diff options
| author | Florian Westphal <fwestphal@astaro.com> | 2011-03-15 15:16:20 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2011-03-15 15:16:20 -0400 |
| commit | de81bbea17650769882bc625d6b5df11ee7c4b24 (patch) | |
| tree | 2e1250b7309977fc48b4f5b88f83959795f04591 /net/ipv4 | |
| parent | 6a8ab060779779de8aea92ce3337ca348f973f54 (diff) | |
netfilter: ipt_addrtype: rename to xt_addrtype
Followup patch will add ipv6 support.
ipt_addrtype.h is retained for compatibility reasons, but no longer used
by the kernel.
Signed-off-by: Florian Westphal <fwestphal@astaro.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/Kconfig | 10 | ||||
| -rw-r--r-- | net/ipv4/netfilter/Makefile | 1 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ipt_addrtype.c | 134 |
3 files changed, 0 insertions, 145 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index f926a310075d..1dfc18a03fd4 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
| @@ -64,16 +64,6 @@ config IP_NF_IPTABLES | |||
| 64 | if IP_NF_IPTABLES | 64 | if IP_NF_IPTABLES |
| 65 | 65 | ||
| 66 | # The matches. | 66 | # The matches. |
| 67 | config IP_NF_MATCH_ADDRTYPE | ||
| 68 | tristate '"addrtype" address type match support' | ||
| 69 | depends on NETFILTER_ADVANCED | ||
| 70 | help | ||
| 71 | This option allows you to match what routing thinks of an address, | ||
| 72 | eg. UNICAST, LOCAL, BROADCAST, ... | ||
| 73 | |||
| 74 | If you want to compile it as a module, say M here and read | ||
| 75 | <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. | ||
| 76 | |||
| 77 | config IP_NF_MATCH_AH | 67 | config IP_NF_MATCH_AH |
| 78 | tristate '"ah" match support' | 68 | tristate '"ah" match support' |
| 79 | depends on NETFILTER_ADVANCED | 69 | depends on NETFILTER_ADVANCED |
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 19eb59d01037..dca2082ec683 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile | |||
| @@ -48,7 +48,6 @@ obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o | |||
| 48 | obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o | 48 | obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o |
| 49 | 49 | ||
| 50 | # matches | 50 | # matches |
| 51 | obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o | ||
| 52 | obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o | 51 | obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o |
| 53 | obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o | 52 | obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o |
| 54 | 53 | ||
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c deleted file mode 100644 index db8bff0fb86d..000000000000 --- a/net/ipv4/netfilter/ipt_addrtype.c +++ /dev/null | |||
| @@ -1,134 +0,0 @@ | |||
| 1 | /* | ||
| 2 | * iptables module to match inet_addr_type() of an ip. | ||
| 3 | * | ||
| 4 | * Copyright (c) 2004 Patrick McHardy <kaber@trash.net> | ||
| 5 | * (C) 2007 Laszlo Attila Toth <panther@balabit.hu> | ||
| 6 | * | ||
| 7 | * This program is free software; you can redistribute it and/or modify | ||
| 8 | * it under the terms of the GNU General Public License version 2 as | ||
| 9 | * published by the Free Software Foundation. | ||
| 10 | */ | ||
| 11 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | ||
| 12 | #include <linux/kernel.h> | ||
| 13 | #include <linux/module.h> | ||
| 14 | #include <linux/skbuff.h> | ||
| 15 | #include <linux/netdevice.h> | ||
| 16 | #include <linux/ip.h> | ||
| 17 | #include <net/route.h> | ||
| 18 | |||
| 19 | #include <linux/netfilter_ipv4/ipt_addrtype.h> | ||
| 20 | #include <linux/netfilter/x_tables.h> | ||
| 21 | |||
| 22 | MODULE_LICENSE("GPL"); | ||
| 23 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | ||
| 24 | MODULE_DESCRIPTION("Xtables: address type match for IPv4"); | ||
| 25 | |||
| 26 | static inline bool match_type(struct net *net, const struct net_device *dev, | ||
| 27 | __be32 addr, u_int16_t mask) | ||
| 28 | { | ||
| 29 | return !!(mask & (1 << inet_dev_addr_type(net, dev, addr))); | ||
