X-Git-Url: https://git.archive.openwrt.org/?a=blobdiff_plain;f=target%2Flinux%2Fgeneric%2Fpatches-4.4%2F615-netfilter_add_xt_id_match.patch;fp=target%2Flinux%2Fgeneric%2Fpatches-4.4%2F615-netfilter_add_xt_id_match.patch;h=8ee29a791b1f68a52410aad96dd3b8b8b230a759;hb=a9c71929c78758000d7f2cb1db8ed71ff89d6035;hp=0000000000000000000000000000000000000000;hpb=e498bc5d57e27c9756a750111074f0286a9447f5;p=openwrt.git diff --git a/target/linux/generic/patches-4.4/615-netfilter_add_xt_id_match.patch b/target/linux/generic/patches-4.4/615-netfilter_add_xt_id_match.patch new file mode 100644 index 0000000000..8ee29a791b --- /dev/null +++ b/target/linux/generic/patches-4.4/615-netfilter_add_xt_id_match.patch @@ -0,0 +1,95 @@ +--- a/include/uapi/linux/netfilter/Kbuild ++++ b/include/uapi/linux/netfilter/Kbuild +@@ -55,6 +55,7 @@ header-y += xt_ecn.h + header-y += xt_esp.h + header-y += xt_hashlimit.h + header-y += xt_helper.h ++header-y += xt_id.h + header-y += xt_ipcomp.h + header-y += xt_iprange.h + header-y += xt_ipvs.h +--- /dev/null ++++ b/include/uapi/linux/netfilter/xt_id.h +@@ -0,0 +1,8 @@ ++#ifndef _XT_ID_H ++#define _XT_ID_H ++ ++struct xt_id_info { ++ u32 id; ++}; ++ ++#endif /* XT_ID_H */ +--- a/net/netfilter/Kconfig ++++ b/net/netfilter/Kconfig +@@ -1180,6 +1180,13 @@ config NETFILTER_XT_MATCH_IPCOMP + + To compile it as a module, choose M here. If unsure, say N. + ++config NETFILTER_XT_MATCH_ID ++ tristate '"id" match support' ++ depends on NETFILTER_ADVANCED ++ ---help--- ++ This option adds a `id' dummy-match, which allows you to put ++ numeric IDs into your iptables ruleset. ++ + config NETFILTER_XT_MATCH_IPRANGE + tristate '"iprange" address range match support' + depends on NETFILTER_ADVANCED +--- a/net/netfilter/Makefile ++++ b/net/netfilter/Makefile +@@ -144,6 +144,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += + obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o + obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o + obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o ++obj-$(CONFIG_NETFILTER_XT_MATCH_ID) += xt_id.o + obj-$(CONFIG_NETFILTER_XT_MATCH_IPCOMP) += xt_ipcomp.o + obj-$(CONFIG_NETFILTER_XT_MATCH_IPRANGE) += xt_iprange.o + obj-$(CONFIG_NETFILTER_XT_MATCH_IPVS) += xt_ipvs.o +--- /dev/null ++++ b/net/netfilter/xt_id.c +@@ -0,0 +1,45 @@ ++/* ++ * Implements a dummy match to allow attaching IDs to rules ++ * ++ * 2014-08-01 Jo-Philipp Wich ++ */ ++ ++#include ++#include ++#include ++#include ++ ++MODULE_AUTHOR("Jo-Philipp Wich "); ++MODULE_DESCRIPTION("Xtables: No-op match which can be tagged with a 32bit ID"); ++MODULE_LICENSE("GPL"); ++MODULE_ALIAS("ipt_id"); ++MODULE_ALIAS("ip6t_id"); ++ ++static bool ++id_mt(const struct sk_buff *skb, struct xt_action_param *par) ++{ ++ /* We always match */ ++ return true; ++} ++ ++static struct xt_match id_mt_reg __read_mostly = { ++ .name = "id", ++ .revision = 0, ++ .family = NFPROTO_UNSPEC, ++ .match = id_mt, ++ .matchsize = sizeof(struct xt_id_info), ++ .me = THIS_MODULE, ++}; ++ ++static int __init id_mt_init(void) ++{ ++ return xt_register_match(&id_mt_reg); ++} ++ ++static void __exit id_mt_exit(void) ++{ ++ xt_unregister_match(&id_mt_reg); ++} ++ ++module_init(id_mt_init); ++module_exit(id_mt_exit);