[netfilter-cvslog] r6988 - in trunk/iptables: extensions
include/linux/netfilter include/linux/netfilter_ipv4
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Sat Aug 4 10:09:04 CEST 2007
Author: yasuyuki at netfilter.org
Date: 2007-08-04 10:09:04 +0200 (Sat, 04 Aug 2007)
New Revision: 6988
Added:
trunk/iptables/extensions/libxt_connmark.c
trunk/iptables/include/linux/netfilter/xt_connmark.h
Removed:
trunk/iptables/extensions/libip6t_connmark.c
trunk/iptables/extensions/libipt_connmark.c
trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h
Modified:
trunk/iptables/extensions/Makefile
Log:
Unifies libip[6]t_connmark into libxt_connmark
Modified: trunk/iptables/extensions/Makefile
===================================================================
--- trunk/iptables/extensions/Makefile 2007-08-04 08:08:20 UTC (rev 6987)
+++ trunk/iptables/extensions/Makefile 2007-08-04 08:09:04 UTC (rev 6988)
@@ -5,9 +5,9 @@
# header files are present in the include/linux directory of this iptables
# package (HW)
#
-PF_EXT_SLIB:=ah addrtype connmark conntrack ecn helper icmp iprange owner policy realm state tos ttl unclean CLASSIFY DNAT DSCP ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL TRACE ULOG
-PF6_EXT_SLIB:=connmark eui64 hl icmp6 owner policy state HL LOG TRACE
-PFX_EXT_SLIB:=comment connlimit dscp esp hashlimit length limit mac mark multiport physdev pkttype sctp standard tcp tcpmss udp CONNMARK MARK NFQUEUE NOTRACK TCPMSS
+PF_EXT_SLIB:=ah addrtype conntrack ecn helper icmp iprange owner policy realm state tos ttl unclean CLASSIFY DNAT DSCP ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL TRACE ULOG
+PF6_EXT_SLIB:=eui64 hl icmp6 owner policy state HL LOG TRACE
+PFX_EXT_SLIB:=connmark connlimit comment dscp esp hashlimit length limit mac mark multiport physdev pkttype sctp standard tcp tcpmss udp CONNMARK MARK NFQUEUE NOTRACK TCPMSS
ifeq ($(DO_SELINUX), 1)
PF_EXT_SE_SLIB:=
Deleted: trunk/iptables/extensions/libip6t_connmark.c
===================================================================
--- trunk/iptables/extensions/libip6t_connmark.c 2007-08-04 08:08:20 UTC (rev 6987)
+++ trunk/iptables/extensions/libip6t_connmark.c 2007-08-04 08:09:04 UTC (rev 6988)
@@ -1,151 +0,0 @@
-/* Shared library add-on to iptables to add connmark matching support.
- *
- * (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
- * by Henrik Nordstrom <hno at marasystems.com>
- *
- * Version 1.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
-#include <ip6tables.h>
-#include "../include/linux/netfilter_ipv4/ipt_connmark.h"
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
- printf(
-"CONNMARK match v%s options:\n"
-"[!] --mark value[/mask] Match nfmark value with optional mask\n"
-"\n",
-IPTABLES_VERSION);
-}
-
-static const struct option opts[] = {
- { "mark", 1, 0, '1' },
- {0}
-};
-
-/* Initialize the match. */
-static void
-init(struct xt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- unsigned int *nfcache,
- struct xt_entry_match **match)
-{
- struct ipt_connmark_info *markinfo = (struct ipt_connmark_info *)(*match)->data;
-
- switch (c) {
- char *end;
- case '1':
- check_inverse(optarg, &invert, &optind, 0);
-
- markinfo->mark = strtoul(optarg, &end, 0);
- markinfo->mask = 0xffffffffUL;
-
- if (*end == '/')
- markinfo->mask = strtoul(end+1, &end, 0);
-
- if (*end != '\0' || end == optarg)
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
- if (invert)
- markinfo->invert = 1;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
- return 1;
-}
-
-static void
-print_mark(unsigned long mark, unsigned long mask, int numeric)
-{
- if(mask != 0xffffffffUL)
- printf("0x%lx/0x%lx ", mark, mask);
- else
- printf("0x%lx ", mark);
-}
-
-/* Final check; must have specified --mark. */
-static void
-final_check(unsigned int flags)
-{
- if (!flags)
- exit_error(PARAMETER_PROBLEM,
- "MARK match: You must specify `--mark'");
-}
-
-/* Prints out the matchinfo. */
-static void
-print(const void *ip,
- const struct xt_entry_match *match,
- int numeric)
-{
- struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
-
- printf("CONNMARK match ");
- if (info->invert)
- printf("!");
- print_mark(info->mark, info->mask, numeric);
-}
-
-/* Saves the matchinfo in parsable form to stdout. */
-static void
-save(const void *ip, const struct xt_entry_match *match)
-{
- struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
-
- if (info->invert)
- printf("! ");
-
- printf("--mark ");
- print_mark(info->mark, info->mask, 0);
-}
-
-static struct ip6tables_match connmark_match = {
- .name = "connmark",
- .version = IPTABLES_VERSION,
- .size = IP6T_ALIGN(sizeof(struct ipt_connmark_info)),
- .userspacesize = IP6T_ALIGN(sizeof(struct ipt_connmark_info)),
- .help = &help,
- .init = &init,
- .parse = &parse,
- .final_check = &final_check,
- .print = &print,
- .save = &save,
- .extra_opts = opts
-};
-
-void _init(void)
-{
- register_match6(&connmark_match);
-}
Deleted: trunk/iptables/extensions/libipt_connmark.c
===================================================================
--- trunk/iptables/extensions/libipt_connmark.c 2007-08-04 08:08:20 UTC (rev 6987)
+++ trunk/iptables/extensions/libipt_connmark.c 2007-08-04 08:09:04 UTC (rev 6988)
@@ -1,151 +0,0 @@
-/* Shared library add-on to iptables to add connmark matching support.
