diff options
| author | Jan Engelhardt <jengelh@computergmbh.de> | 2008-10-08 05:35:00 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:00 -0400 |
| commit | e948b20a71a06a740c925d6ea22b59b4e17cfa0c (patch) | |
| tree | 6298c43d1b6aa424c47e1dec8dfd3d932b813dcc /net | |
| parent | 76108cea065cda58366d16a7eb6ca90d717a1396 (diff) | |
netfilter: rename ipt_recent to xt_recent
Like with other modules (such as ipt_state), ipt_recent.h is changed
to forward definitions to (IOW include) xt_recent.h, and xt_recent.c
is changed to use the new constant names.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/Kconfig | 13 | ||||
| -rw-r--r-- | net/ipv4/netfilter/Makefile | 1 | ||||
| -rw-r--r-- | net/netfilter/Kconfig | 11 | ||||
| -rw-r--r-- | net/netfilter/Makefile | 1 | ||||
| -rw-r--r-- | net/netfilter/xt_recent.c (renamed from net/ipv4/netfilter/ipt_recent.c) | 37 |
5 files changed, 31 insertions, 32 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 90eb7cb47e77..4e842d566428 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
| @@ -57,19 +57,6 @@ config IP_NF_IPTABLES | |||
| 57 | To compile it as a module, choose M here. If unsure, say N. | 57 | To compile it as a module, choose M here. If unsure, say N. |
| 58 | 58 | ||
| 59 | # The matches. | 59 | # The matches. |
| 60 | config IP_NF_MATCH_RECENT | ||
| 61 | tristate '"recent" match support' | ||
| 62 | depends on IP_NF_IPTABLES | ||
| 63 | depends on NETFILTER_ADVANCED | ||
| 64 | help | ||
| 65 | This match is used for creating one or many lists of recently | ||
| 66 | used addresses and then matching against that/those list(s). | ||
| 67 | |||
| 68 | Short options are available by using 'iptables -m recent -h' | ||
| 69 | Official Website: <http://snowman.net/projects/ipt_recent/> | ||
| 70 | |||
| 71 | To compile it as a module, choose M here. If unsure, say N. | ||
| 72 | |||
| 73 | config IP_NF_MATCH_ECN | 60 | config IP_NF_MATCH_ECN |
| 74 | tristate '"ecn" match support' | 61 | tristate '"ecn" match support' |
| 75 | depends on IP_NF_IPTABLES | 62 | depends on IP_NF_IPTABLES |
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 3f31291f37ce..1107edbe478f 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile | |||
| @@ -48,7 +48,6 @@ obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o | |||
| 48 | obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o | 48 | obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o |
| 49 | obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o | 49 | obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o |
| 50 | obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o | 50 | obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o |
| 51 | obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o | ||
| 52 | obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o | 51 | obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o |
| 53 | 52 | ||
| 54 | # targets | 53 | # targets |
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index ee898e74808d..ccc78b07a1a4 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
| @@ -732,6 +732,17 @@ config NETFILTER_XT_MATCH_REALM | |||
