diff options
author | Florian Westphal <fw@strlen.de> | 2012-10-30 01:08:49 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-11-02 12:26:32 +0100 |
commit | 121d1e0941e05c64ee4223064dd83eb24e871739 (patch) | |
tree | a5b841774451210d2d53db14b7cd907cd47f12d4 /include | |
parent | 6229b75d8da5a4eed7bb668de757e252986c2305 (diff) |
netfilter: ipv6: add getsockopt to retrieve origdst
userspace can query the original ipv4 destination address of a REDIRECTed
connection via
getsockopt(m_sock, SOL_IP, SO_ORIGINAL_DST, &m_server_addr, &addrsize)
but for ipv6 no such option existed.
This adds getsockopt(..., IPPROTO_IPV6, IP6T_SO_ORIGINAL_DST, ...).
Without this, userspace needs to parse /proc or use ctnetlink, which
appears to be overkill.
This uses option number 80 for IP6T_SO_ORIGINAL_DST, which is spare,
to use the same number we use in the IPv4 socket option SO_ORIGINAL_DST.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/uapi/linux/in6.h | 1 | ||||
-rw-r--r-- | include/uapi/linux/netfilter_ipv6/ip6_tables.h | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/include/uapi/linux/in6.h b/include/uapi/linux/in6.h index 1e315998995..f79c3721da6 100644 --- a/include/uapi/linux/in6.h +++ b/include/uapi/linux/in6.h @@ -240,6 +240,7 @@ struct in6_flowlabel_req { * * IP6T_SO_GET_REVISION_MATCH 68 * IP6T_SO_GET_REVISION_TARGET 69 + * IP6T_SO_ORIGINAL_DST 80 */ /* RFC5014: Source address selection */ diff --git a/include/uapi/linux/netfilter_ipv6/ip6_tables.h b/include/uapi/linux/netfilter_ipv6/ip6_tables.h index bf1ef65cc58..649c68062dc 100644 --- a/include/uapi/linux/netfilter_ipv6/ip6_tables.h +++ b/include/uapi/linux/netfilter_ipv6/ip6_tables.h @@ -178,6 +178,9 @@ struct ip6t_error { #define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) #define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET +/* obtain original address if REDIRECT'd connection */ +#define IP6T_SO_ORIGINAL_DST 80 + /* ICMP matching stuff */ struct ip6t_icmp { __u8 type; /* type to match */ |