[netfilter-cvslog] r4135 - in trunk/iptables: extensions include/linux/netfilter_ipv4

laforge at netfilter.org laforge at netfilter.org
Tue Jul 19 23:45:03 CEST 2005


Author: laforge at netfilter.org
Date: 2005-07-19 23:44:58 +0200 (Tue, 19 Jul 2005)
New Revision: 4135

Added:
   trunk/iptables/extensions/libip6t_NFQUEUE.c
   trunk/iptables/extensions/libipt_NFQUEUE.c
   trunk/iptables/include/linux/netfilter_ipv4/ipt_NFQUEUE.h
Modified:
   trunk/iptables/extensions/Makefile
Log:
add NFQUEUE support for ipv4 and ipv6


Modified: trunk/iptables/extensions/Makefile
===================================================================
--- trunk/iptables/extensions/Makefile	2005-07-19 21:29:31 UTC (rev 4134)
+++ trunk/iptables/extensions/Makefile	2005-07-19 21:44:58 UTC (rev 4135)
@@ -5,8 +5,8 @@
 # header files are present in the include/linux directory of this iptables
 # package (HW)
 #
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
-PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner physdev standard tcp udp HL LOG MARK TRACE
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner physdev standard tcp udp HL LOG NFQUEUE MARK TRACE
 
 # Optionals
 PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))

Added: trunk/iptables/extensions/libip6t_NFQUEUE.c
===================================================================
--- trunk/iptables/extensions/libip6t_NFQUEUE.c	2005-07-19 21:29:31 UTC (rev 4134)
+++ trunk/iptables/extensions/libip6t_NFQUEUE.c	2005-07-19 21:44:58 UTC (rev 4135)
@@ -0,0 +1,113 @@
+/* Shared library add-on to ip666666tables for NFQ
+ *
+ * (C) 2005 by Harald Welte <laforge at netfilter.org>
+ *
+ * This program is distributed under the terms of GNU GPL v2, 1991
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <ip6tables.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
+
+static void init(struct ip6t_entry_target *t, unsigned int *nfcache) 
+{
+}
+
+static void help(void) 
+{
+	printf(
+"NFQUEUE target options\n"
+"  --queue-num value		Send packet to QUEUE number <value>.\n"
+"  		                Valid queue numbers are 0-65535\n"
+);
+}
+
+static struct option opts[] = {
+	{ "queue-num", 1, 0, 'F' },
+	{ 0 }
+};
+
+static void
+parse_num(const char *s, struct ipt_NFQ_info *tinfo)
+{
+	unsigned int num;
+       
+	if (string_to_number(s, 0, 65535, &num) == -1)
+		exit_error(PARAMETER_PROBLEM,
+			   "Invalid queue number `%s'\n", s);
+
+    	tinfo->queuenum = num & 0xffff;
+    	return;
+}
+
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+      const struct ip6t_entry *entry,
+      struct ip6t_entry_target **target)
+{
+	struct ipt_NFQ_info *tinfo
+		= (struct ipt_NFQ_info *)(*target)->data;
+
+	switch (c) {
+	case 'F':
+		if (*flags)
+			exit_error(PARAMETER_PROBLEM, "NFQUEUE target: "
+				   "Only use --queue-num ONCE!");
+		parse_num(optarg, tinfo);
+	default:
+		return 0;
+	}
+
+	return 1;
+}
+
+static void
+final_check(unsigned int flags)
+{
+}
+
+/* Prints out the targinfo. */
+static void
+print(const struct ip6t_ip6 *ip,
+      const struct ip6t_entry_target *target,
+      int numeric)
+{
+	const struct ipt_NFQ_info *tinfo =
+		(const struct ipt_NFQ_info *)target->data;
+	printf("NFQUEUE num %u", tinfo->queuenum);
+}
+
+/* Saves the union ip6t_targinfo in parsable form to stdout. */
+static void
+save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
+{
+	const struct ipt_NFQ_info *tinfo =
+		(const struct ipt_NFQ_info *)target->data;
+
+	printf("--queue-num %u ", tinfo->queuenum);
+}
+
+static struct ip6tables_target nfqueue = { 
+	.next		= NULL,
+	.name		= "NFQUEUE",
+	.version	= IPTABLES_VERSION,
+	.size		= IP6T_ALIGN(sizeof(struct ipt_NFQ_info)),
+	.userspacesize	= IP6T_ALIGN(sizeof(struct ipt_NFQ_info)),
+	.help		= &help,
+	.init		= &init,
+	.parse		= &parse,
+	.final_check	= &final_check,
+	.print		= &print,
+	.save		= &save,
+	.extra_opts	= opts
+};
+
+void _init(void)
+{
+	register_target6(&nfqueue);
+}

