Commit b96e7ecb authored by Yasuyuki Kozakai's avatar Yasuyuki Kozakai Committed by David S. Miller

[NETFILTER]: ip6_tables: fixed conflicted optname for getsockopt

66 and 67 for getsockopt on IPv6 socket is doubly used for IPv6 Advanced
API and ip6tables. This moves numbers for ip6tables to 68 and 69.
This also kills XT_SO_* because {ip,ip6,arp}_tables doesn't have so much
common numbers now.

The old userland tools keep to behave as ever, because old kernel always
calls functions of IPv6 Advanced API for their numbers.
Signed-off-by: default avatarYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent d8a585d7
...@@ -225,7 +225,7 @@ struct in6_flowlabel_req ...@@ -225,7 +225,7 @@ struct in6_flowlabel_req
#endif #endif
/* /*
* Netfilter * Netfilter (1)
* *
* Following socket options are used in ip6_tables; * Following socket options are used in ip6_tables;
* see include/linux/netfilter_ipv6/ip6_tables.h. * see include/linux/netfilter_ipv6/ip6_tables.h.
...@@ -240,4 +240,14 @@ struct in6_flowlabel_req ...@@ -240,4 +240,14 @@ struct in6_flowlabel_req
#define IPV6_RECVTCLASS 66 #define IPV6_RECVTCLASS 66
#define IPV6_TCLASS 67 #define IPV6_TCLASS 67
/*
* Netfilter (2)
*
* Following socket options are used in ip6_tables;
* see include/linux/netfilter_ipv6/ip6_tables.h.
*
* IP6T_SO_GET_REVISION_MATCH 68
* IP6T_SO_GET_REVISION_TARGET 69
*/
#endif #endif
...@@ -96,22 +96,6 @@ struct _xt_align ...@@ -96,22 +96,6 @@ struct _xt_align
/* Error verdict. */ /* Error verdict. */
#define XT_ERROR_TARGET "ERROR" #define XT_ERROR_TARGET "ERROR"
/*
* New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use a raw
* socket for this. Instead we check rights in the calls. */
#define XT_BASE_CTL 64 /* base for firewall socket options */
#define XT_SO_SET_REPLACE (XT_BASE_CTL)
#define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1)
#define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS
#define XT_SO_GET_INFO (XT_BASE_CTL)
#define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1)
#define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2)
#define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3)
#define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET
#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
......
...@@ -112,19 +112,20 @@ struct arpt_entry ...@@ -112,19 +112,20 @@ struct arpt_entry
* New IP firewall options for [gs]etsockopt at the RAW IP level. * New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use a raw * Unlike BSD Linux inherits IP options so you don't have to use a raw
* socket for this. Instead we check rights in the calls. * socket for this. Instead we check rights in the calls.
*
* ATTENTION: check linux/in.h before adding new number here.
*/ */
#define ARPT_CTL_OFFSET 32 #define ARPT_BASE_CTL 96
#define ARPT_BASE_CTL (XT_BASE_CTL+ARPT_CTL_OFFSET)
#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
#define ARPT_SO_SET_REPLACE (XT_SO_SET_REPLACE+ARPT_CTL_OFFSET) #define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1)
#define ARPT_SO_SET_ADD_COUNTERS (XT_SO_SET_ADD_COUNTERS+ARPT_CTL_OFFSET) #define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS
#define ARPT_SO_SET_MAX (XT_SO_SET_MAX+ARPT_CTL_OFFSET)
#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
#define ARPT_SO_GET_INFO (XT_SO_GET_INFO+ARPT_CTL_OFFSET) #define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
#define ARPT_SO_GET_ENTRIES (XT_SO_GET_ENTRIES+ARPT_CTL_OFFSET) /* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */
/* #define ARPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH */ #define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
#define ARPT_SO_GET_REVISION_TARGET (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET) #define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
#define ARPT_SO_GET_MAX (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET)
/* CONTINUE verdict for targets */ /* CONTINUE verdict for targets */
#define ARPT_CONTINUE XT_CONTINUE #define ARPT_CONTINUE XT_CONTINUE
......
...@@ -101,18 +101,21 @@ struct ipt_entry ...@@ -101,18 +101,21 @@ struct ipt_entry
/* /*
* New IP firewall options for [gs]etsockopt at the RAW IP level. * New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use a raw * Unlike BSD Linux inherits IP options so you don't have to use a raw
* socket for this. Instead we check rights in the calls. */ * socket for this. Instead we check rights in the calls.
#define IPT_BASE_CTL XT_BASE_CTL *
* ATTENTION: check linux/in.h before adding new number here.
#define IPT_SO_SET_REPLACE XT_SO_SET_REPLACE */
#define IPT_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS #define IPT_BASE_CTL 64
#define IPT_SO_SET_MAX XT_SO_SET_MAX
#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
#define IPT_SO_GET_INFO XT_SO_GET_INFO #define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1)
#define IPT_SO_GET_ENTRIES XT_SO_GET_ENTRIES #define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS
#define IPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH
#define IPT_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET #define IPT_SO_GET_INFO (IPT_BASE_CTL)
#define IPT_SO_GET_MAX XT_SO_GET_REVISION_TARGET #define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)
#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
#define IPT_CONTINUE XT_CONTINUE #define IPT_CONTINUE XT_CONTINUE
#define IPT_RETURN XT_RETURN #define IPT_RETURN XT_RETURN
......
...@@ -107,18 +107,21 @@ struct ip6t_entry ...@@ -107,18 +107,21 @@ struct ip6t_entry
/* /*
* New IP firewall options for [gs]etsockopt at the RAW IP level. * New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use * Unlike BSD Linux inherits IP options so you don't have to use
* a raw socket for this. Instead we check rights in the calls. */ * a raw socket for this. Instead we check rights in the calls.
#define IP6T_BASE_CTL XT_BASE_CTL *
* ATTENTION: check linux/in6.h before adding new number here.
#define IP6T_SO_SET_REPLACE XT_SO_SET_REPLACE */
#define IP6T_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS #define IP6T_BASE_CTL 64
#define IP6T_SO_SET_MAX XT_SO_SET_MAX
#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL)
#define IP6T_SO_GET_INFO XT_SO_GET_INFO #define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1)
#define IP6T_SO_GET_ENTRIES XT_SO_GET_ENTRIES #define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS
#define IP6T_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH
#define IP6T_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET #define IP6T_SO_GET_INFO (IP6T_BASE_CTL)
#define IP6T_SO_GET_MAX XT_SO_GET_REVISION_TARGET #define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1)
#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4)
#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
/* CONTINUE verdict for targets */ /* CONTINUE verdict for targets */
#define IP6T_CONTINUE XT_CONTINUE #define IP6T_CONTINUE XT_CONTINUE
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment