[netfilter-cvslog] r3667 - in trunk/iptables: extensions
include/linux/netfilter_ipv4
gandalf at netfilter.org
gandalf at netfilter.org
Sat Feb 12 22:40:17 CET 2005
Author: gandalf at netfilter.org
Date: 2005-02-12 22:40:16 +0100 (Sat, 12 Feb 2005)
New Revision: 3667
Modified:
trunk/iptables/extensions/libipt_CONNMARK.c
trunk/iptables/extensions/libipt_connmark.c
trunk/iptables/include/linux/netfilter_ipv4/ipt_CONNMARK.h
trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h
Log:
Fix CONNMARK/connmark issues with 64bit kernel and 32bit userspace.
Also fixes a typo in CONNMARK, --mask set the mark, not the mask.
Initial patch by: Pablo Neira <pablo at eurodev.net>
Signed-off-by: Martin Josefsson <gandalf at wlug.westbo.se>
Modified: trunk/iptables/extensions/libipt_CONNMARK.c
===================================================================
--- trunk/iptables/extensions/libipt_CONNMARK.c 2005-02-12 21:21:01 UTC (rev 3666)
+++ trunk/iptables/extensions/libipt_CONNMARK.c 2005-02-12 21:40:16 UTC (rev 3667)
@@ -26,7 +26,7 @@
#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_CONNMARK.h>
+#include "../include/linux/netfilter_ipv4/ipt_CONNMARK.h"
#if 0
struct markinfo {
@@ -72,14 +72,25 @@
struct ipt_connmark_target_info *markinfo
= (struct ipt_connmark_target_info *)(*target)->data;
+#ifdef KERNEL_64_USERSPACE_32
+ markinfo->mask = ~0ULL;
+#else
+ markinfo->mask = ~0UL;
+#endif
+
switch (c) {
char *end;
case '1':
markinfo->mode = IPT_CONNMARK_SET;
- markinfo->mask = ~0;
+#ifdef KERNEL_64_USERSPACE_32
+ markinfo->mark = strtoull(optarg, &end, 0);
+ if (*end == '/' && end[1] != '\0')
+ markinfo->mask = strtoull(end+1, &end, 0);
+#else
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/' && end[1] != '\0')
markinfo->mask = strtoul(end+1, &end, 0);
+#endif
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
if (*flags)
@@ -89,7 +100,6 @@
break;
case '2':
markinfo->mode = IPT_CONNMARK_SAVE;
- markinfo->mask = ~0;
if (*flags)
exit_error(PARAMETER_PROBLEM,
"CONNMARK target: Can't specify --save-mark twice");
@@ -97,7 +107,6 @@
break;
case '3':
markinfo->mode = IPT_CONNMARK_RESTORE;
- markinfo->mask = ~0;
if (*flags)
exit_error(PARAMETER_PROBLEM,
"CONNMARK target: Can't specify --restore-mark twice");
@@ -107,9 +116,13 @@
if (!*flags)
exit_error(PARAMETER_PROBLEM,
"CONNMARK target: Can't specify --mask without a operation");
- markinfo->mark = strtoul(optarg, &end, 0);
+#ifdef KERNEL_64_USERSPACE_32
+ markinfo->mask = strtoull(optarg, &end, 0);
+#else
+ markinfo->mask = strtoul(optarg, &end, 0);
+#endif
if (*end != '\0' || end == optarg)
- exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
+ exit_error(PARAMETER_PROBLEM, "Bad MASK value `%s'", optarg);
break;
default:
return 0;
@@ -126,6 +139,37 @@
"CONNMARK target: No operation specified");
}
+#ifdef KERNEL_64_USERSPACE_32
+static void
+print_mark(unsigned long long mark)
+{
+ printf("0x%llx", mark);
+}
+
+static void
+print_mask(const char *text, unsigned long long mask)
+{
+ if (mask != ~0ULL)
+ printf("%s%llx", text, mask);
+}
+
+#else
+
+static void
+print_mark(unsigned long mark)
+{
+ printf("0x%lx", mark);
+}
+
+static void
+print_mask(const char *text, unsigned long mask)
+{
+ if (mask != ~0UL)
+ printf("%s%lx", text, mask);
+}
+#endif
+
+
/* Prints out the target info. */
static void
print(const struct ipt_ip *ip,
@@ -136,21 +180,19 @@
(const struct ipt_connmark_target_info *)target->data;
switch (markinfo->mode) {
case IPT_CONNMARK_SET:
- printf("CONNMARK set 0x%lx", markinfo->mark);
- if (markinfo->mask != ~0)
- printf("/0x%lx", markinfo->mask);
+ printf("CONNMARK set ");
