Author: cieciwa Date: Tue Sep 13 17:52:44 2005 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- snap 2005.09.13,
- ip_set requires checking.
---- Files affected:
SOURCES:
linux-2.6-pom-ng-branch.diff (1.1.2.22 -> 1.1.2.23)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-pom-ng-branch.diff
diff -u SOURCES/linux-2.6-pom-ng-branch.diff:1.1.2.22
SOURCES/linux-2.6-pom-ng-branch.diff:1.1.2.23
--- SOURCES/linux-2.6-pom-ng-branch.diff:1.1.2.22 Mon Sep 5 23:37:58 2005
+++ SOURCES/linux-2.6-pom-ng-branch.diff Tue Sep 13 19:52:36 2005
@@ -1,2021 +1,1083 @@
- include/linux/netfilter.h | 2
- include/linux/netfilter/ipv4/nf_conntrack_icmp.h | 17
- include/linux/netfilter/ipv4/nf_conntrack_ipv4.h | 40
- include/linux/netfilter/ipv6/nf_conntrack_icmpv6.h | 27
- include/linux/netfilter/nf_conntrack.h | 302 ++
- include/linux/netfilter/nf_conntrack_core.h | 72
- include/linux/netfilter/nf_conntrack_ftp.h | 59
- include/linux/netfilter/nf_conntrack_helper.h | 50
- include/linux/netfilter/nf_conntrack_l3proto.h | 93
- include/linux/netfilter/nf_conntrack_protocol.h | 105
- include/linux/netfilter/nf_conntrack_sctp.h | 30
- include/linux/netfilter/nf_conntrack_tcp.h | 63
- include/linux/netfilter/nf_conntrack_tuple.h | 201 +
- include/linux/netfilter/nfnetlink.h | 145 +
- include/linux/netfilter_ipv4.h | 28
- include/linux/netfilter_ipv4/ip_conntrack.h | 161 +
- include/linux/netfilter_ipv4/ip_conntrack_core.h | 15
- include/linux/netfilter_ipv4/ip_conntrack_h323.h | 38
- include/linux/netfilter_ipv4/ip_conntrack_mms.h | 36
- include/linux/netfilter_ipv4/ip_conntrack_pptp.h | 336 +++
- include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h | 114 +
- include/linux/netfilter_ipv4/ip_conntrack_protocol.h | 2
- include/linux/netfilter_ipv4/ip_conntrack_quake3.h | 22
- include/linux/netfilter_ipv4/ip_conntrack_tuple.h | 6
- include/linux/netfilter_ipv4/ip_nat_pptp.h | 11
- include/linux/netfilter_ipv4/ip_queue.h | 13
- include/linux/netfilter_ipv4/ip_set.h | 489 ++++
- include/linux/netfilter_ipv4/ip_set_iphash.h | 30
- include/linux/netfilter_ipv4/ip_set_ipmap.h | 56
- include/linux/netfilter_ipv4/ip_set_iptree.h | 39
- include/linux/netfilter_ipv4/ip_set_jhash.h | 148 +
- include/linux/netfilter_ipv4/ip_set_macipmap.h | 38
- include/linux/netfilter_ipv4/ip_set_malloc.h | 34
- include/linux/netfilter_ipv4/ip_set_nethash.h | 55
- include/linux/netfilter_ipv4/ip_set_portmap.h | 25
- include/linux/netfilter_ipv4/ip_set_prime.h | 34
- include/linux/netfilter_ipv4/ip_tables.h | 14
- include/linux/netfilter_ipv4/ipt_ACCOUNT.h | 100
- include/linux/netfilter_ipv4/ipt_CLUSTERIP.h | 2
- include/linux/netfilter_ipv4/ipt_IPMARK.h | 13
- include/linux/netfilter_ipv4/ipt_ROUTE.h | 23
- include/linux/netfilter_ipv4/ipt_TTL.h | 21
- include/linux/netfilter_ipv4/ipt_XOR.h | 9
