X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=linux-2.6-522-iptables-connection-tagging.patch;h=da55dff40a1e29b0a24d4a9f7c54bec56e5a8092;hb=f77a3de7873df5e7dc67a54d7d29335250b03d14;hp=7793dee10c18e70fc6ea12d98a2bcf657d69d47e;hpb=268f1d9cd3cdbb683ca5043d12e5ff27d4067ab6;p=linux-2.6.git diff --git a/linux-2.6-522-iptables-connection-tagging.patch b/linux-2.6-522-iptables-connection-tagging.patch index 7793dee10..da55dff40 100644 --- a/linux-2.6-522-iptables-connection-tagging.patch +++ b/linux-2.6-522-iptables-connection-tagging.patch @@ -1,3 +1,20 @@ +From 1d251758b9daeb60cc5afa5ce5aa725cf5ca84a7 Mon Sep 17 00:00:00 2001 +From: S.Çağlar Onur +Date: Tue, 7 Dec 2010 11:06:57 -0500 +Subject: [PATCH] linux-2.6-522-iptables-connection-tagging.patch + +--- + include/linux/netfilter/xt_SETXID.h | 13 ++ + include/net/netfilter/nf_conntrack.h | 3 + + net/netfilter/Kconfig | 7 + + net/netfilter/Makefile | 1 + + net/netfilter/nf_conntrack_core.c | 3 + + net/netfilter/xt_MARK.c | 267 +++++++++++++++++++++++++++++++++- + net/netfilter/xt_SETXID.c | 77 ++++++++++ + 7 files changed, 364 insertions(+), 7 deletions(-) + create mode 100644 include/linux/netfilter/xt_SETXID.h + create mode 100644 net/netfilter/xt_SETXID.c + diff --git a/include/linux/netfilter/xt_SETXID.h b/include/linux/netfilter/xt_SETXID.h new file mode 100644 index 0000000..235b9d6 @@ -32,10 +49,10 @@ index 5cf7270..95a5fde 100644 struct nf_ct_ext *ext; #ifdef CONFIG_NET_NS diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index 634d14a..a2872f5 100644 +index 62cf66b..cb15f4a 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -543,6 +543,13 @@ config NETFILTER_XT_MATCH_CLUSTER +@@ -537,6 +537,13 @@ config NETFILTER_XT_MATCH_CLUSTER If you say Y or M here, try `iptables -m cluster --help` for more information. @@ -50,7 +67,7 @@ index 634d14a..a2872f5 100644 tristate '"comment" match support' depends on NETFILTER_ADVANCED diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index 49f62ee..820655e 100644 +index b9815a9..25e24c1 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile @@ -41,6 +41,7 @@ obj-$(CONFIG_NETFILTER_TPROXY) += nf_tproxy_core.o @@ -58,14 +75,14 @@ index 49f62ee..820655e 100644 # targets +obj-$(CONFIG_NETFILTER_XT_TARGET_SETXID) += xt_SETXID.o + obj-$(CONFIG_NETFILTER_XT_TARGET_CHECKSUM) += xt_CHECKSUM.o obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o - obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index 1e1df20..144e131 100644 +index 1374179..0f9464c 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -673,6 +673,9 @@ init_conntrack(struct net *net, +@@ -677,6 +677,9 @@ init_conntrack(struct net *net, hlist_nulls_add_head_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode, &net->ct.unconfirmed); @@ -391,29 +408,29 @@ index 0000000..f8553c5 +MODULE_ALIAS("ipt_SETXID"); + +static unsigned int -+target_v2(struct sk_buff **pskb, -+ const struct net_device *in, -+ const struct net_device *out, -+ unsigned int hooknum, -+ const struct xt_target *target, const void *targinfo) ++target_v2(struct sk_buff *skb, ++ const struct xt_target_param *par) ++ ++ ++ +{ -+ const struct xt_setxid_target_info_v2 *setxidinfo = targinfo; ++ const struct xt_setxid_target_info_v2 *setxidinfo = par->targinfo; + + switch (setxidinfo->mode) { + case XT_SET_PACKET_XID: -+ (*pskb)->skb_tag = setxidinfo->mark; ++ skb->skb_tag = setxidinfo->mark; + break; + } + return XT_CONTINUE; +} + -+static int -+checkentry_v2(const char *tablename, -+ const void *entry, -+ const struct xt_target *target, -+ void *targinfo, unsigned int hook_mask) ++static bool ++checkentry_v2(const struct xt_tgchk_param *par) ++ ++ ++ +{ -+ struct xt_setxid_target_info_v2 *setxidinfo = targinfo; ++ struct xt_setxid_target_info_v2 *setxidinfo = par->targinfo; + + if (setxidinfo->mode != XT_SET_PACKET_XID) { + printk(KERN_WARNING "SETXID: unknown mode %u\n", @@ -453,3 +470,6 @@ index 0000000..f8553c5 + +module_init(init); +module_exit(fini); +-- +1.5.4.3 +