1diff -urN --exclude-from=/usr/src/diff.exclude-raw extensions.orig/.NOTRACK-test extensions/.NOTRACK-test 2--- userspace/extensions.orig/.NOTRACK-test Thu Jan 1 01:00:00 1970 3+++ userspace/extensions/.NOTRACK-test Fri Jul 19 09:55:47 2002 4@@ -0,0 +1,2 @@ 5+#! /bin/sh 6+[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_NOTRACK.c ] && echo NOTRACK 7diff -urN --exclude-from=/usr/src/diff.exclude-raw extensions.orig/.TRACE-test extensions/.TRACE-test 8--- userspace/extensions.orig/.TRACE-test Thu Jan 1 01:00:00 1970 9+++ userspace/extensions/.TRACE-test Fri Jul 19 09:55:47 2002 10@@ -0,0 +1,2 @@ 11+#! /bin/sh 12+[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_TRACE.c ] && echo TRACE 13diff -urN --exclude-from=/usr/src/diff.exclude-raw extensions.orig/.TRACE-test6 extensions/.TRACE-test6 14--- userspace/extensions.orig/.TRACE-test6 Thu Jan 1 01:00:00 1970 15+++ userspace/extensions/.TRACE-test6 Fri Jul 19 09:55:42 2002 16@@ -0,0 +1,2 @@ 17+#! /bin/sh 18+[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_TRACE.c ] && echo TRACE 19diff -urN --exclude-from=/usr/src/diff.exclude-raw extensions.orig/libip6t_TRACE.c extensions/libip6t_TRACE.c 20--- userspace/extensions.orig/libip6t_TRACE.c Thu Jan 1 01:00:00 1970 21+++ userspace/extensions/libip6t_TRACE.c Fri Jul 19 10:01:17 2002 22@@ -0,0 +1,63 @@ 23+/* Shared library add-on to iptables to add TRACE target support. */ 24+#include <stdio.h> 25+#include <string.h> 26+#include <stdlib.h> 27+#include <getopt.h> 28+ 29+#include <ip6tables.h> 30+#include <linux/netfilter_ipv6/ip6_tables.h> 31+ 32+/* Function which prints out usage message. */ 33+static void 34+help(void) 35+{ 36+ printf( 37+"TRACE target v%s takes no options\n", 38+IPTABLES_VERSION); 39+} 40+ 41+static struct option opts[] = { 42+ { 0 } 43+}; 44+ 45+/* Initialize the target. */ 46+static void 47+init(struct ip6t_entry_target *t, unsigned int *nfcache) 48+{ 49+} 50+ 51+/* Function which parses command options; returns true if it 52+ ate an option */ 53+static int 54+parse(int c, char **argv, int invert, unsigned int *flags, 55+ const struct ip6t_entry *entry, 56+ struct ip6t_entry_target **target) 57+{ 58+ return 0; 59+} 60+ 61+static void 62+final_check(unsigned int flags) 63+{ 64+} 65+ 66+static 67+struct ip6tables_target trace 68+= { NULL, 69+ "TRACE", 70+ IPTABLES_VERSION, 71+ IP6T_ALIGN(0), 72+ IP6T_ALIGN(0), 73+ &help, 74+ &init, 75+ &parse, 76+ &final_check, 77+ NULL, /* print */ 78+ NULL, /* save */ 79+ opts 80+}; 81+ 82+void _init(void) 83+{ 84+ register_target6(&trace); 85+} 86diff -urN --exclude-from=/usr/src/diff.exclude-raw extensions.orig/libipt_NOTRACK.c extensions/libipt_NOTRACK.c 87--- userspace/extensions.orig/libipt_NOTRACK.c Thu Jan 1 01:00:00 1970 88+++ userspace/extensions/libipt_NOTRACK.c Fri Jul 19 10:01:38 2002 89@@ -0,0 +1,63 @@ 90+/* Shared library add-on to iptables to add NOTRACK target support. */ 91+#include <stdio.h> 92+#include <string.h> 93+#include <stdlib.h> 94+#include <getopt.h> 95+ 96+#include <iptables.h> 