From 4aca87515a5083ae0e31ce3177189fd43b6d05ac Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sat, 3 Jan 2015 13:58:15 +0100 Subject: patch to Vanilla Tomato 1.28 --- .../include/linux/netfilter_ipv4/ip_conntrack.h | 52 +++++++++++++++------- .../linux/netfilter_ipv4/ip_conntrack_h323.h | 1 + .../linux/netfilter_ipv4/ip_conntrack_proto_esp.h | 0 .../linux/netfilter_ipv4/ip_conntrack_proto_gre.h | 4 +- .../linux/netfilter_ipv4/ip_conntrack_tuple.h | 1 - .../linux/include/linux/netfilter_ipv4/ip_tables.h | 3 +- .../include/linux/netfilter_ipv4/ipt_BCOUNT.h | 16 +++++++ .../include/linux/netfilter_ipv4/ipt_CLASSIFY.h | 8 ++++ .../include/linux/netfilter_ipv4/ipt_CONNMARK.h | 26 +++++++++++ .../linux/include/linux/netfilter_ipv4/ipt_IMQ.h | 8 ++++ .../include/linux/netfilter_ipv4/ipt_MACSAVE.h | 16 +++++++ .../linux/include/linux/netfilter_ipv4/ipt_ROUTE.h | 23 ++++++++++ .../linux/include/linux/netfilter_ipv4/ipt_TTL.h | 21 +++++++++ .../include/linux/netfilter_ipv4/ipt_account.h | 26 +++++++++++ .../include/linux/netfilter_ipv4/ipt_bcount.h | 18 ++++++++ .../include/linux/netfilter_ipv4/ipt_condition.h | 11 +++++ .../include/linux/netfilter_ipv4/ipt_connlimit.h | 12 +++++ .../include/linux/netfilter_ipv4/ipt_connmark.h | 18 ++++++++ .../linux/include/linux/netfilter_ipv4/ipt_exp.h | 15 +++++++ .../linux/include/linux/netfilter_ipv4/ipt_geoip.h | 51 +++++++++++++++++++++ .../linux/include/linux/netfilter_ipv4/ipt_ipp2p.h | 31 +++++++++++++ .../include/linux/netfilter_ipv4/ipt_iprange.h | 23 ++++++++++ .../include/linux/netfilter_ipv4/ipt_layer7.h | 26 +++++++++++ .../include/linux/netfilter_ipv4/ipt_macsave.h | 17 +++++++ .../linux/include/linux/netfilter_ipv4/ipt_quota.h | 12 +++++ .../include/linux/netfilter_ipv4/ipt_recent.h | 28 ++++++++++++ .../include/linux/netfilter_ipv4/ipt_string.h | 21 +++++++++ .../linux/include/linux/netfilter_ipv4/ipt_time.h | 10 +++-- .../linux/include/linux/netfilter_ipv4/ipt_u32.h | 40 +++++++++++++++++ .../linux/include/linux/netfilter_ipv4/ipt_web.h | 30 +++++++++++++ 30 files changed, 546 insertions(+), 22 deletions(-) mode change 100755 => 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_esp.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_BCOUNT.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_CLASSIFY.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_CONNMARK.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_IMQ.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_MACSAVE.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_ROUTE.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_TTL.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_account.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_bcount.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_condition.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_connlimit.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_connmark.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_exp.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_geoip.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_ipp2p.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_iprange.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_layer7.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_macsave.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_quota.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_recent.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_string.