netfilter-2.6/iptables/trunk: extensions/Makefile
extensions/libip6t_NFQUEUE.c extensions/libip6t_NF...
pluto
cvs at pld-linux.org
Thu Jul 28 18:02:49 CEST 2005
Author: pluto
Date: Thu Jul 28 18:02:39 2005
New Revision: 6276
Added:
netfilter-2.6/iptables/trunk/extensions/libip6t_NFQUEUE.c
netfilter-2.6/iptables/trunk/extensions/libip6t_NFQUEUE.man
netfilter-2.6/iptables/trunk/extensions/libipt_NFQUEUE.c
netfilter-2.6/iptables/trunk/extensions/libipt_NFQUEUE.man
netfilter-2.6/iptables/trunk/include/linux/netfilter_ipv4/ipt_NFQUEUE.h
Modified:
netfilter-2.6/iptables/trunk/extensions/Makefile
netfilter-2.6/iptables/trunk/extensions/libip6t_length.c
netfilter-2.6/iptables/trunk/extensions/libip6t_physdev.c
netfilter-2.6/iptables/trunk/extensions/libipt_DNAT.c
netfilter-2.6/iptables/trunk/extensions/libipt_DSCP.c
netfilter-2.6/iptables/trunk/extensions/libipt_MASQUERADE.c
netfilter-2.6/iptables/trunk/extensions/libipt_SNAT.c
netfilter-2.6/iptables/trunk/extensions/libipt_TOS.c
netfilter-2.6/iptables/trunk/extensions/libipt_comment.c
netfilter-2.6/iptables/trunk/extensions/libipt_dscp.c
netfilter-2.6/iptables/trunk/extensions/libipt_physdev.c
netfilter-2.6/iptables/trunk/extensions/libipt_rpc.c
netfilter-2.6/iptables/trunk/extensions/libipt_tos.c
netfilter-2.6/iptables/trunk/extensions/libipt_ttl.c
netfilter-2.6/iptables/trunk/ip6tables.8.in
netfilter-2.6/iptables/trunk/ip6tables.c
netfilter-2.6/iptables/trunk/iptables.8.in
netfilter-2.6/iptables/trunk/iptables.c
netfilter-2.6/iptables/trunk/libipq/libipq.c
Log:
- current snapshot.
Modified: netfilter-2.6/iptables/trunk/extensions/Makefile
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/Makefile (original)
+++ netfilter-2.6/iptables/trunk/extensions/Makefile Thu Jul 28 18:02:39 2005
@@ -5,8 +5,8 @@
# header files are present in the include/linux directory of this iptables
# package (HW)
#
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
-PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner physdev standard tcp udp HL LOG MARK TRACE
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner physdev standard tcp udp HL LOG NFQUEUE MARK TRACE
# Optionals
PF_EXT_SLIB_OPTS:=$(foreach T,$(wildcard extensions/.*-test),$(shell KERNEL_DIR=$(KERNEL_DIR) $(T)))
Added: netfilter-2.6/iptables/trunk/extensions/libip6t_NFQUEUE.c
==============================================================================
--- (empty file)
+++ netfilter-2.6/iptables/trunk/extensions/libip6t_NFQUEUE.c Thu Jul 28 18:02:39 2005
@@ -0,0 +1,113 @@
+/* Shared library add-on to ip666666tables for NFQ
+ *
+ * (C) 2005 by Harald Welte <laforge at netfilter.org>
+ *
+ * This program is distributed under the terms of GNU GPL v2, 1991
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <ip6tables.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
+
+static void init(struct ip6t_entry_target *t, unsigned int *nfcache)
+{
+}
+
+static void help(void)
+{
+ printf(
+"NFQUEUE target options\n"
+" --queue-num value Send packet to QUEUE number <value>.\n"
+" Valid queue numbers are 0-65535\n"
+);
+}
+
+static struct option opts[] = {
+ { "queue-num", 1, 0, 'F' },
+ { 0 }
+};
+
+static void
+parse_num(const char *s, struct ipt_NFQ_info *tinfo)
+{
+ unsigned int num;
+
+ if (string_to_number(s, 0, 65535, &num) == -1)
+ exit_error(PARAMETER_PROBLEM,
+ "Invalid queue number `%s'\n", s);
+
+ tinfo->queuenum = num & 0xffff;
+ return;
+}
+
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+ const struct ip6t_entry *entry,
+ struct ip6t_entry_target **target)
+{
+ struct ipt_NFQ_info *tinfo
+ = (struct ipt_NFQ_info *)(*target)->data;
+
+ switch (c) {
+ case 'F':
+ if (*flags)
+ exit_error(PARAMETER_PROBLEM, "NFQUEUE target: "
