SOURCES (LINUX_2_6): linux-2.6-nf-goto.patch (NEW), iptables-nf-go...
cieciwa
cieciwa at pld-linux.org
Thu Sep 15 09:49:30 CEST 2005
Author: cieciwa Date: Thu Sep 15 07:49:30 2005 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- [extra] goto - kernel and iptables patch.
---- Files affected:
SOURCES:
linux-2.6-nf-goto.patch (NONE -> 1.1.2.1) (NEW), iptables-nf-goto.patch (NONE -> 1.1.2.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-nf-goto.patch
diff -u /dev/null SOURCES/linux-2.6-nf-goto.patch:1.1.2.1
--- /dev/null Thu Sep 15 09:49:30 2005
+++ SOURCES/linux-2.6-nf-goto.patch Thu Sep 15 09:49:25 2005
@@ -0,0 +1,29 @@
+ include/linux/netfilter_ipv4/ip_tables.h | 3 ++-
+ net/ipv4/netfilter/ip_tables.c | 2 +-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+diff -Nur --exclude '*.orig' linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_tables.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_tables.h
+--- linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_tables.h 2005-09-10 04:42:58.000000000 +0200
++++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_tables.h 2005-09-15 09:36:53.000000000 +0200
+@@ -109,7 +109,8 @@
+
+ /* Values for "flag" field in struct ipt_ip (general ip structure). */
+ #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
+-#define IPT_F_MASK 0x01 /* All possible flag bits mask. */
++#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
++#define IPT_F_MASK 0x03 /* All possible flag bits mask. */
+
+ /* Values for "inv" field in struct ipt_ip. */
+ #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
+diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv4/netfilter/ip_tables.c linux-2.6.13.1/net/ipv4/netfilter/ip_tables.c
+--- linux-2.6.13.1.org/net/ipv4/netfilter/ip_tables.c 2005-09-10 04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv4/netfilter/ip_tables.c 2005-09-15 09:36:53.000000000 +0200
+@@ -342,7 +342,7 @@
+ continue;
+ }
+ if (table_base + v
+- != (void *)e + e->next_offset) {
++ != (void *)e + e->next_offset && !(e->ip.flags & IPT_F_GOTO)) {
+ /* Save old back ptr in next entry */
+ struct ipt_entry *next
+ = (void *)e + e->next_offset;
================================================================
Index: SOURCES/iptables-nf-goto.patch
diff -u /dev/null SOURCES/iptables-nf-goto.patch:1.1.2.1
--- /dev/null Thu Sep 15 09:49:30 2005
+++ SOURCES/iptables-nf-goto.patch Thu Sep 15 09:49:25 2005
@@ -0,0 +1,109 @@
+ iptables-save.c | 2 +-
+ iptables.8.in | 10 +++++++++-
+ iptables.c | 24 +++++++++++++++++++++++-
+ 3 files changed, 33 insertions(+), 3 deletions(-)
+
+diff -Nur --exclude '*.orig' iptables.org/iptables-save.c iptables/iptables-save.c
+--- iptables.org/iptables-save.c 2005-09-15 08:05:41.000000000 +0200
++++ iptables/iptables-save.c 2005-09-15 09:36:53.000000000 +0200
+@@ -197,7 +197,7 @@
+ /* Print target name */
+ target_name = iptc_get_target(e, h);
+ if (target_name && (*target_name != '\0'))
+- printf("-j %s ", target_name);
++ printf("-%c %s ", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name);
+
+ /* Print targinfo part */
+ t = ipt_get_target((struct ipt_entry *)e);
+diff -Nur --exclude '*.orig' iptables.org/iptables.8.in iptables/iptables.8.in
+--- iptables.org/iptables.8.in 2005-09-15 08:05:41.000000000 +0200
++++ iptables/iptables.8.in 2005-09-15 09:36:53.000000000 +0200
+@@ -296,10 +296,18 @@
+ the fate of the packet immediately, or an extension (see
+ .B EXTENSIONS
+ below). If this
+-option is omitted in a rule, then matching the rule will have no
++option is omitted in a rule (and
++.B -g
++is not used), then matching the rule will have no
+ effect on the packet's fate, but the counters on the rule will be
+ incremented.
+ .TP
++.BI "-g, --goto " "chain"
++This specifies that the processing should continue in a user
++specified chain. Unlike the --jump option return will not continue
++processing in this chain but instead in the chain that called us via
++--jump.
++.TP
+ .BR "-i, --in-interface " "[!] \fIname\fP"
+ Name of an interface via which a packet was received (only for
+ packets entering the
+diff -Nur --exclude '*.orig' iptables.org/iptables.c iptables/iptables.c
+--- iptables.org/iptables.c 2005-09-15 08:05:41.000000000 +0200
++++ iptables/iptables.c 2005-09-15 09:36:53.000000000 +0200
+@@ -134,6 +134,7 @@
+ { "line-numbers", 0, 0, '0' },
+ { "modprobe", 1, 0, 'M' },
+ { "set-counters", 1, 0, 'c' },
++ { "goto", 1, 0, 'g' },
+ { 0 }
+ };
+
+@@ -399,6 +400,10 @@
+ " network interface name ([+] for wildcard)\n"
+ " --jump -j target\n"
+ " target for rule (may load target extension)\n"
++#ifdef IPT_F_GOTO
++" --goto -g chain\n"
++" jump to chain with no return\n"
++#endif
+ " --match -m match\n"
+ " extended match (may load extension)\n"
+ " --numeric -n numeric output of addresses and ports\n"
+@@ -1407,6 +1412,9 @@
+ if (format & FMT_NOTABLE)
+ fputs(" ", stdout);
+
++ if(fw->ip.flags & IPT_F_GOTO)
++ printf("[goto] ");
++
+ IPT_MATCH_ITERATE(fw, print_match, &fw->ip, format & FMT_NUMERIC);
+
+ if (target) {
+@@ -1849,7 +1857,7 @@
+ opterr = 0;
+
+ while ((c = getopt_long(argc, argv,
+- "-A:D:R:I:L::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:",
++ "-A:D:R:I:L::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:",
+ opts, NULL)) != -1) {
+ switch (c) {
+ /*
+@@ -2017,6 +2025,15 @@
+ dhostnetworkmask = argv[optind-1];
+ break;
+
++#ifdef IPT_F_GOTO
++ case 'g':
++ set_option(&options, OPT_JUMP, &fw.ip.invflags,
++ invert);
++ fw.ip.flags |= IPT_F_GOTO;
++ jumpto = parse_target(optarg);
++ break;
++#endif
++
+ case 'j':
+ set_option(&options, OPT_JUMP, &fw.ip.invflags,
+ invert);
+@@ -2369,6 +2386,11 @@
+ * We cannot know if the plugin is corrupt, non
+ * existant OR if the user just misspelled a
+ * chain. */
++#ifdef IPT_F_GOTO
++ if (fw.ip.flags & IPT_F_GOTO)
++ exit_error(PARAMETER_PROBLEM,
++ "goto '%s' is not a chain\n", jumpto);
++#endif
+ find_target(jumpto, LOAD_MUST_SUCCEED);
+ } else {
+ e = generate_entry(&fw, matches, target->t);
================================================================
More information about the pld-cvs-commit
mailing list