97+#include <linux/netfilter_ipv4/ip_tables.h> 98+ 99+/* Function which prints out usage message. */ 100+static void 101+help(void) 102+{ 103+ printf( 104+"NOTRACK target v%s takes no options\n", 105+IPTABLES_VERSION); 106+} 107+ 108+static struct option opts[] = { 109+ { 0 } 110+}; 111+ 112+/* Initialize the target. */ 113+static void 114+init(struct ipt_entry_target *t, unsigned int *nfcache) 115+{ 116+} 117+ 118+/* Function which parses command options; returns true if it 119+ ate an option */ 120+static int 121+parse(int c, char **argv, int invert, unsigned int *flags, 122+ const struct ipt_entry *entry, 123+ struct ipt_entry_target **target) 124+{ 125+ return 0; 126+} 127+ 128+static void 129+final_check(unsigned int flags) 130+{ 131+} 132+ 133+static 134+struct iptables_target notrack 135+= { NULL, 136+ "NOTRACK", 137+ IPTABLES_VERSION, 138+ IPT_ALIGN(0), 139+ IPT_ALIGN(0), 140+ &help, 141+ &init, 142+ &parse, 143+ &final_check, 144+ NULL, /* print */ 145+ NULL, /* save */ 146+ opts 147+}; 148+ 149+void _init(void) 150+{ 151+ register_target(¬rack); 152+} 153diff -urN --exclude-from=/usr/src/diff.exclude-raw extensions.orig/libipt_TRACE.c extensions/libipt_TRACE.c 154--- userspace/extensions.orig/libipt_TRACE.c Thu Jan 1 01:00:00 1970 155+++ userspace/extensions/libipt_TRACE.c Fri Jul 19 10:00:57 2002 156@@ -0,0 +1,63 @@ 157+/* Shared library add-on to iptables to add TRACE target support. */ 158+#include <stdio.h> 159+#include <string.h> 160+#include <stdlib.h> 161+#include <getopt.h> 162+ 163+#include <iptables.h> 164+#include <linux/netfilter_ipv4/ip_tables.h> 165+ 166+/* Function which prints out usage message. */ 167+static void 168+help(void) 169+{ 170+ printf( 171+"TRACE target v%s takes no options\n", 172+IPTABLES_VERSION); 173+} 174+ 175+static struct option opts[] = { 176+ { 0 } 177+}; 178+ 179+/* Initialize the target. */ 180+static void 181+init(struct ipt_entry_target *t, unsigned int *nfcache) 182+{ 183+} 184+ 185+/* Function which parses command options; returns true if it 186+ ate an option */ 187+static int 188+parse(int c, char **argv, int invert, unsigned int *flags, 189+ const struct ipt_entry *entry, 190+ struct ipt_entry_target **target) 191+{ 192+ return 0; 193+} 194+ 195+static void 196+final_check(unsigned int flags) 197+{ 198+} 199+ 200+static 201+struct iptables_target trace 202+= { NULL, 203+ "TRACE", 204+ IPTABLES_VERSION, 205+ IPT_ALIGN(0), 206+ IPT_ALIGN(0), 207+ &help, 208+ &init, 209+ &parse, 210+ &final_check, 211+ NULL, /* print */ 212+ NULL, /* save */ 213+ opts 214+}; 215+ 216+void _init(void) 217+{ 218+ register_target(&trace); 219+} 220diff -urN --exclude-from=/usr/src/diff.exclude-raw extensions.orig/libipt_ULOG.c extensions/libipt_ULOG.c 221--- userspace/extensions.orig/libipt_ULOG.c Wed May 29 15:08:16 2002 222+++ userspace/extensions/libipt_ULOG.c Fri Jul 19 09:55:47 2002 223@@ -19,10 +19,6 @@ 224 #include <linux/netfilter_ipv4/ip_tables.h> 225 #include <linux/netfilter_ipv4/ipt_ULOG.h> 226 227-#define ULOG_DEFAULT_NLGROUP 