aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@computergmbh.de>2008-01-15 02:42:47 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 18:02:27 -0500
commitf72e25a897c7edda03a0e1f767925d98772684da (patch)
treefb64cfbee8ba3000931e99f0fe5c464abb8f5ace
parent2ae15b64e6a1608c840c60df38e8e5eef7b2b8c3 (diff)
[NETFILTER]: Rename ipt_iprange to xt_iprange
This patch moves ipt_iprange to xt_iprange, in preparation for adding IPv6 support to xt_iprange. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/linux/netfilter/Kbuild1
-rw-r--r--include/linux/netfilter/xt_iprange.h17
-rw-r--r--include/linux/netfilter_ipv4/ipt_iprange.h6
-rw-r--r--net/ipv4/netfilter/Kconfig10
-rw-r--r--net/ipv4/netfilter/Makefile1
-rw-r--r--net/netfilter/Kconfig11
-rw-r--r--net/netfilter/Makefile1
-rw-r--r--net/netfilter/xt_iprange.c (renamed from net/ipv4/netfilter/ipt_iprange.c)27
8 files changed, 44 insertions, 30 deletions
diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index ac9e6429f747..91fef0cae42f 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -21,6 +21,7 @@ header-y += xt_dccp.h
21header-y += xt_dscp.h 21header-y += xt_dscp.h
22header-y += xt_esp.h 22header-y += xt_esp.h
23header-y += xt_hashlimit.h 23header-y += xt_hashlimit.h
24header-y += xt_iprange.h
24header-y += xt_helper.h 25header-y += xt_helper.h
25header-y += xt_length.h 26header-y += xt_length.h
26header-y += xt_limit.h 27header-y += xt_limit.h
diff --git a/include/linux/netfilter/xt_iprange.h b/include/linux/netfilter/xt_iprange.h
new file mode 100644
index 000000000000..a4299c7d3680
--- /dev/null
+++ b/include/linux/netfilter/xt_iprange.h
@@ -0,0 +1,17 @@
1#ifndef _LINUX_NETFILTER_XT_IPRANGE_H
2#define _LINUX_NETFILTER_XT_IPRANGE_H 1
3
4enum {
5 IPRANGE_SRC = 1 << 0, /* match source IP address */
6 IPRANGE_DST = 1 << 1, /* match destination IP address */
7 IPRANGE_SRC_INV = 1 << 4, /* negate the condition */
8 IPRANGE_DST_INV = 1 << 5, /* -"- */
9};
10
11struct xt_iprange_mtinfo {
12 union nf_inet_addr src_min, src_max;
13 union nf_inet_addr dst_min, dst_max;
14 u_int8_t flags;
15};
16
17#endif /* _LINUX_NETFILTER_XT_IPRANGE_H */
diff --git a/include/linux/netfilter_ipv4/ipt_iprange.h b/include/linux/netfilter_ipv4/ipt_iprange.h
index a92fefc3c7ec..5f1aebde4d2f 100644
--- a/include/linux/netfilter_ipv4/ipt_iprange.h
+++ b/include/linux/netfilter_ipv4/ipt_iprange.h
@@ -2,11 +2,7 @@
2#define _IPT_IPRANGE_H 2#define _IPT_IPRANGE_H
3 3
4#include <linux/types.h> 4#include <linux/types.h>
5 5#include <linux/netfilter/xt_iprange.h>
6#define IPRANGE_SRC 0x01 /* Match source IP address */
7#define IPRANGE_DST 0x02 /* Match destination IP address */
8#define IPRANGE_SRC_INV 0x10 /* Negate the condition */
9#define IPRANGE_DST_INV 0x20 /* Negate the condition */
10 6
11struct ipt_iprange { 7struct ipt_iprange {
12 /* Inclusive: network order. */ 8 /* Inclusive: network order. */
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 10ca307b8499..9a077cb24798 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -57,16 +57,6 @@ config IP_NF_IPTABLES
57 To compile it as a module, choose M here. If unsure, say N. 57 To compile it as a module, choose M here. If unsure, say N.
58 58
59# The matches. 59# The matches.
60config IP_NF_MATCH_IPRANGE
61 tristate '"iprange" match support'
62 depends on IP_NF_IPTABLES
63 depends on NETFILTER_ADVANCED
64 help
65 This option makes possible to match IP addresses against IP address
66 ranges.
67
68 To compile it as a module, choose M here. If unsure, say N.
69
70config IP_NF_MATCH_RECENT 60config IP_NF_MATCH_RECENT
71 tristate '"recent" match support' 61 tristate '"recent" match support'
72 depends on IP_NF_IPTABLES 62 depends on IP_NF_IPTABLES
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index fd7d4a5b436c..0c7dc78a62e9 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -44,7 +44,6 @@ obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
44obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o 44obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
45obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o 45obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
46obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o 46obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
47obj-$(CONFIG_IP_NF_MATCH_IPRANGE) += ipt_iprange.o
48obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o 47obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
49obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o 48obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
50 49
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 79d71437e310..daf5b881064d 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -567,6 +567,17 @@ config NETFILTER_XT_MATCH_HELPER
567 567
568 To compile it as a module, choose M here. If unsure, say Y. 568 To compile it as a module, choose M here. If unsure, say Y.
