mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-11 07:04:57 +02:00
pknock: rename struct ipt_pknock -> xt_pknock_mtinfo
Streamline symbols; use xt_*_mtinfo as other modules do.
This commit is contained in:
Jan Engelhardt
@@ -115,7 +115,7 @@ __pknock_parse(int c, char **argv, int invert, unsigned int *flags,
|
|||||||
uint16_t invflags)
|
uint16_t invflags)
|
||||||
{
|
{
|
||||||
const char *proto;
|
const char *proto;
|
||||||
struct ipt_pknock *info = (struct ipt_pknock *) (*match)->data;
|
struct xt_pknock_mtinfo *info = (void *)(*match)->data;
|
||||||
|
|
||||||
switch (c) {
|
switch (c) {
|
||||||
case 'k': /* --knockports */
|
case 'k': /* --knockports */
|
||||||
@@ -286,11 +286,9 @@ static void pknock_check(unsigned int flags)
|
|||||||
static void pknock_print(const void *ip,
|
static void pknock_print(const void *ip,
|
||||||
const struct xt_entry_match *match, int numeric)
|
const struct xt_entry_match *match, int numeric)
|
||||||
{
|
{
|
||||||
const struct ipt_pknock *info;
|
const struct xt_pknock_mtinfo *info = (void *)match->data;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
info = (const struct ipt_pknock *)match->data;
|
|
||||||
|
|
||||||
printf("pknock ");
|
printf("pknock ");
|
||||||
if (info->option & IPT_PKNOCK_KNOCKPORT) {
|
if (info->option & IPT_PKNOCK_KNOCKPORT) {
|
||||||
printf("knockports ");
|
printf("knockports ");
|
||||||
@@ -312,7 +310,7 @@ static void pknock_print(const void *ip,
|
|||||||
static void pknock_save(const void *ip, const struct xt_entry_match *match)
|
static void pknock_save(const void *ip, const struct xt_entry_match *match)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
const struct ipt_pknock *info = (const struct ipt_pknock *)match->data;
|
const struct xt_pknock_mtinfo *info = (void *)match->data;
|
||||||
|
|
||||||
if (info->option & IPT_PKNOCK_KNOCKPORT) {
|
if (info->option & IPT_PKNOCK_KNOCKPORT) {
|
||||||
printf("--knockports ");
|
printf("--knockports ");
|
||||||
@@ -339,8 +337,8 @@ static struct xtables_match pknock_match = {
|
|||||||
.version = XTABLES_VERSION,
|
.version = XTABLES_VERSION,
|
||||||
.revision = 1,
|
.revision = 1,
|
||||||
.family = AF_INET,
|
.family = AF_INET,
|
||||||
.size = XT_ALIGN(sizeof (struct ipt_pknock)),
|
.size = XT_ALIGN(sizeof(struct xt_pknock_mtinfo)),
|
||||||
.userspacesize = XT_ALIGN(sizeof (struct ipt_pknock)),
|
.userspacesize = XT_ALIGN(sizeof(struct xt_pknock_mtinfo)),
|
||||||
.help = pknock_help,
|
.help = pknock_help,
|
||||||
.parse = pknock_parse,
|
.parse = pknock_parse,
|
||||||
.final_check = pknock_check,
|
.final_check = pknock_check,
|
||||||
|
|||||||
@@ -162,7 +162,7 @@ static void *
|
|||||||
pknock_seq_start(struct seq_file *s, loff_t *pos)
|
pknock_seq_start(struct seq_file *s, loff_t *pos)
|
||||||
{
|
{
|
||||||
const struct proc_dir_entry *pde = s->private;
|
const struct proc_dir_entry *pde = s->private;
|
