===================================================================
@@ -185,11 +185,14 @@
struct ip6t_icmp {
__u8 type; /* type to match */
__u8 code[2]; /* range of code */
- __u8 invflags; /* Inverse flags */
+ __u8 flags;
};
/* Values for "inv" field for struct ipt_icmp. */
#define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */
+#define IP6T_ICMP_ERROR 0x02 /* Match any error type */
+#define IP6T_ICMP_INFO 0x04 /* Match any informational type */
+#define IP6T_ICMP_MASK 0x07
/* The argument to IP6T_SO_GET_INFO */
struct ip6t_getinfo {
===================================================================
@@ -2149,11 +2149,15 @@
return false;
}
+ if (icmpinfo->flags & IP6T_ICMP_ERROR)
+ return ic->icmp6_type < ICMPV6_ECHO_REQUEST;
+ if (icmpinfo->flags & IP6T_ICMP_INFO)
+ return ic->icmp6_type >= ICMPV6_ECHO_REQUEST;
return icmp6_type_code_match(icmpinfo->type,
icmpinfo->code[0],
icmpinfo->code[1],
ic->icmp6_type, ic->icmp6_code,
- !!(icmpinfo->invflags&IP6T_ICMP_INV));
+ !!(icmpinfo->flags & IP6T_ICMP_INV));
}
/* Called when user tries to insert an entry of this type. */
@@ -2161,8 +2165,8 @@
{
const struct ip6t_icmp *icmpinfo = par->matchinfo;
- /* Must specify no unknown invflags */
- return (icmpinfo->invflags & ~IP6T_ICMP_INV) ? -EINVAL : 0;
+ /* Must specify no unknown flags */
+ return (icmpinfo->flags & ~IP6T_ICMP_MASK) ? -EINVAL : 0;
}
/* The built-in targets: standard (NULL) and error. */
Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html