- include/linux/netfilter_ipv4/ipt_account.h | 26
- include/linux/netfilter_ipv4/ipt_addrtype.h | 4
- include/linux/netfilter_ipv4/ipt_connlimit.h | 12
- include/linux/netfilter_ipv4/ipt_fuzzy.h | 21
- include/linux/netfilter_ipv4/ipt_geoip.h | 50
- include/linux/netfilter_ipv4/ipt_ipp2p.h | 29
- include/linux/netfilter_ipv4/ipt_ipv4options.h | 21
- include/linux/netfilter_ipv4/ipt_layer7.h | 26
- include/linux/netfilter_ipv4/ipt_nth.h | 19
- include/linux/netfilter_ipv4/ipt_osf.h | 151 +
- include/linux/netfilter_ipv4/ipt_policy.h | 52
- include/linux/netfilter_ipv4/ipt_psd.h | 40
- include/linux/netfilter_ipv4/ipt_quota.h | 12
- include/linux/netfilter_ipv4/ipt_recent.h | 2
- include/linux/netfilter_ipv4/ipt_set.h | 21
- include/linux/netfilter_ipv4/ipt_string.h | 21
- include/linux/netfilter_ipv4/ipt_time.h | 18
- include/linux/netfilter_ipv4/ipt_u32.h | 40
- include/linux/netfilter_ipv6.h | 3
- include/linux/netfilter_ipv6/ip6t_HL.h | 22
- include/linux/netfilter_ipv6/ip6t_REJECT.h | 18
- include/linux/netfilter_ipv6/ip6t_ROUTE.h | 23
- include/linux/netfilter_ipv6/ip6t_fuzzy.h | 21
- include/linux/netfilter_ipv6/ip6t_nth.h | 19
- include/linux/netfilter_ipv6/ip6t_policy.h | 52
- include/linux/netlink.h | 1
- include/linux/skbuff.h | 19
- include/linux/sysctl.h | 37
- net/Kconfig | 1
- net/Makefile | 1
- net/core/skbuff.c | 11
- net/ipv4/netfilter/Kconfig | 574 +++++
- net/ipv4/netfilter/Makefile | 69
- net/ipv4/netfilter/asn1_per.c | 353 +++
- net/ipv4/netfilter/asn1_per.h | 83
- net/ipv4/netfilter/ip_conntrack_core.c | 50
- net/ipv4/netfilter/ip_conntrack_ftp.c | 12
- net/ipv4/netfilter/ip_conntrack_h323.c | 447 ++++
- net/ipv4/netfilter/ip_conntrack_h323_core.c | 37
- net/ipv4/netfilter/ip_conntrack_h323_h225.c | 405 +++
- net/ipv4/netfilter/ip_conntrack_h323_h245.c | 959 ++++++++
- net/ipv4/netfilter/ip_conntrack_mms.c | 352 +++
- net/ipv4/netfilter/ip_conntrack_pptp.c | 790 +++++++
- net/ipv4/netfilter/ip_conntrack_pptp_priv.h | 24
- net/ipv4/netfilter/ip_conntrack_proto_generic.c | 2
- net/ipv4/netfilter/ip_conntrack_proto_gre.c | 369 +++
- net/ipv4/netfilter/ip_conntrack_proto_icmp.c | 3
- net/ipv4/netfilter/ip_conntrack_proto_sctp.c | 4
- net/ipv4/netfilter/ip_conntrack_proto_tcp.c | 6
- net/ipv4/netfilter/ip_conntrack_proto_udp.c | 5
- net/ipv4/netfilter/ip_conntrack_quake3.c | 202 +
- net/ipv4/netfilter/ip_conntrack_standalone.c | 14
- net/ipv4/netfilter/ip_nat_h323.c | 196 +
- net/ipv4/netfilter/ip_nat_mms.c | 195 +
- net/ipv4/netfilter/ip_nat_pptp.c | 388 +++
- net/ipv4/netfilter/ip_nat_proto_gre.c | 214 +
- net/ipv4/netfilter/ip_nat_quake3.c | 97
- net/ipv4/netfilter/ip_queue.c | 35
- net/ipv4/netfilter/ip_set.c | 1989
++++++++++++++++++
- net/ipv4/netfilter/ip_set_iphash.c | 379 +++
