diff options
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libxt_ecn.c (renamed from extensions/libipt_ecn.c) | 61 | ||||
-rw-r--r-- | extensions/libxt_ecn.man (renamed from extensions/libipt_ecn.man) | 4 |
2 files changed, 33 insertions, 32 deletions
diff --git a/extensions/libipt_ecn.c b/extensions/libxt_ecn.c index 56a0347e..286782a3 100644 --- a/extensions/libipt_ecn.c +++ b/extensions/libxt_ecn.c @@ -1,6 +1,7 @@ /* Shared library add-on to iptables for ECN matching * - * (C) 2002 by Harald Welte <laforge@gnumonks.org> + * (C) 2002 by Harald Welte <laforge@netfilter.org> + * (C) 2011 by Patrick McHardy <kaber@trash.net> * * This program is distributed under the terms of GNU GPL v2, 1991 * @@ -9,7 +10,7 @@ */ #include <stdio.h> #include <xtables.h> -#include <linux/netfilter_ipv4/ipt_ecn.h> +#include <linux/netfilter/xt_ecn.h> enum { O_ECN_TCP_CWR = 0, @@ -23,7 +24,7 @@ static void ecn_help(void) "ECN match options\n" "[!] --ecn-tcp-cwr Match CWR bit of TCP header\n" "[!] --ecn-tcp-ece Match ECE bit of TCP header\n" -"[!] --ecn-ip-ect [0..3] Match ECN codepoint in IPv4 header\n"); +"[!] --ecn-ip-ect [0..3] Match ECN codepoint in IPv4/IPv6 header\n"); } static const struct xt_option_entry ecn_opts[] = { @@ -38,24 +39,24 @@ static const struct xt_option_entry ecn_opts[] = { static void ecn_parse(struct xt_option_call *cb) { - struct ipt_ecn_info *einfo = cb->data; + struct xt_ecn_info *einfo = cb->data; xtables_option_parse(cb); switch (cb->entry->id) { case O_ECN_TCP_CWR: - einfo->operation |= IPT_ECN_OP_MATCH_CWR; + einfo->operation |= XT_ECN_OP_MATCH_CWR; if (cb->invert) - einfo->invert |= IPT_ECN_OP_MATCH_CWR; + einfo->invert |= XT_ECN_OP_MATCH_CWR; break; case O_ECN_TCP_ECE: - einfo->operation |= IPT_ECN_OP_MATCH_ECE; + einfo->operation |= XT_ECN_OP_MATCH_ECE; if (cb->invert) - einfo->invert |= IPT_ECN_OP_MATCH_ECE; + einfo->invert |= XT_ECN_OP_MATCH_ECE; break; case O_ECN_IP_ECT: if (cb->invert) - einfo->invert |= IPT_ECN_OP_MATCH_IP; - einfo->operation |= IPT_ECN_OP_MATCH_IP; + einfo->invert |= XT_ECN_OP_MATCH_IP; + einfo->operation |= XT_ECN_OP_MATCH_IP; einfo->ip_ect = cb->val.u8; break; } @@ -71,47 +72,47 @@ static void ecn_check(struct xt_fcheck_call *cb) static void ecn_print(const void *ip, const struct xt_entry_match *match, int numeric) { - const struct ipt_ecn_info *einfo = - (const struct ipt_ecn_info *)match->data; + const struct xt_ecn_info *einfo = + (const struct xt_ecn_info *)match->data; printf(" ECN match"); - if (einfo->operation & IPT_ECN_OP_MATCH_ECE) { + if (einfo->operation & XT_ECN_OP_MATCH_ECE) { printf(" %sECE", - (einfo->invert & IPT_ECN_OP_MATCH_ECE) ? "!" : ""); + (einfo->invert & XT_ECN_OP_MATCH_ECE) ? "!" : ""); } - if (einfo->operation & IPT_ECN_OP_MATCH_CWR) { + if (einfo->operation & XT_ECN_OP_MATCH_CWR) { printf(" %sCWR", - (einfo->invert & IPT_ECN_OP_MATCH_CWR) ? "!" : ""); + (einfo->invert & XT_ECN_OP_MATCH_CWR) ? "!" : ""); } - if (einfo->operation & IPT_ECN_OP_MATCH_IP) { + if (einfo->operation & XT_ECN_OP_MATCH_IP) { printf(" %sECT=%d", - (einfo->invert & IPT_ECN_OP_MATCH_IP) ? "!" : "", + (einfo->invert & XT_ECN_OP_MATCH_IP) ? "!" : "", einfo->ip_ect); } } static void ecn_save(const void *ip, const struct xt_entry_match *match) { - const struct ipt_ecn_info *einfo = - (const struct ipt_ecn_info *)match->data; - - if (einfo->operation & IPT_ECN_OP_MATCH_ECE) { - if (einfo->invert & IPT_ECN_OP_MATCH_ECE) + const struct xt_ecn_info *einfo = + (const struct xt_ecn_info *)match->data; + + if (einfo->operation & XT_ECN_OP_MATCH_ECE) { + if (einfo->invert & XT_ECN_OP_MATCH_ECE) printf(" !"); printf(" --ecn-tcp-ece"); } - if (einfo->operation & IPT_ECN_OP_MATCH_CWR) { - if (einfo->invert & IPT_ECN_OP_MATCH_CWR) + if (einfo->operation & XT_ECN_OP_MATCH_CWR) { + if (einfo->invert & XT_ECN_OP_MATCH_CWR) printf(" !"); printf(" --ecn-tcp-cwr"); } - if (einfo->operation & IPT_ECN_OP_MATCH_IP) { - if (einfo->invert & IPT_ECN_OP_MATCH_IP) + if (einfo->operation & XT_ECN_OP_MATCH_IP) { + if (einfo->invert & XT_ECN_OP_MATCH_IP) printf(" !"); printf(" --ecn-ip-ect %d", einfo->ip_ect); } @@ -120,9 +121,9 @@ static void ecn_save(const void *ip, const struct xt_entry_match *match) static struct xtables_match ecn_mt_reg = { .name = "ecn", .version = XTABLES_VERSION, - .family = NFPROTO_IPV4, - .size = XT_ALIGN(sizeof(struct ipt_ecn_info)), - .userspacesize = XT_ALIGN(sizeof(struct ipt_ecn_info)), + .family = NFPROTO_UNSPEC, + .size = XT_ALIGN(sizeof(struct xt_ecn_info)), + .userspacesize = XT_ALIGN(sizeof(struct xt_ecn_info)), .help = ecn_help, .print = ecn_print, .save = ecn_save, diff --git a/extensions/libipt_ecn.man b/extensions/libxt_ecn.man index 7f806477..31c0a3e8 100644 --- a/extensions/libipt_ecn.man +++ b/extensions/libxt_ecn.man @@ -1,4 +1,4 @@ -This allows you to match the ECN bits of the IPv4 and TCP header. ECN is the Explicit Congestion Notification mechanism as specified in RFC3168 +This allows you to match the ECN bits of the IPv4/IPv6 and TCP header. ECN is the Explicit Congestion Notification mechanism as specified in RFC3168 .TP [\fB!\fP] \fB\-\-ecn\-tcp\-cwr\fP This matches if the TCP ECN CWR (Congestion Window Received) bit is set. @@ -7,5 +7,5 @@ This matches if the TCP ECN CWR (Congestion Window Received) bit is set. This matches if the TCP ECN ECE (ECN Echo) bit is set. .TP [\fB!\fP] \fB\-\-ecn\-ip\-ect\fP \fInum\fP -This matches a particular IPv4 ECT (ECN-Capable Transport). You have to specify +This matches a particular IPv4/IPv6 ECT (ECN-Capable Transport). You have to specify a number between `0' and `3'. |