mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-20 11:34:57 +02:00
ipset: upgrade to ipset 2.4.3
This commit is contained in:
Jan Engelhardt
@@ -15,7 +15,14 @@
|
||||
#include <linux/skbuff.h>
|
||||
#include <linux/version.h>
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
|
||||
#include <linux/netfilter_ipv4/ip_tables.h>
|
||||
#define xt_register_match ipt_register_match
|
||||
#define xt_unregister_match ipt_unregister_match
|
||||
#define xt_match ipt_match
|
||||
#else
|
||||
#include <linux/netfilter/x_tables.h>
|
||||
#endif
|
||||
#include "ip_set.h"
|
||||
#include "ipt_set.h"
|
||||
|
||||
@@ -29,24 +36,53 @@ match_set(const struct ipt_set_info *info,
|
||||
return inv;
|
||||
}
|
||||
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
|
||||
static bool
|
||||
#else
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
|
||||
static int
|
||||
#endif
|
||||
match(const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
|
||||
const struct xt_match *match,
|
||||
#endif
|
||||
const void *matchinfo,
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
|
||||
int offset, unsigned int protoff, bool *hotdrop)
|
||||
#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
|
||||
int offset, unsigned int protoff, int *hotdrop)
|
||||
#else
|
||||
int offset, int *hotdrop)
|
||||
int offset,
|
||||
const void *hdr,
|
||||
u_int16_t datalen,
|
||||
int *hotdrop)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
|
||||
static int
|
||||
match(const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const void *matchinfo,
|
||||
int offset,
|
||||
int *hotdrop)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
static int
|
||||
match(const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const void *matchinfo,
|
||||
int offset,
|
||||
unsigned int protoff,
|
||||
int *hotdrop)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
|
||||
static int
|
||||
match(const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const struct xt_match *match,
|
||||
const void *matchinfo,
|
||||
int offset,
|
||||
unsigned int protoff,
|
||||
int *hotdrop)
|
||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
|
||||
static bool
|
||||
match(const struct sk_buff *skb,
|
||||
const struct net_device *in,
|
||||
const struct net_device *out,
|
||||
const struct xt_match *match,
|
||||
const void *matchinfo,
|
||||
int offset,
|
||||
unsigned int protoff,
|
||||
bool *hotdrop)
|
||||
#endif
|
||||
{
|
||||
const struct ipt_set_info_match *info = matchinfo;
|
||||
@@ -56,30 +92,48 @@ match(const struct sk_buff *skb,
|
||||
info->match_set.flags[0] & IPSET_MATCH_INV);
|
||||
}
|
||||
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
|
||||
static bool
|
||||
#else
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,16)
|
||||
static int
|
||||
#endif
|
||||
checkentry(const char *tablename,
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
|
||||
const void *inf,
|
||||
#else
|
||||
const struct ipt_ip *ip,
|
||||
#endif
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
|
||||
const struct xt_match *match,
|
||||
#endif
|
||||
void *matchinfo,
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
unsigned int matchsize,
|
||||
#endif
|
||||
unsigned int hook_mask)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const void *inf,
|
||||
void *matchinfo,
|
||||
unsigned int matchsize,
|
||||
unsigned int hook_mask)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const void *inf,
|
||||
const struct xt_match *match,
|
||||
void *matchinfo,
|
||||
unsigned int matchsize,
|
||||
unsigned int hook_mask)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
|
||||
static int
|
||||
checkentry(const char *tablename,
|
||||
const void *inf,
|
||||
const struct xt_match *match,
|
||||
void *matchinfo,
|
||||
unsigned int hook_mask)
|
||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23) */
|
||||
static bool
|
||||
checkentry(const char *tablename,
|
||||
const void *inf,
|
||||
const struct xt_match *match,
|
||||
void *matchinfo,
|
||||
unsigned int hook_mask)
|
||||
#endif
|
||||
{
|
||||
struct ipt_set_info_match *info = matchinfo;
|
||||
ip_set_id_t index;
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
|
||||
ip_set_printk("invalid matchsize %d", matchsize);
|
||||
return 0;
|
||||
@@ -101,19 +155,21 @@ checkentry(const char *tablename,
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void destroy(
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
|
||||
const struct xt_match *match,
|
||||
#endif
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
void *matchinfo, unsigned int matchsize)
|
||||
#else
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
static void destroy(void *matchinfo,
|
||||
unsigned int matchsize)
|
||||
#elif LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
static void destroy(const struct xt_match *match,
|
||||
void *matchinfo,
|
||||
unsigned int matchsize)
|
||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) */
|
||||
static void destroy(const struct xt_match *match,
|
||||
void *matchinfo)
|
||||
#endif
|
||||
{
|
||||
struct ipt_set_info_match *info = matchinfo;
|
||||
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
if (matchsize != IPT_ALIGN(sizeof(struct ipt_set_info_match))) {
|
||||
ip_set_printk("invalid matchsize %d", matchsize);
|
||||
return;
|
||||
@@ -122,37 +178,38 @@ static void destroy(
|
||||
ip_set_put(info->match_set.index);
|
||||
}
|
||||
|
||||
static struct ipt_match set_match = {
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
|
||||
static struct xt_match set_match = {
|
||||
.name = "set",
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
|
||||
.family = AF_INET,
|
||||
#endif
|
||||
.match = &match,
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
|
||||
.matchsize = sizeof(struct ipt_set_info_match),
|
||||
#endif
|
||||
.checkentry = &checkentry,
|
||||
.destroy = &destroy,
|
||||
.me = THIS_MODULE
|
||||
};
|
||||
#else /* LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) */
|
||||
static struct xt_match set_match = {
|
||||
.name = "set",
|
||||
.family = AF_INET,
|
||||
.match = &match,
|
||||
.matchsize = sizeof(struct ipt_set_info_match),
|
||||
.checkentry = &checkentry,
|
||||
.destroy = &destroy,
|
||||
.me = THIS_MODULE
|
||||
};
|
||||
#endif
|
||||
|
||||
MODULE_LICENSE("GPL");
|
||||
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
|
||||
MODULE_DESCRIPTION("iptables IP set match module");
|
||||
|
||||
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
|
||||
#define ipt_register_match xt_register_match
|
||||
#define ipt_unregister_match xt_unregister_match
|
||||
#endif
|
||||
|
||||
static int __init ipt_ipset_init(void)
|
||||
{
|
||||
return ipt_register_match(&set_match);
|
||||
return xt_register_match(&set_match);
|
||||
}
|
||||
|
||||
static void __exit ipt_ipset_fini(void)
|
||||
{
|
||||
ipt_unregister_match(&set_match);
|
||||
xt_unregister_match(&set_match);
|
||||
}
|
||||
|
||||
module_init(ipt_ipset_init);
|
||||
|
||||
Reference in New Issue
Block a user