From 205a006ac986ece421dd44e698953a2bf2b0f15f Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 17 Mar 2008 13:35:17 +0100 Subject: [PATCH] geoip: use tabs not spaces and indent --- extensions/libxt_geoip.c | 445 ++++++++++++++++++++------------------- extensions/xt_geoip.c | 289 ++++++++++++------------- extensions/xt_geoip.h | 35 ++- 3 files changed, 382 insertions(+), 387 deletions(-) diff --git a/extensions/libxt_geoip.c b/extensions/libxt_geoip.c index 1d3a1bb..38e7660 100644 --- a/extensions/libxt_geoip.c +++ b/extensions/libxt_geoip.c @@ -1,5 +1,5 @@ /* Shared library add-on to iptables to add geoip match support. - + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -29,288 +29,293 @@ static void geoip_help(void) { - printf ( - "GeoIP v%s options:\n" - " [!] --src-cc, --source-country country[,country,country,...]\n" - " Match packet coming from (one of)\n" - " the specified country(ies)\n" - "\n" - " [!] --dst-cc, --destination-country country[,country,country,...]\n" - " Match packet going to (one of)\n" - " the specified country(ies)\n" - "\n" - " NOTE: The country is inputed by its ISO3166 code.\n" - "\n" - "\n", XTABLES_VERSION - ); + printf ( + "GeoIP v%s options:\n" + " [!] --src-cc, --source-country country[,country,country,...]\n" + " Match packet coming from (one of)\n" + " the specified country(ies)\n" + "\n" + " [!] --dst-cc, --destination-country country[,country,country,...]\n" + " Match packet going to (one of)\n" + " the specified country(ies)\n" + "\n" + " NOTE: The country is inputed by its ISO3166 code.\n" + "\n" + "\n", XTABLES_VERSION + ); } static struct option geoip_opts[] = { - { "dst-cc", 1, 0, '2' }, /* Alias for --destination-country */ - { "destination-country", 1, 0, '2' }, - { "src-cc", 1, 0, '1' }, /* Alias for --source-country */ - { "source-country", 1, 0, '1' }, - { 0 }, + { "dst-cc", 1, 0, '2' }, /* Alias for --destination-country */ + { "destination-country", 1, 0, '2' }, + { "src-cc", 1, 0, '1' }, /* Alias for --source-country */ + { "source-country", 1, 0, '1' }, + { 0 }, }; struct geoip_index { - u_int16_t cc; - u_int32_t offset; + u_int16_t cc; + u_int32_t offset; } __attribute__ ((packed)); struct geoip_subnet * get_country_subnets(u_int16_t cc, u_int32_t *count) { - FILE *ixfd, *dbfd; - struct geoip_subnet *subnets; - struct geoip_index *index; - struct stat buf; - - size_t idxsz; - u_int16_t i; - - u_int16_t db_cc = 0; - u_int16_t db_nsubnets = 0; + FILE *ixfd, *dbfd; + struct geoip_subnet *subnets; + struct geoip_index *index; + struct stat buf; - if ((ixfd = fopen("/var/geoip/geoipdb.idx", "r")) == NULL) { - perror("/var/geoip/geoipdb.idx"); - exit_error(OTHER_PROBLEM, - "geoip: cannot open geoip's database index file"); - } - - stat("/var/geoip/geoipdb.idx", &buf); - idxsz = buf.st_size/sizeof(struct geoip_index); - index = malloc(buf.st_size); + size_t idxsz; + u_int16_t i; - fread(index, buf.st_size, 1, ixfd); + u_int16_t db_cc = 0; + u_int16_t db_nsubnets = 0; - for (i = 0; i < idxsz; i++) - if (cc == index[i].cc) - break; - - if (cc != index[i].cc) - exit_error(OTHER_PROBLEM, - "geoip match: sorry, '%c%c' isn't in the database\n", COUNTRY(cc)); + if ((ixfd = fopen("/var/geoip/geoipdb.idx", "r")) == NULL) { + perror("/var/geoip/geoipdb.idx"); + exit_error(OTHER_PROBLEM, + "geoip: cannot open geoip's database index file"); + } - fclose(ixfd); + stat("/var/geoip/geoipdb.idx", &buf); + idxsz = buf.st_size/sizeof(struct geoip_index); + index = malloc(buf.st_size); - if ((dbfd = fopen("/var/geoip/geoipdb.bin", "r")) == NULL) { - perror("/var/geoip/geoipdb.bin"); - exit_error(OTHER_PROBLEM, - "geoip: cannot open geoip's database file"); - } + fread(index, buf.st_size, 1, ixfd); - fseek(dbfd, index[i].offset, SEEK_SET); - fread(&db_cc, sizeof(u_int16_t), 1, dbfd); + for (i = 0; i < idxsz; i++) + if (cc == index[i].cc) + break; - if (db_cc != cc) - exit_error(OTHER_PROBLEM, - "geoip: this shouldn't happened, the database might be corrupted, or there's a bug.