1 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
2 * Patrick Schaaf <bof@bof.de>
3 * Martin Josefsson <gandalf@wlug.westbo.se>
4 * Copyright (C) 2003-2004 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
11 /* ipt_SET.c - netfilter target to manipulate IP sets */
13 #include <linux/module.h>
15 #include <linux/skbuff.h>
16 #include <linux/version.h>
18 #include <linux/netfilter_ipv4.h>
19 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
20 #include <linux/netfilter_ipv4/ip_tables.h>
21 #define xt_register_target ipt_register_target
22 #define xt_unregister_target ipt_unregister_target
23 #define xt_target ipt_target
24 #define XT_CONTINUE IPT_CONTINUE
26 #include <linux/netfilter/x_tables.h>
28 #include <linux/netfilter_ipv4/ipt_set.h>
31 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
32 target(struct sk_buff
**pskb
,
34 const struct net_device
*in
,
35 const struct net_device
*out
,
38 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
39 target(struct sk_buff
**pskb
,
40 const struct net_device
*in
,
41 const struct net_device
*out
,
45 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
46 target(struct sk_buff
**pskb
,
47 const struct net_device
*in
,
48 const struct net_device
*out
,
50 const struct xt_target
*target
,
53 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
54 target(struct sk_buff
**pskb
,
55 const struct net_device
*in
,
56 const struct net_device
*out
,
58 const struct xt_target
*target
,
60 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
61 target(struct sk_buff
*skb
,
62 const struct net_device
*in
,
63 const struct net_device
*out
,
65 const struct xt_target
*target
,
67 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
68 target(struct sk_buff
*skb
,
69 const struct xt_target_param
*par
)
70 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */
71 target(struct sk_buff
*skb
,
72 const struct xt_action_param
*par
)
75 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
76 const struct ipt_set_info_target
*info
= targinfo
;
78 const struct ipt_set_info_target
*info
= par
->targinfo
;
80 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
81 struct sk_buff
*skb
= *pskb
;
85 if (info
->add_set
.index
!= IP_SET_INVALID_ID
)
86 ip_set_addip_kernel(info
->add_set
.index
,
89 if (info
->del_set
.index
!= IP_SET_INVALID_ID
)
90 ip_set_delip_kernel(info
->del_set
.index
,
97 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
100 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */
102 #define CHECK_FAIL -EINVAL
105 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
107 checkentry(const char *tablename
,
108 const struct ipt_entry
*e
,
110 unsigned int targinfosize
,
111 unsigned int hook_mask
)
112 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
114 checkentry(const char *tablename
,
117 unsigned int targinfosize
,
118 unsigned int hook_mask
)
119 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
121 checkentry(const char *tablename
,
123 const struct xt_target
*target
,
125 unsigned int targinfosize
,
126 unsigned int hook_mask
)
127 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
129 checkentry(const char *tablename
,
131 const struct xt_target
*target
,
133 unsigned int hook_mask
)
134 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
136 checkentry(const char *tablename
,
138 const struct xt_target
*target
,
140 unsigned int hook_mask
)
141 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,35)
143 checkentry(const struct xt_tgchk_param
*par
)
144 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,35) */
146 checkentry(const struct xt_tgchk_param
*par
)
149 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
150 const struct ipt_set_info_target
*info
= targinfo
;
152 const struct ipt_set_info_target
*info
= par
->targinfo
;
156 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
157 if (targinfosize
!= IPT_ALIGN(sizeof(*info
))) {
158 DP("bad target info size %u", targinfosize
);
163 if (info
->add_set
.index
!= IP_SET_INVALID_ID
) {
164 index
= ip_set_get_byindex(info
->add_set
.index
);
165 if (index
== IP_SET_INVALID_ID
) {
166 ip_set_printk("cannot find add_set index %u as target",
167 info
->add_set
.index
);
168 return CHECK_FAIL
; /* error */
172 if (info
->del_set
.index
!= IP_SET_INVALID_ID
) {
173 index
= ip_set_get_byindex(info
->del_set
.index
);
174 if (index
== IP_SET_INVALID_ID
) {
175 ip_set_printk("cannot find del_set index %u as target",
176 info
->del_set
.index
);
177 return CHECK_FAIL
; /* error */
180 if (info
->add_set
.flags
[IP_SET_MAX_BINDINGS
] != 0
181 || info
->del_set
.flags
[IP_SET_MAX_BINDINGS
] != 0) {
182 ip_set_printk("That's nasty!");
183 return CHECK_FAIL
; /* error */
189 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
190 static void destroy(void *targetinfo
,
191 unsigned int targetsize
)
192 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
193 static void destroy(const struct xt_target
*target
,
195 unsigned int targetsize
)
196 #elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
197 static void destroy(const struct xt_target
*target
,
199 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,28) */
200 static void destroy(const struct xt_tgdtor_param
*par
)
203 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
204 const struct ipt_set_info_target
*info
= targetinfo
;
206 const struct ipt_set_info_target
*info
= par
->targinfo
;
209 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
210 if (targetsize
!= IPT_ALIGN(sizeof(struct ipt_set_info_target
))) {
211 ip_set_printk("invalid targetsize %d", targetsize
);
215 if (info
->add_set
.index
!= IP_SET_INVALID_ID
)
216 ip_set_put_byindex(info
->add_set
.index
);
217 if (info
->del_set
.index
!= IP_SET_INVALID_ID
)
218 ip_set_put_byindex(info
->del_set
.index
);
221 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
222 static struct xt_target SET_target
= {
225 .checkentry
= checkentry
,
229 #else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */
230 static struct xt_target SET_target
= {
234 .targetsize
= sizeof(struct ipt_set_info_target
),
235 .checkentry
= checkentry
,
241 MODULE_LICENSE("GPL");
242 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
243 MODULE_DESCRIPTION("iptables IP set target module");
245 static int __init
ipt_SET_init(void)
247 return xt_register_target(&SET_target
);
250 static void __exit
ipt_SET_fini(void)
252 xt_unregister_target(&SET_target
);
255 module_init(ipt_SET_init
);
256 module_exit(ipt_SET_fini
);