netfilter: introduce xt_id match

This commit implements a new netfilter match "xt_id" which can be used to attach unsigned 32bit IDs to iptables rules. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 41945
2014-08-01 22:49:47 +00:00
parent 930e3e7ca3
commit baa7c211f5
8 changed files with 631 additions and 1 deletions
--- a/package/network/utils/iptables/patches/500-add-xt_id-match.patch
+++ b/package/network/utils/iptables/patches/500-add-xt_id-match.patch
@@ -0,0 +1,59 @@
+--- /dev/null
+++ b/extensions/libxt_id.c
+@@ -0,0 +1,45 @@
+/* Shared library add-on to iptables to add id match support. */
+
+#include <stdio.h>
+#include <xtables.h>
+#include <linux/netfilter/xt_id.h>
+
+enum {
+	O_ID = 0,
+};
+
+static const struct xt_option_entry id_opts[] = {
+	{
+		.name  = "id",
+		.id    = O_ID,
+		.type  = XTTYPE_UINT32,
+		.flags = XTOPT_MAND | XTOPT_PUT,
+		XTOPT_POINTER(struct xt_id_info, id)
+	},
+	XTOPT_TABLEEND,
+};
+
+/* Saves the union ipt_matchinfo in parsable form to stdout. */
+static void
+id_save(const void *ip, const struct xt_entry_match *match)
+{
+	struct xt_id_info *idinfo = (void *)match->data;
+
+	printf(" --id %lu", idinfo->id);
+}
+
+static struct xtables_match id_match = {
+	.family		= NFPROTO_UNSPEC,
+	.name		= "id",
+	.version	= XTABLES_VERSION,
+	.size		= XT_ALIGN(sizeof(struct xt_id_info)),
+	.userspacesize	= XT_ALIGN(sizeof(struct xt_id_info)),
+	.save 		= id_save,
+	.x6_parse	= xtables_option_parse,
+	.x6_options	= id_opts,
+};
+
+void _init(void)
+{
+	xtables_register_match(&id_match);
+}
+--- /dev/null
+++ b/include/linux/netfilter/xt_id.h
+@@ -0,0 +1,8 @@
+#ifndef _XT_ID_H
+#define _XT_ID_H
+
+struct xt_id_info {
+	__u32 id;
+};
+
+#endif /* XT_ID_H */