Added: trunk/iptables/extensions/libipt_NFQUEUE.c
===================================================================
--- trunk/iptables/extensions/libipt_NFQUEUE.c	2005-07-19 21:29:31 UTC (rev 4134)
+++ trunk/iptables/extensions/libipt_NFQUEUE.c	2005-07-19 21:44:58 UTC (rev 4135)
@@ -0,0 +1,113 @@
+/* Shared library add-on to iptables for NFQ
+ *
+ * (C) 2005 by Harald Welte <laforge at netfilter.org>
+ *
+ * This program is distributed under the terms of GNU GPL v2, 1991
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <iptables.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
+
+static void init(struct ipt_entry_target *t, unsigned int *nfcache) 
+{
+}
+
+static void help(void) 
+{
+	printf(
+"NFQUEUE target options\n"
+"  --queue-num value		Send packet to QUEUE number <value>.\n"
+"  		                Valid queue numbers are 0-65535\n"
+);
+}
+
+static struct option opts[] = {
+	{ "queue-num", 1, 0, 'F' },
+	{ 0 }
+};
+
+static void
+parse_num(const char *s, struct ipt_NFQ_info *tinfo)
+{
+	unsigned int num;
+       
+	if (string_to_number(s, 0, 65535, &num) == -1)
+		exit_error(PARAMETER_PROBLEM,
+			   "Invalid queue number `%s'\n", s);
+
+    	tinfo->queuenum = num & 0xffff;
+    	return;
+}
+
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+      const struct ipt_entry *entry,
+      struct ipt_entry_target **target)
+{
+	struct ipt_NFQ_info *tinfo
+		= (struct ipt_NFQ_info *)(*target)->data;
+
+	switch (c) {
+	case 'F':
+		if (*flags)
+			exit_error(PARAMETER_PROBLEM, "NFQUEUE target: "
+				   "Only use --queue-num ONCE!");
+		parse_num(optarg, tinfo);
+	default:
+		return 0;
+	}
+
+	return 1;
+}
+
+static void
+final_check(unsigned int flags)
+{
+}
+
+/* Prints out the targinfo. */
+static void
+print(const struct ipt_ip *ip,
+      const struct ipt_entry_target *target,
+      int numeric)
+{
+	const struct ipt_NFQ_info *tinfo =
+		(const struct ipt_NFQ_info *)target->data;
+	printf("NFQUEUE num %u", tinfo->queuenum);
+}
+
+/* Saves the union ipt_targinfo in parsable form to stdout. */
+static void
+save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+{
+	const struct ipt_NFQ_info *tinfo =
+		(const struct ipt_NFQ_info *)target->data;
+
+	printf("--queue-num %u ", tinfo->queuenum);
+}
+
+static struct iptables_target nfqueue = { 
+	.next		= NULL,
+	.name		= "NFQUEUE",
+	.version	= IPTABLES_VERSION,
+	.size		= IPT_ALIGN(sizeof(struct ipt_NFQ_info)),
+	.userspacesize	= IPT_ALIGN(sizeof(struct ipt_NFQ_info)),
+	.help		= &help,
+	.init		= &init,
+	.parse		= &parse,
+	.final_check	= &final_check,
+	.print		= &print,
+	.save		= &save,
+	.extra_opts	= opts
+};
+
+void _init(void)
+{
+	register_target(&nfqueue);
+}

Added: trunk/iptables/include/linux/netfilter_ipv4/ipt_NFQUEUE.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_NFQUEUE.h	2005-07-19 21:29:31 UTC (rev 4134)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_NFQUEUE.h	2005-07-19 21:44:58 UTC (rev 4135)
@@ -0,0 +1,16 @@
+/* iptables module for using NFQUEUE mechanism
+ *
+ * (C) 2005 Harald Welte <laforge at netfilter.org>
+ *
+ * This software is distributed under GNU GPL v2, 1991
+ * 
+*/
+#ifndef _IPT_NFQ_TARGET_H
+#define _IPT_NFQ_TARGET_H
+
+/* target info */
+struct ipt_NFQ_info {
+	u_int16_t queuenum;
+};
+
+#endif /* _IPT_DSCP_TARGET_H */




More information about the netfilter-cvslog mailing list