Author: cieciwa Date: Thu Sep 15 07:49:30 2005 GMT Module: SOURCES Tag: LINUX_2_6 ---- Log message: - [extra] goto - kernel and iptables patch.
---- Files affected: SOURCES: linux-2.6-nf-goto.patch (NONE -> 1.1.2.1) (NEW), iptables-nf-goto.patch (NONE -> 1.1.2.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/linux-2.6-nf-goto.patch diff -u /dev/null SOURCES/linux-2.6-nf-goto.patch:1.1.2.1 --- /dev/null Thu Sep 15 09:49:30 2005 +++ SOURCES/linux-2.6-nf-goto.patch Thu Sep 15 09:49:25 2005 @@ -0,0 +1,29 @@ + include/linux/netfilter_ipv4/ip_tables.h | 3 ++- + net/ipv4/netfilter/ip_tables.c | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff -Nur --exclude '*.orig' linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_tables.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_tables.h +--- linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_tables.h 2005-09-10 04:42:58.000000000 +0200 ++++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_tables.h 2005-09-15 09:36:53.000000000 +0200 +@@ -109,7 +109,8 @@ + + /* Values for "flag" field in struct ipt_ip (general ip structure). */ + #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ +-#define IPT_F_MASK 0x01 /* All possible flag bits mask. */ ++#define IPT_F_GOTO 0x02 /* Set if jump is a goto */ ++#define IPT_F_MASK 0x03 /* All possible flag bits mask. */ + + /* Values for "inv" field in struct ipt_ip. */ + #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ +diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv4/netfilter/ip_tables.c linux-2.6.13.1/net/ipv4/netfilter/ip_tables.c +--- linux-2.6.13.1.org/net/ipv4/netfilter/ip_tables.c 2005-09-10 04:42:58.000000000 +0200 ++++ linux-2.6.13.1/net/ipv4/netfilter/ip_tables.c 2005-09-15 09:36:53.000000000 +0200 +@@ -342,7 +342,7 @@ + continue; + } + if (table_base + v +- != (void *)e + e->next_offset) { ++ != (void *)e + e->next_offset && !(e->ip.flags & IPT_F_GOTO)) { + /* Save old back ptr in next entry */ + struct ipt_entry *next + = (void *)e + e->next_offset; ================================================================ Index: SOURCES/iptables-nf-goto.patch diff -u /dev/null SOURCES/iptables-nf-goto.patch:1.1.2.1 --- /dev/null Thu Sep 15 09:49:30 2005 +++ SOURCES/iptables-nf-goto.patch Thu Sep 15 09:49:25 2005 @@ -0,0 +1,109 @@ + iptables-save.c | 2 +- + iptables.8.in | 10 +++++++++- + iptables.c | 24 +++++++++++++++++++++++- + 3 files changed, 33 insertions(+), 3 deletions(-) + +diff -Nur --exclude '*.orig' iptables.org/iptables-save.c iptables/iptables-save.c +--- iptables.org/iptables-save.c 2005-09-15 08:05:41.000000000 +0200 ++++ iptables/iptables-save.c 2005-09-15 09:36:53.000000000 +0200 +@@ -197,7 +197,7 @@ + /* Print target name */ + target_name = iptc_get_target(e, h); + if (target_name && (*target_name != '\0')) +- printf("-j %s ", target_name); ++ printf("-%c %s ", e->ip.flags & IPT_F_GOTO ? 'g' : 'j', target_name); + + /* Print targinfo part */ + t = ipt_get_target((struct ipt_entry *)e); +diff -Nur --exclude '*.orig' iptables.org/iptables.8.in iptables/iptables.8.in +--- iptables.org/iptables.8.in 2005-09-15 08:05:41.000000000 +0200 ++++ iptables/iptables.8.in 2005-09-15 09:36:53.000000000 +0200 +@@ -296,10 +296,18 @@ + the fate of the packet immediately, or an extension (see + .B EXTENSIONS + below). If this +-option is omitted in a rule, then matching the rule will have no ++option is omitted in a rule (and ++.B -g ++is not used), then matching the rule will have no + effect on the packet's fate, but the counters on the rule will be + incremented. + .TP ++.BI "-g, --goto " "chain" ++This specifies that the processing should continue in a user ++specified chain. Unlike the --jump option return will not continue ++processing in this chain but instead in the chain that called us via ++--jump. ++.TP + .BR "-i, --in-interface " "[!] \fIname\fP" + Name of an interface via which a packet was received (only for + packets entering the +diff -Nur --exclude '*.orig' iptables.org/iptables.c iptables/iptables.c +--- iptables.org/iptables.c 2005-09-15 08:05:41.000000000 +0200 ++++ iptables/iptables.c 2005-09-15 09:36:53.000000000 +0200 +@@ -134,6 +134,7 @@ + { "line-numbers", 0, 0, '0' }, + { "modprobe", 1, 0, 'M' }, + { "set-counters", 1, 0, 'c' }, ++ { "goto", 1, 0, 'g' }, + { 0 } + }; + +@@ -399,6 +400,10 @@ + " network interface name ([+] for wildcard)\n" + " --jump -j target\n" + " target for rule (may load target extension)\n" ++#ifdef IPT_F_GOTO ++" --goto -g chain\n" ++" jump to chain with no return\n" ++#endif + " --match -m match\n" + " extended match (may load extension)\n" + " --numeric -n numeric output of addresses and ports\n" +@@ -1407,6 +1412,9 @@ + if (format & FMT_NOTABLE) + fputs(" ", stdout); + ++ if(fw->ip.flags & IPT_F_GOTO) ++ printf("[goto] "); ++ + IPT_MATCH_ITERATE(fw, print_match, &fw->ip, format & FMT_NUMERIC); + + if (target) { +@@ -1849,7 +1857,7 @@ + opterr = 0; + + while ((c = getopt_long(argc, argv, +- "-A:D:R:I:L::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:", ++ "-A:D:R:I:L::M:F::Z::N:X::E:P:Vh::o:p:s:d:j:i:fbvnt:m:xc:g:", + opts, NULL)) != -1) { + switch (c) { + /* +@@ -2017,6 +2025,15 @@ + dhostnetworkmask = argv[optind-1]; + break; + ++#ifdef IPT_F_GOTO ++ case 'g': ++ set_option(&options, OPT_JUMP, &fw.ip.invflags, ++ invert); ++ fw.ip.flags |= IPT_F_GOTO; ++ jumpto = parse_target(optarg); ++ break; ++#endif ++ + case 'j': + set_option(&options, OPT_JUMP, &fw.ip.invflags, + invert); +@@ -2369,6 +2386,11 @@ + * We cannot know if the plugin is corrupt, non + * existant OR if the user just misspelled a + * chain. */ ++#ifdef IPT_F_GOTO ++ if (fw.ip.flags & IPT_F_GOTO) ++ exit_error(PARAMETER_PROBLEM, ++ "goto '%s' is not a chain\n", jumpto); ++#endif + find_target(jumpto, LOAD_MUST_SUCCEED); + } else { + e = generate_entry(&fw, matches, target->t); ================================================================ _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit