Fix 64bit kernel / 32bit userspace issue.

diff --git a/extensions/libip6t_limit.c b/extensions/libip6t_limit.c
index 9516252b5005e380a903e74eb840d587405087ed..e141d01bbf9961ea3e04b18b68032cfd6bc7ac14 100644 (file)
--- a/extensions/libip6t_limit.c
+++ b/extensions/libip6t_limit.c
@@ -11,7 +11,8 @@
 #include <ip6tables.h>
 #include <stddef.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
-#include <linux/netfilter_ipv6/ip6t_limit.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv6/ip6t_limit.h"
 
 #define IP6T_LIMIT_AVG "3/hour"
 #define IP6T_LIMIT_BURST       5

diff --git a/extensions/libipt_conntrack.c b/extensions/libipt_conntrack.c
index 48c2f1dc95d1313ffda459782783adeab91c56ea..49a2afbecaa29d1cfa2846c3c1d98d90e6db5c1a 100644 (file)
--- a/extensions/libipt_conntrack.c
+++ b/extensions/libipt_conntrack.c
@@ -11,7 +11,8 @@
 #include <iptables.h>
 #include <linux/netfilter_ipv4/ip_conntrack.h>
 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
-#include <linux/netfilter_ipv4/ipt_conntrack.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv4/ipt_conntrack.h"
 
 #ifndef IPT_CONNTRACK_STATE_UNTRACKED
 #define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
@@ -135,17 +136,29 @@ parse_statuses(const char *arg, struct ipt_conntrack_info *sinfo)
                exit_error(PARAMETER_PROBLEM, "Bad ctstatus `%s'", arg);
 }
 
-
+#ifdef KERNEL_64_USERSPACE_32
+static unsigned long long
+parse_expire(const char *s)
+{
+       unsigned long long len;
+       
+       if (string_to_number_ll(s, 0, 0, &len) == -1)
+               exit_error(PARAMETER_PROBLEM, "expire value invalid: `%s'\n", s);
+       else
+               return len;
+}
+#else
 static unsigned long
 parse_expire(const char *s)
 {
        unsigned int len;
        
-       if (string_to_number(s, 0, 0xFFFFFFFF, &len) == -1)
+       if (string_to_number(s, 0, 0, &len) == -1)
                exit_error(PARAMETER_PROBLEM, "expire value invalid: `%s'\n", s);
        else
                return len;
 }
+#endif
 
 /* If a single value is provided, min and max are both set to the value */
 static void
@@ -162,15 +175,19 @@ parse_expires(const char *s, struct ipt_conntrack_info *sinfo)
                cp++;
 
                sinfo->expires_min = buffer[0] ? parse_expire(buffer) : 0;
-               sinfo->expires_max = cp[0] ? parse_expire(cp) : 0xFFFFFFFF;
+               sinfo->expires_max = cp[0] ? parse_expire(cp) : -1;
        }
        free(buffer);
        
        if (sinfo->expires_min > sinfo->expires_max)
                exit_error(PARAMETER_PROBLEM,
+#ifdef KERNEL_64_USERSPACE_32
+                          "expire min. range value `%llu' greater than max. "
+                          "range value `%llu'", sinfo->expires_min, sinfo->expires_max);
+#else
                           "expire min. range value `%lu' greater than max. "
                           "range value `%lu'", sinfo->expires_min, sinfo->expires_max);
-       
+#endif
 }
 
 /* Function which parses command options; returns true if it
@@ -485,10 +502,17 @@ matchinfo_print(const struct ipt_ip *ip, const struct ipt_entry_match *match, in
                if (sinfo->invflags & IPT_CONNTRACK_EXPIRES)
                        printf("! ");
 
