#endif
/*
- * Netfilter
+ * Netfilter (1)
*
* Following socket options are used in ip6_tables;
* see include/linux/netfilter_ipv6/ip6_tables.h.
#define IPV6_RECVTCLASS 66
#define IPV6_TCLASS 67
+/*
+ * Netfilter (2)
+ *
+ * Following socket options are used in ip6_tables;
+ * see include/linux/netfilter_ipv6/ip6_tables.h.
+ *
+ * IP6T_SO_GET_REVISION_MATCH 68
+ * IP6T_SO_GET_REVISION_TARGET 69
+ */
+
#endif
/* Error verdict. */
#define XT_ERROR_TARGET "ERROR"
-/*
- * New IP firewall options for [gs]etsockopt at the RAW IP level.
- * Unlike BSD Linux inherits IP options so you don't have to use a raw
- * socket for this. Instead we check rights in the calls. */
-#define XT_BASE_CTL 64 /* base for firewall socket options */
-
-#define XT_SO_SET_REPLACE (XT_BASE_CTL)
-#define XT_SO_SET_ADD_COUNTERS (XT_BASE_CTL + 1)
-#define XT_SO_SET_MAX XT_SO_SET_ADD_COUNTERS
-
-#define XT_SO_GET_INFO (XT_BASE_CTL)
-#define XT_SO_GET_ENTRIES (XT_BASE_CTL + 1)
-#define XT_SO_GET_REVISION_MATCH (XT_BASE_CTL + 2)
-#define XT_SO_GET_REVISION_TARGET (XT_BASE_CTL + 3)
-#define XT_SO_GET_MAX XT_SO_GET_REVISION_TARGET
-
#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
* New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use a raw
* socket for this. Instead we check rights in the calls.
+ *
+ * ATTENTION: check linux/in.h before adding new number here.
*/
-#define ARPT_CTL_OFFSET 32
-#define ARPT_BASE_CTL (XT_BASE_CTL+ARPT_CTL_OFFSET)
-
-#define ARPT_SO_SET_REPLACE (XT_SO_SET_REPLACE+ARPT_CTL_OFFSET)
-#define ARPT_SO_SET_ADD_COUNTERS (XT_SO_SET_ADD_COUNTERS+ARPT_CTL_OFFSET)
-#define ARPT_SO_SET_MAX (XT_SO_SET_MAX+ARPT_CTL_OFFSET)
-
-#define ARPT_SO_GET_INFO (XT_SO_GET_INFO+ARPT_CTL_OFFSET)
-#define ARPT_SO_GET_ENTRIES (XT_SO_GET_ENTRIES+ARPT_CTL_OFFSET)
-/* #define ARPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH */
-#define ARPT_SO_GET_REVISION_TARGET (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET)
-#define ARPT_SO_GET_MAX (XT_SO_GET_REVISION_TARGET+ARPT_CTL_OFFSET)
+#define ARPT_BASE_CTL 96
+
+#define ARPT_SO_SET_REPLACE (ARPT_BASE_CTL)
+#define ARPT_SO_SET_ADD_COUNTERS (ARPT_BASE_CTL + 1)
+#define ARPT_SO_SET_MAX ARPT_SO_SET_ADD_COUNTERS
+
+#define ARPT_SO_GET_INFO (ARPT_BASE_CTL)
+#define ARPT_SO_GET_ENTRIES (ARPT_BASE_CTL + 1)
+/* #define ARPT_SO_GET_REVISION_MATCH (APRT_BASE_CTL + 2) */
+#define ARPT_SO_GET_REVISION_TARGET (ARPT_BASE_CTL + 3)
+#define ARPT_SO_GET_MAX (ARPT_SO_GET_REVISION_TARGET)
/* CONTINUE verdict for targets */
#define ARPT_CONTINUE XT_CONTINUE
/*
* New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use a raw
- * socket for this. Instead we check rights in the calls. */
-#define IPT_BASE_CTL XT_BASE_CTL
-
-#define IPT_SO_SET_REPLACE XT_SO_SET_REPLACE
-#define IPT_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS
-#define IPT_SO_SET_MAX XT_SO_SET_MAX
-
-#define IPT_SO_GET_INFO XT_SO_GET_INFO
-#define IPT_SO_GET_ENTRIES XT_SO_GET_ENTRIES
-#define IPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH
-#define IPT_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET
-#define IPT_SO_GET_MAX XT_SO_GET_REVISION_TARGET
+ * socket for this. Instead we check rights in the calls.
+ *
+ * ATTENTION: check linux/in.h before adding new number here.
+ */
+#define IPT_BASE_CTL 64
+
+#define IPT_SO_SET_REPLACE (IPT_BASE_CTL)
+#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1)
+#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS
+
+#define IPT_SO_GET_INFO (IPT_BASE_CTL)
+#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1)
+#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
+#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
+#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET
#define IPT_CONTINUE XT_CONTINUE
#define IPT_RETURN XT_RETURN
/*
* New IP firewall options for [gs]etsockopt at the RAW IP level.
* Unlike BSD Linux inherits IP options so you don't have to use
- * a raw socket for this. Instead we check rights in the calls. */
-#define IP6T_BASE_CTL XT_BASE_CTL
-
-#define IP6T_SO_SET_REPLACE XT_SO_SET_REPLACE
-#define IP6T_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS
-#define IP6T_SO_SET_MAX XT_SO_SET_MAX
-
-#define IP6T_SO_GET_INFO XT_SO_GET_INFO
-#define IP6T_SO_GET_ENTRIES XT_SO_GET_ENTRIES
-#define IP6T_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH
-#define IP6T_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET
-#define IP6T_SO_GET_MAX XT_SO_GET_REVISION_TARGET
+ * a raw socket for this. Instead we check rights in the calls.
+ *
+ * ATTENTION: check linux/in6.h before adding new number here.
+ */
+#define IP6T_BASE_CTL 64
+
+#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL)
+#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1)
+#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS
+
+#define IP6T_SO_GET_INFO (IP6T_BASE_CTL)
+#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1)
+#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4)
+#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
+#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
/* CONTINUE verdict for targets */
#define IP6T_CONTINUE XT_CONTINUE
projects / linux.git / commitdiff