From 4dc734c73cc4a0ff87c0ce3673544628b58c7e24 Mon Sep 17 00:00:00 2001
From: Harald Welte <laforge@gnumonks.org>
Date: Tue, 7 Oct 2003 18:55:13 +0000
Subject: add support for the raw table to userspace

---
 extensions/libipt_conntrack.c | 12 +++++++++++-
 extensions/libipt_state.c     | 12 +++++++++++-
 2 files changed, 22 insertions(+), 2 deletions(-)

(limited to 'extensions')

diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c
index ccb78ea1..63b38e98 100644
--- a/extensions/libipt_conntrack.c
+++ b/extensions/libipt_conntrack.c
@@ -13,13 +13,17 @@
 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
 #include <linux/netfilter_ipv4/ipt_conntrack.h>
 
+#ifndef IPT_CONNTRACK_STATE_UNTRACKED
+#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
+#endif
+
 /* Function which prints out usage message. */
 static void
 help(void)
 {
 	printf(
 "conntrack match v%s options:\n"
-" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|SNAT|DNAT][,...]\n"
+" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED|SNAT|DNAT][,...]\n"
 "				State(s) to match\n"
 " [!] --ctproto	proto		Protocol to match; by number or name, eg. `tcp'\n"
 "     --ctorigsrc  [!] address[/mask]\n"
@@ -70,6 +74,8 @@ parse_state(const char *state, size_t strlen, struct ipt_conntrack_info *sinfo)
 		sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED);
 	else if (strncasecmp(state, "RELATED", strlen) == 0)
 		sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_RELATED);
+	else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
+		sinfo->statemask |= IPT_CONNTRACK_STATE_UNTRACKED;
 	else if (strncasecmp(state, "SNAT", strlen) == 0)
 		sinfo->statemask |= IPT_CONNTRACK_STATE_SNAT;
 	else if (strncasecmp(state, "DNAT", strlen) == 0)
@@ -349,6 +355,10 @@ print_state(unsigned int statemask)
 		printf("%sESTABLISHED", sep);
 		sep = ",";
 	}
+	if (statemask & IPT_CONNTRACK_STATE_UNTRACKED) {
+		printf("%sUNTRACKED", sep);
+		sep = ",";
+	}
 	if (statemask & IPT_CONNTRACK_STATE_SNAT) {
 		printf("%sSNAT", sep);
 		sep = ",";
diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c
index ac3c0ba3..3662d949 100644
--- a/extensions/libipt_state.c
+++ b/extensions/libipt_state.c
@@ -8,13 +8,17 @@
 #include <linux/netfilter_ipv4/ip_conntrack.h>
 #include <linux/netfilter_ipv4/ipt_state.h>
 
+#ifndef IPT_STATE_UNTRACKED
+#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
+#endif
+
 /* Function which prints out usage message. */
 static void
 help(void)
 {
 	printf(
 "state v%s options:\n"
-" [!] --state [INVALID|ESTABLISHED|NEW|RELATED][,...]\n"
+" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n"
 "				State(s) to match\n"
 "\n", IPTABLES_VERSION);
 }
@@ -43,6 +47,8 @@ parse_state(const char *state, size_t strlen, struct ipt_state_info *sinfo)
 		sinfo->statemask |= IPT_STATE_BIT(IP_CT_ESTABLISHED);
 	else if (strncasecmp(state, "RELATED", strlen) == 0)
 		sinfo->statemask |= IPT_STATE_BIT(IP_CT_RELATED);
+	else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
+		sinfo->statemask |= IPT_STATE_UNTRACKED;
 	else
 		return 0;
 	return 1;
@@ -117,6 +123,10 @@ static void print_state(unsigned int statemask)
 		printf("%sESTABLISHED", sep);
 		sep = ",";
 	}
+	if (statemask & IPT_STATE_UNTRACKED) {
+		printf("%sUNTRACKED", sep);
+		sep = ",";
+	}
 	printf(" ");
 }
 
-- 
cgit v1.2.3