+ "Only use --queue-num ONCE!");
+ parse_num(optarg, tinfo);
+ default:
+ return 0;
+ }
+
+ return 1;
+}
+
+static void
+final_check(unsigned int flags)
+{
+}
+
+/* Prints out the targinfo. */
+static void
+print(const struct ip6t_ip6 *ip,
+ const struct ip6t_entry_target *target,
+ int numeric)
+{
+ const struct ipt_NFQ_info *tinfo =
+ (const struct ipt_NFQ_info *)target->data;
+ printf("NFQUEUE num %u", tinfo->queuenum);
+}
+
+/* Saves the union ip6t_targinfo in parsable form to stdout. */
+static void
+save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
+{
+ const struct ipt_NFQ_info *tinfo =
+ (const struct ipt_NFQ_info *)target->data;
+
+ printf("--queue-num %u ", tinfo->queuenum);
+}
+
+static struct ip6tables_target nfqueue = {
+ .next = NULL,
+ .name = "NFQUEUE",
+ .version = IPTABLES_VERSION,
+ .size = IP6T_ALIGN(sizeof(struct ipt_NFQ_info)),
+ .userspacesize = IP6T_ALIGN(sizeof(struct ipt_NFQ_info)),
+ .help = &help,
+ .init = &init,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
+};
+
+void _init(void)
+{
+ register_target6(&nfqueue);
+}
Added: netfilter-2.6/iptables/trunk/extensions/libip6t_NFQUEUE.man
==============================================================================
--- (empty file)
+++ netfilter-2.6/iptables/trunk/extensions/libip6t_NFQUEUE.man Thu Jul 28 18:02:39 2005
@@ -0,0 +1,9 @@
+This target is an extension of the QUEUE target. As opposed to QUEUE, it allows
+you to put a packet into any specific queue, identified by its 16-bit queue
+number.
+.TP
+It can only be used with Kernel versions 2.6.14 or later, since it requires
+the
+.B
+nfnetlink_queue
+kernel support.
Modified: netfilter-2.6/iptables/trunk/extensions/libip6t_length.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libip6t_length.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libip6t_length.c Thu Jul 28 18:02:39 2005
@@ -30,7 +30,7 @@
parse_length(const char *s)
{
- int len;
+ unsigned int len;
if (string_to_number(s, 0, 0xFFFF, &len) == -1)
exit_error(PARAMETER_PROBLEM, "length invalid: `%s'\n", s);
Modified: netfilter-2.6/iptables/trunk/extensions/libip6t_physdev.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libip6t_physdev.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libip6t_physdev.c Thu Jul 28 18:02:39 2005
@@ -53,7 +53,8 @@
if (*flags & IP6T_PHYSDEV_OP_IN)
goto multiple_use;
check_inverse(optarg, &invert, &optind, 0);
- parse_interface(argv[optind-1], info->physindev, info->in_mask);
+ parse_interface(argv[optind-1], info->physindev,
+ (unsigned char *)info->in_mask);
if (invert)
info->invert |= IP6T_PHYSDEV_OP_IN;
info->bitmask |= IP6T_PHYSDEV_OP_IN;
@@ -65,7 +66,7 @@
goto multiple_use;
check_inverse(optarg, &invert, &optind, 0);
parse_interface(argv[optind-1], info->physoutdev,
- info->out_mask);
+ (unsigned char *)info->out_mask);
if (invert)
info->invert |= IP6T_PHYSDEV_OP_OUT;
info->bitmask |= IP6T_PHYSDEV_OP_OUT;
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_DNAT.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_DNAT.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_DNAT.c Thu Jul 28 18:02:39 2005
@@ -143,7 +143,8 @@
int portok;
if (entry->ip.proto == IPPROTO_TCP
- || entry->ip.proto == IPPROTO_UDP)
+ || entry->ip.proto == IPPROTO_UDP
+ || entry->ip.proto == IPPROTO_ICMP)
portok = 1;
else
portok = 0;
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_DSCP.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_DSCP.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_DSCP.c Thu Jul 28 18:02:39 2005
@@ -49,7 +49,7 @@
};
static void
-parse_dscp(const unsigned char *s, struct ipt_DSCP_info *dinfo)
+parse_dscp(const char *s, struct ipt_DSCP_info *dinfo)
