Menu
▾
▴
[LV-kern-commit] CVS: kernel-2.4/include/linux/netfilter_ipv4 ip_conntrack_icmp.h,NONE,1.1 ip_conntrack_irc.h,NONE,1.1 ipt_TCPMSS.h,NONE,1.1 ipt_length.h,NONE,1.1 ipt_tcpmss.h,NONE,1.1 ipt_ttl.h,NONE,1.1 ip_conntrack.h,1.1.1.1,1.2 ip_conntrack_core.h,1.1.1.1,1.2 ip_conntrack_ftp.h,1.1.1.1,1.2 ip_conntrack_protocol.h,1.1.1.1,1.2 ip_conntrack_tuple.h,1.1.1.1,1.2 ip_nat.h,1.1.1.1,1.2 ip_nat_helper.h,1.1.1.1,1.2 ip_tables.h,1.1.1.1,1.2 listhelp.h,1.1.1.1,1.2 ip_nat_ftp.h,1.1.1.1,NONE
Update of /cvsroot/linux-vax/kernel-2.4/include/linux/netfilter_ipv4
In directory usw-pr-cvs1:/tmp/cvs-serv17906/linux/netfilter_ipv4
Modified Files:
ip_conntrack.h ip_conntrack_core.h ip_conntrack_ftp.h
ip_conntrack_protocol.h ip_conntrack_tuple.h ip_nat.h
ip_nat_helper.h ip_tables.h listhelp.h
Added Files:
ip_conntrack_icmp.h ip_conntrack_irc.h ipt_TCPMSS.h
ipt_length.h ipt_tcpmss.h ipt_ttl.h
Removed Files:
ip_nat_ftp.h
Log Message:
sync 2.4.15 commit 3
--- NEW FILE ---
#ifndef _IP_CONNTRACK_ICMP_H
#define _IP_CONNTRACK_ICMP_H
/* ICMP tracking. */
#include <asm/atomic.h>
struct ip_ct_icmp
{
/* Optimization: when number in == number out, forget immediately. */
atomic_t count;
};
#endif /* _IP_CONNTRACK_ICMP_H */
--- NEW FILE ---
/* IRC extension for IP connection tracking.
* (C) 2000 by Harald Welte <la...@gn...>
* based on RR's ip_conntrack_ftp.h
*
* ip_conntrack_irc.h,v 1.6 2000/11/07 18:26:42 laforge Exp
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*
*/
#ifndef _IP_CONNTRACK_IRC_H
#define _IP_CONNTRACK_IRC_H
#ifndef __KERNEL__
#error Only in kernel.
#endif
#include <linux/netfilter_ipv4/lockhelp.h>
#define IP_CONNTR_IRC 2
struct dccproto {
char* match;
int matchlen;
};
/* Protects irc part of conntracks */
DECLARE_LOCK_EXTERN(ip_irc_lock);
/* We record seq number and length of irc ip/port text here: all in
host order. */
struct ip_ct_irc
{
/* This tells NAT that this is an IRC connection */
int is_irc;
/* sequence number where address part of DCC command begins */
u_int32_t seq;
/* 0 means not found yet */
u_int32_t len;
/* Port that was to be used */
u_int16_t port;
};
#endif /* _IP_CONNTRACK_IRC_H */
--- NEW FILE ---
#ifndef _IPT_TCPMSS_H
#define _IPT_TCPMSS_H
struct ipt_tcpmss_info {
u_int16_t mss;
};
#define IPT_TCPMSS_CLAMP_PMTU 0xffff
#endif /*_IPT_TCPMSS_H*/
--- NEW FILE ---
#ifndef _IPT_LENGTH_H
#define _IPT_LENGTH_H
struct ipt_length_info {
u_int16_t min, max;
u_int8_t invert;
};
#endif /*_IPT_LENGTH_H*/
--- NEW FILE ---
#ifndef _IPT_TCPMSS_MATCH_H
#define _IPT_TCPMSS_MATCH_H
struct ipt_tcpmss_match_info {
u_int16_t mss_min, mss_max;
u_int8_t invert;
};
#endif /*_IPT_TCPMSS_MATCH_H*/
--- NEW FILE ---
/* IP tables module for matching the value of the TTL
* (C) 2000 by Harald Welte <la...@gn...> */
#ifndef _IPT_TTL_H
#define _IPT_TTL_H
enum {
IPT_TTL_EQ = 0, /* equals */
IPT_TTL_NE, /* not equals */
IPT_TTL_LT, /* less than */
IPT_TTL_GT, /* greater than */
};
struct ipt_ttl_info {
u_int8_t mode;
u_int8_t ttl;
};
#endif
Index: ip_conntrack.h
===================================================================
RCS file: /cvsroot/linux-vax/kernel-2.4/include/linux/netfilter_ipv4/ip_conntrack.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ip_conntrack.h 14 Jan 2001 16:48:41 -0000 1.1.1.1
+++ ip_conntrack.h 9 Apr 2002 12:44:17 -0000 1.2
@@ -32,6 +32,7 @@
#include <linux/types.h>
#include <linux/skbuff.h>
#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
#ifdef CONFIG_NF_DEBUG
#define IP_NF_ASSERT(x) \
@@ -56,12 +57,8 @@
IPS_SEEN_REPLY_BIT = 1,
IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