1 228-#define ULOG_DEFAULT_QTHRESHOLD 1 229- 230- 231 void print_groups(unsigned int gmask) 232 { 233 int b; 234diff -urN --exclude-from=/usr/src/diff.exclude-raw extensions.orig/libipt_state.c extensions/libipt_state.c 235--- userspace/extensions.orig/libipt_state.c Wed May 29 15:08:16 2002 236+++ userspace/extensions/libipt_state.c Fri Jul 19 09:55:47 2002 237@@ -14,7 +14,7 @@ 238 { 239 printf( 240 "state v%s options:\n" 241-" [!] --state [INVALID|ESTABLISHED|NEW|RELATED][,...]\n" 242+" [!] --state [INVALID|ESTABLISHED|NEW|RELATED|UNTRACKED][,...]\n" 243 " State(s) to match\n" 244 "\n", IPTABLES_VERSION); 245 } 246@@ -43,6 +43,8 @@ 247 sinfo->statemask |= IPT_STATE_BIT(IP_CT_ESTABLISHED); 248 else if (strncasecmp(state, "RELATED", strlen) == 0) 249 sinfo->statemask |= IPT_STATE_BIT(IP_CT_RELATED); 250+ else if (strncasecmp(state, "UNTRACKED", strlen) == 0) 251+ sinfo->statemask |= IPT_STATE_UNTRACKED; 252 else 253 return 0; 254 return 1; 255@@ -115,6 +117,10 @@ 256 } 257 if (statemask & IPT_STATE_BIT(IP_CT_ESTABLISHED)) { 258 printf("%sESTABLISHED", sep); 259+ sep = ","; 260+ } 261+ if (statemask & IPT_STATE_UNTRACKED) { 262+ printf("%sUNTRACKED", sep); 263 sep = ","; 264 } 265 printf(" "); 266diff -urN --exclude-from=/usr/src/diff.exclude-raw libiptc.orig/libip4tc.c libiptc/libip4tc.c 267--- userspace/libiptc.orig/libip4tc.c Wed Jun 12 21:22:29 2002 268+++ userspace/libiptc/libip4tc.c Fri Jul 19 09:55:47 2002 269@@ -436,6 +436,20 @@ 270 user_offset = h->info.hook_entry[NF_IP_POST_ROUTING]; 271 } 272 273+ } else if (strcmp(h->info.name, "raw") == 0) { 274+ assert(h->info.valid_hooks 275+ == (1 << NF_IP_PRE_ROUTING 276+ | 1 << NF_IP_LOCAL_OUT)); 277+ 278+ /* Hooks should be first two */ 279+ assert(h->info.hook_entry[NF_IP_PRE_ROUTING] == 0); 280+ 281+ n = get_chain_end(h, 0); 282+ n += get_entry(h, n)->next_offset; 283+ assert(h->info.hook_entry[NF_IP_LOCAL_OUT] == n); 284+ 285+ user_offset = h->info.hook_entry[NF_IP_LOCAL_OUT]; 286+ 287 #ifdef NF_IP_DROPPING 288 } else if (strcmp(h->info.name, "drop") == 0) { 289 assert(h->info.valid_hooks == (1 << NF_IP_DROPPING)); 290diff -urN --exclude-from=/usr/src/diff.exclude-raw libiptc.orig/libip6tc.c libiptc/libip6tc.c 291--- userspace/libiptc.orig/libip6tc.c Thu Feb 14 00:13:23 2002 292+++ userspace/libiptc/libip6tc.c Fri Jul 19 09:55:42 2002 293@@ -381,6 +381,19 @@ 294 assert(h->info.hook_entry[NF_IP6_POST_ROUTING] == n); 295 user_offset = h->info.hook_entry[NF_IP6_POST_ROUTING]; 296 } 297+ } else if (strcmp(h->info.name, "raw") == 0) { 298+ assert(h->info.valid_hooks 299+ == (1 << NF_IP6_PRE_ROUTING 300+ | 1 << NF_IP6_LOCAL_OUT)); 301+ 302+ /* Hooks should be first three */ 303+ assert(h->info.hook_entry[NF_IP6_PRE_ROUTING] == 0); 304+ 305+ n = get_chain_end(h, n); 306+ n += get_entry(h, n)->next_offset; 307+ assert(h->info.hook_entry[NF_IP6_LOCAL_OUT] == n); 308+ 309+ user_offset = h->info.hook_entry[NF_IP6_LOCAL_OUT]; 310 } else { 311 fprintf(stderr, "Unknown table `%s'\n", h->info.name); 312 abort(); 313