Unifies libip[6]t_connmark into libxt_connmark

diff --git a/extensions/Makefile b/extensions/Makefile
index e56a7d2dd64be937de4828c83f2869dadf3b0c7f..f6ad924a862e6ab15a87c79dd8f9f4e68631458b 100644 (file)
--- a/extensions/Makefile
+++ b/extensions/Makefile
@@ -5,9 +5,9 @@
 # header files are present in the include/linux directory of this iptables
 # package (HW)
 #
-PF_EXT_SLIB:=ah addrtype connmark conntrack ecn helper icmp iprange owner policy realm state tos ttl unclean CLASSIFY DNAT DSCP ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL TRACE ULOG
-PF6_EXT_SLIB:=connmark eui64 hl icmp6 owner policy state HL LOG TRACE
-PFX_EXT_SLIB:=comment connlimit dscp esp hashlimit length limit mac mark multiport physdev pkttype sctp standard tcp tcpmss udp CONNMARK MARK NFQUEUE NOTRACK TCPMSS
+PF_EXT_SLIB:=ah addrtype conntrack ecn helper icmp iprange owner policy realm state tos ttl unclean CLASSIFY DNAT DSCP ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL TRACE ULOG
+PF6_EXT_SLIB:=eui64 hl icmp6 owner policy state HL LOG TRACE
+PFX_EXT_SLIB:=connmark connlimit comment dscp esp hashlimit length limit mac mark multiport physdev pkttype sctp standard tcp tcpmss udp CONNMARK MARK NFQUEUE NOTRACK TCPMSS
 
 ifeq ($(DO_SELINUX), 1)
 PF_EXT_SE_SLIB:=

diff --git a/extensions/libipt_connmark.c b/extensions/libipt_connmark.c
deleted file mode 100644 (file)
index 31a4554..0000000
--- a/extensions/libipt_connmark.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* Shared library add-on to iptables to add connmark matching support.
- *
- * (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
- * by Henrik Nordstrom <hno@marasystems.com>
- *
- * Version 1.1
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-#include <stdio.h>
-#include <netdb.h>
-#include <string.h>
-#include <stdlib.h>
-#include <getopt.h>
-
-#include <iptables.h>
-#include "../include/linux/netfilter_ipv4/ipt_connmark.h"
-
-/* Function which prints out usage message. */
-static void
-help(void)
-{
-       printf(
-"CONNMARK match v%s options:\n"
-"[!] --mark value[/mask]         Match nfmark value with optional mask\n"
-"\n",
-IPTABLES_VERSION);
-}
-
-static const struct option opts[] = {
-       { "mark", 1, 0, '1' },
-       {0}
-};
-
-/* Initialize the match. */
-static void
-init(struct xt_entry_match *m, unsigned int *nfcache)
-{
-       /* Can't cache this. */
-       *nfcache |= NFC_UNKNOWN;
-}
-
-/* Function which parses command options; returns true if it
-   ate an option */
-static int
-parse(int c, char **argv, int invert, unsigned int *flags,
-      const void *entry,
-      unsigned int *nfcache,
-      struct xt_entry_match **match)
-{
-       struct ipt_connmark_info *markinfo = (struct ipt_connmark_info *)(*match)->data;
-
-       switch (c) {
-               char *end;
-       case '1':
-               check_inverse(optarg, &invert, &optind, 0);
-
-               markinfo->mark = strtoul(optarg, &end, 0);
-               markinfo->mask = 0xffffffffUL;
-               
-               if (*end == '/')
-                       markinfo->mask = strtoul(end+1, &end, 0);
-
-               if (*end != '\0' || end == optarg)
-                       exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
-               if (invert)
-                       markinfo->invert = 1;
-               *flags = 1;
-               break;
-
-       default:
-               return 0;
-       }
-       return 1;
-}
-
-static void
-print_mark(unsigned long mark, unsigned long mask, int numeric)
-{
-       if(mask != 0xffffffffUL)
-               printf("0x%lx/0x%lx ", mark, mask);
-       else
-               printf("0x%lx ", mark);
-}
-
-/* Final check; must have specified --mark. */
-static void
-final_check(unsigned int flags)
-{
-       if (!flags)
-               exit_error(PARAMETER_PROBLEM,
-                          "MARK match: You must specify `--mark'");
-}
-
-/* Prints out the matchinfo. */
-static void
-print(const void *ip,
-      const struct xt_entry_match *match,
-      int numeric)
-{
-       struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
-
-       printf("CONNMARK match ");
-       if (info->invert)
-               printf("!");
-       print_mark(info->mark, info->mask, numeric);
-}
-
-/* Saves the matchinfo in parsable form to stdout. */
-static void
-save(const void *ip, const struct xt_entry_match *match)
-{
-       struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
-
-       if (info->invert)
-               printf("! ");
-
-       printf("--mark ");
-       print_mark(info->mark, info->mask, 0);
-}
-
-static struct iptables_match connmark_match = {
-    .name          = "connmark",
-    .version       = IPTABLES_VERSION,
-    .size          = IPT_ALIGN(sizeof(struct ipt_connmark_info)),
-    .userspacesize = IPT_ALIGN(sizeof(struct ipt_connmark_info)),
-    .help          = &help,
-    .init          = &init,
-    .parse         = &parse,
-    .final_check   = &final_check,
-    .print         = &print,
-    .save          = &save,
-    .extra_opts    = opts
-};
-
-void _init(void)
-{
-       register_match(&connmark_match);
-}

diff --git a/extensions/libip6t_connmark.c b/extensions/libxt_connmark.c
similarity index 72%
rename from extensions/libip6t_connmark.c
rename to extensions/libxt_connmark.c
index 427003a3606f8a4a8d9e36ed5b43034e0125324e..2ed9a918433384ff055bc144c3a081b49c6ba54c 100644 (file)
--- a/extensions/libip6t_connmark.c
+++ b/extensions/libxt_connmark.c
@@ -25,8 +25,8 @@
 #include <stdlib.h>
 #include <getopt.h>
 