| 30 | } | ||
| 31 | |||
| 32 | static bool | ||
| 33 | addrtype_mt_v0(const struct sk_buff *skb, struct xt_action_param *par) | ||
| 34 | { | ||
| 35 | struct net *net = dev_net(par->in ? par->in : par->out); | ||
| 36 | const struct ipt_addrtype_info *info = par->matchinfo; | ||
| 37 | const struct iphdr *iph = ip_hdr(skb); | ||
| 38 | bool ret = true; | ||
| 39 | |||
| 40 | if (info->source) | ||
| 41 | ret &= match_type(net, NULL, iph->saddr, info->source) ^ | ||
| 42 | info->invert_source; | ||
| 43 | if (info->dest) | ||
| 44 | ret &= match_type(net, NULL, iph->daddr, info->dest) ^ | ||
| 45 | info->invert_dest; | ||
| 46 | |||
| 47 | return ret; | ||
| 48 | } | ||
| 49 | |||
| 50 | static bool | ||
| 51 | addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par) | ||
| 52 | { | ||
| 53 | struct net *net = dev_net(par->in ? par->in : par->out); | ||
| 54 | const struct ipt_addrtype_info_v1 *info = par->matchinfo; | ||
| 55 | const struct iphdr *iph = ip_hdr(skb); | ||
| 56 | const struct net_device *dev = NULL; | ||
| 57 | bool ret = true; | ||
| 58 | |||
| 59 | if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) | ||
| 60 | dev = par->in; | ||
| 61 | else if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) | ||
| 62 | dev = par->out; | ||
| 63 | |||
| 64 | if (info->source) | ||
| 65 | ret &= match_type(net, dev, iph->saddr, info->source) ^ | ||
| 66 | (info->flags & IPT_ADDRTYPE_INVERT_SOURCE); | ||
| 67 | if (ret && info->dest) | ||
| 68 | ret &= match_type(net, dev, iph->daddr, info->dest) ^ | ||
| 69 | !!(info->flags & IPT_ADDRTYPE_INVERT_DEST); | ||
| 70 | return ret; | ||
| 71 | } | ||
| 72 | |||
| 73 | static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par) | ||
| 74 | { | ||
| 75 | struct ipt_addrtype_info_v1 *info = par->matchinfo; | ||
| 76 | |||
| 77 | if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN && | ||
| 78 | info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) { | ||
| 79 | pr_info("both incoming and outgoing " | ||
| 80 | "interface limitation cannot be selected\n"); | ||
| 81 | return -EINVAL; | ||
| 82 | } | ||
| 83 | |||
| 84 | if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) | | ||
| 85 | (1 << NF_INET_LOCAL_IN)) && | ||
| 86 | info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) { | ||
| 87 | pr_info("output interface limitation " | ||
| 88 | "not valid in PREROUTING and INPUT\n"); | ||
| 89 | return -EINVAL; | ||
| 90 | } | ||
| 91 | |||
| 92 | if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) | | ||
| 93 | (1 << NF_INET_LOCAL_OUT)) && | ||
| 94 | info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) { | ||
| 95 | pr_info("input interface limitation " | ||
| 96 | "not valid in POSTROUTING and OUTPUT\n"); | ||
| 97 | return -EINVAL; | ||
| 98 | } | ||
| 99 | |||
| 100 | return 0; | ||
| 101 | } | ||
| 102 | |||
| 103 | static struct xt_match addrtype_mt_reg[] __read_mostly = { | ||
| 104 | { | ||
| 105 | .name = "addrtype", | ||
| 106 | .family = NFPROTO_IPV4, | ||
| 107 | .match = addrtype_mt_v0, | ||
| 108 | .matchsize = sizeof(struct ipt_addrtype_info), | ||
| 109 | .me = THIS_MODULE | ||
| 110 | }, | ||
| 111 | { | ||
| 112 | .name = "addrtype", | ||
| 113 | .family = NFPROTO_IPV4, | ||
| 114 | .revision = 1, | ||
| 115 | .match = addrtype_mt_v1, | ||
| 116 | .checkentry = addrtype_mt_checkentry_v1, | ||
| 117 | .matchsize = sizeof(struct ipt_addrtype_info_v1), | ||
| 118 | .me = THIS_MODULE | ||
| 119 | } | ||
| 120 | }; | ||
| 121 | |||
| 122 | static int __init addrtype_mt_init(void) | ||
| 123 | { | ||
| 124 | return xt_register_matches(addrtype_mt_reg, | ||
| 125 | ARRAY_SIZE(addrtype_mt_reg)); | ||
| 126 | } | ||
| 127 | |||
| 128 | static void __exit addrtype_mt_exit(void) | ||
| 129 | { | ||
| 130 | xt_unregister_matches(addrtype_mt_reg, ARRAY_SIZE(addrtype_mt_reg)); | ||
| 131 | } | ||
| 132 | |||
| 133 | module_init(addrtype_mt_init); | ||
| 134 | module_exit(addrtype_mt_exit); | ||