||||||
const struct ipt_pknock_rule *rule = pde->data;
|
const struct xt_pknock_rule *rule = pde->data;
|
||||||
|
|
||||||
spin_lock_bh(&list_lock);
|
spin_lock_bh(&list_lock);
|
||||||
|
|
||||||
@@ -182,7 +182,7 @@ static void *
|
|||||||
pknock_seq_next(struct seq_file *s, void *v, loff_t *pos)
|
pknock_seq_next(struct seq_file *s, void *v, loff_t *pos)
|
||||||
{
|
{
|
||||||
const struct proc_dir_entry *pde = s->private;
|
const struct proc_dir_entry *pde = s->private;
|
||||||
const struct ipt_pknock_rule *rule = pde->data;
|
const struct xt_pknock_rule *rule = pde->data;
|
||||||
|
|
||||||
(*pos)++;
|
(*pos)++;
|
||||||
if (*pos >= peer_hashsize)
|
if (*pos >= peer_hashsize)
|
||||||
@@ -217,7 +217,7 @@ pknock_seq_show(struct seq_file *s, void *v)
|
|||||||
const struct list_head *peer_head = v;
|
const struct list_head *peer_head = v;
|
||||||
|
|
||||||
const struct proc_dir_entry *pde = s->private;
|
const struct proc_dir_entry *pde = s->private;
|
||||||
const struct ipt_pknock_rule *rule = pde->data;
|
const struct xt_pknock_rule *rule = pde->data;
|
||||||
|
|
||||||
list_for_each_safe(pos, n, peer_head) {
|
list_for_each_safe(pos, n, peer_head) {
|
||||||
peer = list_entry(pos, struct peer, head);
|
peer = list_entry(pos, struct peer, head);
|
||||||
@@ -273,7 +273,7 @@ static const struct file_operations pknock_proc_ops = {
|
|||||||
*
|
*
|
||||||
* @rule
|
* @rule
|
||||||
*/
|
*/
|
||||||
static void update_rule_timer(struct ipt_pknock_rule *rule)
|
static void update_rule_timer(struct xt_pknock_rule *rule)
|
||||||
{
|
{
|
||||||
if (timer_pending(&rule->timer))
|
if (timer_pending(&rule->timer))
|
||||||
del_timer(&rule->timer);
|
del_timer(&rule->timer);
|
||||||
@@ -313,7 +313,7 @@ static void
|
|||||||
peer_gc(unsigned long r)
|
peer_gc(unsigned long r)
|
||||||
{
|
{
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
struct ipt_pknock_rule *rule = (struct ipt_pknock_rule *)r;
|
struct xt_pknock_rule *rule = (struct xt_pknock_rule *)r;
|
||||||
struct peer *peer;
|
struct peer *peer;
|
||||||
struct list_head *pos, *n;
|
struct list_head *pos, *n;
|
||||||
|
|
||||||
@@ -338,7 +338,7 @@ peer_gc(unsigned long r)
|
|||||||
* @return: 0 equals, 1 otherwise
|
* @return: 0 equals, 1 otherwise
|
||||||
*/
|
*/
|
||||||
static inline bool
|
static inline bool
|
||||||
rulecmp(const struct ipt_pknock *info, const struct ipt_pknock_rule *rule)
|
rulecmp(const struct xt_pknock_mtinfo *info, const struct xt_pknock_rule *rule)
|
||||||
{
|
{
|
||||||
if (info->rule_name_len != rule->rule_name_len)
|
if (info->rule_name_len != rule->rule_name_len)
|
||||||
return true;
|
return true;
|
||||||
@@ -353,15 +353,15 @@ rulecmp(const struct ipt_pknock *info, const struct ipt_pknock_rule *rule)
|
|||||||
* @info
|
* @info
|
||||||
* @return: rule or NULL
|
* @return: rule or NULL
|
||||||
*/
|
*/
|
||||||
static struct ipt_pknock_rule *search_rule(const struct ipt_pknock *info)