-#include <ip6tables.h>
-#include "../include/linux/netfilter_ipv4/ipt_connmark.h"
+#include <xtables.h>
+#include <linux/netfilter/xt_connmark.h>
 
 /* Function which prints out usage message. */
 static void
@@ -44,14 +44,6 @@ static const struct option opts[] = {
        {0}
 };
 
-/* Initialize the match. */
-static void
-init(struct xt_entry_match *m, unsigned int *nfcache)
-{
-       /* Can't cache this. */
-       *nfcache |= NFC_UNKNOWN;
-}
-
 /* Function which parses command options; returns true if it
    ate an option */
 static int
@@ -60,7 +52,7 @@ parse(int c, char **argv, int invert, unsigned int *flags,
       unsigned int *nfcache,
       struct xt_entry_match **match)
 {
-       struct ipt_connmark_info *markinfo = (struct ipt_connmark_info *)(*match)->data;
+       struct xt_connmark_info *markinfo = (struct xt_connmark_info *)(*match)->data;
 
        switch (c) {
                char *end;
@@ -110,7 +102,7 @@ print(const void *ip,
       const struct xt_entry_match *match,
       int numeric)
 {
-       struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
+       struct xt_connmark_info *info = (struct xt_connmark_info *)match->data;
 
        printf("CONNMARK match ");
        if (info->invert)
@@ -122,7 +114,7 @@ print(const void *ip,
 static void
 save(const void *ip, const struct xt_entry_match *match)
 {
-       struct ipt_connmark_info *info = (struct ipt_connmark_info *)match->data;
+       struct xt_connmark_info *info = (struct xt_connmark_info *)match->data;
 
        if (info->invert)
                printf("! ");
@@ -131,21 +123,36 @@ save(const void *ip, const struct xt_entry_match *match)
        print_mark(info->mark, info->mask, 0);
 }
 
-static struct ip6tables_match connmark_match = {
-    .name          = "connmark",
-    .version       = IPTABLES_VERSION,
-    .size          = IP6T_ALIGN(sizeof(struct ipt_connmark_info)),
-    .userspacesize = IP6T_ALIGN(sizeof(struct ipt_connmark_info)),
-    .help          = &help,
-    .init          = &init,
-    .parse         = &parse,
-    .final_check   = &final_check,
-    .print         = &print,
-    .save          = &save,
-    .extra_opts    = opts
+static struct xtables_match connmark_match = {
+       .family         = AF_INET,
+       .name           = "connmark",
+       .version        = IPTABLES_VERSION,
+       .size           = XT_ALIGN(sizeof(struct xt_connmark_info)),
+       .userspacesize  = XT_ALIGN(sizeof(struct xt_connmark_info)),
+       .help           = &help,
+       .parse          = &parse,
+       .final_check    = &final_check,
+       .print          = &print,
+       .save           = &save,
+       .extra_opts     = opts
+};
+
+static struct xtables_match connmark_match6 = {
+       .family         = AF_INET6,
+       .name           = "connmark",
+       .version        = IPTABLES_VERSION,
+       .size           = XT_ALIGN(sizeof(struct xt_connmark_info)),
+       .userspacesize  = XT_ALIGN(sizeof(struct xt_connmark_info)),
+       .help           = &help,
+       .parse          = &parse,
+       .final_check    = &final_check,
+       .print          = &print,
+       .save           = &save,
+       .extra_opts     = opts
 };
 
 void _init(void)
 {
-       register_match6(&connmark_match);
+       xtables_register_match(&connmark_match);
+       xtables_register_match(&connmark_match6);
 }

diff --git a/include/linux/netfilter_ipv4/ipt_connmark.h b/include/linux/netfilter/xt_connmark.h
similarity index 80%
rename from include/linux/netfilter_ipv4/ipt_connmark.h
rename to include/linux/netfilter/xt_connmark.h
index 46573270d9aa23781d0d2dd4a2bbf3688149b24b..c592f6ae08832ca0d46cb181d2ee62eb811a1232 100644 (file)
--- a/include/linux/netfilter_ipv4/ipt_connmark.h
+++ b/include/linux/netfilter/xt_connmark.h
@@ -1,5 +1,5 @@
-#ifndef _IPT_CONNMARK_H
-#define _IPT_CONNMARK_H
+#ifndef _XT_CONNMARK_H
+#define _XT_CONNMARK_H
 
 /* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
  * by Henrik Nordstrom <hno@marasystems.com>
@@ -10,9 +10,9 @@
  * (at your option) any later version.
  */
 
-struct ipt_connmark_info {
+struct xt_connmark_info {
        unsigned long mark, mask;
        u_int8_t invert;
 };
 
-#endif /*_IPT_CONNMARK_H*/
+#endif /*_XT_CONNMARK_H*/