diff options
| author | laforge <laforge> | 2002-03-18 12:46:23 +0000 |
|---|---|---|
| committer | laforge <laforge> | 2002-03-18 12:46:23 +0000 |
| commit | 8d54302d7e54e605577d1f7b66aa151cac9c12aa (patch) | |
| tree | bd99425dd532a2ad12c9400dc2d41d2921e0d9ab | |
| parent | b9fa3018460c7b607d8e11d2a2cc389de03a9026 (diff) | |
make libipt_conntrack compile by default
| -rwxr-xr-x | extensions/.conntrack-test | 3 | ||||
| -rw-r--r-- | extensions/Makefile | 2 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ipt_conntrack.h | 39 |
3 files changed, 40 insertions, 4 deletions
diff --git a/extensions/.conntrack-test b/extensions/.conntrack-test deleted file mode 100755 index efef96d..0000000 --- a/extensions/.conntrack-test +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -# True if conntrack match patch is applied. -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_conntrack.h ] && echo conntrack diff --git a/extensions/Makefile b/extensions/Makefile index a1366a5..b25fbc5 100644 --- a/extensions/Makefile +++ b/extensions/Makefile @@ -1,6 +1,6 @@ #! /usr/bin/make -PF_EXT_SLIB:=ah dscp esp icmp length limit mac mark multiport owner pkttype standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TCPMSS TOS ULOG +PF_EXT_SLIB:=ah conntrack dscp esp icmp length limit mac mark multiport owner pkttype standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TCPMSS TOS ULOG PF6_EXT_SLIB:=icmpv6 length limit mac mark multiport owner standard tcp udp LOG MARK # The following may not be present, but compile them anyway. diff --git a/include/linux/netfilter_ipv4/ipt_conntrack.h b/include/linux/netfilter_ipv4/ipt_conntrack.h new file mode 100644 index 0000000..eb97456 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_conntrack.h @@ -0,0 +1,39 @@ +/* Header file for kernel module to match connection tracking information. + * GPL (C) 2001 Marc Boucher (marc@mbsi.ca). + */ + +#ifndef _IPT_CONNTRACK_H +#define _IPT_CONNTRACK_H + +#define IPT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) +#define IPT_CONNTRACK_STATE_INVALID (1 << 0) + +#define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) +#define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) + +/* flags, invflags: */ +#define IPT_CONNTRACK_STATE 0x01 +#define IPT_CONNTRACK_PROTO 0x02 +#define IPT_CONNTRACK_ORIGSRC 0x04 +#define IPT_CONNTRACK_ORIGDST 0x08 +#define IPT_CONNTRACK_REPLSRC 0x10 +#define IPT_CONNTRACK_REPLDST 0x20 +#define IPT_CONNTRACK_STATUS 0x40 +#define IPT_CONNTRACK_EXPIRES 0x80 + +struct ipt_conntrack_info +{ + unsigned int statemask, statusmask; + + struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX]; + struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; + + unsigned long expires_min, expires_max; + + /* Flags word */ + u_int8_t flags; + /* Inverse flags */ + u_int8_t invflags; +}; +#endif /*_IPT_CONNTRACK_H*/ + |