/* Shared library add-on to iptables to add geoip match support.
-
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
static void geoip_help(void)
{
- printf (
- "GeoIP v%s options:\n"
- " [!] --src-cc, --source-country country[,country,country,...]\n"
- " Match packet coming from (one of)\n"
- " the specified country(ies)\n"
- "\n"
- " [!] --dst-cc, --destination-country country[,country,country,...]\n"
- " Match packet going to (one of)\n"
- " the specified country(ies)\n"
- "\n"
- " NOTE: The country is inputed by its ISO3166 code.\n"
- "\n"
- "\n", XTABLES_VERSION
- );
+ printf (
+ "GeoIP v%s options:\n"
+ " [!] --src-cc, --source-country country[,country,country,...]\n"
+ " Match packet coming from (one of)\n"
+ " the specified country(ies)\n"
+ "\n"
+ " [!] --dst-cc, --destination-country country[,country,country,...]\n"
+ " Match packet going to (one of)\n"
+ " the specified country(ies)\n"
+ "\n"
+ " NOTE: The country is inputed by its ISO3166 code.\n"
+ "\n"
+ "\n", XTABLES_VERSION
+ );
}
static struct option geoip_opts[] = {
- { "dst-cc", 1, 0, '2' }, /* Alias for --destination-country */
- { "destination-country", 1, 0, '2' },
- { "src-cc", 1, 0, '1' }, /* Alias for --source-country */
- { "source-country", 1, 0, '1' },
- { 0 },
+ { "dst-cc", 1, 0, '2' }, /* Alias for --destination-country */
+ { "destination-country", 1, 0, '2' },
+ { "src-cc", 1, 0, '1' }, /* Alias for --source-country */
+ { "source-country", 1, 0, '1' },
+ { 0 },
};
struct geoip_index {
- u_int16_t cc;
- u_int32_t offset;
+ u_int16_t cc;
+ u_int32_t offset;
} __attribute__ ((packed));
struct geoip_subnet *
get_country_subnets(u_int16_t cc, u_int32_t *count)
{
- FILE *ixfd, *dbfd;
- struct geoip_subnet *subnets;
- struct geoip_index *index;
- struct stat buf;
-
- size_t idxsz;
- u_int16_t i;
-
- u_int16_t db_cc = 0;
- u_int16_t db_nsubnets = 0;
-
- if ((ixfd = fopen("/var/geoip/geoipdb.idx", "r")) == NULL) {
- perror("/var/geoip/geoipdb.idx");
- exit_error(OTHER_PROBLEM,
- "geoip: cannot open geoip's database index file");
- }
-
- stat("/var/geoip/geoipdb.idx", &buf);
- idxsz = buf.st_size/sizeof(struct geoip_index);
- index = malloc(buf.st_size);
-
- fread(index, buf.st_size, 1, ixfd);
-
- for (i = 0; i < idxsz; i++)
- if (cc == index[i].cc)
- break;
-
- if (cc != index[i].cc)
- exit_error(OTHER_PROBLEM,
- "geoip match: sorry, '%c%c' isn't in the database\n", COUNTRY(cc));
-
- fclose(ixfd);
-
- if ((dbfd = fopen("/var/geoip/geoipdb.bin", "r")) == NULL) {
- perror("/var/geoip/geoipdb.bin");
- exit_error(OTHER_PROBLEM,
- "geoip: cannot open geoip's database file");
- }
-
- fseek(dbfd, index[i].offset, SEEK_SET);
- fread(&db_cc, sizeof(u_int16_t), 1, dbfd);
-
- if (db_cc != cc)
- exit_error(OTHER_PROBLEM,
- "geoip: this shouldn't happened, the database might be corrupted, or there's a bug.\n"
- "you should contact maintainers");
-
- fread(&db_nsubnets, sizeof(u_int16_t), 1, dbfd);
-
- subnets = malloc(db_nsubnets * sizeof(struct geoip_subnet));
-
- if (!subnets)
- exit_error(OTHER_PROBLEM,
- "geoip: insufficient memory available");
-
- fread(subnets, db_nsubnets * sizeof(struct geoip_subnet), 1, dbfd);
-
- fclose(dbfd);
- free(index);
- *count = db_nsubnets;
- return subnets;
+ FILE *ixfd, *dbfd;