- /* Packet seen leaving box: bit 2 set. Can be set, not unset. */
- IPS_CONFIRMED_BIT = 2,
- IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
-
/* Conntrack should never be early-expired. */
- IPS_ASSURED_BIT = 4,
+ IPS_ASSURED_BIT = 2,
IPS_ASSURED = (1 << IPS_ASSURED_BIT),
};
@@ -84,16 +81,15 @@
#include <linux/netfilter_ipv4/ip_nat.h>
#endif
-#if defined(CONFIG_IP_NF_FTP) || defined(CONFIG_IP_NF_FTP_MODULE)
#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
-#ifdef CONFIG_IP_NF_NAT_NEEDED
-#include <linux/netfilter_ipv4/ip_nat_ftp.h>
-#endif
+
+#if defined(CONFIG_IP_NF_IRC) || defined(CONFIG_IP_NF_IRC_MODULE)
+#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
#endif
struct ip_conntrack
{
- /* Usage count in here is 1 for destruct timer, 1 per skb,
+ /* Usage count in here is 1 for hash table/destruct timer, 1 per skb,
plus 1 for any connection(s) we are `master' for */
struct nf_conntrack ct_general;
@@ -124,11 +120,13 @@
union {
struct ip_ct_tcp tcp;
+ struct ip_ct_icmp icmp;
} proto;
union {
-#if defined(CONFIG_IP_NF_FTP) || defined(CONFIG_IP_NF_FTP_MODULE)
struct ip_ct_ftp ct_ftp_info;
+#if defined(CONFIG_IP_NF_IRC) || defined(CONFIG_IP_NF_IRC_MODULE)
+ struct ip_ct_irc ct_irc_info;
#endif
} help;
@@ -136,9 +134,7 @@
struct {
struct ip_nat_info info;
union {
-#if defined(CONFIG_IP_NF_FTP) || defined(CONFIG_IP_NF_FTP_MODULE)
- struct ip_nat_ftp_info ftp_info[IP_CT_DIR_MAX];
-#endif
+ /* insert nat helper private data here */
} help;
#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
@@ -186,5 +182,13 @@
extern void
ip_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data),
void *data);
+
+/* It's confirmed if it is, or has been in the hash table. */
+static inline int is_confirmed(struct ip_conntrack *ct)
+{
+ return ct->tuplehash[IP_CT_DIR_ORIGINAL].list.next != NULL;
+}
+
+extern unsigned int ip_conntrack_htable_size;
#endif /* __KERNEL__ */
#endif /* _IP_CONNTRACK_H */
Index: ip_conntrack_core.h
===================================================================
RCS file: /cvsroot/linux-vax/kernel-2.4/include/linux/netfilter_ipv4/ip_conntrack_core.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ip_conntrack_core.h 14 Jan 2001 16:48:41 -0000 1.1.1.1
+++ ip_conntrack_core.h 9 Apr 2002 12:44:17 -0000 1.2
@@ -33,10 +33,17 @@
ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple,
const struct ip_conntrack *ignored_conntrack);
-/* Confirm a connection */
-void ip_conntrack_confirm(struct ip_conntrack *ct);
+extern int __ip_conntrack_confirm(struct nf_ct_info *nfct);
+
+/* Confirm a connection: returns NF_DROP if packet must be dropped. */
+static inline int ip_conntrack_confirm(struct sk_buff *skb)
+{
+ if (skb->nfct
+ && !is_confirmed((struct ip_conntrack *)skb->nfct->master))
+ return __ip_conntrack_confirm(skb->nfct);
+ return NF_ACCEPT;
+}
-extern unsigned int ip_conntrack_htable_size;
extern struct list_head *ip_conntrack_hash;
extern struct list_head expect_list;
DECLARE_RWLOCK_EXTERN(ip_conntrack_lock);
Index: ip_conntrack_ftp.h
===================================================================
RCS file: /cvsroot/linux-vax/kernel-2.4/include/linux/netfilter_ipv4/ip_conntrack_ftp.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ip_conntrack_ftp.h 14 Jan 2001 16:48:41 -0000 1.1.1.1
+++ ip_conntrack_ftp.h 9 Apr 2002 12:44:17 -0000 1.2
@@ -14,9 +14,13 @@
enum ip_ct_ftp_type
{
/* PORT command from client */
- IP_CT_FTP_PORT = IP_CT_DIR_ORIGINAL,
+ IP_CT_FTP_PORT,
/* PASV response from server */
- IP_CT_FTP_PASV = IP_CT_DIR_REPLY
