From a32c699b6ea3a6d44406062e4b076071461ed2f2 Mon Sep 17 00:00:00 2001
From: gandalf <gandalf>
Date: Wed, 26 May 2004 15:50:57 +0000
Subject: Fix 64bit kernel / 32bit userspace issue.

---
 extensions/libip6t_limit.c                   |  3 ++-
 extensions/libipt_conntrack.c                | 34 ++++++++++++++++++++++++----
 extensions/libipt_limit.c                    |  3 ++-
 include/linux/netfilter_ipv4/ipt_conntrack.h |  6 ++++-
 include/linux/netfilter_ipv4/ipt_limit.h     | 26 +++++++++++++++++++++
 include/linux/netfilter_ipv6/ip6t_limit.h    | 25 ++++++++++++++++++++
 6 files changed, 89 insertions(+), 8 deletions(-)
 create mode 100644 include/linux/netfilter_ipv4/ipt_limit.h
 create mode 100644 include/linux/netfilter_ipv6/ip6t_limit.h

diff --git a/extensions/libip6t_limit.c b/extensions/libip6t_limit.c
index 9516252..e141d01 100644
--- a/extensions/libip6t_limit.c
+++ b/extensions/libip6t_limit.c
@@ -11,7 +11,8 @@
 #include <ip6tables.h>
 #include <stddef.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
-#include <linux/netfilter_ipv6/ip6t_limit.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv6/ip6t_limit.h"
 
 #define IP6T_LIMIT_AVG	"3/hour"
 #define IP6T_LIMIT_BURST	5
diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c
index 48c2f1d..49a2afb 100644
--- a/extensions/libipt_conntrack.c
+++ b/extensions/libipt_conntrack.c
@@ -11,7 +11,8 @@
 #include <iptables.h>
 #include <linux/netfilter_ipv4/ip_conntrack.h>
 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
-#include <linux/netfilter_ipv4/ipt_conntrack.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv4/ipt_conntrack.h"
 
 #ifndef IPT_CONNTRACK_STATE_UNTRACKED
 #define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
@@ -135,17 +136,29 @@ parse_statuses(const char *arg, struct ipt_conntrack_info *sinfo)
 		exit_error(PARAMETER_PROBLEM, "Bad ctstatus `%s'", arg);
 }
 
-
+#ifdef KERNEL_64_USERSPACE_32
+static unsigned long long
+parse_expire(const char *s)
+{
+	unsigned long long len;
+	
+	if (string_to_number_ll(s, 0, 0, &len) == -1)
+		exit_error(PARAMETER_PROBLEM, "expire value invalid: `%s'\n", s);
+	else
+		return len;
+}
+#else
 static unsigned long
 parse_expire(const char *s)
 {
 	unsigned int len;
 	
-	if (string_to_number(s, 0, 0xFFFFFFFF, &len) == -1)
+	if (string_to_number(s, 0, 0, &len) == -1)
 		exit_error(PARAMETER_PROBLEM, "expire value invalid: `%s'\n", s);
 	else
 		return len;
 }
+#endif
 
 /* If a single value is provided, min and max are both set to the value */
 static void
@@ -162,15 +175,19 @@ parse_expires(const char *s, struct ipt_conntrack_info *sinfo)
 		cp++;
 
 		sinfo->expires_min = buffer[0] ? parse_expire(buffer) : 0;
-		sinfo->expires_max = cp[0] ? parse_expire(cp) : 0xFFFFFFFF;
+		sinfo->expires_max = cp[0] ? parse_expire(cp) : -1;
 	}
 	free(buffer);
 	
 	if (sinfo->expires_min > sinfo->expires_max)
 		exit_error(PARAMETER_PROBLEM,
+#ifdef KERNEL_64_USERSPACE_32
+		           "expire min. range value `%llu' greater than max. "
+		           "range value `%llu'", sinfo->expires_min, sinfo->expires_max);
+#else
 		           "expire min. range value `%lu' greater than max. "
 		           "range value `%lu'", sinfo->expires_min, sinfo->expires_max);
-	
+#endif
 }
 
 /* Function which parses command options; returns true if it
@@ -485,10 +502,17 @@ matchinfo_print(const struct ipt_ip *ip, const struct ipt_entry_match *match, in
         	if (sinfo->invflags & IPT_CONNTRACK_EXPIRES)
                 	printf("! ");
 
