netfilter: xtables: move ipt_ecn to xt_ecn
Prepare the ECN match for augmentation by an IPv6 counterpart. Since no symbol dependencies to ipv6.ko are added, having a single ecn match module is the more so welcome. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
c0d2b8376a
commit
d446a8202c
8 changed files with 53 additions and 36 deletions
|
@ -43,6 +43,7 @@ header-y += xt_cpu.h
|
|||
header-y += xt_dccp.h
|
||||
header-y += xt_devgroup.h
|
||||
header-y += xt_dscp.h
|
||||
header-y += xt_ecn.h
|
||||
header-y += xt_esp.h
|
||||
header-y += xt_hashlimit.h
|
||||
header-y += xt_helper.h
|
||||
|
|
35
include/linux/netfilter/xt_ecn.h
Normal file
35
include/linux/netfilter/xt_ecn.h
Normal file
|
@ -0,0 +1,35 @@
|
|||
/* iptables module for matching the ECN header in IPv4 and TCP header
|
||||
*
|
||||
* (C) 2002 Harald Welte <laforge@gnumonks.org>
|
||||
*
|
||||
* This software is distributed under GNU GPL v2, 1991
|
||||
*
|
||||
* ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp
|
||||
*/
|
||||
#ifndef _XT_ECN_H
|
||||
#define _XT_ECN_H
|
||||
|
||||
#include <linux/types.h>
|
||||
#include <linux/netfilter/xt_dscp.h>
|
||||
|
||||
#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
|
||||
|
||||
#define IPT_ECN_OP_MATCH_IP 0x01
|
||||
#define IPT_ECN_OP_MATCH_ECE 0x10
|
||||
#define IPT_ECN_OP_MATCH_CWR 0x20
|
||||
|
||||
#define IPT_ECN_OP_MATCH_MASK 0xce
|
||||
|
||||
/* match info */
|
||||
struct ipt_ecn_info {
|
||||
__u8 operation;
|
||||
__u8 invert;
|
||||
__u8 ip_ect;
|
||||
union {
|
||||
struct {
|
||||
__u8 ect;
|
||||
} tcp;
|
||||
} proto;
|
||||
};
|
||||
|
||||
#endif /* _XT_ECN_H */
|
|
@ -1,35 +1,6 @@
|
|||
/* iptables module for matching the ECN header in IPv4 and TCP header
|
||||
*
|
||||
* (C) 2002 Harald Welte <laforge@gnumonks.org>
|
||||
*
|
||||
* This software is distributed under GNU GPL v2, 1991
|
||||
*
|
||||
* ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp
|
||||
*/
|
||||
#ifndef _IPT_ECN_H
|
||||
#define _IPT_ECN_H
|
||||
|
||||
#include <linux/types.h>
|
||||
#include <linux/netfilter/xt_dscp.h>
|
||||
|
||||
#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
|
||||
|
||||
#define IPT_ECN_OP_MATCH_IP 0x01
|
||||
#define IPT_ECN_OP_MATCH_ECE 0x10
|
||||
#define IPT_ECN_OP_MATCH_CWR 0x20
|
||||
|
||||
#define IPT_ECN_OP_MATCH_MASK 0xce
|
||||
|
||||
/* match info */
|
||||
struct ipt_ecn_info {
|
||||
__u8 operation;
|
||||
__u8 invert;
|
||||
__u8 ip_ect;
|
||||
union {
|
||||
struct {
|
||||
__u8 ect;
|
||||
} tcp;
|
||||
} proto;
|
||||
};
|
||||
#include <linux/netfilter/xt_ecn.h>
|
||||
|
||||
#endif /* _IPT_ECN_H */
|
||||
|
|
|
@ -76,11 +76,11 @@ config IP_NF_MATCH_AH
|
|||
config IP_NF_MATCH_ECN
|
||||
tristate '"ecn" match support'
|
||||
depends on NETFILTER_ADVANCED
|
||||
help
|
||||
This option adds a `ECN' match, which allows you to match against
|
||||
the IPv4 and TCP header ECN fields.
|
||||
|
||||
To compile it as a module, choose M here. If unsure, say N.
|
||||
select NETFILTER_XT_MATCH_ECN
|
||||
---help---
|
||||
This is a backwards-compat option for the user's convenience
|
||||
(e.g. when running oldconfig). It selects
|
||||
CONFIG_NETFILTER_XT_MATCH_ECN.
|
||||
|
||||
config IP_NF_MATCH_RPFILTER
|
||||
tristate '"rpfilter" reverse path filter match support'
|
||||
|
|
|
@ -49,7 +49,6 @@ obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o
|
|||
|
||||
# matches
|
||||
obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
|
||||
obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
|
||||
obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o
|
||||
|
||||
# targets
|
||||
|
|
|
@ -778,6 +778,15 @@ config NETFILTER_XT_MATCH_DSCP
|
|||
|
||||
To compile it as a module, choose M here. If unsure, say N.
|
||||
|
||||
config NETFILTER_XT_MATCH_ECN
|
||||
tristate '"ecn" match support'
|
||||
depends on NETFILTER_ADVANCED
|
||||
---help---
|
||||
This option adds an "ECN" match, which allows you to match against
|
||||
the IPv4 and TCP header ECN fields.
|
||||
|
||||
To compile it as a module, choose M here. If unsure, say N.
|
||||
|
||||
config NETFILTER_XT_MATCH_ESP
|
||||
tristate '"esp" match support'
|
||||
depends on NETFILTER_ADVANCED
|
||||
|
|
|
@ -81,6 +81,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_CPU) += xt_cpu.o
|
|||
obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) += xt_dccp.o
|
||||
obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
|
||||
obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o
|
||||
obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o
|
||||
obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o
|
||||
obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
|
||||
obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
|
||||
MODULE_DESCRIPTION("Xtables: Explicit Congestion Notification (ECN) flag match for IPv4");
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_ALIAS("ipt_ecn");
|
||||
|
||||
static inline bool match_ip(const struct sk_buff *skb,
|
||||
const struct ipt_ecn_info *einfo)
|
Loading…
Reference in a new issue