From 02e88f2ae4eac6088e3f802909b77ec4b8317acd Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Tue, 31 Jan 2006 18:24:14 +0000
Subject: Prepare policy match for x_tables unification by making sure both
 ipt_policy and ip6t_policy use the same data structure.

---
 extensions/.policy-test                    |  3 --
 extensions/.policy-test6                   |  3 --
 extensions/Makefile                        |  4 +--
 extensions/libip6t_policy.c                |  8 ++---
 extensions/libipt_policy.c                 |  8 ++---
 include/linux/netfilter_ipv4/ipt_policy.h  | 58 ++++++++++++++++++++++++++++++
 include/linux/netfilter_ipv6/ip6t_policy.h | 58 ++++++++++++++++++++++++++++++
 7 files changed, 126 insertions(+), 16 deletions(-)
 delete mode 100755 extensions/.policy-test
 delete mode 100755 extensions/.policy-test6
 create mode 100644 include/linux/netfilter_ipv4/ipt_policy.h
 create mode 100644 include/linux/netfilter_ipv6/ip6t_policy.h

diff --git a/extensions/.policy-test b/extensions/.policy-test
deleted file mode 100755
index c2bb7bd5..00000000
--- a/extensions/.policy-test
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-#
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_policy.h ] && echo policy
diff --git a/extensions/.policy-test6 b/extensions/.policy-test6
deleted file mode 100755
index 5e6f4843..00000000
--- a/extensions/.policy-test6
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-#
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_policy.h ] && echo policy
diff --git a/extensions/Makefile b/extensions/Makefile
index a751b298..7164e1d2 100644
--- a/extensions/Makefile
+++ b/extensions/Makefile
@@ -5,8 +5,8 @@
 # header files are present in the include/linux directory of this iptables
 # package (HW)
 #
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
-PF6_EXT_SLIB:=connmark eui64 hl icmpv6 length limit mac mark multiport owner physdev standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+PF6_EXT_SLIB:=connmark eui64 hl icmpv6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE
 
 # Optionals
 PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
diff --git a/extensions/libip6t_policy.c b/extensions/libip6t_policy.c
index 54cd5f2b..74912b47 100644
--- a/extensions/libip6t_policy.c
+++ b/extensions/libip6t_policy.c
@@ -237,8 +237,8 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 
 		e->match.saddr = 1;
 		e->invert.saddr = invert;
-		in6addrcpy(&e->saddr, addr);
-		in6addrcpy(&e->smask, &mask);
+		in6addrcpy(&e->saddr.a6, addr);
+		in6addrcpy(&e->smask.a6, &mask);
                 break;
 	case '7':
 		if (e->match.daddr)
@@ -252,8 +252,8 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 
 		e->match.daddr = 1;
 		e->invert.daddr = invert;
-		in6addrcpy(&e->daddr, addr);
-		in6addrcpy(&e->dmask, &mask);
+		in6addrcpy(&e->daddr.a6, addr);
+		in6addrcpy(&e->dmask.a6, &mask);
 		break;
 	case '8':
 		if (e->match.proto)
diff --git a/extensions/libipt_policy.c b/extensions/libipt_policy.c
index 55b969d1..6c8828e1 100644
--- a/extensions/libipt_policy.c
+++ b/extensions/libipt_policy.c
@@ -197,8 +197,8 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 
 		e->match.saddr = 1;
 		e->invert.saddr = invert;
-		e->saddr = addr[0].s_addr;
-		e->smask = mask.s_addr;
+		e->saddr.a4 = addr[0];
+		e->smask.a4 = mask;
                 break;
 	case '7':
 		if (e->match.daddr)
@@ -212,8 +212,8 @@ static int parse(int c, char **argv, int invert, unsigned int *flags,
 