{
unsigned int dscp;
@@ -67,7 +67,7 @@
static void
-parse_class(const unsigned char *s, struct ipt_DSCP_info *dinfo)
+parse_class(const char *s, struct ipt_DSCP_info *dinfo)
{
unsigned int dscp = class_to_dscp(s);
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_MASQUERADE.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_MASQUERADE.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_MASQUERADE.c Thu Jul 28 18:02:39 2005
@@ -81,7 +81,8 @@
= (struct ip_nat_multi_range *)(*target)->data;
if (entry->ip.proto == IPPROTO_TCP
- || entry->ip.proto == IPPROTO_UDP)
+ || entry->ip.proto == IPPROTO_UDP
+ || entry->ip.proto == IPPROTO_ICMP)
portok = 1;
else
portok = 0;
Added: netfilter-2.6/iptables/trunk/extensions/libipt_NFQUEUE.c
==============================================================================
--- (empty file)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_NFQUEUE.c Thu Jul 28 18:02:39 2005
@@ -0,0 +1,113 @@
+/* Shared library add-on to iptables for NFQ
+ *
+ * (C) 2005 by Harald Welte <laforge at netfilter.org>
+ *
+ * This program is distributed under the terms of GNU GPL v2, 1991
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <iptables.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
+
+static void init(struct ipt_entry_target *t, unsigned int *nfcache)
+{
+}
+
+static void help(void)
+{
+ printf(
+"NFQUEUE target options\n"
+" --queue-num value Send packet to QUEUE number <value>.\n"
+" Valid queue numbers are 0-65535\n"
+);
+}
+
+static struct option opts[] = {
+ { "queue-num", 1, 0, 'F' },
+ { 0 }
+};
+
+static void
+parse_num(const char *s, struct ipt_NFQ_info *tinfo)
+{
+ unsigned int num;
+
+ if (string_to_number(s, 0, 65535, &num) == -1)
+ exit_error(PARAMETER_PROBLEM,
+ "Invalid queue number `%s'\n", s);
+
+ tinfo->queuenum = num & 0xffff;
+ return;
+}
+
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+ const struct ipt_entry *entry,
+ struct ipt_entry_target **target)
+{
+ struct ipt_NFQ_info *tinfo
+ = (struct ipt_NFQ_info *)(*target)->data;
+
+ switch (c) {
+ case 'F':
+ if (*flags)
+ exit_error(PARAMETER_PROBLEM, "NFQUEUE target: "
+ "Only use --queue-num ONCE!");
+ parse_num(optarg, tinfo);
+ default:
+ return 0;
+ }
+
+ return 1;
+}
+
+static void
+final_check(unsigned int flags)
+{
+}
+
+/* Prints out the targinfo. */
+static void
+print(const struct ipt_ip *ip,
+ const struct ipt_entry_target *target,
+ int numeric)
+{
+ const struct ipt_NFQ_info *tinfo =
+ (const struct ipt_NFQ_info *)target->data;
+ printf("NFQUEUE num %u", tinfo->queuenum);
+}
+
+/* Saves the union ipt_targinfo in parsable form to stdout. */
+static void
+save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+{
+ const struct ipt_NFQ_info *tinfo =
+ (const struct ipt_NFQ_info *)target->data;
+
+ printf("--queue-num %u ", tinfo->queuenum);
+}
+
+static struct iptables_target nfqueue = {
+ .next = NULL,
+ .name = "NFQUEUE",
+ .version = IPTABLES_VERSION,
+ .size = IPT_ALIGN(sizeof(struct ipt_NFQ_info)),
+ .userspacesize = IPT_ALIGN(sizeof(struct ipt_NFQ_info)),
+ .help = &help,
+ .init = &init,
+ .parse = &parse,
+ .final_check = &final_check,
+ .print = &print,
+ .save = &save,
+ .extra_opts = opts
+};
+
+void _init(void)
+{
+ register_target(&nfqueue);
+}
Added: netfilter-2.6/iptables/trunk/extensions/libipt_NFQUEUE.man
==============================================================================
--- (empty file)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_NFQUEUE.man Thu Jul 28 18:02:39 2005
@@ -0,0 +1,9 @@
+This target is an extension of the QUEUE target. As opposed to QUEUE, it allows
+you to put a packet into any specific queue, identified by its 16-bit queue
+number.