+ struct geoip_subnet *subnets;
+ struct geoip_index *index;
+ struct stat buf;
+
+ size_t idxsz;
+ u_int16_t i;
+
+ u_int16_t db_cc = 0;
+ u_int16_t db_nsubnets = 0;
+
+ if ((ixfd = fopen("/var/geoip/geoipdb.idx", "r")) == NULL) {
+ perror("/var/geoip/geoipdb.idx");
+ exit_error(OTHER_PROBLEM,
+ "geoip: cannot open geoip's database index file");
+ }
+
+ stat("/var/geoip/geoipdb.idx", &buf);
+ idxsz = buf.st_size/sizeof(struct geoip_index);
+ index = malloc(buf.st_size);
+
+ fread(index, buf.st_size, 1, ixfd);
+
+ for (i = 0; i < idxsz; i++)
+ if (cc == index[i].cc)
+ break;
+
+ if (cc != index[i].cc)
+ exit_error(OTHER_PROBLEM,
+ "geoip match: sorry, '%c%c' isn't in the database\n", COUNTRY(cc));
+
+ fclose(ixfd);
+
+ if ((dbfd = fopen("/var/geoip/geoipdb.bin", "r")) == NULL) {
+ perror("/var/geoip/geoipdb.bin");
+ exit_error(OTHER_PROBLEM,
+ "geoip: cannot open geoip's database file");
+ }
+
+ fseek(dbfd, index[i].offset, SEEK_SET);
+ fread(&db_cc, sizeof(u_int16_t), 1, dbfd);
+
+ if (db_cc != cc)
+ exit_error(OTHER_PROBLEM,
+ "geoip: this shouldn't happened, the database might be corrupted, or there's a bug.\n"
+ "you should contact maintainers");
+
+ fread(&db_nsubnets, sizeof(u_int16_t), 1, dbfd);
+
+ subnets = malloc(db_nsubnets * sizeof(struct geoip_subnet));
+
+ if (!subnets)
+ exit_error(OTHER_PROBLEM,
+ "geoip: insufficient memory available");
+
+ fread(subnets, db_nsubnets * sizeof(struct geoip_subnet), 1, dbfd);
+
+ fclose(dbfd);
+ free(index);
+ *count = db_nsubnets;
+ return subnets;
}
-
+
static struct geoip_info *
load_geoip_cc(u_int16_t cc)
{
- static struct geoip_info *ginfo;
- ginfo = malloc(sizeof(struct geoip_info));
-
- if (!ginfo)
- return NULL;
-
- ginfo->subnets = get_country_subnets(cc, &ginfo->count);
- ginfo->cc = cc;
-
- return ginfo;
+ static struct geoip_info *ginfo;
+ ginfo = malloc(sizeof(struct geoip_info));
+
+ if (!ginfo)
+ return NULL;
+
+ ginfo->subnets = get_country_subnets(cc, &ginfo->count);
+ ginfo->cc = cc;
+
+ return ginfo;
}
static u_int16_t
check_geoip_cc(char *cc, u_int16_t cc_used[], u_int8_t count)
{
- u_int8_t i;
- u_int16_t cc_int16;
-
- if (strlen(cc) != 2) /* Country must be 2 chars long according
- to the ISO3166 standard */
- exit_error(PARAMETER_PROBLEM,
- "geoip: invalid country code '%s'", cc);
-
- // Verification will fail if chars aren't uppercased.
- // Make sure they are..
- for (i = 0; i < 2; i++)
- if (isalnum(cc[i]) != 0)
- cc[i] = toupper(cc[i]);
- else
- exit_error(PARAMETER_PROBLEM,
- "geoip: invalid country code '%s'", cc);
-
- /* Convert chars into a single 16 bit integer.
- * FIXME: This assumes that a country code is
- * exactly 2 chars long. If this is
- * going to change someday, this whole
- * match will need to be rewritten, anyway.
- * - SJ */
- cc_int16 = (cc[0]<<8) + cc[1];
-
- // Check for presence of value in cc_used
- for (i = 0; i < count; i++)
- if (cc_int16 == cc_used[i])
- return 0; // Present, skip it!
-
- return cc_int16;
+ u_int8_t i;
+ u_int16_t cc_int16;
+
+ if (strlen(cc) != 2) /* Country must be 2 chars long according
+ to the ISO3166 standard */
+ exit_error(PARAMETER_PROBLEM,
+ "geoip: invalid country code '%s'", cc);
+
+ // Verification will fail if chars aren't uppercased.