- *
- * (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
- * by Henrik Nordstrom <hno at marasystems.com>
- *
- * Version 1.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
-#include <iptables.h>
-#include "../include/linux/netfilter_ipv4/ipt_connmark.h"
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
- printf(
-"CONNMARK match v%s options:\n"
-"[!] --mark value[/mask] Match nfmark value with optional mask\n"
-"\n",
-IPTABLES_VERSION);
-}
-
-static const struct option opts[] = {
- { "mark", 1, 0, '1' },
- {0}
-};
-
-/* Initialize the match. */
-static void
-init(struct xt_entry_match *m, unsigned int *nfcache)
-{
- /* Can't cache this. */
- *nfcache |= NFC_UNKNOWN;
-}
-
-/* Function which parses command options; returns true if it
- ate an option */
-static int
-parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- unsigned int *nfcache,
- struct xt_entry_match **match)
-{
- struct ipt_connmark_info *markinfo = (struct ipt_connmark_info *)(*match)->data;
-
- switch (c) {
- char *end;
- case '1':
- check_inverse(optarg, &invert, &optind, 0);
-
- markinfo->mark = strtoul(optarg, &end, 0);
- markinfo->mask = 0xffffffffUL;
-
- if (*end == '/')
- markinfo->mask = strtoul(end+1, &end, 0);
-
- if (*end != '\0' || end == optarg)
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
- if (invert)
- markinfo->invert = 1;
- *flags = 1;
- break;
-
- default:
- return 0;
- }
- return 1;
-}
-
-static void
-print_mark(unsigned long mark, unsigned long mask, int numeric)
-{
- if(mask != 0xffffffffUL)
- printf("0x%lx/0x%lx ", mark, mask);
- else
- printf("0x%lx ", mark);
-}
-
-/* Final check; must have specified --mark. */
-static void
-final_check(unsigned int flags)
-{
- if (!flags)
- exit_error(PARAMETER_PROBLEM,
- "MARK match: You must specify `--mark'");
-}
-
-/* Prints out the matchinfo. */
-static void
-print(const void *ip,
- const struct xt_entry_match *match,
- int numeric)
-{
- struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
-
- printf("CONNMARK match ");
- if (info->invert)
- printf("!");
- print_mark(info->mark, info->mask, numeric);
-}
-
-/* Saves the matchinfo in parsable form to stdout. */
-static void
-save(const void *ip, const struct xt_entry_match *match)
-{
- struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
-
- if (info->invert)
- printf("! ");
-
- printf("--mark ");
- print_mark(info->mark, info->mask, 0);
-}
-
-static struct iptables_match connmark_match = {
- .name = "connmark",
- .version = IPTABLES_VERSION,
- .size = IPT_ALIGN(sizeof(struct ipt_connmark_info)),
- .userspacesize = IPT_ALIGN(sizeof(struct ipt_connmark_info)),
- .help = &help,
- .init = &init,
- .parse = &parse,
- .final_check = &final_check,
- .print = &print,
- .save = &save,
- .extra_opts = opts
-};
-
-void _init(void)
-{
- register_match(&connmark_match);
-}
Added: trunk/iptables/extensions/libxt_connmark.c
===================================================================
--- trunk/iptables/extensions/libxt_connmark.c (rev 0)
+++ trunk/iptables/extensions/libxt_connmark.c 2007-08-04 08:09:04 UTC (rev 6988)
@@ -0,0 +1,158 @@
+/* Shared library add-on to iptables to add connmark matching support.