| 732 | If you want to compile it as a module, say M here and read | 732 | If you want to compile it as a module, say M here and read |
| 733 | <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. | 733 | <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. |
| 734 | 734 | ||
| 735 | config NETFILTER_XT_MATCH_RECENT | ||
| 736 | tristate '"recent" match support' | ||
| 737 | depends on NETFILTER_XTABLES | ||
| 738 | depends on NETFILTER_ADVANCED | ||
| 739 | ---help--- | ||
| 740 | This match is used for creating one or many lists of recently | ||
| 741 | used addresses and then matching against that/those list(s). | ||
| 742 | |||
| 743 | Short options are available by using 'iptables -m recent -h' | ||
| 744 | Official Website: <http://snowman.net/projects/ipt_recent/> | ||
| 745 | |||
| 735 | config NETFILTER_XT_MATCH_SCTP | 746 | config NETFILTER_XT_MATCH_SCTP |
| 736 | tristate '"sctp" protocol match support (EXPERIMENTAL)' | 747 | tristate '"sctp" protocol match support (EXPERIMENTAL)' |
| 737 | depends on NETFILTER_XTABLES && EXPERIMENTAL | 748 | depends on NETFILTER_XTABLES && EXPERIMENTAL |
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile index 3bd2cc556aea..f101cf61e6f8 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile | |||
| @@ -76,6 +76,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_POLICY) += xt_policy.o | |||
| 76 | obj-$(CONFIG_NETFILTER_XT_MATCH_QUOTA) += xt_quota.o | 76 | obj-$(CONFIG_NETFILTER_XT_MATCH_QUOTA) += xt_quota.o |
| 77 | obj-$(CONFIG_NETFILTER_XT_MATCH_RATEEST) += xt_rateest.o | 77 | obj-$(CONFIG_NETFILTER_XT_MATCH_RATEEST) += xt_rateest.o |
| 78 | obj-$(CONFIG_NETFILTER_XT_MATCH_REALM) += xt_realm.o | 78 | obj-$(CONFIG_NETFILTER_XT_MATCH_REALM) += xt_realm.o |
| 79 | obj-$(CONFIG_NETFILTER_XT_MATCH_RECENT) += xt_recent.o | ||
| 79 | obj-$(CONFIG_NETFILTER_XT_MATCH_SCTP) += xt_sctp.o | 80 | obj-$(CONFIG_NETFILTER_XT_MATCH_SCTP) += xt_sctp.o |
| 80 | obj-$(CONFIG_NETFILTER_XT_MATCH_STATE) += xt_state.o | 81 | obj-$(CONFIG_NETFILTER_XT_MATCH_STATE) += xt_state.o |
| 81 | obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTIC) += xt_statistic.o | 82 | obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTIC) += xt_statistic.o |
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/netfilter/xt_recent.c index 3974d7cae5c0..422c0e4d66b7 100644 --- a/net/ipv4/netfilter/ipt_recent.c +++ b/net/netfilter/xt_recent.c | |||
| @@ -27,11 +27,12 @@ | |||
| 27 | #include <net/net_namespace.h> | 27 | #include <net/net_namespace.h> |
| 28 | 28 | ||
| 29 | #include <linux/netfilter/x_tables.h> | 29 | #include <linux/netfilter/x_tables.h> |
| 30 | #include <linux/netfilter_ipv4/ipt_recent.h> | 30 | #include <linux/netfilter/xt_recent.h> |
| 31 | 31 | ||
| 32 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | 32 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); |
| 33 | MODULE_DESCRIPTION("Xtables: \"recently-seen\" host matching for IPv4"); | 33 | MODULE_DESCRIPTION("Xtables: \"recently-seen\" host matching for IPv4"); |
| 34 | MODULE_LICENSE("GPL"); | 34 | MODULE_LICENSE("GPL"); |
| 35 | MODULE_ALIAS("ipt_recent"); | ||
| 35 | 36 | ||
| 36 | static unsigned int ip_list_tot = 100; | 37 | static unsigned int ip_list_tot = 100; |
