Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d446a820 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Pablo Neira Ayuso
Browse files

netfilter: xtables: move ipt_ecn to xt_ecn 



Prepare the ECN match for augmentation by an IPv6 counterpart. Since
no symbol dependencies to ipv6.ko are added, having a single ecn match
module is the more so welcome.

Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c0d2b837

include/linux/netfilter/Kbuild

+1 −0
Original line number Original line Diff line number Diff line
@@ -43,6 +43,7 @@ header-y += xt_cpu.h 
header-y += xt_dccp.h

header-y += xt_dccp.h

header-y += xt_devgroup.h

header-y += xt_devgroup.h

header-y += xt_dscp.h

header-y += xt_dscp.h

header-y += xt_ecn.h

header-y += xt_esp.h

header-y += xt_esp.h

header-y += xt_hashlimit.h

header-y += xt_hashlimit.h

header-y += xt_helper.h

header-y += xt_helper.h

include/linux/netfilter/xt_ecn.h

0 → 100644
+35 −0
Original line number Original line Diff line number Diff line 
/* iptables module for matching the ECN header in IPv4 and TCP header

 *

 * (C) 2002 Harald Welte <laforge@gnumonks.org>

 *

 * This software is distributed under GNU GPL v2, 1991

 * 

 * ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp

*/

#ifndef _XT_ECN_H

#define _XT_ECN_H



#include <linux/types.h>

#include <linux/netfilter/xt_dscp.h>



#define IPT_ECN_IP_MASK	(~XT_DSCP_MASK)



#define IPT_ECN_OP_MATCH_IP	0x01

#define IPT_ECN_OP_MATCH_ECE	0x10

#define IPT_ECN_OP_MATCH_CWR	0x20



#define IPT_ECN_OP_MATCH_MASK	0xce



/* match info */

struct ipt_ecn_info {

	__u8 operation;

	__u8 invert;

	__u8 ip_ect;

	union {

		struct {

			__u8 ect;

		} tcp;

	} proto;

};



#endif /* _XT_ECN_H */

include/linux/netfilter_ipv4/ipt_ecn.h

+1 −30
Original line number Original line Diff line number Diff line 
/* iptables module for matching the ECN header in IPv4 and TCP header

 *

 * (C) 2002 Harald Welte <laforge@gnumonks.org>

 *

 * This software is distributed under GNU GPL v2, 1991

 * 

 * ipt_ecn.h,v 1.4 2002/08/05 19:39:00 laforge Exp

*/

#ifndef _IPT_ECN_H

#ifndef _IPT_ECN_H

#define _IPT_ECN_H

#define _IPT_ECN_H





#include <linux/types.h>

#include <linux/netfilter/xt_ecn.h>

#include <linux/netfilter/xt_dscp.h>



#define IPT_ECN_IP_MASK	(~XT_DSCP_MASK)



#define IPT_ECN_OP_MATCH_IP	0x01

#define IPT_ECN_OP_MATCH_ECE	0x10

#define IPT_ECN_OP_MATCH_CWR	0x20



#define IPT_ECN_OP_MATCH_MASK	0xce



/* match info */

struct ipt_ecn_info {

	__u8 operation;

	__u8 invert;

	__u8 ip_ect;

	union {

		struct {

			__u8 ect;

		} tcp;

	} proto;

};





#endif /* _IPT_ECN_H */
 
#endif /* _IPT_ECN_H */

net/ipv4/netfilter/Kconfig

+5 −5
Original line number Original line Diff line number Diff line
@@ -76,11 +76,11 @@ config IP_NF_MATCH_AH 
config IP_NF_MATCH_ECN

config IP_NF_MATCH_ECN

	tristate '"ecn" match support'

	tristate '"ecn" match support'

	depends on NETFILTER_ADVANCED

	depends on NETFILTER_ADVANCED

	help

	select NETFILTER_XT_MATCH_ECN

	  This option adds a `ECN' match, which allows you to match against

	---help---

	  the IPv4 and TCP header ECN fields.

	This is a backwards-compat option for the user's convenience



	(e.g. when running oldconfig). It selects

	  To compile it as a module, choose M here.  If unsure, say N.

	CONFIG_NETFILTER_XT_MATCH_ECN.





config IP_NF_MATCH_RPFILTER

config IP_NF_MATCH_RPFILTER

	tristate '"rpfilter" reverse path filter match support'

	tristate '"rpfilter" reverse path filter match support'

net/ipv4/netfilter/Makefile

+0 −1
Original line number Original line Diff line number Diff line
@@ -49,7 +49,6 @@ obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o 




# matches

# matches

obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o

obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o

obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o

obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o

obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o





# targets

# targets