|
static struct xt_pknock_rule *search_rule(const struct xt_pknock_mtinfo *info)
|
||||||
{
|
{
|
||||||
struct ipt_pknock_rule *rule;
|
struct xt_pknock_rule *rule;
|
||||||
struct list_head *pos, *n;
|
struct list_head *pos, *n;
|
||||||
unsigned int hash = pknock_hash(info->rule_name, info->rule_name_len,
|
unsigned int hash = pknock_hash(info->rule_name, info->rule_name_len,
|
||||||
ipt_pknock_hash_rnd, rule_hashsize);
|
ipt_pknock_hash_rnd, rule_hashsize);
|
||||||
|
|
||||||
list_for_each_safe(pos, n, &rule_hashtable[hash]) {
|
list_for_each_safe(pos, n, &rule_hashtable[hash]) {
|
||||||
rule = list_entry(pos, struct ipt_pknock_rule, head);
|
rule = list_entry(pos, struct xt_pknock_rule, head);
|
||||||
if (rulecmp(info, rule))
|
if (rulecmp(info, rule))
|
||||||
return rule;
|
return rule;
|
||||||
}
|
}
|
||||||
@@ -375,15 +375,15 @@ static struct ipt_pknock_rule *search_rule(const struct ipt_pknock *info)
|
|||||||
* @return: 1 success, 0 failure
|
* @return: 1 success, 0 failure
|
||||||
*/
|
*/
|
||||||
static bool
|
static bool
|
||||||
add_rule(struct ipt_pknock *info)
|
add_rule(struct xt_pknock_mtinfo *info)
|
||||||
{
|
{
|
||||||
struct ipt_pknock_rule *rule;
|
struct xt_pknock_rule *rule;
|
||||||
struct list_head *pos, *n;
|
struct list_head *pos, *n;
|
||||||
unsigned int hash = pknock_hash(info->rule_name, info->rule_name_len,
|
unsigned int hash = pknock_hash(info->rule_name, info->rule_name_len,
|
||||||
ipt_pknock_hash_rnd, rule_hashsize);
|
ipt_pknock_hash_rnd, rule_hashsize);
|
||||||
|
|
||||||
list_for_each_safe(pos, n, &rule_hashtable[hash]) {
|
list_for_each_safe(pos, n, &rule_hashtable[hash]) {
|
||||||
rule = list_entry(pos, struct ipt_pknock_rule, head);
|
rule = list_entry(pos, struct xt_pknock_rule, head);
|
||||||
|
|
||||||
if (rulecmp(info, rule)) {
|
if (rulecmp(info, rule)) {
|
||||||
rule->ref_count++;
|
rule->ref_count++;
|
||||||
@@ -444,9 +444,9 @@ add_rule(struct ipt_pknock *info)
|
|||||||
* @info
|
* @info
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
remove_rule(struct ipt_pknock *info)
|
remove_rule(struct xt_pknock_mtinfo *info)
|
||||||
{
|
{
|
||||||
struct ipt_pknock_rule *rule = NULL;
|
struct xt_pknock_rule *rule = NULL;
|
||||||
struct list_head *pos, *n;
|
struct list_head *pos, *n;
|
||||||
struct peer *peer;
|
struct peer *peer;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
@@ -457,7 +457,7 @@ remove_rule(struct ipt_pknock *info)
|
|||||||
if (list_empty(&rule_hashtable[hash])) return;
|
if (list_empty(&rule_hashtable[hash])) return;
|
||||||
|
|
||||||
list_for_each_safe(pos, n, &rule_hashtable[hash]) {
|
list_for_each_safe(pos, n, &rule_hashtable[hash]) {
|
||||||
rule = list_entry(pos, struct ipt_pknock_rule, head);
|
rule = list_entry(pos, struct xt_pknock_rule, head);
|
||||||
|
|
||||||
if (rulecmp(info, rule)) {
|
if (rulecmp(info, rule)) {
|
||||||
