x & y) | |
1672 | +#define MASK_SET(x,y) x |= y | |
1673 | +#define MASK_UNSET(x,y) x &= ~y | |
1674 | + | |
1675 | +#define USE_MARK 0x00000001 | |
1676 | +#define USE_DROP 0x00000002 | |
1677 | +#define USE_SIZE 0x00000004 | |
1678 | + | |
1679 | +struct ipt_nldata | |
1680 | +{ | |
1681 | + unsigned int flags; | |
1682 | + unsigned int mark; | |
1683 | + unsigned int size; | |
1684 | +}; | |
1685 | + | |
1686 | +/* Old header */ | |
1687 | +struct netlink_t { | |
1688 | + unsigned int len; | |
1689 | + unsigned int mark; | |
1690 | + char iface[IFNAMSIZ]; | |
1691 | +}; | |
1692 | + | |
1693 | +#endif /*_IPT_FWMON_H*/ | |
1694 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_nth.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_nth.h | |
1695 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_nth.h 1970-01-01 01:00:00.000000000 +0100 | |
1696 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_nth.h 2003-12-10 23:13:37.748337464 +0100 | |
1697 | @@ -0,0 +1,19 @@ | |
1698 | +#ifndef _IPT_NTH_H | |
1699 | +#define _IPT_NTH_H | |
1700 | + | |
1701 | +#include <linux/param.h> | |
1702 | +#include <linux/types.h> | |
1703 | + | |
1704 | +#ifndef IPT_NTH_NUM_COUNTERS | |
1705 | +#define IPT_NTH_NUM_COUNTERS 16 | |
1706 | +#endif | |
1707 | + | |
1708 | +struct ipt_nth_info { | |
1709 | + u_int8_t every; | |
1710 | + u_int8_t not; | |
1711 | + u_int8_t startat; | |
1712 | + u_int8_t counter; | |
1713 | + u_int8_t packet; | |
1714 | +}; | |
1715 | + | |
1716 | +#endif /*_IPT_NTH_H*/ | |
1717 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_osf.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_osf.h | |
1718 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_osf.h 1970-01-01 01:00:00.000000000 +0100 | |
1719 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_osf.h 2003-12-10 23:13:38.897162816 +0100 | |
1720 | @@ -0,0 +1,121 @@ | |
1721 | +/* | |
1722 | + * ipt_osf.h | |
1723 | + * | |
1724 | + * Copyright (c) 2003 Evgeniy Polyakov <johnpol@2ka.mipt.ru> | |
1725 | + * | |
1726 | + * | |
1727 | + * This program is free software; you can redistribute it and/or modify | |
1728 | + * it under the terms of the GNU General Public License as published by | |
1729 | + * the Free Software Foundation; either version 2 of the License, or | |
1730 | + * (at your option) any later version. | |
1731 | + * | |
1732 | + * This program is distributed in the hope that it will be useful, | |
1733 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
1734 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
1735 | + * GNU General Public License for more details. | |
1736 | + * | |
1737 | + * You should have received a copy of the GNU General Public License | |
1738 | + * along with this program; if not, write to the Free Software | |
1739 | + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
1740 | + */ | |
1741 | + | |
1742 | +#ifndef _IPT_OSF_H | |
1743 | +#define _IPT_OSF_H | |
1744 | + | |
1745 | +#define MAXGENRELEN 32 | |
1746 | +#define MAXDETLEN 64 | |
1747 | + | |
1748 | +#include <linux/list.h> | |
1749 | + | |
1750 | +struct ipt_osf_info | |
1751 | +{ | |
1752 | + char genre[MAXGENRELEN]; | |
1753 | + int len; | |
1754 | + int invert; /* UNSUPPORTED */ | |
1755 | +}; | |
1756 | + | |
1757 | +struct osf_wc | |
1758 | +{ | |
1759 | + char wc; | |
1760 | + unsigned long val; | |
1761 | +}; | |
1762 | + | |
1763 | +/* This struct represents IANA options | |
1764 | + * http://www.iana.org/assignments/tcp-parameters | |
1765 | + */ | |
1766 | +struct osf_opt | |
1767 | +{ | |
1768 | + unsigned char kind; | |
1769 | + unsigned char length; | |
1770 | + struct osf_wc wc; | |
1771 | +}; | |
1772 | + | |
1773 | +#ifdef __KERNEL__ | |
1774 | + | |
1775 | +struct osf_finger | |
1776 | +{ | |
1777 | + struct list_head flist; | |
1778 | + struct osf_wc wss; | |
1779 | + unsigned char ttl; | |
1780 | + unsigned char df; | |
1781 | + unsigned long ss; | |
1782 | + char genre[MAXGENRELEN]; | |
1783 | + char version[MAXGENRELEN], subtype[MAXGENRELEN]; | |
1784 | + | |
1785 | + /* Not needed, but for consistency with original table from Michal Zalewski */ | |
