GitHub-Mirror/Star64_linux
2
0
Fork 0
mirror of https://github.com/Fishwaldo/Star64_linux.git synced 2025-06-28 09:31:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

netfilter: xtables: move ipt_ecn to xt_ecn

Browse source 
Prepare the ECN match for augmentation by an IPv6 counterpart. Since
no symbol dependencies to ipv6.ko are added, having a single ecn match
module is the more so welcome.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Jan Engelhardt 2011-06-09 21:03:07 +02:00 committed by Pablo Neira Ayuso
parent c0d2b8376a
commit d446a8202c
8 changed files with 53 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/linux/netfilter/Kbuild
View file

@ -43,6 +43,7 @@ header-y += xt_cpu.h
header-y += xt_dccp.h header-y += xt_dccp.h
header-y += xt_devgroup.h header-y += xt_devgroup.h
header-y += xt_dscp.h header-y += xt_dscp.h
header-y += xt_ecn.h
header-y += xt_esp.h header-y += xt_esp.h
header-y += xt_hashlimit.h header-y += xt_hashlimit.h
header-y += xt_helper.h header-y += xt_helper.h

35
include/linux/netfilter/xt_ecn.h Normal file
View file

@ -0,0 +1,35 @@
/* iptables module for matching the ECN header in IPv4 and TCP header
*
* (C) 2002 Harald Welte <laforge@gnumonks.org>
*
* This software is distributed under GNU GPL v2, 1991
*
* ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp
*/
#ifndef _XT_ECN_H
#define _XT_ECN_H
#include <linux/types.h>
#include <linux/netfilter/xt_dscp.h>
#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
#define IPT_ECN_OP_MATCH_IP 0x01
#define IPT_ECN_OP_MATCH_ECE 0x10
#define IPT_ECN_OP_MATCH_CWR 0x20
#define IPT_ECN_OP_MATCH_MASK 0xce
/* match info */
struct ipt_ecn_info {
__u8 operation;
__u8 invert;
__u8 ip_ect;
union {
struct {
__u8 ect;
} tcp;
} proto;
};
#endif /* _XT_ECN_H */

31
include/linux/netfilter_ipv4/ipt_ecn.h
View file

@ -1,35 +1,6 @@
/* iptables module for matching the ECN header in IPv4 and TCP header
*
* (C) 2002 Harald Welte <laforge@gnumonks.org>
*
* This software is distributed under GNU GPL v2, 1991
*
* ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp
*/
#ifndef _IPT_ECN_H #ifndef _IPT_ECN_H
#define _IPT_ECN_H #define _IPT_ECN_H
#include <linux/types.h> #include <linux/netfilter/xt_ecn.h>
#include <linux/netfilter/xt_dscp.h>
#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
#define IPT_ECN_OP_MATCH_IP 0x01
#define IPT_ECN_OP_MATCH_ECE 0x10
#define IPT_ECN_OP_MATCH_CWR 0x20
#define IPT_ECN_OP_MATCH_MASK 0xce
/* match info */
struct ipt_ecn_info {
__u8 operation;
__u8 invert;
__u8 ip_ect;
union {
struct {
__u8 ect;
} tcp;
} proto;
};
#endif /* _IPT_ECN_H */ #endif /* _IPT_ECN_H */

10
net/ipv4/netfilter/Kconfig
View file

@ -76,11 +76,11 @@ config IP_NF_MATCH_AH
config IP_NF_MATCH_ECN config IP_NF_MATCH_ECN
tristate '"ecn" match support' tristate '"ecn" match support'
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED
help select NETFILTER_XT_MATCH_ECN
This option adds a `ECN' match, which allows you to match against ---help---
the IPv4 and TCP header ECN fields. This is a backwards-compat option for the user's convenience
(e.g. when running oldconfig). It selects
To compile it as a module, choose M here. If unsure, say N. CONFIG_NETFILTER_XT_MATCH_ECN.
config IP_NF_MATCH_RPFILTER config IP_NF_MATCH_RPFILTER
tristate '"rpfilter" reverse path filter match support' tristate '"rpfilter" reverse path filter match support'

1
net/ipv4/netfilter/Makefile
View file

@ -49,7 +49,6 @@ obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o
# matches # matches
obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o
# targets # targets

9
net/netfilter/Kconfig
View file

@ -778,6 +778,15 @@ config NETFILTER_XT_MATCH_DSCP
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_MATCH_ECN
tristate '"ecn" match support'
depends on NETFILTER_ADVANCED
---help---
This option adds an "ECN" match, which allows you to match against
the IPv4 and TCP header ECN fields.
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_MATCH_ESP config NETFILTER_XT_MATCH_ESP
tristate '"esp" match support' tristate '"esp" match support'
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED

1
net/netfilter/Makefile
View file

@ -81,6 +81,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_CPU) += xt_cpu.o
obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) += xt_dccp.o obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) += xt_dccp.o
obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o
obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o
obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o
obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o

1
net/ipv4/netfilter/ipt_ecn.c → net/netfilter/xt_ecn.c
View file

@ -21,6 +21,7 @@
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("Xtables: Explicit Congestion Notification (ECN) flag match for IPv4"); MODULE_DESCRIPTION("Xtables: Explicit Congestion Notification (ECN) flag match for IPv4");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_ecn");
static inline bool match_ip(const struct sk_buff *skb, static inline bool match_ip(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo) const struct ipt_ecn_info *einfo)