* [PATCH 1/2] libipt_addrtype: rename to libxt_addrtype
@ 2011-03-07 21:30 Florian Westphal
2011-03-07 21:30 ` [PATCH 2/2] libxt_addrtype: ipv6 support Florian Westphal
0 siblings, 1 reply; 2+ messages in thread
From: Florian Westphal @ 2011-03-07 21:30 UTC (permalink / raw)
To: netfilter-devel
From: Florian Westphal <fwestphal@astaro.com>
prepare for ipv6 support.
Signed-off-by: Florian Westphal <fwestphal@astaro.com>
---
extensions/{libipt_addrtype.c => libxt_addrtype.c} | 0
.../{libipt_addrtype.man => libxt_addrtype.man} | 0
include/linux/netfilter/xt_addrtype.h | 44 ++++++++++++++++++++
include/linux/netfilter_ipv4/ipt_addrtype.h | 25 -----------
4 files changed, 44 insertions(+), 25 deletions(-)
rename extensions/{libipt_addrtype.c => libxt_addrtype.c} (100%)
rename extensions/{libipt_addrtype.man => libxt_addrtype.man} (100%)
create mode 100644 include/linux/netfilter/xt_addrtype.h
delete mode 100644 include/linux/netfilter_ipv4/ipt_addrtype.h
diff --git a/extensions/libipt_addrtype.c b/extensions/libxt_addrtype.c
similarity index 100%
rename from extensions/libipt_addrtype.c
rename to extensions/libxt_addrtype.c
diff --git a/extensions/libipt_addrtype.man b/extensions/libxt_addrtype.man
similarity index 100%
rename from extensions/libipt_addrtype.man
rename to extensions/libxt_addrtype.man
diff --git a/include/linux/netfilter/xt_addrtype.h b/include/linux/netfilter/xt_addrtype.h
new file mode 100644
index 0000000..b156baa
--- /dev/null
+++ b/include/linux/netfilter/xt_addrtype.h
@@ -0,0 +1,44 @@
+#ifndef _XT_ADDRTYPE_H
+#define _XT_ADDRTYPE_H
+
+#include <linux/types.h>
+
+enum {
+ XT_ADDRTYPE_INVERT_SOURCE = 0x0001,
+ XT_ADDRTYPE_INVERT_DEST = 0x0002,
+ XT_ADDRTYPE_LIMIT_IFACE_IN = 0x0004,
+ XT_ADDRTYPE_LIMIT_IFACE_OUT = 0x0008,
+};
+
+
+/* rtn_type enum values from rtnetlink.h, but shifted */
+enum {
+ XT_ADDRTYPE_UNSPEC = 1 << 0,
+ XT_ADDRTYPE_UNICAST = 1 << 1, /* 1 << RTN_UNICAST */
+ XT_ADDRTYPE_LOCAL = 1 << 2, /* 1 << RTN_LOCAL, etc */
+ XT_ADDRTYPE_BROADCAST = 1 << 3,
+ XT_ADDRTYPE_ANYCAST = 1 << 4,
+ XT_ADDRTYPE_MULTICAST = 1 << 5,
+ XT_ADDRTYPE_BLACKHOLE = 1 << 6,
+ XT_ADDRTYPE_UNREACHABLE = 1 << 7,
+ XT_ADDRTYPE_PROHIBIT = 1 << 8,
+ XT_ADDRTYPE_THROW = 1 << 9,
+ XT_ADDRTYPE_NAT = 1 << 10,
+ XT_ADDRTYPE_XRESOLVE = 1 << 11,
+};
+
+struct xt_addrtype_info_v1 {
+ __u16 source; /* source-type mask */
+ __u16 dest; /* dest-type mask */
+ __u32 flags;
+};
+
+/* revision 0 */
+struct xt_addrtype_info {
+ __u16 source; /* source-type mask */
+ __u16 dest; /* dest-type mask */
+ __u32 invert_source;
+ __u32 invert_dest;
+};
+
+#endif
diff --git a/include/linux/netfilter_ipv4/ipt_addrtype.h b/include/linux/netfilter_ipv4/ipt_addrtype.h
deleted file mode 100644
index 446de6a..0000000
--- a/include/linux/netfilter_ipv4/ipt_addrtype.h
+++ /dev/null
@@ -1,25 +0,0 @@
-#ifndef _IPT_ADDRTYPE_H
-#define _IPT_ADDRTYPE_H
-
-enum {
- IPT_ADDRTYPE_INVERT_SOURCE = 0x0001,
- IPT_ADDRTYPE_INVERT_DEST = 0x0002,
- IPT_ADDRTYPE_LIMIT_IFACE_IN = 0x0004,
- IPT_ADDRTYPE_LIMIT_IFACE_OUT = 0x0008,
-};
-
-struct ipt_addrtype_info_v1 {
- u_int16_t source; /* source-type mask */
