2013-09-16 09:53:25 +00:00
|
|
|
#ifndef MARK_H
|
|
|
|
#define MARK_H
|
|
|
|
|
2014-02-15 00:13:38 +00:00
|
|
|
#include <linux/version.h>
|
|
|
|
|
|
|
|
//original inclusions
|
|
|
|
#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 7, 0)
|
|
|
|
#if 0
|
2014-09-17 12:41:24 +00:00
|
|
|
#include "libiptc/libiptc.h"
|
|
|
|
#include <linux/netfilter_ipv4/ip_conntrack.h>
|
|
|
|
#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
|
|
|
|
#include "libiptc/ipt_conntrack.h"
|
|
|
|
#include "libiptc/ipt_connmark.h"
|
|
|
|
#include "libiptc/ipt_CONNMARK.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#if 1
|
|
|
|
#include "libiptc/libiptc.h"
|
|
|
|
#if 1
|
|
|
|
#include <linux/netfilter/nf_conntrack_common.h>
|
|
|
|
#endif
|
|
|
|
#if 0
|
|
|
|
#include <linux/netfilter_ipv4/ipt_conntrack_tuple.h>
|
|
|
|
#endif
|
2014-02-15 00:13:38 +00:00
|
|
|
#include "libiptc/ipt_conntrack.h"
|
|
|
|
#include "libiptc/ipt_connmark.h"
|
|
|
|
#include "libiptc/ipt_CONNMARK.h"
|
2014-09-17 12:41:24 +00:00
|
|
|
#endif
|
2014-02-15 00:13:38 +00:00
|
|
|
|
|
|
|
/* 2010 fixes for debian package */
|
2014-09-17 12:41:24 +00:00
|
|
|
#if 0
|
|
|
|
#include "libiptc/libiptc.h"
|
|
|
|
#include <linux/netfilter/nf_conntrack_common.h>
|
|
|
|
#include <linux/netfilter_ipv4/ipt_conntrack.h>
|
|
|
|
#include <linux/netfilter_ipv4/ipt_connmark.h>
|
|
|
|
#include <linux/netfilter_ipv4/ipt_CONNMARK.h>
|
|
|
|
#endif
|
2014-02-15 00:13:38 +00:00
|
|
|
#endif
|
|
|
|
|
2013-09-16 09:53:25 +00:00
|
|
|
#include "libiptc/libiptc.h"
|
2013-09-30 06:53:44 +00:00
|
|
|
#include <linux/netfilter/nf_conntrack_common.h>
|
2013-09-16 09:53:25 +00:00
|
|
|
#include "libiptc/ipt_conntrack.h"
|
|
|
|
#include "libiptc/ipt_connmark.h"
|
|
|
|
#include "libiptc/ipt_CONNMARK.h"
|
|
|
|
|
|
|
|
#define MANGLE_TABLE "mangle"
|
|
|
|
#define FILTER_TABLE "filter"
|
|
|
|
#define NTK_MARK_CHAIN "ntk_mark_chain"
|
|
|
|
#define CHAIN_OUTPUT "OUTPUT"
|
|
|
|
#define CHAIN_POSTROUTING "POSTROUTING"
|
|
|
|
#define CHAIN_PREROUTING "PREROUTING"
|
|
|
|
#define CHAIN_POSTROUTING "POSTROUTING"
|
|
|
|
#define CHAIN_FORWARD "FORWARD"
|
|
|
|
|
|
|
|
#define MOD_CONNTRACK "conntrack"
|
|
|
|
#define MOD_CONNMARK "CONNMARK"
|
|
|
|
#define MARK_TARGET "MARK"
|
|
|
|
|
|
|
|
#define NTK_NET_STR "10.0.0.0"
|
|
|
|
#define NTK_NET_MASK_STR "255.0.0.0"
|
|
|
|
|
|
|
|
#define IPT_ENTRY_SZ sizeof(struct ipt_entry)
|
|
|
|
#define IPT_ENTRY_MATCH_SZ sizeof(struct ipt_entry_match)
|
|
|
|
#define IPT_ENTRY_TARGET_SZ sizeof(struct ipt_entry_target)
|
|
|
|
#define IPT_CT_INFO_SZ sizeof(struct ipt_conntrack_info)
