iptables: fix regression with unintended free in need_protomatch

[project/firewall3.git] / options.h

diff --git a/options.h b/options.h
index dcce64425b96ab715f2e829c59ff83f28e366e13..e20c89b064b5f2c5092dde73bf4fcfcb9a42fe41 100644 (file)
--- a/options.h
+++ b/options.h
@@ -73,21 +73,31 @@ enum fw3_flag
        FW3_FLAG_NOTRACK       = 9,
        FW3_FLAG_HELPER        = 10,
        FW3_FLAG_MARK          = 11,
-       FW3_FLAG_DNAT          = 12,
-       FW3_FLAG_SNAT          = 13,
-       FW3_FLAG_MASQUERADE    = 14,
-       FW3_FLAG_SRC_ACCEPT    = 15,
-       FW3_FLAG_SRC_REJECT    = 16,
-       FW3_FLAG_SRC_DROP      = 17,
-       FW3_FLAG_CUSTOM_CHAINS = 18,
-       FW3_FLAG_SYN_FLOOD     = 19,
-       FW3_FLAG_MTU_FIX       = 20,
-       FW3_FLAG_DROP_INVALID  = 21,
-       FW3_FLAG_HOTPLUG       = 22,
+       FW3_FLAG_DSCP          = 12,
+       FW3_FLAG_DNAT          = 13,
+       FW3_FLAG_SNAT          = 14,
+       FW3_FLAG_MASQUERADE    = 15,
+       FW3_FLAG_SRC_ACCEPT    = 16,
+       FW3_FLAG_SRC_REJECT    = 17,
+       FW3_FLAG_SRC_DROP      = 18,
+       FW3_FLAG_CUSTOM_CHAINS = 19,
+       FW3_FLAG_SYN_FLOOD     = 20,
+       FW3_FLAG_MTU_FIX       = 21,
+       FW3_FLAG_DROP_INVALID  = 22,
+       FW3_FLAG_HOTPLUG       = 23,
 
        __FW3_FLAG_MAX
 };
 
+enum fw3_reject_code
+{
+       FW3_REJECT_CODE_TCP_RESET      = 0,
+       FW3_REJECT_CODE_PORT_UNREACH   = 1,
+       FW3_REJECT_CODE_ADM_PROHIBITED = 2,
+
+       __FW3_REJECT_CODE_MAX
+};
+
 extern const char *fw3_flag_names[__FW3_FLAG_MAX];
 
 
@@ -259,6 +269,13 @@ struct fw3_mark
        uint32_t mask;
 };
 
+struct fw3_dscp
+{
+       bool set;
+       bool invert;
+       uint8_t dscp;
+};
+
 struct fw3_cthelpermatch
 {
        struct list_head list;
@@ -276,6 +293,8 @@ struct fw3_defaults
        enum fw3_flag policy_forward;
 
        bool drop_invalid;
+       enum fw3_reject_code tcp_reject_code;
+       enum fw3_reject_code any_reject_code;
 
        bool syn_flood;
        struct fw3_limit syn_flood_rate;
@@ -290,6 +309,7 @@ struct fw3_defaults
        bool custom_chains;
        bool auto_helper;
        bool flow_offloading;
+       bool flow_offloading_hw;
 
        bool disable_ipv6;
 
@@ -370,10 +390,12 @@ struct fw3_rule
        struct fw3_limit limit;
        struct fw3_time time;
        struct fw3_mark mark;
+       struct fw3_dscp dscp;
 
        enum fw3_flag target;
        struct fw3_mark set_mark;
        struct fw3_mark set_xmark;
+       struct fw3_dscp set_dscp;
        struct fw3_cthelpermatch set_helper;
 
        const char *extra;
@@ -419,6 +441,7 @@ struct fw3_redirect
        bool local;
        bool reflection;
        enum fw3_reflection_source reflection_src;
+       struct list_head reflection_zones;
 };
 
 struct fw3_snat
@@ -479,6 +502,10 @@ struct fw3_ipset
        struct list_head list;
 
        bool enabled;
+       bool reload_set;
+       bool counters;
+       bool comment;
+
        const char *name;
        enum fw3_family family;
 
@@ -525,7 +552,7 @@ struct fw3_cthelper
        const char *module;
        const char *description;
        enum fw3_family family;
-       struct fw3_protocol proto;
+       struct list_head proto;
        struct fw3_port port;
 };
 
@@ -579,6 +606,7 @@ bool fw3_parse_bool(void *ptr, const char *val, bool is_list);
 bool fw3_parse_int(void *ptr, const char *val, bool is_list);
 bool fw3_parse_string(void *ptr, const char *val, bool is_list);
 bool fw3_parse_target(void *ptr, const char *val, bool is_list);
+bool fw3_parse_reject_code(void *ptr, const char *val, bool is_list);
 bool fw3_parse_limit(void *ptr, const char *val, bool is_list);
 bool fw3_parse_device(void *ptr, const char *val, bool is_list);
 bool fw3_parse_address(void *ptr, const char *val, bool is_list);
@@ -600,6 +628,7 @@ bool fw3_parse_time(void *ptr, const char *val, bool is_list);
 bool fw3_parse_weekdays(void *ptr, const char *val, bool is_list);
 bool fw3_parse_monthdays(void *ptr, const char *val, bool is_list);
 bool fw3_parse_mark(void *ptr, const char *val, bool is_list);
+bool fw3_parse_dscp(void *ptr, const char *val, bool is_list);
 bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list);
 bool fw3_parse_direction(void *ptr, const char *val, bool is_list);
 bool fw3_parse_cthelper(void *ptr, const char *val, bool is_list);