From 4b5fb65ee46abbf45ca8525704b045397fd851f2 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Wed, 21 May 2003 02:34:02 -0700 Subject: [NETFILTER]: Non-linear iptables: core code. Adjusts the IPTables core to handle non-linear packets. Extensions done separately in next patch. Also, comments about when to set "me" field in struct ipt_match, ipt_table and ipt_target are corrected. --- include/linux/netfilter_ipv4/ip_tables.h | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) (limited to 'include') diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index d2a7f4b40ccd..fb557e487797 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h @@ -347,13 +347,14 @@ struct ipt_match /* Return true or false: return FALSE and set *hotdrop = 1 to force immediate packet drop. */ + /* Arguments changed since 2.4, as this must now handle + non-linear skbs, using skb_copy_bits and + skb_ip_make_writable. */ int (*match)(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const void *matchinfo, int offset, - const void *hdr, - u_int16_t datalen, int *hotdrop); /* Called when user tries to insert an entry of this type. */ @@ -367,7 +368,7 @@ struct ipt_match /* Called when entry of this type deleted. */ void (*destroy)(void *matchinfo, unsigned int matchinfosize); - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ + /* Set this to THIS_MODULE. */ struct module *me; }; @@ -378,14 +379,6 @@ struct ipt_target const char name[IPT_FUNCTION_MAXNAMELEN]; - /* Returns verdict. */ - unsigned int (*target)(struct sk_buff **pskb, - unsigned int hooknum, - const struct net_device *in, - const struct net_device *out, - const void *targinfo, - void *userdata); - /* Called when user tries to insert an entry of this type: hook_mask is a bitmask of hooks from which it can be called. */ @@ -399,7 +392,17 @@ struct ipt_target /* Called when entry of this type deleted. */ void (*destroy)(void *targinfo, unsigned int targinfosize); - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ + /* Returns verdict. Argument order changed since 2.4, as this + must now handle non-linear skbs, using skb_copy_bits and + skb_ip_make_writable. */ + unsigned int (*target)(struct sk_buff **pskb, + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, + const void *targinfo, + void *userdata); + + /* Set this to THIS_MODULE. */ struct module *me; }; @@ -429,7 +432,7 @@ struct ipt_table /* Man behind the curtain... */ struct ipt_table_info *private; - /* Set this to THIS_MODULE if you are a module, otherwise NULL */ + /* Set to THIS_MODULE. */ struct module *me; }; -- cgit v1.2.3 From f989c276d46a747dad537f1c3fae0db7799c1f16 Mon Sep 17 00:00:00 2001 From: Hideaki Yoshifuji Date: Wed, 21 May 2003 10:50:29 -0700 Subject: [IPV6]: Remove obsolete declaration in transp_v6.h --- include/net/transp_v6.h | 1 - 1 file changed, 1 deletion(-) (limited to 'include') diff --git a/include/net/transp_v6.h b/include/net/transp_v6.h index e27d15ea2f18..8b075ab7a26c 100644 --- a/include/net/transp_v6.h +++ b/include/net/transp_v6.h @@ -16,7 +16,6 @@ extern struct proto tcpv6_prot; struct flowi; /* extention headers */ -extern void ipv6_hopopts_init(void); extern void ipv6_rthdr_init(void); extern void ipv6_frag_init(void); extern void ipv6_nodata_init(void); -- cgit v1.2.3