- net/ipv4/netfilter/ip_set_ipmap.c | 313 ++
- net/ipv4/netfilter/ip_set_iptree.c | 510 ++++
- net/ipv4/netfilter/ip_set_macipmap.c | 338 +++
- net/ipv4/netfilter/ip_set_nethash.c | 449 ++++
- net/ipv4/netfilter/ip_set_portmap.c | 325 ++
- net/ipv4/netfilter/ip_tables.c | 2
- net/ipv4/netfilter/ipt_ACCOUNT.c | 1103 +++++++++
- net/ipv4/netfilter/ipt_CLASSIFY.c | 31
- net/ipv4/netfilter/ipt_CLUSTERIP.c | 7
- net/ipv4/netfilter/ipt_IPMARK.c | 81
- net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c | 89
- net/ipv4/netfilter/ipt_REJECT.c | 147 +
- net/ipv4/netfilter/ipt_ROUTE.c | 464 ++++
- net/ipv4/netfilter/ipt_SET.c | 128 +
- net/ipv4/netfilter/ipt_TARPIT.c | 295 ++
- net/ipv4/netfilter/ipt_TTL.c | 120 +
- net/ipv4/netfilter/ipt_ULOG.c | 4
- net/ipv4/netfilter/ipt_XOR.c | 117 +
- net/ipv4/netfilter/ipt_account.c | 937 ++++++++
- net/ipv4/netfilter/ipt_addrtype.c | 4
- net/ipv4/netfilter/ipt_connlimit.c | 228 ++
- net/ipv4/netfilter/ipt_fuzzy.c | 185 +
- net/ipv4/netfilter/ipt_geoip.c | 275 ++
- net/ipv4/netfilter/ipt_ipp2p.c | 644 +++++
- net/ipv4/netfilter/ipt_iprange.c | 12
- net/ipv4/netfilter/ipt_ipv4options.c | 172 +
- net/ipv4/netfilter/ipt_layer7.c | 552 ++++
- net/ipv4/netfilter/ipt_nth.c | 166 +
- net/ipv4/netfilter/ipt_osf.c | 854 +++++++
- net/ipv4/netfilter/ipt_policy.c | 176 +
- net/ipv4/netfilter/ipt_psd.c | 358 +++
- net/ipv4/netfilter/ipt_quota.c | 96
- net/ipv4/netfilter/ipt_realm.c | 12
- net/ipv4/netfilter/ipt_recent.c | 11
- net/ipv4/netfilter/ipt_set.c | 112 +
- net/ipv4/netfilter/ipt_string.c | 183 +
- net/ipv4/netfilter/ipt_time.c | 179 +
- net/ipv4/netfilter/ipt_u32.c | 233 ++
- net/ipv4/netfilter/ipt_unclean.c | 611 +++++
- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 549 ++++
- net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 299 ++
- net/ipv4/netfilter/regexp/regexp.c | 1195 ++++++++++
- net/ipv4/netfilter/regexp/regexp.h | 40
- net/ipv4/netfilter/regexp/regmagic.h | 5
- net/ipv4/netfilter/regexp/regsub.c | 95
- net/ipv6/ip6_output.c | 6
- net/ipv6/ipv6_syms.c | 2
- net/ipv6/netfilter/Kconfig | 109
- net/ipv6/netfilter/Makefile | 14
- net/ipv6/netfilter/ip6t_HL.c | 111 +
- net/ipv6/netfilter/ip6t_REJECT.c | 304 ++
- net/ipv6/netfilter/ip6t_ROUTE.c | 308 ++
- net/ipv6/netfilter/ip6t_ULOG.c | 142 +
- net/ipv6/netfilter/ip6t_fuzzy.c | 188 +
- net/ipv6/netfilter/ip6t_nth.c | 173 +
- net/ipv6/netfilter/ip6t_policy.c | 200 +
- net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 630 +++++
- net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 271 ++
- net/ipv6/netfilter/nf_conntrack_reasm.c | 887 ++++++++
- net/netfilter/Kconfig | 74
- net/netfilter/Makefile | 9
- net/netfilter/nf_conntrack_core.c | 1390 ++++++++++++
- net/netfilter/nf_conntrack_ftp.c | 690 ++++++
- net/netfilter/nf_conntrack_l3proto_generic.c | 99
