]>
Commit | Line | Data |
---|---|---|
f7cecd53 | 1 | Netfilter SNAP 20040608 |
2 | included: | |
3 | updates/01_iptables-1.2.10 | |
4 | updates/02_linux-2.6.4 | |
5 | updates/04_linux-2.6.6-helper_reassign | |
6 | updates/05_linux-2.6.6-orphaned_expect | |
7 | PENDING/expect-evict-order | |
8 | PENDING/expect-slab-cache | |
9 | PENDING/init_conntrack-optimize | |
10 | PENDING/ipt_helper-invert-fix | |
11 | PENDING/mangle-reroute | |
12 | PENDING/nf-log | |
13 | PENDING/nf_reset | |
14 | PENDING/proc-no-internal-targets | |
15 | PENDING/proc_net_conntrack-permissions | |
16 | BASE/HOPLIMIT | |
17 | BASE/IPV4OPTSSTRING | |
18 | BASE/NETLINK // fix socket -> sk_socket | |
19 | BASE/REJECT | |
20 | BASE/TTL | |
21 | BASE/connlimit | |
22 | BASE/dstlimit | |
23 | BASE/fuzzy | |
24 | BASE/ipv4options | |
25 | BASE/mport | |
26 | BASE/nth | |
27 | BASE/osf // fix socket -> sk_socket | |
28 | BASE/pool // added EXPORT_SYMBOL(ip_pool_mod, ip_pool_match) | |
29 | BASE/psd | |
30 | BASE/quota | |
31 | BASE/random | |
32 | BASE/raw // removed linux-2.6.patch - included in kernel | |
33 | BASE/realm | |
34 | BASE/sctp | |
35 | BASE/time | |
36 | BASE/u32 | |
37 | EXTRA/CONNMARK | |
38 | EXTRA/IPMARK | |
39 | EXTRA/ROUTE | |
40 | EXTRA/TARPIT | |
41 | EXTRA/TRACE // ip_output.c fix | |
42 | EXTRA/XOR | |
43 | EXTRA/addrtype | |
44 | EXTRA/eggdrop-conntrack | |
45 | EXTRA/h323-conntrack-nat | |
46 | EXTRA/ipsec-01-output-hooks // fixed | |
47 | EXTRA/ipsec-02-input-hooks | |
48 | EXTRA/ipsec-03-policy-lookup | |
49 | EXTRA/ipsec-04-policy-check | |
50 | EXTRA/ipt_helper-any | |
51 | EXTRA/mms-conntrack-nat | |
52 | EXTRA/owner-socketlookup | |
53 | EXTRA/ownercmd | |
54 | EXTRA/policy | |
55 | EXTRA/quake3-conntrack-nat | |
56 | EXTRA/rsh | |
57 | EXTRA/rtsp-conntrack | |
58 | EXTRA/sctp-conntrack-nat | |
59 | EXTRA/string // required unclean module - included - req fix | |
60 | EXTRA/talk-conntrack-nat | |
61 | ||
62 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter.h linux-2.6.7-rc3/include/linux/netfilter.h | |
63 | --- linux-2.6.7-rc3.org/include/linux/netfilter.h 2004-06-07 21:14:24.000000000 +0200 | |
64 | +++ linux-2.6.7-rc3/include/linux/netfilter.h 2004-06-08 10:38:46.000000000 +0200 | |
65 | @@ -23,6 +23,7 @@ | |
66 | <= 0x2000 is used for protocol-flags. */ | |
67 | #define NFC_UNKNOWN 0x4000 | |
68 | #define NFC_ALTERED 0x8000 | |
69 | +#define NFC_TRACE 0x10000 | |
70 | ||
71 | #ifdef __KERNEL__ | |
72 | #include <linux/config.h> | |
73 | @@ -137,12 +138,14 @@ | |
74 | /* This is gross, but inline doesn't cut it for avoiding the function | |
75 | call in fast path: gcc doesn't inline (needs value tracking?). --RR */ | |
76 | #ifdef CONFIG_NETFILTER_DEBUG | |
77 | -#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ | |
78 | - nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN) | |
79 | +#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \ | |
80 | +(!(cond) \ | |
81 | + ? (okfn)(skb) \ | |
82 | + : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN)) | |
83 | #define NF_HOOK_THRESH nf_hook_slow | |
84 | #else | |
85 | -#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ | |
86 | -(list_empty(&nf_hooks[(pf)][(hook)]) \ | |
87 | +#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) \ | |
88 | +(!(cond) || list_empty(&nf_hooks[(pf)][(hook)]) \ | |
89 | ? (okfn)(skb) \ | |
90 | : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN)) | |
91 | #define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \ | |
92 | @@ -150,6 +153,8 @@ | |
93 | ? (okfn)(skb) \ | |
94 | : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), (thresh))) | |
95 | #endif | |
96 | +#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ | |
97 | + NF_HOOK_COND((pf), (hook), (skb), (indev), (outdev), (okfn), 1) | |
98 | ||
99 | int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb, | |
100 | struct net_device *indev, struct net_device *outdev, | |
101 | @@ -188,7 +193,24 @@ | |
102 | ||
103 | #else /* !CONFIG_NETFILTER */ | |
104 | #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) | |
105 | +#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) (okfn)(skb) | |
106 | #endif /*CONFIG_NETFILTER*/ | |
107 | ||
108 | +#ifdef CONFIG_XFRM | |
109 | +#ifdef CONFIG_IP_NF_NAT_NEEDED | |
110 | +struct flowi; | |
111 | +extern void nf_nat_decode_session4(struct sk_buff *skb, struct flowi *fl); | |
112 | + | |
113 | +static inline void | |
114 | +nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) | |
115 | +{ | |
116 | + if (family == AF_INET) | |
117 | + nf_nat_decode_session4(skb, fl); | |
118 | +} | |