1786 | + char details[MAXDETLEN]; | |
1787 | + | |
1788 | + int opt_num; | |
1789 | + struct osf_opt opt[MAX_IPOPTLEN]; /* In case it is all NOP or EOL */ | |
1790 | + | |
1791 | +}; | |
1792 | + | |
1793 | +/* Defines for IANA option kinds */ | |
1794 | + | |
1795 | +#define OSFOPT_EOL 0 /* End of options */ | |
1796 | +#define OSFOPT_NOP 1 /* NOP */ | |
1797 | +#define OSFOPT_MSS 2 /* Maximum segment size */ | |
1798 | +#define OSFOPT_WSO 3 /* Window scale option */ | |
1799 | +#define OSFOPT_SACKP 4 /* SACK permitted */ | |
1800 | +#define OSFOPT_SACK 5 /* SACK */ | |
1801 | +#define OSFOPT_ECHO 6 | |
1802 | +#define OSFOPT_ECHOREPLY 7 | |
1803 | +#define OSFOPT_TS 8 /* Timestamp option */ | |
1804 | +#define OSFOPT_POCP 9 /* Partial Order Connection Permitted */ | |
1805 | +#define OSFOPT_POSP 10 /* Partial Order Service Profile */ | |
1806 | +/* Others are not used in current OSF */ | |
1807 | + | |
1808 | +static struct osf_opt IANA_opts[] = | |
1809 | +{ | |
1810 | + {0, 1,}, | |
1811 | + {1, 1,}, | |
1812 | + {2, 4,}, | |
1813 | + {3, 3,}, | |
1814 | + {4, 2,}, | |
1815 | + {5, 1 ,}, /* SACK length is not defined */ | |
1816 | + {6, 6,}, | |
1817 | + {7, 6,}, | |
1818 | + {8, 10,}, | |
1819 | + {9, 2,}, | |
1820 | + {10, 3,}, | |
1821 | + {11, 1,}, /* CC: Suppose 1 */ | |
1822 | + {12, 1,}, /* the same */ | |
1823 | + {13, 1,}, /* and here too */ | |
1824 | + {14, 3,}, | |
1825 | + {15, 1,}, /* TCP Alternate Checksum Data. Length is not defined */ | |
1826 | + {16, 1,}, | |
1827 | + {17, 1,}, | |
1828 | + {18, 3,}, | |
1829 | + {19, 18,}, | |
1830 | + {20, 1,}, | |
1831 | + {21, 1,}, | |
1832 | + {22, 1,}, | |
1833 | + {23, 1,}, | |
1834 | + {24, 1,}, | |
1835 | + {25, 1,}, | |
1836 | + {26, 1,}, | |
1837 | +}; | |
1838 | + | |
1839 | +#endif /* __KERNEL__ */ | |
1840 | + | |
1841 | +#endif /* _IPT_OSF_H */ | |
1842 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_pool.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_pool.h | |
1843 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_pool.h 1970-01-01 01:00:00.000000000 +0100 | |
1844 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_pool.h 2003-12-10 23:13:39.981997896 +0100 | |
1845 | @@ -0,0 +1,25 @@ | |
1846 | +#ifndef _IPT_POOL_H | |
1847 | +#define _IPT_POOL_H | |
1848 | + | |
1849 | +#include <linux/netfilter_ipv4/ip_pool.h> | |
1850 | + | |
1851 | +#define IPT_POOL_INV_SRC 0x00000001 | |
1852 | +#define IPT_POOL_INV_DST 0x00000002 | |
1853 | +#define IPT_POOL_DEL_SRC 0x00000004 | |
1854 | +#define IPT_POOL_DEL_DST 0x00000008 | |
1855 | +#define IPT_POOL_INV_MOD_SRC 0x00000010 | |
1856 | +#define IPT_POOL_INV_MOD_DST 0x00000020 | |
1857 | +#define IPT_POOL_MOD_SRC_ACCEPT 0x00000040 | |
1858 | +#define IPT_POOL_MOD_DST_ACCEPT 0x00000080 | |
1859 | +#define IPT_POOL_MOD_SRC_DROP 0x00000100 | |
1860 | +#define IPT_POOL_MOD_DST_DROP 0x00000200 | |
1861 | + | |
1862 | +/* match info */ | |
1863 | +struct ipt_pool_info | |
1864 | +{ | |
1865 | + ip_pool_t src; | |
1866 | + ip_pool_t dst; | |
1867 | + unsigned flags; | |
1868 | +}; | |
1869 | + | |
1870 | +#endif /*_IPT_POOL_H*/ | |
1871 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_psd.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_psd.h | |
1872 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_psd.h 1970-01-01 01:00:00.000000000 +0100 | |
1873 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_psd.h 2003-12-10 23:13:41.104827200 +0100 | |
1874 | @@ -0,0 +1,40 @@ | |
1875 | +#ifndef _IPT_PSD_H | |
1876 | +#define _IPT_PSD_H | |
1877 | + | |
1878 | +#include <linux/param.h> | |
1879 | +#include <linux/types.h> | |
1880 | + | |
1881 | +/* | |
1882 | + * High port numbers have a lower weight to reduce the frequency of false | |
1883 | + * positives, such as from passive mode FTP transfers. | |
1884 | + */ | |
1885 | +#define PORT_WEIGHT_PRIV 3 | |
1886 | +#define PORT_WEIGHT_HIGH 1 | |
1887 | + | |
1888 | +/* | |
1889 | + * Port scan detection thresholds: at least COUNT ports need to be scanned | |
1890 | + * from the same source, with no longer than DELAY ticks between ports. | |
