Author: gotar Date: Fri Feb 24 14:14:44 2006 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- account match from 1.2.11
---- Files affected:
SOURCES:
iptables24-account.patch (NONE -> 1.1) (NEW), ipt_account_iptables.diff
(NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/iptables24-account.patch
diff -u /dev/null SOURCES/iptables24-account.patch:1.1
--- /dev/null Fri Feb 24 15:14:44 2006
+++ SOURCES/iptables24-account.patch Fri Feb 24 15:14:39 2006
@@ -0,0 +1,267 @@
+diff -urN iptables-1.2.11/extensions/Makefile
iptables-1.2.11.account/extensions/Makefile
+--- iptables-1.2.11/extensions/Makefile 1970-01-01 01:00:00.000000000
+0100
++++ iptables-1.2.11.account/extensions/Makefile 2004-03-17
15:27:08.000000000 +0100
+@@ -5,7 +5,7 @@
+ # header files are present in the include/linux directory of this iptables
+ # package (HW)
+ #
+-PF_EXT_SLIB:=ah connlimit connmark conntrack dscp ecn esp helper icmp iprange
length limit mac mark multiport owner physdev pkttype realm rpc sctp standard
state tcp tcpmss tos ttl udp stealth unclean CLASSIFY CONNMARK DNAT DSCP ECN
LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT TARPIT
TCPMSS TOS TRACE TTL ULOG
++PF_EXT_SLIB:=ah account connlimit connmark conntrack dscp ecn esp helper icmp
iprange length limit mac mark multiport owner physdev pkttype realm rpc sctp
standard state tcp tcpmss tos ttl udp stealth unclean CLASSIFY CONNMARK DNAT
DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NOTRACK REDIRECT REJECT SAME SNAT
TARPIT TCPMSS TOS TRACE TTL ULOG
+ PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner standard
tcp udp LOG MARK TRACE
+
+ # Optionals
+diff -urN iptables-1.2.11/extensions/.account-test
iptables-1.2.11.account/extensions/.account-test
+--- iptables-1.2.11/extensions/.account-test 1970-01-01 01:00:00.000000000
+0100
++++ iptables-1.2.11.account/extensions/.account-test 2004-03-17
15:27:08.000000000 +0100
+@@ -0,0 +1,3 @@
++#!/bin/sh
++# True if account match patch is applied.
++[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_account.h ] && echo account
+diff -urN iptables-1.2.11/extensions/libipt_account.c
iptables-1.2.11.account/extensions/libipt_account.c
+--- iptables-1.2.11/extensions/libipt_account.c 1970-01-01
01:00:00.000000000 +0100
++++ iptables-1.2.11.account/extensions/libipt_account.c 2004-03-17
15:27:08.000000000 +0100
+@@ -0,0 +1,244 @@
++/*
++ * accounting match helper (libipt_account.c)
++ * (C) 2003,2004 by Piotr Gasidło ([EMAIL PROTECTED])
++ *
++ * Version: 0.1.5
++ *
++ * This software is distributed under the terms of GNU GPL
++ */
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <iptables.h>
++#include <string.h>
++#include <getopt.h>
++
++#include <linux/netfilter_ipv4/ipt_account.h>
++
++#ifndef HIPQUAD
++#define HIPQUAD(addr) \
++ ((unsigned char *)&addr)[3], \
++ ((unsigned char *)&addr)[2], \
++ ((unsigned char *)&addr)[1], \
++ ((unsigned char *)&addr)[0]
++#endif
++
++static void help(void) {
++ printf(
++ "account v%s options:\n"
++ "--aaddr network/netmask\n"
++ " defines network/netmask for which make
statistics.\n"
++ "--aname name\n"
++ " defines name of list where statistics will be
kept. If no is\n"
++ " specified DEFAULT will be used.\n"
++
++ ,
++ IPTABLES_VERSION);
++};
++
++static struct option opts[] = {
++ { "aaddr", 1, NULL, 201 },
++ { "aname", 1, NULL, 202 },
++ { 0 }