119 | +#else /* CONFIG_IP_NF_NAT_NEEDED */ | |
120 | +#define nf_nat_decode_session(skb,fl,family) | |
121 | +#endif /* CONFIG_IP_NF_NAT_NEEDED */ | |
122 | +#endif /* CONFIG_XFRM */ | |
123 | + | |
124 | #endif /*__KERNEL__*/ | |
125 | #endif /*__LINUX_NETFILTER_H*/ | |
126 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_helpers.h linux-2.6.7-rc3/include/linux/netfilter_helpers.h | |
127 | --- linux-2.6.7-rc3.org/include/linux/netfilter_helpers.h 1970-01-01 01:00:00.000000000 +0100 | |
128 | +++ linux-2.6.7-rc3/include/linux/netfilter_helpers.h 2004-06-08 10:40:46.000000000 +0200 | |
129 | @@ -0,0 +1,133 @@ | |
130 | +/* | |
131 | + * Helpers for netfiler modules. This file provides implementations for basic | |
132 | + * functions such as strncasecmp(), etc. | |
133 | + * | |
134 | + * gcc will warn for defined but unused functions, so we only include the | |
135 | + * functions requested. The following macros are used: | |
136 | + * NF_NEED_STRNCASECMP nf_strncasecmp() | |
137 | + * NF_NEED_STRTOU16 nf_strtou16() | |
138 | + * NF_NEED_STRTOU32 nf_strtou32() | |
139 | + */ | |
140 | +#ifndef _NETFILTER_HELPERS_H | |
141 | +#define _NETFILTER_HELPERS_H | |
142 | + | |
143 | +/* Only include these functions for kernel code. */ | |
144 | +#ifdef __KERNEL__ | |
145 | + | |
146 | +#include <linux/ctype.h> | |
147 | +#define iseol(c) ( (c) == '\r' || (c) == '\n' ) | |
148 | + | |
149 | +/* | |
150 | + * The standard strncasecmp() | |
151 | + */ | |
152 | +#ifdef NF_NEED_STRNCASECMP | |
153 | +static int | |
154 | +nf_strncasecmp(const char* s1, const char* s2, u_int32_t len) | |
155 | +{ | |
156 | + if (s1 == NULL || s2 == NULL) | |
157 | + { | |
158 | + if (s1 == NULL && s2 == NULL) | |
159 | + { | |
160 | + return 0; | |
161 | + } | |
162 | + return (s1 == NULL) ? -1 : 1; | |
163 | + } | |
164 | + while (len > 0 && tolower(*s1) == tolower(*s2)) | |
165 | + { | |
166 | + len--; | |
167 | + s1++; | |
168 | + s2++; | |
169 | + } | |
170 | + return ( (len == 0) ? 0 : (tolower(*s1) - tolower(*s2)) ); | |
171 | +} | |
172 | +#endif /* NF_NEED_STRNCASECMP */ | |
173 | + | |
174 | +/* | |
175 | + * Parse a string containing a 16-bit unsigned integer. | |
176 | + * Returns the number of chars used, or zero if no number is found. | |
177 | + */ | |
178 | +#ifdef NF_NEED_STRTOU16 | |
179 | +static int | |
180 | +nf_strtou16(const char* pbuf, u_int16_t* pval) | |
181 | +{ | |
182 | + int n = 0; | |
183 | + | |
184 | + *pval = 0; | |
185 | + while (isdigit(pbuf[n])) | |
186 | + { | |
187 | + *pval = (*pval * 10) + (pbuf[n] - '0'); | |
188 | + n++; | |
189 | + } | |
190 | + | |
191 | + return n; | |
192 | +} | |
193 | +#endif /* NF_NEED_STRTOU16 */ | |
194 | + | |
195 | +/* | |
196 | + * Parse a string containing a 32-bit unsigned integer. | |
197 | + * Returns the number of chars used, or zero if no number is found. | |
198 | + */ | |
199 | +#ifdef NF_NEED_STRTOU32 | |
200 | +static int | |
201 | +nf_strtou32(const char* pbuf, u_int32_t* pval) | |
202 | +{ | |
203 | + int n = 0; | |
204 | + | |
205 | + *pval = 0; | |
206 | + while (pbuf[n] >= '0' && pbuf[n] <= '9') | |
207 | + { | |
208 | + *pval = (*pval * 10) + (pbuf[n] - '0'); | |
209 | + n++; | |
210 | + } | |
211 | + | |
212 | + return n; | |
213 | +} | |
214 | +#endif /* NF_NEED_STRTOU32 */ | |
215 | + | |
216 | +/* | |
217 | + * Given a buffer and length, advance to the next line and mark the current | |
218 | + * line. | |
219 | + */ | |
220 | +#ifdef NF_NEED_NEXTLINE | |
221 | +static int | |
222 | +nf_nextline(char* p, uint len, uint* poff, uint* plineoff, uint* plinelen) | |
223 | +{ | |
224 | + uint off = *poff; | |
225 | + uint physlen = 0; | |
226 | + | |
227 | + if (off >= len) | |
228 | + { | |
229 | + return 0; | |
230 | + } | |
231 | + | |
232 | + while (p[off] != '\n') | |
233 | + { | |
234 | + if (len-off <= 1) | |
235 | + { | |
236 | + return 0; | |
237 | + } | |
238 | + | |
239 | + physlen++; | |
240 | + off++; | |
241 | + } | |
242 | + | |
243 | + /* if we saw a crlf, physlen needs adjusted */ | |
244 | + if (physlen > 0 && p[off] == '\n' && p[off-1] == '\r') | |
245 | + { | |
246 | + physlen--; | |
247 | + } | |
248 | + | |
249 | + /* advance past the newline */ | |
250 | + off++; | |
251 | + | |
252 | + *plineoff = *poff; | |
253 | + *plinelen = physlen; | |
254 | + *poff = off; | |
255 | + | |
256 | + return 1; | |
257 | +} | |
258 | +#endif /* NF_NEED_NEXTLINE */ | |
259 | + | |
260 | +#endif /* __KERNEL__ */ | |
261 | + | |
262 | +#endif /* _NETFILTER_HELPERS_H */ | |
263 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack.h | |
