From: Marcus Sundberg <marcus@ingate.com>
To: netfilter-devel@lists.netfilter.org
Subject: [PATCH] nfsim: Support more netfilter modules
Date: Tue, 13 Dec 2005 14:51:01 +0100 [thread overview]
Message-ID: <439ED1C5.7070103@ingate.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 395 bytes --]
Hi,
this patch adds nfsim support for building most of the netfilter stuff
in 2.6.15. The things still not compiling are CONFIG_IP_NF_CONNTRACK_NETLINK
and CONFIG_IP_NF_MATCH_STRING
//Marcus
--
---------------------------------------+--------------------------
Marcus Sundberg <marcus@ingate.com> | Firewalls with SIP & NAT
Software Developer, Ingate Systems AB | http://www.ingate.com/
[-- Attachment #2: nfsim-1.diff --]
[-- Type: text/x-patch, Size: 9788 bytes --]
[NFSIM] Support more netfilter modules
This patch makes it possible to build with, and enables, the following
2.6.15 options in the nfsim framework:
CONFIG_IP_NF_CONNTRACK_EVENTS
CONFIG_IP_NF_CT_PROTO_SCTP
CONFIG_IP_NF_NETBIOS_NS
CONFIG_IP_NF_PPTP
CONFIG_IP_NF_MATCH_DCCP
CONFIG_IP_NF_MATCH_CONNBYTES
CONFIG_IP_NF_TARGET_NFQUEUE
CONFIG_IP_NF_NAT_PPTP
CONFIG_IP_NF_TARGET_TTL
It also fixes compilation of ipt_hashlimit.c and ipt_sctp.c, as well
as the external IP sets patch by Jozsef Kadlecsik.
Signed-off-by: Marcus Sundberg <marcus@ingate.com>
--- nfsim/core/ipv4/ipv4.h (revision 6316)
+++ nfsim/core/ipv4/ipv4.h (working copy)
@@ -72,6 +72,7 @@
IPPROTO_PUP = 12, /* PUP protocol */
IPPROTO_UDP = 17, /* User Datagram Protocol */
IPPROTO_IDP = 22, /* XNS IDP protocol */
+ IPPROTO_DCCP = 33, /* Datagram Congestion Control Protocol */
IPPROTO_RSVP = 46, /* RSVP protocol */
IPPROTO_GRE = 47, /* Cisco GRE tunnels (rfc 1701,1702) */
@@ -314,6 +315,150 @@
} un;
};
+/* sctp.h */
+
+typedef struct sctphdr {
+ __u16 source;
+ __u16 dest;
+ __u32 vtag;
+ __u32 checksum;
+} __attribute__((packed)) sctp_sctphdr_t;
+
+typedef struct sctp_chunkhdr {
+ __u8 type;
+ __u8 flags;
+ __u16 length;
+} __attribute__((packed)) sctp_chunkhdr_t;
+
+typedef enum {
+ SCTP_CID_DATA = 0,
+ SCTP_CID_INIT = 1,
+ SCTP_CID_INIT_ACK = 2,
+ SCTP_CID_SACK = 3,
+ SCTP_CID_HEARTBEAT = 4,
+ SCTP_CID_HEARTBEAT_ACK = 5,
+ SCTP_CID_ABORT = 6,
+ SCTP_CID_SHUTDOWN = 7,
+ SCTP_CID_SHUTDOWN_ACK = 8,
+ SCTP_CID_ERROR = 9,
+ SCTP_CID_COOKIE_ECHO = 10,
+ SCTP_CID_COOKIE_ACK = 11,
+ SCTP_CID_ECN_ECNE = 12,
+ SCTP_CID_ECN_CWR = 13,
+ SCTP_CID_SHUTDOWN_COMPLETE = 14,
+
+ /* PR-SCTP Sec 3.2 */
+ SCTP_CID_FWD_TSN = 0xC0,
+
+ /* Use hex, as defined in ADDIP sec. 3.1 */
+ SCTP_CID_ASCONF = 0xC1,
+ SCTP_CID_ASCONF_ACK = 0x80,
+} sctp_cid_t; /* enum */
+
+typedef struct sctp_inithdr {