| 37 | static unsigned int ip_pkt_list_tot = 20; | 38 | static unsigned int ip_pkt_list_tot = 20; |
| @@ -64,7 +65,7 @@ struct recent_entry { | |||
| 64 | 65 | ||
| 65 | struct recent_table { | 66 | struct recent_table { |
| 66 | struct list_head list; | 67 | struct list_head list; |
| 67 | char name[IPT_RECENT_NAME_LEN]; | 68 | char name[XT_RECENT_NAME_LEN]; |
| 68 | #ifdef CONFIG_PROC_FS | 69 | #ifdef CONFIG_PROC_FS |
| 69 | struct proc_dir_entry *proc; | 70 | struct proc_dir_entry *proc; |
| 70 | #endif | 71 | #endif |
| @@ -175,14 +176,14 @@ recent_mt(const struct sk_buff *skb, const struct net_device *in, | |||
| 175 | const void *matchinfo, int offset, unsigned int protoff, | 176 | const void *matchinfo, int offset, unsigned int protoff, |
| 176 | bool *hotdrop) | 177 | bool *hotdrop) |
| 177 | { | 178 | { |
| 178 | const struct ipt_recent_info *info = matchinfo; | 179 | const struct xt_recent_mtinfo *info = matchinfo; |
| 179 | struct recent_table *t; | 180 | struct recent_table *t; |
| 180 | struct recent_entry *e; | 181 | struct recent_entry *e; |
| 181 | __be32 addr; | 182 | __be32 addr; |
| 182 | u_int8_t ttl; | 183 | u_int8_t ttl; |
| 183 | bool ret = info->invert; | 184 | bool ret = info->invert; |
| 184 | 185 | ||
| 185 | if (info->side == IPT_RECENT_DEST) | 186 | if (info->side == XT_RECENT_DEST) |
| 186 | addr = ip_hdr(skb)->daddr; | 187 | addr = ip_hdr(skb)->daddr; |
| 187 | else | 188 | else |
| 188 | addr = ip_hdr(skb)->saddr; | 189 | addr = ip_hdr(skb)->saddr; |
| @@ -195,9 +196,9 @@ recent_mt(const struct sk_buff *skb, const struct net_device *in, | |||
| 195 | spin_lock_bh(&recent_lock); | 196 | spin_lock_bh(&recent_lock); |
| 196 | t = recent_table_lookup(info->name); | 197 | t = recent_table_lookup(info->name); |
| 197 | e = recent_entry_lookup(t, addr, | 198 | e = recent_entry_lookup(t, addr, |
| 198 | info->check_set & IPT_RECENT_TTL ? ttl : 0); | 199 | info->check_set & XT_RECENT_TTL ? ttl : 0); |
| 199 | if (e == NULL) { | 200 | if (e == NULL) { |
| 200 | if (!(info->check_set & IPT_RECENT_SET)) | 201 | if (!(info->check_set & XT_RECENT_SET)) |
| 201 | goto out; | 202 | goto out; |
| 202 | e = recent_entry_init(t, addr, ttl); | 203 | e = recent_entry_init(t, addr, ttl); |
| 203 | if (e == NULL) | 204 | if (e == NULL) |
| @@ -206,12 +207,12 @@ recent_mt(const struct sk_buff *skb, const struct net_device *in, | |||
| 206 | goto out; | 207 | goto out; |
| 207 | } | 208 | } |
| 208 | 209 | ||
| 209 | if (info->check_set & IPT_RECENT_SET) | 210 | if (info->check_set & XT_RECENT_SET) |
| 210 | ret = !ret; | 211 | ret = !ret; |
| 211 | else if (info->check_set & IPT_RECENT_REMOVE) { | 212 | else if (info->check_set & XT_RECENT_REMOVE) { |
| 212 | recent_entry_remove(t, e); | 213 | recent_entry_remove(t, e); |
| 213 | ret = !ret; | 214 | ret = !ret; |
| 214 | } else if (info->check_set & (IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) { | 215 | } else if (info->check_set & (XT_RECENT_CHECK | XT_RECENT_UPDATE)) { |
| 215 | unsigned long time = jiffies - info->seconds * HZ; | 216 | unsigned long time = jiffies - info->seconds * HZ; |
| 216 | unsigned int i, hits = 0; | 217 | unsigned int i, hits = 0; |
| 217 | 218 | ||
| @@ -225,8 +226,8 @@ recent_mt(const struct sk_buff *skb, const struct net_device *in, | |||