found = 1;
|
found = 1;
|
||||||
@@ -499,7 +499,7 @@ remove_rule(struct ipt_pknock *info)
|
|||||||
* @ip
|
* @ip
|
||||||
* @return: peer or NULL
|
* @return: peer or NULL
|
||||||
*/
|
*/
|
||||||
static struct peer *get_peer(struct ipt_pknock_rule *rule, uint32_t ip)
|
static struct peer *get_peer(struct xt_pknock_rule *rule, uint32_t ip)
|
||||||
{
|
{
|
||||||
struct peer *peer;
|
struct peer *peer;
|
||||||
struct list_head *pos, *n;
|
struct list_head *pos, *n;
|
||||||
@@ -560,7 +560,7 @@ static struct peer *new_peer(uint32_t ip, uint8_t proto)
|
|||||||
* @peer
|
* @peer
|
||||||
* @rule
|
* @rule
|
||||||
*/
|
*/
|
||||||
static void add_peer(struct peer *peer, struct ipt_pknock_rule *rule)
|
static void add_peer(struct peer *peer, struct xt_pknock_rule *rule)
|
||||||
{
|
{
|
||||||
unsigned int hash = pknock_hash(&peer->ip, sizeof(peer->ip),
|
unsigned int hash = pknock_hash(&peer->ip, sizeof(peer->ip),
|
||||||
ipt_pknock_hash_rnd, peer_hashsize);
|
ipt_pknock_hash_rnd, peer_hashsize);
|
||||||
@@ -586,7 +586,7 @@ static void remove_peer(struct peer *peer)
|
|||||||
* @return: 1 success, 0 failure
|
* @return: 1 success, 0 failure
|
||||||
*/
|
*/
|
||||||
static inline bool
|
static inline bool
|
||||||
is_first_knock(const struct peer *peer, const struct ipt_pknock *info,
|
is_first_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info,
|
||||||
uint16_t port)
|
uint16_t port)
|
||||||
{
|
{
|
||||||
return peer == NULL && info->port[0] == port;
|
return peer == NULL && info->port[0] == port;
|
||||||
@@ -599,7 +599,7 @@ is_first_knock(const struct peer *peer, const struct ipt_pknock *info,
|
|||||||
* @return: 1 success, 0 failure
|
* @return: 1 success, 0 failure
|
||||||
*/
|
*/
|
||||||
static inline bool
|
static inline bool
|
||||||
is_wrong_knock(const struct peer *peer, const struct ipt_pknock *info,
|
is_wrong_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info,
|
||||||
uint16_t port)
|
uint16_t port)
|
||||||
{
|
{
|
||||||
return peer != NULL && info->port[peer->id_port_knocked-1] != port;
|
return peer != NULL && info->port[peer->id_port_knocked-1] != port;
|
||||||
@@ -611,7 +611,7 @@ is_wrong_knock(const struct peer *peer, const struct ipt_pknock *info,
|
|||||||
* @return: 1 success, 0 failure
|
* @return: 1 success, 0 failure
|
||||||
*/
|
*/
|
||||||
static inline bool
|
static inline bool
|
||||||
is_last_knock(const struct peer *peer, const struct ipt_pknock *info)
|
is_last_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info)
|
||||||
{
|
{
|
||||||
return peer != NULL && peer->id_port_knocked - 1 == info->ports_count;
|
return peer != NULL && peer->id_port_knocked - 1 == info->ports_count;
|
||||||
}
|
}
|
||||||
@@ -634,11 +634,11 @@ is_allowed(const struct peer *peer)
|
|||||||
* @return: 1 success, 0 otherwise
|
* @return: 1 success, 0 otherwise
|
||||||
*/
|
*/
|
||||||
static bool
|
static bool
|
||||||