- net/netfilter/nf_conntrack_proto_generic.c | 85
- net/netfilter/nf_conntrack_proto_sctp.c | 668 ++++++
- net/netfilter/nf_conntrack_proto_tcp.c | 1146 ++++++++++
- net/netfilter/nf_conntrack_proto_udp.c | 212 +
- net/netfilter/nf_conntrack_standalone.c | 821 +++++++
- net/netfilter/nfnetlink.c | 343 +++
- status | 44
- 174 files changed, 33694 insertions(+), 102 deletions(-)
+ include/linux/netfilter_ipv4/ip_set.h | 489 ++++++
+ include/linux/netfilter_ipv4/ip_set_iphash.h | 30
+ include/linux/netfilter_ipv4/ip_set_ipmap.h | 56
+ include/linux/netfilter_ipv4/ip_set_iptree.h | 39
+ include/linux/netfilter_ipv4/ip_set_jhash.h | 148 +
+ include/linux/netfilter_ipv4/ip_set_macipmap.h | 38
+ include/linux/netfilter_ipv4/ip_set_malloc.h | 34
+ include/linux/netfilter_ipv4/ip_set_nethash.h | 55
+ include/linux/netfilter_ipv4/ip_set_portmap.h | 25
+ include/linux/netfilter_ipv4/ip_set_prime.h | 34
+ include/linux/netfilter_ipv4/ipt_IPMARK.h | 13
+ include/linux/netfilter_ipv4/ipt_ROUTE.h | 23
+ include/linux/netfilter_ipv4/ipt_TTL.h | 21
+ include/linux/netfilter_ipv4/ipt_connlimit.h | 12
+ include/linux/netfilter_ipv4/ipt_expire.h | 32
+ include/linux/netfilter_ipv4/ipt_fuzzy.h | 21
+ include/linux/netfilter_ipv4/ipt_ipv4options.h | 21
+ include/linux/netfilter_ipv4/ipt_nth.h | 19
+ include/linux/netfilter_ipv4/ipt_osf.h | 151 +
+ include/linux/netfilter_ipv4/ipt_psd.h | 40
+ include/linux/netfilter_ipv4/ipt_quota.h | 12
+ include/linux/netfilter_ipv4/ipt_random.h | 11
+ include/linux/netfilter_ipv4/ipt_set.h | 21
+ include/linux/netfilter_ipv4/ipt_time.h | 18
+ include/linux/netfilter_ipv6/ip6t_HL.h | 22
+ include/linux/netfilter_ipv6/ip6t_REJECT.h | 18
+ include/linux/netfilter_ipv6/ip6t_ROUTE.h | 23
+ include/linux/netfilter_ipv6/ip6t_expire.h | 32
+ include/linux/netfilter_ipv6/ip6t_fuzzy.h | 21
+ include/linux/netfilter_ipv6/ip6t_nth.h | 19
+ include/linux/netfilter_ipv6/ip6t_owner.h | 2
+ include/linux/netfilter_ipv6/ip6t_random.h | 11
+ net/ipv4/netfilter/Kconfig | 286 +++
+ net/ipv4/netfilter/Makefile | 35
+ net/ipv4/netfilter/ip_set.c | 1989
+++++++++++++++++++++++++
+ net/ipv4/netfilter/ip_set_iphash.c | 379 ++++
+ net/ipv4/netfilter/ip_set_ipmap.c | 313 +++
+ net/ipv4/netfilter/ip_set_iptree.c | 510 ++++++
+ net/ipv4/netfilter/ip_set_macipmap.c | 338 ++++
+ net/ipv4/netfilter/ip_set_nethash.c | 449 +++++
+ net/ipv4/netfilter/ip_set_portmap.c | 325 ++++
+ net/ipv4/netfilter/ipt_IPMARK.c | 81 +
+ net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c | 89 +
+ net/ipv4/netfilter/ipt_ROUTE.c | 464 +++++
+ net/ipv4/netfilter/ipt_SET.c | 128 +
+ net/ipv4/netfilter/ipt_TTL.c | 122 +
+ net/ipv4/netfilter/ipt_connlimit.c | 228 ++
+ net/ipv4/netfilter/ipt_expire.c | 563 +++++++
+ net/ipv4/netfilter/ipt_fuzzy.c | 185 ++
