diff options
| author | /C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu> | 2008-07-02 12:20:18 +0000 |
|---|---|---|
| committer | /C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu </C=EU/ST=EU/CN=Jozsef Kadlecsik/emailAddress=kadlec@blackhole.kfki.hu> | 2008-07-02 12:20:18 +0000 |
| commit | 633b62df0104203591d5c427f6769857571b2540 (patch) | |
| tree | c30e45a92d662906a92822e63b256010fec005ef /kernel/ipt_SET.c | |
| parent | cbbb94616299ae2d897cf8a8fd8d9ebf7af41be8 (diff) | |
Initial ipset release with kernel modules included.
Diffstat (limited to 'kernel/ipt_SET.c')
| -rw-r--r-- | kernel/ipt_SET.c | 179 |
1 files changed, 179 insertions, 0 deletions
diff --git a/kernel/ipt_SET.c b/kernel/ipt_SET.c new file mode 100644 index 0000000..63ada14 --- /dev/null +++ b/kernel/ipt_SET.c @@ -0,0 +1,179 @@ +/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> + * Patrick Schaaf <bof@bof.de> + * Martin Josefsson <gandalf@wlug.westbo.se> + * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +/* ipt_SET.c - netfilter target to manipulate IP sets */ + +#include <linux/types.h> +#include <linux/ip.h> +#include <linux/timer.h> +#include <linux/module.h> +#include <linux/netfilter.h> +#include <linux/netdevice.h> +#include <linux/if.h> +#include <linux/inetdevice.h> +#include <linux/version.h> +#include <net/protocol.h> +#include <net/checksum.h> +#include <linux/netfilter_ipv4.h> +#include <linux/netfilter_ipv4/ip_tables.h> +#include <linux/netfilter_ipv4/ipt_set.h> + +static unsigned int +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24) +target(struct sk_buff *skb, +#else +target(struct sk_buff **pskb, +#endif + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_target *target, +#endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + const void *targinfo, + void *userinfo) +#else + const void *targinfo) +#endif +{ + const struct ipt_set_info_target *info = targinfo; +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24) + struct sk_buff *skb = *pskb; +#endif + + + if (info->add_set.index != IP_SET_INVALID_ID) + ip_set_addip_kernel(info->add_set.index, + skb, + info->add_set.flags); + if (info->del_set.index != IP_SET_INVALID_ID) + ip_set_delip_kernel(info->del_set.index, + skb, + info->del_set.flags); + + return IPT_CONTINUE; +} + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) +static bool +#else +static int +#endif +checkentry(const char *tablename, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) + const void *e, +#else + const struct ipt_entry *e, +#endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_target *target, +#endif + void *targinfo, +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + unsigned int targinfosize, +#endif + unsigned int hook_mask) +{ + struct ipt_set_info_target *info = targinfo; + ip_set_id_t index; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + if (targinfosize != IPT_ALIGN(sizeof(*info))) { + DP("bad target info size %u", targinfosize); + return 0; + } +#endif + + if (info->add_set.index != IP_SET_INVALID_ID) { + index = ip_set_get_byindex(info->add_set.index); + if (index == IP_SET_INVALID_ID) { + ip_set_printk("cannot find add_set index %u as target", + info->add_set.index); + return 0; /* error */ + } + } + + if (info->del_set.index != IP_SET_INVALID_ID) { + index = ip_set_get_byindex(info->del_set.index); + if (index == IP_SET_INVALID_ID) { + ip_set_printk("cannot find del_set index %u as target", + info->del_set.index); + return 0; /* error */ + } + } + if (info->add_set.flags[IP_SET_MAX_BINDINGS] != 0 + || info->del_set.flags[IP_SET_MAX_BINDINGS] != 0) { + ip_set_printk("That's nasty!"); + return 0; /* error */ + } + + return 1; +} + +static void destroy( +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_target *target, +#endif +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + void *targetinfo, unsigned int targetsize) +#else + void *targetinfo) +#endif +{ + struct ipt_set_info_target *info = targetinfo; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) { + ip_set_printk("invalid targetsize %d", targetsize); + return; + } +#endif + if (info->add_set.index != IP_SET_INVALID_ID) + ip_set_put(info->add_set.index); + if (info->del_set.index != IP_SET_INVALID_ID) + ip_set_put(info->del_set.index); +} + +static struct ipt_target SET_target = { + .name = "SET", +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) + .family = AF_INET, +#endif + .target = target, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + .targetsize = sizeof(struct ipt_set_info_target), +#endif + .checkentry = checkentry, + .destroy = destroy, + .me = THIS_MODULE +}; + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); +MODULE_DESCRIPTION("iptables IP set target module"); + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) +#define ipt_register_target xt_register_target +#define ipt_unregister_target xt_unregister_target +#endif + +static int __init ipt_SET_init(void) +{ + return ipt_register_target(&SET_target); +} + +static void __exit ipt_SET_fini(void) +{ + ipt_unregister_target(&SET_target); +} + +module_init(ipt_SET_init); +module_exit(ipt_SET_fini); |