SOURCES: iptables-connbytes-xtables.patch (NEW) - converting from ...
cieciwa
cieciwa at pld-linux.org
Tue Apr 4 11:23:58 CEST 2006
Author: cieciwa Date: Tue Apr 4 09:23:58 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- converting from iptables to xtables for connbytes.
---- Files affected:
SOURCES:
iptables-connbytes-xtables.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/iptables-connbytes-xtables.patch
diff -u /dev/null SOURCES/iptables-connbytes-xtables.patch:1.1
--- /dev/null Tue Apr 4 11:23:58 2006
+++ SOURCES/iptables-connbytes-xtables.patch Tue Apr 4 11:23:53 2006
@@ -0,0 +1,167 @@
+diff -Nur iptables-1.3.5.org/extensions/.connbytes-test iptables-1.3.5/extensions/.connbytes-test
+--- iptables-1.3.5.org/extensions/.connbytes-test 2004-10-10 11:56:26.000000000 +0200
++++ iptables-1.3.5/extensions/.connbytes-test 2006-04-04 10:49:32.000000000 +0200
+@@ -1,2 +1,2 @@
+ #! /bin/sh
+-[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_connbytes.c ] && echo connbytes
++[ -f $KERNEL_DIR/net/netfilter/xt_connbytes.c ] && echo connbytes
+diff -Nur iptables-1.3.5.org/extensions/libipt_connbytes.c iptables-1.3.5/extensions/libipt_connbytes.c
+--- iptables-1.3.5.org/extensions/libipt_connbytes.c 2006-01-30 09:43:11.000000000 +0100
++++ iptables-1.3.5/extensions/libipt_connbytes.c 2006-04-04 11:16:08.000000000 +0200
+@@ -6,7 +6,7 @@
+ #include <getopt.h>
+ #include <iptables.h>
+ #include <linux/netfilter_ipv4/ip_conntrack.h>
+-#include <linux/netfilter_ipv4/ipt_connbytes.h>
++#include <linux/netfilter/xt_connbytes.h>
+
+ /* Function which prints out usage message. */
+ static void
+@@ -28,7 +28,7 @@
+ };
+
+ static void
+-parse_range(const char *arg, struct ipt_connbytes_info *si)
++parse_range(const char *arg, struct xt_connbytes_info *si)
+ {
+ char *colon,*p;
+
+@@ -53,7 +53,7 @@
+ unsigned int *nfcache,
+ struct ipt_entry_match **match)
+ {
+- struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)(*match)->data;
++ struct xt_connbytes_info *sinfo = (struct xt_connbytes_info *)(*match)->data;
+ unsigned long i;
+
+ switch (c) {
+@@ -71,11 +71,11 @@
+ break;
+ case '2':
+ if (!strcmp(optarg, "original"))
+- sinfo->direction = IPT_CONNBYTES_DIR_ORIGINAL;
++ sinfo->direction = XT_CONNBYTES_DIR_ORIGINAL;
+ else if (!strcmp(optarg, "reply"))
+- sinfo->direction = IPT_CONNBYTES_DIR_REPLY;
++ sinfo->direction = XT_CONNBYTES_DIR_REPLY;
+ else if (!strcmp(optarg, "both"))
+- sinfo->direction = IPT_CONNBYTES_DIR_BOTH;
++ sinfo->direction = XT_CONNBYTES_DIR_BOTH;
+ else
+ exit_error(PARAMETER_PROBLEM,
+ "Unknown --connbytes-dir `%s'", optarg);
+@@ -84,11 +84,11 @@
+ break;
+ case '3':
+ if (!strcmp(optarg, "packets"))
+- sinfo->what = IPT_CONNBYTES_PKTS;
++ sinfo->what = XT_CONNBYTES_PKTS;
+ else if (!strcmp(optarg, "bytes"))
+- sinfo->what = IPT_CONNBYTES_BYTES;
++ sinfo->what = XT_CONNBYTES_BYTES;
+ else if (!strcmp(optarg, "avgpkt"))
+- sinfo->what = IPT_CONNBYTES_AVGPKT;
++ sinfo->what = XT_CONNBYTES_AVGPKT;
+ else
+ exit_error(PARAMETER_PROBLEM,
+ "Unknown --connbytes-mode `%s'", optarg);
+@@ -108,16 +108,16 @@
+ "`--connbytes-dir' and `--connbytes-mode'");
