netfilter: xtables: move ipt_ecn to xt_ecn

Prepare the ECN match for augmentation by an IPv6 counterpart. Since
no symbol dependencies to ipv6.ko are added, having a single ecn match
module is the more so welcome.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Jan Engelhardt 2011-06-09 21:03:07 +02:00 committed by Pablo Neira Ayuso
parent c0d2b8376a
commit d446a8202c
8 changed files with 53 additions and 36 deletions

View File

@ -43,6 +43,7 @@ header-y += xt_cpu.h
header-y += xt_dccp.h
header-y += xt_devgroup.h
header-y += xt_dscp.h
header-y += xt_ecn.h
header-y += xt_esp.h
header-y += xt_hashlimit.h
header-y += xt_helper.h

View File

@ -0,0 +1,35 @@
/* iptables module for matching the ECN header in IPv4 and TCP header
*
* (C) 2002 Harald Welte <laforge@gnumonks.org>
*
* This software is distributed under GNU GPL v2, 1991
*
* ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp
*/
#ifndef _XT_ECN_H
#define _XT_ECN_H
#include <linux/types.h>
#include <linux/netfilter/xt_dscp.h>
#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
#define IPT_ECN_OP_MATCH_IP 0x01
#define IPT_ECN_OP_MATCH_ECE 0x10
#define IPT_ECN_OP_MATCH_CWR 0x20
#define IPT_ECN_OP_MATCH_MASK 0xce
/* match info */
struct ipt_ecn_info {
__u8 operation;
__u8 invert;
__u8 ip_ect;
union {
struct {
__u8 ect;
} tcp;
} proto;
};
#endif /* _XT_ECN_H */

View File

@ -1,35 +1,6 @@
/* iptables module for matching the ECN header in IPv4 and TCP header
*
* (C) 2002 Harald Welte <laforge@gnumonks.org>
*
* This software is distributed under GNU GPL v2, 1991
*
* ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp
*/
#ifndef _IPT_ECN_H
#define _IPT_ECN_H
#include <linux/types.h>
#include <linux/netfilter/xt_dscp.h>
#define IPT_ECN_IP_MASK (~XT_DSCP_MASK)
#define IPT_ECN_OP_MATCH_IP 0x01
#define IPT_ECN_OP_MATCH_ECE 0x10
#define IPT_ECN_OP_MATCH_CWR 0x20
#define IPT_ECN_OP_MATCH_MASK 0xce
/* match info */
struct ipt_ecn_info {
__u8 operation;
__u8 invert;
__u8 ip_ect;
union {
struct {
__u8 ect;
} tcp;
} proto;
};
#include <linux/netfilter/xt_ecn.h>
#endif /* _IPT_ECN_H */

View File

@ -76,11 +76,11 @@ config IP_NF_MATCH_AH
config IP_NF_MATCH_ECN
tristate '"ecn" match support'
depends on NETFILTER_ADVANCED
help
This option adds a `ECN' match, which allows you to match against
the IPv4 and TCP header ECN fields.
To compile it as a module, choose M here. If unsure, say N.
select NETFILTER_XT_MATCH_ECN
---help---
This is a backwards-compat option for the user's convenience
(e.g. when running oldconfig). It selects
CONFIG_NETFILTER_XT_MATCH_ECN.
config IP_NF_MATCH_RPFILTER
tristate '"rpfilter" reverse path filter match support'

View File

@ -49,7 +49,6 @@ obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o
# matches
obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o
# targets

View File

@ -778,6 +778,15 @@ config NETFILTER_XT_MATCH_DSCP
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_MATCH_ECN
tristate '"ecn" match support'
depends on NETFILTER_ADVANCED
---help---
This option adds an "ECN" match, which allows you to match against
the IPv4 and TCP header ECN fields.
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_MATCH_ESP
tristate '"esp" match support'
depends on NETFILTER_ADVANCED

View File

@ -81,6 +81,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_CPU) += xt_cpu.o
obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) += xt_dccp.o
obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o
obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o
obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o
obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o
obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o

View File

@ -21,6 +21,7 @@
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("Xtables: Explicit Congestion Notification (ECN) flag match for IPv4");
MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_ecn");
static inline bool match_ip(const struct sk_buff *skb,
const struct ipt_ecn_info *einfo)