diff options
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libxt_CONNMARK.c | 6 | ||||
-rw-r--r-- | extensions/libxt_MARK.c | 17 | ||||
-rw-r--r-- | extensions/libxt_TOS.c | 5 | ||||
-rw-r--r-- | extensions/libxt_connmark.c | 5 | ||||
-rw-r--r-- | extensions/libxt_conntrack.c | 33 | ||||
-rw-r--r-- | extensions/libxt_iprange.c | 14 | ||||
-rw-r--r-- | extensions/libxt_mark.c | 5 | ||||
-rw-r--r-- | extensions/libxt_owner.c | 34 | ||||
-rw-r--r-- | extensions/libxt_tos.c | 6 | ||||
-rw-r--r-- | extensions/tos_values.c | 4 |
10 files changed, 124 insertions, 5 deletions
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c index 1951e672..6aba5f3c 100644 --- a/extensions/libxt_CONNMARK.c +++ b/extensions/libxt_CONNMARK.c @@ -28,6 +28,12 @@ #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_CONNMARK.h> +struct xt_connmark_target_info { + unsigned long mark; + unsigned long mask; + u_int8_t mode; +}; + enum { F_MARK = 1 << 0, F_SR_MARK = 1 << 1, diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c index 9aeaefca..dbfc7c0c 100644 --- a/extensions/libxt_MARK.c +++ b/extensions/libxt_MARK.c @@ -9,6 +9,23 @@ #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_MARK.h> +/* Version 0 */ +struct xt_mark_target_info { + unsigned long mark; +}; + +/* Version 1 */ +enum { + XT_MARK_SET=0, + XT_MARK_AND, + XT_MARK_OR, +}; + +struct xt_mark_target_info_v1 { + unsigned long mark; + u_int8_t mode; +}; + enum { F_MARK = 1 << 0, }; diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c index bf751a4e..dc60cc08 100644 --- a/extensions/libxt_TOS.c +++ b/extensions/libxt_TOS.c @@ -12,9 +12,12 @@ #include <xtables.h> #include <linux/netfilter/xt_DSCP.h> -#include <linux/netfilter_ipv4/ipt_TOS.h> #include "tos_values.c" +struct ipt_tos_target_info { + u_int8_t tos; +}; + enum { FLAG_TOS = 1 << 0, }; diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c index bbe3596f..38aa5630 100644 --- a/extensions/libxt_connmark.c +++ b/extensions/libxt_connmark.c @@ -28,6 +28,11 @@ #include <xtables.h> #include <linux/netfilter/xt_connmark.h> +struct xt_connmark_info { + unsigned long mark, mask; + u_int8_t invert; +}; + enum { F_MARK = 1 << 0, }; diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c index 5ca734d2..e8225e6d 100644 --- a/extensions/libxt_conntrack.c +++ b/extensions/libxt_conntrack.c @@ -22,6 +22,39 @@ #include <linux/netfilter/nf_conntrack_common.h> #include <arpa/inet.h> +struct ip_conntrack_old_tuple { + struct { + __be32 ip; + union { + __u16 all; + } u; + } src; + + struct { + __be32 ip; + union { + __u16 all; + } u; + + /* The protocol. */ + __u16 protonum; + } dst; +}; + +struct xt_conntrack_info { + unsigned int statemask, statusmask; + + struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; + struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; + + unsigned long expires_min, expires_max; + + /* Flags word */ + u_int8_t flags; + /* Inverse flags */ + u_int8_t invflags; +}; + static void conntrack_mt_help(void) { printf( diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c index 2cf7a17a..b28a635a 100644 --- a/extensions/libxt_iprange.c +++ b/extensions/libxt_iprange.c @@ -9,7 +9,19 @@ #include <xtables.h> #include <linux/netfilter.h> #include <linux/netfilter/xt_iprange.h> -#include <linux/netfilter_ipv4/ipt_iprange.h> + +struct ipt_iprange { + /* Inclusive: network order. */ + __be32 min_ip, max_ip; +}; + +struct ipt_iprange_info { + struct ipt_iprange src; + struct ipt_iprange dst; + + /* Flags from above */ + u_int8_t flags; +}; enum { F_SRCIP = 1 << 0, diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c index 691cd04d..8013c9a1 100644 --- a/extensions/libxt_mark.c +++ b/extensions/libxt_mark.c @@ -9,6 +9,11 @@ #include <xtables.h> #include <linux/netfilter/xt_mark.h> +struct xt_mark_info { + unsigned long mark, mask; + u_int8_t invert; +}; + enum { F_MARK = 1 << 0, }; diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c index 25441384..b595d972 100644 --- a/extensions/libxt_owner.c +++ b/extensions/libxt_owner.c @@ -16,8 +16,38 @@ #include <xtables.h> #include <linux/netfilter/xt_owner.h> -#include <linux/netfilter_ipv4/ipt_owner.h> -#include <linux/netfilter_ipv6/ip6t_owner.h> + +/* match and invert flags */ +enum { + IPT_OWNER_UID = 0x01, + IPT_OWNER_GID = 0x02, + IPT_OWNER_PID = 0x04, + IPT_OWNER_SID = 0x08, + IPT_OWNER_COMM = 0x10, + IP6T_OWNER_UID = IPT_OWNER_UID, + IP6T_OWNER_GID = IPT_OWNER_GID, + IP6T_OWNER_PID = IPT_OWNER_PID, + IP6T_OWNER_SID = IPT_OWNER_SID, + IP6T_OWNER_COMM = IPT_OWNER_COMM, +}; + +struct ipt_owner_info { + uid_t uid; + gid_t gid; + pid_t pid; + pid_t sid; + char comm[16]; + u_int8_t match, invert; /* flags */ +}; + +struct ip6t_owner_info { + uid_t uid; + gid_t gid; + pid_t pid; + pid_t sid; + char comm[16]; + u_int8_t match, invert; /* flags */ +}; /* * Note: "UINT32_MAX - 1" is used in the code because -1 is a reserved diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c index 0a81f461..6b8cd89f 100644 --- a/extensions/libxt_tos.c +++ b/extensions/libxt_tos.c @@ -13,9 +13,13 @@ #include <xtables.h> #include <linux/netfilter/xt_dscp.h> -#include <linux/netfilter_ipv4/ipt_tos.h> #include "tos_values.c" +struct ipt_tos_info { + u_int8_t tos; + u_int8_t invert; +}; + enum { FLAG_TOS = 1 << 0, }; diff --git a/extensions/tos_values.c b/extensions/tos_values.c index 2676d81e..e8f1563c 100644 --- a/extensions/tos_values.c +++ b/extensions/tos_values.c @@ -3,6 +3,10 @@ #include <stdio.h> #include <linux/ip.h> +#ifndef IPTOS_NORMALSVC +# define IPTOS_NORMALSVC 0 +#endif + struct tos_value_mask { uint8_t value, mask; }; |