]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: ip6_tables: consolidate dst and hbh matches
authorPatrick McHardy <kaber@trash.net>
Tue, 22 Aug 2006 07:43:55 +0000 (00:43 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Fri, 22 Sep 2006 21:55:37 +0000 (14:55 -0700)
The matches are identical besides one looking for NEXTHDR_HOP, the other
for NEXTHDR_DEST. Remove ip6t_dst.c and handle both in ip6t_hbh.c.

Signed-off-by: Patrick McHardy <kaber@trash,net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv6/netfilter/Makefile
net/ipv6/netfilter/ip6t_dst.c [deleted file]
net/ipv6/netfilter/ip6t_hbh.c

index eeeb57d4c9c556dda4edb1f92f197eab481ed100..ac1dfebde1755451e7b540168e5eb7512eff308e 100644 (file)
@@ -5,7 +5,7 @@
 # Link order matters here.
 obj-$(CONFIG_IP6_NF_IPTABLES) += ip6_tables.o
 obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o
-obj-$(CONFIG_IP6_NF_MATCH_OPTS) += ip6t_hbh.o ip6t_dst.o
+obj-$(CONFIG_IP6_NF_MATCH_OPTS) += ip6t_hbh.o
 obj-$(CONFIG_IP6_NF_MATCH_IPV6HEADER) += ip6t_ipv6header.o
 obj-$(CONFIG_IP6_NF_MATCH_FRAG) += ip6t_frag.o
 obj-$(CONFIG_IP6_NF_MATCH_AH) += ip6t_ah.o
diff --git a/net/ipv6/netfilter/ip6t_dst.c b/net/ipv6/netfilter/ip6t_dst.c
deleted file mode 100644 (file)
index 223c335..0000000
+++ /dev/null
@@ -1,219 +0,0 @@
-/* Kernel module to match Hop-by-Hop and Destination parameters. */
-
-/* (C) 2001-2002 Andras Kis-Szabo <kisza@sch.bme.hu>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/ipv6.h>
-#include <linux/types.h>
-#include <net/checksum.h>
-#include <net/ipv6.h>
-
-#include <asm/byteorder.h>
-
-#include <linux/netfilter_ipv6/ip6_tables.h>
-#include <linux/netfilter_ipv6/ip6t_opts.h>
-
-#define HOPBYHOP       0
-
-MODULE_LICENSE("GPL");
-#if HOPBYHOP
-MODULE_DESCRIPTION("IPv6 HbH match");
-#else
-MODULE_DESCRIPTION("IPv6 DST match");
-#endif
-MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
-
-#if 0
-#define DEBUGP printk
-#else
-#define DEBUGP(format, args...)
-#endif
-
-/*
- *  (Type & 0xC0) >> 6
- *     0       -> ignorable
- *     1       -> must drop the packet
- *     2       -> send ICMP PARM PROB regardless and drop packet
- *     3       -> Send ICMP if not a multicast address and drop packet
- *  (Type & 0x20) >> 5
- *     0       -> invariant
- *     1       -> can change the routing
- *  (Type & 0x1F) Type
- *     0       -> Pad1 (only 1 byte!)
- *     1       -> PadN LENGTH info (total length = length + 2)
- *     C0 | 2  -> JUMBO 4 x x x x ( xxxx > 64k )
- *     5       -> RTALERT 2 x x
- */
-
-static int
-match(const struct sk_buff *skb,
-      const struct net_device *in,
-      const struct net_device *out,
-      const struct xt_match *match,
-      const void *matchinfo,
-      int offset,
-      unsigned int protoff,
-      int *hotdrop)
-{
-       struct ipv6_opt_hdr _optsh, *oh;
-       const struct ip6t_opts *optinfo = matchinfo;
-       unsigned int temp;
-       unsigned int ptr;
-       unsigned int hdrlen = 0;
-       unsigned int ret = 0;
-       u8 _opttype, *tp = NULL;
-       u8 _optlen, *lp = NULL;
-       unsigned int optlen;
-
-#if HOPBYHOP
-       if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL) < 0)
-#else
-       if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST, NULL) < 0)
-#endif
-               return 0;
-
-       oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
-       if (oh == NULL) {
-               *hotdrop = 1;
-               return 0;
-       }
-
-       hdrlen = ipv6_optlen(oh);
-       if (skb->len - ptr < hdrlen) {
-               /* Packet smaller than it's length field */
-               return 0;
-       }
-
-       DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
-
-       DEBUGP("len %02X %04X %02X ",
-              optinfo->hdrlen, hdrlen,
-              (!(optinfo->flags & IP6T_OPTS_LEN) ||
-               ((optinfo->hdrlen == hdrlen) ^
-                !!(optinfo->invflags & IP6T_OPTS_INV_LEN))));
-
-       ret = (oh != NULL) &&
-             (!(optinfo->flags & IP6T_OPTS_LEN) ||
-              ((optinfo->hdrlen == hdrlen) ^
-               !!(optinfo->invflags & IP6T_OPTS_INV_LEN)));
-
-       ptr += 2;
-       hdrlen -= 2;
-       if (!(optinfo->flags & IP6T_OPTS_OPTS)) {
-               return ret;
-       } else if (optinfo->flags & IP6T_OPTS_NSTRICT) {
-               DEBUGP("Not strict - not implemented");
-       } else {
-               DEBUGP("Strict ");
-               DEBUGP("#%d ", optinfo->optsnr);
-               for (temp = 0; temp < optinfo->optsnr; temp++) {
-                       /* type field exists ? */
-                       if (hdrlen < 1)
-                               break;
-                       tp = skb_header_pointer(skb, ptr, sizeof(_opttype),
-                                               &_opttype);
-                       if (tp == NULL)
-                               break;
-
-                       /* Type check */
-                       if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) {
-                               DEBUGP("Tbad %02X %02X\n",
-                                      *tp,
-                                      (optinfo->opts[temp] & 0xFF00) >> 8);
-                               return 0;
-                       } else {
-                               DEBUGP("Tok ");
-                       }
-                       /* Length check */
-                       if (*tp) {
-                               u16 spec_len;
-
-                               /* length field exists ? */
-                               if (hdrlen < 2)
-                                       break;
-                               lp = skb_header_pointer(skb, ptr + 1,
-                                                       sizeof(_optlen),
-                                                       &_optlen);
-                               if (lp == NULL)
-                                       break;
-                               spec_len = optinfo->opts[temp] & 0x00FF;
-
-                               if (spec_len != 0x00FF && spec_len != *lp) {
-                                       DEBUGP("Lbad %02X %04X\n", *lp,
-                                              spec_len);
-                                       return 0;
-                               }
-                               DEBUGP("Lok ");
-                               optlen = *lp + 2;
-                       } else {
-                               DEBUGP("Pad1\n");
-                               optlen = 1;
-                       }
-
-                       /* Step to the next */
-                       DEBUGP("len%04X \n", optlen);
-
-                       if ((ptr > skb->len - optlen || hdrlen < optlen) &&
-                           (temp < optinfo->optsnr - 1)) {
-                               DEBUGP("new pointer is too large! \n");
-                               break;
-                       }
-                       ptr += optlen;
-                       hdrlen -= optlen;
-               }
-               if (temp == optinfo->optsnr)
-                       return ret;
-               else
-                       return 0;
-       }
-
-       return 0;
-}
-
-/* Called when user tries to insert an entry of this type. */
-static int
-checkentry(const char *tablename,
-          const void *info,
-          const struct xt_match *match,
-          void *matchinfo,
-          unsigned int hook_mask)
-{
-       const struct ip6t_opts *optsinfo = matchinfo;
-
-       if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
-               DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
-               return 0;
-       }
-       return 1;
-}
-
-static struct ip6t_match opts_match = {
-#if HOPBYHOP
-       .name           = "hbh",
-#else
-       .name           = "dst",
-#endif
-       .match          = match,
-       .matchsize      = sizeof(struct ip6t_opts),
-       .checkentry     = checkentry,
-       .me             = THIS_MODULE,
-};
-
-static int __init ip6t_dst_init(void)
-{
-       return ip6t_register_match(&opts_match);
-}
-
-static void __exit ip6t_dst_fini(void)
-{
-       ip6t_unregister_match(&opts_match);
-}
-
-module_init(ip6t_dst_init);
-module_exit(ip6t_dst_fini);
index 72defc8165635ae40386068ac224ad17dc7e7973..d32a205e3af298a0673854efde48eb4b7eaba7eb 100644 (file)
 #include <linux/netfilter_ipv6/ip6_tables.h>
 #include <linux/netfilter_ipv6/ip6t_opts.h>
 
