netfilter: Combine ipt_ttl and ip6t_hl source
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Jan Engelhardt
committed by
Patrick McHardy
Patrick McHardy
parent
563d36eb3f
commit
cfac5ef7b9
@@ -94,15 +94,6 @@ config IP6_NF_MATCH_OPTS
|
||||
|
||||
To compile it as a module, choose M here. If unsure, say N.
|
||||
|
||||
config IP6_NF_MATCH_HL
|
||||
tristate '"hl" match support'
|
||||
depends on NETFILTER_ADVANCED
|
||||
help
|
||||
HL matching allows you to match packets based on the hop
|
||||
limit of the packet.
|
||||
|
||||
To compile it as a module, choose M here. If unsure, say N.
|
||||
|
||||
config IP6_NF_MATCH_IPV6HEADER
|
||||
tristate '"ipv6header" IPv6 Extension Headers Match'
|
||||
default m if NETFILTER_ADVANCED=n
|
||||
|
||||
@@ -20,7 +20,6 @@ obj-$(CONFIG_NF_CONNTRACK_IPV6) += nf_conntrack_ipv6.o
|
||||
obj-$(CONFIG_IP6_NF_MATCH_AH) += ip6t_ah.o
|
||||
obj-$(CONFIG_IP6_NF_MATCH_EUI64) += ip6t_eui64.o
|
||||
obj-$(CONFIG_IP6_NF_MATCH_FRAG) += ip6t_frag.o
|
||||
obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o
|
||||
obj-$(CONFIG_IP6_NF_MATCH_IPV6HEADER) += ip6t_ipv6header.o
|
||||
obj-$(CONFIG_IP6_NF_MATCH_MH) += ip6t_mh.o
|
||||
obj-$(CONFIG_IP6_NF_MATCH_OPTS) += ip6t_hbh.o
|
||||
|
||||
@@ -1,68 +0,0 @@
|
||||
/* Hop Limit matching module */
|
||||
|
||||
/* (C) 2001-2002 Maciej Soltysiak <solt@dns.toxicfilms.tv>
|
||||
* Based on HW's ttl module
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 as
|
||||
* published by the Free Software Foundation.
|
||||
*/
|
||||
|
||||
#include <linux/ipv6.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/skbuff.h>
|
||||
|
||||
#include <linux/netfilter_ipv6/ip6t_hl.h>
|
||||
#include <linux/netfilter/x_tables.h>
|
||||
|
||||
MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
|
||||
MODULE_DESCRIPTION("Xtables: IPv6 Hop Limit field match");
|
||||
MODULE_LICENSE("GPL");
|
||||
|
||||
static bool hl_mt6(const struct sk_buff *skb, const struct xt_match_param *par)
|
||||
{
|
||||
const struct ip6t_hl_info *info = par->matchinfo;
|
||||
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
|
||||
|
||||
switch (info->mode) {
|
||||
case IP6T_HL_EQ:
|
||||
return ip6h->hop_limit == info->hop_limit;
|
||||
break;
|
||||
case IP6T_HL_NE:
|
||||
return ip6h->hop_limit != info->hop_limit;
|
||||
break;
|
||||
case IP6T_HL_LT:
|
||||
return ip6h->hop_limit < info->hop_limit;
|
||||
break;
|
||||
case IP6T_HL_GT:
|
||||
return ip6h->hop_limit > info->hop_limit;
|
||||
break;
|
||||
default:
|
||||
printk(KERN_WARNING "ip6t_hl: unknown mode %d\n",
|
||||
info->mode);
|
||||
return false;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static struct xt_match hl_mt6_reg __read_mostly = {
|
||||
.name = "hl",
|
||||
.family = NFPROTO_IPV6,
|
||||
.match = hl_mt6,
|
||||
.matchsize = sizeof(struct ip6t_hl_info),
|
||||
.me = THIS_MODULE,
|
||||
};
|
||||
|
||||
static int __init hl_mt6_init(void)
|
||||
{
|
||||
return xt_register_match(&hl_mt6_reg);
|
||||
}
|
||||
|
||||
static void __exit hl_mt6_exit(void)
|
||||
{
|
||||
xt_unregister_match(&hl_mt6_reg);
|
||||
}
|
||||
|
||||
module_init(hl_mt6_init);
|
||||
module_exit(hl_mt6_exit);
|
||||
Reference in New Issue
Block a user