+ __u32 init_tag;
+ __u32 a_rwnd;
+ __u16 num_outbound_streams;
+ __u16 num_inbound_streams;
+ __u32 initial_tsn;
+ __u8 params[0];
+} __attribute__((packed)) sctp_inithdr_t;
+
+/* dccp.h */
+
+struct dccp_hdr {
+ __u16 dccph_sport,
+ dccph_dport;
+ __u8 dccph_doff;
+#if defined(__LITTLE_ENDIAN_BITFIELD)
+ __u8 dccph_cscov:4,
+ dccph_ccval:4;
+#elif defined(__BIG_ENDIAN_BITFIELD)
+ __u8 dccph_ccval:4,
+ dccph_cscov:4;
+#else
+#error "Adjust your <asm/byteorder.h> defines"
+#endif
+ __u16 dccph_checksum;
+#if defined(__LITTLE_ENDIAN_BITFIELD)
+ __u32 dccph_x:1,
+ dccph_type:4,
+ dccph_reserved:3,
+ dccph_seq:24;
+#elif defined(__BIG_ENDIAN_BITFIELD)
+ __u32 dccph_reserved:3,
+ dccph_type:4,
+ dccph_x:1,
+ dccph_seq:24;
+#else
+#error "Adjust your <asm/byteorder.h> defines"
+#endif
+};
+
+struct dccp_hdr_ext {
+ __u32 dccph_seq_low;
+};
+struct dccp_hdr_request {
+ __u32 dccph_req_service;
+};
+struct dccp_hdr_ack_bits {
+ __u32 dccph_reserved1:8,
+ dccph_ack_nr_high:24;
+ __u32 dccph_ack_nr_low;
+};
+struct dccp_hdr_response {
+ struct dccp_hdr_ack_bits dccph_resp_ack;
+ __u32 dccph_resp_service;
+};
+struct dccp_hdr_reset {
+ struct dccp_hdr_ack_bits dccph_reset_ack;
+ __u8 dccph_reset_code,
+ dccph_reset_data[3];
+};
+
+enum dccp_pkt_type {
+ DCCP_PKT_REQUEST = 0,
+ DCCP_PKT_RESPONSE,
+ DCCP_PKT_DATA,
+ DCCP_PKT_ACK,
+ DCCP_PKT_DATAACK,
+ DCCP_PKT_CLOSEREQ,
+ DCCP_PKT_CLOSE,
+ DCCP_PKT_RESET,
+ DCCP_PKT_SYNC,
+ DCCP_PKT_SYNCACK,
+ DCCP_PKT_INVALID,
+};
+
+static inline unsigned int dccp_packet_hdr_len(const __u8 type)
+{
+ if (type == DCCP_PKT_DATA)
+ return 0;
+ if (type == DCCP_PKT_DATAACK ||
+ type == DCCP_PKT_ACK ||
+ type == DCCP_PKT_SYNC ||
+ type == DCCP_PKT_SYNCACK ||
+ type == DCCP_PKT_CLOSE ||
+ type == DCCP_PKT_CLOSEREQ)
+ return sizeof(struct dccp_hdr_ack_bits);
+ if (type == DCCP_PKT_REQUEST)
+ return sizeof(struct dccp_hdr_request);
+ if (type == DCCP_PKT_RESPONSE)
+ return sizeof(struct dccp_hdr_response);
+ return sizeof(struct dccp_hdr_reset);
+}
+
+static inline unsigned int __dccp_basic_hdr_len(const struct dccp_hdr *dh)
+{
+ return sizeof(*dh) + (dh->dccph_x ? sizeof(struct dccp_hdr_ext) : 0);
+}
+
+static inline unsigned int __dccp_hdr_len(const struct dccp_hdr *dh)
+{
+ return __dccp_basic_hdr_len(dh) +
+ dccp_packet_hdr_len(dh->dccph_type);
+}
+
/* in_route.h */
/* IPv4 routing cache flags */
@@ -503,6 +648,8 @@
u32 ifa_address;
u32 ifa_mask;
u32 ifa_broadcast;
+
+ unsigned char ifa_flags;
};
--- nfsim/kernelenv/include/kernelenv.h (revision 6316)
+++ nfsim/kernelenv/include/kernelenv.h (working copy)
@@ -59,6 +59,7 @@
#define __s64 u64
#define __be16 __u16
#define __be32 __u32
+#define aligned_u64 uint64_t __attribute__((aligned(8)))
/* Hacky, but works for now */
#define BITS_PER_LONG (ULONG_MAX == 0xFFFFFFFFUL ? 32 : 64)
@@ -574,6 +575,14 @@
#define LL_RESERVED_SPACE(dev) \
(((dev)->hard_header_len&~(HH_DATA_MOD - 1)) + HH_DATA_MOD)
+/* inetdevice.h */
+
+#define for_primary_ifa(in_dev) { struct in_ifaddr *ifa; \
+ for (ifa = (in_dev)->ifa_list; ifa && !(ifa->ifa_flags&IFA_F_SECONDARY); ifa = ifa->ifa_next)
+#define for_ifa(in_dev) { struct in_ifaddr *ifa; \
+ for (ifa = (in_dev)->ifa_list; ifa; ifa = ifa->ifa_next)
+#define endfor_ifa(in_dev) }
+
/* skbuff */
#define CHECKSUM_NONE 0
@@ -1076,6 +1085,8 @@
#define RTAX_MAX RTAX_FEATURES
+#define IFA_F_SECONDARY 0x01
+
/* dst.h */
struct dst_entry
{
@@ -1166,6 +1177,10 @@
static inline void smp_read_barrier_depends(void) {;}
+/* delay.h */
+
+#define msleep(x) do{unsigned int y = (x)*1000; usleep(y);}while(0)
+
/* timer.h */
/* not used at the moment */
@@ -1214,7 +1229,62 @@
#define __set_bit set_bit
int clear_bit(int nr, unsigned long *addr);
int test_and_set_bit(int nr, unsigned long *addr);
+int test_and_clear_bit(int nr, unsigned long *addr);
+static inline int fls(int x)
+{
+ int r = 32;
+
+ if (!x)
+ return 0;
+ if (!(x & 0xffff0000u)) {
+ x <<= 16;
+ r -= 16;
+ }
+ if (!(x & 0xff000000u)) {
+ x <<= 8;
+ r -= 8;
+ }
+ if (!(x & 0xf0000000u)) {
+ x <<= 4;
+ r -= 4;
+ }
+ if (!(x & 0xc0000000u)) {
+ x <<= 2;
+ r -= 2;
+ }
+ if (!(x & 0x80000000u)) {
+ x <<= 1;
+ r -= 1;
+ }
+ return r;
+}
+
+/* div64.h */
+
+#if BITS_PER_LONG == 64
+# define do_div(n,base) ({ \
+ uint32_t __base = (base); \
+ uint32_t __rem; \
+ __rem = ((uint64_t)(n)) % __base; \
+ (n) = ((uint64_t)(n)) / __base; \
+ __rem; \
+ })
+#elif BITS_PER_LONG == 32
+extern uint32_t __div64_32(uint64_t *dividend, uint32_t divisor);
+# define do_div(n,base) ({ \
+ uint32_t __base = (base); \
+ uint32_t __rem; \
+ (void)(((typeof((n)) *)0) == ((uint64_t *)0)); \
+ if (likely(((n) >> 32) == 0)) { \
+ __rem = (uint32_t)(n) % __base; \
+ (n) = (uint32_t)(n) / __base; \
+ } else \
+ __rem = __div64_32(&(n), __base); \
+ __rem; \
+ })
+#endif /* BITS_PER_LONG */
+
/* random */
void get_random_bytes(void *buf, int nbytes);
--- nfsim/kernelenv/kernelenv.c (revision 6316)
+++ nfsim/kernelenv/kernelenv.c (working copy)
@@ -773,6 +773,15 @@
return ret;
}
+int test_and_clear_bit(int nr, unsigned long *addr)
+{
+ /* FIXME: this is not atomic */
+ int ret = test_bit(nr, addr);
+ clear_bit(nr, addr);
+
+ return ret;
+}
+
int clear_bit(int nr, unsigned long *addr)
{
int mask, retval;
@@ -786,6 +795,43 @@
return retval;
