kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

netfilter: ebtables: add support for matching ICMP type and code

Browse source 
We already have ICMPv6 type/code matches. This adds support for IPv4 ICMP
matches in the same way.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Matthias Schiffer 2018-03-04 09:28:53 +01:00 committed by Pablo Neira Ayuso
parent 20710b3b81
commit 5adc1668dd
2 changed files with 43 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

13
include/uapi/linux/netfilter_bridge/ebt_ip.h
View file

@ -24,8 +24,9 @@
#define EBT_IP_PROTO 0x08
#define EBT_IP_SPORT 0x10
#define EBT_IP_DPORT 0x20
#define EBT_IP_ICMP 0x40
#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\
EBT_IP_SPORT | EBT_IP_DPORT )
EBT_IP_SPORT | EBT_IP_DPORT | EBT_IP_ICMP)
#define EBT_IP_MATCH "ip"
/* the same values are used for the invflags */
@ -38,8 +39,14 @@ struct ebt_ip_info {
__u8 protocol;
__u8 bitmask;
__u8 invflags;
__u16 sport[2];
__u16 dport[2];
union {
__u16 sport[2];
__u8 icmp_type[2];
};
union {
__u16 dport[2];
__u8 icmp_code[2];
};
};
#endif