diff -Naur linux-2.4.19.orig/include/linux/netfilter_ipv4/ipt_mask.h linux-2.4.19/include/linux/netfilter_ipv4/ipt_mask.h --- linux-2.4.19.orig/include/linux/netfilter_ipv4/ipt_mask.h 1969-12-31 21:00:00.000000000 -0300 +++ linux-2.4.19/include/linux/netfilter_ipv4/ipt_mask.h 2002-11-12 18:56:51.000000000 -0300 @@ -0,0 +1,9 @@ +#ifndef _IPT_MASK_H +#define _IPT_MASK_H + + +struct ipt_mask_info { + u_int32_t and_mask; // mask to be ANDed whit addres + u_int32_t cmpr_mask; // mask to compare after AND +}; +#endif /*_IPT_MASK_H*/ diff -Naur linux-2.4.19.orig/net/ipv4/netfilter/Config.in linux-2.4.19/net/ipv4/netfilter/Config.in --- linux-2.4.19.orig/net/ipv4/netfilter/Config.in 2002-08-02 21:39:46.000000000 -0300 +++ linux-2.4.19/net/ipv4/netfilter/Config.in 2002-11-16 17:11:50.000000000 -0300 @@ -25,6 +25,8 @@ dep_tristate ' LENGTH match support' CONFIG_IP_NF_MATCH_LENGTH $CONFIG_IP_NF_IPTABLES dep_tristate ' TTL match support' CONFIG_IP_NF_MATCH_TTL $CONFIG_IP_NF_IPTABLES dep_tristate ' tcpmss match support' CONFIG_IP_NF_MATCH_TCPMSS $CONFIG_IP_NF_IPTABLES + dep_tristate ' arbitrary mask syntax match support' CONFIG_IP_NF_MATCH_MASK $CONFIG_IP_NF_IPTABLES + if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then dep_tristate ' Connection state match support' CONFIG_IP_NF_MATCH_STATE $CONFIG_IP_NF_CONNTRACK $CONFIG_IP_NF_IPTABLES fi diff -Naur linux-2.4.19.orig/net/ipv4/netfilter/ipt_mask.c linux-2.4.19/net/ipv4/netfilter/ipt_mask.c --- linux-2.4.19.orig/net/ipv4/netfilter/ipt_mask.c 1969-12-31 21:00:00.000000000 -0300 +++ linux-2.4.19/net/ipv4/netfilter/ipt_mask.c 2002-11-16 17:13:33.000000000 -0300 @@ -0,0 +1,57 @@ +/* Kernel module to match daddress against arbitrary syntax mask. +* +* Copyright (c) 2002 Luciano Ruete +* +* This program is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include +#include +#include +#include +#include + + +#include +#include + + +static int +match(const struct sk_buff *skb, + const struct net_device *in, + const struct net_device *out, + const void *matchinfo, + int offset, + const void *hdr, + u_int16_t datalen, + int *hotdrop) +{ + const struct ipt_mask_info *info = matchinfo; + if (( skb->nh.iph->daddr & info->and_mask) ^ info->cmpr_mask) + return 0; + return 1; + +} +static int +checkentry(const char *tablename, + const struct ipt_ip *ip, + void *matchinfo, + unsigned int matchsize, + unsigned int hook_mask) +{ + if (matchsize != IPT_ALIGN(sizeof(struct ipt_mask_info))) + return 0; + return 1; +} + +static struct ipt_match mask_match += { { NULL, NULL }, "mask", &match, &checkentry, NULL, THIS_MODULE }; + +static int __init init(void) +{ + return ipt_register_match(&mask_match); +} + +static void __exit fini(void) +{ + ipt_unregister_match(&mask_match); +} + +module_init(init); +module_exit(fini); +MODULE_LICENSE("GPL"); + diff -Naur linux-2.4.19.orig/net/ipv4/netfilter/Makefile linux-2.4.19/net/ipv4/netfilter/Makefile --- linux-2.4.19.orig/net/ipv4/netfilter/Makefile 2002-08-02 21:39:46.000000000 -0300 +++ linux-2.4.19/net/ipv4/netfilter/Makefile 2002-11-12 18:56:03.000000000 -0300 @@ -55,6 +55,7 @@ obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o obj-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah.o ipt_esp.o +obj-$(CONFIG_IP_NF_MATCH_MASK) += ipt_mask.o obj-$(CONFIG_IP_NF_MATCH_LENGTH) += ipt_length.o