+ *
+ * (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * by Henrik Nordstrom <hno at marasystems.com>
+ *
+ * Version 1.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+#include <stdio.h>
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <xtables.h>
+#include <linux/netfilter/xt_connmark.h>
+
+/* Function which prints out usage message. */
+static void
+help(void)
+{
+ printf(
+"CONNMARK match v%s options:\n"
+"[!] --mark value[/mask] Match nfmark value with optional mask\n"
+"\n",
+IPTABLES_VERSION);
+}
+
+static const struct option opts[] = {
+ { "mark", 1, 0, '1' },
+ {0}
+};
+
+/* Function which parses command options; returns true if it
+ ate an option */
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry,
+ unsigned int *nfcache,
+ struct xt_entry_match **match)
+{
+ struct xt_connmark_info *markinfo = (struct xt_connmark_info *)(*match)->data;
+
+ switch (c) {
+ char *end;
+ case '1':
+ check_inverse(optarg, &invert, &optind, 0);
+
+ markinfo->mark = strtoul(optarg, &end, 0);
+ markinfo->mask = 0xffffffffUL;
+
+ if (*end == '/')
+ markinfo->mask = strtoul(end+1, &end, 0);
+
+ if (*end != '\0' || end == optarg)
+ exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+ if (invert)
+ markinfo->invert = 1;
+ *flags = 1;
+ break;
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+static void
+print_mark(unsigned long mark, unsigned long mask, int numeric)
+{
+ if(mask != 0xffffffffUL)
+ printf("0x%lx/0x%lx ", mark, mask);
+ else
+ printf("0x%lx ", mark);
+}
+
+/* Final check; must have specified --mark. */
+static void
+final_check(unsigned int flags)
+{
+ if (!flags)
+ exit_error(PARAMETER_PROBLEM,
+ "MARK match: You must specify `--mark'");
+}
+
+/* Prints out the matchinfo. */
+static void
+print(const void *ip,
+ const struct xt_entry_match *match,
+ int numeric)
+{
+ struct xt_connmark_info *info = (struct xt_connmark_info *)match->data;
+
+ printf("CONNMARK match ");
+ if (info->invert)
+ printf("!");
+ print_mark(info->mark, info->mask, numeric);
+}
+
+/* Saves the matchinfo in parsable form to stdout. */
+static void
+save(const void *ip, const struct xt_entry_match *match)
+{
+ struct xt_connmark_info *info = (struct xt_connmark_info *)match->data;
+
+ if (info->invert)
+ printf("! ");
+
+ printf("--mark ");
+ print_mark(info->mark, info->mask, 0);
+}
+
+static struct xtables_match connmark_match = {
+ .family = AF_INET,
+ .name = "connmark",
+ .version = IPTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connmark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
+ .help = &help,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
+};
+
+static struct xtables_match connmark_match6 = {
+ .family = AF_INET6,
+ .name = "connmark",
+ .version = IPTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_connmark_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_connmark_info)),
+ .help = &help,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
+};
+
+void _init(void)
+{
+ xtables_register_match(&connmark_match);
+ xtables_register_match(&connmark_match6);
+}
Added: trunk/iptables/include/linux/netfilter/xt_connmark.h
===================================================================
--- trunk/iptables/include/linux/netfilter/xt_connmark.h (rev 0)
+++ trunk/iptables/include/linux/netfilter/xt_connmark.h 2007-08-04 08:09:04 UTC (rev 6988)
@@ -0,0 +1,18 @@
+#ifndef _XT_CONNMARK_H
+#define _XT_CONNMARK_H
+
+/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
+ * by Henrik Nordstrom <hno at marasystems.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+struct xt_connmark_info {
+ unsigned long mark, mask;
+ u_int8_t invert;
+};
+
+#endif /*_XT_CONNMARK_H*/
Deleted: trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h 2007-08-04 08:08:20 UTC (rev 6987)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h 2007-08-04 08:09:04 UTC (rev 6988)
@@ -1,18 +0,0 @@
-#ifndef _IPT_CONNMARK_H
-#define _IPT_CONNMARK_H
-
-/* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
- * by Henrik Nordstrom <hno at marasystems.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- */
-
-struct ipt_connmark_info {
- unsigned long mark, mask;
- u_int8_t invert;
-};
-
-#endif /*_IPT_CONNMARK_H*/
More information about the netfilter-cvslog
mailing list