Linus, please apply. It adds the required definition, and removes the
CAP_NET_PERM test (my modules do their own checks where appropriate in
the latest netfilter release).
> P.S.: rusty, your netwinder arrived. thanks a lot.
It was worth $25 postage to get the *&%! thing out of my sight. Good
luck with it. 8-)
--- linux-2.3/net/core/netfilter.c.~5~ Fri Sep 17 06:56:35 1999
+++ linux-2.3/net/core/netfilter.c Mon Oct 4 12:59:37 1999
@@ -311,9 +311,6 @@
struct list_head *i;
int ret;
- if (!capable(CAP_NET_ADMIN))
- return -EPERM;
-
if (down_interruptible(&nf_sockopt_mutex) != 0)
return -EINTR;
--- linux-2.3/include/linux/netfilter.h.~3~ Wed Sep 29 16:14:54 1999
+++ linux-2.3/include/linux/netfilter.h Mon Oct 4 12:57:59 1999
@@ -77,7 +77,8 @@
int nf_register_hook(struct nf_hook_ops *reg);
void nf_unregister_hook(struct nf_hook_ops *reg);
-/* Functions to register get/setsockopt ranges (non-inclusive). */
+/* Functions to register get/setsockopt ranges (non-inclusive). You
+ need to check permissions yourself! */
int nf_register_sockopt(struct nf_sockopt_ops *reg);
void nf_unregister_sockopt(struct nf_sockopt_ops *reg);
--- linux-2.3/include/linux/netfilter_ipv4.h.~2~ Wed Sep 29 16:14:54 1999
+++ linux-2.3/include/linux/netfilter_ipv4.h Mon Oct 4 12:58:20 1999
@@ -58,4 +58,10 @@
#endif /*__KERNEL__*/
#endif /*CONFIG_NETFILTER_DEBUG*/
+/* Arguments for setsockopt SOL_IP: */
+/* 2.0 firewalling went from 64 through 71 (and +256, +512, etc). */
+/* 2.2 firewalling (+ masq) went from 64 through 76 */
+/* 2.4 firewalling went 64 through 67. */
+#define SO_ORIGINAL_DST 80
+
#endif /*__LINUX_IP_NETFILTER_H*/
-- Hacking time.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/