[netfilter-cvslog] r6450 - in trunk/iptables: extensions include/linux/netfilter_ipv4 include/linux/netfilter_ipv6

kaber at netfilter.org kaber at netfilter.org
Tue Jan 31 19:24:24 CET 2006 

Author: kaber at netfilter.org
Date: 2006-01-31 19:24:14 +0100 (Tue, 31 Jan 2006)
New Revision: 6450

Added:
   trunk/iptables/include/linux/netfilter_ipv4/ipt_policy.h
   trunk/iptables/include/linux/netfilter_ipv6/ip6t_policy.h
Removed:
   trunk/iptables/extensions/.policy-test
   trunk/iptables/extensions/.policy-test6
Modified:
   trunk/iptables/extensions/Makefile
   trunk/iptables/extensions/libip6t_policy.c
   trunk/iptables/extensions/libipt_policy.c
Log:
Prepare policy match for x_tables unification by making sure both
ipt_policy and ip6t_policy use the same data structure.


Deleted: trunk/iptables/extensions/.policy-test
===================================================================
--- trunk/iptables/extensions/.policy-test	2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/extensions/.policy-test	2006-01-31 18:24:14 UTC (rev 6450)
@@ -1,3 +0,0 @@
-#!/bin/sh
-#
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_policy.h ] && echo policy

Deleted: trunk/iptables/extensions/.policy-test6
===================================================================
--- trunk/iptables/extensions/.policy-test6	2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/extensions/.policy-test6	2006-01-31 18:24:14 UTC (rev 6450)
@@ -1,3 +0,0 @@
-#!/bin/sh
-#
-[ -f $KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_policy.h ] && echo policy

Modified: trunk/iptables/extensions/Makefile
===================================================================
--- trunk/iptables/extensions/Makefile	2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/extensions/Makefile	2006-01-31 18:24:14 UTC (rev 6450)
@@ -5,8 +5,8 @@
 # header files are present in the include/linux directory of this iptables
 # package (HW)
 #
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
-PF6_EXT_SLIB:=connmark eui64 hl icmpv6 length limit mac mark multiport owner physdev standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+PF6_EXT_SLIB:=connmark eui64 hl icmpv6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE
 
 # Optionals
 PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))

Modified: trunk/iptables/extensions/libip6t_policy.c
===================================================================
--- trunk/iptables/extensions/libip6t_policy.c	2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/extensions/libip6t_policy.c	2006-01-31 18:24:14 UTC (rev 6450)
@@ -237,8 +237,8 @@
 
 		e->match.saddr = 1;
 		e->invert.saddr = invert;
-		in6addrcpy(&e->saddr, addr);
-		in6addrcpy(&e->smask, &mask);
+		in6addrcpy(&e->saddr.a6, addr);
+		in6addrcpy(&e->smask.a6, &mask);
                 break;
 	case '7':
 		if (e->match.daddr)
@@ -252,8 +252,8 @@
 
 		e->match.daddr = 1;
 		e->invert.daddr = invert;
-		in6addrcpy(&e->daddr, addr);
-		in6addrcpy(&e->dmask, &mask);
+		in6addrcpy(&e->daddr.a6, addr);
+		in6addrcpy(&e->dmask.a6, &mask);
 		break;
 	case '8':
 		if (e->match.proto)

Modified: trunk/iptables/extensions/libipt_policy.c
===================================================================
--- trunk/iptables/extensions/libipt_policy.c	2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/extensions/libipt_policy.c	2006-01-31 18:24:14 UTC (rev 6450)
@@ -197,8 +197,8 @@
 
 		e->match.saddr = 1;
 		e->invert.saddr = invert;
-		e->saddr = addr[0].s_addr;
-		e->smask = mask.s_addr;
+		e->saddr.a4 = addr[0];
+		e->smask.a4 = mask;
                 break;
 	case '7':
 		if (e->match.daddr)
@@ -212,8 +212,8 @@
 
 		e->match.daddr = 1;
 		e->invert.daddr = invert;
-		e->daddr = addr[0].s_addr;
-		e->dmask = mask.s_addr;
+		e->daddr.a4 = addr[0];
+		e->dmask.a4 = mask;
 		break;
 	case '8':
 		if (e->match.proto)

