On Sun, Mar 04, 2018 at 09:28:53AM +0100, Matthias Schiffer wrote:
> We already have ICMPv6 type/code matches. This adds support for IPv4 ICMP
> matches in the same way.
>
> Signed-off-by: Matthias Schiffer <mschiffer@xxxxxxxxxxxxxxxxxxxx>
> ---
> include/uapi/linux/netfilter_bridge/ebt_ip.h | 13 +++++++--
> net/bridge/netfilter/ebt_ip.c | 43 +++++++++++++++++++++-------
> 2 files changed, 43 insertions(+), 13 deletions(-)
>
> diff --git a/include/uapi/linux/netfilter_bridge/ebt_ip.h b/include/uapi/linux/netfilter_bridge/ebt_ip.h
> index 8e462fb1983f..4ed7fbb0a482 100644
> --- a/include/uapi/linux/netfilter_bridge/ebt_ip.h
> +++ b/include/uapi/linux/netfilter_bridge/ebt_ip.h
> @@ -24,8 +24,9 @@
> #define EBT_IP_PROTO 0x08
> #define EBT_IP_SPORT 0x10
> #define EBT_IP_DPORT 0x20
> +#define EBT_IP_ICMP 0x40
> #define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\
> - EBT_IP_SPORT | EBT_IP_DPORT )
> + EBT_IP_SPORT | EBT_IP_DPORT | EBT_IP_ICMP)
> #define EBT_IP_MATCH "ip"
>
> /* the same values are used for the invflags */
> @@ -38,8 +39,14 @@ struct ebt_ip_info {
> __u8 protocol;
> __u8 bitmask;
> __u8 invflags;
> - __u16 sport[2];
> - __u16 dport[2];
> + union {
> + __u16 sport[2];
> + __u8 icmp_type[2];
> + };
> + union {
> + __u16 dport[2];
> + __u8 icmp_code[2];
> + };
This is part of uapi, we cannot update struct ebt_ip_info, this break
binary compatibility.
> };
>
> #endif
> diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
> index 2b46c50abce0..8cb8f8395768 100644
> --- a/net/bridge/netfilter/ebt_ip.c
> +++ b/net/bridge/netfilter/ebt_ip.c
Please, place these new matching features into
net/bridge/netfilter/ebt_ip.c, please add then new ebt_xyz.c extension
instead.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