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_u32.h create mode 100644 release/src/linux/linux/include/linux/netfilter_ipv4/ipt_web.h (limited to 'release/src/linux/linux/include/linux/netfilter_ipv4') diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack.h index 314f6cc3..2e75b782 100644 --- a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack.h @@ -6,6 +6,7 @@ #include #include +#include #include enum ip_conntrack_info @@ -41,6 +42,10 @@ enum ip_conntrack_status { /* Conntrack should never be early-expired. */ IPS_ASSURED_BIT = 2, IPS_ASSURED = (1 << IPS_ASSURED_BIT), + + /* Connection is confirmed: originating packet has left box */ + IPS_CONFIRMED_BIT = 3, + IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT), }; #include @@ -62,31 +67,27 @@ union ip_conntrack_expect_proto { }; /* Add protocol helper include file here */ +#include #include #include #include -#include - #include #include -#ifdef CONFIG_IP_NF_NAT_RTSP -#include -#endif #include +#include /* per expectation: application helper private data */ union ip_conntrack_expect_help { /* insert conntrack helper private data (expect) here */ + struct ip_ct_h225_expect exp_h225_info; struct ip_ct_pptp_expect exp_pptp_info; struct ip_ct_sip_expect exp_sip_info; struct ip_ct_mms_expect exp_mms_info; - struct ip_ct_h225_expect exp_h225_info; struct ip_ct_ftp_expect exp_ftp_info; struct ip_ct_irc_expect exp_irc_info; struct ip_autofw_expect exp_autofw_info; -#ifdef CONFIG_IP_NF_NAT_RTSP - struct ip_ct_rtsp_expect exp_rtsp_info; -#endif + struct ip_ct_rtsp_expect exp_rtsp_info; + #ifdef CONFIG_IP_NF_NAT_NEEDED union { /* insert nat helper private data (expect) here */ @@ -97,15 +98,13 @@ union ip_conntrack_expect_help { /* per conntrack: application helper private data */ union ip_conntrack_help { /* insert conntrack helper private data (master) here */ + struct ip_ct_h225_master ct_h225_info; struct ip_ct_pptp_master ct_pptp_info; struct ip_ct_sip_master ct_sip_info; struct ip_ct_mms_master ct_mms_info; - struct ip_ct_h225_master ct_h225_info; struct ip_ct_ftp_master ct_ftp_info; struct ip_ct_irc_master ct_irc_info; -#ifdef CONFIG_IP_NF_NAT_RTSP - struct ip_ct_rtsp_master ct_rtsp_info; -#endif + struct ip_ct_rtsp_master ct_rtsp_info; }; #ifdef CONFIG_IP_NF_NAT_NEEDED @@ -188,7 +187,7 @@ struct ip_conntrack struct ip_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX]; /* Have we seen traffic both ways yet? (bitset) */ - volatile unsigned long status; + unsigned long status; /* Timer function; drops refcnt when it goes off. */ struct timer_list timeout; @@ -227,6 +226,29 @@ struct ip_conntrack } nat; #endif /* CONFIG_IP_NF_NAT_NEEDED */ +#if defined(CONFIG_IP_NF_CONNTRACK_MARK) + unsigned long mark; +#endif + +#if defined(CONFIG_IP_NF_MATCH_LAYER7) || defined(CONFIG_IP_NF_MATCH_LAYER7_MODULE) + struct { + unsigned int numpackets; /* surely this is kept track of somewhere else, right? I can't find it... */ + char * app_proto; /* "http", "ftp", etc. NULL if unclassifed */ + + /* the application layer data so far. NULL if ->numpackets > numpackets */ + char * app_data; + + unsigned int app_data_len; + } layer7; +#endif + +#if defined(CONFIG_IP_NF_TARGET_BCOUNT) || defined(CONFIG_IP_NF_TARGET_BCOUNT_MODULE) + u_int32_t bcount; +#endif + +#if defined(CONFIG_IP_NF_TARGET_MACSAVE) || defined(CONFIG_IP_NF_TARGET_MACSAVE_MODULE) + unsigned char macsave[6]; +#endif }; /* get master conntrack via master expectation */ @@ -283,7 +305,7 @@ ip_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data), /* It's confirmed if it is, or has been in the hash table. */ static inline int is_confirmed(struct ip_conntrack *ct) { - return ct->tuplehash[IP_CT_DIR_ORIGINAL].list.next != NULL; + return test_bit(IPS_CONFIRMED_BIT, &ct->status); } extern unsigned int ip_conntrack_htable_size; diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_h323.