#include <xtables.h>
#include <iptables.h> /* get_kernel_version */
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
#define IPT_DNAT_OPT_DEST 0x1
#define IPT_DNAT_OPT_RANDOM 0x2
struct ipt_natinfo
{
struct xt_entry_target t;
- struct ip_nat_multi_range mr;
+ struct nf_nat_multi_range mr;
};
static void DNAT_help(void)
};
static struct ipt_natinfo *
-append_range(struct ipt_natinfo *info, const struct ip_nat_range *range)
+append_range(struct ipt_natinfo *info, const struct nf_nat_range *range)
{
unsigned int size;
static struct xt_entry_target *
parse_to(char *arg, int portok, struct ipt_natinfo *info)
{
- struct ip_nat_range range;
+ struct nf_nat_range range;
char *colon, *dash, *error;
const struct in_addr *ip;
"You must specify --to-destination");
}
-static void print_range(const struct ip_nat_range *r)
+static void print_range(const struct nf_nat_range *r)
{
if (r->flags & IP_NAT_RANGE_MAP_IPS) {
struct in_addr a;
.name = "DNAT",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
.help = DNAT_help,
.parse = DNAT_parse,
.final_check = DNAT_check,
#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
static void MASQUERADE_help(void)
{
static void MASQUERADE_init(struct xt_entry_target *t)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
/* Parses ports */
static void
-parse_ports(const char *arg, struct ip_nat_multi_range *mr)
+parse_ports(const char *arg, struct nf_nat_multi_range *mr)
{
const char *dash;
int port;
{
const struct ipt_entry *entry = e;
int portok;
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)(*target)->data;
if (entry->ip.proto == IPPROTO_TCP
|| entry->ip.proto == IPPROTO_UDP
MASQUERADE_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
- struct ip_nat_range *r = &mr->range[0];
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)target->data;
+ struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
printf("masq ports: ");
static void
MASQUERADE_save(const void *ip, const struct xt_entry_target *target)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
- struct ip_nat_range *r = &mr->range[0];
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)target->data;
+ struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
printf("--to-ports %hu", ntohs(r->min.tcp.port));
.name = "MASQUERADE",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
.help = MASQUERADE_help,
.init = MASQUERADE_init,
.parse = MASQUERADE_parse,
#include <stdlib.h>
#include <getopt.h>
#include <xtables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
#define MODULENAME "NETMAP"
static void NETMAP_init(struct xt_entry_target *t)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
/* Parses network address */
static void
-parse_to(char *arg, struct ip_nat_range *range)
+parse_to(char *arg, struct nf_nat_range *range)
{
char *slash;
const struct in_addr *ip;
static int NETMAP_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_target **target)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)(*target)->data;
switch (c) {
case '1':
static void NETMAP_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
- struct ip_nat_range *r = &mr->range[0];
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)target->data;
+ struct nf_nat_range *r = &mr->range[0];
struct in_addr a;
int bits;
.name = MODULENAME,
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
.help = NETMAP_help,
.init = NETMAP_init,
.parse = NETMAP_parse,
#include <getopt.h>
#include <xtables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
#define IPT_REDIRECT_OPT_DEST 0x01
#define IPT_REDIRECT_OPT_RANDOM 0x02
static void REDIRECT_init(struct xt_entry_target *t)
{
- struct ip_nat_multi_range *mr = (struct ip_nat_multi_range *)t->data;
+ struct nf_nat_multi_range *mr = (struct nf_nat_multi_range *)t->data;
/* Actually, it's 0, but it's ignored at the moment. */
mr->rangesize = 1;
/* Parses ports */
static void
-parse_ports(const char *arg, struct ip_nat_multi_range *mr)
+parse_ports(const char *arg, struct nf_nat_multi_range *mr)
{
const char *dash;
int port;
const void *e, struct xt_entry_target **target)
{
const struct ipt_entry *entry = e;
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)(*target)->data;
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)(*target)->data;
int portok;
if (entry->ip.proto == IPPROTO_TCP
static void REDIRECT_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
- struct ip_nat_range *r = &mr->range[0];
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)target->data;
+ struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
printf("redir ports ");
static void REDIRECT_save(const void *ip, const struct xt_entry_target *target)
{
- struct ip_nat_multi_range *mr
- = (struct ip_nat_multi_range *)target->data;
- struct ip_nat_range *r = &mr->range[0];
+ struct nf_nat_multi_range *mr
+ = (struct nf_nat_multi_range *)target->data;
+ struct nf_nat_range *r = &mr->range[0];
if (r->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
printf("--to-ports ");