+ // Make sure they are..
+ for (i = 0; i < 2; i++)
+ if (isalnum(cc[i]) != 0)
+ cc[i] = toupper(cc[i]);
+ else
+ exit_error(PARAMETER_PROBLEM,
+ "geoip: invalid country code '%s'", cc);
+
+ /* Convert chars into a single 16 bit integer.
+ * FIXME: This assumes that a country code is
+ * exactly 2 chars long. If this is
+ * going to change someday, this whole
+ * match will need to be rewritten, anyway.
+ * - SJ */
+ cc_int16 = (cc[0]<<8) + cc[1];
+
+ // Check for presence of value in cc_used
+ for (i = 0; i < count; i++)
+ if (cc_int16 == cc_used[i])
+ return 0; // Present, skip it!
+
+ return cc_int16;
}
-/* Based on libipt_multiport.c parsing code. */
+/* Based on libipt_multiport.c parsing code. */
static u_int8_t
parse_geoip_cc(const char *ccstr, u_int16_t *cc, struct geoip_info **mem)
{
- char *buffer, *cp, *next;
- u_int8_t i, count = 0;
- u_int16_t cctmp;
-
- buffer = strdup(ccstr);
- if (!buffer) exit_error(OTHER_PROBLEM,
- "geoip: insufficient memory available");
-
- for (cp = buffer, i = 0; cp && i < XT_GEOIP_MAX; cp = next, i++)
- {
- next = strchr(cp, ',');
- if (next) *next++ = '\0';
-
- if ((cctmp = check_geoip_cc(cp, cc, count)) != 0) {
- if ((mem[count++] = load_geoip_cc(cctmp)) == NULL)
- exit_error(OTHER_PROBLEM,
- "geoip: insufficient memory available");
- cc[count-1] = cctmp;
- }
- }
-
- if (cp) exit_error(PARAMETER_PROBLEM,
- "geoip: too many countries specified");
- free(buffer);
-
- if (count == 0) exit_error(PARAMETER_PROBLEM,
- "geoip: don't know what happened");
-
- return count;
+ char *buffer, *cp, *next;
+ u_int8_t i, count = 0;
+ u_int16_t cctmp;
+
+ buffer = strdup(ccstr);
+ if (!buffer)
+ exit_error(OTHER_PROBLEM,
+ "geoip: insufficient memory available");
+
+ for (cp = buffer, i = 0; cp && i < XT_GEOIP_MAX; cp = next, i++)
+ {
+ next = strchr(cp, ',');
+ if (next) *next++ = '\0';
+
+ if ((cctmp = check_geoip_cc(cp, cc, count)) != 0) {
+ if ((mem[count++] = load_geoip_cc(cctmp)) == NULL)
+ exit_error(OTHER_PROBLEM,
+ "geoip: insufficient memory available");
+ cc[count-1] = cctmp;
+ }
+ }
+
+ if (cp)
+ exit_error(PARAMETER_PROBLEM,
+ "geoip: too many countries specified");
+ free(buffer);
+
+ if (count == 0)
+ exit_error(PARAMETER_PROBLEM,
+ "geoip: don't know what happened");
+
+ return count;
}
-static int
-geoip_parse(int c, char **argv, int invert, unsigned int *flags,
- const void *entry, struct xt_entry_match **match)
+static int geoip_parse(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_match **match)
{
- struct xt_geoip_match_info *info = (void *)(*match)->data;
-
- switch(c) {
- case '1':
- // Ensure that XT_GEOIP_SRC *OR* XT_GEOIP_DST haven't been used yet.
- if (*flags & (XT_GEOIP_SRC | XT_GEOIP_DST))
- exit_error(PARAMETER_PROBLEM,
- "geoip: only use --source-country *OR* --destination-country once!");
-
- *flags |= XT_GEOIP_SRC;
- break;
-
- case '2':
- // Ensure that XT_GEOIP_SRC *OR* XT_GEOIP_DST haven't been used yet.
