[netfilter-cvslog] r7478 - in trunk/iptables: . include/linux include/linux/netfilter include/linux/netfilter_ipv4 include/linux/netfilter_ipv6 libipq
kaber at trash.net
kaber at trash.net
Mon Apr 14 08:49:38 CEST 2008
Author: kaber at trash.net
Date: 2008-04-14 08:49:38 +0200 (Mon, 14 Apr 2008)
New Revision: 7478
Added:
trunk/iptables/include/linux/netfilter/xt_SECMARK.h
trunk/iptables/include/linux/netfilter_ipv4/ipt_DSCP.h
trunk/iptables/include/linux/netfilter_ipv4/ipt_LOG.h
trunk/iptables/include/linux/netfilter_ipv4/ipt_REJECT.h
trunk/iptables/include/linux/netfilter_ipv4/ipt_TOS.h
trunk/iptables/include/linux/netfilter_ipv4/ipt_dscp.h
trunk/iptables/include/linux/netfilter_ipv4/ipt_owner.h
trunk/iptables/include/linux/netfilter_ipv4/ipt_tos.h
trunk/iptables/include/linux/netfilter_ipv6/ip6t_LOG.h
Modified:
trunk/iptables/Makefile.am
trunk/iptables/configure.ac
trunk/iptables/include/linux/netfilter.h
trunk/iptables/include/linux/netfilter/x_tables.h
trunk/iptables/include/linux/netfilter_ipv4/ip_tables.h
trunk/iptables/include/linux/netfilter_ipv6/ip6_tables.h
trunk/iptables/libipq/Makefile.am
Log:
[PATCH 2/8] Add all necessary header files - compilation fix for various cases
Allow iptables to compile without a kernel source tree. This
implies fixing build for older kernels, such as 2.6.17 which
lack xt_SECMARK.h.
Modified: trunk/iptables/Makefile.am
===================================================================
--- trunk/iptables/Makefile.am 2008-04-14 06:47:47 UTC (rev 7477)
+++ trunk/iptables/Makefile.am 2008-04-14 06:49:38 UTC (rev 7478)
@@ -4,7 +4,7 @@
regular_CFLAGS := @regular_CFLAGS@
kinclude_CFLAGS := @kinclude_CFLAGS@
-AM_CFLAGS = ${regular_CFLAGS} -I${top_srcdir}/include ${kinclude_CFLAGS}
+AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include ${kinclude_CFLAGS}
SUBDIRS := extensions
if ENABLE_LIBIPQ
SUBDIRS += libipq
Modified: trunk/iptables/configure.ac
===================================================================
--- trunk/iptables/configure.ac 2008-04-14 06:47:47 UTC (rev 7477)
+++ trunk/iptables/configure.ac 2008-04-14 06:49:38 UTC (rev 7478)
@@ -8,8 +8,6 @@
AC_DISABLE_STATIC
AC_PROG_LIBTOOL
-kbuilddir="/lib/modules/$(uname -r)/build";
-ksourcedir="/lib/modules/$(uname -r)/source";
AC_ARG_WITH([kernel],
AS_HELP_STRING([--with-kernel=PATH],
[Path to kernel source/build directory]),
@@ -45,7 +43,13 @@
-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
-Winline -pipe -DIPTABLES_VERSION=\\\"$PACKAGE_VERSION\\\" \
-DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" -DXTABLES_INTERNAL";
-kinclude_CFLAGS="-I\"$kbuilddir/include\" -I\"$ksourcedir/include\"";
+kinclude_CFLAGS="";
+if [[ -n "$kbuilddir" ]]; then
+ kinclude_CFLAGS="$kinclude_CFLAGS -I $kbuilddir/include";
+fi;
+if [[ -n "$ksourcedir" ]]; then
+ kinclude_CFLAGS="$kinclude_CFLAGS -I $ksourcedir/include";
+fi;
AC_SUBST([regular_CFLAGS kinclude_CFLAGS])
AC_SUBST([kbuilddir])
Modified: trunk/iptables/include/linux/netfilter/x_tables.h
