diff options
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/Makefile | 4 | ||||
| -rw-r--r-- | extensions/libip6t_TRACE.c | 63 | ||||
| -rw-r--r-- | extensions/libip6t_TRACE.man | 10 | ||||
| -rw-r--r-- | extensions/libipt_TRACE.c | 63 | ||||
| -rw-r--r-- | extensions/libipt_TRACE.man | 10 |
5 files changed, 148 insertions, 2 deletions
diff --git a/extensions/Makefile b/extensions/Makefile index 64ca7a8d..8f08a07f 100644 --- a/extensions/Makefile +++ b/extensions/Makefile @@ -5,8 +5,8 @@ # header files are present in the include/linux directory of this iptables # package (HW) # -PF_EXT_SLIB:=ah addrtype comment connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TCPMSS TOS TTL ULOG -PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TCPMSS +PF_EXT_SLIB:=ah addrtype comment connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TCPMSS TOS TTL TRACE ULOG +PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TCPMSS TRACE ifeq ($(DO_SELINUX), 1) PF_EXT_SE_SLIB:=SECMARK CONNSECMARK diff --git a/extensions/libip6t_TRACE.c b/extensions/libip6t_TRACE.c new file mode 100644 index 00000000..2fc786fb --- /dev/null +++ b/extensions/libip6t_TRACE.c @@ -0,0 +1,63 @@ +/* Shared library add-on to ip6tables to add TRACE target support. */ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <getopt.h> + +#include <ip6tables.h> +#include <linux/netfilter_ipv6/ip6_tables.h> + +/* Function which prints out usage message. */ +static void +help(void) +{ + printf( +"TRACE target v%s takes no options\n", +IPTABLES_VERSION); +} + +static struct option opts[] = { + { 0 } +}; + +/* Initialize the target. */ +static void +init(struct ip6t_entry_target *t, unsigned int *nfcache) +{ +} + +/* Function which parses command options; returns true if it + ate an option */ +static int +parse(int c, char **argv, int invert, unsigned int *flags, + const struct ip6t_entry *entry, + struct ip6t_entry_target **target) +{ + return 0; +} + +static void +final_check(unsigned int flags) +{ +} + +static +struct ip6tables_target trace += { .next = NULL, + .name = "TRACE", + .version = IPTABLES_VERSION, + .size = IP6T_ALIGN(0), + .userspacesize = IP6T_ALIGN(0), + .help = &help, + .init = &init, + .parse = &parse, + .final_check = &final_check, + .print = NULL, /* print */ + .save = NULL, /* save */ + .extra_opts = opts +}; + +void _init(void) +{ + register_target6(&trace); +} diff --git a/extensions/libip6t_TRACE.man b/extensions/libip6t_TRACE.man new file mode 100644 index 00000000..ca3895a3 --- /dev/null +++ b/extensions/libip6t_TRACE.man @@ -0,0 +1,10 @@ +This target marks packes so that the kernel will log every rule which match +the packets as those traverse the tables, chains, rules. (The ip6t_LOG module +is required for the logging.) The packets are logged with the string prefix: +"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for +plain rule, "return" for implicit rule at the end of a user defined chain +and "policy" for the policy of the built in chains. +.br +It can only be used in the +.BR raw +table. diff --git a/extensions/libipt_TRACE.c b/extensions/libipt_TRACE.c new file mode 100644 index 00000000..f2a5d328 --- /dev/null +++ b/extensions/libipt_TRACE.c @@ -0,0 +1,63 @@ +/* Shared library add-on to iptables to add TRACE target support. */ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <getopt.h> + +#include <iptables.h> +#include <linux/netfilter_ipv4/ip_tables.h> + +/* Function which prints out usage message. */ +static void +help(void) +{ + printf( +"TRACE target v%s takes no options\n", +IPTABLES_VERSION); +} + +static struct option opts[] = { + { 0 } +}; + +/* Initialize the target. */ +static void +init(struct ipt_entry_target *t, unsigned int *nfcache) +{ +} + +/* Function which parses command options; returns true if it + ate an option */ +static int +parse(int c, char **argv, int invert, unsigned int *flags, + const struct ipt_entry *entry, + struct ipt_entry_target **target) +{ + return 0; +} + +static void +final_check(unsigned int flags) +{ +} + +static +struct iptables_target trace += { .next = NULL, + .name = "TRACE", + .version = IPTABLES_VERSION, + .size = IPT_ALIGN(0), + .userspacesize = IPT_ALIGN(0), + .help = &help, + .init = &init, + .parse = &parse, + .final_check = &final_check, + .print = NULL, /* print */ + .save = NULL, /* save */ + .extra_opts = opts +}; + +void _init(void) +{ + register_target(&trace); +} diff --git a/extensions/libipt_TRACE.man b/extensions/libipt_TRACE.man new file mode 100644 index 00000000..7fbe8e7c --- /dev/null +++ b/extensions/libipt_TRACE.man @@ -0,0 +1,10 @@ +This target marks packes so that the kernel will log every rule which match +the packets as those traverse the tables, chains, rules. (The ipt_LOG module +is required for the logging.) The packets are logged with the string prefix: +"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for +plain rule, "return" for implicit rule at the end of a user defined chain +and "policy" for the policy of the built in chains. +.br +It can only be used in the +.BR raw +table. |