summaryrefslogtreecommitdiffstats
path: root/kernel/ipt_set.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/ipt_set.c')
-rw-r--r--kernel/ipt_set.c147
1 files changed, 102 insertions, 45 deletions
diff --git a/kernel/ipt_set.c b/kernel/ipt_set.c
index eb064fe..b08b3bb 100644
--- a/kernel/ipt_set.c
+++ b/kernel/ipt_set.c
@@ -15,7 +15,14 @@
#include <linux/skbuff.h>
#include <linux/version.h>
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
#include <linux/netfilter_ipv4/ip_tables.h>
+#define xt_register_match ipt_register_match
+#define xt_unregister_match ipt_unregister_match
+#define xt_match ipt_match
+#else
+#include <linux/netfilter/x_tables.h>
+#endif
#include <linux/netfilter_ipv4/ip_set.h>
#include <linux/netfilter_ipv4/ipt_set.h>
@@ -29,24 +36,53 @@ match_set(const struct ipt_set_info *info,
return inv;
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-static bool
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
+static int
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ const void *hdr,
+ u_int16_t datalen,
+ int *hotdrop)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
+static int
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ int *hotdrop)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static int
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ int *hotdrop)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
static int
-#endif
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
const struct xt_match *match,
-#endif
const void *matchinfo,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
- int offset, unsigned int protoff, bool *hotdrop)
-#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
- int offset, unsigned int protoff, int *hotdrop)
-#else
- int offset, int *hotdrop)
+ int offset,
+ unsigned int protoff,
+ int *hotdrop)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
+static bool
+match(const struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const struct xt_match *match,
+ const void *matchinfo,
+ int offset,
+ unsigned int protoff,
+ bool *hotdrop)
#endif
{
const struct ipt_set_info_match *info = matchinfo;
@@ -56,30 +92,48 @@ match(const struct sk_buff *skb,
info->match_set.flags[0] & IPSET_MATCH_INV);
}
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
-static bool
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
static int
-#endif
checkentry(const char *tablename,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
- const void *inf,
-#else
const struct ipt_ip *ip,
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+ void *matchinfo,
+ unsigned int matchsize,
+ unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static int
+checkentry(const char *tablename,
+ const void *inf,
+ void *matchinfo,
+ unsigned int matchsize,
+ unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+static int
+checkentry(const char *tablename,
+ const void *inf,
const struct xt_match *match,
-#endif
void *matchinfo,
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
unsigned int matchsize,
-#endif
unsigned int hook_mask)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+static int
+checkentry(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
+static bool
+checkentry(const char *tablename,
+ const void *inf,
+ const struct xt_match *match,
+ void *matchinfo,
+ unsigned int hook_mask)
+#endif
{
struct ipt_set_info_match *info = matchinfo;
ip_set_id_t index;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
ip_set_printk("invalid matchsize %d", matchsize);
return 0;
@@ -101,19 +155,21 @@ checkentry(const char *tablename,
return 1;
}
-static void destroy(
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
- const struct xt_match *match,
-#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
- void *matchinfo, unsigned int matchsize)
-#else
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static void destroy(void *matchinfo,
+ unsigned int matchsize)
+#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+static void destroy(const struct xt_match *match,
+ void *matchinfo,
+ unsigned int matchsize)
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
+static void destroy(const struct xt_match *match,
void *matchinfo)
#endif
{
struct ipt_set_info_match *info = matchinfo;
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
ip_set_printk("invalid matchsize %d", matchsize);
return;
@@ -122,37 +178,38 @@ static void destroy(
ip_set_put(info->match_set.index);
}
-static struct ipt_match set_match = {
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+static struct xt_match set_match = {
+ .name = "set",
+ .match = &match,
+ .checkentry = &checkentry,
+ .destroy = &destroy,
+ .me = THIS_MODULE
+};
+#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */
+static struct xt_match set_match = {
.name = "set",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
.family = AF_INET,
-#endif
.match = &match,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
.matchsize = sizeof(struct ipt_set_info_match),
-#endif
.checkentry = &checkentry,
.destroy = &destroy,
.me = THIS_MODULE
};
+#endif
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
MODULE_DESCRIPTION("iptables IP set match module");
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
-#define ipt_register_match xt_register_match
-#define ipt_unregister_match xt_unregister_match
-#endif
-
static int __init ipt_ipset_init(void)
{
- return ipt_register_match(&set_match);
+ return xt_register_match(&set_match);
}
static void __exit ipt_ipset_fini(void)
{
- ipt_unregister_match(&set_match);
+ xt_unregister_match(&set_match);
}
module_init(ipt_ipset_init);