|
|
|
|
#define IPT_CM_TARGET_INFO_SZ sizeof(struct ipt_connmark_target_info)
|
|
|
|
|
|
|
|
#define MATCH_SZ IPT_ENTRY_MATCH_SZ+IPT_CT_INFO_SZ
|
|
|
|
#define TARGET_SZ IPT_ENTRY_TARGET_SZ+IPT_CM_TARGET_INFO_SZ
|
|
|
|
|
2014-02-15 00:13:38 +00:00
|
|
|
#define RESTORE_OUTPUT_RULE_SZ IPT_ENTRY_SZ+MATCH_SZ+TARGET_SZ
|
2013-09-16 09:53:25 +00:00
|
|
|
|
|
|
|
#define OFFSET_MATCH IPT_ENTRY_SZ
|
|
|
|
#define OFFSET_MATCH_INFO OFFSET_MATCH+IPT_ENTRY_MATCH_SZ
|
|
|
|
#define OFFSET_TARGET OFFSET_MATCH_INFO+IPT_CT_INFO_SZ
|
|
|
|
#define OFFSET_TARGET_INFO OFFSET_TARGET+IPT_ENTRY_TARGET_SZ
|
2014-02-15 00:13:38 +00:00
|
|
|
|
2013-09-16 09:53:25 +00:00
|
|
|
#define MARK_RULE_SZ IPT_ENTRY_SZ+TARGET_SZ
|
|
|
|
#define MAX_MARK_RULES 100
|
|
|
|
|
|
|
|
#define NTK_FORWARD_RULE_SZ OFFSET_TARGET_INFO+4
|
|
|
|
|
|
|
|
#define IGW_FILTER_RULE_SZ IPT_ENTRY_SZ+IPT_ENTRY_SZ+4
|
|
|
|
#define INET_MARK 25
|
|
|
|
|
|
|
|
#define MAX_RULE_SZ RESTORE_OUTPUT_RULE_SZ
|
|
|
|
|
|
|
|
//struct in_addr inet_dst,inet_dst_mask;
|
|
|
|
|
|
|
|
typedef struct rule_store {
|
2014-09-17 12:41:24 +00:00
|
|
|
char e[RESTORE_OUTPUT_RULE_SZ];
|
|
|
|
int sz;
|
|
|
|
char *chain;
|
2013-09-16 09:53:25 +00:00
|
|
|
} rule_store;
|
|
|
|
|
|
|
|
/* Functions */
|
|
|
|
|
2014-09-17 12:41:24 +00:00
|
|
|
int table_init(const char *table, iptc_handle_t * t);
|
|
|
|
int insert_rule(const char *rule, iptc_handle_t * t, const char *chain,
|
|
|
|
int pos);
|
|
|
|
int append_rule(const char *rule, iptc_handle_t * t, const char *chain);
|
|
|
|
int commit_rules(iptc_handle_t * t);
|
2013-09-16 09:53:25 +00:00
|
|
|
void restore_output_rule_init(char *rule);
|
|
|
|
void ntk_forward_rule_init(char *rule);
|
2014-09-17 12:41:24 +00:00
|
|
|
void mark_rule_init(char *rule, char *outiface, int outiface_num);
|
2013-09-16 09:53:25 +00:00
|
|
|
void igw_mark_rule_init(char *rule);
|
2014-09-17 12:41:24 +00:00
|
|
|
int ntk_mark_chain_init(iptc_handle_t * t);
|
2013-09-16 09:53:25 +00:00
|
|
|
int store_rules();
|
|
|
|
int mark_init(int igw);
|
2014-09-17 12:41:24 +00:00
|
|
|
int count_ntk_mark_chain(iptc_handle_t * t);
|
2013-09-16 09:53:25 +00:00
|
|
|
int create_mark_rules(int n);
|
2014-09-17 12:41:24 +00:00
|
|
|
int delete_ntk_forward_chain(iptc_handle_t * t);
|
|
|
|
int delete_first_rule(iptc_handle_t * t, const char *chain);
|
|
|
|
int rule_position(rule_store * rule, iptc_handle_t * t);
|
|
|
|
int delete_rule(rule_store * rule, iptc_handle_t * t);
|
2013-09-16 09:53:25 +00:00
|
|
|
int mark_close();
|
|
|
|
|
2014-09-17 12:41:24 +00:00
|
|
|
#endif /* MARK_H */
|