264 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack.h 2004-06-07 21:14:59.000000000 +0200 | |
265 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack.h 2004-06-08 10:41:27.000000000 +0200 | |
266 | @@ -51,10 +51,12 @@ | |
267 | ||
268 | #include <linux/netfilter_ipv4/ip_conntrack_tcp.h> | |
269 | #include <linux/netfilter_ipv4/ip_conntrack_icmp.h> | |
270 | +#include <linux/netfilter_ipv4/ip_conntrack_sctp.h> | |
271 | ||
272 | /* per conntrack: protocol private data */ | |
273 | union ip_conntrack_proto { | |
274 | /* insert conntrack proto private data here */ | |
275 | + struct ip_ct_sctp sctp; | |
276 | struct ip_ct_tcp tcp; | |
277 | struct ip_ct_icmp icmp; | |
278 | }; | |
279 | @@ -64,6 +66,11 @@ | |
280 | }; | |
281 | ||
282 | /* Add protocol helper include file here */ | |
283 | +#include <linux/netfilter_ipv4/ip_conntrack_talk.h> | |
284 | +#include <linux/netfilter_ipv4/ip_conntrack_rtsp.h> | |
285 | +#include <linux/netfilter_ipv4/ip_conntrack_rsh.h> | |
286 | +#include <linux/netfilter_ipv4/ip_conntrack_mms.h> | |
287 | +#include <linux/netfilter_ipv4/ip_conntrack_h323.h> | |
288 | #include <linux/netfilter_ipv4/ip_conntrack_amanda.h> | |
289 | #include <linux/netfilter_ipv4/ip_conntrack_ftp.h> | |
290 | #include <linux/netfilter_ipv4/ip_conntrack_irc.h> | |
291 | @@ -71,6 +78,11 @@ | |
292 | /* per expectation: application helper private data */ | |
293 | union ip_conntrack_expect_help { | |
294 | /* insert conntrack helper private data (expect) here */ | |
295 | + struct ip_ct_talk_expect exp_talk_info; | |
296 | + struct ip_ct_rtsp_expect exp_rtsp_info; | |
297 | + struct ip_ct_rsh_expect exp_rsh_info; | |
298 | + struct ip_ct_mms_expect exp_mms_info; | |
299 | + struct ip_ct_h225_expect exp_h225_info; | |
300 | struct ip_ct_amanda_expect exp_amanda_info; | |
301 | struct ip_ct_ftp_expect exp_ftp_info; | |
302 | struct ip_ct_irc_expect exp_irc_info; | |
303 | @@ -85,6 +97,11 @@ | |
304 | /* per conntrack: application helper private data */ | |
305 | union ip_conntrack_help { | |
306 | /* insert conntrack helper private data (master) here */ | |
307 | + struct ip_ct_talk_master ct_talk_info; | |
308 | + struct ip_ct_rtsp_master ct_rtsp_info; | |
309 | + struct ip_ct_rsh_master ct_rsh_info; | |
310 | + struct ip_ct_mms_master ct_mms_info; | |
311 | + struct ip_ct_h225_master ct_h225_info; | |
312 | struct ip_ct_ftp_master ct_ftp_info; | |
313 | struct ip_ct_irc_master ct_irc_info; | |
314 | }; | |
315 | @@ -207,6 +224,10 @@ | |
316 | } nat; | |
317 | #endif /* CONFIG_IP_NF_NAT_NEEDED */ | |
318 | ||
319 | +#if defined(CONFIG_IP_NF_CONNTRACK_MARK) | |
320 | + unsigned long mark; | |
321 | +#endif | |
322 | + | |
323 | }; | |
324 | ||
325 | /* get master conntrack via master expectation */ | |
326 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_h323.h | |
327 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h 1970-01-01 01:00:00.000000000 +0100 | |
328 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2004-06-08 10:38:40.000000000 +0200 | |
329 | @@ -0,0 +1,31 @@ | |
330 | +#ifndef _IP_CONNTRACK_H323_H | |
331 | +#define _IP_CONNTRACK_H323_H | |
332 | +/* H.323 connection tracking. */ | |
333 | + | |
334 | +#ifdef __KERNEL__ | |
335 | +/* Protects H.323 related data */ | |
336 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
337 | +DECLARE_LOCK_EXTERN(ip_h323_lock); | |
338 | +#endif | |
339 | + | |
340 | +/* Default H.225 port */ | |
341 | +#define H225_PORT 1720 | |
342 | + | |
343 | +/* This structure is per expected connection */ | |
344 | +struct ip_ct_h225_expect { | |
345 | + u_int16_t port; /* Port of the H.225 helper/RTCP/RTP channel */ | |
346 | + enum ip_conntrack_dir dir; /* Direction of the original connection */ | |
347 | + unsigned int offset; /* offset of the address in the payload */ | |
348 | +}; | |
349 | + | |
350 | +/* This structure exists only once per master */ | |
351 | +struct ip_ct_h225_master { | |
352 | + int is_h225; /* H.225 or H.245 connection */ | |
353 | +#ifdef CONFIG_IP_NF_NAT_NEEDED | |
354 | + enum ip_conntrack_dir dir; /* Direction of the original connection */ | |
355 | + u_int32_t seq[IP_CT_DIR_MAX]; /* Exceptional packet mangling for signal addressess... */ | |
356 | + unsigned int offset[IP_CT_DIR_MAX]; /* ...and the offset of the addresses in the payload */ | |
357 | +#endif | |
358 | +}; | |
359 | + | |
360 | +#endif /* _IP_CONNTRACK_H323_H */ | |
361 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_mms.h | |
362 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h 1970-01-01 01:00:00.000000000 +0100 | |
