[netfilter-cvslog] r6450 - in trunk/iptables: extensions
include/linux/netfilter_ipv4 include/linux/netfilter_ipv6
kaber at netfilter.org
kaber at netfilter.org
Tue Jan 31 19:24:24 CET 2006
Author: kaber at netfilter.org
Date: 2006-01-31 19:24:14 +0100 (Tue, 31 Jan 2006)
New Revision: 6450
Added:
trunk/iptables/include/linux/netfilter_ipv4/ipt_policy.h
trunk/iptables/include/linux/netfilter_ipv6/ip6t_policy.h
Removed:
trunk/iptables/extensions/.policy-test
trunk/iptables/extensions/.policy-test6
Modified:
trunk/iptables/extensions/Makefile
trunk/iptables/extensions/libip6t_policy.c
trunk/iptables/extensions/libipt_policy.c
Log:
Prepare policy match for x_tables unification by making sure both
ipt_policy and ip6t_policy use the same data structure.
Deleted: trunk/iptables/extensions/.policy-test
===================================================================
--- trunk/iptables/extensions/.policy-test 2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/extensions/.policy-test 2006-01-31 18:24:14 UTC (rev 6450)
@@ -1,3 +0,0 @@
-#!/bin/sh
-#
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_policy.h ] && echo policy
Deleted: trunk/iptables/extensions/.policy-test6
===================================================================
--- trunk/iptables/extensions/.policy-test6 2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/extensions/.policy-test6 2006-01-31 18:24:14 UTC (rev 6450)
@@ -1,3 +0,0 @@
-#!/bin/sh
-#
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_policy.h ] && echo policy
Modified: trunk/iptables/extensions/Makefile
===================================================================
--- trunk/iptables/extensions/Makefile 2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/extensions/Makefile 2006-01-31 18:24:14 UTC (rev 6450)
@@ -5,8 +5,8 @@
# header files are present in the include/linux directory of this iptables
# package (HW)
#
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
-PF6_EXT_SLIB:=connmark eui64 hl icmpv6 length limit mac mark multiport owner physdev standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+PF6_EXT_SLIB:=connmark eui64 hl icmpv6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE
# Optionals
PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
Modified: trunk/iptables/extensions/libip6t_policy.c
===================================================================
--- trunk/iptables/extensions/libip6t_policy.c 2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/extensions/libip6t_policy.c 2006-01-31 18:24:14 UTC (rev 6450)
@@ -237,8 +237,8 @@
e->match.saddr = 1;
e->invert.saddr = invert;
- in6addrcpy(&e->saddr, addr);
- in6addrcpy(&e->smask, &mask);
+ in6addrcpy(&e->saddr.a6, addr);
+ in6addrcpy(&e->smask.a6, &mask);
break;
case '7':
if (e->match.daddr)
@@ -252,8 +252,8 @@
e->match.daddr = 1;
e->invert.daddr = invert;
- in6addrcpy(&e->daddr, addr);
- in6addrcpy(&e->dmask, &mask);
+ in6addrcpy(&e->daddr.a6, addr);
+ in6addrcpy(&e->dmask.a6, &mask);
break;
case '8':
if (e->match.proto)
Modified: trunk/iptables/extensions/libipt_policy.c
===================================================================
