X-Git-Url: http://git.onelab.eu/?p=linux-2.6.git;a=blobdiff_plain;f=linux-2.6-522-iptables-connection-tagging.patch;h=f5a317bef0b7466127f781d9253d9d5ed3293258;hp=7793dee10c18e70fc6ea12d98a2bcf657d69d47e;hb=HEAD;hpb=268f1d9cd3cdbb683ca5043d12e5ff27d4067ab6

diff --git a/linux-2.6-522-iptables-connection-tagging.patch b/linux-2.6-522-iptables-connection-tagging.patch
index 7793dee10..f5a317bef 100644
--- a/linux-2.6-522-iptables-connection-tagging.patch
+++ b/linux-2.6-522-iptables-connection-tagging.patch
@@ -1,3 +1,20 @@
+From 1d251758b9daeb60cc5afa5ce5aa725cf5ca84a7 Mon Sep 17 00:00:00 2001
+From: S.Çağlar Onur <caglar@cs.princeton.edu>
+Date: Tue, 7 Dec 2010 11:06:57 -0500
+Subject: [PATCH] linux-2.6-522-iptables-connection-tagging.patch
+
+---
+ include/linux/netfilter/xt_SETXID.h  |   13 ++
+ include/net/netfilter/nf_conntrack.h |    3 +
+ net/netfilter/Kconfig                |    7 +
+ net/netfilter/Makefile               |    1 +
+ net/netfilter/nf_conntrack_core.c    |    3 +
+ net/netfilter/xt_MARK.c              |  267 +++++++++++++++++++++++++++++++++-
+ net/netfilter/xt_SETXID.c            |   77 ++++++++++
+ 7 files changed, 364 insertions(+), 7 deletions(-)
+ create mode 100644 include/linux/netfilter/xt_SETXID.h
+ create mode 100644 net/netfilter/xt_SETXID.c
+
 diff --git a/include/linux/netfilter/xt_SETXID.h b/include/linux/netfilter/xt_SETXID.h
 new file mode 100644
 index 0000000..235b9d6
@@ -32,10 +49,10 @@ index 5cf7270..95a5fde 100644
  	struct nf_ct_ext *ext;
  #ifdef CONFIG_NET_NS
 diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
-index 634d14a..a2872f5 100644
+index 7bee9d4..ad362a5 100644
 --- a/net/netfilter/Kconfig
 +++ b/net/netfilter/Kconfig
-@@ -543,6 +543,13 @@ config NETFILTER_XT_MATCH_CLUSTER
+@@ -567,6 +567,13 @@ config NETFILTER_XT_MATCH_CLUSTER
  	  If you say Y or M here, try `iptables -m cluster --help` for
  	  more information.
  
@@ -50,22 +67,22 @@ index 634d14a..a2872f5 100644
  	tristate  '"comment" match support'
  	depends on NETFILTER_ADVANCED
 diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
-index 49f62ee..820655e 100644
+index da71137..adfbdea 100644
 --- a/net/netfilter/Makefile
 +++ b/net/netfilter/Makefile
-@@ -41,6 +41,7 @@ obj-$(CONFIG_NETFILTER_TPROXY) += nf_tproxy_core.o
- obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
+@@ -44,6 +44,7 @@ obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
  
  # targets
+ obj-$(CONFIG_NETFILTER_XT_TARGET_AUDIT) += xt_AUDIT.o
 +obj-$(CONFIG_NETFILTER_XT_TARGET_SETXID) += xt_SETXID.o
+ obj-$(CONFIG_NETFILTER_XT_TARGET_CHECKSUM) += xt_CHECKSUM.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
  obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
- obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
 diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 1e1df20..144e131 100644
+index 1374179..0f9464c 100644
 --- a/net/netfilter/nf_conntrack_core.c
 +++ b/net/netfilter/nf_conntrack_core.c
-@@ -673,6 +673,9 @@ init_conntrack(struct net *net,
+@@ -677,6 +677,9 @@ init_conntrack(struct net *net,
  	hlist_nulls_add_head_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnnode,
  		       &net->ct.unconfirmed);
  
@@ -372,7 +389,7 @@ index 225f8d1..6cb5101 100644
  static int __init mark_tg_init(void)
 diff --git a/net/netfilter/xt_SETXID.c b/net/netfilter/xt_SETXID.c
 new file mode 100644
-index 0000000..f8553c5
+index 0000000..4f25a19
 --- /dev/null
 +++ b/net/netfilter/xt_SETXID.c
 @@ -0,0 +1,77 @@
@@ -391,29 +408,29 @@ index 0000000..f8553c5
 +MODULE_ALIAS("ipt_SETXID");
 +
 +static unsigned int
-+target_v2(struct sk_buff **pskb,
-+	  const struct net_device *in,
-+	  const struct net_device *out,
-+	  unsigned int hooknum,
-+	  const struct xt_target *target, const void *targinfo)
++target_v2(struct sk_buff *skb,
++	  const struct xt_target_param *par)
++
++
++
 +{
-+	const struct xt_setxid_target_info_v2 *setxidinfo = targinfo;
++	const struct xt_setxid_target_info_v2 *setxidinfo = par->targinfo;
 +
 +	switch (setxidinfo->mode) {
 +	case XT_SET_PACKET_XID:
-+		(*pskb)->skb_tag = setxidinfo->mark;
++		skb->skb_tag = setxidinfo->mark;
 +		break;
 +	}
 +	return XT_CONTINUE;
 +}
 +
-+static int
-+checkentry_v2(const char *tablename,
-+	      const void *entry,
-+	      const struct xt_target *target,
-+	      void *targinfo, unsigned int hook_mask)
++static bool
++checkentry_v2(const struct xt_tgchk_param *par)
++
++
++
 +{
-+	struct xt_setxid_target_info_v2 *setxidinfo = targinfo;
++	struct xt_setxid_target_info_v2 *setxidinfo = par->targinfo;
 +
 +	if (setxidinfo->mode != XT_SET_PACKET_XID) {
 +		printk(KERN_WARNING "SETXID: unknown mode %u\n",