\n" - "you should contact maintainers"); - - fread(&db_nsubnets, sizeof(u_int16_t), 1, dbfd); + if (cc != index[i].cc) + exit_error(OTHER_PROBLEM, + "geoip match: sorry, '%c%c' isn't in the database\n", COUNTRY(cc)); - subnets = malloc(db_nsubnets * sizeof(struct geoip_subnet)); + fclose(ixfd); - if (!subnets) - exit_error(OTHER_PROBLEM, - "geoip: insufficient memory available"); - - fread(subnets, db_nsubnets * sizeof(struct geoip_subnet), 1, dbfd); - - fclose(dbfd); - free(index); - *count = db_nsubnets; - return subnets; + if ((dbfd = fopen("/var/geoip/geoipdb.bin", "r")) == NULL) { + perror("/var/geoip/geoipdb.bin"); + exit_error(OTHER_PROBLEM, + "geoip: cannot open geoip's database file"); + } + + fseek(dbfd, index[i].offset, SEEK_SET); + fread(&db_cc, sizeof(u_int16_t), 1, dbfd); + + if (db_cc != cc) + exit_error(OTHER_PROBLEM, + "geoip: this shouldn't happened, the database might be corrupted, or there's a bug.\n" + "you should contact maintainers"); + + fread(&db_nsubnets, sizeof(u_int16_t), 1, dbfd); + + subnets = malloc(db_nsubnets * sizeof(struct geoip_subnet)); + + if (!subnets) + exit_error(OTHER_PROBLEM, + "geoip: insufficient memory available"); + + fread(subnets, db_nsubnets * sizeof(struct geoip_subnet), 1, dbfd); + + fclose(dbfd); + free(index); + *count = db_nsubnets; + return subnets; } - + static struct geoip_info * load_geoip_cc(u_int16_t cc) { - static struct geoip_info *ginfo; - ginfo = malloc(sizeof(struct geoip_info)); + static struct geoip_info *ginfo; + ginfo = malloc(sizeof(struct geoip_info)); - if (!ginfo) - return NULL; - - ginfo->subnets = get_country_subnets(cc, &ginfo->count); - ginfo->cc = cc; - - return ginfo; + if (!ginfo) + return NULL; + + ginfo->subnets = get_country_subnets(cc, &ginfo->count); + ginfo->cc = cc; + + return ginfo; } static u_int16_t check_geoip_cc(char *cc, u_int16_t cc_used[], u_int8_t count) { - u_int8_t i; - u_int16_t cc_int16; + u_int8_t i; + u_int16_t cc_int16; - if (strlen(cc) != 2) /* Country must be 2 chars long according - to the ISO3166 standard */ - exit_error(PARAMETER_PROBLEM, - "geoip: invalid country code '%s'", cc); + if (strlen(cc) != 2) /* Country must be 2 chars long according + to the ISO3166 standard */ + exit_error(PARAMETER_PROBLEM, + "geoip: invalid country code '%s'", cc); - // Verification will fail if chars aren't uppercased. - // Make sure they are.. - for (i = 0; i < 2; i++) - if (isalnum(cc[i]) != 0) - cc[i] = toupper(cc[i]); - else - exit_error(PARAMETER_PROBLEM, - "geoip: invalid country code '%s'", cc); + // Verification will fail if chars aren't uppercased. + // Make sure they are.. + for (i = 0; i < 2; i++) + if (isalnum(cc[i]) != 0) + cc[i] = toupper(cc[i]); + else + exit_error(PARAMETER_PROBLEM, + "geoip: invalid country code '%s'", cc); - /* Convert chars into a single 16 bit integer. - * FIXME: This assumes that a country code is - * exactly 2 chars long. If this is - * going to change someday, this whole - * match will need to be rewritten, anyway. - * - SJ */ - cc_int16 = (cc[0]<<8) + cc[1]; + /* Convert chars into a single 16 bit integer. + * FIXME: This assumes that a country code is + * exactly 2 chars long. If this is + * going to change someday, this whole + * match will need to be rewritten, anyway. + * - SJ */ + cc_int16 = (cc[0]<<8) + cc[1]; - // Check for presence of value in cc_used - for (i = 0; i < count; i++) - if (cc_int16 == cc_used[i]) - return 0; // Present, skip it! - - return cc_int16; + // Check for presence of value in cc_used + for (i = 0; i < count; i++) + if (cc_int16 == cc_used[i]) + return 0; // Present, skip it! + + return cc_int16; } -/* Based on libipt_multiport.c parsing code. */ +/* Based on libipt_multiport.c parsing code. */ static u_int8_t parse_geoip_cc(const char *ccstr, u_int16_t *cc, struct geoip_info **mem) { - char *buffer, *cp, *next; - u_int8_t i, count = 0; - u_int16_t cctmp; + char *buffer, *cp, *next; + u_int8_t i, count = 0; + u_int16_t cctmp; - buffer = strdup(ccstr); - if (!buffer) exit_error(OTHER_PROBLEM, - "geoip: insufficient memory available"); + buffer = strdup(ccstr); + if (!buffer) + exit_error(OTHER_PROBLEM, + "geoip: insufficient memory available"); - for (cp = buffer, i = 0; cp && i < XT_GEOIP_MAX; cp = next, i++) - { - next = strchr(cp, ','); - if (next) *next++ = '\0'; - - if ((cctmp = check_geoip_cc(cp, cc, count)) != 0) { - if ((mem[count++] = load_geoip_cc(cctmp)) == NULL) - exit_error(OTHER_PROBLEM, - "geoip: insufficient memory available"); - cc[count-1] = cctmp; - } - } - - if (cp) exit_error(PARAMETER_PROBLEM, - "geoip: too many countries specified"); - free(buffer); + for (cp = buffer, i = 0; cp && i < XT_GEOIP_MAX; cp = next, i++) + { + next = strchr(cp, ','); + if (next) *next++ = '\0'; - if (count == 0) exit_error(PARAMETER_PROBLEM, - "geoip: don't know what happened"); - - return count; + if ((cctmp = check_geoip_cc(cp, cc, count)) != 0) { + if ((mem[count++] = load_geoip_cc(cctmp)) == NULL) + exit_error(OTHER_PROBLEM, + "geoip: insufficient memory available"); + cc[count-1] = cctmp; + } + } + + if (cp) + exit_error(PARAMETER_PROBLEM, + "geoip: too many countries specified"); + free(buffer); + + if (count == 0) + exit_error(PARAMETER_PROBLEM, + "geoip: don't know what happened"); + + return count; } -static int -geoip_parse(int c, char **argv, int invert, unsigned int *flags, - const void *entry, struct xt_entry_match **match) +static int geoip_parse(int c, char **argv, int invert, unsigned int *flags, + const void *entry, struct xt_entry_match **match) { - struct xt_geoip_match_info *info = (void *)(*match)->data; - - switch(c) { - case '1': - // Ensure that XT_GEOIP_SRC *OR* XT_GEOIP_DST haven't been used yet. - if (*flags & (XT_GEOIP_SRC | XT_GEOIP_DST)) - exit_error(PARAMETER_PROBLEM, - "geoip: only use --source-country *OR* --destination-country once!"); - - *flags |= XT_GEOIP_SRC; - break; - - case '2': - // Ensure that XT_GEOIP_SRC *OR* XT_GEOIP_DST haven't been used yet. - if (*flags & (XT_GEOIP_SRC | XT_GEOIP_DST)) - exit_error(PARAMETER_PROBLEM, - "geoip: only use --source-country *OR* --destination-country once!"); - - *flags |= XT_GEOIP_DST; - break; - - default: - return 0; - } - - if (invert) - *flags |= XT_GEOIP_INV; - - info->count = parse_geoip_cc(argv[optind-1], info->cc, info->mem); - info->flags = *flags; - return 1; + struct xt_geoip_match_info *info = (void *)(*match)->data; + + switch(c) { + case '1': + // Ensure that XT_GEOIP_SRC *OR* XT_GEOIP_DST haven't been used yet. + if (*flags & (XT_GEOIP_SRC | XT_GEOIP_DST)) + exit_error(PARAMETER_PROBLEM, + "geoip: only use --source-country *OR* --destination-country once!"); + + *flags |= XT_GEOIP_SRC; + break; + + case '2': + // Ensure that XT_GEOIP_SRC *OR* XT_GEOIP_DST haven't been used yet. + if (*flags & (XT_GEOIP_SRC | XT_GEOIP_DST)) + exit_error(PARAMETER_PROBLEM, + "geoip: only use --source-country *OR* --destination-country once!"); + + *flags |= XT_GEOIP_DST; + break; + + default: + return 0; + } + + if (invert) + *flags |= XT_GEOIP_INV; + + info->count = parse_geoip_cc(argv[optind-1], info->cc, info->mem); + info->flags = *flags; + return 1; } -static void +static void geoip_final_check(unsigned int flags) { - if (!flags) - exit_error(PARAMETER_PROBLEM, - "geoip: missing arguments"); + if (!flags) + exit_error(PARAMETER_PROBLEM, + "geoip: missing arguments"); } -static void +static void geoip_print(const void *ip, const struct xt_entry_match *match, int numeric) { - const struct xt_geoip_match_info *info = (void*)match->data; - - u_int8_t i; - - if (info->flags & XT_GEOIP_SRC) - printf("Source "); - else printf("Destination "); - - if (info->count > 1) - printf("countries: "); - else printf("country: "); - - if (info->flags & XT_GEOIP_INV) - printf("! "); - - for (i = 0; i < info->count; i++) - printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i])); - printf(" "); + const struct xt_geoip_match_info *info = (void*)match->data; + + u_int8_t i; + + if (info->flags & XT_GEOIP_SRC) + printf("Source "); + else + printf("Destination "); + + if (info->count > 1) + printf("countries: "); + else + printf("country: "); + + if (info->flags & XT_GEOIP_INV) + printf("! "); + + for (i = 0; i < info->count; i++) + printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i])); + printf(" "); } -static void +static void geoip_save(const void *ip, const struct xt_entry_match *match) { - const struct xt_geoip_match_info *info = (void *)match->data; - u_int8_t i; + const struct xt_geoip_match_info *info = (void *)match->data; + u_int8_t i; - if (info->flags & XT_GEOIP_INV) - printf("! "); - - if (info->flags & XT_GEOIP_SRC) - printf("--source-country "); - else printf("--destination-country "); - - for (i = 0; i < info->count; i++) - printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i])); - printf(" "); + if (info->flags & XT_GEOIP_INV) + printf("! "); + + if (info->flags & XT_GEOIP_SRC) + printf("--source-country "); + else + printf("--destination-country "); + + for (i = 0; i < info->count; i++) + printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i])); + printf(" "); } static struct xtables_match geoip_match = { - .family = AF_INET, - .name = "geoip", - .version = XTABLES_VERSION, - .size = XT_ALIGN(sizeof(struct xt_geoip_match_info)), - .userspacesize = XT_ALIGN(offsetof(struct xt_geoip_match_info, mem)), - .help = geoip_help, - .parse = geoip_parse, - .final_check = geoip_final_check, - .print = geoip_print, - .save = geoip_save, - .extra_opts = geoip_opts + .family = AF_INET, + .name = "geoip", + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_geoip_match_info)), + .userspacesize = XT_ALIGN(offsetof(struct xt_geoip_match_info, mem)), + .help = geoip_help, + .parse = geoip_parse, + .final_check = geoip_final_check, + .print = geoip_print, + .save = geoip_save, + .extra_opts = geoip_opts, }; -void _init(void) +static void _init(void) { xtables_register_match(&geoip_match); } diff --git a/extensions/xt_geoip.c b/extensions/xt_geoip.c index 953dede..ecb38f7 100644 --- a/extensions/xt_geoip.c +++ b/extensions/xt_geoip.c @@ -1,5 +1,5 @@ /* iptables kernel module for the geoip match - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -32,194 +32,185 @@ static spinlock_t geoip_lock = SPIN_LOCK_UNLOCKED; static struct geoip_info *add_node(struct geoip_info *memcpy) { - struct geoip_info *p = kmalloc(sizeof(struct geoip_info), GFP_KERNEL); + struct geoip_info *p = kmalloc(sizeof(struct geoip_info), GFP_KERNEL); - struct geoip_subnet *s; - - if ((p == NULL) || (copy_from_user(p, memcpy, sizeof(struct geoip_info)) != 0)) - return NULL; + struct geoip_subnet *s; - s = kmalloc(p->count * sizeof(struct geoip_subnet), GFP_KERNEL); - if ((s == NULL) || (copy_from_user(s, p->subnets, p->count * sizeof(struct geoip_subnet)) != 0)) - return NULL; - - spin_lock_bh(&geoip_lock); + if ((p == NULL) || (copy_from_user(p, memcpy, sizeof(struct geoip_info)) != 0)) + return NULL; - p->subnets = s; - p->ref = 1; - p->next = head; - p->prev = NULL; - if (p->next) p->next->prev = p; - head = p; + s = kmalloc(p->count * sizeof(struct geoip_subnet), GFP_KERNEL); + if ((s == NULL) || (copy_from_user(s, p->subnets, p->count * sizeof(struct geoip_subnet)) != 0)) + return NULL; - spin_unlock_bh(&geoip_lock); - return p; + spin_lock_bh(&geoip_lock); + + p->subnets = s; + p->ref = 1; + p->next = head; + p->prev = NULL; + if (p->next) + p->next->prev = p; + head = p; + + spin_unlock_bh(&geoip_lock); + return p; } static void remove_node(struct geoip_info *p) - { - spin_lock_bh(&geoip_lock); - - if (p->next) { /* Am I following a node ? */ - p->next->prev = p->prev; - if (p->prev) p->prev->next = p->next; /* Is there a node behind me ? */ - else head = p->next; /* No? Then I was the head */ - } - - else - if (p->prev) /* Is there a node behind me ? */ - p->prev->next = NULL; - else - head = NULL; /* No, we're alone */ +{ + spin_lock_bh(&geoip_lock); - /* So now am unlinked or the only one alive, right ? - * What are you waiting ? Free up some memory! - */ + if (p->next) { /* Am I following a node ? */ + p->next->prev = p->prev; + if (p->prev) p->prev->next = p->next; /* Is there a node behind me ? */ + else head = p->next; /* No? Then I was the head */ + } - kfree(p->subnets); - kfree(p); - - spin_unlock_bh(&geoip_lock); - return; + else + if (p->prev) /* Is there a node behind me ? */ + p->prev->next = NULL; + else + head = NULL; /* No, we're alone */ + + /* So now am unlinked or the only one alive, right ? + * What are you waiting ? Free up some memory! + */ + + kfree(p->subnets); + kfree(p); + + spin_unlock_bh(&geoip_lock); + return; } static struct geoip_info *find_node(u_int16_t cc) { - struct geoip_info *p = head; - spin_lock_bh(&geoip_lock); - - while (p) { - if (p->cc == cc) { - spin_unlock_bh(&geoip_lock); - return p; - } - p = p->next; - } - spin_unlock_bh(&geoip_lock); - return NULL; + struct geoip_info *p = head; + spin_lock_bh(&geoip_lock); + + while (p) { + if (p->cc == cc) { + spin_unlock_bh(&geoip_lock); + return p; + } + p = p->next; + } + spin_unlock_bh(&geoip_lock); + return NULL; } -static bool xt_geoip_mt(const struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - const struct xt_match *match, - const void *matchinfo, - int offset, - unsigned int protoff, - bool *hotdrop) +static bool xt_geoip_mt(const struct sk_buff *skb, const struct net_device *in, + const struct net_device *out, const struct xt_match *match, + const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) { - const struct xt_geoip_match_info *info = matchinfo; - const struct geoip_info *node; /* This keeps the code sexy */ - const struct iphdr *iph = ip_hdr(skb); - u_int32_t ip, i, j; + const struct xt_geoip_match_info *info = matchinfo; + const struct geoip_info *node; /* This keeps the code sexy */ + const struct iphdr *iph = ip_hdr(skb); + u_int32_t ip, i, j; - if (info->flags & XT_GEOIP_SRC) - ip = ntohl(iph->saddr); - else - ip = ntohl(iph->daddr); + if (info->flags & XT_GEOIP_SRC) + ip = ntohl(iph->saddr); + else + ip = ntohl(iph->daddr); - spin_lock_bh(&geoip_lock); - for (i = 0; i < info->count; i++) { - if ((node = info->mem[i]) == NULL) { - printk(KERN_ERR "xt_geoip: what the hell ?? '%c%c' isn't loaded into memory... skip it!\n", - COUNTRY(info->cc[i])); - - continue; - } + spin_lock_bh(&geoip_lock); + for (i = 0; i < info->count; i++) { + if ((node = info->mem[i]) == NULL) { + printk(KERN_ERR "xt_geoip: what the hell ?? '%c%c' isn't loaded into memory... skip it!\n", + COUNTRY(info->cc[i])); - for (j = 0; j < node->count; j++) - if ((ip > node->subnets[j].begin) && (ip < node->subnets[j].end)) { - spin_unlock_bh(&geoip_lock); - return (info->flags & XT_GEOIP_INV) ? 0 : 1; - } - } - - spin_unlock_bh(&geoip_lock); - return (info->flags & XT_GEOIP_INV) ? 1 : 0; + continue; + } + + for (j = 0; j < node->count; j++) + if ((ip > node->subnets[j].begin) && (ip < node->subnets[j].end)) { + spin_unlock_bh(&geoip_lock); + return (info->flags & XT_GEOIP_INV) ? 0 : 1; + } + } + + spin_unlock_bh(&geoip_lock); + return (info->flags & XT_GEOIP_INV) ? 1 : 0; } -static bool xt_geoip_mt_checkentry(const char *tablename, - const void *ip, - const struct xt_match *match, - void *matchinfo, - unsigned int hook_mas) +static bool xt_geoip_mt_checkentry(const char *table, const void *entry, + const struct xt_match *match, void *matchinfo, unsigned int hook_mask) { - - struct xt_geoip_match_info *info = matchinfo; - struct geoip_info *node; - u_int8_t i; + struct xt_geoip_match_info *info = matchinfo; + struct geoip_info *node; + u_int8_t i; - for (i = 0; i < info->count; i++) { - - if ((node = find_node(info->cc[i])) != NULL) - atomic_inc((atomic_t *)&node->ref); //increase the reference - else - if ((node = add_node(info->mem[i])) == NULL) { - printk(KERN_ERR - "xt_geoip: unable to load '%c%c' into memory\n", - COUNTRY(info->cc[i])); - return 0; - } + for (i = 0; i < info->count; i++) { - /* Overwrite the now-useless pointer info->mem[i] with - * a pointer to the node's kernelspace structure. - * This avoids searching for a node in the match() and - * destroy() functions. - */ - info->mem[i] = node; - } + if ((node = find_node(info->cc[i])) != NULL) + atomic_inc((atomic_t *)&node->ref); //increase the reference + else + if ((node = add_node(info->mem[i])) == NULL) { + printk(KERN_ERR + "xt_geoip: unable to load '%c%c' into memory\n", + COUNTRY(info->cc[i])); + return 0; + } - return 1; + /* Overwrite the now-useless pointer info->mem[i] with + * a pointer to the node's kernelspace structure. + * This avoids searching for a node in the match() and + * destroy() functions. + */ + info->mem[i] = node; + } + + return 1; } -static void xt_geoip_mt_destroy(const struct xt_match *matcn, - void *matchinfo) +static void xt_geoip_mt_destroy(const struct xt_match *match, void *matchinfo) { - struct xt_geoip_match_info *info = matchinfo; - struct geoip_info *node; /* this keeps the code sexy */ - u_int8_t i; - - /* This entry has been removed from the table so - * decrease the refcount of all countries it is - * using. - */ - - for (i = 0; i < info->count; i++) - if ((node = info->mem[i]) != NULL) { - atomic_dec((atomic_t *)&node->ref); + struct xt_geoip_match_info *info = matchinfo; + struct geoip_info *node; /* this keeps the code sexy */ + u_int8_t i; - /* Free up some memory if that node isn't used - * anymore. */ - if (node->ref < 1) - remove_node(node); - } - else - /* Something strange happened. There's no memory allocated for this - * country. Please send this bug to the mailing list. */ - printk(KERN_ERR - "xt_geoip: What happened peejix ? What happened acidfu ?\n" - "xt_geoip: please report this bug to the maintainers\n"); - return; + /* This entry has been removed from the table so + * decrease the refcount of all countries it is + * using. + */ + + for (i = 0; i < info->count; i++) + if ((node = info->mem[i]) != NULL) { + atomic_dec((atomic_t *)&node->ref); + + /* Free up some memory if that node isn't used + * anymore. */ + if (node->ref < 1) + remove_node(node); + } + else + /* Something strange happened. There's no memory allocated for this + * country. Please send this bug to the mailing list. */ + printk(KERN_ERR + "xt_geoip: What happened peejix ? What happened acidfu ?\n" + "xt_geoip: please report this bug to the maintainers\n"); + return; } static struct xt_match xt_geoip_match __read_mostly = { - .family = AF_INET, - .name = "geoip", - .match = &xt_geoip_mt, - .checkentry = &xt_geoip_mt_checkentry, - .destroy = &xt_geoip_mt_destroy, - .matchsize = sizeof(struct xt_geoip_match_info), - .me = THIS_MODULE, + .family = AF_INET, + .name = "geoip", + .match = xt_geoip_mt, + .checkentry = xt_geoip_mt_checkentry, + .destroy = xt_geoip_mt_destroy, + .matchsize = sizeof(struct xt_geoip_match_info), + .me = THIS_MODULE, }; static int __init xt_geoip_mt_init(void) { - return xt_register_match(&xt_geoip_match); + return xt_register_match(&xt_geoip_match); } static void __exit xt_geoip_mt_fini(void) { - xt_unregister_match(&xt_geoip_match); + xt_unregister_match(&xt_geoip_match); } module_init(xt_geoip_mt_init); diff --git a/extensions/xt_geoip.h b/extensions/xt_geoip.h index 8169f6d..e99bfd7 100644 --- a/extensions/xt_geoip.h +++ b/extensions/xt_geoip.h @@ -1,5 +1,5 @@ /* ipt_geoip.h header file for libipt_geoip.c and ipt_geoip.c - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -10,8 +10,8 @@ * Samuel Jean * Nicolas Bouliane */ -#ifndef _XT_GEOIP_H -#define _XT_GEOIP_H +#ifndef _LINUX_NETFILTER_XT_GEOIP_H +#define _LINUX_NETFILTER_XT_GEOIP_H 1 #define XT_GEOIP_SRC 0x01 /* Perform check on Source IP */ #define XT_GEOIP_DST 0x02 /* Perform check on Destination IP */ @@ -20,29 +20,28 @@ #define XT_GEOIP_MAX 15 /* Maximum of countries */ struct geoip_subnet { - u_int32_t begin; - u_int32_t end; + u_int32_t begin; + u_int32_t end; }; struct geoip_info { - struct geoip_subnet *subnets; - u_int32_t count; - u_int32_t ref; - u_int16_t cc; - struct geoip_info *next; - struct geoip_info *prev; + struct geoip_subnet *subnets; + u_int32_t count; + u_int32_t ref; + u_int16_t cc; + struct geoip_info *next; + struct geoip_info *prev; }; struct xt_geoip_match_info { - u_int8_t flags; - u_int8_t count; - u_int16_t cc[XT_GEOIP_MAX]; + u_int8_t flags; + u_int8_t count; + u_int16_t cc[XT_GEOIP_MAX]; - /* Used internally by the kernel */ - struct geoip_info *mem[XT_GEOIP_MAX]; + /* Used internally by the kernel */ + struct geoip_info *mem[XT_GEOIP_MAX]; }; #define COUNTRY(cc) (cc >> 8), (cc & 0x00FF) -#endif - +#endif /* _LINUX_NETFILTER_XT_GEOIP_H */