Patch iptables for use with HA kernel patch (XFRM hooks)
[strongswan.git] / testing / scripts / recipes / patches / iptables-xfrm-hooks
1 From 4553ba0130bb9f0aa266cc1e4c3288a52f34eed6 Mon Sep 17 00:00:00 2001
2 From: Martin Willi <martin@revosec.ch>
3 Date: Wed, 7 Apr 2010 11:40:15 +0200
4 Subject: [PATCH] Added XFRM hooks to iptables headers
5
6 ---
7  include/linux/netfilter.h      |    2 ++
8  include/linux/netfilter_ipv4.h |    6 +++++-
9  include/linux/netfilter_ipv6.h |    6 +++++-
10  3 files changed, 12 insertions(+), 2 deletions(-)
11
12 diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
13 index 2eb00b6..b692c67 100644
14 --- a/include/linux/netfilter.h
15 +++ b/include/linux/netfilter.h
16 @@ -35,6 +35,8 @@ enum nf_inet_hooks {
17         NF_INET_FORWARD,
18         NF_INET_LOCAL_OUT,
19         NF_INET_POST_ROUTING,
20 +       NF_INET_XFRM_IN,
21 +       NF_INET_XFRM_OUT,
22         NF_INET_NUMHOOKS
23  };
24  
25 diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h
26 index 4d7ba3e..28d3ca9 100644
27 --- a/include/linux/netfilter_ipv4.h
28 +++ b/include/linux/netfilter_ipv4.h
29 @@ -47,7 +47,11 @@
30  #define NF_IP_LOCAL_OUT                3
31  /* Packets about to hit the wire. */
32  #define NF_IP_POST_ROUTING     4
33 -#define NF_IP_NUMHOOKS         5
34 +/* Packets going into XFRM input transformation. */
35 +#define NF_IP_XFRM_IN          5
36 +/* Packets going into XFRM output transformation. */
37 +#define NF_IP_XFRM_OUT         6
38 +#define NF_IP_NUMHOOKS         7
39  
40  enum nf_ip_hook_priorities {
41         NF_IP_PRI_FIRST = INT_MIN,
42 diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
43 index 7430b39..18590a5 100644
44 --- a/include/linux/netfilter_ipv6.h
45 +++ b/include/linux/netfilter_ipv6.h
46 @@ -51,7 +51,11 @@
47  #define NF_IP6_LOCAL_OUT               3
48  /* Packets about to hit the wire. */
49  #define NF_IP6_POST_ROUTING    4
50 -#define NF_IP6_NUMHOOKS                5
51 +/* Packets going into XFRM input transformation. */
52 +#define NF_IP6_XFRM_IN         5
53 +/* Packets going into XFRM output transformation. */
54 +#define NF_IP6_XFRM_OUT                6
55 +#define NF_IP6_NUMHOOKS                7
56  
57  
58  enum nf_ip6_hook_priorities {
59 -- 
60 1.6.3.3
61