===================================================================
--- trunk/iptables/include/linux/netfilter/x_tables.h 2008-04-14 06:47:47 UTC (rev 7477)
+++ trunk/iptables/include/linux/netfilter/x_tables.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -126,5 +126,48 @@
#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */
+/* fn returns 0 to continue iteration */
+#define XT_MATCH_ITERATE(type, e, fn, args...) \
+({ \
+ unsigned int __i; \
+ int __ret = 0; \
+ struct xt_entry_match *__m; \
+ \
+ for (__i = sizeof(type); \
+ __i < (e)->target_offset; \
+ __i += __m->u.match_size) { \
+ __m = (void *)e + __i; \
+ \
+ __ret = fn(__m , ## args); \
+ if (__ret != 0) \
+ break; \
+ } \
+ __ret; \
+})
+/* fn returns 0 to continue iteration */
+#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \
+({ \
+ unsigned int __i, __n; \
+ int __ret = 0; \
+ type *__entry; \
+ \
+ for (__i = 0, __n = 0; __i < (size); \
+ __i += __entry->next_offset, __n++) { \
+ __entry = (void *)(entries) + __i; \
+ if (__n < n) \
+ continue; \
+ \
+ __ret = fn(__entry , ## args); \
+ if (__ret != 0) \
+ break; \
+ } \
+ __ret; \
+})
+
+/* fn returns 0 to continue iteration */
+#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \
+ XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)
+
+
#endif /* _X_TABLES_H */
Added: trunk/iptables/include/linux/netfilter/xt_SECMARK.h
===================================================================
--- trunk/iptables/include/linux/netfilter/xt_SECMARK.h (rev 0)
+++ trunk/iptables/include/linux/netfilter/xt_SECMARK.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -0,0 +1,26 @@
+#ifndef _XT_SECMARK_H_target
+#define _XT_SECMARK_H_target
+
+/*
+ * This is intended for use by various security subsystems (but not
+ * at the same time).
+ *
+ * 'mode' refers to the specific security subsystem which the
+ * packets are being marked for.
+ */
+#define SECMARK_MODE_SEL 0x01 /* SELinux */
+#define SECMARK_SELCTX_MAX 256
+
+struct xt_secmark_target_selinux_info {
+ u_int32_t selsid;
+ char selctx[SECMARK_SELCTX_MAX];
+};
+
+struct xt_secmark_target_info {
+ u_int8_t mode;
+ union {
+ struct xt_secmark_target_selinux_info sel;
+ } u;
+};
+
+#endif /*_XT_SECMARK_H_target */
Modified: trunk/iptables/include/linux/netfilter.h
===================================================================
--- trunk/iptables/include/linux/netfilter.h 2008-04-14 06:47:47 UTC (rev 7477)
+++ trunk/iptables/include/linux/netfilter.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -1,6 +1,7 @@
#ifndef __LINUX_NETFILTER_H
#define __LINUX_NETFILTER_H
+
/* Responses from hook functions. */
#define NF_DROP 0
#define NF_ACCEPT 1
@@ -18,7 +19,7 @@
#define NF_VERDICT_QMASK 0xffff0000
#define NF_VERDICT_QBITS 16
-#define NF_QUEUE_NR(x) (((x << NF_VERDICT_QBITS) & NF_VERDICT_QMASK) | NF_QUEUE)
+#define NF_QUEUE_NR(x) ((((x) << NF_VERDICT_BITS) & NF_VERDICT_QMASK) | NF_QUEUE)
/* only for userspace compatibility */
/* Generic cache responses from hook functions.
