Extension revision number support (if kernel supports the getsockopts).
Enhance MARK match with second revision.
Committed in anticipation of the kernel patch being applied.
diff --git a/include/iptables.h b/include/iptables.h
index 6d997f7..25f36ae 100644
--- a/include/iptables.h
+++ b/include/iptables.h
@@ -12,6 +12,18 @@
#define IPPROTO_SCTP 132
#endif
+#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */
+#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2)
+#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3)
+
+struct ipt_get_revision
+{
+ char name[IPT_FUNCTION_MAXNAMELEN-1];
+
+ u_int8_t revision;
+};
+#endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */
+
struct iptables_rule_match
{
struct iptables_rule_match *next;
@@ -26,6 +38,9 @@
ipt_chainlabel name;
+ /* Revision of match (0 by default). */
+ u_int8_t revision;
+
const char *version;
/* Size of match data. */
@@ -76,6 +91,9 @@
ipt_chainlabel name;
+ /* Revision of target (0 by default). */
+ u_int8_t revision;
+
const char *version;
/* Size of target data. */