[netfilter-cvslog] r6986 - in trunk/iptables: extensions
include/linux/netfilter include/linux/netfilter_ipv4
include/linux/netfilter_ipv6
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Sat Aug 4 10:06:55 CEST 2007
Author: yasuyuki at netfilter.org
Date: 2007-08-04 10:06:55 +0200 (Sat, 04 Aug 2007)
New Revision: 6986
Added:
trunk/iptables/extensions/libxt_MARK.c
trunk/iptables/include/linux/netfilter/xt_MARK.h
Removed:
trunk/iptables/extensions/libip6t_MARK.c
trunk/iptables/extensions/libipt_MARK.c
trunk/iptables/include/linux/netfilter_ipv4/ipt_MARK.h
trunk/iptables/include/linux/netfilter_ipv6/ip6t_MARK.h
Modified:
trunk/iptables/extensions/Makefile
Log:
Unifies libip[6]t_MARK into libxt_MARK
Modified: trunk/iptables/extensions/Makefile
===================================================================
--- trunk/iptables/extensions/Makefile 2007-08-04 08:05:46 UTC (rev 6985)
+++ trunk/iptables/extensions/Makefile 2007-08-04 08:06:55 UTC (rev 6986)
@@ -5,9 +5,9 @@
# header files are present in the include/linux directory of this iptables
# package (HW)
#
-PF_EXT_SLIB:=ah addrtype connmark conntrack ecn hashlimit helper icmp iprange owner policy realm state tos ttl unclean CLASSIFY DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL TRACE ULOG
-PF6_EXT_SLIB:=connmark eui64 hl icmp6 owner policy state HL LOG MARK TRACE
-PFX_EXT_SLIB:=comment connlimit dscp esp length limit mac mark multiport physdev pkttype sctp standard tcp tcpmss udp CONNMARK NFQUEUE NOTRACK TCPMSS
+PF_EXT_SLIB:=ah addrtype connmark conntrack ecn hashlimit helper icmp iprange owner policy realm state tos ttl unclean CLASSIFY DNAT DSCP ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL TRACE ULOG
+PF6_EXT_SLIB:=connmark eui64 hl icmp6 owner policy state HL LOG TRACE
+PFX_EXT_SLIB:=comment connlimit dscp esp length limit mac mark multiport physdev pkttype sctp standard tcp tcpmss udp CONNMARK MARK NFQUEUE NOTRACK TCPMSS
ifeq ($(DO_SELINUX), 1)
PF_EXT_SE_SLIB:=
Deleted: trunk/iptables/extensions/libip6t_MARK.c
===================================================================
--- trunk/iptables/extensions/libip6t_MARK.c 2007-08-04 08:05:46 UTC (rev 6985)
+++ trunk/iptables/extensions/libip6t_MARK.c 2007-08-04 08:06:55 UTC (rev 6986)
@@ -1,118 +0,0 @@
-/* Shared library add-on to iptables to add MARK target support. */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
-#include <ip6tables.h>
-#include <linux/netfilter_ipv6/ip6_tables.h>
-/* For 64bit kernel / 32bit userspace */
-#include "../include/linux/netfilter_ipv6/ip6t_MARK.h"
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
- printf(
-"MARK target v%s options:\n"
-" --set-mark value Set nfmark value\n"
-"\n",
-IPTABLES_VERSION);
-}
-
-static const struct option opts[] = {
- { .name = "set-mark", .has_arg = 1, .flag = 0, .val = '1' },
- { .name = 0 }
-};
-
-/* Initialize the target. */
-static void
-init(struct xt_entry_target *t, unsigned int *nfcache)
-{
-}
-
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- struct xt_entry_target **target)
-{
- struct ip6t_mark_target_info *markinfo
- = (struct ip6t_mark_target_info *)(*target)->data;
-
- switch (c) {
- case '1':
- if (string_to_number_l(optarg, 0, 0,
- &markinfo->mark))
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
- if (*flags)
- exit_error(PARAMETER_PROBLEM,
- "MARK target: Can't specify --set-mark twice");
- *flags = 1;
- break;
-
- default:
- return 0;
- }
-
- return 1;
-}
-
-static void
-final_check(unsigned int flags)
-{
- if (!flags)
- exit_error(PARAMETER_PROBLEM,
- "MARK target: Parameter --set-mark is required");
-}
-
-static void
-print_mark(unsigned long mark)
-{
- printf("0x%lx ", mark);
-}
-
-/* Prints out the targinfo. */
-static void
-print(const void *ip,
- const struct xt_entry_target *target,
- int numeric)
-{
- const struct ip6t_mark_target_info *markinfo =
- (const struct ip6t_mark_target_info *)target->data;
-
- printf("MARK set ");
- print_mark(markinfo->mark);
-}
-
-/* Saves the union ipt_targinfo in parsable form to stdout. */
-static void
-save(const void *ip, const struct xt_entry_target *target)
-{
- const struct ip6t_mark_target_info *markinfo =
- (const struct ip6t_mark_target_info *)target->data;
-
- printf("--set-mark ");
- print_mark(markinfo->mark);
-}
-
-static
-struct ip6tables_target mark = {
- .name = "MARK",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ip6t_mark_target_info)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ip6t_mark_target_info)),
- .help = &help,
- .init = &init,
- .parse = &parse,
- .final_check = &final_check,
- .print = &print,
- .save = &save,
- .extra_opts = opts
-};
-
-void _init(void)
-{
- register_target6(&mark);
-}
Deleted: trunk/iptables/extensions/libipt_MARK.c
===================================================================
--- trunk/iptables/extensions/libipt_MARK.c 2007-08-04 08:05:46 UTC (rev 6985)
+++ trunk/iptables/extensions/libipt_MARK.c 2007-08-04 08:06:55 UTC (rev 6986)
@@ -1,224 +0,0 @@
-/* Shared library add-on to iptables to add MARK target support. */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
-#include <iptables.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
-/* For 64bit kernel / 32bit userspace */
-#include "../include/linux/netfilter_ipv4/ipt_MARK.h"
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
- printf(
-"MARK target v%s options:\n"
-" --set-mark value Set nfmark value\n"
-" --and-mark value Binary AND the nfmark with value\n"
-" --or-mark value Binary OR the nfmark with value\n"
-"\n",
-IPTABLES_VERSION);
-}
-
-static const struct option opts[] = {
- { "set-mark", 1, 0, '1' },
- { "and-mark", 1, 0, '2' },
- { "or-mark", 1, 0, '3' },
- { 0 }
-};
-
-/* Initialize the target. */
-static void
-init(struct xt_entry_target *t, unsigned int *nfcache)
-{
-}
-
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-parse_v0(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- struct xt_entry_target **target)
-{
- struct ipt_mark_target_info *markinfo
- = (struct ipt_mark_target_info *)(*target)->data;
-
- switch (c) {
- case '1':
- if (string_to_number_l(optarg, 0, 0,
- &markinfo->mark))
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
- if (*flags)
- exit_error(PARAMETER_PROBLEM,
- "MARK target: Can't specify --set-mark twice");
- *flags = 1;
- break;
- case '2':
- exit_error(PARAMETER_PROBLEM,
- "MARK target: kernel too old for --and-mark");
- case '3':
- exit_error(PARAMETER_PROBLEM,
- "MARK target: kernel too old for --or-mark");
- default:
- return 0;
- }
-
- return 1;
-}
-
-static void
-final_check(unsigned int flags)
-{
- if (!flags)
- exit_error(PARAMETER_PROBLEM,
- "MARK target: Parameter --set/and/or-mark"
- " is required");
-}
-
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-parse_v1(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- struct xt_entry_target **target)
