diff options
| author | Harald Welte <laforge@netfilter.org> | 2005-10-26 09:34:24 +0200 |
|---|---|---|
| committer | Arnaldo Carvalho de Melo <acme@mandriva.com> | 2005-10-31 16:36:08 -0200 |
| commit | 6b7d31fcdda5938e5d3f1f8b0922cc25aa200dfc (patch) | |
| tree | c44f46d7eab0ea138247018ba1e04da6df8ae9d4 /include | |
| parent | 6ede2463c8d7ea949f8e7ef35243490c415ddc2f (diff) | |
| download | linux-3.10-6b7d31fcdda5938e5d3f1f8b0922cc25aa200dfc.tar.gz linux-3.10-6b7d31fcdda5938e5d3f1f8b0922cc25aa200dfc.tar.bz2 linux-3.10-6b7d31fcdda5938e5d3f1f8b0922cc25aa200dfc.zip | |
[NETFILTER]: Add "revision" support to arp_tables and ip6_tables
Like ip_tables already has it for some time, this adds support for
having multiple revisions for each match/target. We steal one byte from
the name in order to accomodate a 8 bit version number.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter_arp/arp_tables.h | 20 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 27 |
2 files changed, 39 insertions, 8 deletions
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index d759a637bde..e98a870a20b 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h @@ -68,7 +68,8 @@ struct arpt_entry_target u_int16_t target_size; /* Used by userspace */ - char name[ARPT_FUNCTION_MAXNAMELEN]; + char name[ARPT_FUNCTION_MAXNAMELEN-1]; + u_int8_t revision; } user; struct { u_int16_t target_size; @@ -148,7 +149,9 @@ struct arpt_entry #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) -#define ARPT_SO_GET_MAX ARPT_SO_GET_ENTRIES +/* #define ARPT_SO_GET_REVISION_MATCH (ARPT_BASE_CTL + 2)*/ +#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) +#define ARPT_SO_GET_MAX ARPT_SO_GET_REVISION_TARGET /* CONTINUE verdict for targets */ #define ARPT_CONTINUE 0xFFFFFFFF @@ -236,6 +239,15 @@ struct arpt_get_entries struct arpt_entry entrytable[0]; }; +/* The argument to ARPT_SO_GET_REVISION_*. Returns highest revision + * kernel supports, if >= revision. */ +struct arpt_get_revision +{ + char name[ARPT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; +}; + /* Standard return verdict, or do jump. */ #define ARPT_STANDARD_TARGET "" /* Error verdict. */ @@ -274,7 +286,9 @@ struct arpt_target { struct list_head list; - const char name[ARPT_FUNCTION_MAXNAMELEN]; + const char name[ARPT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; /* Returns verdict. */ unsigned int (*target)(struct sk_buff **pskb, diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 59f70b34e02..2efc046d9e9 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -57,7 +57,8 @@ struct ip6t_entry_match u_int16_t match_size; /* Used by userspace */ - char name[IP6T_FUNCTION_MAXNAMELEN]; + char name[IP6T_FUNCTION_MAXNAMELEN-1]; + u_int8_t revision; } user; struct { u_int16_t match_size; @@ -80,7 +81,8 @@ struct ip6t_entry_target u_int16_t target_size; /* Used by userspace */ - char name[IP6T_FUNCTION_MAXNAMELEN]; + char name[IP6T_FUNCTION_MAXNAMELEN-1]; + u_int8_t revision; } user; struct { u_int16_t target_size; @@ -161,7 +163,9 @@ struct ip6t_entry #define IP6T_SO_GET_INFO (IP6T_BASE_CTL) #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) -#define IP6T_SO_GET_MAX IP6T_SO_GET_ENTRIES +#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 2) +#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 3) +#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET /* CONTINUE verdict for targets */ #define IP6T_CONTINUE 0xFFFFFFFF @@ -291,6 +295,15 @@ struct ip6t_get_entries struct ip6t_entry entrytable[0]; }; +/* The argument to IP6T_SO_GET_REVISION_*. Returns highest revision + * kernel supports, if >= revision. */ +struct ip6t_get_revision +{ + char name[IP6T_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; +}; + /* Standard return verdict, or do jump. */ #define IP6T_STANDARD_TARGET "" /* Error verdict. */ @@ -352,7 +365,9 @@ struct ip6t_match { struct list_head list; - const char name[IP6T_FUNCTION_MAXNAMELEN]; + const char name[IP6T_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; /* Return true or false: return FALSE and set *hotdrop = 1 to force immediate packet drop. */ @@ -387,7 +402,9 @@ struct ip6t_target { struct list_head list; - const char name[IP6T_FUNCTION_MAXNAMELEN]; + const char name[IP6T_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; /* Returns verdict. Argument order changed since 2.6.9, as this must now handle non-linear skbs, using skb_copy_bits and |