+ IP_CT_FTP_PASV,
+ /* EPRT command from client */
+ IP_CT_FTP_EPRT,
+ /* EPSV response from server */
+ IP_CT_FTP_EPSV,
};
/* We record seq number and length of ftp ip/port text here: all in
Index: ip_conntrack_protocol.h
===================================================================
RCS file: /cvsroot/linux-vax/kernel-2.4/include/linux/netfilter_ipv4/ip_conntrack_protocol.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ip_conntrack_protocol.h 14 Jan 2001 16:48:41 -0000 1.1.1.1
+++ ip_conntrack_protocol.h 9 Apr 2002 12:44:17 -0000 1.2
@@ -38,9 +38,9 @@
enum ip_conntrack_info ctinfo);
/* Called when a new connection for this protocol found;
- * returns timeout. If so, packet() called next. */
- unsigned long (*new)(struct ip_conntrack *conntrack,
- struct iphdr *iph, size_t len);
+ * returns TRUE if it's OK. If so, packet() called next. */
+ int (*new)(struct ip_conntrack *conntrack, struct iphdr *iph,
+ size_t len);
/* Module (if any) which this is connected to. */
struct module *me;
Index: ip_conntrack_tuple.h
===================================================================
RCS file: /cvsroot/linux-vax/kernel-2.4/include/linux/netfilter_ipv4/ip_conntrack_tuple.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ip_conntrack_tuple.h 14 Jan 2001 16:48:42 -0000 1.1.1.1
+++ ip_conntrack_tuple.h 9 Apr 2002 12:44:17 -0000 1.2
@@ -82,14 +82,14 @@
IP_CT_DIR_MAX
};
-extern inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
+static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
const struct ip_conntrack_tuple *t2)
{
return t1->src.ip == t2->src.ip
&& t1->src.u.all == t2->src.u.all;
}
-extern inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
+static inline int ip_ct_tuple_dst_equal(const struct ip_conntrack_tuple *t1,
const struct ip_conntrack_tuple *t2)
{
return t1->dst.ip == t2->dst.ip
@@ -97,13 +97,13 @@
&& t1->dst.protonum == t2->dst.protonum;
}
-extern inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
+static inline int ip_ct_tuple_equal(const struct ip_conntrack_tuple *t1,
const struct ip_conntrack_tuple *t2)
{
return ip_ct_tuple_src_equal(t1, t2) && ip_ct_tuple_dst_equal(t1, t2);
}
-extern inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
+static inline int ip_ct_tuple_mask_cmp(const struct ip_conntrack_tuple *t,
const struct ip_conntrack_tuple *tuple,
const struct ip_conntrack_tuple *mask)
{
Index: ip_nat.h
===================================================================
RCS file: /cvsroot/linux-vax/kernel-2.4/include/linux/netfilter_ipv4/ip_nat.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ip_nat.h 14 Jan 2001 16:48:42 -0000 1.1.1.1
+++ ip_nat.h 9 Apr 2002 12:44:17 -0000 1.2
@@ -24,6 +24,15 @@
/* Used internally by get_unique_tuple(). */
#define IP_NAT_RANGE_FULL 4
+/* NAT sequence number modifications */
+struct ip_nat_seq {
+ /* position of the last TCP sequence number
+ * modification (if any) */
+ u_int32_t correction_pos;
+ /* sequence number offset before and after last modification */
+ int32_t offset_before, offset_after;
+};
+
/* Single range specification. */
struct ip_nat_range
{
@@ -98,6 +107,8 @@
/* Helper (NULL if none). */
struct ip_nat_helper *helper;
+
+ struct ip_nat_seq seq[IP_CT_DIR_MAX];
};
/* Set up the info structure to map into this range. */
Index: ip_nat_helper.h
===================================================================
RCS file: /cvsroot/linux-vax/kernel-2.4/include/linux/netfilter_ipv4/ip_nat_helper.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ip_nat_helper.h 14 Jan 2001 16:48:43 -0000 1.1.1.1