363 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2004-06-08 10:39:44.000000000 +0200 | |
364 | @@ -0,0 +1,31 @@ | |
365 | +#ifndef _IP_CONNTRACK_MMS_H | |
366 | +#define _IP_CONNTRACK_MMS_H | |
367 | +/* MMS tracking. */ | |
368 | + | |
369 | +#ifdef __KERNEL__ | |
370 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
371 | + | |
372 | +DECLARE_LOCK_EXTERN(ip_mms_lock); | |
373 | + | |
374 | +#define MMS_PORT 1755 | |
375 | +#define MMS_SRV_MSG_ID 196610 | |
376 | + | |
377 | +#define MMS_SRV_MSG_OFFSET 36 | |
378 | +#define MMS_SRV_UNICODE_STRING_OFFSET 60 | |
379 | +#define MMS_SRV_CHUNKLENLV_OFFSET 16 | |
380 | +#define MMS_SRV_CHUNKLENLM_OFFSET 32 | |
381 | +#define MMS_SRV_MESSAGELENGTH_OFFSET 8 | |
382 | +#endif | |
383 | + | |
384 | +/* This structure is per expected connection */ | |
385 | +struct ip_ct_mms_expect { | |
386 | + u_int32_t len; | |
387 | + u_int32_t padding; | |
388 | + u_int16_t port; | |
389 | +}; | |
390 | + | |
391 | +/* This structure exists only once per master */ | |
392 | +struct ip_ct_mms_master { | |
393 | +}; | |
394 | + | |
395 | +#endif /* _IP_CONNTRACK_MMS_H */ | |
396 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_quake3.h | |
397 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 1970-01-01 01:00:00.000000000 +0100 | |
398 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 2004-06-08 10:40:36.000000000 +0200 | |
399 | @@ -0,0 +1,21 @@ | |
400 | +#ifndef _IP_CT_QUAKE3 | |
401 | +#define _IP_CT_QUAKE3 | |
402 | + | |
403 | +/* Don't confuse with 27960, often used as the Server Port */ | |
404 | +#define QUAKE3_MASTER_PORT 27950 | |
405 | + | |
406 | +struct quake3_search { | |
407 | + const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */ | |
408 | + const char *pattern; | |
409 | + size_t plen; | |
410 | +}; | |
411 | + | |
412 | +/* This structure is per expected connection */ | |
413 | +struct ip_ct_quake3_expect { | |
414 | +}; | |
415 | + | |
416 | +/* This structure exists only once per master */ | |
417 | +struct ip_ct_quake3_master { | |
418 | +}; | |
419 | + | |
420 | +#endif /* _IP_CT_QUAKE3 */ | |
421 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_rsh.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_rsh.h | |
422 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 1970-01-01 01:00:00.000000000 +0100 | |
423 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_rsh.h 2004-06-08 10:40:43.000000000 +0200 | |
424 | @@ -0,0 +1,35 @@ | |
425 | +/* RSH extension for IP connection tracking, Version 1.0 | |
426 | + * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au> | |
427 | + * based on HW's ip_conntrack_irc.c | |
428 | + * | |
429 | + * ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26 | |
430 | + * | |
431 | + * This program is free software; you can redistribute it and/or | |
432 | + * modify it under the terms of the GNU General Public License | |
433 | + * as published by the Free Software Foundation; either version | |
434 | + * 2 of the License, or (at your option) any later version. | |
435 | + */ | |
436 | +#ifndef _IP_CONNTRACK_RSH_H | |
437 | +#define _IP_CONNTRACK_RSH_H | |
438 | + | |
439 | +#ifdef __KERNEL__ | |
440 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
441 | + | |
442 | +DECLARE_LOCK_EXTERN(ip_rsh_lock); | |
443 | +#endif | |
444 | + | |
445 | + | |
446 | +#define RSH_PORT 514 | |
447 | + | |
448 | +/* This structure is per expected connection */ | |
449 | +struct ip_ct_rsh_expect | |
450 | +{ | |
451 | + u_int16_t port; | |
452 | +}; | |
453 | + | |
454 | +/* This structure exists only once per master */ | |
455 | +struct ip_ct_rsh_master { | |
456 | +}; | |
457 | + | |
458 | +#endif /* _IP_CONNTRACK_RSH_H */ | |
459 | + | |
460 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h | |
461 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 1970-01-01 01:00:00.000000000 +0100 | |
462 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 2004-06-08 10:40:46.000000000 +0200 | |
463 | @@ -0,0 +1,68 @@ | |
464 | +/* | |
465 | + * RTSP extension for IP connection tracking. | |
466 | + * (C) 2003 by Tom Marshall <tmarshall@real.com> | |
467 | + * based on ip_conntrack_irc.h | |
468 | + * | |
469 | + * This program is free software; you can redistribute it and/or | |
470 | + * modify it under the terms of the GNU General Public License | |
471 | + * as published by the Free Software Foundation; either version | |
472 | + * 2 of the License, or (at your option) any later version. | |
473 | + */ | |
474 | +#ifndef _IP_CONNTRACK_RTSP_H | |
475 | +#define _IP_CONNTRACK_RTSP_H | |
476 | + | |
477 | +/* #define IP_NF_RTSP_DEBUG */ | |