@@ -36,7 +37,7 @@
};
union nf_inet_addr {
- u_int32_t all[4];
+ __u32 all[4];
__be32 ip;
__be32 ip6[4];
struct in_addr in;
Modified: trunk/iptables/include/linux/netfilter_ipv4/ip_tables.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ip_tables.h 2008-04-14 06:47:47 UTC (rev 7477)
+++ trunk/iptables/include/linux/netfilter_ipv4/ip_tables.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -148,10 +148,10 @@
unsigned int valid_hooks;
/* Hook entry points: one per netfilter hook. */
- unsigned int hook_entry[NF_IP_NUMHOOKS];
+ unsigned int hook_entry[NF_INET_NUMHOOKS];
/* Underflow points. */
- unsigned int underflow[NF_IP_NUMHOOKS];
+ unsigned int underflow[NF_INET_NUMHOOKS];
/* Number of entries */
unsigned int num_entries;
@@ -177,16 +177,16 @@
unsigned int size;
/* Hook entry points. */
- unsigned int hook_entry[NF_IP_NUMHOOKS];
+ unsigned int hook_entry[NF_INET_NUMHOOKS];
/* Underflow points. */
- unsigned int underflow[NF_IP_NUMHOOKS];
+ unsigned int underflow[NF_INET_NUMHOOKS];
/* Information about old entries: */
/* Number of counters (must be equal to current number of entries). */
unsigned int num_counters;
/* The old entries' counters. */
- struct xt_counters __user *counters;
+ struct xt_counters *counters;
/* The entries (hang off end: not really an array). */
struct ipt_entry entries[0];
@@ -221,61 +221,13 @@
}
/* fn returns 0 to continue iteration */
-#define IPT_MATCH_ITERATE(e, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ipt_entry_match *__match; \
- \
- for (__i = sizeof(struct ipt_entry); \
- __i < (e)->target_offset; \
- __i += __match->u.match_size) { \
- __match = (void *)(e) + __i; \
- \
- __ret = fn(__match , ## args); \
- if (__ret != 0) \
- break; \
- } \
- __ret; \
-})
+#define IPT_MATCH_ITERATE(e, fn, args...) \
+ XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
/* fn returns 0 to continue iteration */
-#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ipt_entry *__entry; \
- \
- for (__i = 0; __i < (size); __i += __entry->next_offset) { \
- __entry = (void *)(entries) + __i; \
- \
- __ret = fn(__entry , ## args); \
- if (__ret != 0) \
- break; \
- } \
- __ret; \
-})
+#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
+ XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
-/* fn returns 0 to continue iteration */
-#define IPT_ENTRY_ITERATE_CONTINUE(entries, size, n, fn, args...) \
-({ \
- unsigned int __i, __n; \
- int __ret = 0; \
- struct ipt_entry *__entry; \
- \
- for (__i = 0, __n = 0; __i < (size); \
- __i += __entry->next_offset, __n++) { \
- __entry = (void *)(entries) + __i; \
- if (__n < n) \
- continue; \
- \
- __ret = fn(__entry , ## args); \
- if (__ret != 0) \
- break; \
- } \
- __ret; \
-})
-
/*
* Main firewall chains definitions and global var's definitions.
*/
Added: trunk/iptables/include/linux/netfilter_ipv4/ipt_DSCP.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_DSCP.h (rev 0)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_DSCP.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -0,0 +1,18 @@
+/* iptables module for setting the IPv4 DSCP field
+ *
+ * (C) 2002 Harald Welte <laforge at gnumonks.org>
+ * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm at paktronix.com>
+ * This software is distributed under GNU GPL v2, 1991
+ *
+ * See RFC2474 for a description of the DSCP field within the IP Header.
