summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile2
-rwxr-xr-xextensions/.FTOS-test2
-rwxr-xr-xextensions/.TCPMSS-test3
-rwxr-xr-xextensions/.TTL-test2
-rwxr-xr-xextensions/.ULOG-test2
-rwxr-xr-xextensions/.ah-esp-test3
-rwxr-xr-xextensions/.iplimit-test2
-rwxr-xr-xextensions/.ttl-test2
-rw-r--r--extensions/Makefile3
-rw-r--r--include/linux/netfilter_ipv4/ipt_FTOS.h16
-rw-r--r--include/linux/netfilter_ipv4/ipt_TCPMSS.h10
-rw-r--r--include/linux/netfilter_ipv4/ipt_TTL.h19
-rw-r--r--include/linux/netfilter_ipv4/ipt_ULOG.h42
-rw-r--r--include/linux/netfilter_ipv4/ipt_ah.h16
-rw-r--r--include/linux/netfilter_ipv4/ipt_connlimit.h12
-rw-r--r--include/linux/netfilter_ipv4/ipt_esp.h16
-rw-r--r--include/linux/netfilter_ipv4/ipt_tcpmss.h9
-rw-r--r--include/linux/netfilter_ipv4/ipt_ttl.h21
18 files changed, 165 insertions, 17 deletions
diff --git a/Makefile b/Makefile
index 43b5e47..14a2c9b 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,7 @@ DO_IPV6=1
endif
COPT_FLAGS:=-O2 -DNDEBUG
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -Iinclude/ -I$(KERNEL_DIR)/include -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g #-pg
+CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -I$(KERNEL_DIR)/include -Iinclude/ -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g #-pg
DEPFILES = $(SHARED_LIBS:%.so=%.d)
SH_CFLAGS:=$(CFLAGS) -fPIC
diff --git a/extensions/.FTOS-test b/extensions/.FTOS-test
deleted file mode 100755
index d07fce7..0000000
--- a/extensions/.FTOS-test
+++ /dev/null
@@ -1,2 +0,0 @@
-#! /bin/sh
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_FTOS.h ] && echo FTOS
diff --git a/extensions/.TCPMSS-test b/extensions/.TCPMSS-test
deleted file mode 100755
index d6ea82f..0000000
--- a/extensions/.TCPMSS-test
+++ /dev/null
@@ -1,3 +0,0 @@
-#! /bin/sh
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_TCPMSS.h ] && echo TCPMSS
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_tcpmss.h ] && echo tcpmss
diff --git a/extensions/.TTL-test b/extensions/.TTL-test
deleted file mode 100755
index cdeda6f..0000000
--- a/extensions/.TTL-test
+++ /dev/null
@@ -1,2 +0,0 @@
-#! /bin/sh
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_TTL.h ] && echo TTL
diff --git a/extensions/.ULOG-test b/extensions/.ULOG-test
deleted file mode 100755
index 7ca8523..0000000
--- a/extensions/.ULOG-test
+++ /dev/null
@@ -1,2 +0,0 @@
-#! /bin/sh
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ULOG.h ] && echo ULOG
diff --git a/extensions/.ah-esp-test b/extensions/.ah-esp-test
deleted file mode 100755
index f8b779c..0000000
--- a/extensions/.ah-esp-test
+++ /dev/null
@@ -1,3 +0,0 @@
-#! /bin/sh
-# True if ah is applied.