478 | +#define IP_NF_RTSP_VERSION "0.01" | |
479 | + | |
480 | +/* port block types */ | |
481 | +typedef enum { | |
482 | + pb_single, /* client_port=x */ | |
483 | + pb_range, /* client_port=x-y */ | |
484 | + pb_discon /* client_port=x/y (rtspbis) */ | |
485 | +} portblock_t; | |
486 | + | |
487 | +/* We record seq number and length of rtsp headers here, all in host order. */ | |
488 | + | |
489 | +/* | |
490 | + * This structure is per expected connection. It is a member of struct | |
491 | + * ip_conntrack_expect. The TCP SEQ for the conntrack expect is stored | |
492 | + * there and we are expected to only store the length of the data which | |
493 | + * needs replaced. If a packet contains multiple RTSP messages, we create | |
494 | + * one expected connection per message. | |
495 | + * | |
496 | + * We use these variables to mark the entire header block. This may seem | |
497 | + * like overkill, but the nature of RTSP requires it. A header may appear | |
498 | + * multiple times in a message. We must treat two Transport headers the | |
499 | + * same as one Transport header with two entries. | |
500 | + */ | |
501 | +struct ip_ct_rtsp_expect | |
502 | +{ | |
503 | + u_int32_t len; /* length of header block */ | |
504 | + portblock_t pbtype; /* Type of port block that was requested */ | |
505 | + u_int16_t loport; /* Port that was requested, low or first */ | |
506 | + u_int16_t hiport; /* Port that was requested, high or second */ | |
507 | +#if 0 | |
508 | + uint method; /* RTSP method */ | |
509 | + uint cseq; /* CSeq from request */ | |
510 | +#endif | |
511 | +}; | |
512 | + | |
513 | +/* This structure exists only once per master */ | |
514 | +struct ip_ct_rtsp_master | |
515 | +{ | |
516 | + /* Empty (?) */ | |
517 | +}; | |
518 | + | |
519 | + | |
520 | +#ifdef __KERNEL__ | |
521 | + | |
522 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
523 | + | |
524 | +#define RTSP_PORT 554 | |
525 | + | |
526 | +/* Protects rtsp part of conntracks */ | |
527 | +DECLARE_LOCK_EXTERN(ip_rtsp_lock); | |
528 | + | |
529 | +#endif /* __KERNEL__ */ | |
530 | + | |
531 | +#endif /* _IP_CONNTRACK_RTSP_H */ | |
532 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_sctp.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_sctp.h | |
533 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 1970-01-01 01:00:00.000000000 +0100 | |
534 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_sctp.h 2004-06-08 10:40:55.000000000 +0200 | |
535 | @@ -0,0 +1,25 @@ | |
536 | +#ifndef _IP_CONNTRACK_SCTP_H | |
537 | +#define _IP_CONNTRACK_SCTP_H | |
538 | +/* SCTP tracking. */ | |
539 | + | |
540 | +enum sctp_conntrack { | |
541 | + SCTP_CONNTRACK_NONE, | |
542 | + SCTP_CONNTRACK_CLOSED, | |
543 | + SCTP_CONNTRACK_COOKIE_WAIT, | |
544 | + SCTP_CONNTRACK_COOKIE_ECHOED, | |
545 | + SCTP_CONNTRACK_ESTABLISHED, | |
546 | + SCTP_CONNTRACK_SHUTDOWN_SENT, | |
547 | + SCTP_CONNTRACK_SHUTDOWN_RECD, | |
548 | + SCTP_CONNTRACK_SHUTDOWN_ACK_SENT, | |
549 | + SCTP_CONNTRACK_MAX | |
550 | +}; | |
551 | + | |
552 | +struct ip_ct_sctp | |
553 | +{ | |
554 | + enum sctp_conntrack state; | |
555 | + | |
556 | + u_int32_t vtag[IP_CT_DIR_MAX]; | |
557 | + u_int32_t ttag[IP_CT_DIR_MAX]; | |
558 | +}; | |
559 | + | |
560 | +#endif /* _IP_CONNTRACK_SCTP_H */ | |
561 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_talk.h | |
562 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h 1970-01-01 01:00:00.000000000 +0100 | |
563 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2004-06-08 10:41:27.000000000 +0200 | |
564 | @@ -0,0 +1,152 @@ | |
565 | +#ifndef _IP_CONNTRACK_TALK_H | |
566 | +#define _IP_CONNTRACK_TALK_H | |
567 | +/* TALK tracking. */ | |
568 | + | |
569 | +#ifdef __KERNEL__ | |
570 | +#include <linux/in.h> | |
571 | +#include <linux/netfilter_ipv4/lockhelp.h> | |
572 | + | |
573 | +/* Protects talk part of conntracks */ | |
574 | +DECLARE_LOCK_EXTERN(ip_talk_lock); | |
575 | +#endif | |
576 | + | |
577 | + | |
578 | +#define TALK_PORT 517 | |
579 | +#define NTALK_PORT 518 | |
580 | + | |
581 | +/* talk structures and constants from <protocols/talkd.h> */ | |
582 | + | |
583 | +/* | |
584 | + * 4.3BSD struct sockaddr | |
585 | + */ | |
586 | +struct talk_addr { | |
587 | + u_int16_t ta_family; | |
588 | + u_int16_t ta_port; | |
589 | + u_int32_t ta_addr; | |
590 | + u_int32_t ta_junk1; | |
591 | + u_int32_t ta_junk2; | |
592 | +}; | |
593 | + | |
594 | +#define TALK_OLD_NSIZE 9 | |
595 | +#define TALK_NSIZE 12 | |
596 | +#define TALK_TTY_NSIZE 16 | |
597 | + | |
598 | +/* | |
599 | + * Client->server request message formats. | |
