2 * iptables module to match IP address ranges
4 * (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
10 #include <linux/module.h>
11 #include <linux/skbuff.h>
13 #include <linux/netfilter_ipv4/ip_tables.h>
14 #include <linux/netfilter_ipv4/ipt_iprange.h>
16 MODULE_LICENSE("GPL");
17 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
18 MODULE_DESCRIPTION("iptables arbitrary IP range match module");
23 #define DEBUGP(format, args...)
27 match(const struct sk_buff
*skb
,
28 const struct net_device
*in
,
29 const struct net_device
*out
,
30 const void *matchinfo
,
31 int offset
, unsigned int protoff
, int *hotdrop
)
33 const struct ipt_iprange_info
*info
= matchinfo
;
34 const struct iphdr
*iph
= skb
->nh
.iph
;
36 if (info
->flags
& IPRANGE_SRC
) {
37 if (((ntohl(iph
->saddr
) < ntohl(info
->src
.min_ip
))
38 || (ntohl(iph
->saddr
) > ntohl(info
->src
.max_ip
)))
39 ^ !!(info
->flags
& IPRANGE_SRC_INV
)) {
40 DEBUGP("src IP %u.%u.%u.%u NOT in range %s"
41 "%u.%u.%u.%u-%u.%u.%u.%u\n",
43 info
->flags
& IPRANGE_SRC_INV
? "(INV) " : "",
44 NIPQUAD(info
->src
.min_ip
),
45 NIPQUAD(info
->src
.max_ip
));
49 if (info
->flags
& IPRANGE_DST
) {
50 if (((ntohl(iph
->daddr
) < ntohl(info
->dst
.min_ip
))
51 || (ntohl(iph
->daddr
) > ntohl(info
->dst
.max_ip
)))
52 ^ !!(info
->flags
& IPRANGE_DST_INV
)) {
53 DEBUGP("dst IP %u.%u.%u.%u NOT in range %s"
54 "%u.%u.%u.%u-%u.%u.%u.%u\n",
56 info
->flags
& IPRANGE_DST_INV
? "(INV) " : "",
57 NIPQUAD(info
->dst
.min_ip
),
58 NIPQUAD(info
->dst
.max_ip
));
65 static int check(const char *tablename
,
68 unsigned int matchsize
,
69 unsigned int hook_mask
)
72 if (matchsize
!= IPT_ALIGN(sizeof(struct ipt_iprange_info
)))
78 static struct ipt_match iprange_match
=
80 .list
= { NULL
, NULL
},
88 static int __init
init(void)
90 return ipt_register_match(&iprange_match
);
93 static void __exit
fini(void)
95 ipt_unregister_match(&iprange_match
);