- if (*flags & (XT_GEOIP_SRC | XT_GEOIP_DST))
- exit_error(PARAMETER_PROBLEM,
- "geoip: only use --source-country *OR* --destination-country once!");
-
- *flags |= XT_GEOIP_DST;
- break;
-
- default:
- return 0;
- }
-
- if (invert)
- *flags |= XT_GEOIP_INV;
-
- info->count = parse_geoip_cc(argv[optind-1], info->cc, info->mem);
- info->flags = *flags;
- return 1;
+ struct xt_geoip_match_info *info = (void *)(*match)->data;
+
+ switch(c) {
+ case '1':
+ // Ensure that XT_GEOIP_SRC *OR* XT_GEOIP_DST haven't been used yet.
+ if (*flags & (XT_GEOIP_SRC | XT_GEOIP_DST))
+ exit_error(PARAMETER_PROBLEM,
+ "geoip: only use --source-country *OR* --destination-country once!");
+
+ *flags |= XT_GEOIP_SRC;
+ break;
+
+ case '2':
+ // Ensure that XT_GEOIP_SRC *OR* XT_GEOIP_DST haven't been used yet.
+ if (*flags & (XT_GEOIP_SRC | XT_GEOIP_DST))
+ exit_error(PARAMETER_PROBLEM,
+ "geoip: only use --source-country *OR* --destination-country once!");
+
+ *flags |= XT_GEOIP_DST;
+ break;
+
+ default:
+ return 0;
+ }
+
+ if (invert)
+ *flags |= XT_GEOIP_INV;
+
+ info->count = parse_geoip_cc(argv[optind-1], info->cc, info->mem);
+ info->flags = *flags;
+ return 1;
}
-static void
+static void
geoip_final_check(unsigned int flags)
{
- if (!flags)
- exit_error(PARAMETER_PROBLEM,
- "geoip: missing arguments");
+ if (!flags)
+ exit_error(PARAMETER_PROBLEM,
+ "geoip: missing arguments");
}
-static void
+static void
geoip_print(const void *ip, const struct xt_entry_match *match, int numeric)
{
- const struct xt_geoip_match_info *info = (void*)match->data;
-
- u_int8_t i;
-
- if (info->flags & XT_GEOIP_SRC)
- printf("Source ");
- else printf("Destination ");
-
- if (info->count > 1)
- printf("countries: ");
- else printf("country: ");
-
- if (info->flags & XT_GEOIP_INV)
- printf("! ");
-
- for (i = 0; i < info->count; i++)
- printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i]));
- printf(" ");
+ const struct xt_geoip_match_info *info = (void*)match->data;
+
+ u_int8_t i;
+
+ if (info->flags & XT_GEOIP_SRC)
+ printf("Source ");
+ else
+ printf("Destination ");
+
+ if (info->count > 1)
+ printf("countries: ");
+ else
+ printf("country: ");
+
+ if (info->flags & XT_GEOIP_INV)
+ printf("! ");
+
+ for (i = 0; i < info->count; i++)
+ printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i]));
+ printf(" ");
}
-static void
+static void
geoip_save(const void *ip, const struct xt_entry_match *match)
{
- const struct xt_geoip_match_info *info = (void *)match->data;
- u_int8_t i;
-
- if (info->flags & XT_GEOIP_INV)
- printf("! ");
-
- if (info->flags & XT_GEOIP_SRC)
- printf("--source-country ");
- else printf("--destination-country ");
-
- for (i = 0; i < info->count; i++)
- printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i]));
- printf(" ");
+ const struct xt_geoip_match_info *info = (void *)match->data;
+ u_int8_t i;
+
+ if (info->flags & XT_GEOIP_INV)
+ printf("! ");
+
+ if (info->flags & XT_GEOIP_SRC)
+ printf("--source-country ");
+ else
+ printf("--destination-country ");
+
+ for (i = 0; i < info->count; i++)
+ printf("%s%c%c", i ? "," : "", COUNTRY(info->cc[i]));
+ printf(" ");
}
static struct xtables_match geoip_match = {