+++ ip_nat_helper.h 9 Apr 2002 12:44:17 -0000 1.2
@@ -25,6 +25,19 @@
const char *name;
};
+extern struct list_head helpers;
+
extern int ip_nat_helper_register(struct ip_nat_helper *me);
extern void ip_nat_helper_unregister(struct ip_nat_helper *me);
+extern int ip_nat_mangle_tcp_packet(struct sk_buff **skb,
+ struct ip_conntrack *ct,
+ enum ip_conntrack_info ctinfo,
+ unsigned int match_offset,
+ unsigned int match_len,
+ char *rep_buffer,
+ unsigned int rep_len);
+extern int ip_nat_seq_adjust(struct sk_buff *skb,
+ struct ip_conntrack *ct,
+ enum ip_conntrack_info ctinfo);
+extern void ip_nat_delete_sack(struct sk_buff *skb, struct tcphdr *tcph);
#endif
Index: ip_tables.h
===================================================================
RCS file: /cvsroot/linux-vax/kernel-2.4/include/linux/netfilter_ipv4/ip_tables.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ip_tables.h 14 Jan 2001 16:48:45 -0000 1.1.1.1
+++ ip_tables.h 9 Apr 2002 12:44:17 -0000 1.2
@@ -289,7 +289,7 @@
#define IPT_ERROR_TARGET "ERROR"
/* Helper functions */
-extern __inline__ struct ipt_entry_target *
+static __inline__ struct ipt_entry_target *
ipt_get_target(struct ipt_entry *e)
{
return (void *)e + e->target_offset;
@@ -300,14 +300,14 @@
({ \
unsigned int __i; \
int __ret = 0; \
- struct ipt_entry_match *__m; \
+ struct ipt_entry_match *__match; \
\
for (__i = sizeof(struct ipt_entry); \
__i < (e)->target_offset; \
- __i += __m->u.match_size) { \
- __m = (void *)(e) + __i; \
+ __i += __match->u.match_size) { \
+ __match = (void *)(e) + __i; \
\
- __ret = fn(__m , ## args); \
+ __ret = fn(__match , ## args); \
if (__ret != 0) \
break; \
} \
@@ -319,12 +319,12 @@
({ \
unsigned int __i; \
int __ret = 0; \
- struct ipt_entry *__e; \
+ struct ipt_entry *__entry; \
\
- for (__i = 0; __i < (size); __i += __e->next_offset) { \
- __e = (void *)(entries) + __i; \
+ for (__i = 0; __i < (size); __i += __entry->next_offset) { \
+ __entry = (void *)(entries) + __i; \
\
- __ret = fn(__e , ## args); \
+ __ret = fn(__entry , ## args); \
if (__ret != 0) \
break; \
} \
Index: listhelp.h
===================================================================
RCS file: /cvsroot/linux-vax/kernel-2.4/include/linux/netfilter_ipv4/listhelp.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- listhelp.h 14 Jan 2001 16:48:48 -0000 1.1.1.1
+++ listhelp.h 9 Apr 2002 12:44:17 -0000 1.2
@@ -39,11 +39,11 @@
(type)__i; \
})
-extern inline int
+static inline int
__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
/* Is this entry in the list? */
-extern inline int
+static inline int
list_inlist(struct list_head *head, const void *entry)
{
return LIST_FIND(head, __list_cmp_same, void *, entry) != NULL;
@@ -64,7 +64,7 @@
#endif
/* Append. */
-extern inline void
+static inline void
list_append(struct list_head *head, void *new)
{
ASSERT_WRITE_LOCK(head);
@@ -72,7 +72,7 @@
}
/* Prepend. */
-extern inline void
+static inline void
list_prepend(struct list_head *head, void *new)
{
ASSERT_WRITE_LOCK(head);
@@ -92,13 +92,13 @@
/* If the field after the list_head is a nul-terminated string, you
can use these functions. */
-extern inline int __list_cmp_name(const void *i, const char *name)
+static inline int __list_cmp_name(const void *i, const char *name)
{
return strcmp(name, i+sizeof(struct list_head)) == 0;
}
/* Returns false if same name already in list, otherwise does insert. */
-extern inline int
+static inline int
list_named_insert(struct list_head *head, void *new)
{
if (LIST_FIND(head, __list_cmp_name, void *,
--- ip_nat_ftp.h DELETED ---
|
