add support for the raw table to userspace

author Harald Welte <laforge@gnumonks.org>

Tue, 7 Oct 2003 18:55:13 +0000 (18:55 +0000)

committer Harald Welte <laforge@gnumonks.org>

Tue, 7 Oct 2003 18:55:13 +0000 (18:55 +0000)
author Harald Welte <laforge@gnumonks.org>
Tue, 7 Oct 2003 18:55:13 +0000 (18:55 +0000)
committer Harald Welte <laforge@gnumonks.org>
Tue, 7 Oct 2003 18:55:13 +0000 (18:55 +0000)
diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c

index ccb78ea1f8a3e6b03f1476970d91fd61268c2b08..63b38e98f0b8e490971d08a4ef24708fb8ea49c0 100644 (file)
--- a/extensions/libipt_conntrack.c
+++ b/extensions/libipt_conntrack.c
@@ -13,13 +13,17 @@
  #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
  #include <linux/netfilter_ipv4/ipt_conntrack.h>
  
+#ifndef IPT_CONNTRACK_STATE_UNTRACKED
+#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
+#endif
+
  /* Function which prints out usage message. */
  static void
  help(void)
  {
         printf(
  "conntrack match v%s options:\n"
-" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|SNAT|DNAT][,...]\n"
+" [!] --ctstate [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED|SNAT|DNAT][,...]\n"
  "                              State(s) to match\n"
  " [!] --ctproto        proto           Protocol to match; by number or name, eg. `tcp'\n"
  "     --ctorigsrc  [!] address[/mask]\n"
@@ -70,6 +74,8 @@ parse_state(const char *state, size_t strlen, struct ipt_conntrack_info *sinfo)
                 sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_ESTABLISHED);
         else if (strncasecmp(state, "RELATED", strlen) == 0)
                 sinfo->statemask |= IPT_CONNTRACK_STATE_BIT(IP_CT_RELATED);
+       else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
+               sinfo->statemask |= IPT_CONNTRACK_STATE_UNTRACKED;
         else if (strncasecmp(state, "SNAT", strlen) == 0)
                 sinfo->statemask |= IPT_CONNTRACK_STATE_SNAT;
         else if (strncasecmp(state, "DNAT", strlen) == 0)
@@ -349,6 +355,10 @@ print_state(unsigned int statemask)
                 printf("%sESTABLISHED", sep);
                 sep = ",";
         }
+       if (statemask & IPT_CONNTRACK_STATE_UNTRACKED) {
+               printf("%sUNTRACKED", sep);
+               sep = ",";
+       }
         if (statemask & IPT_CONNTRACK_STATE_SNAT) {
                 printf("%sSNAT", sep);
                 sep = ",";
diff --git a/extensions/libipt_state.c b/extensions/libipt_state.c

index ac3c0ba3a014f91818dd44a856a0a715106697b3..3662d949abff829ee8418e59967ed0542f0a3e76 100644 (file)
--- a/extensions/libipt_state.c
+++ b/extensions/libipt_state.c
@@ -8,13 +8,17 @@
  #include <linux/netfilter_ipv4/ip_conntrack.h>
  #include <linux/netfilter_ipv4/ipt_state.h>
  
+#ifndef IPT_STATE_UNTRACKED
+#define IPT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1))
+#endif
+
  /* Function which prints out usage message. */
  static void
  help(void)
  {
         printf(
  "state v%s options:\n"
-" [!] --state [INVALID|ESTABLISHED|NEW|RELATED][,...]\n"
+" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n"
  "                              State(s) to match\n"
  "\n", IPTABLES_VERSION);
  }
@@ -43,6 +47,8 @@ parse_state(const char *state, size_t strlen, struct ipt_state_info *sinfo)
                 sinfo->statemask |= IPT_STATE_BIT(IP_CT_ESTABLISHED);
         else if (strncasecmp(state, "RELATED", strlen) == 0)
                 sinfo->statemask |= IPT_STATE_BIT(IP_CT_RELATED);
+       else if (strncasecmp(state, "UNTRACKED", strlen) == 0)
+               sinfo->statemask |= IPT_STATE_UNTRACKED;
         else
                 return 0;
         return 1;
@@ -117,6 +123,10 @@ static void print_state(unsigned int statemask)
                 printf("%sESTABLISHED", sep);
                 sep = ",";
         }
+       if (statemask & IPT_STATE_UNTRACKED) {
+               printf("%sUNTRACKED", sep);
+               sep = ",";
+       }
         printf(" ");
  }
  
diff --git a/libiptc/libip4tc.c b/libiptc/libip4tc.c

index e012c088335bb6b43e1f81f386f483bf08a615c1..76a8281b8994cfaab112fa65d4d9412185f56544 100644 (file)
--- a/libiptc/libip4tc.c
+++ b/libiptc/libip4tc.c
@@ -436,6 +436,19 @@ do_check(TC_HANDLE_T h, unsigned int line)
                         assert(h->info.hook_entry[NF_IP_POST_ROUTING] == n);
                         user_offset = h->info.hook_entry[NF_IP_POST_ROUTING];
                 }
+       } else if (strcmp(h->info.name, "raw") == 0) {
+               assert(h->info.valid_hooks
+                      == (1 << NF_IP_PRE_ROUTING
+                          | 1 << NF_IP_LOCAL_OUT));
+
+               /* Hooks should be first three */
+               assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0);
+
+               n = get_chain_end(h, n);
+               n += get_entry(h, n)->next_offset;
+               assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n);
+
+               user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT];
  
  #ifdef NF_IP_DROPPING
         } else if (strcmp(h->info.name, "drop") == 0) {
author	Harald Welte <laforge@gnumonks.org>
	Tue, 7 Oct 2003 18:55:13 +0000 (18:55 +0000)
committer	Harald Welte <laforge@gnumonks.org>
	Tue, 7 Oct 2003 18:55:13 +0000 (18:55 +0000)
extensions/libipt_conntrack.c		patch \| blob \| blame \| history
extensions/libipt_state.c		patch \| blob \| blame \| history
libiptc/libip4tc.c		patch \| blob \| blame \| history