+.TP
+It can only be used with Kernel versions 2.6.14 or later, since it requires
+the
+.B
+nfnetlink_queue
+kernel support.
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_SNAT.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_SNAT.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_SNAT.c Thu Jul 28 18:02:39 2005
@@ -143,7 +143,8 @@
int portok;
if (entry->ip.proto == IPPROTO_TCP
- || entry->ip.proto == IPPROTO_UDP)
+ || entry->ip.proto == IPPROTO_UDP
+ || entry->ip.proto == IPPROTO_ICMP)
portok = 1;
else
portok = 0;
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_TOS.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_TOS.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_TOS.c Thu Jul 28 18:02:39 2005
@@ -59,7 +59,7 @@
}
static void
-parse_tos(const unsigned char *s, struct ipt_tos_target_info *info)
+parse_tos(const char *s, struct ipt_tos_target_info *info)
{
unsigned int i, tos;
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_comment.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_comment.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_comment.c Thu Jul 28 18:02:39 2005
@@ -30,7 +30,7 @@
};
static void
-parse_comment(const unsigned char *s, struct ipt_comment_info *info)
+parse_comment(const char *s, struct ipt_comment_info *info)
{
int slen = strlen(s);
@@ -38,7 +38,7 @@
exit_error(PARAMETER_PROBLEM,
"COMMENT must be shorter than %i characters", IPT_MAX_COMMENT_LEN);
}
- strcpy(info->comment, s);
+ strcpy((char *)info->comment, s);
}
/* Function which parses command options; returns true if it
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_dscp.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_dscp.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_dscp.c Thu Jul 28 18:02:39 2005
@@ -46,7 +46,7 @@
};
static void
-parse_dscp(const unsigned char *s, struct ipt_dscp_info *dinfo)
+parse_dscp(const char *s, struct ipt_dscp_info *dinfo)
{
unsigned int dscp;
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_physdev.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_physdev.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_physdev.c Thu Jul 28 18:02:39 2005
@@ -53,7 +53,8 @@
if (*flags & IPT_PHYSDEV_OP_IN)
goto multiple_use;
check_inverse(optarg, &invert, &optind, 0);
- parse_interface(argv[optind-1], info->physindev, info->in_mask);
+ parse_interface(argv[optind-1], info->physindev,
+ (unsigned char *)info->in_mask);
if (invert)
info->invert |= IPT_PHYSDEV_OP_IN;
info->bitmask |= IPT_PHYSDEV_OP_IN;
@@ -65,7 +66,7 @@
goto multiple_use;
check_inverse(optarg, &invert, &optind, 0);
parse_interface(argv[optind-1], info->physoutdev,
- info->out_mask);
+ (unsigned char *)info->out_mask);
if (invert)
info->invert |= IPT_PHYSDEV_OP_OUT;
info->bitmask |= IPT_PHYSDEV_OP_OUT;
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_rpc.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_rpc.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_rpc.c Thu Jul 28 18:02:39 2005
@@ -89,7 +89,7 @@
}
-static int k_atoi(signed char *string)
+static int k_atoi(char *string)
{
unsigned int result = 0;
int maxoctet = IPT_RPC_CHAR_LEN;
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_tos.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_tos.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_tos.c Thu Jul 28 18:02:39 2005
@@ -48,10 +48,10 @@
};
static void
-parse_tos(const unsigned char *s, struct ipt_tos_info *info)
