DL-Mirrors/kernel-tenderloin-3.0
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: ebt_ip6: allow matching on ipv6-icmp types/codes

Browse Source 
To avoid adding a new match revision icmp type/code are stored
in the sport/dport area.

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Holger Eitzenberger <holger@eitzenberger.org>
Reviewed-by: Bart De Schuymer<bdschuym@pandora.be>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal
2010-12-20 15:57:47 +01:00
committed by Pablo Neira Ayuso
parent 255d0dc340
commit 6faee60a4e
2 changed files with 46 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
include/linux/netfilter_bridge/ebt_ip6.h
View File

@@ -18,8 +18,11 @@
#define EBT_IP6_PROTO 0x08
#define EBT_IP6_SPORT 0x10
#define EBT_IP6_DPORT 0x20
#define EBT_IP6_ICMP6 0x40
#define EBT_IP6_MASK (EBT_IP6_SOURCE | EBT_IP6_DEST | EBT_IP6_TCLASS |\
EBT_IP6_PROTO | EBT_IP6_SPORT | EBT_IP6_DPORT)
EBT_IP6_PROTO | EBT_IP6_SPORT | EBT_IP6_DPORT | \
EBT_IP6_ICMP6)
#define EBT_IP6_MATCH "ip6"
/* the same values are used for the invflags */
@@ -32,8 +35,14 @@ struct ebt_ip6_info {
uint8_t protocol;
uint8_t bitmask;
uint8_t invflags;
uint16_t sport[2];
uint16_t dport[2];
union {
uint16_t sport[2];
uint8_t icmpv6_type[2];
};
union {
uint16_t dport[2];
uint8_t icmpv6_code[2];
};
};
#endif