+ net/ipv4/netfilter/ipt_ipv4options.c | 172 ++
+ net/ipv4/netfilter/ipt_nth.c | 166 ++
+ net/ipv4/netfilter/ipt_osf.c | 854 ++++++++++
+ net/ipv4/netfilter/ipt_psd.c | 358 ++++
+ net/ipv4/netfilter/ipt_quota.c | 96 +
+ net/ipv4/netfilter/ipt_random.c | 92 +
+ net/ipv4/netfilter/ipt_set.c | 112 +
+ net/ipv4/netfilter/ipt_time.c | 179 ++
+ net/ipv6/ipv6_syms.c | 2
+ net/ipv6/netfilter/Kconfig | 90 +
+ net/ipv6/netfilter/Makefile | 9
+ net/ipv6/netfilter/ip6t_HL.c | 111 +
+ net/ipv6/netfilter/ip6t_REJECT.c | 304 +++
+ net/ipv6/netfilter/ip6t_ROUTE.c | 308 +++
+ net/ipv6/netfilter/ip6t_expire.c | 566 +++++++
+ net/ipv6/netfilter/ip6t_fuzzy.c | 188 ++
+ net/ipv6/netfilter/ip6t_nth.c | 173 ++
+ net/ipv6/netfilter/ip6t_owner.c | 44
+ net/ipv6/netfilter/ip6t_random.c | 97 +
+ 68 files changed, 11914 insertions(+), 2 deletions(-)
-Index: include/linux/netfilter_ipv6/ip6t_fuzzy.h
-===================================================================
---- include/linux/netfilter_ipv6/ip6t_fuzzy.h (.../branches/vanilla-2.6.12.x)
(revision 0)
-+++ include/linux/netfilter_ipv6/ip6t_fuzzy.h (.../trunk) (revision 6284)
-@@ -0,0 +1,21 @@
-+#ifndef _IP6T_FUZZY_H
-+#define _IP6T_FUZZY_H
-+
-+#include <linux/param.h>
-+#include <linux/types.h>
-+
-+#define MAXFUZZYRATE 10000000
-+#define MINFUZZYRATE 3
+diff -Nur --exclude '*.orig' include/linux/netfilter_ipv4/ip_set.h
include/linux/netfilter_ipv4/ip_set.h
+--- include/linux/netfilter_ipv4/ip_set.h 1970-01-01 01:00:00.000000000
+0100
++++ include/linux/netfilter_ipv4/ip_set.h 2005-09-13 19:26:57.000000000
+0200
+@@ -0,0 +1,489 @@
++#ifndef _IP_SET_H
++#define _IP_SET_H
+
-+struct ip6t_fuzzy_info {
-+ u_int32_t minimum_rate;
-+ u_int32_t maximum_rate;
-+ u_int32_t packets_total;
-+ u_int32_t bytes_total;
-+ u_int32_t previous_time;
-+ u_int32_t present_time;
-+ u_int32_t mean_rate;
-+ u_int8_t acceptance_rate;
-+};
++/* Copyright (C) 2000-2002 Joakim Axelsson <[EMAIL PROTECTED]>
++ * Patrick Schaaf <[EMAIL PROTECTED]>
++ * Martin Josefsson <[EMAIL PROTECTED]>
++ * Copyright (C) 2003-2004 Jozsef Kadlecsik <[EMAIL PROTECTED]>
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation.
++ */
+
-+#endif /*_IP6T_FUZZY_H*/
-Index: include/linux/netfilter_ipv6/ip6t_nth.h
-===================================================================
---- include/linux/netfilter_ipv6/ip6t_nth.h (.../branches/vanilla-2.6.12.x)
(revision 0)
-+++ include/linux/netfilter_ipv6/ip6t_nth.h (.../trunk) (revision 6284)
-@@ -0,0 +1,19 @@
-+#ifndef _IP6T_NTH_H
-+#define _IP6T_NTH_H
++/*
++ * A sockopt of such quality has hardly ever been seen before on the open
++ * market! This little beauty, hardly ever used: above 64, so it's
++ * traditionally used for firewalling, not touched (even once!) by the
++ * 2.0, 2.2 and 2.4 kernels!