.name = "REDIRECT",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
.help = REDIRECT_help,
.init = REDIRECT_init,
.parse = REDIRECT_parse,
#include <stdlib.h>
#include <getopt.h>
#include <xtables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
/* For 64bit kernel / 32bit userspace */
#include <linux/netfilter_ipv4/ipt_SAME.h>
/* Parses range of IPs */
static void
-parse_to(char *arg, struct ip_nat_range *range)
+parse_to(char *arg, struct nf_nat_range *range)
{
char *dash;
const struct in_addr *ip;
printf("same:");
for (count = 0; count < mr->rangesize; count++) {
- struct ip_nat_range *r = &mr->range[count];
+ struct nf_nat_range *r = &mr->range[count];
struct in_addr a;
a.s_addr = r->min_ip;
int random_selection = 0;
for (count = 0; count < mr->rangesize; count++) {
- struct ip_nat_range *r = &mr->range[count];
+ struct nf_nat_range *r = &mr->range[count];
struct in_addr a;
a.s_addr = r->min_ip;
#include <xtables.h>
#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter/nf_nat.h>
+#include <net/netfilter/nf_nat.h>
#define IPT_SNAT_OPT_SOURCE 0x01
#define IPT_SNAT_OPT_RANDOM 0x02
struct ipt_natinfo
{
struct xt_entry_target t;
- struct ip_nat_multi_range mr;
+ struct nf_nat_multi_range mr;
};
static void SNAT_help(void)
};
static struct ipt_natinfo *
-append_range(struct ipt_natinfo *info, const struct ip_nat_range *range)
+append_range(struct ipt_natinfo *info, const struct nf_nat_range *range)
{
unsigned int size;
static struct xt_entry_target *
parse_to(char *arg, int portok, struct ipt_natinfo *info)
{
- struct ip_nat_range range;
+ struct nf_nat_range range;
char *colon, *dash, *error;
const struct in_addr *ip;
"You must specify --to-source");
}
-static void print_range(const struct ip_nat_range *r)
+static void print_range(const struct nf_nat_range *r)
{
if (r->flags & IP_NAT_RANGE_MAP_IPS) {
struct in_addr a;
.name = "SNAT",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
- .userspacesize = XT_ALIGN(sizeof(struct ip_nat_multi_range)),
+ .size = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
+ .userspacesize = XT_ALIGN(sizeof(struct nf_nat_multi_range)),
.help = SNAT_help,
.parse = SNAT_parse,
.final_check = SNAT_check,
IPCT_NATINFO_BIT = 10,
IPCT_NATINFO = (1 << IPCT_NATINFO_BIT),
- /* Counter highest bit has been set */
+ /* Counter highest bit has been set, unused */
IPCT_COUNTER_FILLING_BIT = 11,
IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
#define _XT_NFLOG_TARGET
#define XT_NFLOG_DEFAULT_GROUP 0x1
-#define XT_NFLOG_DEFAULT_THRESHOLD 0
+#define XT_NFLOG_DEFAULT_THRESHOLD 1
#define XT_NFLOG_MASK 0x0
struct xt_connlimit_info {
union {
- u_int32_t v4_mask;
- u_int32_t v6_mask[4];
+ union nf_inet_addr mask;
+ union {
+ __be32 v4_mask;
+ __be32 v6_mask[4];
+ };
};
unsigned int limit, inverse;
- /* this needs to be at the end */
+ /* Used internally by the kernel */
struct xt_connlimit_data *data __attribute__((aligned(8)));
};
#ifndef _XT_CONNTRACK_H
#define _XT_CONNTRACK_H
+#include <linux/types.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo)%IP_CT_IS_REPLY+1))
struct xt_quota_info {
u_int32_t flags;
u_int32_t pad;
+
+ /* Used internally by the kernel */
aligned_u64 quota;
struct xt_quota_info *master;
};
#define XT_SCTP_VALID_FLAGS 0x07
-/* temporary */
-#define SCTP_ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
-
-
struct xt_sctp_flag_info {
u_int8_t chunktype;
u_int8_t flag;
memcpy((destmap), (srcmap), sizeof(srcmap))
#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) \
- __sctp_chunkmap_is_clear((chunkmap), SCTP_ARRAY_SIZE(chunkmap))
-static inline bool
+ __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap))
+static __inline__ bool
__sctp_chunkmap_is_clear(const u_int32_t *chunkmap, unsigned int n)
{
unsigned int i;
#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) \
__sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap))
-static inline bool
+static __inline__ bool
__sctp_chunkmap_is_all_set(const u_int32_t *chunkmap, unsigned int n)
{
unsigned int i;
enum {
XT_STRING_FLAG_INVERT = 0x01,
- XT_STRING_FLAG_IGNORECASE = 0x02
+ XT_STRING_FLAG_IGNORECASE = 0x02
};
struct xt_string_info
u_int8_t patlen;
union {
struct {
- u_int8_t invert;
+ u_int8_t invert;
} v0;
struct {
- u_int8_t flags;
+ u_int8_t flags;
} v1;
} u;
#ifndef _IPTABLES_H
#define _IPTABLES_H
+#include <linux/types.h>
+
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter/x_tables.h>
u_int32_t *iparray;
/* hangs off end. */
- struct ip_nat_range range[IPT_SAME_MAX_RANGE];
+ struct nf_nat_range range[IPT_SAME_MAX_RANGE];
};
#endif /*_IPT_SAME_H*/
#ifndef _IP6_TABLES_H
#define _IP6_TABLES_H
+#include <linux/types.h>
+
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter/x_tables.h>
+++ /dev/null
-#ifndef _IP6T_TCPMSS_H
-#define _IP6T_TCPMSS_H
-
-struct ip6t_tcpmss_info {
- u_int16_t mss;
-};
-
-#define IP6T_TCPMSS_CLAMP_PMTU 0xffff
-
-#endif /*_IP6T_TCPMSS_H*/
*
* Linux always considers sectors to be 512 bytes long independently
* of the devices real block size.