-{
- struct ipt_mark_target_info_v1 *markinfo
- = (struct ipt_mark_target_info_v1 *)(*target)->data;
-
- switch (c) {
- case '1':
- markinfo->mode = IPT_MARK_SET;
- break;
- case '2':
- markinfo->mode = IPT_MARK_AND;
- break;
- case '3':
- markinfo->mode = IPT_MARK_OR;
- break;
- default:
- return 0;
- }
-
- if (string_to_number_l(optarg, 0, 0, &markinfo->mark))
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
-
- if (*flags)
- exit_error(PARAMETER_PROBLEM,
- "MARK target: Can't specify --set-mark twice");
-
- *flags = 1;
- return 1;
-}
-
-static void
-print_mark(unsigned long mark)
-{
- printf("0x%lx ", mark);
-}
-
-/* Prints out the targinfo. */
-static void
-print_v0(const void *ip,
- const struct xt_entry_target *target,
- int numeric)
-{
- const struct ipt_mark_target_info *markinfo =
- (const struct ipt_mark_target_info *)target->data;
- printf("MARK set ");
- print_mark(markinfo->mark);
-}
-
-/* Saves the union ipt_targinfo in parsable form to stdout. */
-static void
-save_v0(const void *ip, const struct xt_entry_target *target)
-{
- const struct ipt_mark_target_info *markinfo =
- (const struct ipt_mark_target_info *)target->data;
-
- printf("--set-mark ");
- print_mark(markinfo->mark);
-}
-
-/* Prints out the targinfo. */
-static void
-print_v1(const void *ip,
- const struct xt_entry_target *target,
- int numeric)
-{
- const struct ipt_mark_target_info_v1 *markinfo =
- (const struct ipt_mark_target_info_v1 *)target->data;
-
- switch (markinfo->mode) {
- case IPT_MARK_SET:
- printf("MARK set ");
- break;
- case IPT_MARK_AND:
- printf("MARK and ");
- break;
- case IPT_MARK_OR:
- printf("MARK or ");
- break;
- }
- print_mark(markinfo->mark);
-}
-
-/* Saves the union ipt_targinfo in parsable form to stdout. */
-static void
-save_v1(const void *ip, const struct xt_entry_target *target)
-{
- const struct ipt_mark_target_info_v1 *markinfo =
- (const struct ipt_mark_target_info_v1 *)target->data;
-
- switch (markinfo->mode) {
- case IPT_MARK_SET:
- printf("--set-mark ");
- break;
- case IPT_MARK_AND:
- printf("--and-mark ");
- break;
- case IPT_MARK_OR:
- printf("--or-mark ");
- break;
- }
- print_mark(markinfo->mark);
-}
-
-static
-struct iptables_target mark_v0 = {
- .name = "MARK",
- .version = IPTABLES_VERSION,
- .revision = 0,
- .size = IPT_ALIGN(sizeof(struct ipt_mark_target_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_mark_target_info)),
- .help = &help,
- .init = &init,
- .parse = &parse_v0,
- .final_check = &final_check,
- .print = &print_v0,
- .save = &save_v0,
- .extra_opts = opts
-};
-
-static
-struct iptables_target mark_v1 = {
- .name = "MARK",
- .version = IPTABLES_VERSION,
- .revision = 1,
- .size = IPT_ALIGN(sizeof(struct ipt_mark_target_info_v1)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_mark_target_info_v1)),
- .help = &help,
- .init = &init,
- .parse = &parse_v1,
- .final_check = &final_check,
- .print = &print_v1,
- .save = &save_v1,
- .extra_opts = opts
-};
-
-void _init(void)
-{
- register_target(&mark_v0);
- register_target(&mark_v1);
-}
Added: trunk/iptables/extensions/libxt_MARK.c
===================================================================
--- trunk/iptables/extensions/libxt_MARK.c (rev 0)
+++ trunk/iptables/extensions/libxt_MARK.c 2007-08-04 08:06:55 UTC (rev 6986)
@@ -0,0 +1,240 @@