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ah.h ] && echo ah esp
diff --git a/extensions/.iplimit-test b/extensions/.iplimit-test
deleted file mode 100755
index dee32d9..0000000
--- a/extensions/.iplimit-test
+++ /dev/null
@@ -1,2 +0,0 @@
-#! /bin/sh
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_iplimit.h ] && echo iplimit
diff --git a/extensions/.ttl-test b/extensions/.ttl-test
deleted file mode 100755
index 28a3cdc..0000000
--- a/extensions/.ttl-test
+++ /dev/null
@@ -1,2 +0,0 @@
-#! /bin/sh
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_ttl.h ] && echo ttl
diff --git a/extensions/Makefile b/extensions/Makefile
index 5f7c603..be607e9 100644
--- a/extensions/Makefile
+++ b/extensions/Makefile
@@ -3,6 +3,9 @@
PF_EXT_SLIB:=tcp udp icmp mac limit standard REJECT LOG unclean state multiport tos TOS mark MARK owner SNAT DNAT MASQUERADE REDIRECT MIRROR
PF6_EXT_SLIB:=tcp udp icmp standard MARK mark
+# The following may not be present, but compile them anyway.
+PF_EXT_SLIB+=FTOS TCPMSS TTL ULOG ah esp iplimit tcpmss ttl
+
# Optionals
PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
PF6_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test6),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
diff --git a/include/linux/netfilter_ipv4/ipt_FTOS.h b/include/linux/netfilter_ipv4/ipt_FTOS.h
new file mode 100644
index 0000000..3b04559
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_FTOS.h
@@ -0,0 +1,16 @@
+/* Set TOS field in header to any value
+ *
+ * (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
+ *
+ * This software is distributed under GNU GPL v2, 1991
+ *
+ * ipt_FTOS.h borrowed heavily from ipt_TOS.h 11/09/2000
+*/
+#ifndef _IPT_FTOS_H
+#define _IPT_FTOS_H
+
+struct ipt_FTOS_info {
+ u_int8_t ftos;
+};
+
+#endif /*_IPT_FTOS_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_TCPMSS.h b/include/linux/netfilter_ipv4/ipt_TCPMSS.h
new file mode 100644
index 0000000..aadb395
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_TCPMSS.h
@@ -0,0 +1,10 @@
+#ifndef _IPT_TCPMSS_H
+#define _IPT_TCPMSS_H
+
+struct ipt_tcpmss_info {
+ u_int16_t mss;
+};
+
+#define IPT_TCPMSS_CLAMP_PMTU 0xffff
+
+#endif /*_IPT_TCPMSS_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_TTL.h b/include/linux/netfilter_ipv4/ipt_TTL.h
new file mode 100644
index 0000000..f669b8c
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_TTL.h
@@ -0,0 +1,19 @@
+/* TTL modification module for IP tables
+ * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
+
+#ifndef _IPT_TTL_H
+#define _IPT_TTL_H
+
+enum {
+ IPT_TTL_SET = 0,
+ IPT_TTL_INC,
+ IPT_TTL_DEC
+};
+
+#define IPT_TTL_MAXMODE IPT_TTL_DEC
+
+struct ipt_TTL_info {
+ u_int8_t mode;
+ u_int8_t ttl;
+};
+#endif
diff --git a/include/linux/netfilter_ipv4/ipt_ULOG.h b/include/linux/netfilter_ipv4/ipt_ULOG.h
new file mode 100644
index 0000000..10d7b0c
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_ULOG.h
@@ -0,0 +1,42 @@
+/* Header file for IP tables userspace logging, Version 1.6
+ *
+ * (C) 2000 by Harald Welte <laforge@gnumonks.org>
+ *
+ * Distributed under the terms of GNU GPL */
+
+#ifndef _IPT_ULOG_H
+#define _IPT_ULOG_H
+
+#define ULOG_MAC_LEN 80
+#define ULOG_PREFIX_LEN 32
+
+#define ULOG_MAX_QLEN 50
+/* Why 50? Well... there is a limit imposed by the slab cache 131000
+ * bytes. So the multipart netlink-message has to be < 131000 bytes.