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_h323.h index 10221fe9..3803c126 100644 --- a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_h323.h +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_h323.h @@ -4,6 +4,7 @@ #ifdef __KERNEL__ /* Protects H.323 related data */ +#include DECLARE_LOCK_EXTERN(ip_h323_lock); #endif diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_esp.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_esp.h old mode 100755 new mode 100644 diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h index 738e99a2..07646857 100644 --- a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h @@ -77,13 +77,13 @@ struct ip_ct_gre_expect { }; #ifdef __KERNEL__ +struct ip_conntrack_expect; /* structure for original <-> reply keymap */ struct ip_ct_gre_keymap { struct list_head list; struct ip_conntrack_tuple tuple; - struct ip_conntrack_expect *master; }; @@ -96,6 +96,8 @@ int ip_ct_gre_keymap_add(struct ip_conntrack_expect *exp, void ip_ct_gre_keymap_change(struct ip_ct_gre_keymap *km, struct ip_conntrack_tuple *t); +/* delete keymap entries */ +void ip_ct_gre_keymap_destroy(struct ip_conntrack_expect *exp); /* get pointer to gre key, if present */ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h index 770935d3..0f103d35 100644 --- a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h @@ -57,7 +57,6 @@ struct ip_conntrack_tuple } tcp; struct { u_int16_t port; - unsigned int init_cookie;//xiaoqin add for multi-ipsec passthrough,2005.12.19 } udp; struct { u_int8_t type, code; diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_tables.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_tables.h index d2a7f4b4..11e0cfcf 100644 --- a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_tables.h +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_tables.h @@ -104,7 +104,8 @@ struct ipt_counters /* Values for "flag" field in struct ipt_ip (general ip structure). */ #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ -#define IPT_F_MASK 0x01 /* All possible flag bits mask. */ +#define IPT_F_GOTO 0x02 /* Set if jump is a goto */ +#define IPT_F_MASK 0x03 /* All possible flag bits mask. */ /* Values for "inv" field in struct ipt_ip. */ #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_BCOUNT.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_BCOUNT.h new file mode 100644 index 00000000..34b56aef --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_BCOUNT.h @@ -0,0 +1,16 @@ +/* + + BCOUNT target + Copyright (C) 2006 Jonathan Zarate + + Licensed under GNU GPL v2 or later. + +*/ +#ifndef _IPT_BCOUNT_TARGET_H +#define _IPT_BCOUNT_TARGET_H + +struct ipt_BCOUNT_target { +// int debug; +}; + +#endif diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_CLASSIFY.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_CLASSIFY.h new file mode 100644 index 00000000..7596e3dd --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_CLASSIFY.h @@ -0,0 +1,8 @@ +#ifndef _IPT_CLASSIFY_H +#define _IPT_CLASSIFY_H + +struct ipt_classify_target_info { + u_int32_t priority; +}; + +#endif /*_IPT_CLASSIFY_H */ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_CONNMARK.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_CONNMARK.h new file mode 100644 index 00000000..f9099f92 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_CONNMARK.h @@ -0,0 +1,26 @@ +#ifndef _IPT_CONNMARK_H_target +#define _IPT_CONNMARK_H_target + +/* Copyright (C) 2002,2004 MARA Systems AB + * by Henrik Nordstrom + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +enum { + IPT_CONNMARK_SET = 0, + IPT_CONNMARK_SAVE, + IPT_CONNMARK_RESTORE, + IPT_CONNMARK_SET_RETURN +}; + +struct ipt_connmark_target_info { + unsigned long mark; + unsigned long mask; + u_int8_t mode; +}; + +#endif /*_IPT_CONNMARK_H_target*/ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_IMQ.