diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-07-14 16:43:55 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-07-14 16:43:55 +0200 |
commit | dd73e5708cc2cd127ba03fd5a82fb96b3928e7fb (patch) | |
tree | 51c6fcb589cdb399bda4f5b134dedf2d1ca5b328 /include/libnetfilter_conntrack | |
parent | 1c450e1595afdc8d1bfabb4f640c9251808426eb (diff) |
bsf: add support for IPv6 address filtering
This patch adds support to auto-generate BSF code for IPv6. It
requires a Linux kernel >= 2.6.29. The maximum number of addresses
is limited to 20 (12 BSF lines per IPv6 address comparison). I am
not sure that to remove this limit is useful given that oprofile
does not show very good numbers for very large (in terms of lines)
filters. This completes one feature that is available in IPv4 but
that was missing in IPv6.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/libnetfilter_conntrack')
-rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index f77d273..766fb47 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -416,12 +416,18 @@ struct nfct_filter_ipv4 { u_int32_t addr; u_int32_t mask; }; +struct nfct_filter_ipv6 { + u_int32_t addr[4]; + u_int32_t mask[4]; +}; enum nfct_filter_attr { NFCT_FILTER_L4PROTO = 0, /* u_int32_t */ NFCT_FILTER_L4PROTO_STATE, /* struct nfct_filter_proto */ NFCT_FILTER_SRC_IPV4, /* struct nfct_filter_ipv4 */ NFCT_FILTER_DST_IPV4, /* struct nfct_filter_ipv4 */ + NFCT_FILTER_SRC_IPV6, /* struct nfct_filter_ipv6 */ + NFCT_FILTER_DST_IPV6, /* struct nfct_filter_ipv6 */ NFCT_FILTER_MAX }; |