Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7bfe2461 authored by Yasuyuki Kozakai's avatar Yasuyuki Kozakai Committed by David S. Miller
Browse files

[NETFILTER]: ip6_tables: fix explanation of valid upper protocol number 



This explains the allowed upper protocol numbers. IP6T_F_NOPROTO was
introduced to use 0 as Hop-by-Hop option header, not wildcard. But that
seemed to be forgotten. 0 has been used as wildcard since 2002-08-23.

Signed-off-by: default avatarYasuyuki Kozakai <yasuyuki@netfilter.org>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 558585aa

include/linux/netfilter_ipv6/ip6_tables.h

+8 −2
Original line number Diff line number Diff line
@@ -44,8 +44,14 @@ struct ip6t_ip6 { 
	char iniface[IFNAMSIZ], outiface[IFNAMSIZ];

	unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];



	/* ARGH, HopByHop uses 0, so can't do 0 = ANY,

	   instead IP6T_F_NOPROTO must be set */

	/* Upper protocol number

	 * - The allowed value is 0 (any) or protocol number of last parsable

	 *   header, which is 50 (ESP), 59 (No Next Header), 135 (MH), or

	 *   the non IPv6 extension headers.

	 * - The protocol numbers of IPv6 extension headers except of ESP and

	 *   MH do not match any packets.

	 * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol.

	 */

	u_int16_t proto;

	/* TOS to match iff flags & IP6T_F_TOS */

	u_int8_t tos;