Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[NETFILTER]: Add goto target

Originally written by Henrik Nordstrom <hno@marasystems.com>, taken
from netfilter patch-o-matic and added ip6_tables support.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Patrick McHardy 20 years ago
parent
764d8a9f24
commit
05465343bf
4 changed files with 8 additions and 6 deletions
Split View Show Diff Stats
  1. 2 1
      include/linux/netfilter_ipv4/ip_tables.h
  2. 2 1
      include/linux/netfilter_ipv6/ip6_tables.h
  3. 2 2
      net/ipv4/netfilter/ip_tables.c
  4. 2 2
      net/ipv6/netfilter/ip6_tables.c

+ 2 - 1
include/linux/netfilter_ipv4/ip_tables.h
View File 

@@ -109,7 +109,8 @@ struct ipt_counters
 
 
 /* Values for "flag" field in struct ipt_ip (general ip structure). */
 
 #define IPT_F_FRAG		0x01	/* Set if rule is a fragment rule */
 
-#define IPT_F_MASK		0x01	/* All possible flag bits mask. */
 
+#define IPT_F_GOTO		0x02	/* Set if jump is a goto */
 
+#define IPT_F_MASK		0x03	/* All possible flag bits mask. */
 
 
 /* Values for "inv" field in struct ipt_ip. */
 
 #define IPT_INV_VIA_IN		0x01	/* Invert the sense of IN IFACE. */

+ 2 - 1
include/linux/netfilter_ipv6/ip6_tables.h
View File 

@@ -111,7 +111,8 @@ struct ip6t_counters
 
 #define IP6T_F_PROTO		0x01	/* Set if rule cares about upper 
 					   protocols */
 
 #define IP6T_F_TOS		0x02	/* Match the TOS. */
 
-#define IP6T_F_MASK		0x03	/* All possible flag bits mask. */
 
+#define IP6T_F_GOTO		0x04	/* Set if jump is a goto */
 
+#define IP6T_F_MASK		0x07	/* All possible flag bits mask. */
 
 
 /* Values for "inv" field in struct ip6t_ip6. */
 
 #define IP6T_INV_VIA_IN		0x01	/* Invert the sense of IN IFACE. */

+ 2 - 2
net/ipv4/netfilter/ip_tables.c
View File 

@@ -340,8 +340,8 @@ ipt_do_table(struct sk_buff **pskb,
 
 							 back->comefrom);
 
 					continue;
 
 				}
 
-				if (table_base + v
 
-				    != (void *)e + e->next_offset) {
 
+				if (table_base + v != (void *)e + e->next_offset
 
+				    && !(e->ip.flags & IPT_F_GOTO)) {
 
 					/* Save old back ptr in next entry */
 
 					struct ipt_entry *next
 
 						= (void *)e + e->next_offset;

+ 2 - 2
net/ipv6/netfilter/ip6_tables.c
View File 

@@ -433,8 +433,8 @@ ip6t_do_table(struct sk_buff **pskb,
 
 							 back->comefrom);
 
 					continue;
 
 				}
 
-				if (table_base + v
 
-				    != (void *)e + e->next_offset) {
 
+				if (table_base + v != (void *)e + e->next_offset
 
+				    && !(e->ipv6.flags & IP6T_F_GOTO)) {
 
 					/* Save old back ptr in next entry */
 
 					struct ip6t_entry *next
 
 						= (void *)e + e->next_offset;