+ }
+
+-static void print_mode(struct ipt_connbytes_info *sinfo)
++static void print_mode(struct xt_connbytes_info *sinfo)
+ {
+ switch (sinfo->what) {
+- case IPT_CONNBYTES_PKTS:
++ case XT_CONNBYTES_PKTS:
+ fputs("packets ", stdout);
+ break;
+- case IPT_CONNBYTES_BYTES:
++ case XT_CONNBYTES_BYTES:
+ fputs("bytes ", stdout);
+ break;
+- case IPT_CONNBYTES_AVGPKT:
++ case XT_CONNBYTES_AVGPKT:
+ fputs("avgpkt ", stdout);
+ break;
+ default:
+@@ -126,16 +126,16 @@
+ }
+ }
+
+-static void print_direction(struct ipt_connbytes_info *sinfo)
++static void print_direction(struct xt_connbytes_info *sinfo)
+ {
+ switch (sinfo->direction) {
+- case IPT_CONNBYTES_DIR_ORIGINAL:
++ case XT_CONNBYTES_DIR_ORIGINAL:
+ fputs("original ", stdout);
+ break;
+- case IPT_CONNBYTES_DIR_REPLY:
++ case XT_CONNBYTES_DIR_REPLY:
+ fputs("reply ", stdout);
+ break;
+- case IPT_CONNBYTES_DIR_BOTH:
++ case XT_CONNBYTES_DIR_BOTH:
+ fputs("both ", stdout);
+ break;
+ default:
+@@ -150,7 +150,7 @@
+ const struct ipt_entry_match *match,
+ int numeric)
+ {
+- struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)match->data;
++ struct xt_connbytes_info *sinfo = (struct xt_connbytes_info *)match->data;
+
+ if (sinfo->count.from > sinfo->count.to)
+ printf("connbytes ! %llu:%llu ", sinfo->count.to,
+@@ -169,7 +169,7 @@
+ /* Saves the matchinfo in parsable form to stdout. */
+ static void save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
+ {
+- struct ipt_connbytes_info *sinfo = (struct ipt_connbytes_info *)match->data;
++ struct xt_connbytes_info *sinfo = (struct xt_connbytes_info *)match->data;
+
+ if (sinfo->count.from > sinfo->count.to)
+ printf("! --connbytes %llu:%llu ", sinfo->count.to,
+@@ -189,8 +189,8 @@
+ .next = NULL,
+ .name = "connbytes",
+ .version = IPTABLES_VERSION,
+- .size = IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
+- .userspacesize = IPT_ALIGN(sizeof(struct ipt_connbytes_info)),
++ .size = IPT_ALIGN(sizeof(struct xt_connbytes_info)),
++ .userspacesize = IPT_ALIGN(sizeof(struct xt_connbytes_info)),
+ .help = &help,
+ .parse = &parse,
+ .final_check = &final_check,
+diff -Nur iptables-1.3.5.org/include/linux/netfilter/xt_connbytes.h iptables-1.3.5/include/linux/netfilter/xt_connbytes.h
+--- iptables-1.3.5.org/include/linux/netfilter/xt_connbytes.h 1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.3.5/include/linux/netfilter/xt_connbytes.h 2006-03-28 08:49:02.000000000 +0200
+@@ -0,0 +1,25 @@
++#ifndef _XT_CONNBYTES_H
++#define _XT_CONNBYTES_H
++
++enum xt_connbytes_what {
++ XT_CONNBYTES_PKTS,
++ XT_CONNBYTES_BYTES,
++ XT_CONNBYTES_AVGPKT,
++};
++
++enum xt_connbytes_direction {
++ XT_CONNBYTES_DIR_ORIGINAL,
++ XT_CONNBYTES_DIR_REPLY,
++ XT_CONNBYTES_DIR_BOTH,
++};
++
++struct xt_connbytes_info
++{
++ struct {
++ aligned_u64 from; /* count to be matched */
++ aligned_u64 to; /* count to be matched */
++ } count;
++ u_int8_t what; /* ipt_connbytes_what */
++ u_int8_t direction; /* ipt_connbytes_direction */
++};
++#endif
================================================================
More information about the pld-cvs-commit
mailing list