+ *
+ * ipt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
+*/
+#ifndef _IPT_DSCP_TARGET_H
+#define _IPT_DSCP_TARGET_H
+#include <linux/netfilter_ipv4/ipt_dscp.h>
+#include <linux/netfilter/xt_DSCP.h>
+
+#define ipt_DSCP_info xt_DSCP_info
+
+#endif /* _IPT_DSCP_TARGET_H */
Added: trunk/iptables/include/linux/netfilter_ipv4/ipt_LOG.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_LOG.h (rev 0)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_LOG.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -0,0 +1,18 @@
+#ifndef _IPT_LOG_H
+#define _IPT_LOG_H
+
+/* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */
+#define IPT_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
+#define IPT_LOG_TCPOPT 0x02 /* Log TCP options */
+#define IPT_LOG_IPOPT 0x04 /* Log IP options */
+#define IPT_LOG_UID 0x08 /* Log UID owning local socket */
+#define IPT_LOG_NFLOG 0x10 /* Unsupported, don't reuse */
+#define IPT_LOG_MASK 0x1f
+
+struct ipt_log_info {
+ unsigned char level;
+ unsigned char logflags;
+ char prefix[30];
+};
+
+#endif /*_IPT_LOG_H*/
Added: trunk/iptables/include/linux/netfilter_ipv4/ipt_REJECT.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_REJECT.h (rev 0)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_REJECT.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -0,0 +1,20 @@
+#ifndef _IPT_REJECT_H
+#define _IPT_REJECT_H
+
+enum ipt_reject_with {
+ IPT_ICMP_NET_UNREACHABLE,
+ IPT_ICMP_HOST_UNREACHABLE,
+ IPT_ICMP_PROT_UNREACHABLE,
+ IPT_ICMP_PORT_UNREACHABLE,
+ IPT_ICMP_ECHOREPLY,
+ IPT_ICMP_NET_PROHIBITED,
+ IPT_ICMP_HOST_PROHIBITED,
+ IPT_TCP_RESET,
+ IPT_ICMP_ADMIN_PROHIBITED
+};
+
+struct ipt_reject_info {
+ enum ipt_reject_with with; /* reject type */
+};
+
+#endif /*_IPT_REJECT_H*/
Added: trunk/iptables/include/linux/netfilter_ipv4/ipt_TOS.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_TOS.h (rev 0)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_TOS.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -0,0 +1,12 @@
+#ifndef _IPT_TOS_H_target
+#define _IPT_TOS_H_target
+
+#ifndef IPTOS_NORMALSVC
+#define IPTOS_NORMALSVC 0
+#endif
+
+struct ipt_tos_target_info {
+ u_int8_t tos;
+};
+
+#endif /*_IPT_TOS_H_target*/
Added: trunk/iptables/include/linux/netfilter_ipv4/ipt_dscp.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_dscp.h (rev 0)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_dscp.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -0,0 +1,21 @@
+/* iptables module for matching the IPv4 DSCP field
+ *
+ * (C) 2002 Harald Welte <laforge at gnumonks.org>
+ * This software is distributed under GNU GPL v2, 1991
+ *
+ * See RFC2474 for a description of the DSCP field within the IP Header.
+ *
+ * ipt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp
+*/
+#ifndef _IPT_DSCP_H
+#define _IPT_DSCP_H
+
+#include <linux/netfilter/xt_dscp.h>
+
+#define IPT_DSCP_MASK XT_DSCP_MASK
+#define IPT_DSCP_SHIFT XT_DSCP_SHIFT
+#define IPT_DSCP_MAX XT_DSCP_MAX
+
+#define ipt_dscp_info xt_dscp_info
+
+#endif /* _IPT_DSCP_H */
Added: trunk/iptables/include/linux/netfilter_ipv4/ipt_owner.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_owner.h (rev 0)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_owner.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -0,0 +1,20 @@
+#ifndef _IPT_OWNER_H
+#define _IPT_OWNER_H
+
+/* match and invert flags */
+#define IPT_OWNER_UID 0x01
+#define IPT_OWNER_GID 0x02
+#define IPT_OWNER_PID 0x04
+#define IPT_OWNER_SID 0x08
+#define IPT_OWNER_COMM 0x10
+
+struct ipt_owner_info {
+ uid_t uid;
+ gid_t gid;
+ pid_t pid;
+ pid_t sid;
+ char comm[16];
+ u_int8_t match, invert; /* flags */
+};
+
+#endif /*_IPT_OWNER_H*/
Added: trunk/iptables/include/linux/netfilter_ipv4/ipt_tos.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_tos.h (rev 0)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_tos.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -0,0 +1,13 @@