++};
++
++/* Helper functions for parse_network */
++int parseip(const char *parameter, u_int32_t *ip) {
++
++ char buffer[16], *bufferptr, *dot;
++ unsigned int i, shift, part;
++
++ if (strlen(parameter) > 15)
++ return 0;
++
++ strncpy(buffer, parameter, 15);
++ buffer[15] = 0;
++
++ bufferptr = buffer;
++
++ for (i = 0, shift = 24, *ip = 0; i < 3; i++, shift -= 8) {
++ /* no dot */
++ if ((dot = strchr(bufferptr, '.')) == NULL)
++ return 0;
++ /* not a number */
++ if ((part = strtol(bufferptr, (char**)NULL, 10)) < 0)
++ return 0;
++ /* to big number */
++ if (part > 255)
++ return 0;
++ *ip |= part << shift;
++ bufferptr = dot + 1;
++ }
++ /* not a number */
++ if ((part = strtol(bufferptr, (char**)NULL, 10)) < 0)
++ return 0;
++ /* to big number */
++ if (part > 255)
++ return 0;
++ *ip |= part;
++ return 1;
++}
++
++static void parsenetwork(const char *parameter, u_int32_t *network) {
++ if (!parseip(parameter, network))
++ exit_error(PARAMETER_PROBLEM, "account: wrong ip in network");
++}
++
++static void parsenetmaskasbits(const char *parameter, u_int32_t *netmask) {
++
++ u_int32_t bits;
++
++ if ((bits = strtol(parameter, (char **)NULL, 10)) < 0 || bits > 32)
++ exit_error(PARAMETER_PROBLEM, "account: wrong netmask");
++
++ *netmask = 0xffffffff << (32 - bits);
++}
++
++static void parsenetmaskasip(const char *parameter, u_int32_t *netmask) {
++ if (!parseip(parameter, netmask))
++ exit_error(PARAMETER_PROBLEM, "account: wrong ip in netmask");
++}
++
++static void parsenetmask(const char *parameter, u_int32_t *netmask)
++{
++ if (strchr(parameter, '.') != NULL)
++ parsenetmaskasip(parameter, netmask);
++ else
++ parsenetmaskasbits(parameter, netmask);
++}
++
++static void parsenetworkandnetmask(const char *parameter, u_int32_t *network,
u_int32_t *netmask)
++{
++
++ char buffer[32], *slash;
++
++ if (strlen(parameter) > 31)
++ /* text is to long, even for 255.255.255.255/255.255.255.255 */
++ exit_error(PARAMETER_PROBLEM, "account: wrong network/netmask");
++
++ strncpy(buffer, parameter, 31);
++ buffer[31] = 0;
++
++ /* check whether netmask is given */
++ if ((slash = strchr(buffer, '/')) != NULL) {
++ parsenetmask(slash + 1, netmask);
++ *slash = 0;
++ } else
++ *netmask = 0xffffffff;
++ parsenetwork(buffer, network);
++
++ if ((*network & *netmask) != *network)
++ exit_error(PARAMETER_PROBLEM, "account: wrong network/netmask");
++}
++
++
++/* Function gets network & netmask from argument after --aaddr */
++static void parse_network(const char *parameter, struct t_ipt_account_info
*info) {
++
++ parsenetworkandnetmask(parameter, &info->network, &info->netmask);
++
++}
++
++/* Function initializes match */
++static void init(struct ipt_entry_match *match,
++ unsigned int *nfcache) {
++
++ struct t_ipt_account_info *info = (struct t_ipt_account_info
*)(match)->data;
++
++ *nfcache |= NFC_UNKNOWN;
++
++ /* set default table name to DEFAULT */
++ strncpy(info->name, "DEFAULT", IPT_ACCOUNT_NAME_LEN);
++
++}
++
++/* Function parses match's arguments */
++static int parse(int c, char **argv,
++ int invert,
++ unsigned int *flags,
++ const struct ipt_entry *entry,
++ unsigned int *nfcache,
++ struct ipt_entry_match **match) {
++
++ struct t_ipt_account_info *info = (struct t_ipt_account_info
*)(*match)->data;
++
++ switch (c) {
++
++ /* --aaddr */
++ case 201:
++ parse_network(optarg, info);