+ * Assuming a standard ethernet-mtu of 1500, we could define this up
+ * to 80... but even 50 seems to be big enough. */
+
+/* private data structure for each rule with a ULOG target */
+struct ipt_ulog_info {
+ unsigned int nl_group;
+ size_t copy_range;
+ size_t qthreshold;
+ char prefix[ULOG_PREFIX_LEN];
+};
+
+/* Format of the ULOG packets passed through netlink */
+typedef struct ulog_packet_msg {
+ unsigned long mark;
+ long timestamp_sec;
+ long timestamp_usec;
+ unsigned int hook;
+ char indev_name[IFNAMSIZ];
+ char outdev_name[IFNAMSIZ];
+ size_t data_len;
+ char prefix[ULOG_PREFIX_LEN];
+ unsigned char mac_len;
+ unsigned char mac[ULOG_MAC_LEN];
+ unsigned char payload[0];
+} ulog_packet_msg_t;
+
+#endif /*_IPT_ULOG_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_ah.h b/include/linux/netfilter_ipv4/ipt_ah.h
new file mode 100644
index 0000000..7b9a2ac
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_ah.h
@@ -0,0 +1,16 @@
+#ifndef _IPT_AH_H
+#define _IPT_AH_H
+
+struct ipt_ah
+{
+ u_int32_t spis[2]; /* Security Parameter Index */
+ u_int8_t invflags; /* Inverse flags */
+};
+
+
+
+/* Values for "invflags" field in struct ipt_ah. */
+#define IPT_AH_INV_SPI 0x01 /* Invert the sense of spi. */
+#define IPT_AH_INV_MASK 0x01 /* All possible flags. */
+
+#endif /*_IPT_AH_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_connlimit.h b/include/linux/netfilter_ipv4/ipt_connlimit.h
new file mode 100644
index 0000000..6282194
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_connlimit.h
@@ -0,0 +1,12 @@
+#ifndef _IPT_IPLIMIT_H
+#define _IPT_IPLIMIT_H
+
+struct ipt_iplimit_data;
+
+struct ipt_iplimit_info {
+ int limit;
+ int inverse;
+ u_int32_t mask;
+ struct ipt_iplimit_data *data;
+};
+#endif /* _IPT_IPLIMIT_H */
diff --git a/include/linux/netfilter_ipv4/ipt_esp.h b/include/linux/netfilter_ipv4/ipt_esp.h
new file mode 100644
index 0000000..c782a83
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_esp.h
@@ -0,0 +1,16 @@
+#ifndef _IPT_ESP_H
+#define _IPT_ESP_H
+
+struct ipt_esp
+{
+ u_int32_t spis[2]; /* Security Parameter Index */
+ u_int8_t invflags; /* Inverse flags */
+};
+
+
+
+/* Values for "invflags" field in struct ipt_esp. */
+#define IPT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */
+#define IPT_ESP_INV_MASK 0x01 /* All possible flags. */
+
+#endif /*_IPT_ESP_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_tcpmss.h b/include/linux/netfilter_ipv4/ipt_tcpmss.h
new file mode 100644
index 0000000..e2b1439
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_tcpmss.h
@@ -0,0 +1,9 @@
+#ifndef _IPT_TCPMSS_MATCH_H
+#define _IPT_TCPMSS_MATCH_H
+
+struct ipt_tcpmss_match_info {
+ u_int16_t mss_min, mss_max;
+ u_int8_t invert;
+};
+
+#endif /*_IPT_TCPMSS_MATCH_H*/
diff --git a/include/linux/netfilter_ipv4/ipt_ttl.h b/include/linux/netfilter_ipv4/ipt_ttl.h
new file mode 100644
index 0000000..ee24fd8
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_ttl.h
@@ -0,0 +1,21 @@
+/* IP tables module for matching the value of the TTL
+ * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
+
+#ifndef _IPT_TTL_H
+#define _IPT_TTL_H
+
+enum {
+ IPT_TTL_EQ = 0, /* equals */
+ IPT_TTL_NE, /* not equals */
+ IPT_TTL_LT, /* less than */
+ IPT_TTL_GT, /* greater than */
+};
+
+
+struct ipt_ttl_info {
+ u_int8_t mode;
+ u_int8_t ttl;
+};
+
+
+#endif