| 1 | --- /dev/null |
| 2 | +++ b/include/linux/netfilter_ipv4/ipt_comment.h |
| 3 | @@ -0,0 +1,10 @@ |
| 4 | +#ifndef _IPT_COMMENT_H |
| 5 | +#define _IPT_COMMENT_H |
| 6 | + |
| 7 | +#define IPT_MAX_COMMENT_LEN 256 |
| 8 | + |
| 9 | +struct ipt_comment_info { |
| 10 | + char comment[IPT_MAX_COMMENT_LEN]; |
| 11 | +}; |
| 12 | + |
| 13 | +#endif /* _IPT_COMMENT_H */ |
| 14 | --- /dev/null |
| 15 | +++ b/net/ipv4/netfilter/ipt_comment.c |
| 16 | @@ -0,0 +1,59 @@ |
| 17 | +/* |
| 18 | + * Implements a dummy match to allow attaching comments to rules |
| 19 | + * |
| 20 | + * 2003-05-13 Brad Fisher (brad@info-link.net) |
| 21 | + */ |
| 22 | + |
| 23 | +#include <linux/module.h> |
| 24 | +#include <linux/skbuff.h> |
| 25 | +#include <linux/netfilter_ipv4/ip_tables.h> |
| 26 | +#include <linux/netfilter_ipv4/ipt_comment.h> |
| 27 | + |
| 28 | +MODULE_AUTHOR("Brad Fisher <brad@info-link.net>"); |
| 29 | +MODULE_DESCRIPTION("iptables comment match module"); |
| 30 | +MODULE_LICENSE("GPL"); |
| 31 | + |
| 32 | +static int |
| 33 | +match(const struct sk_buff *skb, |
| 34 | + const struct net_device *in, |
| 35 | + const struct net_device *out, |
| 36 | + const void *matchinfo, |
| 37 | + int offset, |
| 38 | + int *hotdrop) |
| 39 | +{ |
| 40 | + /* We always match */ |
| 41 | + return 1; |
| 42 | +} |
| 43 | + |
| 44 | +static int |
| 45 | +checkentry(const char *tablename, |
| 46 | + const struct ipt_ip *ip, |
| 47 | + void *matchinfo, |
| 48 | + unsigned int matchsize, |
| 49 | + unsigned int hook_mask) |
| 50 | +{ |
| 51 | + /* Check the size */ |
| 52 | + if (matchsize != IPT_ALIGN(sizeof(struct ipt_comment_info))) |
| 53 | + return 0; |
| 54 | + return 1; |
| 55 | +} |
| 56 | + |
| 57 | +static struct ipt_match comment_match = { |
| 58 | + .name = "comment", |
| 59 | + .match = match, |
| 60 | + .checkentry = checkentry, |
| 61 | + .me = THIS_MODULE |
| 62 | +}; |
| 63 | + |
| 64 | +static int __init init(void) |
| 65 | +{ |
| 66 | + return ipt_register_match(&comment_match); |
| 67 | +} |
| 68 | + |
| 69 | +static void __exit fini(void) |
| 70 | +{ |
| 71 | + ipt_unregister_match(&comment_match); |
| 72 | +} |
| 73 | + |
| 74 | +module_init(init); |
| 75 | +module_exit(fini); |
| 76 | --- a/net/ipv4/netfilter/Makefile |
| 77 | +++ b/net/ipv4/netfilter/Makefile |
| 78 | @@ -113,6 +113,7 @@ obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt |
| 79 | obj-$(CONFIG_IP_NF_MATCH_STRING) += ipt_string.o |
| 80 | obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o |
| 81 | obj-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_layer7.o |
| 82 | +obj-$(CONFIG_IP_NF_MATCH_COMMENT) += ipt_comment.o |
| 83 | |
| 84 | # targets |
| 85 | obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o |
| 86 | --- a/net/ipv4/netfilter/Config.in |
| 87 | +++ b/net/ipv4/netfilter/Config.in |
| 88 | @@ -44,6 +44,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; |
| 89 | dep_tristate ' LENGTH match support' CONFIG_IP_NF_MATCH_LENGTH $CONFIG_IP_NF_IPTABLES |
| 90 | dep_tristate ' TTL match support' CONFIG_IP_NF_MATCH_TTL $CONFIG_IP_NF_IPTABLES |
| 91 | dep_tristate ' tcpmss match support' CONFIG_IP_NF_MATCH_TCPMSS $CONFIG_IP_NF_IPTABLES |
| 92 | + dep_tristate ' comment match support' CONFIG_IP_NF_MATCH_COMMENT $CONFIG_IP_NF_IPTABLES |
| 93 | if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then |
| 94 | dep_tristate ' Helper match support' CONFIG_IP_NF_MATCH_HELPER $CONFIG_IP_NF_IPTABLES |
| 95 | fi |
| 96 | |