msg_to_userspace_nl(const struct ipt_pknock *info,
|
msg_to_userspace_nl(const struct xt_pknock_mtinfo *info,
|
||||||
const struct peer *peer, int multicast_group)
|
const struct peer *peer, int multicast_group)
|
||||||
{
|
{
|
||||||
struct cn_msg *m;
|
struct cn_msg *m;
|
||||||
struct ipt_pknock_nl_msg msg;
|
struct xt_pknock_nl_msg msg;
|
||||||
|
|
||||||
m = kmalloc(sizeof(*m) + sizeof(msg), GFP_ATOMIC);
|
m = kmalloc(sizeof(*m) + sizeof(msg), GFP_ATOMIC);
|
||||||
if (m == NULL) {
|
if (m == NULL) {
|
||||||
@@ -771,7 +771,7 @@ has_secret(const unsigned char *secret, unsigned int secret_len, uint32_t ipsrc,
|
|||||||
* @return: 1 if pass security, 0 otherwise
|
* @return: 1 if pass security, 0 otherwise
|
||||||
*/
|
*/
|
||||||
static bool
|
static bool
|
||||||
pass_security(struct peer *peer, const struct ipt_pknock *info,
|
pass_security(struct peer *peer, const struct xt_pknock_mtinfo *info,
|
||||||
const unsigned char *payload, unsigned int payload_len)
|
const unsigned char *payload, unsigned int payload_len)
|
||||||
{
|
{
|
||||||
if (is_allowed(peer))
|
if (is_allowed(peer))
|
||||||
@@ -803,8 +803,8 @@ pass_security(struct peer *peer, const struct ipt_pknock *info,
|
|||||||
* @return: 1 if allowed, 0 otherwise
|
* @return: 1 if allowed, 0 otherwise
|
||||||
*/
|
*/
|
||||||
static bool
|
static bool
|
||||||
update_peer(struct peer *peer, const struct ipt_pknock *info,
|
update_peer(struct peer *peer, const struct xt_pknock_mtinfo *info,
|
||||||
struct ipt_pknock_rule *rule,
|
struct xt_pknock_rule *rule,
|
||||||
const struct transport_data *hdr)
|
const struct transport_data *hdr)
|
||||||
{
|
{
|
||||||
unsigned long time;
|
unsigned long time;
|
||||||
@@ -879,7 +879,7 @@ update_peer(struct peer *peer, const struct ipt_pknock *info,
|
|||||||
* @return: 1 if close knock, 0 otherwise
|
* @return: 1 if close knock, 0 otherwise
|
||||||
*/
|
*/
|
||||||
static bool
|
static bool
|
||||||
is_close_knock(const struct peer *peer, const struct ipt_pknock *info,
|
is_close_knock(const struct peer *peer, const struct xt_pknock_mtinfo *info,
|
||||||
const unsigned char *payload, unsigned int payload_len)
|
const unsigned char *payload, unsigned int payload_len)
|
||||||
{
|
{
|
||||||
/* Check for CLOSE secret. */
|
/* Check for CLOSE secret. */
|
||||||
@@ -897,8 +897,8 @@ is_close_knock(const struct peer *peer, const struct ipt_pknock *info,
|
|||||||
static bool pknock_mt(const struct sk_buff *skb,
|
static bool pknock_mt(const struct sk_buff *skb,
|
||||||
const struct xt_match_param *par)
|
const struct xt_match_param *par)
|
||||||
{
|
{
|
||||||
const struct ipt_pknock *info = par->matchinfo;
|
const struct xt_pknock_mtinfo *info = par->matchinfo;
|
||||||
struct ipt_pknock_rule *rule;
|
struct xt_pknock_rule *rule;
|
||||||
struct peer *peer;
|
struct peer *peer;
|
||||||
const struct iphdr *iph = ip_hdr(skb);
|
