From 8d54302d7e54e605577d1f7b66aa151cac9c12aa Mon Sep 17 00:00:00 2001 From: laforge Date: Mon, 18 Mar 2002 12:46:23 +0000 Subject: make libipt_conntrack compile by default --- extensions/.conntrack-test | 3 --- extensions/Makefile | 2 +- include/linux/netfilter_ipv4/ipt_conntrack.h | 39 ++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 4 deletions(-) delete mode 100755 extensions/.conntrack-test create mode 100644 include/linux/netfilter_ipv4/ipt_conntrack.h diff --git a/extensions/.conntrack-test b/extensions/.conntrack-test deleted file mode 100755 index efef96d..0000000 --- a/extensions/.conntrack-test +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -# True if conntrack match patch is applied. -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_conntrack.h ] && echo conntrack diff --git a/extensions/Makefile b/extensions/Makefile index a1366a5..b25fbc5 100644 --- a/extensions/Makefile +++ b/extensions/Makefile @@ -1,6 +1,6 @@ #! /usr/bin/make -PF_EXT_SLIB:=ah dscp esp icmp length limit mac mark multiport owner pkttype standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TCPMSS TOS ULOG +PF_EXT_SLIB:=ah conntrack dscp esp icmp length limit mac mark multiport owner pkttype standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TCPMSS TOS ULOG PF6_EXT_SLIB:=icmpv6 length limit mac mark multiport owner standard tcp udp LOG MARK # The following may not be present, but compile them anyway. diff --git a/include/linux/netfilter_ipv4/ipt_conntrack.h b/include/linux/netfilter_ipv4/ipt_conntrack.h new file mode 100644 index 0000000..eb97456 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_conntrack.h @@ -0,0 +1,39 @@ +/* Header file for kernel module to match connection tracking information. + * GPL (C) 2001 Marc Boucher (marc@mbsi.ca). + */ + +#ifndef _IPT_CONNTRACK_H +#define _IPT_CONNTRACK_H + +#define IPT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1)) +#define IPT_CONNTRACK_STATE_INVALID (1 << 0) + +#define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) +#define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) + +/* flags, invflags: */ +#define IPT_CONNTRACK_STATE 0x01 +#define IPT_CONNTRACK_PROTO 0x02 +#define IPT_CONNTRACK_ORIGSRC 0x04 +#define IPT_CONNTRACK_ORIGDST 0x08 +#define IPT_CONNTRACK_REPLSRC 0x10 +#define IPT_CONNTRACK_REPLDST 0x20 +#define IPT_CONNTRACK_STATUS 0x40 +#define IPT_CONNTRACK_EXPIRES 0x80 + +struct ipt_conntrack_info +{ + unsigned int statemask, statusmask; + + struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX]; + struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; + + unsigned long expires_min, expires_max; + + /* Flags word */ + u_int8_t flags; + /* Inverse flags */ + u_int8_t invflags; +}; +#endif /*_IPT_CONNTRACK_H*/ + -- cgit v1.2.3