echo "WARNING: Version detection did not succeed. Continue at own luck.";
else
echo "$kmajor.$kminor.$kmicro.$kstable in $kbuilddir";
- if test "$kmajor" -gt 3 -o "$kmajor" -eq 3 -a "$kminor" -gt 2; then
+ if test "$kmajor" -gt 3 -o "$kmajor" -eq 3 -a "$kminor" -gt 3; then
echo "WARNING: You are trying a newer kernel. Results may vary. :-)";
elif test "$kmajor" -eq 3; then
:;
- compat_xtables: fixed mistranslation of checkentry return values
(affected kernels < 2.6.23)
- xt_SYSRQ: fix compile error when crypto is turned off
+Enhancements:
+- Support for Linux 3.3
v1.41 (2012-01-04)
#include <stdlib.h>
#include <getopt.h>
#include <xtables.h>
-#include <net/netfilter/nf_nat.h>
+#include <linux/netfilter/nf_nat.h>
#include "xt_DNETMAP.h"
#define MODULENAME "DNETMAP"
static void DNETMAP_init(struct xt_entry_target *t)
{
struct xt_DNETMAP_tginfo *tginfo = (void *)&t->data;
- struct nf_nat_multi_range *mr = &tginfo->prefix;
+ struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
}
/* Parses network address */
-static void parse_prefix(char *arg, struct nf_nat_range *range)
+static void parse_prefix(char *arg, struct nf_nat_ipv4_range *range)
{
char *slash;
const struct in_addr *ip;
u_int32_t netmask;
unsigned int bits;
- range->flags |= IP_NAT_RANGE_MAP_IPS;
+ range->flags |= NF_NAT_RANGE_MAP_IPS;
slash = strchr(arg, '/');
if (slash)
*slash = '\0';
const void *entry, struct xt_entry_target **target)
{
struct xt_DNETMAP_tginfo *tginfo = (void *)(*target)->data;
- struct nf_nat_multi_range *mr = &tginfo->prefix;
+ struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
char *end;
switch (c) {
int numeric)
{
struct xt_DNETMAP_tginfo *tginfo = (void *)&target->data;
- const struct nf_nat_multi_range *mr = &tginfo->prefix;
- const struct nf_nat_range *r = &mr->range[0];
+ const struct nf_nat_ipv4_multi_range_compat *mr = &tginfo->prefix;
+ const struct nf_nat_ipv4_range *r = &mr->range[0];
struct in_addr a;
int bits;
};
struct xt_DNETMAP_tginfo {
-#ifdef __KERNEL__
struct nf_nat_ipv4_multi_range_compat prefix;
-#else
- struct nf_nat_multi_range_compat prefix;
-#endif
__u8 flags;
__s16 ttl;
};
memset(&fl, 0, sizeof(fl));
fl.flowi6_proto = newip->nexthdr;
- ipv6_addr_copy(&fl.saddr, &newip->saddr);
- ipv6_addr_copy(&fl.daddr, &newip->daddr);
+ memcpy(&fl.saddr, &newip->saddr, sizeof(fl.saddr));
+ memcpy(&fl.daddr, &newip->daddr, sizeof(fl.daddr));
fl.fl6_sport = newudp->source;
fl.fl6_dport = newudp->dest;
security_skb_classify_flow((struct sk_buff *)oldskb, flowi6_to_flowi(&fl));
--- /dev/null
+#ifndef _NF_CONNTRACK_TUPLE_COMMON_H
+#define _NF_CONNTRACK_TUPLE_COMMON_H
+
+enum ip_conntrack_dir {
+ IP_CT_DIR_ORIGINAL,
+ IP_CT_DIR_REPLY,
+ IP_CT_DIR_MAX
+};
+
+/* The protocol-specific manipulable parts of the tuple: always in
+ * network order
+ */
+union nf_conntrack_man_proto {
+ /* Add other protocols here. */
+ __be16 all;
+
+ struct {
+ __be16 port;
+ } tcp;
+ struct {
+ __be16 port;
+ } udp;
+ struct {
+ __be16 id;
+ } icmp;
+ struct {
+ __be16 port;
+ } dccp;
+ struct {
+ __be16 port;
+ } sctp;
+ struct {
+ __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
+ } gre;
+};
+
+#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
+
+#endif /* _NF_CONNTRACK_TUPLE_COMMON_H */
--- /dev/null
+#ifndef _NETFILTER_NF_NAT_H
+#define _NETFILTER_NF_NAT_H
+
+#include <linux/netfilter.h>
+#include <linux/netfilter/nf_conntrack_tuple_common.h>
+
+#define NF_NAT_RANGE_MAP_IPS 1
+#define NF_NAT_RANGE_PROTO_SPECIFIED 2
+#define NF_NAT_RANGE_PROTO_RANDOM 4
+#define NF_NAT_RANGE_PERSISTENT 8
+
+struct nf_nat_ipv4_range {
+ unsigned int flags;
+ __be32 min_ip;
+ __be32 max_ip;
+ union nf_conntrack_man_proto min;
+ union nf_conntrack_man_proto max;
+};
+
+struct nf_nat_ipv4_multi_range_compat {
+ unsigned int rangesize;
+ struct nf_nat_ipv4_range range[1];
+};
+
+#endif /* _NETFILTER_NF_NAT_H */
+++ /dev/null
-/*
- * Definitions and Declarations for tuple.
