[NETFILTER]: Add "revision" support to arp_tables and ip6_tables

Like ip_tables already has it for some time, this adds support for having multiple revisions for each match/target. We steal one byte from the name in order to accomodate a 8 bit version number. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
xiaoqiangnk · Oct 31, 2005 · 6b7d31f · 6b7d31f
1 parent 6ede246
commit 6b7d31f
Show file tree

Hide file tree

Showing 5 changed files with 362 additions and 192 deletions.
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
@@ -68,7 +68,8 @@ struct arpt_entry_target
 			u_int16_t target_size;
 
 			/* Used by userspace */
-			char name[ARPT_FUNCTION_MAXNAMELEN];
+			char name[ARPT_FUNCTION_MAXNAMELEN-1];
+			u_int8_t revision;
 		} user;
 		struct {
 			u_int16_t target_size;
@@ -148,7 +149,9 @@ struct arpt_entry
 
 #define ARPT_SO_GET_INFO		(ARPT_BASE_CTL)
 #define ARPT_SO_GET_ENTRIES		(ARPT_BASE_CTL + 1)
-#define ARPT_SO_GET_MAX			ARPT_SO_GET_ENTRIES
+/* #define ARPT_SO_GET_REVISION_MATCH	(ARPT_BASE_CTL + 2)*/
+#define ARPT_SO_GET_REVISION_TARGET	(ARPT_BASE_CTL + 3)
+#define ARPT_SO_GET_MAX			ARPT_SO_GET_REVISION_TARGET
 
 /* CONTINUE verdict for targets */
 #define ARPT_CONTINUE 0xFFFFFFFF
@@ -236,6 +239,15 @@ struct arpt_get_entries
 	struct arpt_entry entrytable[0];
 };
 
+/* The argument to ARPT_SO_GET_REVISION_*.  Returns highest revision
+ * kernel supports, if >= revision. */
+struct arpt_get_revision
+{
+	char name[ARPT_FUNCTION_MAXNAMELEN-1];
+
+	u_int8_t revision;
+};
+
 /* Standard return verdict, or do jump. */
 #define ARPT_STANDARD_TARGET ""
 /* Error verdict. */
@@ -274,7 +286,9 @@ struct arpt_target
 {
 	struct list_head list;
 
-	const char name[ARPT_FUNCTION_MAXNAMELEN];
+	const char name[ARPT_FUNCTION_MAXNAMELEN-1];
+
+	u_int8_t revision;
 
 	/* Returns verdict. */
 	unsigned int (*target)(struct sk_buff **pskb,

diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -57,7 +57,8 @@ struct ip6t_entry_match
 			u_int16_t match_size;
 
 			/* Used by userspace */
-			char name[IP6T_FUNCTION_MAXNAMELEN];
+			char name[IP6T_FUNCTION_MAXNAMELEN-1];
+			u_int8_t revision;
 		} user;
 		struct {
 			u_int16_t match_size;
@@ -80,7 +81,8 @@ struct ip6t_entry_target
 			u_int16_t target_size;
 
 			/* Used by userspace */
-			char name[IP6T_FUNCTION_MAXNAMELEN];
+			char name[IP6T_FUNCTION_MAXNAMELEN-1];
+			u_int8_t revision;
 		} user;
 		struct {
 			u_int16_t target_size;
@@ -161,7 +163,9 @@ struct ip6t_entry
 
 #define IP6T_SO_GET_INFO		(IP6T_BASE_CTL)
 #define IP6T_SO_GET_ENTRIES		(IP6T_BASE_CTL + 1)
-#define IP6T_SO_GET_MAX			IP6T_SO_GET_ENTRIES
+#define	IP6T_SO_GET_REVISION_MATCH	(IP6T_BASE_CTL + 2)
+#define	IP6T_SO_GET_REVISION_TARGET	(IP6T_BASE_CTL + 3)
+#define IP6T_SO_GET_MAX			IP6T_SO_GET_REVISION_TARGET
 
 /* CONTINUE verdict for targets */
 #define IP6T_CONTINUE 0xFFFFFFFF
@@ -291,6 +295,15 @@ struct ip6t_get_entries
 	struct ip6t_entry entrytable[0];
 };
 
+/* The argument to IP6T_SO_GET_REVISION_*.  Returns highest revision
+ * kernel supports, if >= revision. */
+struct ip6t_get_revision
+{
+	char name[IP6T_FUNCTION_MAXNAMELEN-1];
+
+	u_int8_t revision;
+};
+
 /* Standard return verdict, or do jump. */
 #define IP6T_STANDARD_TARGET ""
 /* Error verdict. */
@@ -352,7 +365,9 @@ struct ip6t_match
 {
 	struct list_head list;
 
-	const char name[IP6T_FUNCTION_MAXNAMELEN];
+	const char name[IP6T_FUNCTION_MAXNAMELEN-1];
+
+	u_int8_t revision;
 
 	/* Return true or false: return FALSE and set *hotdrop = 1 to
            force immediate packet drop. */
@@ -387,7 +402,9 @@ struct ip6t_target
 {
 	struct list_head list;
 
-	const char name[IP6T_FUNCTION_MAXNAMELEN];
+	const char name[IP6T_FUNCTION_MAXNAMELEN-1];
+
+	u_int8_t revision;
 
 	/* Returns verdict. Argument order changed since 2.6.9, as this
 	   must now handle non-linear skbs, using skb_copy_bits and