diff options
| author | Rusty Russell <rusty@rustcorp.com.au> | 2003-05-21 02:34:02 -0700 |
|---|---|---|
| committer | David S. Miller <davem@kernel.bkbits.net> | 2003-05-21 02:34:02 -0700 |
| commit | 4b5fb65ee46abbf45ca8525704b045397fd851f2 (patch) | |
| tree | 7bf768efe4348d7ccefcd0482c9ae25523621391 /include/linux | |
| parent | 07ca08b17cd52e7797ace521e94716677abb1db5 (diff) | |
[NETFILTER]: Non-linear iptables: core code.
Adjusts the IPTables core to handle non-linear packets. Extensions
done separately in next patch. Also, comments about when to set
"me" field in struct ipt_match, ipt_table and ipt_target are
corrected.
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index d2a7f4b40ccd..fb557e487797 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h @@ -347,13 +347,14 @@ struct ipt_match /* Return true or false: return FALSE and set *hotdrop = 1 to force immediate packet drop. */ + /* Arguments changed since 2.4, as this must now handle + non-linear skbs, using skb_copy_bits and + skb_ip_make_writable. */ int (*match)(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *matchinfo, int offset, - const void *hdr, - u_int16_t datalen, int *hotdrop); /* Called when user tries to insert an entry of this type. */ @@ -367,7 +368,7 @@ struct ipt_match /* Called when entry of this type deleted. */ void (*destroy)(void *matchinfo, unsigned int matchinfosize); - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ + /* Set this to THIS_MODULE. */ struct module *me; }; @@ -378,14 +379,6 @@ struct ipt_target const char name[IPT_FUNCTION_MAXNAMELEN]; - /* Returns verdict. */ - unsigned int (*target)(struct sk_buff **pskb, - unsigned int hooknum, - const struct net_device *in, - const struct net_device *out, - const void *targinfo, - void *userdata); - /* Called when user tries to insert an entry of this type: hook_mask is a bitmask of hooks from which it can be called. */ @@ -399,7 +392,17 @@ struct ipt_target /* Called when entry of this type deleted. */ void (*destroy)(void *targinfo, unsigned int targinfosize); - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ + /* Returns verdict. Argument order changed since 2.4, as this + must now handle non-linear skbs, using skb_copy_bits and + skb_ip_make_writable. */ + unsigned int (*target)(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *targinfo, + void *userdata); + + /* Set this to THIS_MODULE. */ struct module *me; }; @@ -429,7 +432,7 @@ struct ipt_table /* Man behind the curtain... */ struct ipt_table_info *private; - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ + /* Set to THIS_MODULE. */ struct module *me; }; |