aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorHarald Welte <laforge@netfilter.org>2005-10-26 03:34:24 -0400
committerArnaldo Carvalho de Melo <acme@mandriva.com>2005-10-31 13:36:08 -0500
commit6b7d31fcdda5938e5d3f1f8b0922cc25aa200dfc (patch)
treec44f46d7eab0ea138247018ba1e04da6df8ae9d4 /include/linux
parent6ede2463c8d7ea949f8e7ef35243490c415ddc2f (diff)
[NETFILTER]: Add "revision" support to arp_tables and ip6_tables
Like ip_tables already has it for some time, this adds support for having multiple revisions for each match/target. We steal one byte from the name in order to accomodate a 8 bit version number. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/netfilter_arp/arp_tables.h20
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h27
2 files changed, 39 insertions, 8 deletions
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index d759a637bded..e98a870a20be 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -68,7 +68,8 @@ struct arpt_entry_target
68 u_int16_t target_size; 68 u_int16_t target_size;
69 69
70 /* Used by userspace */ 70 /* Used by userspace */
71 char name[ARPT_FUNCTION_MAXNAMELEN]; 71 char name[ARPT_FUNCTION_MAXNAMELEN-1];
72 u_int8_t revision;
72 } user; 73 } user;
73 struct { 74 struct {
74 u_int16_t target_size; 75 u_int16_t target_size;
@@ -148,7 +149,9 @@ struct arpt_entry
148 149
149#define ARPT_SO_GET_INFO (ARPT_BASE_CTL) 150#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
150#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) 151#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
151#define ARPT_SO_GET_MAX ARPT_SO_GET_ENTRIES 152/* #define ARPT_SO_GET_REVISION_MATCH (ARPT_BASE_CTL + 2)*/
153#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
154#define ARPT_SO_GET_MAX ARPT_SO_GET_REVISION_TARGET
152 155
153/* CONTINUE verdict for targets */ 156/* CONTINUE verdict for targets */
154#define ARPT_CONTINUE 0xFFFFFFFF 157#define ARPT_CONTINUE 0xFFFFFFFF
@@ -236,6 +239,15 @@ struct arpt_get_entries
236 struct arpt_entry entrytable[0]; 239 struct arpt_entry entrytable[0];
237}; 240};
238 241
242/* The argument to ARPT_SO_GET_REVISION_*. Returns highest revision
243 * kernel supports, if >= revision. */
244struct arpt_get_revision
245{
246 char name[ARPT_FUNCTION_MAXNAMELEN-1];
247
248 u_int8_t revision;
249};
250
239/* Standard return verdict, or do jump. */ 251/* Standard return verdict, or do jump. */
240#define ARPT_STANDARD_TARGET "" 252#define ARPT_STANDARD_TARGET ""
241/* Error verdict. */ 253/* Error verdict. */
@@ -274,7 +286,9 @@ struct arpt_target
274{ 286{
275 struct list_head list; 287 struct list_head list;
276 288
277 const char name[ARPT_FUNCTION_MAXNAMELEN]; 289 const char name[ARPT_FUNCTION_MAXNAMELEN-1];
290
291 u_int8_t revision;
278 292
279 /* Returns verdict. */ 293 /* Returns verdict. */
280 unsigned int (*target)(struct sk_buff **pskb, 294 unsigned int (*target)(struct sk_buff **pskb,
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index 59f70b34e029..2efc046d9e94 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -57,7 +57,8 @@ struct ip6t_entry_match
57 u_int16_t match_size; 57 u_int16_t match_size;
58 58
59 /* Used by userspace */ 59 /* Used by userspace */
60 char name[IP6T_FUNCTION_MAXNAMELEN]; 60 char name[IP6T_FUNCTION_MAXNAMELEN-1];
61 u_int8_t revision;
61 } user; 62 } user;
62 struct { 63 struct {
63 u_int16_t match_size; 64 u_int16_t match_size;
@@ -80,7 +81,8 @@ struct ip6t_entry_target
80 u_int16_t target_size; 81 u_int16_t target_size;
81 82
82 /* Used by userspace */ 83 /* Used by userspace */
83 char name[IP6T_FUNCTION_MAXNAMELEN]; 84 char name[IP6T_FUNCTION_MAXNAMELEN-1];
85 u_int8_t revision;
84 } user; 86 } user;
85 struct { 87 struct {
86 u_int16_t target_size; 88 u_int16_t target_size;
@@ -161,7 +163,9 @@ struct ip6t_entry
161 163
162#define IP6T_SO_GET_INFO (IP6T_BASE_CTL) 164#define IP6T_SO_GET_INFO (IP6T_BASE_CTL)
163#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) 165#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1)
164#define IP6T_SO_GET_MAX IP6T_SO_GET_ENTRIES 166#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 2)
167#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 3)
168#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
165 169
166/* CONTINUE verdict for targets */ 170/* CONTINUE verdict for targets */
167#define IP6T_CONTINUE 0xFFFFFFFF 171#define IP6T_CONTINUE 0xFFFFFFFF
@@ -291,6 +295,15 @@ struct ip6t_get_entries
291 struct ip6t_entry entrytable[0]; 295 struct ip6t_entry entrytable[0];
292}; 296};
293 297
298/* The argument to IP6T_SO_GET_REVISION_*. Returns highest revision
299 * kernel supports, if >= revision. */
300struct ip6t_get_revision
301{
302 char name[IP6T_FUNCTION_MAXNAMELEN-1];
303
304 u_int8_t revision;
305};
306
294/* Standard return verdict, or do jump. */ 307/* Standard return verdict, or do jump. */
295#define IP6T_STANDARD_TARGET "" 308#define IP6T_STANDARD_TARGET ""
296/* Error verdict. */ 309/* Error verdict. */
@@ -352,7 +365,9 @@ struct ip6t_match
352{ 365{
353 struct list_head list; 366 struct list_head list;
354 367
355 const char name[IP6T_FUNCTION_MAXNAMELEN]; 368 const char name[IP6T_FUNCTION_MAXNAMELEN-1];
369
370 u_int8_t revision;
356 371
357 /* Return true or false: return FALSE and set *hotdrop = 1 to 372 /* Return true or false: return FALSE and set *hotdrop = 1 to
358 force immediate packet drop. */ 373 force immediate packet drop. */
@@ -387,7 +402,9 @@ struct ip6t_target
387{ 402{
388 struct list_head list; 403 struct list_head list;
389 404
390 const char name[IP6T_FUNCTION_MAXNAMELEN]; 405 const char name[IP6T_FUNCTION_MAXNAMELEN-1];
406
407 u_int8_t revision;
391 408
392 /* Returns verdict. Argument order changed since 2.6.9, as this 409 /* Returns verdict. Argument order changed since 2.6.9, as this
393 must now handle non-linear skbs, using skb_copy_bits and 410 must now handle non-linear skbs, using skb_copy_bits and