++ *flags = 1;
++ break;
++
++ /* --aname */
++ case 202:
++ if (strlen(optarg) < IPT_ACCOUNT_NAME_LEN)
++ strncpy(info->name, optarg,
IPT_ACCOUNT_NAME_LEN);
++ else
++ exit_error(PARAMETER_PROBLEM, "account: Too
long list name");
++ break;
++ default:
++ return 0;
++ }
++ return 1;
++}
++
++/* Final check whether network/netmask was specified */
++static void final_check(unsigned int flags) {
++ if (!flags)
++ exit_error(PARAMETER_PROBLEM, "account: You need specify
'--aaddr' parameter");
++}
++
++/* Function used for printing rule with account match for iptables -L */
++static void print(const struct ipt_ip *ip,
++ const struct ipt_entry_match *match,
++ int numeric) {
++
++ struct t_ipt_account_info *info = (struct t_ipt_account_info
*)match->data;
++
++ printf("account: ");
++ printf("network/netmask: ");
++ printf("%u.%u.%u.%u/%u.%u.%u.%u ",
++ HIPQUAD(info->network),
++ HIPQUAD(info->netmask)
++ );
++
++ printf("name: %s ", info->name);
++}
++
++/* Function used for saving rule containing account match */
++static void save(const struct ipt_ip *ip,
++ const struct ipt_entry_match *match) {
++
++ struct t_ipt_account_info *info = (struct t_ipt_account_info
*)match->data;
++
++ printf("--aaddr ");
++ printf("%u.%u.%u.%u/%u.%u.%u.%u ",
++ HIPQUAD(info->network),
++ HIPQUAD(info->netmask)
++ );
++
++ printf("--aname %s ", info->name);
++}
++
++static struct iptables_match account = {
++ NULL, /* struct iptables_match *next; */
++ "account", /* ipt_chainlabel name; */
++ IPTABLES_VERSION, /* const char *version; */
++ IPT_ALIGN(sizeof(struct t_ipt_account_info)), /* Size of
match data. */
++ IPT_ALIGN(sizeof(struct t_ipt_account_info)), /* Size of
match data relevent for userspace comparison purposes */
++ &help, /* Function which prints out usage message. */
++ &init, /* Initialize the match. */
++ &parse, /* Function which parses command options;
returns true if it ate an option */
++ &final_check, /* Final check; exit if not ok. */
++ &print, /* Prints out the match iff non-NULL: put space
at end */
++ &save, /* Saves the match info in parsable form to
stdout. */
++ opts /* Pointer to list of extra command-line
options */
++};
++
++/* Function which registers match */
++void _init(void)
++{
++ register_match(&account);
++}
++
================================================================
Index: SOURCES/ipt_account_iptables.diff
diff -u /dev/null SOURCES/ipt_account_iptables.diff:1.1
--- /dev/null Fri Feb 24 15:14:44 2006
+++ SOURCES/ipt_account_iptables.diff Fri Feb 24 15:14:39 2006
@@ -0,0 +1,140 @@
+diff -uNr iptables.clean/extensions/libipt_account.c
iptables.1/extensions/libipt_account.c
+--- iptables.clean/extensions/libipt_account.c 2004-03-17 15:40:03.000000000
+0100
++++ iptables.1/extensions/libipt_account.c 2004-07-15 13:30:00.000000000
+0200
+@@ -2,7 +2,7 @@
+ * accounting match helper (libipt_account.c)
+ * (C) 2003,2004 by Piotr Gasidło ([EMAIL PROTECTED])
+ *
+- * Version: 0.1.5
++ * Version: 0.1.6
+ *
+ * This software is distributed under the terms of GNU GPL
+ */
+@@ -31,15 +31,18 @@
+ "--aname name\n"
+ " defines name of list where statistics will be
kept. If no is\n"
+ " specified DEFAULT will be used.\n"
+-
++ "--ashort\n"
++ " table will colect only short statistics (only
total counters\n"
++ " without splitting it into protocols.\n"
+ ,
+ IPTABLES_VERSION);
+ };
+