- .family = AF_INET,
- .name = "geoip",
- .version = XTABLES_VERSION,
- .size = XT_ALIGN(sizeof(struct xt_geoip_match_info)),
- .userspacesize = XT_ALIGN(offsetof(struct xt_geoip_match_info, mem)),
- .help = geoip_help,
- .parse = geoip_parse,
- .final_check = geoip_final_check,
- .print = geoip_print,
- .save = geoip_save,
- .extra_opts = geoip_opts
+ .family = AF_INET,
+ .name = "geoip",
+ .version = XTABLES_VERSION,
+ .size = XT_ALIGN(sizeof(struct xt_geoip_match_info)),
+ .userspacesize = XT_ALIGN(offsetof(struct xt_geoip_match_info, mem)),
+ .help = geoip_help,
+ .parse = geoip_parse,
+ .final_check = geoip_final_check,
+ .print = geoip_print,
+ .save = geoip_save,
+ .extra_opts = geoip_opts,
};
-void _init(void)
+static void _init(void)
{
xtables_register_match(&geoip_match);
}
/* iptables kernel module for the geoip match
- *
+ *
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
static struct geoip_info *add_node(struct geoip_info *memcpy)
{
- struct geoip_info *p = kmalloc(sizeof(struct geoip_info), GFP_KERNEL);
-
- struct geoip_subnet *s;
-
- if ((p == NULL) || (copy_from_user(p, memcpy, sizeof(struct geoip_info)) != 0))
- return NULL;
-
- s = kmalloc(p->count * sizeof(struct geoip_subnet), GFP_KERNEL);
- if ((s == NULL) || (copy_from_user(s, p->subnets, p->count * sizeof(struct geoip_subnet)) != 0))
- return NULL;
-
- spin_lock_bh(&geoip_lock);
-
- p->subnets = s;
- p->ref = 1;
- p->next = head;
- p->prev = NULL;
- if (p->next) p->next->prev = p;
- head = p;
-
- spin_unlock_bh(&geoip_lock);
- return p;
+ struct geoip_info *p = kmalloc(sizeof(struct geoip_info), GFP_KERNEL);
+
+ struct geoip_subnet *s;
+
+ if ((p == NULL) || (copy_from_user(p, memcpy, sizeof(struct geoip_info)) != 0))
+ return NULL;
+
+ s = kmalloc(p->count * sizeof(struct geoip_subnet), GFP_KERNEL);
+ if ((s == NULL) || (copy_from_user(s, p->subnets, p->count * sizeof(struct geoip_subnet)) != 0))
+ return NULL;
+
+ spin_lock_bh(&geoip_lock);
+
+ p->subnets = s;
+ p->ref = 1;
+ p->next = head;
+ p->prev = NULL;
+ if (p->next)
+ p->next->prev = p;
+ head = p;
+
+ spin_unlock_bh(&geoip_lock);
+ return p;
}
static void remove_node(struct geoip_info *p)
- {
- spin_lock_bh(&geoip_lock);
-
- if (p->next) { /* Am I following a node ? */
- p->next->prev = p->prev;
- if (p->prev) p->prev->next = p->next; /* Is there a node behind me ? */
- else head = p->next; /* No? Then I was the head */
- }
-
- else
- if (p->prev) /* Is there a node behind me ? */
- p->prev->next = NULL;
- else
- head = NULL; /* No, we're alone */
-
- /* So now am unlinked or the only one alive, right ?
- * What are you waiting ? Free up some memory!
- */
-
- kfree(p->subnets);
- kfree(p);
-
- spin_unlock_bh(&geoip_lock);
- return;
+{
+ spin_lock_bh(&geoip_lock);
+
+ if (p->next) { /* Am I following a node ? */
+ p->next->prev = p->prev;
+ if (p->prev) p->prev->next = p->next; /* Is there a node behind me ? */
+ else head = p->next; /* No? Then I was the head */
+ }
+
+ else
+ if (p->prev) /* Is there a node behind me ? */
+ p->prev->next = NULL;
+ else
+ head = NULL; /* No, we're alone */
+
+ /* So now am unlinked or the only one alive, right ?
+ * What are you waiting ? Free up some memory!