++ *
++ * Comes with its own certificate of authenticity, valid anywhere in the
++ * Free world!
++ *
++ * Rusty, 19.4.2000
++ */
++#define SO_IP_SET 83
+
-+#include <linux/param.h>
-+#include <linux/types.h>
++/*
++ * Heavily modify by Joakim Axelsson 08.03.2002
++ * - Made it more modulebased
++ *
++ * Additional heavy modifications by Jozsef Kadlecsik 22.02.2004
++ * - bindings added
++ * - in order to "deal with" backward compatibility, renamed to ipset
++ */
+
-+#ifndef IP6T_NTH_NUM_COUNTERS
-+#define IP6T_NTH_NUM_COUNTERS 16
-+#endif
++/*
++ * Used so that the kernel module and ipset-binary can match their versions
++ */
++#define IP_SET_PROTOCOL_VERSION 2
+
-+struct ip6t_nth_info {
-+ u_int8_t every;
-+ u_int8_t not;
-+ u_int8_t startat;
-+ u_int8_t counter;
-+ u_int8_t packet;
-+};
++#define IP_SET_MAXNAMELEN 32 /* set names and set typenames */
+
-+#endif /*_IP6T_NTH_H*/
-Index: include/linux/netfilter_ipv6/ip6t_ROUTE.h
-===================================================================
---- include/linux/netfilter_ipv6/ip6t_ROUTE.h (.../branches/vanilla-2.6.12.x)
(revision 0)
-+++ include/linux/netfilter_ipv6/ip6t_ROUTE.h (.../trunk) (revision 6284)
-@@ -0,0 +1,23 @@
-+/* Header file for iptables ip6t_ROUTE target
++/* Lets work with our own typedef for representing an IP address.
++ * We hope to make the code more portable, possibly to IPv6...
+ *
-+ * (C) 2003 by Cédric de Launois <[EMAIL PROTECTED]>
++ * The representation works in HOST byte order, because most set types
++ * will perform arithmetic operations and compare operations.
++ *
++ * For now the type is an uint32_t.
+ *
-+ * This software is distributed under GNU GPL v2, 1991
++ * Make sure to ONLY use the functions when translating and parsing
++ * in order to keep the host byte order and make it more portable:
++ * parse_ip()
++ * parse_mask()
++ * parse_ipandmask()
++ * ip_tostring()
++ * (Joakim: where are they???)
+ */
-+#ifndef _IPT_ROUTE_H_target
-+#define _IPT_ROUTE_H_target
+
-+#define IP6T_ROUTE_IFNAMSIZ 16
++typedef uint32_t ip_set_ip_t;
+
-+struct ip6t_route_target_info {
-+ char oif[IP6T_ROUTE_IFNAMSIZ]; /* Output Interface Name */
-+ char iif[IP6T_ROUTE_IFNAMSIZ]; /* Input Interface Name */
-+ u_int32_t gw[4]; /* IPv6 address of gateway */
-+ u_int8_t flags;
-+};
++/* Sets are identified by an id in kernel space. Tweak with ip_set_id_t
++ * and IP_SET_INVALID_ID if you want to increase the max number of sets.