+ static struct option opts[] = {
+- { "aaddr", 1, NULL, 201 },
+- { "aname", 1, NULL, 202 },
+- { 0 }
++ { .name = "aaddr", .has_arg = 1, .flag = NULL, .val = 201 },
++ { .name = "aname", .has_arg = 1, .flag = NULL, .val = 202 },
++ { .name = "ashort", .has_arg = 0, .flag = NULL, .val = 203 },
++ { .name = 0, .has_arg = 0, .flag = 0, .val = 0 }
+ };
+
+ /* Helper functions for parse_network */
+@@ -139,6 +142,26 @@
+
+ }
+
++/* validate netmask */
++inline int valid_netmask(u_int32_t netmask) {
++ while (netmask & 0x80000000)
++ netmask <<= 1;
++ if (netmask != 0)
++ return 0;
++ return 1;
++}
++
++/* validate network/netmask pair */
++inline int valid_network_and_netmask(struct t_ipt_account_info *info) {
++ if (!valid_netmask(info->netmask))
++ return 0;
++ if ((info->network & info->netmask) != info->network)
++ return 0;
++ return 1;
++}
++
++
++
+ /* Function initializes match */
+ static void init(struct ipt_entry_match *match,
+ unsigned int *nfcache) {
+@@ -149,6 +172,7 @@
+
+ /* set default table name to DEFAULT */
+ strncpy(info->name, "DEFAULT", IPT_ACCOUNT_NAME_LEN);
++ info->shortlisting = 0;
+
+ }
+
+@@ -166,7 +190,9 @@
+
+ /* --aaddr */
+ case 201:
+- parse_network(optarg, info);
++ parse_network(optarg, info);
++ if (!valid_network_and_netmask(info))
++ exit_error(PARAMETER_PROBLEM, "account: wrong
network/netmask");
+ *flags = 1;
+ break;
+
+@@ -175,8 +201,12 @@
+ if (strlen(optarg) < IPT_ACCOUNT_NAME_LEN)
+ strncpy(info->name, optarg,
IPT_ACCOUNT_NAME_LEN);
+ else
+- exit_error(PARAMETER_PROBLEM, "account: Too
long list name");
++ exit_error(PARAMETER_PROBLEM, "account: Too
long table name");
+ break;
++ /* --ashort */
++ case 203:
++ info->shortlisting = 1;
++ break;
+ default:
+ return 0;
+ }
+@@ -204,6 +234,8 @@
+ );
+
+ printf("name: %s ", info->name);
++ if (info->shortlisting)
++ printf("short-listing ");
+ }
+
+ /* Function used for saving rule containing account match */
+@@ -219,21 +251,23 @@
+ );
+
+ printf("--aname %s ", info->name);
++ if (info->shortlisting)
++ printf("--ashort ");
+ }
+
+ static struct iptables_match account = {
+- NULL, /* struct iptables_match *next; */
+- "account", /* ipt_chainlabel name; */
+- IPTABLES_VERSION, /* const char *version; */
+- IPT_ALIGN(sizeof(struct t_ipt_account_info)), /* Size of
match data. */
+- IPT_ALIGN(sizeof(struct t_ipt_account_info)), /* Size of
match data relevent for userspace comparison purposes */
+- &help, /* Function which prints out usage message. */
+- &init, /* Initialize the match. */
+- &parse, /* Function which parses command options;
returns true if it ate an option */
+- &final_check, /* Final check; exit if not ok. */
+- &print, /* Prints out the match iff non-NULL: put space
at end */
+- &save, /* Saves the match info in parsable form to
stdout. */
+- opts /* Pointer to list of extra command-line
options */
++ .next = NULL,
++ .name = "account",
++ .version = IPTABLES_VERSION,
++ .size = IPT_ALIGN(sizeof(struct t_ipt_account_info)),
++ .userspacesize = IPT_ALIGN(sizeof(struct t_ipt_account_info)),
++ .help = &help,
++ .init = &init,
++ .parse = &parse,
++ .final_check = &final_check,
++ .print = &print,
++ .save = &save,
++ .extra_opts = opts
+ };
+
+ /* Function which registers match */
================================================================
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
