[netfilter-cvslog] r6888 - trunk/iptables/extensions

kaber at trash.net kaber at trash.net
Mon Jun 25 16:33:08 CEST 2007 

Author: kaber at trash.net
Date: 2007-06-25 16:33:07 +0200 (Mon, 25 Jun 2007)
New Revision: 6888

Added:
   trunk/iptables/extensions/libip6t_TRACE.c
   trunk/iptables/extensions/libip6t_TRACE.man
   trunk/iptables/extensions/libipt_TRACE.c
   trunk/iptables/extensions/libipt_TRACE.man
Modified:
   trunk/iptables/extensions/Makefile
Log:
Add Jozsef's TRACE target.

Changed to be built unconditionally by myself since it doesn't need any
headerfiles anyways.


Modified: trunk/iptables/extensions/Makefile
===================================================================
--- trunk/iptables/extensions/Makefile	2007-06-25 14:10:38 UTC (rev 6887)
+++ trunk/iptables/extensions/Makefile	2007-06-25 14:33:07 UTC (rev 6888)
@@ -5,8 +5,8 @@
 # header files are present in the include/linux directory of this iptables
 # package (HW)
 #
-PF_EXT_SLIB:=ah addrtype comment connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TCPMSS TOS TTL ULOG
-PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TCPMSS
+PF_EXT_SLIB:=ah addrtype comment connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TCPMSS TOS TTL TRACE ULOG
+PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TCPMSS TRACE
 
 ifeq ($(DO_SELINUX), 1)
 PF_EXT_SE_SLIB:=SECMARK CONNSECMARK

Added: trunk/iptables/extensions/libip6t_TRACE.c
===================================================================
--- trunk/iptables/extensions/libip6t_TRACE.c	                        (rev 0)
+++ trunk/iptables/extensions/libip6t_TRACE.c	2007-06-25 14:33:07 UTC (rev 6888)
@@ -0,0 +1,63 @@
+/* Shared library add-on to ip6tables to add TRACE target support. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <ip6tables.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+
+/* Function which prints out usage message. */
+static void
+help(void)
+{
+	printf(
+"TRACE target v%s takes no options\n",
+IPTABLES_VERSION);
+}
+
+static struct option opts[] = {
+	{ 0 }
+};
+
+/* Initialize the target. */
+static void
+init(struct ip6t_entry_target *t, unsigned int *nfcache)
+{
+}
+
+/* Function which parses command options; returns true if it
+   ate an option */
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+      const struct ip6t_entry *entry,
+      struct ip6t_entry_target **target)
+{
+	return 0;
+}
+
+static void
+final_check(unsigned int flags)
+{
+}
+
+static
+struct ip6tables_target trace 
+= {	.next = NULL,
+	.name = "TRACE",
+	.version = IPTABLES_VERSION,
+	.size = IP6T_ALIGN(0),
+	.userspacesize = IP6T_ALIGN(0),
+	.help = &help,
+	.init = &init,
+	.parse = &parse,
+	.final_check = &final_check,
+	.print = NULL, /* print */
+	.save = NULL, /* save */
+	.extra_opts = opts
+};
+
+void _init(void)
+{
+	register_target6(&trace);
+}

Added: trunk/iptables/extensions/libip6t_TRACE.man
===================================================================
--- trunk/iptables/extensions/libip6t_TRACE.man	                        (rev 0)
+++ trunk/iptables/extensions/libip6t_TRACE.man	2007-06-25 14:33:07 UTC (rev 6888)
@@ -0,0 +1,10 @@
+This target marks packes so that the kernel will log every rule which match 
+the packets as those traverse the tables, chains, rules. (The ip6t_LOG module 
+is required for the logging.) The packets are logged with the string prefix: 
+"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for 
+plain rule, "return" for implicit rule at the end of a user defined chain 
+and "policy" for the policy of the built in chains. 
+.br
+It can only be used in the
+.BR raw
+table.

Added: trunk/iptables/extensions/libipt_TRACE.c
===================================================================
--- trunk/iptables/extensions/libipt_TRACE.c	                        (rev 0)
+++ trunk/iptables/extensions/libipt_TRACE.c	2007-06-25 14:33:07 UTC (rev 6888)
@@ -0,0 +1,63 @@
+/* Shared library add-on to iptables to add TRACE target support. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <iptables.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+/* Function which prints out usage message. */
+static void
+help(void)
+{
+	printf(
+"TRACE target v%s takes no options\n",
+IPTABLES_VERSION);
+}
+
+static struct option opts[] = {
+	{ 0 }
+};
+
+/* Initialize the target. */
+static void
+init(struct ipt_entry_target *t, unsigned int *nfcache)
+{
+}
+
+/* Function which parses command options; returns true if it
+   ate an option */
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+      const struct ipt_entry *entry,
+      struct ipt_entry_target **target)
+{
+	return 0;
+}
+
+static void
+final_check(unsigned int flags)
+{
+}
+
+static
+struct iptables_target trace 
+= {	.next = NULL,
+	.name = "TRACE",
+	.version = IPTABLES_VERSION,
+	.size = IPT_ALIGN(0),
+	.userspacesize = IPT_ALIGN(0),
+	.help = &help,
+	.init = &init,
+	.parse = &parse,
+	.final_check = &final_check,
+	.print = NULL, /* print */
+	.save = NULL, /* save */
+	.extra_opts = opts
+};
+
+void _init(void)
+{
+	register_target(&trace);
+}

Added: trunk/iptables/extensions/libipt_TRACE.man
===================================================================
--- trunk/iptables/extensions/libipt_TRACE.man	                        (rev 0)
+++ trunk/iptables/extensions/libipt_TRACE.man	2007-06-25 14:33:07 UTC (rev 6888)
@@ -0,0 +1,10 @@
+This target marks packes so that the kernel will log every rule which match 
+the packets as those traverse the tables, chains, rules. (The ipt_LOG module 
+is required for the logging.) The packets are logged with the string prefix: 
+"TRACE: tablename:chainname:type:rulenum " where type can be "rule" for 
+plain rule, "return" for implicit rule at the end of a user defined chain 
+and "policy" for the policy of the built in chains. 
+.br
+It can only be used in the
+.BR raw
+table.

More information about the netfilter-cvslog mailing list