++ */
++typedef uint16_t ip_set_id_t;
+
-+/* Values for "flags" field */
-+#define IP6T_ROUTE_CONTINUE 0x01
-+#define IP6T_ROUTE_TEE 0x02
++#define IP_SET_INVALID_ID 65535
+
-+#endif /*_IP6T_ROUTE_H_target*/
-Index: include/linux/netfilter_ipv6/ip6t_policy.h
-===================================================================
---- include/linux/netfilter_ipv6/ip6t_policy.h (.../branches/vanilla-2.6.12.x)
(revision 0)
-+++ include/linux/netfilter_ipv6/ip6t_policy.h (.../trunk) (revision 6284)
-@@ -0,0 +1,52 @@
-+#ifndef _IP6T_POLICY_H
-+#define _IP6T_POLICY_H
++/* How deep we follow bindings */
++#define IP_SET_MAX_BINDINGS 6
+
-+#define POLICY_MAX_ELEM 4
++/*
++ * Option flags for kernel operations (ipt_set_info)
++ */
++#define IPSET_SRC 0x01 /* Source match/add */
++#define IPSET_DST 0x02 /* Destination match/add */
++#define IPSET_MATCH_INV 0x04 /* Inverse matching */
+
-+enum ip6t_policy_flags
-+{
-+ POLICY_MATCH_IN = 0x1,
-+ POLICY_MATCH_OUT = 0x2,
-+ POLICY_MATCH_NONE = 0x4,
-+ POLICY_MATCH_STRICT = 0x8,
-+};
++/*
++ * Set types (flavours)
++ */
++#define IPSET_TYPE_IP 0 /* IP address type of set */
++#define IPSET_TYPE_PORT 1 /* Port type of set */
+
-+enum ip6t_policy_modes
-+{
-+ POLICY_MODE_TRANSPORT,
-+ POLICY_MODE_TUNNEL
-+};
++/* Reserved keywords */
++#define IPSET_TOKEN_DEFAULT ":default:"
++#define IPSET_TOKEN_ALL ":all:"
+
-+struct ip6t_policy_spec
-+{
-+ u_int8_t saddr:1,
-+ daddr:1,
-+ proto:1,
-+ mode:1,
-+ spi:1,
-+ reqid:1;
-+};
++/* SO_IP_SET operation constants, and their request struct types.
++ *
++ * Operation ids:
++ * 0-99: commands with version checking
++ * 100-199: add/del/test/bind/unbind
++ * 200-299: list, save, restore
++ */
+
-+struct ip6t_policy_elem
-+{
-+ struct in6_addr saddr;
-+ struct in6_addr smask;
-+ struct in6_addr daddr;
-+ struct in6_addr dmask;
-+ u_int32_t spi;
-+ u_int32_t reqid;
-+ u_int8_t proto;
-+ u_int8_t mode;
++/* Single shot operations:
++ * version, create, destroy, flush, rename and swap
++ *
++ * Sets are identified by name.
++ */
+
-+ struct ip6t_policy_spec match;
-+ struct ip6t_policy_spec invert;
-+};
++#define IP_SET_REQ_STD \
++ unsigned op; \
++ unsigned version; \
++ char name[IP_SET_MAXNAMELEN]
+
-+struct ip6t_policy_info
-+{
-+ struct ip6t_policy_elem pol[POLICY_MAX_ELEM];
-+ u_int16_t flags;
-+ u_int16_t len;
++#define IP_SET_OP_CREATE 0x00000001 /* Create a new (empty) set */
++struct ip_set_req_create {
++ IP_SET_REQ_STD;
++ char typename[IP_SET_MAXNAMELEN];
+};
+
-+#endif /* _IP6T_POLICY_H */
-Index: include/linux/netfilter_ipv6/ip6t_HL.h
-===================================================================
---- include/linux/netfilter_ipv6/ip6t_HL.h (.../branches/vanilla-2.6.12.x)
(revision 0)
-+++ include/linux/netfilter_ipv6/ip6t_HL.h (.../trunk) (revision 6284)
-@@ -0,0 +1,22 @@
-+/* Hop Limit modification module for ip6tables
-+ * Maciej Soltysiak <[EMAIL PROTECTED]>
-+ * Based on HW's TTL module */
-+
-+#ifndef _IP6T_HL_H
-+#define _IP6T_HL_H
-+
-+enum {
-+ IP6T_HL_SET = 0,
-+ IP6T_HL_INC,
-+ IP6T_HL_DEC
++#define IP_SET_OP_DESTROY 0x00000002 /* Remove a (empty) set */
