diff options
| author | Harald Welte <laforge@netfilter.org> | 2005-08-09 22:44:15 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2005-08-29 18:36:56 -0400 |
| commit | 7af4cc3fa158ff1dda6e7451c7e6afa6b0bb85cb (patch) | |
| tree | 752acd1f26063b23e5629124ee0a33078d2fb9a1 /net/ipv6 | |
| parent | 0ab43f84995f2c2fcc5cc58a9accaa1095e1317f (diff) | |
[NETFILTER]: Add "nfnetlink_queue" netfilter queue handler over nfnetlink
- Add new nfnetlink_queue module
- Add new ipt_NFQUEUE and ip6t_NFQUEUE modules to access queue numbers 1-65535
- Mark ip_queue and ip6_queue Kconfig options as OBSOLETE
- Update feature-removal-schedule to remove ip[6]_queue in December
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/Kconfig | 11 | ||||
| -rw-r--r-- | net/ipv6/netfilter/Makefile | 1 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_NFQUEUE.c | 70 |
3 files changed, 78 insertions, 4 deletions
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig index 77ec704c9ee3..cd1551983c63 100644 --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig | |||
| @@ -10,13 +10,16 @@ menu "IPv6: Netfilter Configuration (EXPERIMENTAL)" | |||
| 10 | # dep_tristate ' FTP protocol support' CONFIG_IP6_NF_FTP $CONFIG_IP6_NF_CONNTRACK | 10 | # dep_tristate ' FTP protocol support' CONFIG_IP6_NF_FTP $CONFIG_IP6_NF_CONNTRACK |
| 11 | #fi | 11 | #fi |
| 12 | config IP6_NF_QUEUE | 12 | config IP6_NF_QUEUE |
| 13 | tristate "Userspace queueing via NETLINK" | 13 | tristate "IP6 Userspace queueing via NETLINK (OBSOLETE)" |
| 14 | ---help--- | 14 | ---help--- |
| 15 | 15 | ||
| 16 | This option adds a queue handler to the kernel for IPv6 | 16 | This option adds a queue handler to the kernel for IPv6 |
| 17 | packets which lets us to receive the filtered packets | 17 | packets which enables users to receive the filtered packets |
| 18 | with QUEUE target using libiptc as we can do with | 18 | with QUEUE target using libipq. |
| 19 | the IPv4 now. | 19 | |
| 20 | THis option enables the old IPv6-only "ip6_queue" implementation | ||
| 21 | which has been obsoleted by the new "nfnetlink_queue" code (see | ||
| 22 | CONFIG_NETFILTER_NETLINK_QUEUE). | ||
| 20 | 23 | ||
| 21 | (C) Fernando Anton 2001 | 24 | (C) Fernando Anton 2001 |
| 22 | IPv64 Project - Work based in IPv64 draft by Arturo Azcorra. | 25 | IPv64 Project - Work based in IPv64 draft by Arturo Azcorra. |
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile index 2e51714953b6..847651dbcd2a 100644 --- a/net/ipv6/netfilter/Makefile +++ b/net/ipv6/netfilter/Makefile | |||
| @@ -24,3 +24,4 @@ obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o | |||
| 24 | obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o | 24 | obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o |
| 25 | obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o | 25 | obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o |
| 26 | obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o | 26 | obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o |
| 27 | obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += ip6t_NFQUEUE.o | ||
diff --git a/net/ipv6/netfilter/ip6t_NFQUEUE.c b/net/ipv6/netfilter/ip6t_NFQUEUE.c new file mode 100644 index 000000000000..c6e3730e7409 --- /dev/null +++ b/net/ipv6/netfilter/ip6t_NFQUEUE.c | |||
| @@ -0,0 +1,70 @@ | |||
| 1 | /* ip6tables module for using new netfilter netlink queue | ||
| 2 | * | ||
| 3 | * (C) 2005 by Harald Welte <laforge@netfilter.org> | ||
| 4 | * | ||
| 5 | * This program is free software; you can redistribute it and/or modify | ||
| 6 | * it under the terms of the GNU General Public License version 2 as | ||
| 7 | * published by the Free Software Foundation. | ||
| 8 | * | ||
| 9 | */ | ||
| 10 | |||
| 11 | #include <linux/module.h> | ||
| 12 | #include <linux/skbuff.h> | ||
| 13 | |||
| 14 | #include <linux/netfilter.h> | ||
| 15 | #include <linux/netfilter_ipv6/ip6_tables.h> | ||
| 16 | #include <linux/netfilter_ipv4/ipt_NFQUEUE.h> | ||
| 17 | |||
| 18 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | ||
| 19 | MODULE_DESCRIPTION("ip6tables NFQUEUE target"); | ||
| 20 | MODULE_LICENSE("GPL"); | ||
| 21 | |||
| 22 | static unsigned int | ||
| 23 | target(struct sk_buff **pskb, | ||
| 24 | const struct net_device *in, | ||
| 25 | const struct net_device *out, | ||
| 26 | unsigned int hooknum, | ||
| 27 | const void *targinfo, | ||
| 28 | void *userinfo) | ||
| 29 | { | ||
| 30 | const struct ipt_NFQ_info *tinfo = targinfo; | ||
| 31 | |||
| 32 | return NF_QUEUE_NR(tinfo->queuenum); | ||
| 33 | } | ||
| 34 | |||
| 35 | static int | ||
| 36 | checkentry(const char *tablename, | ||
| 37 | const struct ip6t_entry *e, | ||
| 38 | void *targinfo, | ||
| 39 | unsigned int targinfosize, | ||
| 40 | unsigned int hook_mask) | ||
| 41 | { | ||
| 42 | if (targinfosize != IP6T_ALIGN(sizeof(struct ipt_NFQ_info))) { | ||
| 43 | printk(KERN_WARNING "NFQUEUE: targinfosize %u != %Zu\n", | ||
| 44 | targinfosize, | ||
| 45 | IP6T_ALIGN(sizeof(struct ipt_NFQ_info))); | ||
| 46 | return 0; | ||
| 47 | } | ||
| 48 | |||
| 49 | return 1; | ||
| 50 | } | ||
| 51 | |||
| 52 | static struct ip6t_target ipt_NFQ_reg = { | ||
| 53 | .name = "NFQUEUE", | ||
| 54 | .target = target, | ||
| 55 | .checkentry = checkentry, | ||
| 56 | .me = THIS_MODULE, | ||
| 57 | }; | ||
| 58 | |||
| 59 | static int __init init(void) | ||
| 60 | { | ||
| 61 | return ip6t_register_target(&ipt_NFQ_reg); | ||
| 62 | } | ||
| 63 | |||
| 64 | static void __exit fini(void) | ||
| 65 | { | ||
| 66 | ip6t_unregister_target(&ipt_NFQ_reg); | ||
| 67 | } | ||
| 68 | |||
| 69 | module_init(init); | ||
| 70 | module_exit(fini); | ||