target/linux/generic-2.4/patches/630-netfilter_comment.patch

   1 --- /dev/null
   2 +++ b/include/linux/netfilter_ipv4/ipt_comment.h
   3 @@ -0,0 +1,10 @@
   4 +#ifndef _IPT_COMMENT_H
   5 +#define _IPT_COMMENT_H
   6 +
   7 +#define IPT_MAX_COMMENT_LEN 256
   8 +
   9 +struct ipt_comment_info {
  10 +       char comment[IPT_MAX_COMMENT_LEN];
  11 +};
  12 +
  13 +#endif /* _IPT_COMMENT_H */
  14 --- /dev/null
  15 +++ b/net/ipv4/netfilter/ipt_comment.c
  16 @@ -0,0 +1,59 @@
  17 +/*
  18 + * Implements a dummy match to allow attaching comments to rules
  19 + *
  20 + * 2003-05-13 Brad Fisher (brad@info-link.net)
  21 + */
  22 +
  23 +#include <linux/module.h>
  24 +#include <linux/skbuff.h>
  25 +#include <linux/netfilter_ipv4/ip_tables.h>
  26 +#include <linux/netfilter_ipv4/ipt_comment.h>
  27 +
  28 +MODULE_AUTHOR("Brad Fisher <brad@info-link.net>");
  29 +MODULE_DESCRIPTION("iptables comment match module");
  30 +MODULE_LICENSE("GPL");
  31 +
  32 +static int
  33 +match(const struct sk_buff *skb,
  34 +      const struct net_device *in,
  35 +      const struct net_device *out,
  36 +      const void *matchinfo,
  37 +      int offset,
  38 +      int *hotdrop)
  39 +{
  40 +       /* We always match */
  41 +       return 1;
  42 +}
  43 +
  44 +static int
  45 +checkentry(const char *tablename,
  46 +           const struct ipt_ip *ip,
  47 +           void *matchinfo,
  48 +           unsigned int matchsize,
  49 +           unsigned int hook_mask)
  50 +{
  51 +       /* Check the size */
  52 +       if (matchsize != IPT_ALIGN(sizeof(struct ipt_comment_info)))
  53 +               return 0;
  54 +       return 1;
  55 +}
  56 +
  57 +static struct ipt_match comment_match = {
  58 +       .name           = "comment",
  59 +       .match          = match,
  60 +       .checkentry     = checkentry,
  61 +       .me             = THIS_MODULE
  62 +};
  63 +
  64 +static int __init init(void)
  65 +{
  66 +       return ipt_register_match(&comment_match);
  67 +}
  68 +
  69 +static void __exit fini(void)
  70 +{
  71 +       ipt_unregister_match(&comment_match);
  72 +}
  73 +
  74 +module_init(init);
  75 +module_exit(fini);
  76 --- a/net/ipv4/netfilter/Makefile
  77 +++ b/net/ipv4/netfilter/Makefile
  78 @@ -113,6 +113,7 @@ obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt
  79  obj-$(CONFIG_IP_NF_MATCH_STRING) += ipt_string.o
  80  obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o
  81  obj-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7.o
  82 +obj-$(CONFIG_IP_NF_MATCH_COMMENT) += ipt_comment.o
  83
  84  # targets
  85  obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
  86 --- a/net/ipv4/netfilter/Config.in
  87 +++ b/net/ipv4/netfilter/Config.in
  88 @@ -44,6 +44,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
  89    dep_tristate '  LENGTH match support' CONFIG_IP_NF_MATCH_LENGTH $CONFIG_IP_NF_IPTABLES
  90    dep_tristate '  TTL match support' CONFIG_IP_NF_MATCH_TTL $CONFIG_IP_NF_IPTABLES
  91    dep_tristate '  tcpmss match support' CONFIG_IP_NF_MATCH_TCPMSS $CONFIG_IP_NF_IPTABLES
  92 +  dep_tristate '  comment match support' CONFIG_IP_NF_MATCH_COMMENT $CONFIG_IP_NF_IPTABLES
  93    if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
  94      dep_tristate '  Helper match support' CONFIG_IP_NF_MATCH_HELPER $CONFIG_IP_NF_IPTABLES
  95    fi