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_IMQ.h new file mode 100644 index 00000000..45d57713 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_IMQ.h @@ -0,0 +1,8 @@ +#ifndef _IPT_IMQ_H +#define _IPT_IMQ_H + +struct ipt_imq_info { + unsigned int todev; /* target imq device */ +}; + +#endif /* _IPT_IMQ_H */ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_MACSAVE.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_MACSAVE.h new file mode 100644 index 00000000..dc426893 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_MACSAVE.h @@ -0,0 +1,16 @@ +/* + + MACSAVE target + Copyright (C) 2006 Jonathan Zarate + + Licensed under GNU GPL v2 or later. + +*/ +#ifndef _IPT_MACSAVE_TARGET_H +#define _IPT_MACSAVE_TARGET_H + +struct ipt_MACSAVE_target_info { +// int debug; +}; + +#endif diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_ROUTE.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_ROUTE.h new file mode 100644 index 00000000..41b1a9c8 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_ROUTE.h @@ -0,0 +1,23 @@ +/* Header file for iptables ipt_ROUTE target + * + * (C) 2002 by Cédric de Launois + * + * This software is distributed under GNU GPL v2, 1991 + */ +#ifndef _IPT_ROUTE_H_target +#define _IPT_ROUTE_H_target + +#define IPT_ROUTE_IFNAMSIZ 16 + +struct ipt_route_target_info { + char oif[IPT_ROUTE_IFNAMSIZ]; /* Output Interface Name */ + char iif[IPT_ROUTE_IFNAMSIZ]; /* Input Interface Name */ + u_int32_t gw; /* IP address of gateway */ + u_int8_t flags; +}; + +/* Values for "flags" field */ +#define IPT_ROUTE_CONTINUE 0x01 +#define IPT_ROUTE_TEE 0x02 + +#endif /*_IPT_ROUTE_H_target*/ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_TTL.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_TTL.h new file mode 100644 index 00000000..edf49e80 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_TTL.h @@ -0,0 +1,21 @@ +/* TTL modification module for IP tables + * (C) 2000 by Harald Welte */ + +#ifndef _IPT_TTL_H +#define _IPT_TTL_H + +enum { + IPT_TTL_SET = 0, + IPT_TTL_INC, + IPT_TTL_DEC +}; + +#define IPT_TTL_MAXMODE IPT_TTL_DEC + +struct ipt_TTL_info { + u_int8_t mode; + u_int8_t ttl; +}; + + +#endif diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_account.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_account.h new file mode 100644 index 00000000..6068d86d --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_account.h @@ -0,0 +1,26 @@ +/* + * accounting match (ipt_account.c) + * (C) 2003,2004 by Piotr Gasidlo (quaker@barbara.eu.org) + * + * Version: 0.1.7 + * + * This software is distributed under the terms of GNU GPL + */ + +#ifndef _IPT_ACCOUNT_H_ +#define _IPT_ACCOUNT_H_ + +#define IPT_ACCOUNT_NAME_LEN 64 + +#define IPT_ACCOUNT_NAME "ipt_account" +#define IPT_ACCOUNT_VERSION "0.1.7" + +struct t_ipt_account_info { + char name[IPT_ACCOUNT_NAME_LEN]; + u_int32_t network; + u_int32_t netmask; + int shortlisting:1; +}; + +#endif + diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_bcount.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_bcount.h new file mode 100644 index 00000000..66f5ed9c --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_bcount.h @@ -0,0 +1,18 @@ +/* + + bcount match (experimental) + Copyright (C) 2006 Jonathan Zarate + + Licensed under GNU GPL v2 or later. + +*/ +#ifndef _IPT_BCOUNT_H +#define _IPT_BCOUNT_H + +struct ipt_bcount_match { + u_int32_t min; + u_int32_t max; + int invert; +}; + +#endif diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_condition.