1/* IP tables module for matching the routing realm 2 * 3 * (C) 2003 by Sampsa Ranta <sampsa@netsonic.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 10#include <linux/module.h> 11#include <linux/skbuff.h> 12#include <linux/netdevice.h> 13#include <net/route.h> 14 15#include <linux/netfilter_ipv4.h> 16#include <linux/netfilter/xt_realm.h> 17#include <linux/netfilter/x_tables.h> 18 19MODULE_AUTHOR("Sampsa Ranta <sampsa@netsonic.fi>"); 20MODULE_LICENSE("GPL"); 21MODULE_DESCRIPTION("X_tables realm match"); 22MODULE_ALIAS("ipt_realm"); 23 24static int 25match(const struct sk_buff *skb, 26 const struct net_device *in, 27 const struct net_device *out, 28 const struct xt_match *match, 29 const void *matchinfo, 30 int offset, 31 unsigned int protoff, 32 int *hotdrop) 33{ 34 const struct xt_realm_info *info = matchinfo; 35 struct dst_entry *dst = skb->dst; 36 37 return (info->id == (dst->tclassid & info->mask)) ^ info->invert; 38} 39 40static struct xt_match realm_match = { 41 .name = "realm", 42 .match = match, 43 .matchsize = sizeof(struct xt_realm_info), 44 .hooks = (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_FORWARD) | 45 (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_LOCAL_IN), 46 .family = AF_INET, 47 .me = THIS_MODULE 48}; 49 50static int __init xt_realm_init(void) 51{ 52 return xt_register_match(&realm_match); 53} 54 55static void __exit xt_realm_fini(void) 56{ 57 xt_unregister_match(&realm_match); 58} 59 60module_init(xt_realm_init); 61module_exit(xt_realm_fini); 62