[NETFILTER]: Add "nfnetlink_queue" netfilter queue handler over nfnetlink

- Add new nfnetlink_queue module - Add new ipt_NFQUEUE and ip6t_NFQUEUE modules to access queue numbers 1-65535 - Mark ip_queue and ip6_queue Kconfig options as OBSOLETE - Update feature-removal-schedule to remove ip[6]_queue in December Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Harald Welte <laforge@netfilter.org> 2005-08-09 22:44:15 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2005-08-29 18:36:56 -0400
commit: 7af4cc3fa158ff1dda6e7451c7e6afa6b0bb85cb (patch)
tree: 752acd1f26063b23e5629124ee0a33078d2fb9a1 /net/ipv4
parent: 0ab43f84995f2c2fcc5cc58a9accaa1095e1317f (diff)
3 files changed, 76 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index e47ba39eb657..2fa26a41fa47 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -110,11 +110,15 @@ config IP_NF_AMANDA
          To compile it as a module, choose M here.  If unsure, say Y.
 config IP_NF_QUEUE
-        tristate "Userspace queueing via NETLINK"
+        tristate "IP Userspace queueing via NETLINK (OBSOLETE)"
        help
          Netfilter has the ability to queue packets to user space: the
          netlink device can be used to access them using this driver.
+          This option enables the old IPv4-only "ip_queue" implementation
+          which has been obsoleted by the new "nfnetlink_queue" code (see
+          CONFIG_NETFILTER_NETLINK_QUEUE).
          To compile it as a module, choose M here.  If unsure, say N.
 config IP_NF_IPTABLES
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index abf2a7d1a584..c2ae663b723f 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -91,3 +91,4 @@ obj-$(CONFIG_IP_NF_ARP_MANGLE) += arpt_mangle.o
 obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o
 obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o
+obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += ipt_NFQUEUE.o
diff --git a/net/ipv4/netfilter/ipt_NFQUEUE.c b/net/ipv4/netfilter/ipt_NFQUEUE.c
new file mode 100644
index 000000000000..3cedc9be8807
--- /dev/null
+++ b/net/ipv4/netfilter/ipt_NFQUEUE.c
@@ -0,0 +1,70 @@
+/* iptables module for using new netfilter netlink queue
+ *
+ * (C) 2005 by Harald Welte <laforge@netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as 
+ * published by the Free Software Foundation.
+ * 
+ */
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
+MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
+MODULE_DESCRIPTION("iptables NFQUEUE target");
+MODULE_LICENSE("GPL");
+static unsigned int
+target(struct sk_buff **pskb,
+       const struct net_device *in,
+       const struct net_device *out,
+       unsigned int hooknum,
+       const void *targinfo,
+       void *userinfo)
+{
+        const struct ipt_NFQ_info *tinfo = targinfo;
+        return NF_QUEUE_NR(tinfo->queuenum);
+}
+static int
+checkentry(const char *tablename,
+           const struct ipt_entry *e,
+           void *targinfo,
+           unsigned int targinfosize,
+           unsigned int hook_mask)
+{
+        if (targinfosize != IPT_ALIGN(sizeof(struct ipt_NFQ_info))) {
+                printk(KERN_WARNING "NFQUEUE: targinfosize %u != %Zu\n",
+                       targinfosize,
+                       IPT_ALIGN(sizeof(struct ipt_NFQ_info)));
+                return 0;
+        }
+        return 1;
+}
+static struct ipt_target ipt_NFQ_reg = {
+        .name           = "NFQUEUE",
+        .target         = target,
+        .checkentry     = checkentry,
+        .me             = THIS_MODULE,
+};
+static int __init init(void)
+{
+        return ipt_register_target(&ipt_NFQ_reg);
+}
+static void __exit fini(void)
+{
+        ipt_unregister_target(&ipt_NFQ_reg);
+}
+module_init(init);
+module_exit(fini);
author	Harald Welte <laforge@netfilter.org>	2005-08-09 22:44:15 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2005-08-29 18:36:56 -0400
commit	7af4cc3fa158ff1dda6e7451c7e6afa6b0bb85cb (patch)
tree	752acd1f26063b23e5629124ee0a33078d2fb9a1 /net/ipv4
parent	0ab43f84995f2c2fcc5cc58a9accaa1095e1317f (diff)

diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index e47ba39eb657..2fa26a41fa47 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig
@@ -110,11 +110,15 @@ config IP_NF_AMANDA
110	To compile it as a module, choose M here. If unsure, say Y.	110	To compile it as a module, choose M here. If unsure, say Y.
111		111
112	config IP_NF_QUEUE	112	config IP_NF_QUEUE
113	tristate "Userspace queueing via NETLINK"	113	tristate "IP Userspace queueing via NETLINK (OBSOLETE)"
114	help	114	help
115	Netfilter has the ability to queue packets to user space: the	115	Netfilter has the ability to queue packets to user space: the
116	netlink device can be used to access them using this driver.	116	netlink device can be used to access them using this driver.
117		117
		118	This option enables the old IPv4-only "ip_queue" implementation
		119	which has been obsoleted by the new "nfnetlink_queue" code (see
		120	CONFIG_NETFILTER_NETLINK_QUEUE).
		121
118	To compile it as a module, choose M here. If unsure, say N.	122	To compile it as a module, choose M here. If unsure, say N.
119		123
120	config IP_NF_IPTABLES	124	config IP_NF_IPTABLES


diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index abf2a7d1a584..c2ae663b723f 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile
@@ -91,3 +91,4 @@ obj-$(CONFIG_IP_NF_ARP_MANGLE) += arpt_mangle.o
91	obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o	91	obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o
92		92
93	obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o	93	obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o
		94	obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += ipt_NFQUEUE.o


diff --git a/net/ipv4/netfilter/ipt_NFQUEUE.c b/net/ipv4/netfilter/ipt_NFQUEUE.c new file mode 100644 index 000000000000..3cedc9be8807 --- /dev/null +++ b/net/ipv4/netfilter/ipt_NFQUEUE.c
@@ -0,0 +1,70 @@
		1	/* iptables module for using new netfilter netlink queue
		2	*
		3	* (C) 2005 by Harald Welte <laforge@netfilter.org>
		4	*
		5	* This program is free software; you can redistribute it and/or modify
		6	* it under the terms of the GNU General Public License version 2 as
		7	* published by the Free Software Foundation.
		8	*
		9	*/
		10
		11	#include <linux/module.h>
		12	#include <linux/skbuff.h>
		13
		14	#include <linux/netfilter.h>
		15	#include <linux/netfilter_ipv4/ip_tables.h>
		16	#include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
		17
		18	MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
		19	MODULE_DESCRIPTION("iptables NFQUEUE target");
		20	MODULE_LICENSE("GPL");
		21
		22	static unsigned int
		23	target(struct sk_buff **pskb,
		24	const struct net_device *in,
		25	const struct net_device *out,
		26	unsigned int hooknum,
		27	const void *targinfo,
		28	void *userinfo)
		29	{
		30	const struct ipt_NFQ_info *tinfo = targinfo;
		31
		32	return NF_QUEUE_NR(tinfo->queuenum);
		33	}
		34
		35	static int
		36	checkentry(const char *tablename,
		37	const struct ipt_entry *e,
		38	void *targinfo,
		39	unsigned int targinfosize,
		40	unsigned int hook_mask)
		41	{
		42	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_NFQ_info))) {
		43	printk(KERN_WARNING "NFQUEUE: targinfosize %u != %Zu\n",
		44	targinfosize,
		45	IPT_ALIGN(sizeof(struct ipt_NFQ_info)));
		46	return 0;
		47	}
		48
		49	return 1;
		50	}
		51
		52	static struct ipt_target ipt_NFQ_reg = {
		53	.name = "NFQUEUE",
		54	.target = target,
		55	.checkentry = checkentry,
		56	.me = THIS_MODULE,
		57	};
		58
		59	static int __init init(void)
		60	{
		61	return ipt_register_target(&ipt_NFQ_reg);
		62	}
		63
		64	static void __exit fini(void)
		65	{
		66	ipt_unregister_target(&ipt_NFQ_reg);
		67	}
		68
		69	module_init(init);
		70	module_exit(fini);