- Add revision support to ip6tables.

- Add support port range match to libip6t_multiport
(R?mi Denis-Courmont <rdenis@simphalempin.com>)

2 files changed, 45 insertions, 0 deletions

diff --git a/include/ip6tables.h b/include/ip6tables.h
index b1140b33..406f2558 100644
--- a/include/ip6tables.h
+++ b/include/ip6tables.h
@@ -15,6 +15,18 @@
 #define IPPROTO_DCCP 33
 #endif
 
+#ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */
+#define IP6T_SO_GET_REVISION_MATCH	(IP6T_BASE_CTL + 2)
+#define IP6T_SO_GET_REVISION_TARGET	(IP6T_BASE_CTL + 3)
+
+struct ip6t_get_revision
+{
+	char name[IP6T_FUNCTION_MAXNAMELEN-1];
+
+	u_int8_t revision;
+};
+#endif /* IP6T_SO_GET_REVISION_MATCH   Old kernel source */
+
 struct ip6tables_rule_match
 {
 	struct ip6tables_rule_match *next;
@@ -33,6 +45,9 @@ struct ip6tables_match
 
 	ip6t_chainlabel name;
 
+	/* Revision of match (0 by default). */
+	u_int8_t revision;
+
 	const char *version;
 
 	/* Size of match data. */
diff --git a/include/linux/netfilter_ipv6/ip6t_multiport.h b/include/linux/netfilter_ipv6/ip6t_multiport.h
new file mode 100644
index 00000000..8c2cc9d1
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_multiport.h
@@ -0,0 +1,30 @@
+#ifndef _IP6T_MULTIPORT_H
+#define _IP6T_MULTIPORT_H
+
+enum ip6t_multiport_flags
+{
+	IP6T_MULTIPORT_SOURCE,
+	IP6T_MULTIPORT_DESTINATION,
+	IP6T_MULTIPORT_EITHER
+};
+
+#define IP6T_MULTI_PORTS	15
+
+/* Must fit inside union xt_matchinfo: 16 bytes */
+struct ip6t_multiport
+{
+	u_int8_t flags;				/* Type of comparison */
+	u_int8_t count;				/* Number of ports */
+	u_int16_t ports[IP6T_MULTI_PORTS];	/* Ports */
+};
+
+struct ip6t_multiport_v1
+{
+	u_int8_t flags;				/* Type of comparison */
+	u_int8_t count;				/* Number of ports */
+	u_int16_t ports[IP6T_MULTI_PORTS];	/* Ports */
+	u_int8_t pflags[IP6T_MULTI_PORTS];	/* Port flags */
+	u_int8_t invert;			/* Invert flag */
+};
+
+#endif /*_IP6T_MULTIPORT_H*/