600 | + */ | |
601 | +struct talk_msg { | |
602 | + u_char type; /* request type, see below */ | |
603 | + char l_name[TALK_OLD_NSIZE];/* caller's name */ | |
604 | + char r_name[TALK_OLD_NSIZE];/* callee's name */ | |
605 | + u_char pad; | |
606 | + u_int32_t id_num; /* message id */ | |
607 | + int32_t pid; /* caller's process id */ | |
608 | + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */ | |
609 | + struct talk_addr addr; /* old (4.3) style */ | |
610 | + struct talk_addr ctl_addr; /* old (4.3) style */ | |
611 | +}; | |
612 | + | |
613 | +struct ntalk_msg { | |
614 | + u_char vers; /* protocol version */ | |
615 | + u_char type; /* request type, see below */ | |
616 | + u_char answer; /* not used */ | |
617 | + u_char pad; | |
618 | + u_int32_t id_num; /* message id */ | |
619 | + struct talk_addr addr; /* old (4.3) style */ | |
620 | + struct talk_addr ctl_addr; /* old (4.3) style */ | |
621 | + int32_t pid; /* caller's process id */ | |
622 | + char l_name[TALK_NSIZE];/* caller's name */ | |
623 | + char r_name[TALK_NSIZE];/* callee's name */ | |
624 | + char r_tty[TALK_TTY_NSIZE];/* callee's tty name */ | |
625 | +}; | |
626 | + | |
627 | +struct ntalk2_msg { | |
628 | + u_char vers; /* talk protocol version */ | |
629 | + u_char type; /* request type */ | |
630 | + u_char answer; /* */ | |
631 | + u_char extended; /* !0 if additional parts */ | |
632 | + u_int32_t id_num; /* message id number (dels) */ | |
633 | + struct talk_addr addr; /* target address */ | |
634 | + struct talk_addr ctl_addr; /* reply to address */ | |
635 | + int32_t pid; /* caller's process id */ | |
636 | + char l_name[TALK_NSIZE]; /* caller's name */ | |
637 | + char r_name[TALK_NSIZE]; /* callee's name */ | |
638 | + char r_tty[TALK_TTY_NSIZE]; /* callee's tty */ | |
639 | +}; | |
640 | + | |
641 | +/* | |
642 | + * Server->client response message formats. | |
643 | + */ | |
644 | +struct talk_response { | |
645 | + u_char type; /* type of request message, see below */ | |
646 | + u_char answer; /* response to request message, see below */ | |
647 | + u_char pad[2]; | |
648 | + u_int32_t id_num; /* message id */ | |
649 | + struct talk_addr addr; /* address for establishing conversation */ | |
650 | +}; | |
651 | + | |
652 | +struct ntalk_response { | |
653 | + u_char vers; /* protocol version */ | |
654 | + u_char type; /* type of request message, see below */ | |
655 | + u_char answer; /* response to request message, see below */ | |
656 | + u_char pad; | |
657 | + u_int32_t id_num; /* message id */ | |
658 | + struct talk_addr addr; /* address for establishing conversation */ | |
659 | +}; | |
660 | + | |
661 | +struct ntalk2_response { | |
662 | + u_char vers; /* protocol version */ | |
663 | + u_char type; /* type of request message */ | |
664 | + u_char answer; /* response to request */ | |
665 | + u_char rvers; /* Version of answering vers*/ | |
666 | + u_int32_t id_num; /* message id number */ | |
667 | + struct talk_addr addr; /* address for connection */ | |
668 | + /* This is at the end to compatiblize this with NTALK version. */ | |
669 | + char r_name[TALK_NSIZE]; /* callee's name */ | |
670 | +}; | |
671 | + | |
672 | +#define TALK_STR(data, talk_str, member) ((struct talk_str *)data)->member) | |
673 | +#define TALK_RESP(data, ver, member) (ver ? ((struct ntalk_response *)data)->member : ((struct talk_response *)data)->member) | |
674 | +#define TALK_MSG(data, ver, member) (ver ? ((struct ntalk_msg *)data)->member : ((struct talk_msg *)data)->member) | |
675 | + | |
676 | +#define TALK_VERSION 0 /* protocol versions */ | |
677 | +#define NTALK_VERSION 1 | |
678 | +#define NTALK2_VERSION 2 | |
679 | + | |
680 | +/* message type values */ | |
681 | +#define LEAVE_INVITE 0 /* leave invitation with server */ | |
682 | +#define LOOK_UP 1 /* check for invitation by callee */ | |
683 | +#define DELETE 2 /* delete invitation by caller */ | |
684 | +#define ANNOUNCE 3 /* announce invitation by caller */ | |
685 | +/* NTALK2 */ | |
686 | +#define REPLY_QUERY 4 /* request reply data from local daemon */ | |
687 | + | |
688 | +/* answer values */ | |
689 | +#define SUCCESS 0 /* operation completed properly */ | |
690 | +#define NOT_HERE 1 /* callee not logged in */ | |
691 | +#define FAILED 2 /* operation failed for unexplained reason */ | |
692 | +#define MACHINE_UNKNOWN 3 /* caller's machine name unknown */ | |
693 | +#define PERMISSION_DENIED 4 /* callee's tty doesn't permit announce */ | |
694 | +#define UNKNOWN_REQUEST 5 /* request has invalid type value */ | |
695 | +#define BADVERSION 6 /* request has invalid protocol version */ | |
