aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/Kconfig10
-rw-r--r--net/ipv4/netfilter/Makefile1
-rw-r--r--net/netfilter/Kconfig10
-rw-r--r--net/netfilter/Makefile1
-rw-r--r--net/netfilter/xt_addrtype.c (renamed from net/ipv4/netfilter/ipt_addrtype.c)31
5 files changed, 27 insertions, 26 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index f926a310075d..1dfc18a03fd4 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -64,16 +64,6 @@ config IP_NF_IPTABLES
64if IP_NF_IPTABLES 64if IP_NF_IPTABLES
65 65
66# The matches. 66# The matches.
67config IP_NF_MATCH_ADDRTYPE
68 tristate '"addrtype" address type match support'
69 depends on NETFILTER_ADVANCED
70 help
71 This option allows you to match what routing thinks of an address,
72 eg. UNICAST, LOCAL, BROADCAST, ...
73
74 If you want to compile it as a module, say M here and read
75 <file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
76
77config IP_NF_MATCH_AH 67config IP_NF_MATCH_AH
78 tristate '"ah" match support' 68 tristate '"ah" match support'
79 depends on NETFILTER_ADVANCED 69 depends on NETFILTER_ADVANCED
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 19eb59d01037..dca2082ec683 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -48,7 +48,6 @@ obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
48obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o 48obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o
49 49
50# matches 50# matches
51obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
52obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o 51obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
53obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o 52obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
54 53
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 82a6e0d80f05..32bff6d86cb2 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -649,6 +649,16 @@ config NETFILTER_XT_TARGET_TCPOPTSTRIP
649 649
650comment "Xtables matches" 650comment "Xtables matches"
651 651
652config NETFILTER_XT_MATCH_ADDRTYPE
653 tristate '"addrtype" address type match support'
654 depends on NETFILTER_ADVANCED
655 ---help---
656 This option allows you to match what routing thinks of an address,
657 eg. UNICAST, LOCAL, BROADCAST, ...
658
659 If you want to compile it as a module, say M here and read
660 <file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
661
652config NETFILTER_XT_MATCH_CLUSTER 662config NETFILTER_XT_MATCH_CLUSTER
653 tristate '"cluster" match support' 663 tristate '"cluster" match support'
654 depends on NF_CONNTRACK 664 depends on NF_CONNTRACK
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index d57a890eaee5..1a02853df863 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -70,6 +70,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o
70obj-$(CONFIG_NETFILTER_XT_TARGET_IDLETIMER) += xt_IDLETIMER.o 70obj-$(CONFIG_NETFILTER_XT_TARGET_IDLETIMER) += xt_IDLETIMER.o
71 71
72# matches 72# matches
73obj-$(CONFIG_NETFILTER_XT_MATCH_ADDRTYPE) += xt_addrtype.o
73obj-$(CONFIG_NETFILTER_XT_MATCH_CLUSTER) += xt_cluster.o 74obj-$(CONFIG_NETFILTER_XT_MATCH_CLUSTER) += xt_cluster.o
74obj-$(CONFIG_NETFILTER_XT_MATCH_COMMENT) += xt_comment.o 75obj-$(CONFIG_NETFILTER_XT_MATCH_COMMENT) += xt_comment.o
75obj-$(CONFIG_NETFILTER_XT_MATCH_CONNBYTES) += xt_connbytes.o 76obj-$(CONFIG_NETFILTER_XT_MATCH_CONNBYTES) += xt_connbytes.o
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/netfilter/xt_addrtype.c
index db8bff0fb86d..e89c0b84583c 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/netfilter/xt_addrtype.c
@@ -16,12 +16,13 @@
16#include <linux/ip.h> 16#include <linux/ip.h>
17#include <net/route.h> 17#include <net/route.h>
18 18
19#include <linux/netfilter_ipv4/ipt_addrtype.h> 19#include <linux/netfilter/xt_addrtype.h>
20#include <linux/netfilter/x_tables.h> 20#include <linux/netfilter/x_tables.h>
21 21
22MODULE_LICENSE("GPL"); 22MODULE_LICENSE("GPL");
23MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); 23MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
24MODULE_DESCRIPTION("Xtables: address type match for IPv4"); 24MODULE_DESCRIPTION("Xtables: address type match");
25MODULE_ALIAS("ipt_addrtype");
25 26
26static inline bool match_type(struct net *net, const struct net_device *dev, 27static inline bool match_type(struct net *net, const struct net_device *dev,
27 __be32 addr, u_int16_t mask) 28 __be32 addr, u_int16_t mask)
@@ -33,7 +34,7 @@ static bool
33addrtype_mt_v0(const struct sk_buff *skb, struct xt_action_param *par) 34addrtype_mt_v0(const struct sk_buff *skb, struct xt_action_param *par)
34{ 35{
