release/src-rt-6.x/linux/linux-2.6/net/ipv4/netfilter/ipt_SET.c

   1 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
   2  *                         Patrick Schaaf <bof@bof.de>
   3  *                         Martin Josefsson <gandalf@wlug.westbo.se>
   4  * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 as
   8  * published by the Free Software Foundation.
   9  */
  10
  11 /* ipt_SET.c - netfilter target to manipulate IP sets */
  12
  13 #include <linux/module.h>
  14 #include <linux/ip.h>
  15 #include <linux/skbuff.h>
  16 #include <linux/version.h>
  17
  18 #include <linux/netfilter_ipv4.h>
  19 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
  20 #include <linux/netfilter_ipv4/ip_tables.h>
  21 #define xt_register_target      ipt_register_target
  22 #define xt_unregister_target    ipt_unregister_target
  23 #define xt_target               ipt_target
  24 #define XT_CONTINUE             IPT_CONTINUE
  25 #else
  26 #include <linux/netfilter/x_tables.h>
  27 #endif
  28 #include <linux/netfilter_ipv4/ipt_set.h>
  29
  30 static unsigned int
  31 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
  32 target(struct sk_buff **pskb,
  33        unsigned int hooknum,
  34        const struct net_device *in,
  35        const struct net_device *out,
  36        const void *targinfo,
  37        void *userinfo)
  38 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
  39 target(struct sk_buff **pskb,
  40        const struct net_device *in,
  41        const struct net_device *out,
  42        unsigned int hooknum,
  43        const void *targinfo,
  44        void *userinfo)
  45 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
  46 target(struct sk_buff **pskb,
  47        const struct net_device *in,
  48        const struct net_device *out,
  49        unsigned int hooknum,
  50        const struct xt_target *target,
  51        const void *targinfo,
  52        void *userinfo)
  53 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
  54 target(struct sk_buff **pskb,
  55        const struct net_device *in,
  56        const struct net_device *out,
  57        unsigned int hooknum,
  58        const struct xt_target *target,
  59        const void *targinfo)
  60 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
  61 target(struct sk_buff *skb,
  62        const struct net_device *in,
  63        const struct net_device *out,
  64        unsigned int hooknum,
  65        const struct xt_target *target,
  66        const void *targinfo)
  67 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
  68 target(struct sk_buff *skb,
  69        const struct xt_target_param *par)
  70 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */
  71 target(struct sk_buff *skb,
  72        const struct xt_action_param *par)
  73 #endif
  74 {
  75 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
  76         const struct ipt_set_info_target *info = targinfo;
  77 #else
  78         const struct ipt_set_info_target *info = par->targinfo;
  79 #endif
  80 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
  81         struct sk_buff *skb = *pskb;
  82 #endif
  83
  84
  85         if (info->add_set.index != IP_SET_INVALID_ID)
  86                 ip_set_addip_kernel(info->add_set.index,
  87                                     skb,
  88                                     info->add_set.flags);
  89         if (info->del_set.index != IP_SET_INVALID_ID)
  90                 ip_set_delip_kernel(info->del_set.index,
  91                                     skb,
  92                                     info->del_set.flags);
  93
  94         return XT_CONTINUE;
  95 }
  96
  97 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
  98 #define CHECK_OK        1
  99 #define CHECK_FAIL      0
 100 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */
 101 #define CHECK_OK        0
 102 #define CHECK_FAIL      -EINVAL
 103 #endif
 104
 105 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
 106 static int
 107 checkentry(const char *tablename,
 108            const struct ipt_entry *e,
 109            void *targinfo,
 110            unsigned int targinfosize,
 111            unsigned int hook_mask)
 112 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
 113 static int
 114 checkentry(const char *tablename,
 115            const void *e,
 116            void *targinfo,
 117            unsigned int targinfosize,
 118            unsigned int hook_mask)
 119 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 120 static int
 121 checkentry(const char *tablename,
 122            const void *e,
 123            const struct xt_target *target,
 124            void *targinfo,
 125            unsigned int targinfosize,
 126            unsigned int hook_mask)
 127 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
 128 static int
 129 checkentry(const char *tablename,
 130            const void *e,