| 225 | } | 226 | } |
| 226 | } | 227 | } |
| 227 | 228 | ||
| 228 | if (info->check_set & IPT_RECENT_SET || | 229 | if (info->check_set & XT_RECENT_SET || |
| 229 | (info->check_set & IPT_RECENT_UPDATE && ret)) { | 230 | (info->check_set & XT_RECENT_UPDATE && ret)) { |
| 230 | recent_entry_update(t, e); | 231 | recent_entry_update(t, e); |
| 231 | e->ttl = ttl; | 232 | e->ttl = ttl; |
| 232 | } | 233 | } |
| @@ -240,22 +241,22 @@ recent_mt_check(const char *tablename, const void *ip, | |||
| 240 | const struct xt_match *match, void *matchinfo, | 241 | const struct xt_match *match, void *matchinfo, |
| 241 | unsigned int hook_mask) | 242 | unsigned int hook_mask) |
| 242 | { | 243 | { |
| 243 | const struct ipt_recent_info *info = matchinfo; | 244 | const struct xt_recent_mtinfo *info = matchinfo; |
| 244 | struct recent_table *t; | 245 | struct recent_table *t; |
| 245 | unsigned i; | 246 | unsigned i; |
| 246 | bool ret = false; | 247 | bool ret = false; |
| 247 | 248 | ||
| 248 | if (hweight8(info->check_set & | 249 | if (hweight8(info->check_set & |
| 249 | (IPT_RECENT_SET | IPT_RECENT_REMOVE | | 250 | (XT_RECENT_SET | XT_RECENT_REMOVE | |
| 250 | IPT_RECENT_CHECK | IPT_RECENT_UPDATE)) != 1) | 251 | XT_RECENT_CHECK | XT_RECENT_UPDATE)) != 1) |
| 251 | return false; | 252 | return false; |
| 252 | if ((info->check_set & (IPT_RECENT_SET | IPT_RECENT_REMOVE)) && | 253 | if ((info->check_set & (XT_RECENT_SET | XT_RECENT_REMOVE)) && |
| 253 | (info->seconds || info->hit_count)) | 254 | (info->seconds || info->hit_count)) |
| 254 | return false; | 255 | return false; |
| 255 | if (info->hit_count > ip_pkt_list_tot) | 256 | if (info->hit_count > ip_pkt_list_tot) |
| 256 | return false; | 257 | return false; |
| 257 | if (info->name[0] == '\0' || | 258 | if (info->name[0] == '\0' || |
| 258 | strnlen(info->name, IPT_RECENT_NAME_LEN) == IPT_RECENT_NAME_LEN) | 259 | strnlen(info->name, XT_RECENT_NAME_LEN) == XT_RECENT_NAME_LEN) |
| 259 | return false; | 260 | return false; |
| 260 | 261 | ||
| 261 | mutex_lock(&recent_mutex); | 262 | mutex_lock(&recent_mutex); |
| @@ -296,7 +297,7 @@ out: | |||
| 296 | 297 | ||
| 297 | static void recent_mt_destroy(const struct xt_match *match, void *matchinfo) | 298 | static void recent_mt_destroy(const struct xt_match *match, void *matchinfo) |
| 298 | { | 299 | { |
| 299 | const struct ipt_recent_info *info = matchinfo; | 300 | const struct xt_recent_mtinfo *info = matchinfo; |
| 300 | struct recent_table *t; | 301 | struct recent_table *t; |
| 301 | 302 | ||
| 302 | mutex_lock(&recent_mutex); | 303 | mutex_lock(&recent_mutex); |
| @@ -461,7 +462,7 @@ static struct xt_match recent_mt_reg __read_mostly = { | |||
| 461 | .name = "recent", | 462 | .name = "recent", |
| 462 | .family = AF_INET, | 463 | .family = AF_INET, |
| 463 | .match = recent_mt, | 464 | .match = recent_mt, |
| 464 | .matchsize = sizeof(struct ipt_recent_info), | 465 | .matchsize = sizeof(struct xt_recent_mtinfo), |
| 465 | .checkentry = recent_mt_check, | 466 | .checkentry = recent_mt_check, |
| 466 | .destroy = recent_mt_destroy, | 467 | .destroy = recent_mt_destroy, |
| 467 | .me = THIS_MODULE, | 468 | .me = THIS_MODULE, |