+ *
+ * blkcnt_t is the type of the inode's block count.
*/
#ifdef CONFIG_LBD
typedef u64 sector_t;
-#else
-typedef unsigned long sector_t;
-#endif
-
-/*
- * The type of the inode's block count.
- */
-#ifdef CONFIG_LSF
typedef u64 blkcnt_t;
#else
+typedef unsigned long sector_t;
typedef unsigned long blkcnt_t;
#endif
typedef __u16 __bitwise __be16;
typedef __u32 __bitwise __le32;
typedef __u32 __bitwise __be32;
-#if defined(__GNUC__)
typedef __u64 __bitwise __le64;
typedef __u64 __bitwise __be64;
-#endif
+
typedef __u16 __bitwise __sum16;
typedef __u32 __bitwise __wsum;
-struct ustat {
- __kernel_daddr_t f_tfree;
- __kernel_ino_t f_tinode;
- char f_fname[6];
- char f_fpack[6];
-};
-
#endif /* _LINUX_TYPES_H */
+/* This file was manually copied from the Linux kernel source
+ * and manually stripped from __KERNEL__ sections and unused functions.
+ */
+
/*
* Definitions and Declarations for tuple.
*
#ifndef _NF_CONNTRACK_TUPLE_H
#define _NF_CONNTRACK_TUPLE_H
+#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/nf_conntrack_tuple_common.h>
/* A `tuple' is a structure containing the information to uniquely
"non-manipulatable" lines, for the benefit of the NAT code.
*/
-#define NF_CT_TUPLE_L3SIZE 4
-
-/* The l3 protocol-specific manipulable parts of the tuple: always in
- network order! */
-union nf_conntrack_address {
- u_int32_t all[NF_CT_TUPLE_L3SIZE];
- __be32 ip;
- __be32 ip6[4];
-};
+#define NF_CT_TUPLE_L3SIZE ARRAY_SIZE(((union nf_inet_addr *)NULL)->all)
/* The protocol-specific manipulable parts of the tuple: always in
network order! */
union nf_conntrack_man_proto
{
/* Add other protocols here. */
- u_int16_t all;
+ __be16 all;
struct {
__be16 port;
struct {
__be16 id;
} icmp;
+ struct {
+ __be16 port;
+ } dccp;
struct {
__be16 port;
} sctp;
/* The manipulable part of the tuple. */
struct nf_conntrack_man
{
- union nf_conntrack_address u3;
+ union nf_inet_addr u3;
union nf_conntrack_man_proto u;
/* Layer 3 protocol */
u_int16_t l3num;
/* These are the parts of the tuple which are fixed. */
struct {
- union nf_conntrack_address u3;
+ union nf_inet_addr u3;
union {
/* Add other protocols here. */
- u_int16_t all;
+ __be16 all;
struct {
__be16 port;
struct {
u_int8_t type, code;
} icmp;
+ struct {
+ __be16 port;
+ } dccp;
struct {
__be16 port;
} sctp;
} dst;
};
+struct nf_conntrack_tuple_mask
+{
+ struct {
+ union nf_inet_addr u3;
+ union nf_conntrack_man_proto u;
+ } src;
+};
+
#endif /* _NF_CONNTRACK_TUPLE_H */
#ifndef _NF_NAT_H
#define _NF_NAT_H
#include <linux/netfilter_ipv4.h>
-#include <linux/netfilter/nf_conntrack_tuple.h>
+#include <net/netfilter/nf_conntrack_tuple.h>
#define NF_NAT_MAPPING_TYPE_MAX_NAMELEN 16
};
/* SRC manip occurs POST_ROUTING or LOCAL_IN */
-#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)
+#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
+ (hooknum) != NF_INET_LOCAL_IN)
#define IP_NAT_RANGE_MAP_IPS 1
#define IP_NAT_RANGE_PROTO_SPECIFIED 2
#define IP_NAT_RANGE_PROTO_RANDOM 4
+/* NAT sequence number modifications */
+struct nf_nat_seq {
+ /* position of the last TCP sequence number modification (if any) */
+ u_int32_t correction_pos;
+
+ /* sequence number offset before and after last modification */
+ int16_t offset_before, offset_after;
+};
+
/* Single range specification. */
struct nf_nat_range
{
struct nf_nat_range range[1];
};
-#define ip_nat_range nf_nat_range
-#define ip_nat_multi_range nf_nat_multi_range_compat
+#define nf_nat_multi_range nf_nat_multi_range_compat
#endif
projects / thirdparty / iptables.git / commitdiff