696 | +#define BADADDR 7 /* request has invalid addr value */ | |
697 | +#define BADCTLADDR 8 /* request has invalid ctl_addr value */ | |
698 | +/* NTALK2 */ | |
699 | +#define NO_CALLER 9 /* no-one calling answer from REPLY */ | |
700 | +#define TRY_HERE 10 /* Not on this machine, try this */ | |
701 | +#define SELECTIVE_REFUSAL 11 /* User Filter refusal. */ | |
702 | +#define MAX_RESPONSE_TYPE 11 /* Make sure this is updated */ | |
703 | + | |
704 | +/* We don't really need much for talk */ | |
705 | +struct ip_ct_talk_expect | |
706 | +{ | |
707 | + /* Port that was to be used */ | |
708 | + u_int16_t port; | |
709 | +}; | |
710 | + | |
711 | +/* This structure exists only once per master */ | |
712 | +struct ip_ct_talk_master | |
713 | +{ | |
714 | +}; | |
715 | + | |
716 | +#endif /* _IP_CONNTRACK_TALK_H */ | |
717 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_tuple.h | |
718 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-06-07 21:14:55.000000000 +0200 | |
719 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-06-08 10:40:55.000000000 +0200 | |
720 | @@ -25,6 +25,9 @@ | |
721 | struct { | |
722 | u_int16_t id; | |
723 | } icmp; | |
724 | + struct { | |
725 | + u_int16_t port; | |
726 | + } sctp; | |
727 | }; | |
728 | ||
729 | /* The manipulable part of the tuple. */ | |
730 | @@ -55,6 +58,9 @@ | |
731 | struct { | |
732 | u_int8_t type, code; | |
733 | } icmp; | |
734 | + struct { | |
735 | + u_int16_t port; | |
736 | + } sctp; | |
737 | } u; | |
738 | ||
739 | /* The protocol. */ | |
740 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_pool.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_pool.h | |
741 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_pool.h 1970-01-01 01:00:00.000000000 +0100 | |
742 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_pool.h 2004-06-08 10:31:45.000000000 +0200 | |
743 | @@ -0,0 +1,64 @@ | |
744 | +#ifndef _IP_POOL_H | |
745 | +#define _IP_POOL_H | |
746 | + | |
747 | +/***************************************************************************/ | |
748 | +/* This program is free software; you can redistribute it and/or modify */ | |
749 | +/* it under the terms of the GNU General Public License as published by */ | |
750 | +/* the Free Software Foundation; either version 2 of the License, or */ | |
751 | +/* (at your option) any later version. */ | |
752 | +/* */ | |
753 | +/* This program is distributed in the hope that it will be useful, */ | |
754 | +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ | |
755 | +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ | |
756 | +/* GNU General Public License for more details. */ | |
757 | +/* */ | |
758 | +/* You should have received a copy of the GNU General Public License */ | |
759 | +/* along with this program; if not, write to the Free Software */ | |
760 | +/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/ | |
761 | +/***************************************************************************/ | |
762 | + | |
763 | +/* A sockopt of such quality has hardly ever been seen before on the open | |
764 | + * market! This little beauty, hardly ever used: above 64, so it's | |
765 | + * traditionally used for firewalling, not touched (even once!) by the | |
766 | + * 2.0, 2.2 and 2.4 kernels! | |
767 | + * | |
768 | + * Comes with its own certificate of authenticity, valid anywhere in the | |
769 | + * Free world! | |
770 | + * | |
771 | + * Rusty, 19.4.2000 | |
772 | + */ | |
773 | +#define SO_IP_POOL 81 | |
774 | + | |
775 | +typedef int ip_pool_t; /* pool index */ | |
776 | +#define IP_POOL_NONE ((ip_pool_t)-1) | |
777 | + | |
778 | +struct ip_pool_request { | |
779 | + int op; | |
780 | + ip_pool_t index; | |
781 | + u_int32_t addr; | |
782 | + u_int32_t addr2; | |
783 | +}; | |
784 | + | |
785 | +/* NOTE: I deliberately break the first cut ippool utility. Nobody uses it. */ | |
786 | + | |
787 | +#define IP_POOL_BAD001 0x00000010 | |
788 | + | |
789 | +#define IP_POOL_FLUSH 0x00000011 /* req.index, no arguments */ | |
790 | +#define IP_POOL_INIT 0x00000012 /* from addr to addr2 incl. */ | |
791 | +#define IP_POOL_DESTROY 0x00000013 /* req.index, no arguments */ | |
792 | +#define IP_POOL_ADD_ADDR 0x00000014 /* add addr to pool */ | |
793 | +#define IP_POOL_DEL_ADDR 0x00000015 /* del addr from pool */ | |
794 | +#define IP_POOL_HIGH_NR 0x00000016 /* result in req.index */ | |
795 | +#define IP_POOL_LOOKUP 0x00000017 /* result in addr and addr2 */ | |
796 | +#define IP_POOL_USAGE 0x00000018 /* result in addr */ | |
797 | +#define IP_POOL_TEST_ADDR 0x00000019 /* result (0/1) returned */ | |