- u_int16_t dest; /* dest-type mask */
- u_int32_t flags;
-};
-
-/* revision 0 */
-struct ipt_addrtype_info {
- u_int16_t source; /* source-type mask */
- u_int16_t dest; /* dest-type mask */
- u_int32_t invert_source;
- u_int32_t invert_dest;
-};
-
-#endif
--
1.7.3.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH 2/2] libxt_addrtype: ipv6 support
2011-03-07 21:30 [PATCH 1/2] libipt_addrtype: rename to libxt_addrtype Florian Westphal
@ 2011-03-07 21:30 ` Florian Westphal
0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2011-03-07 21:30 UTC (permalink / raw)
To: netfilter-devel
From: Florian Westphal <fwestphal@astaro.com>
Fairly straightforward from userspace view.
Use XT_ADDRTYE_UNSPEC etc. instead of relying on RTN_* values from
rtnetlink.h.
XT_ADDRTYPE_ values .. match the shifted RTN_ ones, so this change is
compatible.
Signed-off-by: Florian Westphal <fwestphal@astaro.com>
---
extensions/libxt_addrtype.c | 195 ++++++++++++++++++++++++++-----------------
1 files changed, 118 insertions(+), 77 deletions(-)
diff --git a/extensions/libxt_addrtype.c b/extensions/libxt_addrtype.c
index a592f0d..14be638 100644
--- a/extensions/libxt_addrtype.c
+++ b/extensions/libxt_addrtype.c
@@ -8,31 +8,38 @@
#include <getopt.h>
#include <xtables.h>
-#include <linux/netfilter_ipv4/ipt_addrtype.h>
-
-/* from linux/rtnetlink.h, must match order of enumeration */
-static const char *const rtn_names[] = {
- "UNSPEC",
- "UNICAST",
- "LOCAL",
- "BROADCAST",
- "ANYCAST",
- "MULTICAST",
- "BLACKHOLE",
- "UNREACHABLE",
- "PROHIBIT",
- "THROW",
- "NAT",
- "XRESOLVE",
- NULL
+#include <linux/netfilter/xt_addrtype.h>
+
+#define __stringify_1(x...) #x
+#define __stringify(x...) __stringify_1(x)
+#define NAME_MASK(x) { __stringify(x), XT_ADDRTYPE_ ## x, }
+
+static struct {
+ const char *name;
+ uint32_t maskbit;
+} rtn_names[] = {
+ NAME_MASK(UNSPEC),
+ NAME_MASK(UNICAST),
+ NAME_MASK(LOCAL),
+ NAME_MASK(BROADCAST),
+ NAME_MASK(ANYCAST),
+ NAME_MASK(MULTICAST),
+ NAME_MASK(BLACKHOLE),
+ NAME_MASK(UNREACHABLE),
+ NAME_MASK(PROHIBIT),
+ NAME_MASK(THROW),
+ NAME_MASK(NAT),
+ NAME_MASK(XRESOLVE),
+
+ { NULL, 0 }
};
static void addrtype_help_types(void)
{
int i;
- for (i = 0; rtn_names[i]; i++)
- printf(" %s\n", rtn_names[i]);
+ for (i = 0; rtn_names[i].name; i++)
+ printf(" %s\n", rtn_names[i].name);
}
static void addrtype_help_v0(void)
@@ -56,18 +63,38 @@ static void addrtype_help_v1(void)
" --limit-iface-out Match only on the packet's incoming device\n"
"\n"
"Valid types: \n");
+}
+
+static void addrtype_help4_v1(void)
+{
+ addrtype_help_v1();
addrtype_help_types();
}
+static void addrtype_help6_v1(void)
+{
+ int i;
+ addrtype_help_v1();
+
+ for (i = 0; rtn_names[i].name ; i++) {
+ if (rtn_names[i].maskbit == XT_ADDRTYPE_BROADCAST ||
+ rtn_names[i].maskbit == XT_ADDRTYPE_BLACKHOLE)
+ continue;
+ if (rtn_names[i].maskbit == XT_ADDRTYPE_PROHIBIT)
+ break;
+
+ printf(" %s\n", rtn_names[i].name);
+ }
+}
+
static int
parse_type(const char *name, size_t len, uint16_t *mask)
{
int i;
- for (i = 0; rtn_names[i]; i++)
- if (strncasecmp(name, rtn_names[i], len) == 0) {
- /* build up bitmask for kernel module */