+#ifndef _IPT_TOS_H
+#define _IPT_TOS_H
+
+struct ipt_tos_info {
+ u_int8_t tos;
+ u_int8_t invert;
+};
+
+#ifndef IPTOS_NORMALSVC
+#define IPTOS_NORMALSVC 0
+#endif
+
+#endif /*_IPT_TOS_H*/
Modified: trunk/iptables/include/linux/netfilter_ipv6/ip6_tables.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv6/ip6_tables.h 2008-04-14 06:47:47 UTC (rev 7477)
+++ trunk/iptables/include/linux/netfilter_ipv6/ip6_tables.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -208,10 +208,10 @@
unsigned int valid_hooks;
/* Hook entry points: one per netfilter hook. */
- unsigned int hook_entry[NF_IP6_NUMHOOKS];
+ unsigned int hook_entry[NF_INET_NUMHOOKS];
/* Underflow points. */
- unsigned int underflow[NF_IP6_NUMHOOKS];
+ unsigned int underflow[NF_INET_NUMHOOKS];
/* Number of entries */
unsigned int num_entries;
@@ -237,16 +237,16 @@
unsigned int size;
/* Hook entry points. */
- unsigned int hook_entry[NF_IP6_NUMHOOKS];
+ unsigned int hook_entry[NF_INET_NUMHOOKS];
/* Underflow points. */
- unsigned int underflow[NF_IP6_NUMHOOKS];
+ unsigned int underflow[NF_INET_NUMHOOKS];
/* Information about old entries: */
/* Number of counters (must be equal to current number of entries). */
unsigned int num_counters;
/* The old entries' counters. */
- struct xt_counters __user *counters;
+ struct xt_counters *counters;
/* The entries (hang off end: not really an array). */
struct ip6t_entry entries[0];
@@ -281,40 +281,12 @@
}
/* fn returns 0 to continue iteration */
-#define IP6T_MATCH_ITERATE(e, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ip6t_entry_match *__m; \
- \
- for (__i = sizeof(struct ip6t_entry); \
- __i < (e)->target_offset; \
- __i += __m->u.match_size) { \
- __m = (void *)(e) + __i; \
- \
- __ret = fn(__m , ## args); \
- if (__ret != 0) \
- break; \
- } \
- __ret; \
-})
+#define IP6T_MATCH_ITERATE(e, fn, args...) \
+ XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
/* fn returns 0 to continue iteration */
-#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
-({ \
- unsigned int __i; \
- int __ret = 0; \
- struct ip6t_entry *__e; \
- \
- for (__i = 0; __i < (size); __i += __e->next_offset) { \
- __e = (void *)(entries) + __i; \
- \
- __ret = fn(__e , ## args); \
- if (__ret != 0) \
- break; \
- } \
- __ret; \
-})
+#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
+ XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
/*
* Main firewall chains definitions and global var's definitions.
Added: trunk/iptables/include/linux/netfilter_ipv6/ip6t_LOG.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv6/ip6t_LOG.h (rev 0)
+++ trunk/iptables/include/linux/netfilter_ipv6/ip6t_LOG.h 2008-04-14 06:49:38 UTC (rev 7478)
@@ -0,0 +1,18 @@
+#ifndef _IP6T_LOG_H
+#define _IP6T_LOG_H
+
+/* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */
+#define IP6T_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
+#define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */
+#define IP6T_LOG_IPOPT 0x04 /* Log IP options */
+#define IP6T_LOG_UID 0x08 /* Log UID owning local socket */
+#define IP6T_LOG_NFLOG 0x10 /* Unsupported, don't use */
+#define IP6T_LOG_MASK 0x1f
+
+struct ip6t_log_info {
+ unsigned char level;
+ unsigned char logflags;
+ char prefix[30];
+};
+
+#endif /*_IPT_LOG_H*/
Modified: trunk/iptables/libipq/Makefile.am
===================================================================
--- trunk/iptables/libipq/Makefile.am 2008-04-14 06:47:47 UTC (rev 7477)
+++ trunk/iptables/libipq/Makefile.am 2008-04-14 06:49:38 UTC (rev 7478)
@@ -1,6 +1,6 @@
# -*- Makefile -*-
-AM_CFLAGS = ${regular_CFLAGS} -I${top_srcdir}/include
+AM_CFLAGS = ${regular_CFLAGS} -I${top_builddir}/include -I${top_srcdir}/include
libipq_a_SOURCES = libipq.c
lib_LIBRARIES = libipq.a
More information about the netfilter-cvslog
mailing list