-#define HOPBYHOP       1
-
 MODULE_LICENSE("GPL");
-#if HOPBYHOP
-MODULE_DESCRIPTION("IPv6 HbH match");
-#else
-MODULE_DESCRIPTION("IPv6 DST match");
-#endif
+MODULE_DESCRIPTION("IPv6 opts match");
 MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
+MODULE_ALIAS("ip6t_dst");
 
 #if 0
 #define DEBUGP printk
@@ -71,11 +66,7 @@ match(const struct sk_buff *skb,
        u8 _optlen, *lp = NULL;
        unsigned int optlen;
 
-#if HOPBYHOP
-       if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL) < 0)
-#else
-       if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST, NULL) < 0)
-#endif
+       if (ipv6_find_hdr(skb, &ptr, match->data, NULL) < 0)
                return 0;
 
        oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
@@ -193,26 +184,35 @@ checkentry(const char *tablename,
        return 1;
 }
 
-static struct ip6t_match opts_match = {
-#if HOPBYHOP
-       .name           = "hbh",
-#else
-       .name           = "dst",
-#endif
-       .match          = match,
-       .matchsize      = sizeof(struct ip6t_opts),
-       .checkentry     = checkentry,
-       .me             = THIS_MODULE,
+static struct xt_match opts_match[] = {
+       {
+               .name           = "hbh",
+               .family         = AF_INET6,
+               .match          = match,
+               .matchsize      = sizeof(struct ip6t_opts),
+               .checkentry     = checkentry,
+               .me             = THIS_MODULE,
+               .data           = NEXTHDR_HOP,
+       },
+       {
+               .name           = "dst",
+               .family         = AF_INET6,
+               .match          = match,
+               .matchsize      = sizeof(struct ip6t_opts),
+               .checkentry     = checkentry,
+               .me             = THIS_MODULE,
+               .data           = NEXTHDR_DEST,
+       },
 };
 
 static int __init ip6t_hbh_init(void)
 {
-       return ip6t_register_match(&opts_match);
+       return xt_register_matches(opts_match, ARRAY_SIZE(opts_match));
 }
 
 static void __exit ip6t_hbh_fini(void)
 {
-       ip6t_unregister_match(&opts_match);
+       xt_unregister_matches(opts_match, ARRAY_SIZE(opts_match));
 }
 
 module_init(ip6t_hbh_init);