- *mask |= (1 << i);
+ for (i = 0; rtn_names[i].name; i++)
+ if (strncasecmp(name, rtn_names[i].name, len) == 0) {
+ *mask |= rtn_names[i].maskbit;
return 1;
}
@@ -88,42 +115,42 @@ static void parse_types(const char *arg, uint16_t *mask)
if (strlen(arg) == 0 || !parse_type(arg, strlen(arg), mask))
xtables_error(PARAMETER_PROBLEM, "addrtype: bad type \"%s\"", arg);
}
-
-#define IPT_ADDRTYPE_OPT_SRCTYPE 0x1
-#define IPT_ADDRTYPE_OPT_DSTTYPE 0x2
-#define IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN 0x4
-#define IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT 0x8
+
+#define XT_ADDRTYPE_OPT_SRCTYPE 0x1
+#define XT_ADDRTYPE_OPT_DSTTYPE 0x2
+#define XT_ADDRTYPE_OPT_LIMIT_IFACE_IN 0x4
+#define XT_ADDRTYPE_OPT_LIMIT_IFACE_OUT 0x8
static int
addrtype_parse_v0(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
- struct ipt_addrtype_info *info =
- (struct ipt_addrtype_info *) (*match)->data;
+ struct xt_addrtype_info *info =
+ (struct xt_addrtype_info *) (*match)->data;
switch (c) {
case '1':
- if (*flags&IPT_ADDRTYPE_OPT_SRCTYPE)
+ if (*flags&XT_ADDRTYPE_OPT_SRCTYPE)
xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify src-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
parse_types(optarg, &info->source);
if (invert)
info->invert_source = 1;
- *flags |= IPT_ADDRTYPE_OPT_SRCTYPE;
+ *flags |= XT_ADDRTYPE_OPT_SRCTYPE;
break;
case '2':
- if (*flags&IPT_ADDRTYPE_OPT_DSTTYPE)
+ if (*flags&XT_ADDRTYPE_OPT_DSTTYPE)
xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify dst-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
parse_types(optarg, &info->dest);
if (invert)
info->invert_dest = 1;
- *flags |= IPT_ADDRTYPE_OPT_DSTTYPE;
+ *flags |= XT_ADDRTYPE_OPT_DSTTYPE;
break;
}
-
+
return 1;
}
@@ -131,43 +158,43 @@ static int
addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
- struct ipt_addrtype_info_v1 *info =
- (struct ipt_addrtype_info_v1 *) (*match)->data;
+ struct xt_addrtype_info_v1 *info =
+ (struct xt_addrtype_info_v1 *) (*match)->data;
switch (c) {
case '1':
- if (*flags & IPT_ADDRTYPE_OPT_SRCTYPE)
+ if (*flags & XT_ADDRTYPE_OPT_SRCTYPE)
xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify src-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
parse_types(optarg, &info->source);
if (invert)
- info->flags |= IPT_ADDRTYPE_INVERT_SOURCE;
- *flags |= IPT_ADDRTYPE_OPT_SRCTYPE;
+ info->flags |= XT_ADDRTYPE_INVERT_SOURCE;
+ *flags |= XT_ADDRTYPE_OPT_SRCTYPE;
break;
case '2':
- if (*flags & IPT_ADDRTYPE_OPT_DSTTYPE)
+ if (*flags & XT_ADDRTYPE_OPT_DSTTYPE)
xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify dst-type twice");
xtables_check_inverse(optarg, &invert, &optind, 0, argv);
parse_types(optarg, &info->dest);
if (invert)
- info->flags |= IPT_ADDRTYPE_INVERT_DEST;
- *flags |= IPT_ADDRTYPE_OPT_DSTTYPE;
+ info->flags |= XT_ADDRTYPE_INVERT_DEST;
+ *flags |= XT_ADDRTYPE_OPT_DSTTYPE;
break;
case '3':
- if (*flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN)
+ if (*flags & XT_ADDRTYPE_OPT_LIMIT_IFACE_IN)
xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify limit-iface-in twice");
