This series of 5 patches implements "inner" flag option in the set
iptables match, allowing matching based on the properties
(source/destination IP address, protocol, port and so on) of the
original (inner) connection in the event of the following
ICMP[v4,v6] messages:
ICMPv4 destination-unreachable (code 3);
ICMPv4 source-quench (code 4);
ICMPv4 time-exceeded (code 11);
ICMPv6 destination-unreachable (code 1);
ICMPv6 packet-too-big (code 2);
ICMPv6 time-exceeded (code 3);
Revision history:
v1 * initial revision
v2 * redundant code removed;
* added a new header file (ip_set_icmp.h) with 2 inline functions,
allowing access to the internal icmp header properties;
* removed ip[46]inneraddr[ptr]functions as they are no longer needed
* added new ipv[46]addr[ptr] and ip_set_get*port functions, the old
functions are still preserved for backwards compatibility
v3 * rename and move ip_set_get_icmpv[46]_inner_hdr functions to
ip_set_core.c and remove ip_set_icmp.h
* move icmpv[46] protocol and offset checks inside
ip_set_get_ip[46]_inner_hdr functions
* eliminate ip[46]addrptr & ip_set_get_ip[46]_port backward-compatible
functions and rename the new ones to use the same name
* eliminate single-path error gotos in ip_set.h and ip_set_getport.c
Dash Four (5):
iptables: bugfix: prevent wrong syntax being accepted by the set match
ipset: add "inner" flag implementation
ipset: add set match "inner" flag support
iptables: add set match "inner" flag support
iptables (userspace): add set match "inner" flag support
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
