From 6b7d31fcdda5938e5d3f1f8b0922cc25aa200dfc Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Wed, 26 Oct 2005 09:34:24 +0200 Subject: [NETFILTER]: Add "revision" support to arp_tables and ip6_tables Like ip_tables already has it for some time, this adds support for having multiple revisions for each match/target. We steal one byte from the name in order to accomodate a 8 bit version number. Signed-off-by: Harald Welte Signed-off-by: Arnaldo Carvalho de Melo --- include/linux/netfilter_arp/arp_tables.h | 20 +++++++++++++++++--- include/linux/netfilter_ipv6/ip6_tables.h | 27 ++++++++++++++++++++++----- 2 files changed, 39 insertions(+), 8 deletions(-) (limited to 'include') diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h index d759a637bded..e98a870a20be 100644 --- a/include/linux/netfilter_arp/arp_tables.h +++ b/include/linux/netfilter_arp/arp_tables.h @@ -68,7 +68,8 @@ struct arpt_entry_target u_int16_t target_size; /* Used by userspace */ - char name[ARPT_FUNCTION_MAXNAMELEN]; + char name[ARPT_FUNCTION_MAXNAMELEN-1]; + u_int8_t revision; } user; struct { u_int16_t target_size; @@ -148,7 +149,9 @@ struct arpt_entry #define ARPT_SO_GET_INFO (ARPT_BASE_CTL) #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1) -#define ARPT_SO_GET_MAX ARPT_SO_GET_ENTRIES +/* #define ARPT_SO_GET_REVISION_MATCH (ARPT_BASE_CTL + 2)*/ +#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3) +#define ARPT_SO_GET_MAX ARPT_SO_GET_REVISION_TARGET /* CONTINUE verdict for targets */ #define ARPT_CONTINUE 0xFFFFFFFF @@ -236,6 +239,15 @@ struct arpt_get_entries struct arpt_entry entrytable[0]; }; +/* The argument to ARPT_SO_GET_REVISION_*. Returns highest revision + * kernel supports, if >= revision. */ +struct arpt_get_revision +{ + char name[ARPT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; +}; + /* Standard return verdict, or do jump. */ #define ARPT_STANDARD_TARGET "" /* Error verdict. */ @@ -274,7 +286,9 @@ struct arpt_target { struct list_head list; - const char name[ARPT_FUNCTION_MAXNAMELEN]; + const char name[ARPT_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; /* Returns verdict. */ unsigned int (*target)(struct sk_buff **pskb, diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 59f70b34e029..2efc046d9e94 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -57,7 +57,8 @@ struct ip6t_entry_match u_int16_t match_size; /* Used by userspace */ - char name[IP6T_FUNCTION_MAXNAMELEN]; + char name[IP6T_FUNCTION_MAXNAMELEN-1]; + u_int8_t revision; } user; struct { u_int16_t match_size; @@ -80,7 +81,8 @@ struct ip6t_entry_target u_int16_t target_size; /* Used by userspace */ - char name[IP6T_FUNCTION_MAXNAMELEN]; + char name[IP6T_FUNCTION_MAXNAMELEN-1]; + u_int8_t revision; } user; struct { u_int16_t target_size; @@ -161,7 +163,9 @@ struct ip6t_entry #define IP6T_SO_GET_INFO (IP6T_BASE_CTL) #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) -#define IP6T_SO_GET_MAX IP6T_SO_GET_ENTRIES +#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 2) +#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 3) +#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET /* CONTINUE verdict for targets */ #define IP6T_CONTINUE 0xFFFFFFFF @@ -291,6 +295,15 @@ struct ip6t_get_entries struct ip6t_entry entrytable[0]; }; +/* The argument to IP6T_SO_GET_REVISION_*. Returns highest revision + * kernel supports, if >= revision. */ +struct ip6t_get_revision +{ + char name[IP6T_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; +}; + /* Standard return verdict, or do jump. */ #define IP6T_STANDARD_TARGET "" /* Error verdict. */ @@ -352,7 +365,9 @@ struct ip6t_match { struct list_head list; - const char name[IP6T_FUNCTION_MAXNAMELEN]; + const char name[IP6T_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; /* Return true or false: return FALSE and set *hotdrop = 1 to force immediate packet drop. */ @@ -387,7 +402,9 @@ struct ip6t_target { struct list_head list; - const char name[IP6T_FUNCTION_MAXNAMELEN]; + const char name[IP6T_FUNCTION_MAXNAMELEN-1]; + + u_int8_t revision; /* Returns verdict. Argument order changed since 2.6.9, as this must now handle non-linear skbs, using skb_copy_bits and -- cgit v1.2.3