summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2003-10-07 18:55:13 +0000
committerHarald Welte <laforge@gnumonks.org>2003-10-07 18:55:13 +0000
commit4dc734c73cc4a0ff87c0ce3673544628b58c7e24 (patch)
treed3bc1c09a798cd6bc205ac7dd77e83d9590b3e66 /extensions
parent7fb4d1f3143eb1235aacc424b29e296948a78034 (diff)
add support for the raw table to userspace
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libipt_conntrack.c12
-rw-r--r--extensions/libipt_state.c12
2 files changed, 22 insertions, 2 deletions
diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c
index ccb78ea1..63b38e98 100644
--- a/extensions/libipt_conntrack.c
+++ b/extensions/libipt_conntrack.c
@@ -13,13 +13,17 @@
#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
#include <linux/netfilter_ipv4/ipt_conntrack.h>
+#ifndef IPT_CONNTRACK_STATE_UNTRACKED
+#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
+#endif
+
/* Function which prints out usage message. */
static void
help(void)
{
printf(
"conntrack match v%s options:\n"
-" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|SNAT|DNAT][,...]\n"
+" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED|SNAT|DNAT][,...]\n"
" State(s) to match\n"
" [!] --ctproto proto Protocol to match; by number or name, eg. `tcp'\n"
" --ctorigsrc [!] address[/mask]\n"
@@ -70,6 +74,8 @@ parse_state(const char *state, size_t strlen, struct ipt_conntrack_info *sinfo)
sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED);
else if (strncasecmp(state, "RELATED", strlen) == 0)
sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_RELATED);
+ else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
+ sinfo->statemask |= IPT_CONNTRACK_STATE_UNTRACKED;
else if (strncasecmp(state, "SNAT", strlen) == 0)
sinfo->statemask |= IPT_CONNTRACK_STATE_SNAT;
else if (strncasecmp(state, "DNAT", strlen) == 0)
@@ -349,6 +355,10 @@ print_state(unsigned int statemask)
printf("%sESTABLISHED", sep);
sep = ",";
}
+ if (statemask & IPT_CONNTRACK_STATE_UNTRACKED) {
+ printf("%sUNTRACKED", sep);
+ sep = ",";
+ }
if (statemask & IPT_CONNTRACK_STATE_SNAT) {
printf("%sSNAT", sep);
sep = ",";
diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c
index ac3c0ba3..3662d949 100644
--- a/extensions/libipt_state.c
+++ b/extensions/libipt_state.c
@@ -8,13 +8,17 @@
#include <linux/netfilter_ipv4/ip_conntrack.h>
#include <linux/netfilter_ipv4/ipt_state.h>
+#ifndef IPT_STATE_UNTRACKED
+#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
+#endif
+
/* Function which prints out usage message. */
static void
help(void)
{
printf(
"state v%s options:\n"
-" [!] --state [INVALID|ESTABLISHED|NEW|RELATED][,...]\n"
+" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n"
" State(s) to match\n"
"\n", IPTABLES_VERSION);
}
@@ -43,6 +47,8 @@ parse_state(const char *state, size_t strlen, struct ipt_state_info *sinfo)
sinfo->statemask |= IPT_STATE_BIT(IP_CT_ESTABLISHED);
else if (strncasecmp(state, "RELATED", strlen) == 0)
sinfo->statemask |= IPT_STATE_BIT(IP_CT_RELATED);
+ else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
+ sinfo->statemask |= IPT_STATE_UNTRACKED;
else
return 0;
return 1;
@@ -117,6 +123,10 @@ static void print_state(unsigned int statemask)
printf("%sESTABLISHED", sep);
sep = ",";
}
+ if (statemask & IPT_STATE_UNTRACKED) {
+ printf("%sUNTRACKED", sep);
+ sep = ",";
+ }
printf(" ");
}