4566bf2706
For L3-proto independant rules we need to get at the L4 protocol value directly. Add it to the nft_pktinfo struct and use the meta expression to retrieve it. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
34 lines
691 B
C
34 lines
691 B
C
#ifndef _NF_TABLES_IPV6_H_
|
|
#define _NF_TABLES_IPV6_H_
|
|
|
|
#include <linux/netfilter_ipv6/ip6_tables.h>
|
|
#include <net/ipv6.h>
|
|
|
|
static inline int
|
|
nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt,
|
|
const struct nf_hook_ops *ops,
|
|
struct sk_buff *skb,
|
|
const struct net_device *in,
|
|
const struct net_device *out)
|
|
{
|
|
int protohdr, thoff = 0;
|
|
unsigned short frag_off;
|
|
|
|
nft_set_pktinfo(pkt, ops, skb, in, out);
|
|
|
|
protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, NULL);
|
|
/* If malformed, drop it */
|
|
if (protohdr < 0)
|
|
return -1;
|
|
|
|
pkt->tprot = protohdr;
|
|
pkt->xt.thoff = thoff;
|
|
pkt->xt.fragoff = frag_off;
|
|
|
|
return 0;
|
|
}
|
|
|
|
extern struct nft_af_info nft_af_ipv6;
|
|
|
|
#endif
|