798 | + | |
799 | +#ifdef __KERNEL__ | |
800 | + | |
801 | +/* NOTE: ip_pool_match() and ip_pool_mod() expect ADDR to be host byte order */ | |
802 | +extern int ip_pool_match(ip_pool_t pool, u_int32_t addr); | |
803 | +extern int ip_pool_mod(ip_pool_t pool, u_int32_t addr, int isdel); | |
804 | + | |
805 | +#endif | |
806 | + | |
807 | +#endif /*_IP_POOL_H*/ | |
808 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_tables.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_tables.h | |
809 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ip_tables.h 2004-06-07 21:14:25.000000000 +0200 | |
810 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ip_tables.h 2004-06-08 10:37:30.000000000 +0200 | |
811 | @@ -134,6 +134,12 @@ | |
812 | /* Back pointer */ | |
813 | unsigned int comefrom; | |
814 | ||
815 | + /* Name of the chain */ | |
816 | + char *chainname; | |
817 | + | |
818 | + /* Rule number in the chain. */ | |
819 | + u_int32_t rulenum; | |
820 | + | |
821 | /* Packet and byte counters. */ | |
822 | struct ipt_counters counters; | |
823 | ||
824 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ipt_CONNMARK.h | |
825 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ipt_CONNMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
826 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2004-06-08 10:36:58.000000000 +0200 | |
827 | @@ -0,0 +1,25 @@ | |
828 | +#ifndef _IPT_CONNMARK_H_target | |
829 | +#define _IPT_CONNMARK_H_target | |
830 | + | |
831 | +/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> | |
832 | + * by Henrik Nordstrom <hno@marasystems.com> | |
833 | + * | |
834 | + * This program is free software; you can redistribute it and/or modify | |
835 | + * it under the terms of the GNU General Public License as published by | |
836 | + * the Free Software Foundation; either version 2 of the License, or | |
837 | + * (at your option) any later version. | |
838 | + */ | |
839 | + | |
840 | +enum { | |
841 | + IPT_CONNMARK_SET = 0, | |
842 | + IPT_CONNMARK_SAVE, | |
843 | + IPT_CONNMARK_RESTORE | |
844 | +}; | |
845 | + | |
846 | +struct ipt_connmark_target_info { | |
847 | + unsigned long mark; | |
848 | + unsigned long mask; | |
849 | + u_int8_t mode; | |
850 | +}; | |
851 | + | |
852 | +#endif /*_IPT_CONNMARK_H_target*/ | |
853 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ipt_IPMARK.h | |
854 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100 | |
855 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ipt_IPMARK.h 2004-06-08 10:37:02.000000000 +0200 | |
856 | @@ -0,0 +1,13 @@ | |
857 | +#ifndef _IPT_IPMARK_H_target | |
858 | +#define _IPT_IPMARK_H_target | |
859 | + | |
860 | +struct ipt_ipmark_target_info { | |
861 | + unsigned long andmask; | |
862 | + unsigned long ormask; | |
863 | + unsigned int addr; | |
864 | +}; | |
865 | + | |
866 | +#define IPT_IPMARK_SRC 0 | |
867 | +#define IPT_IPMARK_DST 1 | |
868 | + | |
869 | +#endif /*_IPT_IPMARK_H_target*/ | |
870 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ipt_NETLINK.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ipt_NETLINK.h | |
871 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ipt_NETLINK.h 1970-01-01 01:00:00.000000000 +0100 | |
872 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ipt_NETLINK.h 2004-06-08 10:31:09.000000000 +0200 | |
873 | @@ -0,0 +1,27 @@ | |
874 | +#ifndef _IPT_FWMON_H | |
875 | +#define _IPT_FWMON_H | |
876 | + | |
877 | +/* Bitmask macros */ | |
878 | +#define MASK(x,y) (x & y) | |
879 | +#define MASK_SET(x,y) x |= y | |
880 | +#define MASK_UNSET(x,y) x &= ~y | |
881 | + | |
882 | +#define USE_MARK 0x00000001 | |
883 | +#define USE_DROP 0x00000002 | |
884 | +#define USE_SIZE 0x00000004 | |
885 | + | |
886 | +struct ipt_nldata | |
887 | +{ | |
888 | + unsigned int flags; | |
889 | + unsigned int mark; | |
890 | + unsigned int size; | |
891 | +}; | |
892 | + | |
893 | +/* Old header */ | |
894 | +struct netlink_t { | |
895 | + unsigned int len; | |
896 | + unsigned int mark; | |
897 | + char iface[IFNAMSIZ]; | |
898 | +}; | |
899 | + | |
900 | +#endif /*_IPT_FWMON_H*/ | |
901 | diff -Nur --exclude '*.orig' linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ipt_ROUTE.h linux-2.6.7-rc3/include/linux/netfilter_ipv4/ipt_ROUTE.h | |
902 | --- linux-2.6.7-rc3.org/include/linux/netfilter_ipv4/ipt_ROUTE.h 1970-01-01 01:00:00.000000000 +0100 | |
903 | +++ linux-2.6.7-rc3/include/linux/netfilter_ipv4/ipt_ROUTE.h 2004-06-08 10:37:08.000000000 +0200 | |
904 | @@ -0,0 +1,22 @@ | |
905 | +/* Header file for iptables ipt_ROUTE target | |
906 | + * | |
907 |