- info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_IN;
- *flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN;
+ info->flags |= XT_ADDRTYPE_LIMIT_IFACE_IN;
+ *flags |= XT_ADDRTYPE_OPT_LIMIT_IFACE_IN;
break;
case '4':
- if (*flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT)
+ if (*flags & XT_ADDRTYPE_OPT_LIMIT_IFACE_OUT)
xtables_error(PARAMETER_PROBLEM,
"addrtype: can't specify limit-iface-out twice");
- info->flags |= IPT_ADDRTYPE_LIMIT_IFACE_OUT;
- *flags |= IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT;
+ info->flags |= XT_ADDRTYPE_LIMIT_IFACE_OUT;
+ *flags |= XT_ADDRTYPE_OPT_LIMIT_IFACE_OUT;
break;
}
@@ -176,18 +203,18 @@ addrtype_parse_v1(int c, char **argv, int invert, unsigned int *flags,
static void addrtype_check_v0(unsigned int flags)
{
- if (!(flags & (IPT_ADDRTYPE_OPT_SRCTYPE|IPT_ADDRTYPE_OPT_DSTTYPE)))
+ if (!(flags & (XT_ADDRTYPE_OPT_SRCTYPE|XT_ADDRTYPE_OPT_DSTTYPE)))
xtables_error(PARAMETER_PROBLEM,
"addrtype: you must specify --src-type or --dst-type");
}
static void addrtype_check_v1(unsigned int flags)
{
- if (!(flags & (IPT_ADDRTYPE_OPT_SRCTYPE|IPT_ADDRTYPE_OPT_DSTTYPE)))
+ if (!(flags & (XT_ADDRTYPE_OPT_SRCTYPE|XT_ADDRTYPE_OPT_DSTTYPE)))
xtables_error(PARAMETER_PROBLEM,
"addrtype: you must specify --src-type or --dst-type");
- if (flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_IN &&
- flags & IPT_ADDRTYPE_OPT_LIMIT_IFACE_OUT)
+ if (flags & XT_ADDRTYPE_OPT_LIMIT_IFACE_IN &&
+ flags & XT_ADDRTYPE_OPT_LIMIT_IFACE_OUT)
xtables_error(PARAMETER_PROBLEM,
"addrtype: you can't specify both --limit-iface-in "
"and --limit-iface-out");
@@ -198,9 +225,9 @@ static void print_types(uint16_t mask)
const char *sep = "";
int i;
- for (i = 0; rtn_names[i]; i++)
- if (mask & (1 << i)) {
- printf("%s%s", sep, rtn_names[i]);
+ for (i = 0; rtn_names[i].name; i++)
+ if (mask & rtn_names[i].maskbit) {
+ printf("%s%s", sep, rtn_names[i].name);
sep = ",";
}
}
@@ -208,8 +235,8 @@ static void print_types(uint16_t mask)
static void addrtype_print_v0(const void *ip, const struct xt_entry_match *match,
int numeric)
{
- const struct ipt_addrtype_info *info =
- (struct ipt_addrtype_info *) match->data;
+ const struct xt_addrtype_info *info =
+ (struct xt_addrtype_info *) match->data;
printf(" ADDRTYPE match");
if (info->source) {
@@ -229,34 +256,34 @@ static void addrtype_print_v0(const void *ip, const struct xt_entry_match *match
static void addrtype_print_v1(const void *ip, const struct xt_entry_match *match,
int numeric)
{
- const struct ipt_addrtype_info_v1 *info =
- (struct ipt_addrtype_info_v1 *) match->data;
+ const struct xt_addrtype_info_v1 *info =
+ (struct xt_addrtype_info_v1 *) match->data;
printf(" ADDRTYPE match");
if (info->source) {
printf(" src-type ");
- if (info->flags & IPT_ADDRTYPE_INVERT_SOURCE)
+ if (info->flags & XT_ADDRTYPE_INVERT_SOURCE)
printf("!");
print_types(info->source);
}
if (info->dest) {
printf(" dst-type ");
- if (info->flags & IPT_ADDRTYPE_INVERT_DEST)
+ if (info->flags & XT_ADDRTYPE_INVERT_DEST)
printf("!");
print_types(info->dest);
}
- if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
+ if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_IN) {