1891 | + */ | |
1892 | +#define SCAN_MIN_COUNT 7 | |
1893 | +#define SCAN_MAX_COUNT (SCAN_MIN_COUNT * PORT_WEIGHT_PRIV) | |
1894 | +#define SCAN_WEIGHT_THRESHOLD SCAN_MAX_COUNT | |
1895 | +#define SCAN_DELAY_THRESHOLD (HZ * 3) | |
1896 | + | |
1897 | +/* | |
1898 | + * Keep track of up to LIST_SIZE source addresses, using a hash table of | |
1899 | + * HASH_SIZE entries for faster lookups, but limiting hash collisions to | |
1900 | + * HASH_MAX source addresses per the same hash value. | |
1901 | + */ | |
1902 | +#define LIST_SIZE 0x100 | |
1903 | +#define HASH_LOG 9 | |
1904 | +#define HASH_SIZE (1 << HASH_LOG) | |
1905 | +#define HASH_MAX 0x10 | |
1906 | + | |
1907 | +struct ipt_psd_info { | |
1908 | + unsigned int weight_threshold; | |
1909 | + unsigned int delay_threshold; | |
1910 | + unsigned short lo_ports_weight; | |
1911 | + unsigned short hi_ports_weight; | |
1912 | +}; | |
1913 | + | |
1914 | +#endif /*_IPT_PSD_H*/ | |
1915 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_quota.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_quota.h | |
1916 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_quota.h 1970-01-01 01:00:00.000000000 +0100 | |
1917 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_quota.h 2003-12-10 23:13:42.203660152 +0100 | |
1918 | @@ -0,0 +1,11 @@ | |
1919 | +#ifndef _IPT_QUOTA_H | |
1920 | +#define _IPT_QUOTA_H | |
1921 | + | |
1922 | +/* print debug info in both kernel/netfilter module & iptable library */ | |
1923 | +//#define DEBUG_IPT_QUOTA | |
1924 | + | |
1925 | +struct ipt_quota_info { | |
1926 | + u_int64_t quota; | |
1927 | +}; | |
1928 | + | |
1929 | +#endif /*_IPT_QUOTA_H*/ | |
1930 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_random.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_random.h | |
1931 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_random.h 1970-01-01 01:00:00.000000000 +0100 | |
1932 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_random.h 2003-12-10 23:13:44.404325600 +0100 | |
1933 | @@ -0,0 +1,11 @@ | |
1934 | +#ifndef _IPT_RAND_H | |
1935 | +#define _IPT_RAND_H | |
1936 | + | |
1937 | +#include <linux/param.h> | |
1938 | +#include <linux/types.h> | |
1939 | + | |
1940 | +struct ipt_rand_info { | |
1941 | + u_int8_t average; | |
1942 | +}; | |
1943 | + | |
1944 | +#endif /*_IPT_RAND_H*/ | |
1945 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_realm.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_realm.h | |
1946 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_realm.h 1970-01-01 01:00:00.000000000 +0100 | |
1947 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_realm.h 2003-12-10 23:13:45.528154752 +0100 | |
1948 | @@ -0,0 +1,9 @@ | |
1949 | +#ifndef _IPT_REALM_H | |
1950 | +#define _IPT_REALM_H | |
1951 | + | |
1952 | +struct ipt_realm_info { | |
1953 | + u_int32_t id; | |
1954 | + u_int32_t mask; | |
1955 | + u_int8_t invert; | |
1956 | +}; | |
1957 | +#endif /*_IPT_REALM_H*/ | |
1958 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_REJECT.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_REJECT.h | |
1959 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_REJECT.h 2003-11-26 21:45:21.000000000 +0100 | |
1960 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_REJECT.h 2003-12-10 23:14:20.642816512 +0100 | |
1961 | @@ -15,6 +15,7 @@ | |
1962 | ||
1963 | struct ipt_reject_info { | |
1964 | enum ipt_reject_with with; /* reject type */ | |
1965 | + u_int8_t fake_source_address; /* 1: fake src addr with original packet dest, 0: no fake */ | |
1966 | }; | |
1967 | ||
1968 | -#endif /*_IPT_REJECT_H*/ | |
1969 | +#endif /* _IPT_REJECT_H */ | |
1970 | diff -Nur linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_ROUTE.h | |
1971 | --- linux-2.6.0-test11.org/include/linux/netfilter_ipv4/ipt_ROUTE.h 1970-01-01 01:00:00.000000000 +0100 | |
1972 | +++ linux-2.6.0-test11/include/linux/netfilter_ipv4/ipt_ROUTE.h 2003-12-10 23:14:07.501814248 +0100 | |
1973 | @@ -0,0 +1,22 @@ | |
1974 | +/* Header file for iptables ipt_ROUTE target | |
1975 | + * | |
1976 |