 131            const struct xt_target *target,
 132            void *targinfo,
 133            unsigned int hook_mask)
 134 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
 135 static bool
 136 checkentry(const char *tablename,
 137            const void *e,
 138            const struct xt_target *target,
 139            void *targinfo,
 140            unsigned int hook_mask)
 141 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
 142 static bool
 143 checkentry(const struct xt_tgchk_param *par)
 144 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */
 145 static int
 146 checkentry(const struct xt_tgchk_param *par)
 147 #endif
 148 {
 149 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
 150         const struct ipt_set_info_target *info = targinfo;
 151 #else
 152         const struct ipt_set_info_target *info = par->targinfo;
 153 #endif
 154         ip_set_id_t index;
 155
 156 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
 157         if (targinfosize != IPT_ALIGN(sizeof(*info))) {
 158                 DP("bad target info size %u", targinfosize);
 159                 return CHECK_FAIL;
 160         }
 161 #endif
 162
 163         if (info->add_set.index != IP_SET_INVALID_ID) {
 164                 index = ip_set_get_byindex(info->add_set.index);
 165                 if (index == IP_SET_INVALID_ID) {
 166                         ip_set_printk("cannot find add_set index %u as target",
 167                                       info->add_set.index);
 168                         return CHECK_FAIL;      /* error */
 169                 }
 170         }
 171
 172         if (info->del_set.index != IP_SET_INVALID_ID) {
 173                 index = ip_set_get_byindex(info->del_set.index);
 174                 if (index == IP_SET_INVALID_ID) {
 175                         ip_set_printk("cannot find del_set index %u as target",
 176                                       info->del_set.index);
 177                         return CHECK_FAIL;      /* error */
 178                 }
 179         }
 180         if (info->add_set.flags[IP_SET_MAX_BINDINGS] != 0
 181             || info->del_set.flags[IP_SET_MAX_BINDINGS] != 0) {
 182                 ip_set_printk("That's nasty!");
 183                 return CHECK_FAIL;      /* error */
 184         }
 185
 186         return CHECK_OK;
 187 }
 188
 189 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
 190 static void destroy(void *targetinfo,
 191                     unsigned int targetsize)
 192 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
 193 static void destroy(const struct xt_target *target,
 194                     void *targetinfo,
 195                     unsigned int targetsize)
 196 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
 197 static void destroy(const struct xt_target *target,
 198                     void *targetinfo)
 199 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) */
 200 static void destroy(const struct xt_tgdtor_param *par)
 201 #endif
 202 {
 203 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
 204         const struct ipt_set_info_target *info = targetinfo;
 205 #else
 206         const struct ipt_set_info_target *info = par->targinfo;
 207 #endif
 208
 209 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
 210         if (targetsize != IPT_ALIGN(sizeof(struct ipt_set_info_target))) {
 211                 ip_set_printk("invalid targetsize %d", targetsize);
 212                 return;
 213         }
 214 #endif
 215         if (info->add_set.index != IP_SET_INVALID_ID)
 216                 ip_set_put_byindex(info->add_set.index);
 217         if (info->del_set.index != IP_SET_INVALID_ID)
 218                 ip_set_put_byindex(info->del_set.index);
 219 }
 220
 221 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
 222 static struct xt_target SET_target = {
 223         .name           = "SET",
 224         .target         = target,
 225         .checkentry     = checkentry,
 226         .destroy        = destroy,
 227         .me             = THIS_MODULE
 228 };
 229 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */
 230 static struct xt_target SET_target = {
 231         .name           = "SET",
 232         .family         = AF_INET,
 233         .target         = target,
 234         .targetsize     = sizeof(struct ipt_set_info_target),
 235         .checkentry     = checkentry,
 236         .destroy        = destroy,
 237         .me             = THIS_MODULE
 238 };
 239 #endif
 240
 241 MODULE_LICENSE("GPL");
 242 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
 243 MODULE_DESCRIPTION("iptables IP set target module");
 244
 245 static int __init ipt_SET_init(void)
 246 {
 247         return xt_register_target(&SET_target);
 248 }
 249
 250 static void __exit ipt_SET_fini(void)
 251 {
 252         xt_unregister_target(&SET_target);
 253 }
 254
 255 module_init(ipt_SET_init);
 256 module_exit(ipt_SET_fini);