summaryrefslogtreecommitdiffstats
path: root/extensions
diff options
context:
space:
mode:
Diffstat (limited to 'extensions')
-rw-r--r--extensions/libxt_CONNMARK.c6
-rw-r--r--extensions/libxt_MARK.c17
-rw-r--r--extensions/libxt_TOS.c5
-rw-r--r--extensions/libxt_connmark.c5
-rw-r--r--extensions/libxt_conntrack.c33
-rw-r--r--extensions/libxt_iprange.c14
-rw-r--r--extensions/libxt_mark.c5
-rw-r--r--extensions/libxt_owner.c34
-rw-r--r--extensions/libxt_tos.c6
-rw-r--r--extensions/tos_values.c4
10 files changed, 124 insertions, 5 deletions
diff --git a/extensions/libxt_CONNMARK.c b/extensions/libxt_CONNMARK.c
index 1951e672..6aba5f3c 100644
--- a/extensions/libxt_CONNMARK.c
+++ b/extensions/libxt_CONNMARK.c
@@ -28,6 +28,12 @@
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_CONNMARK.h>
+struct xt_connmark_target_info {
+ unsigned long mark;
+ unsigned long mask;
+ u_int8_t mode;
+};
+
enum {
F_MARK = 1 << 0,
F_SR_MARK = 1 << 1,
diff --git a/extensions/libxt_MARK.c b/extensions/libxt_MARK.c
index 9aeaefca..dbfc7c0c 100644
--- a/extensions/libxt_MARK.c
+++ b/extensions/libxt_MARK.c
@@ -9,6 +9,23 @@
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_MARK.h>
+/* Version 0 */
+struct xt_mark_target_info {
+ unsigned long mark;
+};
+
+/* Version 1 */
+enum {
+ XT_MARK_SET=0,
+ XT_MARK_AND,
+ XT_MARK_OR,
+};
+
+struct xt_mark_target_info_v1 {
+ unsigned long mark;
+ u_int8_t mode;
+};
+
enum {
F_MARK = 1 << 0,
};
diff --git a/extensions/libxt_TOS.c b/extensions/libxt_TOS.c
index bf751a4e..dc60cc08 100644
--- a/extensions/libxt_TOS.c
+++ b/extensions/libxt_TOS.c
@@ -12,9 +12,12 @@
#include <xtables.h>
#include <linux/netfilter/xt_DSCP.h>
-#include <linux/netfilter_ipv4/ipt_TOS.h>
#include "tos_values.c"
+struct ipt_tos_target_info {
+ u_int8_t tos;
+};
+
enum {
FLAG_TOS = 1 << 0,
};
diff --git a/extensions/libxt_connmark.c b/extensions/libxt_connmark.c
index bbe3596f..38aa5630 100644
--- a/extensions/libxt_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -28,6 +28,11 @@
#include <xtables.h>
#include <linux/netfilter/xt_connmark.h>
+struct xt_connmark_info {
+ unsigned long mark, mask;
+ u_int8_t invert;
+};
+
enum {
F_MARK = 1 << 0,
};
diff --git a/extensions/libxt_conntrack.c b/extensions/libxt_conntrack.c
index 5ca734d2..e8225e6d 100644
--- a/extensions/libxt_conntrack.c
+++ b/extensions/libxt_conntrack.c
@@ -22,6 +22,39 @@
#include <linux/netfilter/nf_conntrack_common.h>
#include <arpa/inet.h>
+struct ip_conntrack_old_tuple {
+ struct {
+ __be32 ip;
+ union {
+ __u16 all;
+ } u;
+ } src;
+
+ struct {
+ __be32 ip;
+ union {
+ __u16 all;
+ } u;
+
+ /* The protocol. */
+ __u16 protonum;
+ } dst;
+};
+
+struct xt_conntrack_info {
+ unsigned int statemask, statusmask;
+
+ struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
+ struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
