target/linux/generic/patches-4.3/615-netfilter_add_xt_id_match.patch

   1 --- a/include/uapi/linux/netfilter/Kbuild
   2 +++ b/include/uapi/linux/netfilter/Kbuild
   3 @@ -55,6 +55,7 @@ header-y += xt_ecn.h
   4  header-y += xt_esp.h
   5  header-y += xt_hashlimit.h
   6  header-y += xt_helper.h
   7 +header-y += xt_id.h
   8  header-y += xt_ipcomp.h
   9  header-y += xt_iprange.h
  10  header-y += xt_ipvs.h
  11 --- /dev/null
  12 +++ b/include/uapi/linux/netfilter/xt_id.h
  13 @@ -0,0 +1,8 @@
  14 +#ifndef _XT_ID_H
  15 +#define _XT_ID_H
  16 +
  17 +struct xt_id_info {
  18 +       u32 id;
  19 +};
  20 +
  21 +#endif /* XT_ID_H */
  22 --- a/net/netfilter/Kconfig
  23 +++ b/net/netfilter/Kconfig
  24 @@ -1179,6 +1179,13 @@ config NETFILTER_XT_MATCH_IPCOMP
  25
  26           To compile it as a module, choose M here.  If unsure, say N.
  27
  28 +config NETFILTER_XT_MATCH_ID
  29 +       tristate '"id" match support'
  30 +       depends on NETFILTER_ADVANCED
  31 +       ---help---
  32 +       This option adds a `id' dummy-match, which allows you to put
  33 +       numeric IDs into your iptables ruleset.
  34 +
  35  config NETFILTER_XT_MATCH_IPRANGE
  36         tristate '"iprange" address range match support'
  37         depends on NETFILTER_ADVANCED
  38 --- a/net/netfilter/Makefile
  39 +++ b/net/netfilter/Makefile
  40 @@ -146,6 +146,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) +=
  41  obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
  42  obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
  43  obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
  44 +obj-$(CONFIG_NETFILTER_XT_MATCH_ID) += xt_id.o
  45  obj-$(CONFIG_NETFILTER_XT_MATCH_IPCOMP) += xt_ipcomp.o
  46  obj-$(CONFIG_NETFILTER_XT_MATCH_IPRANGE) += xt_iprange.o
  47  obj-$(CONFIG_NETFILTER_XT_MATCH_IPVS) += xt_ipvs.o
  48 --- /dev/null
  49 +++ b/net/netfilter/xt_id.c
  50 @@ -0,0 +1,45 @@
  51 +/*
  52 + * Implements a dummy match to allow attaching IDs to rules
  53 + *
  54 + * 2014-08-01 Jo-Philipp Wich <jow@openwrt.org>
  55 + */
  56 +
  57 +#include <linux/module.h>
  58 +#include <linux/skbuff.h>
  59 +#include <linux/netfilter/x_tables.h>
  60 +#include <linux/netfilter/xt_id.h>
  61 +
  62 +MODULE_AUTHOR("Jo-Philipp Wich <jow@openwrt.org>");
  63 +MODULE_DESCRIPTION("Xtables: No-op match which can be tagged with a 32bit ID");
  64 +MODULE_LICENSE("GPL");
  65 +MODULE_ALIAS("ipt_id");
  66 +MODULE_ALIAS("ip6t_id");
  67 +
  68 +static bool
  69 +id_mt(const struct sk_buff *skb, struct xt_action_param *par)
  70 +{
  71 +       /* We always match */
  72 +       return true;
  73 +}
  74 +
  75 +static struct xt_match id_mt_reg __read_mostly = {
  76 +       .name      = "id",
  77 +       .revision  = 0,
  78 +       .family    = NFPROTO_UNSPEC,
  79 +       .match     = id_mt,
  80 +       .matchsize = sizeof(struct xt_id_info),
  81 +       .me        = THIS_MODULE,
  82 +};
  83 +
  84 +static int __init id_mt_init(void)
  85 +{
  86 +       return xt_register_match(&id_mt_reg);
  87 +}
  88 +
  89 +static void __exit id_mt_exit(void)
  90 +{
  91 +       xt_unregister_match(&id_mt_reg);
  92 +}
  93 +
  94 +module_init(id_mt_init);
  95 +module_exit(id_mt_exit);