+ print_mark(markinfo->mark);
+ print_mask("/", markinfo->mask);
printf(" ");
break;
case IPT_CONNMARK_SAVE:
printf("CONNMARK save ");
- if (markinfo->mask != ~0)
- printf("mask 0x%lx", markinfo->mask);
+ print_mask("mask ", markinfo->mask);
printf(" ");
break;
case IPT_CONNMARK_RESTORE:
printf("CONNMARK restore ");
- if (markinfo->mask != ~0)
- printf("mask 0x%lx", markinfo->mask);
+ print_mask("mask ", markinfo->mask);
break;
default:
printf("ERROR: UNKNOWN CONNMARK MODE ");
@@ -167,20 +209,18 @@
switch (markinfo->mode) {
case IPT_CONNMARK_SET:
- printf("--set-mark 0x%lx", markinfo->mark);
- if (markinfo->mask != ~0)
- printf("/0x%lx", markinfo->mask);
+ printf("--set-mark ");
+ print_mark(markinfo->mark);
+ print_mask("/", markinfo->mask);
printf(" ");
break;
case IPT_CONNMARK_SAVE:
printf("--save-mark ");
- if (markinfo->mask != ~0)
- printf("--mask 0x%lx", markinfo->mask);
+ print_mask("--mask ", markinfo->mask);
break;
case IPT_CONNMARK_RESTORE:
printf("--restore-mark ");
- if (markinfo->mask != ~0)
- printf("--mask 0x%lx", markinfo->mask);
+ print_mask("--mask ", markinfo->mask);
break;
default:
printf("ERROR: UNKNOWN CONNMARK MODE ");
Modified: trunk/iptables/extensions/libipt_connmark.c
===================================================================
--- trunk/iptables/extensions/libipt_connmark.c 2005-02-12 21:21:01 UTC (rev 3666)
+++ trunk/iptables/extensions/libipt_connmark.c 2005-02-12 21:40:16 UTC (rev 3667)
@@ -26,7 +26,7 @@
#include <getopt.h>
#include <iptables.h>
-#include <linux/netfilter_ipv4/ipt_connmark.h>
+#include "../include/linux/netfilter_ipv4/ipt_connmark.h"
/* Function which prints out usage message. */
static void
@@ -66,11 +66,17 @@
char *end;
case '1':
check_inverse(optarg, &invert, &optind, 0);
+#ifdef KERNEL_64_USERSPACE_32
+ markinfo->mark = strtoull(optarg, &end, 0);
+ markinfo->mask = ~0ULL;
+ if (*end == '/')
+ markinfo->mask = strtoull(end+1, &end, 0);
+#else
markinfo->mark = strtoul(optarg, &end, 0);
- if (*end == '/') {
+ markinfo->mask = ~0UL;
+ if (*end == '/')
markinfo->mask = strtoul(end+1, &end, 0);
- } else
- markinfo->mask = ~0;
+#endif
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
if (invert)
@@ -84,14 +90,25 @@
return 1;
}
+#ifdef KERNEL_64_USERSPACE_32
static void
+print_mark(unsigned long long mark, unsigned long long mask, int numeric)
+{
+ if(mask != ~0ULL)
+ printf("0x%llx/0x%llx ", mark, mask);
+ else
+ printf("0x%llx ", mark);
+}
+#else
+static void
print_mark(unsigned long mark, unsigned long mask, int numeric)
{
- if(mask != ~0)
+ if(mask != ~0UL)
printf("0x%lx/0x%lx ", mark, mask);
else
printf("0x%lx ", mark);
}
+#endif
/* Final check; must have specified --mark. */
static void
Modified: trunk/iptables/include/linux/netfilter_ipv4/ipt_CONNMARK.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2005-02-12 21:21:01 UTC (rev 3666)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_CONNMARK.h 2005-02-12 21:40:16 UTC (rev 3667)
@@ -17,8 +17,13 @@
};
struct ipt_connmark_target_info {
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned long long mark;
+ unsigned long long mask;
+#else
unsigned long mark;
unsigned long mask;
+#endif
u_int8_t mode;
};
Modified: trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h 2005-02-12 21:21:01 UTC (rev 3666)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_connmark.h 2005-02-12 21:40:16 UTC (rev 3667)
@@ -11,7 +11,11 @@
*/
struct ipt_connmark_info {
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned long long mark, mask;
+#else
unsigned long mark, mask;
+#endif
u_int8_t invert;
};
More information about the netfilter-cvslog
mailing list