diff options
| -rw-r--r-- | include/linux/in6.h | 12 | ||||
| -rw-r--r-- | include/linux/netfilter/x_tables.h | 16 | ||||
| -rw-r--r-- | include/linux/netfilter_arp/arp_tables.h | 25 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 27 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 27 |
5 files changed, 54 insertions, 53 deletions
diff --git a/include/linux/in6.h b/include/linux/in6.h index 9be6a4756f0b..f28621f638e0 100644 --- a/include/linux/in6.h +++ b/include/linux/in6.h | |||
| @@ -225,7 +225,7 @@ struct in6_flowlabel_req | |||
| 225 | #endif | 225 | #endif |
| 226 | 226 | ||
| 227 | /* | 227 | /* |
| 228 | * Netfilter | 228 | * Netfilter (1) |
| 229 | * | 229 | * |
| 230 | * Following socket options are used in ip6_tables; | 230 | * Following socket options are used in ip6_tables; |
| 231 | * see include/linux/netfilter_ipv6/ip6_tables.h. | 231 | * see include/linux/netfilter_ipv6/ip6_tables.h. |
| @@ -240,4 +240,14 @@ struct in6_flowlabel_req | |||
| 240 | #define IPV6_RECVTCLASS 66 | 240 | #define IPV6_RECVTCLASS 66 |
| 241 | #define IPV6_TCLASS 67 | 241 | #define IPV6_TCLASS 67 |
| 242 | 242 | ||
| 243 | /* | ||
| 244 | * Netfilter (2) | ||
| 245 | * | ||
| 246 | * Following socket options are used in ip6_tables; | ||
| 247 | * see include/linux/netfilter_ipv6/ip6_tables.h. | ||
| 248 | * | ||
| 249 | * IP6T_SO_GET_REVISION_MATCH 68 | ||
| 250 | * IP6T_SO_GET_REVISION_TARGET 69 | ||
| 251 | */ | ||
| 252 | |||
| 243 | #endif | 253 | #endif |
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 04319a76103a..022edfa97ed9 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
| @@ -96,22 +96,6 @@ struct _xt_align | |||
| 96 | /* Error verdict. */ | 96 | /* Error verdict. */ |
| 97 | #define XT_ERROR_TARGET "ERROR" | 97 | #define XT_ERROR_TARGET "ERROR" |
| 98 | 98 | ||
| 99 | /* | ||
| 100 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | ||
| 101 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | ||
| 102 | * socket for this. Instead we check rights in the calls. */ | ||
| 103 | #define XT_BASE_CTL 64 /* base for firewall socket options */ | ||
| 104 | |||
| 105 | #define XT_SO_SET_REPLACE (XT_BASE_CTL) | ||
| 106 | #define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1) | ||
| 107 | #define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS | ||
| 108 | |||
| 109 | #define XT_SO_GET_INFO (XT_BASE_CTL) | ||
| 110 | #define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1) | ||
| 111 | #define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2) | ||
| 112 | #define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3) | ||
| 113 | #define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET | ||
| 114 | |||
| 115 | #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) | 99 | #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) |
| 116 | #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) | 100 | #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) |
| 117 | 101 | ||
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index 44e39b61d9e7..0be235418a2f 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h | |||
| @@ -112,19 +112,20 @@ struct arpt_entry | |||
| 112 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | 112 | * New IP firewall options for [gs]etsockopt at the RAW IP level. |
| 113 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | 113 | * Unlike BSD Linux inherits IP options so you don't have to use a raw |
| 114 | * socket for this. Instead we check rights in the calls. | 114 | * socket for this. Instead we check rights in the calls. |
| 115 | * | ||
| 116 | * ATTENTION: check linux/in.h before adding new number here. | ||
| 115 | */ | 117 | */ |
| 116 | #define ARPT_CTL_OFFSET 32 | 118 | #define ARPT_BASE_CTL 96 |
| 117 | #define ARPT_BASE_CTL (XT_BASE_CTL+ARPT_CTL_OFFSET) | 119 | |
| 118 | 120 | #define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL) | |
| 119 | #define ARPT_SO_SET_REPLACE (XT_SO_SET_REPLACE+ARPT_CTL_OFFSET) | 121 | #define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1) |
| 120 | #define ARPT_SO_SET_ADD_COUNTERS (XT_SO_SET_ADD_COUNTERS+ARPT_CTL_OFFSET) | 122 | #define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS |
| 121 | #define ARPT_SO_SET_MAX (XT_SO_SET_MAX+ARPT_CTL_OFFSET) | 123 | |
| 122 | 124 | #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) | |
| 123 | #define ARPT_SO_GET_INFO (XT_SO_GET_INFO+ARPT_CTL_OFFSET) | 125 | #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) |
| 124 | #define ARPT_SO_GET_ENTRIES (XT_SO_GET_ENTRIES+ARPT_CTL_OFFSET) | 126 | /* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */ |
| 125 | /* #define ARPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH */ | 127 | #define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) |
| 126 | #define ARPT_SO_GET_REVISION_TARGET (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) | 128 | #define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET) |
| 127 | #define ARPT_SO_GET_MAX (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) | ||
| 128 | 129 | ||
| 129 | /* CONTINUE verdict for targets */ | 130 | /* CONTINUE verdict for targets */ |
| 130 | #define ARPT_CONTINUE XT_CONTINUE | 131 | #define ARPT_CONTINUE XT_CONTINUE |
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index a536bbdef145..4f06dad0bde9 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
| @@ -101,18 +101,21 @@ struct ipt_entry | |||
| 101 | /* | 101 | /* |
| 102 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | 102 | * New IP firewall options for [gs]etsockopt at the RAW IP level. |
| 103 | * Unlike BSD Linux inherits IP options so you don't have to use a raw | 103 | * Unlike BSD Linux inherits IP options so you don't have to use a raw |
| 104 | * socket for this. Instead we check rights in the calls. */ | 104 | * socket for this. Instead we check rights in the calls. |
| 105 | #define IPT_BASE_CTL XT_BASE_CTL | 105 | * |
| 106 | 106 | * ATTENTION: check linux/in.h before adding new number here. | |
| 107 | #define IPT_SO_SET_REPLACE XT_SO_SET_REPLACE | 107 | */ |
| 108 | #define IPT_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS | 108 | #define IPT_BASE_CTL 64 |
| 109 | #define IPT_SO_SET_MAX XT_SO_SET_MAX | 109 | |
| 110 | 110 | #define IPT_SO_SET_REPLACE (IPT_BASE_CTL) | |
| 111 | #define IPT_SO_GET_INFO XT_SO_GET_INFO | 111 | #define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) |
| 112 | #define IPT_SO_GET_ENTRIES XT_SO_GET_ENTRIES | 112 | #define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS |
| 113 | #define IPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH | 113 | |
| 114 | #define IPT_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET | 114 | #define IPT_SO_GET_INFO (IPT_BASE_CTL) |
| 115 | #define IPT_SO_GET_MAX XT_SO_GET_REVISION_TARGET | 115 | #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) |
| 116 | #define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) | ||
| 117 | #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) | ||
| 118 | #define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET | ||
| 116 | 119 | ||
| 117 | #define IPT_CONTINUE XT_CONTINUE | 120 | #define IPT_CONTINUE XT_CONTINUE |
| 118 | #define IPT_RETURN XT_RETURN | 121 | #define IPT_RETURN XT_RETURN |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index d7a8e9c0dad0..4aed340401db 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
| @@ -107,18 +107,21 @@ struct ip6t_entry | |||
| 107 | /* | 107 | /* |
| 108 | * New IP firewall options for [gs]etsockopt at the RAW IP level. | 108 | * New IP firewall options for [gs]etsockopt at the RAW IP level. |
| 109 | * Unlike BSD Linux inherits IP options so you don't have to use | 109 | * Unlike BSD Linux inherits IP options so you don't have to use |
| 110 | * a raw socket for this. Instead we check rights in the calls. */ | 110 | * a raw socket for this. Instead we check rights in the calls. |
| 111 | #define IP6T_BASE_CTL XT_BASE_CTL | 111 | * |
| 112 | 112 | * ATTENTION: check linux/in6.h before adding new number here. | |
| 113 | #define IP6T_SO_SET_REPLACE XT_SO_SET_REPLACE | 113 | */ |
| 114 | #define IP6T_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS | 114 | #define IP6T_BASE_CTL 64 |
| 115 | #define IP6T_SO_SET_MAX XT_SO_SET_MAX | 115 | |
| 116 | 116 | #define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL) | |
| 117 | #define IP6T_SO_GET_INFO XT_SO_GET_INFO | 117 | #define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1) |
| 118 | #define IP6T_SO_GET_ENTRIES XT_SO_GET_ENTRIES | 118 | #define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS |
| 119 | #define IP6T_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH | 119 | |
| 120 | #define IP6T_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET | 120 | #define IP6T_SO_GET_INFO (IP6T_BASE_CTL) |
| 121 | #define IP6T_SO_GET_MAX XT_SO_GET_REVISION_TARGET | 121 | #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) |
| 122 | #define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4) | ||
| 123 | #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) | ||
| 124 | #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET | ||
| 122 | 125 | ||
| 123 | /* CONTINUE verdict for targets */ | 126 | /* CONTINUE verdict for targets */ |
| 124 | #define IP6T_CONTINUE XT_CONTINUE | 127 | #define IP6T_CONTINUE XT_CONTINUE |