2 * xt_iprange - Netfilter module to match IP address ranges
4 * (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
10 #include <linux/module.h>
11 #include <linux/skbuff.h>
13 #include <linux/netfilter/x_tables.h>
14 #include <linux/netfilter_ipv4/ipt_iprange.h>
17 iprange_mt_v0(const struct sk_buff *skb, const struct net_device *in,
18 const struct net_device *out, const struct xt_match *match,
19 const void *matchinfo, int offset, unsigned int protoff,
22 const struct ipt_iprange_info *info = matchinfo;
23 const struct iphdr *iph = ip_hdr(skb);
25 if (info->flags & IPRANGE_SRC) {
26 if ((ntohl(iph->saddr) < ntohl(info->src.min_ip)
27 || ntohl(iph->saddr) > ntohl(info->src.max_ip))
28 ^ !!(info->flags & IPRANGE_SRC_INV)) {
29 pr_debug("src IP %u.%u.%u.%u NOT in range %s"
30 "%u.%u.%u.%u-%u.%u.%u.%u\n",
32 info->flags & IPRANGE_SRC_INV ? "(INV) " : "",
33 NIPQUAD(info->src.min_ip),
34 NIPQUAD(info->src.max_ip));
38 if (info->flags & IPRANGE_DST) {
39 if ((ntohl(iph->daddr) < ntohl(info->dst.min_ip)
40 || ntohl(iph->daddr) > ntohl(info->dst.max_ip))
41 ^ !!(info->flags & IPRANGE_DST_INV)) {
42 pr_debug("dst IP %u.%u.%u.%u NOT in range %s"
43 "%u.%u.%u.%u-%u.%u.%u.%u\n",
45 info->flags & IPRANGE_DST_INV ? "(INV) " : "",
46 NIPQUAD(info->dst.min_ip),
47 NIPQUAD(info->dst.max_ip));
54 static struct xt_match iprange_mt_reg __read_mostly = {
57 .match = iprange_mt_v0,
58 .matchsize = sizeof(struct ipt_iprange_info),
62 static int __init iprange_mt_init(void)
64 return xt_register_match(&iprange_mt_reg);
67 static void __exit iprange_mt_exit(void)
69 xt_unregister_match(&iprange_mt_reg);
72 module_init(iprange_mt_init);
73 module_exit(iprange_mt_exit);
74 MODULE_LICENSE("GPL");
75 MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>");
76 MODULE_DESCRIPTION("Xtables: arbitrary IPv4 range matching");