SOURCES: iptables-tproxy.patch - merged changes from http://www.balabit.com...
zbyniu
zbyniu at pld-linux.org
Wed May 21 14:51:49 CEST 2008
Author: zbyniu Date: Wed May 21 12:51:49 2008 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- merged changes from http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-1.4.0-20080521-113954-1211362794.patch
---- Files affected:
SOURCES:
iptables-tproxy.patch (1.2 -> 1.3)
---- Diffs:
================================================================
Index: SOURCES/iptables-tproxy.patch
diff -u SOURCES/iptables-tproxy.patch:1.2 SOURCES/iptables-tproxy.patch:1.3
--- SOURCES/iptables-tproxy.patch:1.2 Fri May 16 00:52:10 2008
+++ SOURCES/iptables-tproxy.patch Wed May 21 14:51:43 2008
@@ -8,6 +8,50 @@
@@ -0,0 +1,2 @@
+#! /bin/sh
+[ -f $KERNEL_DIR/net/netfilter/xt_socket.c ] && echo socket
+Index: extensions/libxt_socket.c
+===================================================================
+--- extensions/libxt_socket.c (revision 0)
++++ extensions/libxt_socket.c (revision 0)
+@@ -0,0 +1,39 @@
++/*
++ * Shared library add-on to iptables to add early socket matching support.
++ *
++ * Copyright (C) 2007-2008 BalaBit IT Ltd.
++ */
++#include <stdio.h>
++#include <getopt.h>
++#include <iptables.h>
++
++static void socket_mt_help(void)
++{
++ printf("socket v%s has no options\n\n", IPTABLES_VERSION);
++}
++
++static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags,
++ const void *entry, struct xt_entry_match **match)
++{
++ return 0;
++}
++
++static void socket_mt_check(unsigned int flags)
++{
++}
++
++static struct xtables_match socket_mt_reg = {
++ .name = "socket",
++ .version = IPTABLES_VERSION,
++ .family = AF_INET,
++ .size = XT_ALIGN(0),
++ .userspacesize = XT_ALIGN(0),
++ .parse = socket_mt_parse,
++ .final_check = socket_mt_check,
++ .help = socket_mt_help,
++};
++
++void _init(void)
++{
++ xtables_register_match(&socket_mt_reg);
++}
--- extensions/libxt_TPROXY.c (revision 0)
+++ extensions/libxt_TPROXY.c (revision 0)
@@ -0,0 +1,155 @@
@@ -63,7 +107,7 @@
+{
+ struct in_addr *laddr;
+
-+ if ((laddr = numeric_to_ipaddr(s)) == NULL)
++ if ((laddr = dotted_to_addr(s)) == NULL)
+ exit_error(PARAMETER_PROBLEM, "bad --on-ip \"%s\"", s);
+ info->laddr = laddr->s_addr;
+}
@@ -132,7 +176,7 @@
+{
+ const struct xt_tproxy_target_info *info = (const void *)target->data;
+ printf("TPROXY redirect %s:%u mark 0x%x/0x%x",
-+ ipaddr_to_numeric((const struct in_addr *)&info->laddr),
++ addr_to_dotted((const struct in_addr *)&info->laddr),
+ ntohs(info->lport), (unsigned int)info->mark_value,
+ (unsigned int)info->mark_mask);
+}
@@ -143,7 +187,7 @@
+
+ printf("--on-port %u ", ntohs(info->lport));
+ printf("--on-ip %s ",
-+ ipaddr_to_numeric((const struct in_addr *)&info->laddr));
++ addr_to_dotted((const struct in_addr *)&info->laddr));
+ printf("--tproxy-mark 0x%x/0x%x ",
+ (unsigned int)info->mark_value, (unsigned int)info->mark_mask);
+}
@@ -166,50 +210,6 @@
+{
+ xtables_register_target(&tproxy_tg_reg);
+}
-Index: extensions/libxt_socket.c
-===================================================================
---- extensions/libxt_socket.c (revision 0)
-+++ extensions/libxt_socket.c (revision 0)
-@@ -0,0 +1,39 @@
-+/*
-+ * Shared library add-on to iptables to add early socket matching support.
-+ *
-+ * Copyright (C) 2007-2008 BalaBit IT Ltd.
-+ */
-+#include <stdio.h>
-+#include <getopt.h>
-+#include <iptables.h>
-+
-+static void socket_mt_help(void)
-+{
-+ printf("socket v%s has no options\n\n", IPTABLES_VERSION);
-+}
-+
-+static int socket_mt_parse(int c, char **argv, int invert, unsigned int *flags,
-+ const void *entry, struct xt_entry_match **match)
-+{
-+ return 0;
-+}
-+
-+static void socket_mt_check(unsigned int flags)
-+{
-+}
-+
-+static struct xtables_match socket_mt_reg = {
-+ .name = "socket",
-+ .version = IPTABLES_VERSION,
-+ .family = AF_INET,
-+ .size = XT_ALIGN(0),
-+ .userspacesize = XT_ALIGN(0),
-+ .parse = socket_mt_parse,
-+ .final_check = socket_mt_check,
-+ .help = socket_mt_help,
-+};
-+
-+void _init(void)
-+{
-+ xtables_register_match(&socket_mt_reg);
-+}
Index: include/linux/netfilter/xt_TPROXY.h
===================================================================
--- include/linux/netfilter/xt_TPROXY.h (revision 0)
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/iptables-tproxy.patch?r1=1.2&r2=1.3&f=u
More information about the pld-cvs-commit
mailing list