+/* Shared library add-on to iptables to add MARK target support. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <xtables.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_MARK.h>
+
+/* Function which prints out usage message. */
+static void
+help(void)
+{
+ printf(
+"MARK target v%s options:\n"
+" --set-mark value Set nfmark value\n"
+" --and-mark value Binary AND the nfmark with value\n"
+" --or-mark value Binary OR the nfmark with value\n"
+"\n",
+IPTABLES_VERSION);
+}
+
+static const struct option opts[] = {
+ { "set-mark", 1, 0, '1' },
+ { "and-mark", 1, 0, '2' },
+ { "or-mark", 1, 0, '3' },
+ { 0 }
+};
+
+/* Initialize the target. */
+static void
+init(struct xt_entry_target *t, unsigned int *nfcache)
+{
+}
+
+/* Function which parses command options; returns true if it
+ ate an option */
+static int
+parse_v0(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry,
+ struct xt_entry_target **target)
+{
+ struct xt_mark_target_info *markinfo
+ = (struct xt_mark_target_info *)(*target)->data;
+
+ switch (c) {
+ case '1':
+ if (string_to_number_l(optarg, 0, 0,
+ &markinfo->mark))
+ exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+ if (*flags)
+ exit_error(PARAMETER_PROBLEM,
+ "MARK target: Can't specify --set-mark twice");
+ *flags = 1;
+ break;
+ case '2':
+ exit_error(PARAMETER_PROBLEM,
+ "MARK target: kernel too old for --and-mark");
+ case '3':
+ exit_error(PARAMETER_PROBLEM,
+ "MARK target: kernel too old for --or-mark");
+ default:
+ return 0;
+ }
+
+ return 1;
+}
+
+static void
+final_check(unsigned int flags)
+{
+ if (!flags)
+ exit_error(PARAMETER_PROBLEM,
+ "MARK target: Parameter --set/and/or-mark"
+ " is required");
+}
+
+/* Function which parses command options; returns true if it
+ ate an option */
+static int
+parse_v1(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry,
+ struct xt_entry_target **target)
+{
+ struct xt_mark_target_info_v1 *markinfo
+ = (struct xt_mark_target_info_v1 *)(*target)->data;
+
+ switch (c) {
+ case '1':
+ markinfo->mode = XT_MARK_SET;
+ break;
+ case '2':
+ markinfo->mode = XT_MARK_AND;
+ break;
+ case '3':
+ markinfo->mode = XT_MARK_OR;
+ break;
+ default:
+ return 0;
+ }
+
+ if (string_to_number_l(optarg, 0, 0, &markinfo->mark))
+ exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+
+ if (*flags)
+ exit_error(PARAMETER_PROBLEM,
+ "MARK target: Can't specify --set-mark twice");
+
+ *flags = 1;
+ return 1;
+}
+
+static void
+print_mark(unsigned long mark)
+{
+ printf("0x%lx ", mark);
+}
+
+/* Prints out the targinfo. */
+static void
+print_v0(const void *ip,
+ const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct xt_mark_target_info *markinfo =
+ (const struct xt_mark_target_info *)target->data;
+ printf("MARK set ");
+ print_mark(markinfo->mark);
+}
+
+/* Saves the union ipt_targinfo in parsable form to stdout. */
+static void
+save_v0(const void *ip, const struct xt_entry_target *target)
+{
+ const struct xt_mark_target_info *markinfo =
+ (const struct xt_mark_target_info *)target->data;
+
+ printf("--set-mark ");
+ print_mark(markinfo->mark);
+}
+
+/* Prints out the targinfo. */
+static void
+print_v1(const void *ip,
+ const struct xt_entry_target *target,
+ int numeric)
+{
+ const struct xt_mark_target_info_v1 *markinfo =
+ (const struct xt_mark_target_info_v1 *)target->data;
+
+ switch (markinfo->mode) {
+ case XT_MARK_SET:
+ printf("MARK set ");
+ break;
+ case XT_MARK_AND:
+ printf("MARK and ");
+ break;
+ case XT_MARK_OR:
+ printf("MARK or ");