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_condition.h new file mode 100644 index 00000000..2bc5b0c8 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_condition.h @@ -0,0 +1,11 @@ +#ifndef __IPT_CONDITION_MATCH__ +#define __IPT_CONDITION_MATCH__ + +#define CONDITION_NAME_LEN 32 + +struct condition_info { + char name[CONDITION_NAME_LEN]; + int invert; +}; + +#endif diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_connlimit.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_connlimit.h new file mode 100644 index 00000000..d99193b7 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_connlimit.h @@ -0,0 +1,12 @@ +#ifndef _IPT_CONNLIMIT_H +#define _IPT_CONNLIMIT_H + +struct ipt_connlimit_data; + +struct ipt_connlimit_info { + int limit; + int inverse; + u_int32_t mask; + struct ipt_connlimit_data *data; +}; +#endif /* _IPT_CONNLIMIT_H */ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_connmark.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_connmark.h new file mode 100644 index 00000000..46573270 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_connmark.h @@ -0,0 +1,18 @@ +#ifndef _IPT_CONNMARK_H +#define _IPT_CONNMARK_H + +/* Copyright (C) 2002,2004 MARA Systems AB + * by Henrik Nordstrom + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + */ + +struct ipt_connmark_info { + unsigned long mark, mask; + u_int8_t invert; +}; + +#endif /*_IPT_CONNMARK_H*/ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_exp.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_exp.h new file mode 100644 index 00000000..51319cb2 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_exp.h @@ -0,0 +1,15 @@ +/* + + Experimental Netfilter Crap + Copyright (C) 2006 Jonathan Zarate + +*/ + +#ifndef _IPT_EXP_H +#define _IPT_EXP_H + +struct ipt_exp_info { + char dummy; +}; + +#endif diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_geoip.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_geoip.h new file mode 100644 index 00000000..15764e8b --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_geoip.h @@ -0,0 +1,51 @@ +/* ipt_geoip.h header file for libipt_geoip.c and ipt_geoip.c + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Copyright (c) 2004 Cookinglinux + */ +#ifndef _IPT_GEOIP_H +#define _IPT_GEOIP_H + +#define IPT_GEOIP_SRC 0x01 /* Perform check on Source IP */ +#define IPT_GEOIP_DST 0x02 /* Perform check on Destination IP */ +#define IPT_GEOIP_INV 0x04 /* Negate the condition */ + +#define IPT_GEOIP_MAX 15 /* Maximum of countries */ + +struct geoip_subnet { + u_int32_t begin; + u_int32_t end; +}; + +struct geoip_info { + struct geoip_subnet *subnets; + u_int32_t count; + u_int32_t ref; + u_int16_t cc; + struct geoip_info *next; + struct geoip_info *prev; +}; + +struct ipt_geoip_info { + u_int8_t flags; + u_int8_t count; + u_int16_t cc[IPT_GEOIP_MAX]; + + /* Used internally by the kernel */ + struct geoip_info *mem[IPT_GEOIP_MAX]; + u_int8_t *refcount; + + /* not implemented yet: + void *fini; + */ +}; + +#define COUNTRY(cc) (cc >> 8), (cc & 0x00FF) + +#endif + +/* End of ipt_geoip.h */ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_ipp2p.