SOURCES: iptables-tproxy.patch - merged changes from http://www.balabit.com...

zbyniu zbyniu at pld-linux.org
Wed May 21 14:51:49 CEST 2008 

Author: zbyniu                       Date: Wed May 21 12:51:49 2008 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- merged changes from http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-1.4.0-20080521-113954-1211362794.patch

---- Files affected:
SOURCES:
   iptables-tproxy.patch (1.2 -> 1.3) 

---- Diffs:

================================================================
Index: SOURCES/iptables-tproxy.patch
diff -u SOURCES/iptables-tproxy.patch:1.2 SOURCES/iptables-tproxy.patch:1.3
--- SOURCES/iptables-tproxy.patch:1.2	Fri May 16 00:52:10 2008
+++ SOURCES/iptables-tproxy.patch	Wed May 21 14:51:43 2008
@@ -8,6 +8,50 @@
 @@ -0,0 +1,2 @@
 +#! /bin/sh
 +[ -f $KERNEL_DIR/net/netfilter/xt_socket.c ] && echo socket
+Index: extensions/libxt_socket.c
+===================================================================
+--- extensions/libxt_socket.c	(revision 0)
++++ extensions/libxt_socket.c	(revision 0)
+@@ -0,0 +1,39 @@
++/*
++ * Shared library add-on to iptables to add early socket matching support.
++ *
++ * Copyright (C) 2007-2008 BalaBit IT Ltd.
++ */
++#include <stdio.h>
++#include <getopt.h>
++#include <iptables.h>
++
++static void socket_mt_help(void)
++{
++	printf("socket v%s has no options\n\n", IPTABLES_VERSION);
++}
++
++static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags,
++                        const void *entry, struct xt_entry_match **match)
++{
++	return 0;
++}
++
++static void socket_mt_check(unsigned int flags)
++{
++}
++
++static struct xtables_match socket_mt_reg = {
++	.name          = "socket",
++	.version       = IPTABLES_VERSION,
++	.family        = AF_INET,
++	.size          = XT_ALIGN(0),
++	.userspacesize = XT_ALIGN(0),
++	.parse         = socket_mt_parse,
++	.final_check   = socket_mt_check,
++	.help          = socket_mt_help,
++};
++
++void _init(void)
++{
++	xtables_register_match(&socket_mt_reg);
++}
 --- extensions/libxt_TPROXY.c	(revision 0)
 +++ extensions/libxt_TPROXY.c	(revision 0)
 @@ -0,0 +1,155 @@
@@ -63,7 +107,7 @@
 +{
 +	struct in_addr *laddr;
 +
-+	if ((laddr = numeric_to_ipaddr(s)) == NULL)
++	if ((laddr = dotted_to_addr(s)) == NULL)
 +		exit_error(PARAMETER_PROBLEM, "bad --on-ip \"%s\"", s);
 +	info->laddr = laddr->s_addr;
 +}
@@ -132,7 +176,7 @@
 +{
 +	const struct xt_tproxy_target_info *info = (const void *)target->data;
 +	printf("TPROXY redirect %s:%u mark 0x%x/0x%x",
-+	       ipaddr_to_numeric((const struct in_addr *)&info->laddr),
++	       addr_to_dotted((const struct in_addr *)&info->laddr),
 +	       ntohs(info->lport), (unsigned int)info->mark_value,
 +	       (unsigned int)info->mark_mask);
 +}
@@ -143,7 +187,7 @@
 +
 +	printf("--on-port %u ", ntohs(info->lport));
 +	printf("--on-ip %s ",
-+	       ipaddr_to_numeric((const struct in_addr *)&info->laddr));
++	       addr_to_dotted((const struct in_addr *)&info->laddr));
 +	printf("--tproxy-mark 0x%x/0x%x ",
 +	       (unsigned int)info->mark_value, (unsigned int)info->mark_mask);
 +}
@@ -166,50 +210,6 @@
 +{
 +	xtables_register_target(&tproxy_tg_reg);
 +}
-Index: extensions/libxt_socket.c
-===================================================================
---- extensions/libxt_socket.c	(revision 0)
-+++ extensions/libxt_socket.c	(revision 0)
-@@ -0,0 +1,39 @@
-+/*
-+ * Shared library add-on to iptables to add early socket matching support.
-+ *
-+ * Copyright (C) 2007-2008 BalaBit IT Ltd.
-+ */
-+#include <stdio.h>
-+#include <getopt.h>
-+#include <iptables.h>
-+
-+static void socket_mt_help(void)
-+{
-+	printf("socket v%s has no options\n\n", IPTABLES_VERSION);
-+}
-+
-+static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags,
-+                        const void *entry, struct xt_entry_match **match)
-+{
-+	return 0;
-+}
-+
-+static void socket_mt_check(unsigned int flags)
-+{
-+}
-+
-+static struct xtables_match socket_mt_reg = {
-+	.name          = "socket",
-+	.version       = IPTABLES_VERSION,
-+	.family        = AF_INET,
-+	.size          = XT_ALIGN(0),
-+	.userspacesize = XT_ALIGN(0),
-+	.parse         = socket_mt_parse,
-+	.final_check   = socket_mt_check,
-+	.help          = socket_mt_help,
-+};
-+
-+void _init(void)
-+{
-+	xtables_register_match(&socket_mt_reg);
-+}
 Index: include/linux/netfilter/xt_TPROXY.h
 ===================================================================
 --- include/linux/netfilter/xt_TPROXY.h	(revision 0)
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/iptables-tproxy.patch?r1=1.2&r2=1.3&f=u

More information about the pld-cvs-commit mailing list