diff options
author | Harald Welte <laforge@netfilter.org> | 2005-10-26 03:34:24 -0400 |
---|---|---|
committer | Arnaldo Carvalho de Melo <acme@mandriva.com> | 2005-10-31 13:36:08 -0500 |
commit | 6b7d31fcdda5938e5d3f1f8b0922cc25aa200dfc (patch) | |
tree | c44f46d7eab0ea138247018ba1e04da6df8ae9d4 /include/linux | |
parent | 6ede2463c8d7ea949f8e7ef35243490c415ddc2f (diff) |
[NETFILTER]: Add "revision" support to arp_tables and ip6_tables
Like ip_tables already has it for some time, this adds support for
having multiple revisions for each match/target. We steal one byte from
the name in order to accomodate a 8 bit version number.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter_arp/arp_tables.h | 20 | ||||
-rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 27 |
2 files changed, 39 insertions, 8 deletions
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index d759a637bded..e98a870a20be 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h | |||
@@ -68,7 +68,8 @@ struct arpt_entry_target | |||
68 | u_int16_t target_size; | 68 | u_int16_t target_size; |
69 | 69 | ||
70 | /* Used by userspace */ | 70 | /* Used by userspace */ |
71 | char name[ARPT_FUNCTION_MAXNAMELEN]; | 71 | char name[ARPT_FUNCTION_MAXNAMELEN-1]; |
72 | u_int8_t revision; | ||
72 | } user; | 73 | } user; |
73 | struct { | 74 | struct { |
74 | u_int16_t target_size; | 75 | u_int16_t target_size; |
@@ -148,7 +149,9 @@ struct arpt_entry | |||
148 | 149 | ||
149 | #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) | 150 | #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) |
150 | #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) | 151 | #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) |
151 | #define ARPT_SO_GET_MAX ARPT_SO_GET_ENTRIES | 152 | /* #define ARPT_SO_GET_REVISION_MATCH (ARPT_BASE_CTL + 2)*/ |
153 | #define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) | ||
154 | #define ARPT_SO_GET_MAX ARPT_SO_GET_REVISION_TARGET | ||
152 | 155 | ||
153 | /* CONTINUE verdict for targets */ | 156 | /* CONTINUE verdict for targets */ |
154 | #define ARPT_CONTINUE 0xFFFFFFFF | 157 | #define ARPT_CONTINUE 0xFFFFFFFF |
@@ -236,6 +239,15 @@ struct arpt_get_entries | |||
236 | struct arpt_entry entrytable[0]; | 239 | struct arpt_entry entrytable[0]; |
237 | }; | 240 | }; |
238 | 241 | ||
242 | /* The argument to ARPT_SO_GET_REVISION_*. Returns highest revision | ||
243 | * kernel supports, if >= revision. */ | ||
244 | struct arpt_get_revision | ||
245 | { | ||
246 | char name[ARPT_FUNCTION_MAXNAMELEN-1]; | ||
247 | |||
248 | u_int8_t revision; | ||
249 | }; | ||
250 | |||
239 | /* Standard return verdict, or do jump. */ | 251 | /* Standard return verdict, or do jump. */ |
240 | #define ARPT_STANDARD_TARGET "" | 252 | #define ARPT_STANDARD_TARGET "" |
241 | /* Error verdict. */ | 253 | /* Error verdict. */ |
@@ -274,7 +286,9 @@ struct arpt_target | |||
274 | { | 286 | { |
275 | struct list_head list; | 287 | struct list_head list; |
276 | 288 | ||
277 | const char name[ARPT_FUNCTION_MAXNAMELEN]; | 289 | const char name[ARPT_FUNCTION_MAXNAMELEN-1]; |
290 | |||
291 | u_int8_t revision; | ||
278 | 292 | ||
279 | /* Returns verdict. */ | 293 | /* Returns verdict. */ |
280 | unsigned int (*target)(struct sk_buff **pskb, | 294 | unsigned int (*target)(struct sk_buff **pskb, |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 59f70b34e029..2efc046d9e94 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
