diff options
-rwxr-xr-x | extensions/.LOG-test6 | 2 | ||||
-rwxr-xr-x | extensions/.length-test | 3 | ||||
-rwxr-xr-x | extensions/.length-test6 | 3 | ||||
-rwxr-xr-x | extensions/.owner-test6 | 2 | ||||
-rw-r--r-- | extensions/Makefile | 6 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_length.h | 9 | ||||
-rw-r--r-- | include/linux/netfilter_ipv6/ip6t_length.h | 10 | ||||
-rw-r--r-- | include/linux/netfilter_ipv6/ip6t_owner.h | 18 |
8 files changed, 40 insertions, 13 deletions
diff --git a/extensions/.LOG-test6 b/extensions/.LOG-test6 deleted file mode 100755 index 0dcbdf33..00000000 --- a/extensions/.LOG-test6 +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_LOG.c ] && echo LOG diff --git a/extensions/.length-test b/extensions/.length-test deleted file mode 100755 index 52fd62ff..00000000 --- a/extensions/.length-test +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -# True if length match patch is applied. -[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_length.h ] && echo length diff --git a/extensions/.length-test6 b/extensions/.length-test6 deleted file mode 100755 index 1d58971e..00000000 --- a/extensions/.length-test6 +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -# True if length match patch is applied. -[ -f $KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_length.h ] && echo length diff --git a/extensions/.owner-test6 b/extensions/.owner-test6 deleted file mode 100755 index 9d46e2b7..00000000 --- a/extensions/.owner-test6 +++ /dev/null @@ -1,2 +0,0 @@ -#! /bin/sh -[ -f $KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_owner.h ] && echo owner limit mac multiport diff --git a/extensions/Makefile b/extensions/Makefile index e420aeb7..dc03f53c 100644 --- a/extensions/Makefile +++ b/extensions/Makefile @@ -1,10 +1,10 @@ #! /usr/bin/make -PF_EXT_SLIB:=tcp udp icmp mac limit standard REJECT LOG unclean state multiport tos TOS mark MARK owner SNAT DNAT MASQUERADE REDIRECT MIRROR SAME -PF6_EXT_SLIB:=tcp udp icmpv6 standard MARK mark +PF_EXT_SLIB:=ah esp icmp limit mac mark multiport owner standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TCPMSS TOS ULOG +PF6_EXT_SLIB:=icmpv6 mark tcp udp standard MARK # The following may not be present, but compile them anyway. -PF_EXT_SLIB+=FTOS TCPMSS TTL ULOG ah esp iplimit tcpmss ttl +PF_EXT_SLIB+=TTL iplimit # Optionals PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T))) diff --git a/include/linux/netfilter_ipv4/ipt_length.h b/include/linux/netfilter_ipv4/ipt_length.h new file mode 100644 index 00000000..6e088522 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_length.h @@ -0,0 +1,9 @@ +#ifndef _IPT_LENGTH_H +#define _IPT_LENGTH_H + +struct ipt_length_info { + u_int16_t min, max; + u_int8_t invert; +}; + +#endif /*_IPT_LENGTH_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_length.h b/include/linux/netfilter_ipv6/ip6t_length.h new file mode 100644 index 00000000..7fc09f9f --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_length.h @@ -0,0 +1,10 @@ +#ifndef _IP6T_LENGTH_H +#define _IP6T_LENGTH_H + +struct ip6t_length_info { + u_int16_t min, max; + u_int8_t invert; +}; + +#endif /*_IP6T_LENGTH_H*/ + diff --git a/include/linux/netfilter_ipv6/ip6t_owner.h b/include/linux/netfilter_ipv6/ip6t_owner.h new file mode 100644 index 00000000..19937da3 --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_owner.h @@ -0,0 +1,18 @@ +#ifndef _IP6T_OWNER_H +#define _IP6T_OWNER_H + +/* match and invert flags */ +#define IP6T_OWNER_UID 0x01 +#define IP6T_OWNER_GID 0x02 +#define IP6T_OWNER_PID 0x04 +#define IP6T_OWNER_SID 0x08 + +struct ip6t_owner_info { + uid_t uid; + gid_t gid; + pid_t pid; + pid_t sid; + u_int8_t match, invert; /* flags */ +}; + +#endif /*_IPT_OWNER_H*/ |