+
+ unsigned long expires_min, expires_max;
+
+ /* Flags word */
+ u_int8_t flags;
+ /* Inverse flags */
+ u_int8_t invflags;
+};
+
static void conntrack_mt_help(void)
{
printf(
diff --git a/extensions/libxt_iprange.c b/extensions/libxt_iprange.c
index 2cf7a17a..b28a635a 100644
--- a/extensions/libxt_iprange.c
+++ b/extensions/libxt_iprange.c
@@ -9,7 +9,19 @@
#include <xtables.h>
#include <linux/netfilter.h>
#include <linux/netfilter/xt_iprange.h>
-#include <linux/netfilter_ipv4/ipt_iprange.h>
+
+struct ipt_iprange {
+ /* Inclusive: network order. */
+ __be32 min_ip, max_ip;
+};
+
+struct ipt_iprange_info {
+ struct ipt_iprange src;
+ struct ipt_iprange dst;
+
+ /* Flags from above */
+ u_int8_t flags;
+};
enum {
F_SRCIP = 1 << 0,
diff --git a/extensions/libxt_mark.c b/extensions/libxt_mark.c
index 691cd04d..8013c9a1 100644
--- a/extensions/libxt_mark.c
+++ b/extensions/libxt_mark.c
@@ -9,6 +9,11 @@
#include <xtables.h>
#include <linux/netfilter/xt_mark.h>
+struct xt_mark_info {
+ unsigned long mark, mask;
+ u_int8_t invert;
+};
+
enum {
F_MARK = 1 << 0,
};
diff --git a/extensions/libxt_owner.c b/extensions/libxt_owner.c
index 25441384..b595d972 100644
--- a/extensions/libxt_owner.c
+++ b/extensions/libxt_owner.c
@@ -16,8 +16,38 @@
#include <xtables.h>
#include <linux/netfilter/xt_owner.h>
-#include <linux/netfilter_ipv4/ipt_owner.h>
-#include <linux/netfilter_ipv6/ip6t_owner.h>
+
+/* match and invert flags */
+enum {
+ IPT_OWNER_UID = 0x01,
+ IPT_OWNER_GID = 0x02,
+ IPT_OWNER_PID = 0x04,
+ IPT_OWNER_SID = 0x08,
+ IPT_OWNER_COMM = 0x10,
+ IP6T_OWNER_UID = IPT_OWNER_UID,
+ IP6T_OWNER_GID = IPT_OWNER_GID,
+ IP6T_OWNER_PID = IPT_OWNER_PID,
+ IP6T_OWNER_SID = IPT_OWNER_SID,
+ IP6T_OWNER_COMM = IPT_OWNER_COMM,
+};
+
+struct ipt_owner_info {
+ uid_t uid;
+ gid_t gid;
+ pid_t pid;
+ pid_t sid;
+ char comm[16];
+ u_int8_t match, invert; /* flags */
+};
+
+struct ip6t_owner_info {
+ uid_t uid;
+ gid_t gid;
+ pid_t pid;
+ pid_t sid;
+ char comm[16];
+ u_int8_t match, invert; /* flags */
+};
/*
* Note: "UINT32_MAX - 1" is used in the code because -1 is a reserved
diff --git a/extensions/libxt_tos.c b/extensions/libxt_tos.c
index 0a81f461..6b8cd89f 100644
--- a/extensions/libxt_tos.c
+++ b/extensions/libxt_tos.c
@@ -13,9 +13,13 @@
#include <xtables.h>
#include <linux/netfilter/xt_dscp.h>
-#include <linux/netfilter_ipv4/ipt_tos.h>
#include "tos_values.c"
+struct ipt_tos_info {
+ u_int8_t tos;
+ u_int8_t invert;
+};
+
enum {
FLAG_TOS = 1 << 0,
};
diff --git a/extensions/tos_values.c b/extensions/tos_values.c
index 2676d81e..e8f1563c 100644
--- a/extensions/tos_values.c
+++ b/extensions/tos_values.c
@@ -3,6 +3,10 @@
#include <stdio.h>
#include <linux/ip.h>
+#ifndef IPTOS_NORMALSVC
+# define IPTOS_NORMALSVC 0
+#endif
+
struct tos_value_mask {
uint8_t value, mask;
};