target/linux/generic/patches-3.3/615-netfilter_add_xt_id_match.patch

   1 --- a/net/netfilter/Kconfig
   2 +++ b/net/netfilter/Kconfig
   3 @@ -837,6 +837,13 @@ config NETFILTER_XT_MATCH_HL
   4         in the IPv6 header, or the time-to-live field in the IPv4
   5         header of the packet.
   6
   7 +config NETFILTER_XT_MATCH_ID
   8 +       tristate '"id" match support'
   9 +       depends on NETFILTER_ADVANCED
  10 +       ---help---
  11 +       This option adds a `id' dummy-match, which allows you to put
  12 +       numeric IDs into your iptables ruleset.
  13 +
  14  config NETFILTER_XT_MATCH_IPRANGE
  15         tristate '"iprange" address range match support'
  16         depends on NETFILTER_ADVANCED
  17 --- a/net/netfilter/Makefile
  18 +++ b/net/netfilter/Makefile
  19 @@ -86,6 +86,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) +=
  20  obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
  21  obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
  22  obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
  23 +obj-$(CONFIG_NETFILTER_XT_MATCH_ID) += xt_id.o
  24  obj-$(CONFIG_NETFILTER_XT_MATCH_IPRANGE) += xt_iprange.o
  25  obj-$(CONFIG_NETFILTER_XT_MATCH_IPVS) += xt_ipvs.o
  26  obj-$(CONFIG_NETFILTER_XT_MATCH_LENGTH) += xt_length.o
  27 --- /dev/null
  28 +++ b/net/netfilter/xt_id.c
  29 @@ -0,0 +1,45 @@
  30 +/*
  31 + * Implements a dummy match to allow attaching IDs to rules
  32 + *
  33 + * 2014-08-01 Jo-Philipp Wich <jow@openwrt.org>
  34 + */
  35 +
  36 +#include <linux/module.h>
  37 +#include <linux/skbuff.h>
  38 +#include <linux/netfilter/x_tables.h>
  39 +#include <linux/netfilter/xt_id.h>
  40 +
  41 +MODULE_AUTHOR("Jo-Philipp Wich <jow@openwrt.org>");
  42 +MODULE_DESCRIPTION("Xtables: No-op match which can be tagged with a 32bit ID");
  43 +MODULE_LICENSE("GPL");
  44 +MODULE_ALIAS("ipt_id");
  45 +MODULE_ALIAS("ip6t_id");
  46 +
  47 +static bool
  48 +id_mt(const struct sk_buff *skb, struct xt_action_param *par)
  49 +{
  50 +       /* We always match */
  51 +       return true;
  52 +}
  53 +
  54 +static struct xt_match id_mt_reg __read_mostly = {
  55 +       .name      = "id",
  56 +       .revision  = 0,
  57 +       .family    = NFPROTO_UNSPEC,
  58 +       .match     = id_mt,
  59 +       .matchsize = sizeof(struct xt_id_info),
  60 +       .me        = THIS_MODULE,
  61 +};
  62 +
  63 +static int __init id_mt_init(void)
  64 +{
  65 +       return xt_register_match(&id_mt_reg);
  66 +}
  67 +
  68 +static void __exit id_mt_exit(void)
  69 +{
  70 +       xt_unregister_match(&id_mt_reg);
  71 +}
  72 +
  73 +module_init(id_mt_init);
  74 +module_exit(id_mt_exit);
  75 --- a/include/linux/netfilter/Kbuild
  76 +++ b/include/linux/netfilter/Kbuild
  77 @@ -47,6 +47,7 @@ header-y += xt_ecn.h
  78  header-y += xt_esp.h
  79  header-y += xt_hashlimit.h
  80  header-y += xt_helper.h
  81 +header-y += xt_id.h
  82  header-y += xt_iprange.h
  83  header-y += xt_ipvs.h
  84  header-y += xt_layer7.h
  85 --- /dev/null
  86 +++ b/include/linux/netfilter/xt_id.h
  87 @@ -0,0 +1,8 @@
  88 +#ifndef _XT_ID_H
  89 +#define _XT_ID_H
  90 +
  91 +struct xt_id_info {
  92 +       u32 id;
  93 +};
  94 +
  95 +#endif /* XT_ID_H */