- *
- * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
- * - generalize L3 protocol dependent part.
- *
- * Derived from include/linux/netfiter_ipv4/ip_conntrack_tuple.h
- */
-
-#ifndef _NF_CONNTRACK_TUPLE_H
-#define _NF_CONNTRACK_TUPLE_H
-
-#include <linux/netfilter/x_tables.h>
-#include <linux/netfilter/nf_conntrack_tuple_common.h>
-/*#include <linux/list_nulls.h>*/
-
-/* A `tuple' is a structure containing the information to uniquely
- identify a connection. ie. if two packets have the same tuple, they
- are in the same connection; if not, they are not.
-
- We divide the structure along "manipulatable" and
- "non-manipulatable" lines, for the benefit of the NAT code.
-*/
-
-#define NF_CT_TUPLE_L3SIZE ARRAY_SIZE(((union nf_inet_addr *)NULL)->all)
-
-/* The protocol-specific manipulable parts of the tuple: always in
- network order! */
-union nf_conntrack_man_proto {
- /* Add other protocols here. */
- __be16 all;
-
- struct {
- __be16 port;
- } tcp;
- struct {
- __be16 port;
- } udp;
- struct {
- __be16 id;
- } icmp;
- struct {
- __be16 port;
- } dccp;
- struct {
- __be16 port;
- } sctp;
- struct {
- __be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
- } gre;
-};
-
-/* The manipulable part of the tuple. */
-struct nf_conntrack_man {
- union nf_inet_addr u3;
- union nf_conntrack_man_proto u;
- /* Layer 3 protocol */
- u_int16_t l3num;
-};
-
-/* This contains the information to distinguish a connection. */
-struct nf_conntrack_tuple {
- struct nf_conntrack_man src;
-
- /* These are the parts of the tuple which are fixed. */
- struct {
- union nf_inet_addr u3;
- union {
- /* Add other protocols here. */
- __be16 all;
-
- struct {
- __be16 port;
- } tcp;
- struct {
- __be16 port;
- } udp;
- struct {
- u_int8_t type, code;
- } icmp;
- struct {
- __be16 port;
- } dccp;
- struct {
- __be16 port;
- } sctp;
- struct {
- __be16 key;
- } gre;
- } u;
-
- /* The protocol. */
- u_int8_t protonum;
-
- /* The direction (for tuplehash) */
- u_int8_t dir;
- } dst;
-};
-
-struct nf_conntrack_tuple_mask {
- struct {
- union nf_inet_addr u3;
- union nf_conntrack_man_proto u;
- } src;
-};
-
-#ifdef __KERNEL__
-
-static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t)
-{
-#ifdef DEBUG
- printk("tuple %p: %u %pI4:%hu -> %pI4:%hu\n",
- t, t->dst.protonum,
- &t->src.u3.ip, ntohs(t->src.u.all),
- &t->dst.u3.ip, ntohs(t->dst.u.all));
-#endif
-}
-
-static inline void nf_ct_dump_tuple_ipv6(const struct nf_conntrack_tuple *t)
-{
-#ifdef DEBUG
- printk("tuple %p: %u %pI6 %hu -> %pI6 %hu\n",
- t, t->dst.protonum,
- t->src.u3.all, ntohs(t->src.u.all),
- t->dst.u3.all, ntohs(t->dst.u.all));
-#endif
-}
-
-static inline void nf_ct_dump_tuple(const struct nf_conntrack_tuple *t)
-{
- switch (t->src.l3num) {
- case AF_INET:
- nf_ct_dump_tuple_ip(t);
- break;
- case AF_INET6:
- nf_ct_dump_tuple_ipv6(t);
- break;
- }
-}
-
-/* If we're the first tuple, it's the original dir. */
-#define NF_CT_DIRECTION(h) \
- ((enum ip_conntrack_dir)(h)->tuple.dst.dir)
-
-/* Connections have two entries in the hash table: one for each way */
-struct nf_conntrack_tuple_hash {
- struct hlist_nulls_node hnnode;
- struct nf_conntrack_tuple tuple;
-};
-
-static inline bool __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
- const struct nf_conntrack_tuple *t2)
-{
- return (nf_inet_addr_cmp(&t1->src.u3, &t2->src.u3) &&
- t1->src.u.all == t2->src.u.all &&
- t1->src.l3num == t2->src.l3num);
-}
-
-static inline bool __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1,
- const struct nf_conntrack_tuple *t2)
-{
- return (nf_inet_addr_cmp(&t1->dst.u3, &t2->dst.u3) &&
- t1->dst.u.all == t2->dst.u.all &&
- t1->dst.protonum == t2->dst.protonum);
-}
-
-static inline bool nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
- const struct nf_conntrack_tuple *t2)
-{
