diff options
-rw-r--r-- | Makefile | 2 | ||||
-rwxr-xr-x | extensions/.FTOS-test | 2 | ||||
-rwxr-xr-x | extensions/.TCPMSS-test | 3 | ||||
-rwxr-xr-x | extensions/.TTL-test | 2 | ||||
-rwxr-xr-x | extensions/.ULOG-test | 2 | ||||
-rwxr-xr-x | extensions/.ah-esp-test | 3 | ||||
-rwxr-xr-x | extensions/.iplimit-test | 2 | ||||
-rwxr-xr-x | extensions/.ttl-test | 2 | ||||
-rw-r--r-- | extensions/Makefile | 3 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_FTOS.h | 16 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_TCPMSS.h | 10 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_TTL.h | 19 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_ULOG.h | 42 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_ah.h | 16 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_connlimit.h | 12 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_esp.h | 16 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_tcpmss.h | 9 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_ttl.h | 21 |
18 files changed, 165 insertions, 17 deletions
@@ -23,7 +23,7 @@ DO_IPV6=1 endif COPT_FLAGS:=-O2 -DNDEBUG -CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -Iinclude/ -I$(KERNEL_DIR)/include -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g #-pg +CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g #-pg DEPFILES = $(SHARED_LIBS:%.so=%.d) SH_CFLAGS:=$(CFLAGS) -fPIC diff --git a/extensions/.FTOS-test b/extensions/.FTOS-test deleted file mode 100755 index d07fce7a..00000000 --- a/extensions/.FTOS-test +++ /dev/null @@ -1,2 +0,0 @@ -#! /bin/sh -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_FTOS.h ] && echo FTOS diff --git a/extensions/.TCPMSS-test b/extensions/.TCPMSS-test deleted file mode 100755 index d6ea82f8..00000000 --- a/extensions/.TCPMSS-test +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/sh -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_TCPMSS.h ] && echo TCPMSS -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_tcpmss.h ] && echo tcpmss diff --git a/extensions/.TTL-test b/extensions/.TTL-test deleted file mode 100755 index cdeda6f8..00000000 --- a/extensions/.TTL-test +++ /dev/null @@ -1,2 +0,0 @@ -#! /bin/sh -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_TTL.h ] && echo TTL diff --git a/extensions/.ULOG-test b/extensions/.ULOG-test deleted file mode 100755 index 7ca85237..00000000 --- a/extensions/.ULOG-test +++ /dev/null @@ -1,2 +0,0 @@ -#! /bin/sh -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ULOG.h ] && echo ULOG diff --git a/extensions/.ah-esp-test b/extensions/.ah-esp-test deleted file mode 100755 index f8b779c9..00000000 --- a/extensions/.ah-esp-test +++ /dev/null @@ -1,3 +0,0 @@ -#! /bin/sh -# True if ah is applied. -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ah.h ] && echo ah esp diff --git a/extensions/.iplimit-test b/extensions/.iplimit-test deleted file mode 100755 index dee32d92..00000000 --- a/extensions/.iplimit-test +++ /dev/null @@ -1,2 +0,0 @@ -#! /bin/sh -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_iplimit.h ] && echo iplimit diff --git a/extensions/.ttl-test b/extensions/.ttl-test deleted file mode 100755 index 28a3cdc4..00000000 --- a/extensions/.ttl-test +++ /dev/null @@ -1,2 +0,0 @@ -#! /bin/sh -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ttl.h ] && echo ttl diff --git a/extensions/Makefile b/extensions/Makefile index 5f7c603e..be607e92 100644 --- a/extensions/Makefile +++ b/extensions/Makefile @@ -3,6 +3,9 @@ PF_EXT_SLIB:=tcp udp icmp mac limit standard REJECT LOG unclean state multiport tos TOS mark MARK owner SNAT DNAT MASQUERADE REDIRECT MIRROR PF6_EXT_SLIB:=tcp udp icmp standard MARK mark +# The following may not be present, but compile them anyway. +PF_EXT_SLIB+=FTOS TCPMSS TTL ULOG ah esp iplimit tcpmss ttl + # Optionals PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) diff --git a/include/linux/netfilter_ipv4/ipt_FTOS.h b/include/linux/netfilter_ipv4/ipt_FTOS.h new file mode 100644 index 00000000..3b045596 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_FTOS.h @@ -0,0 +1,16 @@ +/* Set TOS field in header to any value + * + * (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> + * + * This software is distributed under GNU GPL v2, 1991 + * + * ipt_FTOS.h borrowed heavily from ipt_TOS.h 11/09/2000 +*/ +#ifndef _IPT_FTOS_H +#define _IPT_FTOS_H + +struct ipt_FTOS_info { + u_int8_t ftos; +}; + +#endif /*_IPT_FTOS_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_TCPMSS.h b/include/linux/netfilter_ipv4/ipt_TCPMSS.h new file mode 100644 index 00000000..aadb3958 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_TCPMSS.h @@ -0,0 +1,10 @@ +#ifndef _IPT_TCPMSS_H +#define _IPT_TCPMSS_H + +struct ipt_tcpmss_info { + u_int16_t mss; +}; + +#define IPT_TCPMSS_CLAMP_PMTU 0xffff + +#endif /*_IPT_TCPMSS_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h new file mode 100644 index 00000000..f669b8c6 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_TTL.h @@ -0,0 +1,19 @@ +/* TTL modification module for IP tables + * (C) 2000 by Harald Welte <laforge@gnumonks.org> */ + +#ifndef _IPT_TTL_H +#define _IPT_TTL_H + +enum { + IPT_TTL_SET = 0, + IPT_TTL_INC, + IPT_TTL_DEC +}; + +#define IPT_TTL_MAXMODE IPT_TTL_DEC + +struct ipt_TTL_info { + u_int8_t mode; + u_int8_t ttl; +}; +#endif diff --git a/include/linux/netfilter_ipv4/ipt_ULOG.h b/include/linux/netfilter_ipv4/ipt_ULOG.h new file mode 100644 index 00000000..10d7b0c4 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_ULOG.h @@ -0,0 +1,42 @@ +/* Header file for IP tables userspace logging, Version 1.6 + * + * (C) 2000 by Harald Welte <laforge@gnumonks.org> + * + * Distributed under the terms of GNU GPL */ + +#ifndef _IPT_ULOG_H +#define _IPT_ULOG_H + +#define ULOG_MAC_LEN 80 +#define ULOG_PREFIX_LEN 32 + +#define ULOG_MAX_QLEN 50 +/* Why 50? Well... there is a limit imposed by the slab cache 131000 + * bytes. So the multipart netlink-message has to be < 131000 bytes. + * Assuming a standard ethernet-mtu of 1500, we could define this up + * to 80... but even 50 seems to be big enough. */ + +/* private data structure for each rule with a ULOG target */ +struct ipt_ulog_info { + unsigned int nl_group; + size_t copy_range; + size_t qthreshold; + char prefix[ULOG_PREFIX_LEN]; +}; + +/* Format of the ULOG packets passed through netlink */ +typedef struct ulog_packet_msg { + unsigned long mark; + long timestamp_sec; + long timestamp_usec; + unsigned int hook; + char indev_name[IFNAMSIZ]; + char outdev_name[IFNAMSIZ]; + size_t data_len; + char prefix[ULOG_PREFIX_LEN]; + unsigned char mac_len; + unsigned char mac[ULOG_MAC_LEN]; + unsigned char payload[0]; +} ulog_packet_msg_t; + +#endif /*_IPT_ULOG_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h new file mode 100644 index 00000000..7b9a2ac7 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_ah.h @@ -0,0 +1,16 @@ +#ifndef _IPT_AH_H +#define _IPT_AH_H + +struct ipt_ah +{ + u_int32_t spis[2]; /* Security Parameter Index */ + u_int8_t invflags; /* Inverse flags */ +}; + + + +/* Values for "invflags" field in struct ipt_ah. */ +#define IPT_AH_INV_SPI 0x01 /* Invert the sense of spi. */ +#define IPT_AH_INV_MASK 0x01 /* All possible flags. */ + +#endif /*_IPT_AH_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_connlimit.h b/include/linux/netfilter_ipv4/ipt_connlimit.h new file mode 100644 index 00000000..6282194f --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_connlimit.h @@ -0,0 +1,12 @@ +#ifndef _IPT_IPLIMIT_H +#define _IPT_IPLIMIT_H + +struct ipt_iplimit_data; + +struct ipt_iplimit_info { + int limit; + int inverse; + u_int32_t mask; + struct ipt_iplimit_data *data; +}; +#endif /* _IPT_IPLIMIT_H */ diff --git a/include/linux/netfilter_ipv4/ipt_esp.h b/include/linux/netfilter_ipv4/ipt_esp.h new file mode 100644 index 00000000..c782a83e --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_esp.h @@ -0,0 +1,16 @@ +#ifndef _IPT_ESP_H +#define _IPT_ESP_H + +struct ipt_esp +{ + u_int32_t spis[2]; /* Security Parameter Index */ + u_int8_t invflags; /* Inverse flags */ +}; + + + +/* Values for "invflags" field in struct ipt_esp. */ +#define IPT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ +#define IPT_ESP_INV_MASK 0x01 /* All possible flags. */ + +#endif /*_IPT_ESP_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_tcpmss.h b/include/linux/netfilter_ipv4/ipt_tcpmss.h new file mode 100644 index 00000000..e2b14397 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_tcpmss.h @@ -0,0 +1,9 @@ +#ifndef _IPT_TCPMSS_MATCH_H +#define _IPT_TCPMSS_MATCH_H + +struct ipt_tcpmss_match_info { + u_int16_t mss_min, mss_max; + u_int8_t invert; +}; + +#endif /*_IPT_TCPMSS_MATCH_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_ttl.h b/include/linux/netfilter_ipv4/ipt_ttl.h new file mode 100644 index 00000000..ee24fd86 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_ttl.h @@ -0,0 +1,21 @@ +/* IP tables module for matching the value of the TTL + * (C) 2000 by Harald Welte <laforge@gnumonks.org> */ + +#ifndef _IPT_TTL_H +#define _IPT_TTL_H + +enum { + IPT_TTL_EQ = 0, /* equals */ + IPT_TTL_NE, /* not equals */ + IPT_TTL_LT, /* less than */ + IPT_TTL_GT, /* greater than */ +}; + + +struct ipt_ttl_info { + u_int8_t mode; + u_int8_t ttl; +}; + + +#endif |