--- trunk/iptables/extensions/libipt_policy.c 2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/extensions/libipt_policy.c 2006-01-31 18:24:14 UTC (rev 6450)
@@ -197,8 +197,8 @@
e->match.saddr = 1;
e->invert.saddr = invert;
- e->saddr = addr[0].s_addr;
- e->smask = mask.s_addr;
+ e->saddr.a4 = addr[0];
+ e->smask.a4 = mask;
break;
case '7':
if (e->match.daddr)
@@ -212,8 +212,8 @@
e->match.daddr = 1;
e->invert.daddr = invert;
- e->daddr = addr[0].s_addr;
- e->dmask = mask.s_addr;
+ e->daddr.a4 = addr[0];
+ e->dmask.a4 = mask;
break;
case '8':
if (e->match.proto)
Added: trunk/iptables/include/linux/netfilter_ipv4/ipt_policy.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_policy.h 2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_policy.h 2006-01-31 18:24:14 UTC (rev 6450)
@@ -0,0 +1,58 @@
+#ifndef _IPT_POLICY_H
+#define _IPT_POLICY_H
+
+#define IPT_POLICY_MAX_ELEM 4
+
+enum ipt_policy_flags
+{
+ IPT_POLICY_MATCH_IN = 0x1,
+ IPT_POLICY_MATCH_OUT = 0x2,
+ IPT_POLICY_MATCH_NONE = 0x4,
+ IPT_POLICY_MATCH_STRICT = 0x8,
+};
+
+enum ipt_policy_modes
+{
+ IPT_POLICY_MODE_TRANSPORT,
+ IPT_POLICY_MODE_TUNNEL
+};
+
+struct ipt_policy_spec
+{
+ u_int8_t saddr:1,
+ daddr:1,
+ proto:1,
+ mode:1,
+ spi:1,
+ reqid:1;
+};
+
+union ipt_policy_addr
+{
+ struct in_addr a4;
+ struct in6_addr a6;
+};
+
+struct ipt_policy_elem
+{
+ union ipt_policy_addr saddr;
+ union ipt_policy_addr smask;
+ union ipt_policy_addr daddr;
+ union ipt_policy_addr dmask;
+ u_int32_t spi;
+ u_int32_t reqid;
+ u_int8_t proto;
+ u_int8_t mode;
+
+ struct ipt_policy_spec match;
+ struct ipt_policy_spec invert;
+};
+
+struct ipt_policy_info
+{
+ struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];
+ u_int16_t flags;
+ u_int16_t len;
+};
+
+#endif /* _IPT_POLICY_H */
Added: trunk/iptables/include/linux/netfilter_ipv6/ip6t_policy.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv6/ip6t_policy.h 2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/include/linux/netfilter_ipv6/ip6t_policy.h 2006-01-31 18:24:14 UTC (rev 6450)
@@ -0,0 +1,58 @@
+#ifndef _IP6T_POLICY_H
+#define _IP6T_POLICY_H
+
+#define IP6T_POLICY_MAX_ELEM 4
+
+enum ip6t_policy_flags
+{
+ IP6T_POLICY_MATCH_IN = 0x1,
+ IP6T_POLICY_MATCH_OUT = 0x2,
+ IP6T_POLICY_MATCH_NONE = 0x4,
+ IP6T_POLICY_MATCH_STRICT = 0x8,
+};
+
+enum ip6t_policy_modes
+{
+ IP6T_POLICY_MODE_TRANSPORT,
+ IP6T_POLICY_MODE_TUNNEL
+};
+
+struct ip6t_policy_spec
+{
+ u_int8_t saddr:1,
+ daddr:1,
+ proto:1,
+ mode:1,
+ spi:1,
+ reqid:1;
+};
+
+union ip6t_policy_addr
+{
+ struct in_addr a4;
+ struct in6_addr a6;
+};
+
+struct ip6t_policy_elem
+{
+ union ip6t_policy_addr saddr;
+ union ip6t_policy_addr smask;
+ union ip6t_policy_addr daddr;
+ union ip6t_policy_addr dmask;
+ u_int32_t spi;
+ u_int32_t reqid;
+ u_int8_t proto;
+ u_int8_t mode;
+
+ struct ip6t_policy_spec match;
+ struct ip6t_policy_spec invert;
+};
+
+struct ip6t_policy_info
+{
+ struct ip6t_policy_elem pol[IP6T_POLICY_MAX_ELEM];
+ u_int16_t flags;
+ u_int16_t len;
+};
+
+#endif /* _IP6T_POLICY_H */
More information about the netfilter-cvslog
mailing list