diff options
author | Matthias Schiffer | 2018-03-04 09:28:53 +0100 |
---|---|---|
committer | Pablo Neira Ayuso | 2018-03-20 17:24:03 +0100 |
commit | 5adc1668ddc42bb44fd6d006cacad74ed0cbf49d (patch) | |
tree | efcd9577e837f6a224e81b09ee150aa9d4d857b8 /include/uapi/linux | |
parent | netfilter: ctnetlink: synproxy support (diff) | |
download | kernel-qcow2-linux-5adc1668ddc42bb44fd6d006cacad74ed0cbf49d.tar.gz kernel-qcow2-linux-5adc1668ddc42bb44fd6d006cacad74ed0cbf49d.tar.xz kernel-qcow2-linux-5adc1668ddc42bb44fd6d006cacad74ed0cbf49d.zip |
netfilter: ebtables: add support for matching ICMP type and code
We already have ICMPv6 type/code matches. This adds support for IPv4 ICMP
matches in the same way.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/uapi/linux')
-rw-r--r-- | include/uapi/linux/netfilter_bridge/ebt_ip.h | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/include/uapi/linux/netfilter_bridge/ebt_ip.h b/include/uapi/linux/netfilter_bridge/ebt_ip.h index 8e462fb1983f..4ed7fbb0a482 100644 --- a/include/uapi/linux/netfilter_bridge/ebt_ip.h +++ b/include/uapi/linux/netfilter_bridge/ebt_ip.h @@ -24,8 +24,9 @@ #define EBT_IP_PROTO 0x08 #define EBT_IP_SPORT 0x10 #define EBT_IP_DPORT 0x20 +#define EBT_IP_ICMP 0x40 #define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\ - EBT_IP_SPORT | EBT_IP_DPORT ) + EBT_IP_SPORT | EBT_IP_DPORT | EBT_IP_ICMP) #define EBT_IP_MATCH "ip" /* the same values are used for the invflags */ @@ -38,8 +39,14 @@ struct ebt_ip_info { __u8 protocol; __u8 bitmask; __u8 invflags; - __u16 sport[2]; - __u16 dport[2]; + union { + __u16 sport[2]; + __u8 icmp_type[2]; + }; + union { + __u16 dport[2]; + __u8 icmp_code[2]; + }; }; #endif |