Android netfilter patches (xt_IDLETIMER) [3/3]

Android netfilter patches (xt_IDLETIMER) [3/3]

[dmitry pervushin]

Changes to iptables to use updated kernel IDLETIMER structures

Signed-off-by: dmitry pervushin <dpervushin@gmail.com>

diff --git a/extensions/libxt_IDLETIMER.c b/extensions/libxt_IDLETIMER.c
index 21004a4..fc7a18c 100644
--- a/extensions/libxt_IDLETIMER.c
+++ b/extensions/libxt_IDLETIMER.c
@@ -27,14 +27,17 @@
 enum {
 	O_TIMEOUT = 0,
 	O_LABEL,
+	O_SEND_NLMSG,
 };

-#define s struct idletimer_tg_info
+#define s struct idletimer_tg_info_v1
 static const struct xt_option_entry idletimer_tg_opts[] = {
 	{.name = "timeout", .id = O_TIMEOUT, .type = XTTYPE_UINT32,
 	 .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, timeout)},
 	{.name = "label", .id = O_LABEL, .type = XTTYPE_STRING,
 	 .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, label)},
+	{.name = "send_nl_msg", .id = O_SEND_NLMSG, .type = XTTYPE_UINT8,
+	 .flags = XTOPT_PUT, XTOPT_POINTER(s, send_nl_msg)},
 	XTOPT_TABLEEND,
 };
 #undef s
@@ -45,6 +48,7 @@ static void idletimer_tg_help(void)
 "IDLETIMER target options:\n"
 " --timeout time	Timeout until the notification is sent (in seconds)\n"
 " --label string	Unique rule identifier\n"
+" --send_nl_msg 0|1	Send netlink message when timer expires\n"
 "\n");
 }

@@ -52,30 +56,32 @@ static void idletimer_tg_print(const void *ip,
 			       const struct xt_entry_target *target,
 			       int numeric)
 {
-	struct idletimer_tg_info *info =
-		(struct idletimer_tg_info *) target->data;
+	struct idletimer_tg_info_v1 *info =
+		(struct idletimer_tg_info_v1 *) target->data;

 	printf(" timeout:%u", info->timeout);
 	printf(" label:%s", info->label);
+	printf(" send-nl-msg:%d", info->send_nl_msg ? 1 : 0);
 }

 static void idletimer_tg_save(const void *ip,
 			      const struct xt_entry_target *target)
 {
-	struct idletimer_tg_info *info =
-		(struct idletimer_tg_info *) target->data;
+	struct idletimer_tg_info_v1 *info =
+		(struct idletimer_tg_info_v1 *) target->data;

 	printf(" --timeout %u", info->timeout);
 	printf(" --label %s", info->label);
+	printf(" --send_nl_msg %d", info->send_nl_msg ? 1 : 0);
 }

 static struct xtables_target idletimer_tg_reg = {
 	.family	       = NFPROTO_UNSPEC,
 	.name	       = "IDLETIMER",
 	.version       = XTABLES_VERSION,
-	.revision      = 0,
-	.size	       = XT_ALIGN(sizeof(struct idletimer_tg_info)),
-	.userspacesize = offsetof(struct idletimer_tg_info, timer),
+	.revision      = 1,
+	.size	       = XT_ALIGN(sizeof(struct idletimer_tg_info_v1)),
+	.userspacesize = offsetof(struct idletimer_tg_info_v1, timer),
 	.help	       = idletimer_tg_help,
 	.x6_parse      = xtables_option_parse,
 	.print	       = idletimer_tg_print,

Re: Android netfilter patches (xt_IDLETIMER) [3/3]

[Pablo Neira Ayuso]

On Mon, Mar 25, 2013 at 11:09:34PM +0100, dmitry pervushin wrote:
> Changes to iptables to use updated kernel IDLETIMER structures
> 
> Signed-off-by: dmitry pervushin <dpervushin@gmail.com>
> 
> diff --git a/extensions/libxt_IDLETIMER.c b/extensions/libxt_IDLETIMER.c
> index 21004a4..fc7a18c 100644
> --- a/extensions/libxt_IDLETIMER.c
> +++ b/extensions/libxt_IDLETIMER.c
[...]
>  static struct xtables_target idletimer_tg_reg = {
>  	.family	       = NFPROTO_UNSPEC,
>  	.name	       = "IDLETIMER",
>  	.version       = XTABLES_VERSION,
> -	.revision      = 0,
> -	.size	       = XT_ALIGN(sizeof(struct idletimer_tg_info)),
> -	.userspacesize = offsetof(struct idletimer_tg_info, timer),
> +	.revision      = 1,
> +	.size	       = XT_ALIGN(sizeof(struct idletimer_tg_info_v1)),
> +	.userspacesize = offsetof(struct idletimer_tg_info_v1, timer),
>  	.help	       = idletimer_tg_help,
>  	.x6_parse      = xtables_option_parse,
>  	.print	       = idletimer_tg_print,

We still need the old revision 0 in the iptables user-space code.
There is people that may be using new iptables versions with old
kernels.