 		e->match.daddr = 1;
 		e->invert.daddr = invert;
-		e->daddr = addr[0].s_addr;
-		e->dmask = mask.s_addr;
+		e->daddr.a4 = addr[0];
+		e->dmask.a4 = mask;
 		break;
 	case '8':
 		if (e->match.proto)
diff --git a/include/linux/netfilter_ipv4/ipt_policy.h b/include/linux/netfilter_ipv4/ipt_policy.h
new file mode 100644
index 00000000..a3f6eff3
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_policy.h
@@ -0,0 +1,58 @@
+#ifndef _IPT_POLICY_H
+#define _IPT_POLICY_H
+
+#define IPT_POLICY_MAX_ELEM	4
+
+enum ipt_policy_flags
+{
+	IPT_POLICY_MATCH_IN	= 0x1,
+	IPT_POLICY_MATCH_OUT	= 0x2,
+	IPT_POLICY_MATCH_NONE	= 0x4,
+	IPT_POLICY_MATCH_STRICT	= 0x8,
+};
+
+enum ipt_policy_modes
+{
+	IPT_POLICY_MODE_TRANSPORT,
+	IPT_POLICY_MODE_TUNNEL
+};
+
+struct ipt_policy_spec
+{
+	u_int8_t	saddr:1,
+			daddr:1,
+			proto:1,
+			mode:1,
+			spi:1,
+			reqid:1;
+};
+
+union ipt_policy_addr
+{
+	struct in_addr	a4;
+	struct in6_addr	a6;
+};
+
+struct ipt_policy_elem
+{
+	union ipt_policy_addr	saddr;
+	union ipt_policy_addr	smask;
+	union ipt_policy_addr	daddr;
+	union ipt_policy_addr	dmask;
+	u_int32_t		spi;
+	u_int32_t		reqid;
+	u_int8_t		proto;
+	u_int8_t		mode;
+
+	struct ipt_policy_spec	match;
+	struct ipt_policy_spec	invert;
+};
+
+struct ipt_policy_info
+{
+	struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];
+	u_int16_t flags;
+	u_int16_t len;
+};
+
+#endif /* _IPT_POLICY_H */
diff --git a/include/linux/netfilter_ipv6/ip6t_policy.h b/include/linux/netfilter_ipv6/ip6t_policy.h
new file mode 100644
index 00000000..671bd818
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_policy.h
@@ -0,0 +1,58 @@
+#ifndef _IP6T_POLICY_H
+#define _IP6T_POLICY_H
+
+#define IP6T_POLICY_MAX_ELEM	4
+
+enum ip6t_policy_flags
+{
+	IP6T_POLICY_MATCH_IN		= 0x1,
+	IP6T_POLICY_MATCH_OUT		= 0x2,
+	IP6T_POLICY_MATCH_NONE		= 0x4,
+	IP6T_POLICY_MATCH_STRICT	= 0x8,
+};
+
+enum ip6t_policy_modes
+{
+	IP6T_POLICY_MODE_TRANSPORT,
+	IP6T_POLICY_MODE_TUNNEL
+};
+
+struct ip6t_policy_spec
+{
+	u_int8_t	saddr:1,
+			daddr:1,
+			proto:1,
+			mode:1,
+			spi:1,
+			reqid:1;
+};
+
+union ip6t_policy_addr
+{
+	struct in_addr	a4;
+	struct in6_addr	a6;
+};
+
+struct ip6t_policy_elem
+{
+	union ip6t_policy_addr	saddr;
+	union ip6t_policy_addr	smask;
+	union ip6t_policy_addr	daddr;
+	union ip6t_policy_addr	dmask;
+	u_int32_t		spi;
+	u_int32_t		reqid;
+	u_int8_t		proto;
+	u_int8_t		mode;
+
+	struct ip6t_policy_spec	match;
+	struct ip6t_policy_spec	invert;
+};
+
+struct ip6t_policy_info
+{
+	struct ip6t_policy_elem pol[IP6T_POLICY_MAX_ELEM];
+	u_int16_t flags;
+	u_int16_t len;
+};
+
+#endif /* _IP6T_POLICY_H */
-- 
cgit v1.2.3