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_ipp2p.h new file mode 100644 index 00000000..1bd3f649 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_ipp2p.h @@ -0,0 +1,31 @@ +#ifndef __IPT_IPP2P_H +#define __IPT_IPP2P_H +#define IPP2P_VERSION "0.8.1_rc1" + +struct ipt_p2p_info { + int cmd; + int debug; +}; + +#endif //__IPT_IPP2P_H + +#define SHORT_HAND_IPP2P 1 /* --ipp2p switch*/ +//#define SHORT_HAND_DATA 4 /* --ipp2p-data switch*/ +#define SHORT_HAND_NONE 5 /* no short hand*/ + +#define IPP2P_EDK (1 << 1) +#define IPP2P_DATA_KAZAA (1 << 2) +#define IPP2P_DATA_EDK (1 << 3) +#define IPP2P_DATA_DC (1 << 4) +#define IPP2P_DC (1 << 5) +#define IPP2P_DATA_GNU (1 << 6) +#define IPP2P_GNU (1 << 7) +#define IPP2P_KAZAA (1 << 8) +#define IPP2P_BIT (1 << 9) +#define IPP2P_APPLE (1 << 10) +#define IPP2P_SOUL (1 << 11) +#define IPP2P_WINMX (1 << 12) +#define IPP2P_ARES (1 << 13) +#define IPP2P_MUTE (1 << 14) +#define IPP2P_WASTE (1 << 15) +#define IPP2P_XDCC (1 << 16) diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_iprange.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_iprange.h new file mode 100644 index 00000000..3ecb3bd6 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_iprange.h @@ -0,0 +1,23 @@ +#ifndef _IPT_IPRANGE_H +#define _IPT_IPRANGE_H + +#define IPRANGE_SRC 0x01 /* Match source IP address */ +#define IPRANGE_DST 0x02 /* Match destination IP address */ +#define IPRANGE_SRC_INV 0x10 /* Negate the condition */ +#define IPRANGE_DST_INV 0x20 /* Negate the condition */ + +struct ipt_iprange { + /* Inclusive: network order. */ + u_int32_t min_ip, max_ip; +}; + +struct ipt_iprange_info +{ + struct ipt_iprange src; + struct ipt_iprange dst; + + /* Flags from above */ + u_int8_t flags; +}; + +#endif /* _IPT_IPRANGE_H */ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_layer7.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_layer7.h new file mode 100644 index 00000000..aee1f5d5 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_layer7.h @@ -0,0 +1,26 @@ +/* + By Matthew Strait , Dec 2003. + http://l7-filter.sf.net + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version + 2 of the License, or (at your option) any later version. + http://www.gnu.org/licenses/gpl.txt +*/ + +#ifndef _IPT_LAYER7_H +#define _IPT_LAYER7_H + +#define MAX_PATTERN_LEN 8192 +#define MAX_PROTOCOL_LEN 256 + +typedef char *(*proc_ipt_search) (char *, char, char *); + +struct ipt_layer7_info { + char protocol[MAX_PROTOCOL_LEN]; + char invert:1; + char pattern[MAX_PATTERN_LEN]; +}; + +#endif /* _IPT_LAYER7_H */ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_macsave.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_macsave.h new file mode 100644 index 00000000..9d5b218d --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_macsave.h @@ -0,0 +1,17 @@ +/* + + macsave match + Copyright (C) 2006 Jonathan Zarate + + Licensed under GNU GPL v2 or later. + +*/ +#ifndef _IPT_MACSAVE_MATCH_H +#define _IPT_MACSAVE_MATCH_H + +struct ipt_macsave_match_info { + int invert; + unsigned char mac[6]; +}; + +#endif diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_quota.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_quota.h new file mode 100644 index 00000000..f2a06716 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_quota.h @@ -0,0 +1,12 @@ +#ifndef _IPT_QUOTA_H +#define _IPT_QUOTA_H + +/* print debug info in both kernel/netfilter module & iptable library */ +//#define DEBUG_IPT_QUOTA + +struct ipt_quota_info { + u_int64_t quota; + struct ipt_quota_info *master; +}; + +#endif /*_IPT_QUOTA_H*/ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_recent.