Added: trunk/iptables/include/linux/netfilter_ipv4/ipt_policy.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv4/ipt_policy.h	2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/include/linux/netfilter_ipv4/ipt_policy.h	2006-01-31 18:24:14 UTC (rev 6450)
@@ -0,0 +1,58 @@
+#ifndef _IPT_POLICY_H
+#define _IPT_POLICY_H
+
+#define IPT_POLICY_MAX_ELEM	4
+
+enum ipt_policy_flags
+{
+	IPT_POLICY_MATCH_IN	= 0x1,
+	IPT_POLICY_MATCH_OUT	= 0x2,
+	IPT_POLICY_MATCH_NONE	= 0x4,
+	IPT_POLICY_MATCH_STRICT	= 0x8,
+};
+
+enum ipt_policy_modes
+{
+	IPT_POLICY_MODE_TRANSPORT,
+	IPT_POLICY_MODE_TUNNEL
+};
+
+struct ipt_policy_spec
+{
+	u_int8_t	saddr:1,
+			daddr:1,
+			proto:1,
+			mode:1,
+			spi:1,
+			reqid:1;
+};
+
+union ipt_policy_addr
+{
+	struct in_addr	a4;
+	struct in6_addr	a6;
+};
+
+struct ipt_policy_elem
+{
+	union ipt_policy_addr	saddr;
+	union ipt_policy_addr	smask;
+	union ipt_policy_addr	daddr;
+	union ipt_policy_addr	dmask;
+	u_int32_t		spi;
+	u_int32_t		reqid;
+	u_int8_t		proto;
+	u_int8_t		mode;
+
+	struct ipt_policy_spec	match;
+	struct ipt_policy_spec	invert;
+};
+
+struct ipt_policy_info
+{
+	struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];
+	u_int16_t flags;
+	u_int16_t len;
+};
+
+#endif /* _IPT_POLICY_H */

Added: trunk/iptables/include/linux/netfilter_ipv6/ip6t_policy.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv6/ip6t_policy.h	2006-01-31 10:34:03 UTC (rev 6449)
+++ trunk/iptables/include/linux/netfilter_ipv6/ip6t_policy.h	2006-01-31 18:24:14 UTC (rev 6450)
@@ -0,0 +1,58 @@
+#ifndef _IP6T_POLICY_H
+#define _IP6T_POLICY_H
+
+#define IP6T_POLICY_MAX_ELEM	4
+
+enum ip6t_policy_flags
+{
+	IP6T_POLICY_MATCH_IN		= 0x1,
+	IP6T_POLICY_MATCH_OUT		= 0x2,
+	IP6T_POLICY_MATCH_NONE		= 0x4,
+	IP6T_POLICY_MATCH_STRICT	= 0x8,
+};
+
+enum ip6t_policy_modes
+{
+	IP6T_POLICY_MODE_TRANSPORT,
+	IP6T_POLICY_MODE_TUNNEL
+};
+
+struct ip6t_policy_spec
+{
+	u_int8_t	saddr:1,
+			daddr:1,
+			proto:1,
+			mode:1,
+			spi:1,
+			reqid:1;
+};
+
+union ip6t_policy_addr
+{
+	struct in_addr	a4;
+	struct in6_addr	a6;
+};
+
+struct ip6t_policy_elem
+{
+	union ip6t_policy_addr	saddr;
+	union ip6t_policy_addr	smask;
+	union ip6t_policy_addr	daddr;
+	union ip6t_policy_addr	dmask;
+	u_int32_t		spi;
+	u_int32_t		reqid;
+	u_int8_t		proto;
+	u_int8_t		mode;
+
+	struct ip6t_policy_spec	match;
+	struct ip6t_policy_spec	invert;
+};
+
+struct ip6t_policy_info
+{
+	struct ip6t_policy_elem pol[IP6T_POLICY_MAX_ELEM];
+	u_int16_t flags;
+	u_int16_t len;
+};
+
+#endif /* _IP6T_POLICY_H */

More information about the netfilter-cvslog mailing list