From c1d10adb4a521de5760112853f42aaeefcec96eb Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 5 Jan 2006 12:19:05 -0800 Subject: [NETFILTER]: Add ctnetlink port for nf_conntrack Signed-off-by: Pablo Neira Ayuso Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/linux/netfilter/nfnetlink_conntrack.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'include/linux') diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index 116fcaced909..b8e9a5b6fb1e 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h @@ -64,6 +64,9 @@ enum ctattr_l4proto { CTA_PROTO_ICMP_ID, CTA_PROTO_ICMP_TYPE, CTA_PROTO_ICMP_CODE, + CTA_PROTO_ICMPV6_ID, + CTA_PROTO_ICMPV6_TYPE, + CTA_PROTO_ICMPV6_CODE, __CTA_PROTO_MAX }; #define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1) -- cgit v1.2.3 From a9b305c4e56f97d6a2ae4f21691bc13797498caf Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 5 Jan 2006 12:20:02 -0800 Subject: [NETFILTER]: ctnetlink: Fix dumping of helper name Properly dump the helper name instead of internal kernel data. Based on patch by Marcus Sundberg . Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/linux/netfilter/nfnetlink_conntrack.h | 2 -- 1 file changed, 2 deletions(-) (limited to 'include/linux') diff --git a/include/linux/netfilter/nfnetlink_conntrack.h b/include/linux/netfilter/nfnetlink_conntrack.h index b8e9a5b6fb1e..668ec946c8e2 100644 --- a/include/linux/netfilter/nfnetlink_conntrack.h +++ b/include/linux/netfilter/nfnetlink_conntrack.h @@ -131,6 +131,4 @@ enum ctattr_help { }; #define CTA_HELP_MAX (__CTA_HELP_MAX - 1) -#define CTA_HELP_MAXNAMESIZE 32 - #endif /* _IPCONNTRACK_NETLINK_H */ -- cgit v1.2.3 From b777e0ce7437a0e788e2aeb42aca9af2cce1f2e1 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 5 Jan 2006 12:21:16 -0800 Subject: [NETFILTER]: make ipv6_find_hdr() find transport protocol header The original ipv6_find_hdr() finds the specified header in IPv6 packets. This makes it possible to get transport header so that we can kill similar loop in ip6_match_packet(). Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/linux/netfilter_ipv6/ip6_tables.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/linux') diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 2efc046d9e94..a291cb76ef18 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -474,7 +474,7 @@ extern unsigned int ip6t_do_table(struct sk_buff **pskb, extern int ip6t_ext_hdr(u8 nexthdr); /* find specified header and get offset to it */ extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, - u8 target); + int target, unsigned short *fragoff); #define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1)) -- cgit v1.2.3 From 22dea562bb56dbc3430c8f23f60ccd38527b1f5a Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Thu, 5 Jan 2006 12:21:34 -0800 Subject: [NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- include/linux/netfilter_ipv6/ip6_tables.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include/linux') diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index a291cb76ef18..c163ba31aab7 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -476,6 +476,10 @@ extern int ip6t_ext_hdr(u8 nexthdr); extern int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, int target, unsigned short *fragoff); +extern int ip6_masked_addrcmp(const struct in6_addr *addr1, + const struct in6_addr *mask, + const struct in6_addr *addr2); + #define IP6T_ALIGN(s) (((s) + (__alignof__(struct ip6t_entry)-1)) & ~(__alignof__(struct ip6t_entry)-1)) #endif /*__KERNEL__*/ -- cgit v1.2.3