++struct ip_set_req_std {
++ IP_SET_REQ_STD;
+};
+
-+#define IP6T_HL_MAXMODE IP6T_HL_DEC
-+
-+struct ip6t_HL_info {
-+ u_int8_t mode;
-+ u_int8_t hop_limit;
-+};
++#define IP_SET_OP_FLUSH 0x00000003 /* Remove all IPs in a
set */
++/* Uses ip_set_req_std */
+
++#define IP_SET_OP_RENAME 0x00000004 /* Rename a set */
++/* Uses ip_set_req_create */
+
-+#endif
-Index: include/linux/netfilter_ipv6/ip6t_REJECT.h
-===================================================================
---- include/linux/netfilter_ipv6/ip6t_REJECT.h (.../branches/vanilla-2.6.12.x)
(revision 0)
-+++ include/linux/netfilter_ipv6/ip6t_REJECT.h (.../trunk) (revision 6284)
-@@ -0,0 +1,18 @@
-+#ifndef _IP6T_REJECT_H
-+#define _IP6T_REJECT_H
++#define IP_SET_OP_SWAP 0x00000005 /* Swap two sets */
++/* Uses ip_set_req_create */
+
-+enum ip6t_reject_with {
-+ IP6T_ICMP6_NO_ROUTE,
-+ IP6T_ICMP6_ADM_PROHIBITED,
-+ IP6T_ICMP6_NOT_NEIGHBOUR,
-+ IP6T_ICMP6_ADDR_UNREACH,
-+ IP6T_ICMP6_PORT_UNREACH,
-+ IP6T_ICMP6_ECHOREPLY,
-+ IP6T_TCP_RESET
++union ip_set_name_index {
++ char name[IP_SET_MAXNAMELEN];
++ ip_set_id_t index;
+};
+
-+struct ip6t_reject_info {
-+ enum ip6t_reject_with with; /* reject type */
++#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
++struct ip_set_req_get_set {
++ unsigned op;
++ unsigned version;
++ union ip_set_name_index set;
+};
+
-+#endif /*_IP6T_REJECT_H*/
-Index: include/linux/netfilter.h
-===================================================================
---- include/linux/netfilter.h (.../branches/vanilla-2.6.12.x) (revision 6284)
-+++ include/linux/netfilter.h (.../trunk) (revision 6284)
-@@ -22,7 +22,7 @@
- #define NF_MAX_VERDICT NF_STOP
-
- /* Generic cache responses from hook functions.
-- <= 0x2000 is used for protocol-flags. */
-+ <= 0x2000 is reserved for conntrack event cache. */
- #define NFC_UNKNOWN 0x4000
- #define NFC_ALTERED 0x8000
-
-Index: include/linux/netfilter_ipv4.h
-===================================================================
---- include/linux/netfilter_ipv4.h (.../branches/vanilla-2.6.12.x)
(revision 6284)
-+++ include/linux/netfilter_ipv4.h (.../trunk) (revision 6284)
-@@ -8,34 +8,6 @@
- #include <linux/config.h>
- #include <linux/netfilter.h>
-
--/* IP Cache bits. */
--/* Src IP address. */
--#define NFC_IP_SRC 0x0001
--/* Dest IP address. */
--#define NFC_IP_DST 0x0002
--/* Input device. */
--#define NFC_IP_IF_IN 0x0004
--/* Output device. */
--#define NFC_IP_IF_OUT 0x0008
--/* TOS. */
--#define NFC_IP_TOS 0x0010
--/* Protocol. */
--#define NFC_IP_PROTO 0x0020
--/* IP options. */
--#define NFC_IP_OPTIONS 0x0040
--/* Frag & flags. */
--#define NFC_IP_FRAG 0x0080
--
--/* Per-protocol information: only matters if proto match. */
--/* TCP flags. */
--#define NFC_IP_TCPFLAGS 0x0100
--/* Source port. */
--#define NFC_IP_SRC_PT 0x0200
--/* Dest port. */
--#define NFC_IP_DST_PT 0x0400
--/* Something else about the proto */
--#define NFC_IP_PROTO_UNKNOWN 0x2000
--
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/linux-2.6-pom-ng-branch.diff?r1=1.1.2.22&r2=1.1.2.23&f=u
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