@@ -57,7 +57,8 @@ struct ip6t_entry_match | |||
57 | u_int16_t match_size; | 57 | u_int16_t match_size; |
58 | 58 | ||
59 | /* Used by userspace */ | 59 | /* Used by userspace */ |
60 | char name[IP6T_FUNCTION_MAXNAMELEN]; | 60 | char name[IP6T_FUNCTION_MAXNAMELEN-1]; |
61 | u_int8_t revision; | ||
61 | } user; | 62 | } user; |
62 | struct { | 63 | struct { |
63 | u_int16_t match_size; | 64 | u_int16_t match_size; |
@@ -80,7 +81,8 @@ struct ip6t_entry_target | |||
80 | u_int16_t target_size; | 81 | u_int16_t target_size; |
81 | 82 | ||
82 | /* Used by userspace */ | 83 | /* Used by userspace */ |
83 | char name[IP6T_FUNCTION_MAXNAMELEN]; | 84 | char name[IP6T_FUNCTION_MAXNAMELEN-1]; |
85 | u_int8_t revision; | ||
84 | } user; | 86 | } user; |
85 | struct { | 87 | struct { |
86 | u_int16_t target_size; | 88 | u_int16_t target_size; |
@@ -161,7 +163,9 @@ struct ip6t_entry | |||
161 | 163 | ||
162 | #define IP6T_SO_GET_INFO (IP6T_BASE_CTL) | 164 | #define IP6T_SO_GET_INFO (IP6T_BASE_CTL) |
163 | #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) | 165 | #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) |
164 | #define IP6T_SO_GET_MAX IP6T_SO_GET_ENTRIES | 166 | #define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 2) |
167 | #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 3) | ||
168 | #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET | ||
165 | 169 | ||
166 | /* CONTINUE verdict for targets */ | 170 | /* CONTINUE verdict for targets */ |
167 | #define IP6T_CONTINUE 0xFFFFFFFF | 171 | #define IP6T_CONTINUE 0xFFFFFFFF |
@@ -291,6 +295,15 @@ struct ip6t_get_entries | |||
291 | struct ip6t_entry entrytable[0]; | 295 | struct ip6t_entry entrytable[0]; |
292 | }; | 296 | }; |
293 | 297 | ||
298 | /* The argument to IP6T_SO_GET_REVISION_*. Returns highest revision | ||
299 | * kernel supports, if >= revision. */ | ||
300 | struct ip6t_get_revision | ||
301 | { | ||
302 | char name[IP6T_FUNCTION_MAXNAMELEN-1]; | ||
303 | |||
304 | u_int8_t revision; | ||
305 | }; | ||
306 | |||
294 | /* Standard return verdict, or do jump. */ | 307 | /* Standard return verdict, or do jump. */ |
295 | #define IP6T_STANDARD_TARGET "" | 308 | #define IP6T_STANDARD_TARGET "" |
296 | /* Error verdict. */ | 309 | /* Error verdict. */ |
@@ -352,7 +365,9 @@ struct ip6t_match | |||
352 | { | 365 | { |
353 | struct list_head list; | 366 | struct list_head list; |
354 | 367 | ||
355 | const char name[IP6T_FUNCTION_MAXNAMELEN]; | 368 | const char name[IP6T_FUNCTION_MAXNAMELEN-1]; |
369 | |||
370 | u_int8_t revision; | ||
356 | 371 | ||
357 | /* Return true or false: return FALSE and set *hotdrop = 1 to | 372 | /* Return true or false: return FALSE and set *hotdrop = 1 to |
358 | force immediate packet drop. */ | 373 | force immediate packet drop. */ |
@@ -387,7 +402,9 @@ struct ip6t_target | |||
387 | { | 402 | { |
388 | struct list_head list; | 403 | struct list_head list; |
389 | 404 | ||
390 | const char name[IP6T_FUNCTION_MAXNAMELEN]; | 405 | const char name[IP6T_FUNCTION_MAXNAMELEN-1]; |
406 | |||
407 | u_int8_t revision; | ||
391 | 408 | ||
392 | /* Returns verdict. Argument order changed since 2.6.9, as this | 409 | /* Returns verdict. Argument order changed since 2.6.9, as this |
393 | must now handle non-linear skbs, using skb_copy_bits and | 410 | must now handle non-linear skbs, using skb_copy_bits and |