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_recent.h new file mode 100644 index 00000000..eb008fb4 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_recent.h @@ -0,0 +1,28 @@ +#ifndef _IPT_RECENT_H +#define _IPT_RECENT_H + +#define RECENT_NAME "ipt_recent" +#define RECENT_VER "v0.3.1" + +#define IPT_RECENT_CHECK 1 +#define IPT_RECENT_SET 2 +#define IPT_RECENT_UPDATE 4 +#define IPT_RECENT_REMOVE 8 +#define IPT_RECENT_TTL 16 + +#define IPT_RECENT_SOURCE 0 +#define IPT_RECENT_DEST 1 + +#define IPT_RECENT_NAME_LEN 200 + +struct ipt_recent_info { + u_int32_t seconds; + u_int32_t hit_count; + u_int8_t check_set; + u_int8_t invert; + char name[IPT_RECENT_NAME_LEN]; + u_int8_t side; +}; + +#endif /*_IPT_RECENT_H*/ + diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_string.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_string.h new file mode 100644 index 00000000..17d71034 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_string.h @@ -0,0 +1,21 @@ +#ifndef _IPT_STRING_H +#define _IPT_STRING_H + +/* *** PERFORMANCE TWEAK *** + * Packet size and search string threshold, + * above which sublinear searches is used. */ +#define IPT_STRING_HAYSTACK_THRESH 100 +#define IPT_STRING_NEEDLE_THRESH 20 + +#define BM_MAX_NLEN 256 +#define BM_MAX_HLEN 1024 + +typedef char *(*proc_ipt_search) (char *, char *, int, int); + +struct ipt_string_info { + char string[BM_MAX_NLEN]; + u_int16_t invert; + u_int16_t len; +}; + +#endif /* _IPT_STRING_H */ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_time.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_time.h index 1ccdbb3d..277c6de5 100644 --- a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_time.h +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_time.h @@ -3,10 +3,12 @@ struct ipt_time_info { - unsigned int days_match; /* 1 bit per day (bit 0 = Sunday) */ - unsigned int time_start; /* 0 < time_start < 24*60*60-1 = 86399 */ - unsigned int time_stop; /* 0 < time_end < 24*60*60-1 = 86399 */ - int kerneltime; /* ignore skb time (and use kerneltime) or not. */ + u_int8_t days_match; /* 1 bit per day. -SMTWTFS */ + u_int16_t time_start; /* 0 < time_start < 23*60+59 = 1439 */ + u_int16_t time_stop; /* 0:0 < time_stat < 23:59 */ + u_int8_t kerneltime; /* ignore skb time (and use kerneltime) or not. */ + time_t date_start; + time_t date_stop; }; diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_u32.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_u32.h new file mode 100644 index 00000000..694fdc08 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_u32.h @@ -0,0 +1,40 @@ +#ifndef _IPT_U32_H +#define _IPT_U32_H +#include + +enum ipt_u32_ops +{ + IPT_U32_AND, + IPT_U32_LEFTSH, + IPT_U32_RIGHTSH, + IPT_U32_AT +}; + +struct ipt_u32_location_element +{ + u_int32_t number; + u_int8_t nextop; +}; +struct ipt_u32_value_element +{ + u_int32_t min; + u_int32_t max; +}; +/* *** any way to allow for an arbitrary number of elements? + for now I settle for a limit of 10 of each */ +#define U32MAXSIZE 10 +struct ipt_u32_test +{ + u_int8_t nnums; + struct ipt_u32_location_element location[U32MAXSIZE+1]; + u_int8_t nvalues; + struct ipt_u32_value_element value[U32MAXSIZE+1]; +}; + +struct ipt_u32 +{ + u_int8_t ntests; + struct ipt_u32_test tests[U32MAXSIZE+1]; +}; + +#endif /*_IPT_U32_H*/ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_web.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_web.h new file mode 100644 index 00000000..176208e2 --- /dev/null +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ipt_web.h @@ -0,0 +1,30 @@ +/* + + web (experimental) + HTTP client match + Copyright (C) 2006 Jonathan Zarate + + Licensed under GNU GPL v2 or later. + +*/ +#ifndef _IPT_WEB_H +#define _IPT_WEB_H + +#define IPT_WEB_MAXTEXT 512 + +typedef enum { + IPT_WEB_HTTP, + IPT_WEB_RURI, + IPT_WEB_PATH, + IPT_WEB_QUERY, + IPT_WEB_HOST, + IPT_WEB_HORE +} ipt_web_mode_t; + +struct ipt_web_info { + ipt_web_mode_t mode; + int invert; + char text[IPT_WEB_MAXTEXT]; +}; + +#endif -- cgit v1.2.3-54-g00ecf