}
+/* div64.h */
+
+#if BITS_PER_LONG == 32
+uint32_t __div64_32(uint64_t *n, uint32_t base)
+{
+ uint64_t rem = *n;
+ uint64_t b = base;
+ uint64_t res, d = 1;
+ uint32_t high = rem >> 32;
+
+ /* Reduce the thing a bit first */
+ res = 0;
+ if (high >= base) {
+ high /= base;
+ res = (uint64_t) high << 32;
+ rem -= (uint64_t) (high*base) << 32;
+ }
+
+ while ((int64_t)b > 0 && b < rem) {
+ b = b+b;
+ d = d+d;
+ }
+
+ do {
+ if (rem >= b) {
+ rem -= b;
+ res += d;
+ }
+ b >>= 1;
+ d >>= 1;
+ } while (d);
+
+ *n = res;
+ return rem;
+}
+#endif /* BITS_PER_LONG == 32 */
+
/* timer */
LIST_HEAD(__timers);
LIST_HEAD(__running_timers);
--- nfsim/.links (revision 6316)
+++ nfsim/.links (working copy)
@@ -57,6 +57,7 @@
./asm/page.h
./asm/types.h
./asm/byteorder.h
+./asm/div64.h
./net/tcp.h
./net/checksum.h
./net/route.h
@@ -72,3 +73,7 @@
./linux/swap.h
./linux/list.h
./linux/random.h
+./linux/delay.h
+./linux/sctp.h
+./linux/dccp.h
+./linux/kmalloc_sizes.h
--- nfsim/.config.sample (revision 6316)
+++ nfsim/.config.sample (working copy)
@@ -14,10 +14,14 @@
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
+CONFIG_IP_NF_CONNTRACK_EVENTS=y
+CONFIG_IP_NF_CT_PROTO_SCTP=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
+CONFIG_IP_NF_NETBIOS_NS=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
+CONFIG_IP_NF_PPTP=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_IPRANGE=m
@@ -39,13 +43,16 @@
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_REALM=m
CONFIG_IP_NF_MATCH_SCTP=m
+CONFIG_IP_NF_MATCH_DCCP=m
CONFIG_IP_NF_MATCH_COMMENT=m
CONFIG_IP_NF_MATCH_CONNMARK=m
+CONFIG_IP_NF_MATCH_CONNBYTES=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
+CONFIG_IP_NF_TARGET_NFQUEUE=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_LOCAL=y
CONFIG_IP_NF_NAT_NEEDED=y
@@ -57,12 +64,14 @@
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
+CONFIG_IP_NF_NAT_PPTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_CLASSIFY=m
+CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CONNMARK=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_TARGET_NOTRACK=m
next reply other threads:[~2005-12-13 13:51 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-13 13:51 Marcus Sundberg [this message]
2005-12-13 18:47 ` [PATCH] nfsim: Support more netfilter modules Marcus Sundberg
2005-12-15 2:21 ` Patrick McHardy
2005-12-15 1:15 ` Patrick McHardy
2006-01-06 14:40 ` Harald Welte
2006-01-12 10:25 ` Marcus Sundberg
2006-01-12 11:14 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=439ED1C5.7070103@ingate.com \
--to=marcus@ingate.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.