35 struct net *net = dev_net(par->in ? par->in : par->out); 36 struct net *net = dev_net(par->in ? par->in : par->out);
36 const struct ipt_addrtype_info *info = par->matchinfo; 37 const struct xt_addrtype_info *info = par->matchinfo;
37 const struct iphdr *iph = ip_hdr(skb); 38 const struct iphdr *iph = ip_hdr(skb);
38 bool ret = true; 39 bool ret = true;
39 40
@@ -51,31 +52,31 @@ static bool
51addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par) 52addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
52{ 53{
53 struct net *net = dev_net(par->in ? par->in : par->out); 54 struct net *net = dev_net(par->in ? par->in : par->out);
54 const struct ipt_addrtype_info_v1 *info = par->matchinfo; 55 const struct xt_addrtype_info_v1 *info = par->matchinfo;
55 const struct iphdr *iph = ip_hdr(skb); 56 const struct iphdr *iph = ip_hdr(skb);
56 const struct net_device *dev = NULL; 57 const struct net_device *dev = NULL;
57 bool ret = true; 58 bool ret = true;
58 59
59 if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) 60 if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_IN)
60 dev = par->in; 61 dev = par->in;
61 else if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) 62 else if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT)
62 dev = par->out; 63 dev = par->out;
63 64
64 if (info->source) 65 if (info->source)
65 ret &= match_type(net, dev, iph->saddr, info->source) ^ 66 ret &= match_type(net, dev, iph->saddr, info->source) ^
66 (info->flags & IPT_ADDRTYPE_INVERT_SOURCE); 67 (info->flags & XT_ADDRTYPE_INVERT_SOURCE);
67 if (ret && info->dest) 68 if (ret && info->dest)
68 ret &= match_type(net, dev, iph->daddr, info->dest) ^ 69 ret &= match_type(net, dev, iph->daddr, info->dest) ^
69 !!(info->flags & IPT_ADDRTYPE_INVERT_DEST); 70 !!(info->flags & XT_ADDRTYPE_INVERT_DEST);
70 return ret; 71 return ret;
71} 72}
72 73
73static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par) 74static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
74{ 75{
75 struct ipt_addrtype_info_v1 *info = par->matchinfo; 76 struct xt_addrtype_info_v1 *info = par->matchinfo;
76 77
77 if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN && 78 if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_IN &&
78 info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) { 79 info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT) {
79 pr_info("both incoming and outgoing " 80 pr_info("both incoming and outgoing "
80 "interface limitation cannot be selected\n"); 81 "interface limitation cannot be selected\n");
81 return -EINVAL; 82 return -EINVAL;
@@ -83,7 +84,7 @@ static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
83 84
84 if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) | 85 if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) |
85 (1 << NF_INET_LOCAL_IN)) && 86 (1 << NF_INET_LOCAL_IN)) &&
86 info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) { 87 info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT) {
87 pr_info("output interface limitation " 88 pr_info("output interface limitation "
88 "not valid in PREROUTING and INPUT\n"); 89 "not valid in PREROUTING and INPUT\n");
89 return -EINVAL; 90 return -EINVAL;
@@ -91,7 +92,7 @@ static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
91 92
92 if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) | 93 if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) |
93 (1 << NF_INET_LOCAL_OUT)) && 94 (1 << NF_INET_LOCAL_OUT)) &&
94 info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) { 95 info->flags & XT_ADDRTYPE_LIMIT_IFACE_IN) {
95 pr_info("input interface limitation " 96 pr_info("input interface limitation "
96 "not valid in POSTROUTING and OUTPUT\n"); 97 "not valid in POSTROUTING and OUTPUT\n");
97 return -EINVAL; 98 return -EINVAL;
@@ -105,7 +106,7 @@ static struct xt_match addrtype_mt_reg[] __read_mostly = {
105 .name = "addrtype", 106 .name = "addrtype",
106 .family = NFPROTO_IPV4, 107 .family = NFPROTO_IPV4,
107 .match = addrtype_mt_v0, 108 .match = addrtype_mt_v0,
108 .matchsize = sizeof(struct ipt_addrtype_info), 109 .matchsize = sizeof(struct xt_addrtype_info),
109 .me = THIS_MODULE 110 .me = THIS_MODULE
110 }, 111 },
111 { 112 {
@@ -114,7 +115,7 @@ static struct xt_match addrtype_mt_reg[] __read_mostly = {
114 .revision = 1, 115 .revision = 1,
115 .match = addrtype_mt_v1, 116 .match = addrtype_mt_v1,
116 .checkentry = addrtype_mt_checkentry_v1, 117 .checkentry = addrtype_mt_checkentry_v1,
117 .matchsize = sizeof(struct ipt_addrtype_info_v1), 118 .matchsize = sizeof(struct xt_addrtype_info_v1),
118 .me = THIS_MODULE 119 .me = THIS_MODULE
119 } 120 }
120}; 121};
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-22 13:58:24 -0500