From 417138264239cc64fb494d21649290e9f02b5b97 Mon Sep 17 00:00:00 2001 From: laforge Date: Tue, 7 Oct 2003 18:55:13 +0000 Subject: add support for the raw table to userspace --- extensions/libipt_conntrack.c | 12 +++++++++++- extensions/libipt_state.c | 12 +++++++++++- libiptc/libip4tc.c | 13 +++++++++++++ 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c index ccb78ea..63b38e9 100644 --- a/extensions/libipt_conntrack.c +++ b/extensions/libipt_conntrack.c @@ -13,13 +13,17 @@ #include #include +#ifndef IPT_CONNTRACK_STATE_UNTRACKED +#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) +#endif + /* Function which prints out usage message. */ static void help(void) { printf( "conntrack match v%s options:\n" -" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|SNAT|DNAT][,...]\n" +" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED|SNAT|DNAT][,...]\n" " State(s) to match\n" " [!] --ctproto proto Protocol to match; by number or name, eg. `tcp'\n" " --ctorigsrc [!] address[/mask]\n" @@ -70,6 +74,8 @@ parse_state(const char *state, size_t strlen, struct ipt_conntrack_info *sinfo) sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED); else if (strncasecmp(state, "RELATED", strlen) == 0) sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_RELATED); + else if (strncasecmp(state, "UNTRACKED", strlen) == 0) + sinfo->statemask |= IPT_CONNTRACK_STATE_UNTRACKED; else if (strncasecmp(state, "SNAT", strlen) == 0) sinfo->statemask |= IPT_CONNTRACK_STATE_SNAT; else if (strncasecmp(state, "DNAT", strlen) == 0) @@ -349,6 +355,10 @@ print_state(unsigned int statemask) printf("%sESTABLISHED", sep); sep = ","; } + if (statemask & IPT_CONNTRACK_STATE_UNTRACKED) { + printf("%sUNTRACKED", sep); + sep = ","; + } if (statemask & IPT_CONNTRACK_STATE_SNAT) { printf("%sSNAT", sep); sep = ","; diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c index ac3c0ba..3662d94 100644 --- a/extensions/libipt_state.c +++ b/extensions/libipt_state.c @@ -8,13 +8,17 @@ #include #include +#ifndef IPT_STATE_UNTRACKED +#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) +#endif + /* Function which prints out usage message. */ static void help(void) { printf( "state v%s options:\n" -" [!] --state [INVALID|ESTABLISHED|NEW|RELATED][,...]\n" +" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n" " State(s) to match\n" "\n", IPTABLES_VERSION); } @@ -43,6 +47,8 @@ parse_state(const char *state, size_t strlen, struct ipt_state_info *sinfo) sinfo->statemask |= IPT_STATE_BIT(IP_CT_ESTABLISHED); else if (strncasecmp(state, "RELATED", strlen) == 0) sinfo->statemask |= IPT_STATE_BIT(IP_CT_RELATED); + else if (strncasecmp(state, "UNTRACKED", strlen) == 0) + sinfo->statemask |= IPT_STATE_UNTRACKED; else return 0; return 1; @@ -117,6 +123,10 @@ static void print_state(unsigned int statemask) printf("%sESTABLISHED", sep); sep = ","; } + if (statemask & IPT_STATE_UNTRACKED) { + printf("%sUNTRACKED", sep); + sep = ","; + } printf(" "); } diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c index e012c08..76a8281 100644 --- a/libiptc/libip4tc.c +++ b/libiptc/libip4tc.c @@ -436,6 +436,19 @@ do_check(TC_HANDLE_T h, unsigned int line) assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n); user_offset = h->info.hook_entry[NF_IP_POST_ROUTING]; } + } else if (strcmp(h->info.name, "raw") == 0) { + assert(h->info.valid_hooks + == (1 << NF_IP_PRE_ROUTING + | 1 << NF_IP_LOCAL_OUT)); + + /* Hooks should be first three */ + assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0); + + n = get_chain_end(h, n); + n += get_entry(h, n)->next_offset; + assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n); + + user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT]; #ifdef NF_IP_DROPPING } else if (strcmp(h->info.name, "drop") == 0) { -- cgit v1.2.3