- return __nf_ct_tuple_src_equal(t1, t2) &&
- __nf_ct_tuple_dst_equal(t1, t2);
-}
-
-static inline bool
-nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1,
- const struct nf_conntrack_tuple_mask *m2)
-{
- return (nf_inet_addr_cmp(&m1->src.u3, &m2->src.u3) &&
- m1->src.u.all == m2->src.u.all);
-}
-
-static inline bool
-nf_ct_tuple_src_mask_cmp(const struct nf_conntrack_tuple *t1,
- const struct nf_conntrack_tuple *t2,
- const struct nf_conntrack_tuple_mask *mask)
-{
- int count;
-
- for (count = 0; count < NF_CT_TUPLE_L3SIZE; count++) {
- if ((t1->src.u3.all[count] ^ t2->src.u3.all[count]) &
- mask->src.u3.all[count])
- return false;
- }
-
- if ((t1->src.u.all ^ t2->src.u.all) & mask->src.u.all)
- return false;
-
- if (t1->src.l3num != t2->src.l3num ||
- t1->dst.protonum != t2->dst.protonum)
- return false;
-
- return true;
-}
-
-static inline bool
-nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
- const struct nf_conntrack_tuple *tuple,
- const struct nf_conntrack_tuple_mask *mask)
-{
- return nf_ct_tuple_src_mask_cmp(t, tuple, mask) &&
- __nf_ct_tuple_dst_equal(t, tuple);
-}
-#endif /* __KERNEL__ */
-
-#endif /* _NF_CONNTRACK_TUPLE_H */
+++ /dev/null
-#ifndef _NF_NAT_H
-#define _NF_NAT_H
-#include <linux/netfilter_ipv4.h>
-#include <net/netfilter/nf_conntrack_tuple.h>
-
-#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
-
-enum nf_nat_manip_type {
- IP_NAT_MANIP_SRC,
- IP_NAT_MANIP_DST
-};
-
-/* SRC manip occurs POST_ROUTING or LOCAL_IN */
-#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
- (hooknum) != NF_INET_LOCAL_IN)
-
-#define IP_NAT_RANGE_MAP_IPS 1
-#define IP_NAT_RANGE_PROTO_SPECIFIED 2
-#define IP_NAT_RANGE_PROTO_RANDOM 4
-#define IP_NAT_RANGE_PERSISTENT 8
-
-/* NAT sequence number modifications */
-struct nf_nat_seq {
- /* position of the last TCP sequence number modification (if any) */
- u_int32_t correction_pos;
-
- /* sequence number offset before and after last modification */
- int16_t offset_before, offset_after;
-};
-
-/* Single range specification. */
-struct nf_nat_range {
- /* Set to OR of flags above. */
- unsigned int flags;
-
- /* Inclusive: network order. */
- __be32 min_ip, max_ip;
-
- /* Inclusive: network order */
- union nf_conntrack_man_proto min, max;
-};
-
-/* For backwards compat: don't use in modern code. */
-struct nf_nat_multi_range_compat {
- unsigned int rangesize; /* Must be 1. */
-
- /* hangs off end. */
- struct nf_nat_range range[1];
-};
-
-#ifdef __KERNEL__
-#include <linux/list.h>
-#include <linux/netfilter/nf_conntrack_pptp.h>
-#include <net/netfilter/nf_conntrack_extend.h>
-
-/* per conntrack: nat application helper private data */
-union nf_conntrack_nat_help {
- /* insert nat helper private data here */
- struct nf_nat_pptp nat_pptp_info;
-};
-
-struct nf_conn;
-
-/* The structure embedded in the conntrack structure. */
-struct nf_conn_nat {
- struct hlist_node bysource;
- struct nf_nat_seq seq[IP_CT_DIR_MAX];
- struct nf_conn *ct;
- union nf_conntrack_nat_help help;
-#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
- defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
- int masq_index;
-#endif
-};
-
-/* Set up the info structure to map into this range. */
-extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
- const struct nf_nat_range *range,
- enum nf_nat_manip_type maniptype);
-
-/* Is this tuple already taken? (not by us)*/
-extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
- const struct nf_conn *ignored_conntrack);
-
-static inline struct nf_conn_nat *nfct_nat(const struct nf_conn *ct)
-{
- return nf_ct_ext_find(ct, NF_CT_EXT_NAT);
-}
-
-#else /* !__KERNEL__: iptables wants this to compile. */
-#define nf_nat_multi_range nf_nat_multi_range_compat
-#endif /*__KERNEL__*/
-#endif
projects / thirdparty / xtables-addons.git / commitdiff