+ break;
+ }
+ print_mark(markinfo->mark);
+}
+
+/* Saves the union ipt_targinfo in parsable form to stdout. */
+static void
+save_v1(const void *ip, const struct xt_entry_target *target)
+{
+ const struct xt_mark_target_info_v1 *markinfo =
+ (const struct xt_mark_target_info_v1 *)target->data;
+
+ switch (markinfo->mode) {
+ case XT_MARK_SET:
+ printf("--set-mark ");
+ break;
+ case XT_MARK_AND:
+ printf("--and-mark ");
+ break;
+ case XT_MARK_OR:
+ printf("--or-mark ");
+ break;
+ }
+ print_mark(markinfo->mark);
+}
+
+static struct xtables_target mark_v0 = {
+ .family = AF_INET,
+ .name = "MARK",
+ .version = IPTABLES_VERSION,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
+ .help = &help,
+ .init = &init,
+ .parse = &parse_v0,
+ .final_check = &final_check,
+ .print = &print_v0,
+ .save = &save_v0,
+ .extra_opts = opts,
+};
+
+static struct xtables_target mark_v1 = {
+ .family = AF_INET,
+ .name = "MARK",
+ .version = IPTABLES_VERSION,
+ .revision = 1,
+ .size = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info_v1)),
+ .help = &help,
+ .init = &init,
+ .parse = &parse_v1,
+ .final_check = &final_check,
+ .print = &print_v1,
+ .save = &save_v1,
+ .extra_opts = opts,
+};
+
+static struct xtables_target mark6_v0 = {
+ .family = AF_INET6,
+ .name = "MARK",
+ .version = IPTABLES_VERSION,
+ .revision = 0,
+ .size = XT_ALIGN(sizeof(struct xt_mark_target_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_mark_target_info)),
+ .help = &help,
+ .init = &init,
+ .parse = &parse_v0,
+ .final_check = &final_check,
+ .print = &print_v0,
+ .save = &save_v0,
+ .extra_opts = opts,
+};
+
+void _init(void)
+{
+ xtables_register_target(&mark_v0);
+ xtables_register_target(&mark_v1);
+ xtables_register_target(&mark6_v0);
+}
Added: trunk/iptables/include/linux/netfilter/xt_MARK.h
===================================================================
--- trunk/iptables/include/linux/netfilter/xt_MARK.h (rev 0)
+++ trunk/iptables/include/linux/netfilter/xt_MARK.h 2007-08-04 08:06:55 UTC (rev 6986)
@@ -0,0 +1,21 @@
+#ifndef _XT_MARK_H_target
+#define _XT_MARK_H_target
+
+/* Version 0 */
+struct xt_mark_target_info {
+ unsigned long mark;
+};
+
+/* Version 1 */
+enum {
+ XT_MARK_SET=0,
+ XT_MARK_AND,
+ XT_MARK_OR,
+};
+
+struct xt_mark_target_info_v1 {
+ unsigned long mark;
+ u_int8_t mode;
+};
+
+#endif /*_XT_MARK_H_target */
Deleted: trunk/iptables/include/linux/netfilter_ipv4/ipt_MARK.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_MARK.h 2007-08-04 08:05:46 UTC (rev 6985)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_MARK.h 2007-08-04 08:06:55 UTC (rev 6986)
@@ -1,19 +0,0 @@
-#ifndef _IPT_MARK_H_target
-#define _IPT_MARK_H_target
-
-struct ipt_mark_target_info {
- unsigned long mark;
-};
-
-enum {
- IPT_MARK_SET=0,
- IPT_MARK_AND,
- IPT_MARK_OR
-};
-
-struct ipt_mark_target_info_v1 {
- unsigned long mark;
- u_int8_t mode;
-};
-
-#endif /*_IPT_MARK_H_target*/
Deleted: trunk/iptables/include/linux/netfilter_ipv6/ip6t_MARK.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv6/ip6t_MARK.h 2007-08-04 08:05:46 UTC (rev 6985)
+++ trunk/iptables/include/linux/netfilter_ipv6/ip6t_MARK.h 2007-08-04 08:06:55 UTC (rev 6986)
@@ -1,8 +0,0 @@
-#ifndef _IP6T_MARK_H_target
-#define _IP6T_MARK_H_target
-
-struct ip6t_mark_target_info {
- unsigned long mark;
-};
-
-#endif /*_IPT_MARK_H_target*/
More information about the netfilter-cvslog
mailing list