569 569
570config NETFILTER_XT_MATCH_IPRANGE
571 tristate '"iprange" address range match support'
572 depends on NETFILTER_XTABLES
573 depends on NETFILTER_ADVANCED
574 ---help---
575 This option adds a "iprange" match, which allows you to match based on
576 an IP address range. (Normal iptables only matches on single addresses
577 with an optional mask.)
578
579 If unsure, say M.
580
570config NETFILTER_XT_MATCH_LENGTH 581config NETFILTER_XT_MATCH_LENGTH
571 tristate '"length" match support' 582 tristate '"length" match support'
572 depends on NETFILTER_XTABLES 583 depends on NETFILTER_XTABLES
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 3b9ea8fb3a07..c910caee0d4f 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -63,6 +63,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o
63obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o 63obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o
64obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o 64obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
65obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o 65obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
66obj-$(CONFIG_NETFILTER_XT_MATCH_IPRANGE) += xt_iprange.o
66obj-$(CONFIG_NETFILTER_XT_MATCH_LENGTH) += xt_length.o 67obj-$(CONFIG_NETFILTER_XT_MATCH_LENGTH) += xt_length.o
67obj-$(CONFIG_NETFILTER_XT_MATCH_LIMIT) += xt_limit.o 68obj-$(CONFIG_NETFILTER_XT_MATCH_LIMIT) += xt_limit.o
68obj-$(CONFIG_NETFILTER_XT_MATCH_MAC) += xt_mac.o 69obj-$(CONFIG_NETFILTER_XT_MATCH_MAC) += xt_mac.o
diff --git a/net/ipv4/netfilter/ipt_iprange.c b/net/netfilter/xt_iprange.c
index 9a2aba816c9b..c57a6cf8a081 100644
--- a/net/ipv4/netfilter/ipt_iprange.c
+++ b/net/netfilter/xt_iprange.c
@@ -1,11 +1,11 @@
1/* 1/*
2 * iptables module to match IP address ranges 2 * xt_iprange - Netfilter module to match IP address ranges
3 * 3 *
4 * (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 4 * (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
5 * 5 *
6 * This program is free software; you can redistribute it and/or modify 6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as 7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation. 8 * published by the Free Software Foundation.
9 */ 9 */
10#include <linux/module.h> 10#include <linux/module.h>
11#include <linux/skbuff.h> 11#include <linux/skbuff.h>
@@ -13,15 +13,11 @@
13#include <linux/netfilter/x_tables.h> 13#include <linux/netfilter/x_tables.h>
14#include <linux/netfilter_ipv4/ipt_iprange.h> 14#include <linux/netfilter_ipv4/ipt_iprange.h>
15 15
16MODULE_LICENSE("GPL");
17MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
18MODULE_DESCRIPTION("Xtables: arbitrary IPv4 range matching");
19
20static bool 16static bool
21iprange_mt(const struct sk_buff *skb, const struct net_device *in, 17iprange_mt_v0(const struct sk_buff *skb, const struct net_device *in,
22 const struct net_device *out, const struct xt_match *match, 18 const struct net_device *out, const struct xt_match *match,
23 const void *matchinfo, int offset, unsigned int protoff, 19 const void *matchinfo, int offset, unsigned int protoff,
24 bool *hotdrop) 20 bool *hotdrop)
25{ 21{
26 const struct ipt_iprange_info *info = matchinfo; 22 const struct ipt_iprange_info *info = matchinfo;
27 const struct iphdr *iph = ip_hdr(skb); 23 const struct iphdr *iph = ip_hdr(skb);
@@ -58,7 +54,7 @@ iprange_mt(const struct sk_buff *skb, const struct net_device *in,
58static struct xt_match iprange_mt_reg __read_mostly = { 54static struct xt_match iprange_mt_reg __read_mostly = {
59 .name = "iprange", 55 .name = "iprange",
60 .family = AF_INET, 56 .family = AF_INET,
61 .match = iprange_mt, 57 .match = iprange_mt_v0,
62 .matchsize = sizeof(struct ipt_iprange_info), 58 .matchsize = sizeof(struct ipt_iprange_info),
63 .me = THIS_MODULE 59 .me = THIS_MODULE
64}; 60};
@@ -75,3 +71,6 @@ static void __exit iprange_mt_exit(void)
75 71
76module_init(iprange_mt_init); 72module_init(iprange_mt_init);
77module_exit(iprange_mt_exit); 73module_exit(iprange_mt_exit);
74MODULE_LICENSE("GPL");
75MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
76MODULE_DESCRIPTION("Xtables: arbitrary IPv4 range matching");