[netfilter-cvslog] r7030 - in trunk/iptables: extensions include/linux/netfilter_ipv6

kaber at trash.net kaber at trash.net
Wed Sep 5 15:58:59 CEST 2007


Author: kaber at trash.net
Date: 2007-09-05 15:58:58 +0200 (Wed, 05 Sep 2007)
New Revision: 7030

Added:
   trunk/iptables/include/linux/netfilter_ipv6/ip6t_ipv6header.h
Removed:
   trunk/iptables/extensions/.ipv6header-test6
Modified:
   trunk/iptables/extensions/Makefile
Log:
Build ipv6header match unconditionally


Deleted: trunk/iptables/extensions/.ipv6header-test6
===================================================================
--- trunk/iptables/extensions/.ipv6header-test6	2007-09-05 13:57:28 UTC (rev 7029)
+++ trunk/iptables/extensions/.ipv6header-test6	2007-09-05 13:58:58 UTC (rev 7030)
@@ -1,2 +0,0 @@
-#!/bin/sh
-[ -f $KERNEL_DIR/net/ipv6/netfilter/ip6t_ipv6header.c -a -f $KERNEL_DIR/include/linux/netfilter_ipv6/ip6t_ipv6header.h ] && echo ipv6header

Modified: trunk/iptables/extensions/Makefile
===================================================================
--- trunk/iptables/extensions/Makefile	2007-09-05 13:57:28 UTC (rev 7029)
+++ trunk/iptables/extensions/Makefile	2007-09-05 13:58:58 UTC (rev 7030)
@@ -6,7 +6,7 @@
 # package (HW)
 #
 PF_EXT_SLIB:=ah addrtype conntrack ecn icmp iprange owner policy realm recent tos ttl unclean CLUSTERIP DNAT ECN LOG MASQUERADE MIRROR NETMAP REDIRECT REJECT SAME SNAT TOS TTL ULOG
-PF6_EXT_SLIB:=ah eui64 frag hl icmp6 mh owner policy HL LOG REJECT
+PF6_EXT_SLIB:=ah eui64 frag hl icmp6 ipv6header mh owner policy HL LOG REJECT
 PFX_EXT_SLIB:=connbytes connmark connlimit comment dccp dscp esp hashlimit helper length limit mac mark multiport physdev pkttype quota sctp state statistic standard string tcp tcpmss udp CLASSIFY CONNMARK DSCP MARK NFLOG NFQUEUE NOTRACK TCPMSS TRACE
 
 ifeq ($(DO_SELINUX), 1)

Added: trunk/iptables/include/linux/netfilter_ipv6/ip6t_ipv6header.h
===================================================================
--- trunk/iptables/include/linux/netfilter_ipv6/ip6t_ipv6header.h	                        (rev 0)
+++ trunk/iptables/include/linux/netfilter_ipv6/ip6t_ipv6header.h	2007-09-05 13:58:58 UTC (rev 7030)
@@ -0,0 +1,27 @@
+/* ipv6header match - matches IPv6 packets based
+on whether they contain certain headers */
+
+/* Original idea: Brad Chapman 
+ * Rewritten by: Andras Kis-Szabo <kisza at sch.bme.hu> */
+
+
+#ifndef __IPV6HEADER_H
+#define __IPV6HEADER_H
+
+struct ip6t_ipv6header_info
+{
+	u_int8_t matchflags;
+	u_int8_t invflags;
+	u_int8_t modeflag;
+};
+
+#define MASK_HOPOPTS    128
+#define MASK_DSTOPTS    64
+#define MASK_ROUTING    32
+#define MASK_FRAGMENT   16
+#define MASK_AH         8
+#define MASK_ESP        4
+#define MASK_NONE       2
+#define MASK_PROTO      1
+
+#endif /* __IPV6HEADER_H */




More information about the netfilter-cvslog mailing list