printf(" limit-in");
}
- if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
+ if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT) {
printf(" limit-out");
}
}
static void addrtype_save_v0(const void *ip, const struct xt_entry_match *match)
{
- const struct ipt_addrtype_info *info =
- (struct ipt_addrtype_info *) match->data;
+ const struct xt_addrtype_info *info =
+ (struct xt_addrtype_info *) match->data;
if (info->source) {
if (info->invert_source)
@@ -274,25 +301,25 @@ static void addrtype_save_v0(const void *ip, const struct xt_entry_match *match)
static void addrtype_save_v1(const void *ip, const struct xt_entry_match *match)
{
- const struct ipt_addrtype_info_v1 *info =
- (struct ipt_addrtype_info_v1 *) match->data;
+ const struct xt_addrtype_info_v1 *info =
+ (struct xt_addrtype_info_v1 *) match->data;
if (info->source) {
- if (info->flags & IPT_ADDRTYPE_INVERT_SOURCE)
+ if (info->flags & XT_ADDRTYPE_INVERT_SOURCE)
printf(" !");
printf(" --src-type ");
print_types(info->source);
}
if (info->dest) {
- if (info->flags & IPT_ADDRTYPE_INVERT_DEST)
+ if (info->flags & XT_ADDRTYPE_INVERT_DEST)
printf(" !");
printf(" --dst-type ");
print_types(info->dest);
}
- if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
+ if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_IN) {
printf(" --limit-iface-in");
}
- if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
+ if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT) {
printf(" --limit-iface-out");
}
}
@@ -322,8 +349,8 @@ static struct xtables_match addrtype_mt_reg[] = {
.name = "addrtype",
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info)),
+ .size = XT_ALIGN(sizeof(struct xt_addrtype_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_addrtype_info)),
.help = addrtype_help_v0,
.parse = addrtype_parse_v0,
.final_check = addrtype_check_v0,
@@ -336,9 +363,23 @@ static struct xtables_match addrtype_mt_reg[] = {
.revision = 1,
.version = XTABLES_VERSION,
.family = NFPROTO_IPV4,
- .size = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
- .userspacesize = XT_ALIGN(sizeof(struct ipt_addrtype_info_v1)),
- .help = addrtype_help_v1,
+ .size = XT_ALIGN(sizeof(struct xt_addrtype_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_addrtype_info_v1)),
+ .help = addrtype_help4_v1,
+ .parse = addrtype_parse_v1,
+ .final_check = addrtype_check_v1,
+ .print = addrtype_print_v1,
+ .save = addrtype_save_v1,
+ .extra_opts = addrtype_opts_v1,
+ },
+ {
+ .name = "addrtype",
+ .revision = 1,
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_addrtype_info_v1)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_addrtype_info_v1)),
+ .help = addrtype_help6_v1,
.parse = addrtype_parse_v1,
.final_check = addrtype_check_v1,
.print = addrtype_print_v1,
--
1.7.3.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-03-07 21:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-07 21:30 [PATCH 1/2] libipt_addrtype: rename to libxt_addrtype Florian Westphal
2011-03-07 21:30 ` [PATCH 2/2] libxt_addrtype: ipv6 support Florian Westphal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).