+#ifdef KERNEL_64_USERSPACE_32
+        	if (sinfo->expires_max == sinfo->expires_min)
+                	printf("%llu ", sinfo->expires_min);
+        	else
+                	printf("%llu:%llu ", sinfo->expires_min, sinfo->expires_max);
+#else
         	if (sinfo->expires_max == sinfo->expires_min)
                 	printf("%lu ", sinfo->expires_min);
         	else
                 	printf("%lu:%lu ", sinfo->expires_min, sinfo->expires_max);
+#endif
 	}
 }
 
diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c
index af381fa..4d52040 100644
--- a/extensions/libipt_limit.c
+++ b/extensions/libipt_limit.c
@@ -11,7 +11,8 @@
 #include <iptables.h>
 #include <stddef.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_limit.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv4/ipt_limit.h"
 
 #define IPT_LIMIT_AVG	"3/hour"
 #define IPT_LIMIT_BURST	5
diff --git a/include/linux/netfilter_ipv4/ipt_conntrack.h b/include/linux/netfilter_ipv4/ipt_conntrack.h
index eb97456..9877021 100644
--- a/include/linux/netfilter_ipv4/ipt_conntrack.h
+++ b/include/linux/netfilter_ipv4/ipt_conntrack.h
@@ -10,6 +10,7 @@
 
 #define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
 #define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
+#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
 
 /* flags, invflags: */
 #define IPT_CONNTRACK_STATE	0x01
@@ -28,7 +29,11 @@ struct ipt_conntrack_info
 	struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX];
 	struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
 
+#ifdef KERNEL_64_USERSPACE_32
+	unsigned long long expires_min, expires_max;
+#else
 	unsigned long expires_min, expires_max;
+#endif
 
 	/* Flags word */
 	u_int8_t flags;
@@ -36,4 +41,3 @@ struct ipt_conntrack_info
 	u_int8_t invflags;
 };
 #endif /*_IPT_CONNTRACK_H*/
-
diff --git a/include/linux/netfilter_ipv4/ipt_limit.h b/include/linux/netfilter_ipv4/ipt_limit.h
new file mode 100644
index 0000000..e2fb166
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_limit.h
@@ -0,0 +1,26 @@
+#ifndef _IPT_RATE_H
+#define _IPT_RATE_H
+
+/* timings are in milliseconds. */
+#define IPT_LIMIT_SCALE 10000
+
+/* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
+   seconds, or one every 59 hours. */
+struct ipt_rateinfo {
+	u_int32_t avg;    /* Average secs between packets * scale */
+	u_int32_t burst;  /* Period multiplier for upper limit. */
+
+#ifdef KERNEL_64_USERSPACE_32
+	u_int64_t prev;
+	u_int64_t placeholder;
+#else
+	/* Used internally by the kernel */
+	unsigned long prev;
+	/* Ugly, ugly fucker. */
+	struct ipt_rateinfo *master;
+#endif
+
+	u_int32_t credit;
+	u_int32_t credit_cap, cost;
+};
+#endif /*_IPT_RATE_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_limit.h b/include/linux/netfilter_ipv6/ip6t_limit.h
new file mode 100644
index 0000000..cd3e834
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_limit.h
@@ -0,0 +1,25 @@
+#ifndef _IP6T_RATE_H
+#define _IP6T_RATE_H
+
+/* timings are in milliseconds. */
+#define IP6T_LIMIT_SCALE 10000
+
+/* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
+   seconds, or one every 59 hours. */
+struct ip6t_rateinfo {
+	u_int32_t avg;    /* Average secs between packets * scale */
+	u_int32_t burst;  /* Period multiplier for upper limit. */
+
+#ifdef KERNEL_64_USERSPACE_32
+	u_int64_t prev;
+	u_int64_t placeholder;
+#else
+	/* Used internally by the kernel */
+	unsigned long prev;
+	/* Ugly, ugly fucker. */
+	struct ip6t_rateinfo *master;
+#endif
+	u_int32_t credit;
+	u_int32_t credit_cap, cost;
+};
+#endif /*_IPT_RATE_H*/
-- 
cgit v1.2.3