3 files changed, 78 insertions, 4 deletions
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 77ec704c9ee3..cd1551983c63 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -10,13 +10,16 @@ menu "IPv6: Netfilter Configuration (EXPERIMENTAL)"
 #  dep_tristate '  FTP protocol support' CONFIG_IP6_NF_FTP $CONFIG_IP6_NF_CONNTRACK
 #fi
 config IP6_NF_QUEUE
-        tristate "Userspace queueing via NETLINK"
+        tristate "IP6 Userspace queueing via NETLINK (OBSOLETE)"
        ---help---
          This option adds a queue handler to the kernel for IPv6
-          packets which lets us to receive the filtered packets
+          packets which enables users to receive the filtered packets
-          with QUEUE target using libiptc as we can do with
+          with QUEUE target using libipq.
-          the IPv4 now.
+          THis option enables the old IPv6-only "ip6_queue" implementation
+          which has been obsoleted by the new "nfnetlink_queue" code (see
+          CONFIG_NETFILTER_NETLINK_QUEUE).
          (C) Fernando Anton 2001
          IPv64 Project - Work based in IPv64 draft by Arturo Azcorra.
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index 2e51714953b6..847651dbcd2a 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -24,3 +24,4 @@ obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o
 obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
 obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
 obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o
+obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += ip6t_NFQUEUE.o
diff --git a/net/ipv6/netfilter/ip6t_NFQUEUE.c b/net/ipv6/netfilter/ip6t_NFQUEUE.c
new file mode 100644
index 000000000000..c6e3730e7409
--- /dev/null
+++ b/net/ipv6/netfilter/ip6t_NFQUEUE.c
@@ -0,0 +1,70 @@
+/* ip6tables module for using new netfilter netlink queue
+ *
+ * (C) 2005 by Harald Welte <laforge@netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as 
+ * published by the Free Software Foundation.
+ * 
+ */
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
+MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
+MODULE_DESCRIPTION("ip6tables NFQUEUE target");
+MODULE_LICENSE("GPL");
+static unsigned int
+target(struct sk_buff **pskb,
+       const struct net_device *in,
+       const struct net_device *out,
+       unsigned int hooknum,
+       const void *targinfo,
+       void *userinfo)
+{
+        const struct ipt_NFQ_info *tinfo = targinfo;
+        return NF_QUEUE_NR(tinfo->queuenum);
+}
+static int
+checkentry(const char *tablename,
+           const struct ip6t_entry *e,
+           void *targinfo,
+           unsigned int targinfosize,
+           unsigned int hook_mask)
+{
+        if (targinfosize != IP6T_ALIGN(sizeof(struct ipt_NFQ_info))) {
+                printk(KERN_WARNING "NFQUEUE: targinfosize %u != %Zu\n",
+                       targinfosize,
+                       IP6T_ALIGN(sizeof(struct ipt_NFQ_info)));
+                return 0;
+        }
+        return 1;
+}
+static struct ip6t_target ipt_NFQ_reg = {
+        .name           = "NFQUEUE",
+        .target         = target,
+        .checkentry     = checkentry,
+        .me             = THIS_MODULE,
+};
+static int __init init(void)
+{
+        return ip6t_register_target(&ipt_NFQ_reg);
+}
+static void __exit fini(void)
+{
+        ip6t_unregister_target(&ipt_NFQ_reg);
+}
+module_init(init);
+module_exit(fini);

diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig index 77ec704c9ee3..cd1551983c63 100644 --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig
@@ -10,13 +10,16 @@ menu "IPv6: Netfilter Configuration (EXPERIMENTAL)"
10	# dep_tristate ' FTP protocol support' CONFIG_IP6_NF_FTP $CONFIG_IP6_NF_CONNTRACK	10	# dep_tristate ' FTP protocol support' CONFIG_IP6_NF_FTP $CONFIG_IP6_NF_CONNTRACK
11	#fi	11	#fi
12	config IP6_NF_QUEUE	12	config IP6_NF_QUEUE
13	tristate "Userspace queueing via NETLINK"	13	tristate "IP6 Userspace queueing via NETLINK (OBSOLETE)"
14	---help---	14	---help---
15		15
16	This option adds a queue handler to the kernel for IPv6	16	This option adds a queue handler to the kernel for IPv6
17	packets which lets us to receive the filtered packets	17	packets which enables users to receive the filtered packets
18	with QUEUE target using libiptc as we can do with	18	with QUEUE target using libipq.
19	the IPv4 now.	19
		20	THis option enables the old IPv6-only "ip6_queue" implementation
		21	which has been obsoleted by the new "nfnetlink_queue" code (see
		22	CONFIG_NETFILTER_NETLINK_QUEUE).
20		23
21	(C) Fernando Anton 2001	24	(C) Fernando Anton 2001
22	IPv64 Project - Work based in IPv64 draft by Arturo Azcorra.	25	IPv64 Project - Work based in IPv64 draft by Arturo Azcorra.


diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile index 2e51714953b6..847651dbcd2a 100644 --- a/net/ipv6/netfilter/Makefile +++ b/net/ipv6/netfilter/Makefile
@@ -24,3 +24,4 @@ obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o
24	obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o	24	obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
25	obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o	25	obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
26	obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o	26	obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o
		27	obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += ip6t_NFQUEUE.o


diff --git a/net/ipv6/netfilter/ip6t_NFQUEUE.c b/net/ipv6/netfilter/ip6t_NFQUEUE.c new file mode 100644 index 000000000000..c6e3730e7409 --- /dev/null +++ b/net/ipv6/netfilter/ip6t_NFQUEUE.c
@@ -0,0 +1,70 @@
		1	/* ip6tables module for using new netfilter netlink queue
		2	*
		3	* (C) 2005 by Harald Welte <laforge@netfilter.org>
		4	*
		5	* This program is free software; you can redistribute it and/or modify
		6	* it under the terms of the GNU General Public License version 2 as
		7	* published by the Free Software Foundation.
		8	*
		9	*/
		10
		11	#include <linux/module.h>
		12	#include <linux/skbuff.h>
		13
		14	#include <linux/netfilter.h>
		15	#include <linux/netfilter_ipv6/ip6_tables.h>
		16	#include <linux/netfilter_ipv4/ipt_NFQUEUE.h>
		17
		18	MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
		19	MODULE_DESCRIPTION("ip6tables NFQUEUE target");
		20	MODULE_LICENSE("GPL");
		21
		22	static unsigned int
		23	target(struct sk_buff **pskb,
		24	const struct net_device *in,
		25	const struct net_device *out,
		26	unsigned int hooknum,
		27	const void *targinfo,
		28	void *userinfo)
		29	{
		30	const struct ipt_NFQ_info *tinfo = targinfo;
		31
		32	return NF_QUEUE_NR(tinfo->queuenum);
		33	}
		34
		35	static int
		36	checkentry(const char *tablename,
		37	const struct ip6t_entry *e,
		38	void *targinfo,
		39	unsigned int targinfosize,
		40	unsigned int hook_mask)
		41	{
		42	if (targinfosize != IP6T_ALIGN(sizeof(struct ipt_NFQ_info))) {
		43	printk(KERN_WARNING "NFQUEUE: targinfosize %u != %Zu\n",
		44	targinfosize,
		45	IP6T_ALIGN(sizeof(struct ipt_NFQ_info)));
		46	return 0;
		47	}
		48
		49	return 1;
		50	}
		51
		52	static struct ip6t_target ipt_NFQ_reg = {
		53	.name = "NFQUEUE",
		54	.target = target,
		55	.checkentry = checkentry,
		56	.me = THIS_MODULE,
		57	};
		58
		59	static int __init init(void)
		60	{
		61	return ip6t_register_target(&ipt_NFQ_reg);
		62	}
		63
		64	static void __exit fini(void)
		65	{
		66	ip6t_unregister_target(&ipt_NFQ_reg);
		67	}
		68
		69	module_init(init);
		70	module_exit(fini);