tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[NETFILTER]: Rename ipt_iprange to xt_iprange

This patch moves ipt_iprange to xt_iprange, in preparation for adding
IPv6 support to xt_iprange.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Jan Engelhardt and committed by
David S. Miller f72e25a8 2ae15b64

+44 -30
+1
include/linux/netfilter/Kbuild
··· 21 21 header-y += xt_dscp.h 22 22 header-y += xt_esp.h 23 23 header-y += xt_hashlimit.h 24 + header-y += xt_iprange.h 24 25 header-y += xt_helper.h 25 26 header-y += xt_length.h 26 27 header-y += xt_limit.h
+17
include/linux/netfilter/xt_iprange.h
··· 1 + #ifndef _LINUX_NETFILTER_XT_IPRANGE_H 2 + #define _LINUX_NETFILTER_XT_IPRANGE_H 1 3 + 4 + enum { 5 + IPRANGE_SRC = 1 << 0, /* match source IP address */ 6 + IPRANGE_DST = 1 << 1, /* match destination IP address */ 7 + IPRANGE_SRC_INV = 1 << 4, /* negate the condition */ 8 + IPRANGE_DST_INV = 1 << 5, /* -"- */ 9 + }; 10 + 11 + struct xt_iprange_mtinfo { 12 + union nf_inet_addr src_min, src_max; 13 + union nf_inet_addr dst_min, dst_max; 14 + u_int8_t flags; 15 + }; 16 + 17 + #endif /* _LINUX_NETFILTER_XT_IPRANGE_H */
+1 -5
include/linux/netfilter_ipv4/ipt_iprange.h
··· 2 2 #define _IPT_IPRANGE_H 3 3 4 4 #include <linux/types.h> 5 - 6 - #define IPRANGE_SRC 0x01 /* Match source IP address */ 7 - #define IPRANGE_DST 0x02 /* Match destination IP address */ 8 - #define IPRANGE_SRC_INV 0x10 /* Negate the condition */ 9 - #define IPRANGE_DST_INV 0x20 /* Negate the condition */ 5 + #include <linux/netfilter/xt_iprange.h> 10 6 11 7 struct ipt_iprange { 12 8 /* Inclusive: network order. */
-10
net/ipv4/netfilter/Kconfig
··· 57 57 To compile it as a module, choose M here. If unsure, say N. 58 58 59 59 # The matches. 60 - config IP_NF_MATCH_IPRANGE 61 - tristate '"iprange" match support' 62 - depends on IP_NF_IPTABLES 63 - depends on NETFILTER_ADVANCED 64 - help 65 - This option makes possible to match IP addresses against IP address 66 - ranges. 67 - 68 - To compile it as a module, choose M here. If unsure, say N. 69 - 70 60 config IP_NF_MATCH_RECENT 71 61 tristate '"recent" match support' 72 62 depends on IP_NF_IPTABLES
-1
net/ipv4/netfilter/Makefile
··· 44 44 obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o 45 45 obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o 46 46 obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o 47 - obj-$(CONFIG_IP_NF_MATCH_IPRANGE) += ipt_iprange.o 48 47 obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o 49 48 obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o 50 49
+13 -14
net/ipv4/netfilter/ipt_iprange.c net/netfilter/xt_iprange.c
··· 1 1 /* 2 - * iptables module to match IP address ranges 2 + * xt_iprange - Netfilter module to match IP address ranges 3 3 * 4 - * (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 4 + * (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 5 5 * 6 - * This program is free software; you can redistribute it and/or modify 7 - * it under the terms of the GNU General Public License version 2 as 8 - * published by the Free Software Foundation. 6 + * This program is free software; you can redistribute it and/or modify 7 + * it under the terms of the GNU General Public License version 2 as 8 + * published by the Free Software Foundation. 9 9 */ 10 10 #include <linux/module.h> 11 11 #include <linux/skbuff.h> ··· 13 13 #include <linux/netfilter/x_tables.h> 14 14 #include <linux/netfilter_ipv4/ipt_iprange.h> 15 15 16 - MODULE_LICENSE("GPL"); 17 - MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); 18 - MODULE_DESCRIPTION("Xtables: arbitrary IPv4 range matching"); 19 - 20 16 static bool 21 - iprange_mt(const struct sk_buff *skb, const struct net_device *in, 22 - const struct net_device *out, const struct xt_match *match, 23 - const void *matchinfo, int offset, unsigned int protoff, 24 - bool *hotdrop) 17 + iprange_mt_v0(const struct sk_buff *skb, const struct net_device *in, 18 + const struct net_device *out, const struct xt_match *match, 19 + const void *matchinfo, int offset, unsigned int protoff, 20 + bool *hotdrop) 25 21 { 26 22 const struct ipt_iprange_info *info = matchinfo; 27 23 const struct iphdr *iph = ip_hdr(skb); ··· 54 58 static struct xt_match iprange_mt_reg __read_mostly = { 55 59 .name = "iprange", 56 60 .family = AF_INET, 57 - .match = iprange_mt, 61 + .match = iprange_mt_v0, 58 62 .matchsize = sizeof(struct ipt_iprange_info), 59 63 .me = THIS_MODULE 60 64 }; ··· 71 75 72 76 module_init(iprange_mt_init); 73 77 module_exit(iprange_mt_exit); 78 + MODULE_LICENSE("GPL"); 79 + MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); 80 + MODULE_DESCRIPTION("Xtables: arbitrary IPv4 range matching");
+11
net/netfilter/Kconfig
··· 567 567 568 568 To compile it as a module, choose M here. If unsure, say Y. 569 569 570 + config NETFILTER_XT_MATCH_IPRANGE 571 + tristate '"iprange" address range match support' 572 + depends on NETFILTER_XTABLES 573 + depends on NETFILTER_ADVANCED 574 + ---help--- 575 + This option adds a "iprange" match, which allows you to match based on 576 + an IP address range. (Normal iptables only matches on single addresses 577 + with an optional mask.) 578 + 579 + If unsure, say M. 580 + 570 581 config NETFILTER_XT_MATCH_LENGTH 571 582 tristate '"length" match support' 572 583 depends on NETFILTER_XTABLES
+1
net/netfilter/Makefile
··· 63 63 obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o 64 64 obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o 65 65 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o 66 + obj-$(CONFIG_NETFILTER_XT_MATCH_IPRANGE) += xt_iprange.o 66 67 obj-$(CONFIG_NETFILTER_XT_MATCH_LENGTH) += xt_length.o 67 68 obj-$(CONFIG_NETFILTER_XT_MATCH_LIMIT) += xt_limit.o 68 69 obj-$(CONFIG_NETFILTER_XT_MATCH_MAC) += xt_mac.o