+parse_tos(const char *s, struct ipt_tos_info *info)
{
unsigned int i;
- unsigned int tos;
+ int tos;
if (string_to_number(s, 0, 255, &tos) != -1) {
if (tos == IPTOS_LOWDELAY
Modified: netfilter-2.6/iptables/trunk/extensions/libipt_ttl.c
==============================================================================
--- netfilter-2.6/iptables/trunk/extensions/libipt_ttl.c (original)
+++ netfilter-2.6/iptables/trunk/extensions/libipt_ttl.c Thu Jul 28 18:02:39 2005
@@ -1,7 +1,7 @@
/* Shared library add-on to iptables to add TTL matching support
* (C) 2000 by Harald Welte <laforge at gnumonks.org>
*
- * $Id: libipt_ttl.c 3687 2005-02-14 13:13:04Z /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=kaber/emailAddress=kaber at netfilter.org $
+ * $Id: libipt_ttl.c 4136 2005-07-19 22:03:49Z /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge at netfilter.org $
*
* This program is released under the terms of GNU GPL */
@@ -29,7 +29,7 @@
struct ipt_entry_match **match)
{
struct ipt_ttl_info *info = (struct ipt_ttl_info *) (*match)->data;
- int value;
+ unsigned int value;
check_inverse(optarg, &invert, &optind, 0);
Added: netfilter-2.6/iptables/trunk/include/linux/netfilter_ipv4/ipt_NFQUEUE.h
==============================================================================
--- (empty file)
+++ netfilter-2.6/iptables/trunk/include/linux/netfilter_ipv4/ipt_NFQUEUE.h Thu Jul 28 18:02:39 2005
@@ -0,0 +1,16 @@
+/* iptables module for using NFQUEUE mechanism
+ *
+ * (C) 2005 Harald Welte <laforge at netfilter.org>
+ *
+ * This software is distributed under GNU GPL v2, 1991
+ *
+*/
+#ifndef _IPT_NFQ_TARGET_H
+#define _IPT_NFQ_TARGET_H
+
+/* target info */
+struct ipt_NFQ_info {
+ u_int16_t queuenum;
+};
+
+#endif /* _IPT_DSCP_TARGET_H */
Modified: netfilter-2.6/iptables/trunk/ip6tables.8.in
==============================================================================
--- netfilter-2.6/iptables/trunk/ip6tables.8.in (original)
+++ netfilter-2.6/iptables/trunk/ip6tables.8.in Thu Jul 28 18:02:39 2005
@@ -73,7 +73,19 @@
.I DROP
means to drop the packet on the floor.
.I QUEUE
-means to pass the packet to userspace (if supported by the kernel).
+means to pass the packet to userspace. (How the packet can be received
+by a userspace process differs by the particular queue handler. 2.4.x
+and 2.6.x kernels up to 2.6.13 include the
+.B
+ip_queue
+queue handler. Kernels 2.6.14 and later additionally include the
+.B
+nfnetlink_queue
+queue handler. Packets with a target of QUEUE will be sent to queue number '0'
+in this case. Please also see the
+.B
+NFQUEUE
+target as described later in this man page.)
.I RETURN
means stop traversing this chain and resume at the next rule in the
previous (calling) chain. If the end of a built-in chain is reached
@@ -426,7 +438,8 @@
.BR ip6tables-restore(8),
.BR iptables (8),
.BR iptables-save (8),
-.BR iptables-restore (8).
+.BR iptables-restore (8),
+.BR libipq (3).
.P
The packet-filtering-HOWTO details iptables usage for
packet filtering, the NAT-HOWTO details NAT,
@@ -448,7 +461,7 @@
.PP
Jozsef Kadlecsik wrote the REJECT target.
.PP
-Harald Welte wrote the ULOG target, TTL match+target and libipulog.
+Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, aswell as TTL match+target and libipulog.
.PP
The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef Kadlecsik,
James Morris, Harald Welte and Rusty Russell.
