From patchwork Wed Apr 3 14:27:31 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: holger@eitzenberger.org X-Patchwork-Id: 233498 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id BCD1D2C009D for ; Thu, 4 Apr 2013 01:43:09 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760353Ab3DCOmu (ORCPT ); Wed, 3 Apr 2013 10:42:50 -0400 Received: from moutng.kundenserver.de ([212.227.126.186]:53543 "EHLO moutng.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1760328Ab3DCOms (ORCPT ); Wed, 3 Apr 2013 10:42:48 -0400 Received: from kruemel.eitzenberger.org (p54AD049C.dip0.t-ipconnect.de [84.173.4.156]) by mrelayeu.kundenserver.de (node=mrbap2) with ESMTP (Nemesis) id 0MHrNV-1UKMUk1i1d-003ONY; Wed, 03 Apr 2013 16:42:47 +0200 Received: from holger by kruemel.eitzenberger.org with local (Exim 4.76) (envelope-from ) id 1UNOti-00008j-3p; Wed, 03 Apr 2013 16:42:46 +0200 Message-Id: <20130403144245.789797754@eitzenberger.org> User-Agent: quilt/0.50-1 Date: Wed, 03 Apr 2013 16:27:31 +0200 From: holger@eitzenberger.org To: netfilter-devel@vger.kernel.org Cc: kaber@trash.net, pablo@netfilter.org Subject: [PATCH RFC 2/2] icmp6: match on errors and informational messages References: <20130403142729.484857089@eitzenberger.org> Content-Disposition: inline; filename=net-next/icmp6-match-errors-and-info.diff X-Provags-ID: V02:K0:7SxZF1Qm5GN+8CNckAukbv2EYsyG/NWAW9zSN9FuMRv qnKivtKJijJW60anF+G9Sq/rh2EQzHqjEfCXJjlsyy4FW38yGG wNk0GpTW1KOzC8YDSCOdt1CXuFmCKAFwW6Aih/Nvuj6qCRdlAd NKFzJu1gn8KeR8I6yPQ2s0rQXqqJL/dS802o/J3NIbUFzrs5Eh piZLX+zWh9RGG0R9J2gizhhIyQkgvA/Nlm/HSkou+153SkXcWG 72mKFmmoYEFaDGQRH7qhmdhem60mj/b9V0lB8k3LmYu9RmgXnK TlBI4i9kvQSWJo9w11boyxH+Sh3cVrm37vj1W9ohkkRZ+Rz0tg rNpw9rrU35SuX8kS1qBzIuwPzchPGWNzpyO9fqitR9FWKvoJvi 4ftusK0kpvAKA== Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Signed-off-by: Holger Eitzenberger --- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Index: linux-stable-3.8.y/include/uapi/linux/netfilter_ipv6/ip6_tables.h =================================================================== --- linux-stable-3.8.y.orig/include/uapi/linux/netfilter_ipv6/ip6_tables.h 2013-04-03 09:59:41.000000000 +0200 +++ linux-stable-3.8.y/include/uapi/linux/netfilter_ipv6/ip6_tables.h 2013-04-03 15:20:25.000000000 +0200 @@ -185,11 +185,14 @@ struct ip6t_icmp { __u8 type; /* type to match */ __u8 code[2]; /* range of code */ - __u8 invflags; /* Inverse flags */ + __u8 flags; }; /* Values for "inv" field for struct ipt_icmp. */ #define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */ +#define IP6T_ICMP_ERROR 0x02 /* Match any error type */ +#define IP6T_ICMP_INFO 0x04 /* Match any informational type */ +#define IP6T_ICMP_MASK 0x07 /* The argument to IP6T_SO_GET_INFO */ struct ip6t_getinfo { Index: linux-stable-3.8.y/net/ipv6/netfilter/ip6_tables.c =================================================================== --- linux-stable-3.8.y.orig/net/ipv6/netfilter/ip6_tables.c 2013-04-03 09:59:41.000000000 +0200 +++ linux-stable-3.8.y/net/ipv6/netfilter/ip6_tables.c 2013-04-03 15:19:26.000000000 +0200 @@ -2149,11 +2149,15 @@ return false; } + if (icmpinfo->flags & IP6T_ICMP_ERROR) + return ic->icmp6_type < ICMPV6_ECHO_REQUEST; + if (icmpinfo->flags & IP6T_ICMP_INFO) + return ic->icmp6_type >= ICMPV6_ECHO_REQUEST; return icmp6_type_code_match(icmpinfo->type, icmpinfo->code[0], icmpinfo->code[1], ic->icmp6_type, ic->icmp6_code, - !!(icmpinfo->invflags&IP6T_ICMP_INV)); + !!(icmpinfo->flags & IP6T_ICMP_INV)); } /* Called when user tries to insert an entry of this type. */ @@ -2161,8 +2165,8 @@ { const struct ip6t_icmp *icmpinfo = par->matchinfo; - /* Must specify no unknown invflags */ - return (icmpinfo->invflags & ~IP6T_ICMP_INV) ? -EINVAL : 0; + /* Must specify no unknown flags */ + return (icmpinfo->flags & ~IP6T_ICMP_MASK) ? -EINVAL : 0; } /* The built-in targets: standard (NULL) and error. */