diff options
author | Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> | 2006-04-01 02:22:30 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-04-01 02:22:30 -0800 |
commit | dc5ab2faece3b7473931357db7f63f596678481d (patch) | |
tree | d1e5fd3e805e7d2c4136459cca17d5f8ed44bfb6 /include/linux | |
parent | 9606a21635cec077e1928273751b44ecc824a49d (diff) |
[NETFILTER]: x_tables: unify IPv4/IPv6 esp match
This unifies ipt_esp and ip6t_esp to xt_esp. Please note that now
a user program needs to specify IPPROTO_ESP as protocol to use esp match
with IPv6. This means that ip6tables requires '-p esp' like iptables.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter/xt_esp.h | 14 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ipt_esp.h | 14 | ||||
-rw-r--r-- | include/linux/netfilter_ipv6/ip6t_esp.h | 12 |
3 files changed, 22 insertions, 18 deletions
diff --git a/include/linux/netfilter/xt_esp.h b/include/linux/netfilter/xt_esp.h new file mode 100644 index 00000000000..9380fb1c27d --- /dev/null +++ b/include/linux/netfilter/xt_esp.h @@ -0,0 +1,14 @@ +#ifndef _XT_ESP_H +#define _XT_ESP_H + +struct xt_esp +{ + u_int32_t spis[2]; /* Security Parameter Index */ + u_int8_t invflags; /* Inverse flags */ +}; + +/* Values for "invflags" field in struct xt_esp. */ +#define XT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ +#define XT_ESP_INV_MASK 0x01 /* All possible flags. */ + +#endif /*_XT_ESP_H*/ diff --git a/include/linux/netfilter_ipv4/ipt_esp.h b/include/linux/netfilter_ipv4/ipt_esp.h index c782a83e53e..78296e7eeff 100644 --- a/include/linux/netfilter_ipv4/ipt_esp.h +++ b/include/linux/netfilter_ipv4/ipt_esp.h @@ -1,16 +1,10 @@ #ifndef _IPT_ESP_H #define _IPT_ESP_H -struct ipt_esp -{ - u_int32_t spis[2]; /* Security Parameter Index */ - u_int8_t invflags; /* Inverse flags */ -}; +#include <linux/netfilter/xt_esp.h> - - -/* Values for "invflags" field in struct ipt_esp. */ -#define IPT_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ -#define IPT_ESP_INV_MASK 0x01 /* All possible flags. */ +#define ipt_esp xt_esp +#define IPT_ESP_INV_SPI XT_ESP_INV_SPI +#define IPT_ESP_INV_MASK XT_ESP_INV_MASK #endif /*_IPT_ESP_H*/ diff --git a/include/linux/netfilter_ipv6/ip6t_esp.h b/include/linux/netfilter_ipv6/ip6t_esp.h index a91b6abc807..f62eaf53c16 100644 --- a/include/linux/netfilter_ipv6/ip6t_esp.h +++ b/include/linux/netfilter_ipv6/ip6t_esp.h @@ -1,14 +1,10 @@ #ifndef _IP6T_ESP_H #define _IP6T_ESP_H -struct ip6t_esp -{ - u_int32_t spis[2]; /* Security Parameter Index */ - u_int8_t invflags; /* Inverse flags */ -}; +#include <linux/netfilter/xt_esp.h> -/* Values for "invflags" field in struct ip6t_esp. */ -#define IP6T_ESP_INV_SPI 0x01 /* Invert the sense of spi. */ -#define IP6T_ESP_INV_MASK 0x01 /* All possible flags. */ +#define ip6t_esp xt_esp +#define IP6T_ESP_INV_SPI XT_ESP_INV_SPI +#define IP6T_ESP_INV_MASK XT_ESP_INV_MASK #endif /*_IP6T_ESP_H*/ |