+#ifdef KERNEL_64_USERSPACE_32
+               if (sinfo->expires_max == sinfo->expires_min)
+                       printf("%llu ", sinfo->expires_min);
+               else
+                       printf("%llu:%llu ", sinfo->expires_min, sinfo->expires_max);
+#else
                if (sinfo->expires_max == sinfo->expires_min)
                        printf("%lu ", sinfo->expires_min);
                else
                        printf("%lu:%lu ", sinfo->expires_min, sinfo->expires_max);
+#endif
        }
 }
 

diff --git a/extensions/libipt_limit.c b/extensions/libipt_limit.c
index af381fa38b135adf8c59fd1c00b2c3427742920a..4d52040c7a1a34823a226a3843d6e47b8666fdda 100644 (file)
--- a/extensions/libipt_limit.c
+++ b/extensions/libipt_limit.c
@@ -11,7 +11,8 @@
 #include <iptables.h>
 #include <stddef.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_limit.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv4/ipt_limit.h"
 
 #define IPT_LIMIT_AVG  "3/hour"
 #define IPT_LIMIT_BURST        5

diff --git a/include/linux/netfilter_ipv4/ipt_conntrack.h b/include/linux/netfilter_ipv4/ipt_conntrack.h
index eb97456cd692926b04a62711434f911685edd6f1..98770212f1a5add01d6eb5d0e48bece86d737670 100644 (file)
--- a/include/linux/netfilter_ipv4/ipt_conntrack.h
+++ b/include/linux/netfilter_ipv4/ipt_conntrack.h
@@ -10,6 +10,7 @@
 
 #define IPT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1))
 #define IPT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2))
+#define IPT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3))
 
 /* flags, invflags: */
 #define IPT_CONNTRACK_STATE    0x01
@@ -28,7 +29,11 @@ struct ipt_conntrack_info
        struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX];
        struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
 
+#ifdef KERNEL_64_USERSPACE_32
+       unsigned long long expires_min, expires_max;
+#else
        unsigned long expires_min, expires_max;
+#endif
 
        /* Flags word */
        u_int8_t flags;
@@ -36,4 +41,3 @@ struct ipt_conntrack_info
        u_int8_t invflags;
 };
 #endif /*_IPT_CONNTRACK_H*/
-

diff --git a/include/linux/netfilter_ipv4/ipt_limit.h b/include/linux/netfilter_ipv4/ipt_limit.h
new file mode 100644 (file)
index 0000000..e2fb166
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_limit.h
@@ -0,0 +1,26 @@
+#ifndef _IPT_RATE_H
+#define _IPT_RATE_H
+
+/* timings are in milliseconds. */
+#define IPT_LIMIT_SCALE 10000
+
+/* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
+   seconds, or one every 59 hours. */
+struct ipt_rateinfo {
+       u_int32_t avg;    /* Average secs between packets * scale */
+       u_int32_t burst;  /* Period multiplier for upper limit. */
+
+#ifdef KERNEL_64_USERSPACE_32
+       u_int64_t prev;
+       u_int64_t placeholder;
+#else
+       /* Used internally by the kernel */
+       unsigned long prev;
+       /* Ugly, ugly fucker. */
+       struct ipt_rateinfo *master;
+#endif
+
+       u_int32_t credit;
+       u_int32_t credit_cap, cost;
+};
+#endif /*_IPT_RATE_H*/

diff --git a/include/linux/netfilter_ipv6/ip6t_limit.h b/include/linux/netfilter_ipv6/ip6t_limit.h
new file mode 100644 (file)
index 0000000..cd3e834
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_limit.h
@@ -0,0 +1,25 @@
+#ifndef _IP6T_RATE_H
+#define _IP6T_RATE_H
+
+/* timings are in milliseconds. */
+#define IP6T_LIMIT_SCALE 10000
+
+/* 1/10,000 sec period => max of 10,000/sec.  Min rate is then 429490
+   seconds, or one every 59 hours. */
+struct ip6t_rateinfo {
+       u_int32_t avg;    /* Average secs between packets * scale */
+       u_int32_t burst;  /* Period multiplier for upper limit. */
+
+#ifdef KERNEL_64_USERSPACE_32
+       u_int64_t prev;
+       u_int64_t placeholder;
+#else
+       /* Used internally by the kernel */
+       unsigned long prev;
+       /* Ugly, ugly fucker. */
+       struct ip6t_rateinfo *master;
+#endif
+       u_int32_t credit;
+       u_int32_t credit_cap, cost;
+};
+#endif /*_IPT_RATE_H*/