const struct iphdr *iph = ip_hdr(skb);
|
||||||
unsigned int hdr_len = 0;
|
unsigned int hdr_len = 0;
|
||||||
@@ -999,7 +999,7 @@ out:
|
|||||||
|
|
||||||
static bool pknock_mt_check(const struct xt_mtchk_param *par)
|
static bool pknock_mt_check(const struct xt_mtchk_param *par)
|
||||||
{
|
{
|
||||||
struct ipt_pknock *info = par->matchinfo;
|
struct xt_pknock_mtinfo *info = par->matchinfo;
|
||||||
|
|
||||||
/* Singleton. */
|
/* Singleton. */
|
||||||
if (rule_hashtable == NULL) {
|
if (rule_hashtable == NULL) {
|
||||||
@@ -1073,7 +1073,7 @@ static bool pknock_mt_check(const struct xt_mtchk_param *par)
|
|||||||
|
|
||||||
static void pknock_mt_destroy(const struct xt_mtdtor_param *par)
|
static void pknock_mt_destroy(const struct xt_mtdtor_param *par)
|
||||||
{
|
{
|
||||||
struct ipt_pknock *info = par->matchinfo;
|
struct xt_pknock_mtinfo *info = par->matchinfo;
|
||||||
/* Removes a rule only if it exits and ref_count is equal to 0. */
|
/* Removes a rule only if it exits and ref_count is equal to 0. */
|
||||||
remove_rule(info);
|
remove_rule(info);
|
||||||
}
|
}
|
||||||
@@ -1082,7 +1082,7 @@ static struct xt_match xt_pknock_mt_reg __read_mostly = {
|
|||||||
.name = "pknock",
|
.name = "pknock",
|
||||||
.revision = 1,
|
.revision = 1,
|
||||||
.family = NFPROTO_IPV4,
|
.family = NFPROTO_IPV4,
|
||||||
.matchsize = sizeof (struct ipt_pknock),
|
.matchsize = sizeof(struct xt_pknock_mtinfo),
|
||||||
.match = pknock_mt,
|
.match = pknock_mt,
|
||||||
.checkentry = pknock_mt_check,
|
.checkentry = pknock_mt_check,
|
||||||
.destroy = pknock_mt_destroy,
|
.destroy = pknock_mt_destroy,
|
||||||
|
|||||||
@@ -27,7 +27,7 @@
|
|||||||
|
|
||||||
#define DEBUG 1
|
#define DEBUG 1
|
||||||
|
|
||||||
struct ipt_pknock {
|
struct xt_pknock_mtinfo {
|
||||||
char rule_name[IPT_PKNOCK_MAX_BUF_LEN + 1];
|
char rule_name[IPT_PKNOCK_MAX_BUF_LEN + 1];
|
||||||
uint32_t rule_name_len;
|
uint32_t rule_name_len;
|
||||||
char open_secret[IPT_PKNOCK_MAX_PASSWD_LEN + 1];
|
char open_secret[IPT_PKNOCK_MAX_PASSWD_LEN + 1];
|
||||||
@@ -40,7 +40,7 @@ struct ipt_pknock {
|
|||||||
uint32_t max_time; /* max matching time between ports */
|
uint32_t max_time; /* max matching time between ports */
|
||||||
};
|
};
|
||||||
|
|
||||||
struct ipt_pknock_nl_msg {
|
struct xt_pknock_nl_msg {
|
||||||
char rule_name[IPT_PKNOCK_MAX_BUF_LEN + 1];
|
char rule_name[IPT_PKNOCK_MAX_BUF_LEN + 1];
|
||||||
uint32_t peer_ip;
|
uint32_t peer_ip;
|
||||||
};
|
};
|
||||||
@@ -63,7 +63,7 @@ struct peer {
|
|||||||
|
|
||||||
#include <linux/proc_fs.h>
|
#include <linux/proc_fs.h>
|
||||||
|
|
||||||
struct ipt_pknock_rule {
|
struct xt_pknock_rule {
|
||||||
struct list_head head;
|
struct list_head head;
|
||||||
char rule_name[IPT_PKNOCK_MAX_BUF_LEN + 1];
|
char rule_name[IPT_PKNOCK_MAX_BUF_LEN + 1];
|
||||||
int rule_name_len;
|
int rule_name_len;
|
||||||
|
|||||||
Reference in New Issue
Block a user