summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2010-01-31 22:42:52 +0100
committerJan Engelhardt <jengelh@medozas.de>2010-02-01 01:17:29 +0100
commit350661a6eb089f3e54e67e022db9e16ea280499f (patch)
treee6857b58f535bab42e2381f7fbb027f4cc9aa63a /extensions
parent028ad9ec6d5c27c107c9a7a316617cbe366abb0f (diff)
includes: header updates
Update the shipped Linux kernel headers from 2.6.33-rc6, as iptables's ipt_ECN.h for example references ipt_DSCP.h, which no longer exists. Since a number of old code pieces have been removed in the kernel in that fashion, the structs for older versions are moved into the .c file, to keep header updating simple. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libxt_CONNMARK.c6
-rw-r--r--extensions/libxt_MARK.c17
-rw-r--r--extensions/libxt_TOS.c5
-rw-r--r--extensions/libxt_connmark.c5
-rw-r--r--extensions/libxt_conntrack.c33
-rw-r--r--extensions/libxt_iprange.c14
-rw-r--r--extensions/libxt_mark.c5
-rw-r--r--extensions/libxt_owner.c34
-rw-r--r--extensions/libxt_tos.c6
-rw-r--r--extensions/tos_values.c4
10 files changed, 124 insertions, 5 deletions
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 1951e672..6aba5f3c 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -28,6 +28,12 @@
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_CONNMARK.h>
+struct xt_connmark_target_info {
+ unsigned long mark;
+ unsigned long mask;
+ u_int8_t mode;
+};
+
enum {
F_MARK = 1 << 0,
F_SR_MARK = 1 << 1,
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index 9aeaefca..dbfc7c0c 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -9,6 +9,23 @@
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_MARK.h>
+/* Version 0 */
+struct xt_mark_target_info {
+ unsigned long mark;
+};
+
+/* Version 1 */
+enum {
+ XT_MARK_SET=0,
+ XT_MARK_AND,
+ XT_MARK_OR,
+};
+
+struct xt_mark_target_info_v1 {
+ unsigned long mark;
+ u_int8_t mode;
+};
+
enum {
F_MARK = 1 << 0,
};
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index bf751a4e..dc60cc08 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -12,9 +12,12 @@
#include <xtables.h>
#include <linux/netfilter/xt_DSCP.h>
-#include <linux/netfilter_ipv4/ipt_TOS.h>
#include "tos_values.c"
+struct ipt_tos_target_info {
+ u_int8_t tos;
+};
+
enum {
FLAG_TOS = 1 << 0,
};
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index bbe3596f..38aa5630 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -28,6 +28,11 @@
#include <xtables.h>
#include <linux/netfilter/xt_connmark.h>
+struct xt_connmark_info {
+ unsigned long mark, mask;
+ u_int8_t invert;
+};
+
enum {
F_MARK = 1 << 0,
};
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 5ca734d2..e8225e6d 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -22,6 +22,39 @@
#include <linux/netfilter/nf_conntrack_common.h>
#include <arpa/inet.h>
+struct ip_conntrack_old_tuple {
+ struct {
+ __be32 ip;
+ union {
+ __u16 all;
+ } u;
+ } src;
+
+ struct {
+ __be32 ip;
+ union {
+ __u16 all;
+ } u;
+
+ /* The protocol. */
+ __u16 protonum;
+ } dst;
+};
+
+struct xt_conntrack_info {
+ unsigned int statemask, statusmask;
+
+ struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
+ struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
+
+ unsigned long expires_min, expires_max;
+
+ /* Flags word */
+ u_int8_t flags;
+ /* Inverse flags */
+ u_int8_t invflags;
+};
+
static void conntrack_mt_help(void)
{
printf(
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 2cf7a17a..b28a635a 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -9,7 +9,19 @@
#include <xtables.h>
#include <linux/netfilter.h>
#include <linux/netfilter/xt_iprange.h>
-#include <linux/netfilter_ipv4/ipt_iprange.h>
+
+struct ipt_iprange {
+ /* Inclusive: network order. */
+ __be32 min_ip, max_ip;
+};
+
+struct ipt_iprange_info {
+ struct ipt_iprange src;
+ struct ipt_iprange dst;
+
+ /* Flags from above */
+ u_int8_t flags;
+};
enum {
F_SRCIP = 1 << 0,
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c
index 691cd04d..8013c9a1 100644
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -9,6 +9,11 @@
#include <xtables.h>
#include <linux/netfilter/xt_mark.h>
+struct xt_mark_info {
+ unsigned long mark, mask;
+ u_int8_t invert;
+};
+
enum {
F_MARK = 1 << 0,
};
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index 25441384..b595d972 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -16,8 +16,38 @@
#include <xtables.h>
#include <linux/netfilter/xt_owner.h>
-#include <linux/netfilter_ipv4/ipt_owner.h>
-#include <linux/netfilter_ipv6/ip6t_owner.h>
+
+/* match and invert flags */
+enum {
+ IPT_OWNER_UID = 0x01,
+ IPT_OWNER_GID = 0x02,
+ IPT_OWNER_PID = 0x04,
+ IPT_OWNER_SID = 0x08,
+ IPT_OWNER_COMM = 0x10,
+ IP6T_OWNER_UID = IPT_OWNER_UID,
+ IP6T_OWNER_GID = IPT_OWNER_GID,
+ IP6T_OWNER_PID = IPT_OWNER_PID,
+ IP6T_OWNER_SID = IPT_OWNER_SID,
+ IP6T_OWNER_COMM = IPT_OWNER_COMM,
+};
+
+struct ipt_owner_info {
+ uid_t uid;
+ gid_t gid;
+ pid_t pid;
+ pid_t sid;
+ char comm[16];
+ u_int8_t match, invert; /* flags */
+};
+
+struct ip6t_owner_info {
+ uid_t uid;
+ gid_t gid;
+ pid_t pid;
+ pid_t sid;
+ char comm[16];
+ u_int8_t match, invert; /* flags */
+};
/*
* Note: "UINT32_MAX - 1" is used in the code because -1 is a reserved
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index 0a81f461..6b8cd89f 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -13,9 +13,13 @@
#include <xtables.h>
#include <linux/netfilter/xt_dscp.h>
-#include <linux/netfilter_ipv4/ipt_tos.h>
#include "tos_values.c"
+struct ipt_tos_info {
+ u_int8_t tos;
+ u_int8_t invert;
+};
+
enum {
FLAG_TOS = 1 << 0,
};
diff --git a/extensions/tos_values.c b/extensions/tos_values.c
index 2676d81e..e8f1563c 100644
--- a/extensions/tos_values.c
+++ b/extensions/tos_values.c
@@ -3,6 +3,10 @@
#include <stdio.h>
#include <linux/ip.h>
+#ifndef IPTOS_NORMALSVC
+# define IPTOS_NORMALSVC 0
+#endif
+
struct tos_value_mask {
uint8_t value, mask;
};