Modified: netfilter-2.6/iptables/trunk/ip6tables.c
==============================================================================
--- netfilter-2.6/iptables/trunk/ip6tables.c (original)
+++ netfilter-2.6/iptables/trunk/ip6tables.c Thu Jul 28 18:02:39 2005
@@ -430,7 +430,8 @@
}
static void
-add_command(int *cmd, const int newcmd, const int othercmds, int invert)
+add_command(unsigned int *cmd, const int newcmd, const int othercmds,
+ int invert)
{
if (invert)
exit_error(PARAMETER_PROBLEM, "unexpected ! flag");
Modified: netfilter-2.6/iptables/trunk/iptables.8.in
==============================================================================
--- netfilter-2.6/iptables/trunk/iptables.8.in (original)
+++ netfilter-2.6/iptables/trunk/iptables.8.in Thu Jul 28 18:02:39 2005
@@ -71,7 +71,19 @@
.I DROP
means to drop the packet on the floor.
.I QUEUE
-means to pass the packet to userspace (if supported by the kernel).
+means to pass the packet to userspace. (How the packet can be received
+by a userspace process differs by the particular queue handler. 2.4.x
+and 2.6.x kernels up to 2.6.13 include the
+.B
+ip_queue
+queue handler. Kernels 2.6.14 and later additionally include the
+.B
+nfnetlink_queue
+queue handler. Packets with a target of QUEUE will be sent to queue number '0'
+in this case. Please also see the
+.B
+NFQUEUE
+target as described later in this man page.)
.I RETURN
means stop traversing this chain and resume at the next rule in the
previous (calling) chain. If the end of a built-in chain is reached
@@ -440,7 +452,8 @@
.BR iptables-restore (8),
.BR ip6tables (8),
.BR ip6tables-save (8),
-.BR ip6tables-restore (8).
+.BR ip6tables-restore (8),
+.BR libipq (3).
.P
The packet-filtering-HOWTO details iptables usage for
packet filtering, the NAT-HOWTO details NAT,
@@ -451,7 +464,7 @@
See
.BR "http://www.netfilter.org/" .
.SH AUTHORS
-Rusty Russell wrote iptables, in early consultation with Michael
+Rusty Russell originally wrote iptables, in early consultation with Michael
Neuling.
.PP
Marc Boucher made Rusty abandon ipnatctl by lobbying for a generic packet
@@ -462,12 +475,12 @@
.PP
Jozsef Kadlecsik wrote the REJECT target.
.PP
-Harald Welte wrote the ULOG target, TTL, DSCP, ECN matches and targets.
+Harald Welte wrote the ULOG and NFQUEUE target, the new libiptc, as well as the TTL, DSCP, ECN matches and targets.
.PP
The Netfilter Core Team is: Marc Boucher, Martin Josefsson, Jozsef Kadlecsik,
Patrick McHardy, James Morris, Harald Welte and Rusty Russell.
.PP
-Man page written by Herve Eychenne <rv at wallfire.org>.
+Man page originally written by Herve Eychenne <rv at wallfire.org>.
.\" .. and did I mention that we are incredibly cool people?
.\" .. sexy, too ..
.\" .. witty, charming, powerful ..
Modified: netfilter-2.6/iptables/trunk/iptables.c
==============================================================================
--- netfilter-2.6/iptables/trunk/iptables.c (original)
+++ netfilter-2.6/iptables/trunk/iptables.c Thu Jul 28 18:02:39 2005
@@ -484,7 +484,8 @@
}
static void
-add_command(int *cmd, const int newcmd, const int othercmds, int invert)
+add_command(unsigned int *cmd, const int newcmd, const int othercmds,
+ int invert)
{
if (invert)
exit_error(PARAMETER_PROBLEM, "unexpected ! flag");
Modified: netfilter-2.6/iptables/trunk/libipq/libipq.c
==============================================================================
--- netfilter-2.6/iptables/trunk/libipq/libipq.c (original)
+++ netfilter-2.6/iptables/trunk/libipq/libipq.c Thu Jul 28 18:02:39 2005
@@ -122,7 +122,8 @@
unsigned char *buf, size_t len,
int timeout)
{
- int addrlen, status;
+ unsigned int addrlen;
+ int status;
struct nlmsghdr *nlh;
if (len < sizeof(struct nlmsgerr)) {
More information about the pld-cvs-commit
mailing list