+ */
+
+ kfree(p->subnets);
+ kfree(p);
+
+ spin_unlock_bh(&geoip_lock);
+ return;
}
static struct geoip_info *find_node(u_int16_t cc)
{
- struct geoip_info *p = head;
- spin_lock_bh(&geoip_lock);
-
- while (p) {
- if (p->cc == cc) {
- spin_unlock_bh(&geoip_lock);
- return p;
- }
- p = p->next;
- }
- spin_unlock_bh(&geoip_lock);
- return NULL;
+ struct geoip_info *p = head;
+ spin_lock_bh(&geoip_lock);
+
+ while (p) {
+ if (p->cc == cc) {
+ spin_unlock_bh(&geoip_lock);
+ return p;
+ }
+ p = p->next;
+ }
+ spin_unlock_bh(&geoip_lock);
+ return NULL;
}
-static bool xt_geoip_mt(const struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- const struct xt_match *match,
- const void *matchinfo,
- int offset,
- unsigned int protoff,
- bool *hotdrop)
+static bool xt_geoip_mt(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
{
- const struct xt_geoip_match_info *info = matchinfo;
- const struct geoip_info *node; /* This keeps the code sexy */
- const struct iphdr *iph = ip_hdr(skb);
- u_int32_t ip, i, j;
-
- if (info->flags & XT_GEOIP_SRC)
- ip = ntohl(iph->saddr);
- else
- ip = ntohl(iph->daddr);
-
- spin_lock_bh(&geoip_lock);
- for (i = 0; i < info->count; i++) {
- if ((node = info->mem[i]) == NULL) {
- printk(KERN_ERR "xt_geoip: what the hell ?? '%c%c' isn't loaded into memory... skip it!\n",
- COUNTRY(info->cc[i]));
-
- continue;
- }
-
- for (j = 0; j < node->count; j++)
- if ((ip > node->subnets[j].begin) && (ip < node->subnets[j].end)) {
- spin_unlock_bh(&geoip_lock);
- return (info->flags & XT_GEOIP_INV) ? 0 : 1;
- }
- }
-
- spin_unlock_bh(&geoip_lock);
- return (info->flags & XT_GEOIP_INV) ? 1 : 0;
+ const struct xt_geoip_match_info *info = matchinfo;
+ const struct geoip_info *node; /* This keeps the code sexy */
+ const struct iphdr *iph = ip_hdr(skb);
+ u_int32_t ip, i, j;
+
+ if (info->flags & XT_GEOIP_SRC)
+ ip = ntohl(iph->saddr);
+ else
+ ip = ntohl(iph->daddr);
+
+ spin_lock_bh(&geoip_lock);
+ for (i = 0; i < info->count; i++) {
+ if ((node = info->mem[i]) == NULL) {
+ printk(KERN_ERR "xt_geoip: what the hell ?? '%c%c' isn't loaded into memory... skip it!\n",
+ COUNTRY(info->cc[i]));
+
+ continue;
+ }
+
+ for (j = 0; j < node->count; j++)
+ if ((ip > node->subnets[j].begin) && (ip < node->subnets[j].end)) {
+ spin_unlock_bh(&geoip_lock);
+ return (info->flags & XT_GEOIP_INV) ? 0 : 1;
+ }
+ }
+
+ spin_unlock_bh(&geoip_lock);
+ return (info->flags & XT_GEOIP_INV) ? 1 : 0;
}
-static bool xt_geoip_mt_checkentry(const char *tablename,
- const void *ip,
- const struct xt_match *match,
- void *matchinfo,
- unsigned int hook_mas)
+static bool xt_geoip_mt_checkentry(const char *table, const void *entry,
+ const struct xt_match *match, void *matchinfo, unsigned int hook_mask)
{
-
- struct xt_geoip_match_info *info = matchinfo;
- struct geoip_info *node;
- u_int8_t i;
-
- for (i = 0; i < info->count; i++) {
-
- if ((node = find_node(info->cc[i])) != NULL)
- atomic_inc((atomic_t *)&node->ref); //increase the reference
- else
- if ((node = add_node(info->mem[i])) == NULL) {
- printk(KERN_ERR
- "xt_geoip: unable to load '%c%c' into memory\n",
- COUNTRY(info->cc[i]));
- return 0;
- }
-
- /* Overwrite the now-useless pointer info->mem[i] with
- * a pointer to the node's kernelspace structure.
- * This avoids searching for a node in the match() and
- * destroy() functions.
- */
- info->mem[i] = node;
- }
-
- return 1;
+ struct xt_geoip_match_info *info = matchinfo;
+ struct geoip_info *node;
+ u_int8_t i;
+
+ for (i = 0; i < info->count; i++) {
+
+ if ((node = find_node(info->cc[i])) != NULL)
+ atomic_inc((atomic_t *)&node->ref); //increase the reference
+ else
+ if ((node = add_node(info->mem[i])) == NULL) {
+ printk(KERN_ERR
+ "xt_geoip: unable to load '%c%c' into memory\n",
+ COUNTRY(info->cc[i]));
+ return 0;
+ }
+
+ /* Overwrite the now-useless pointer info->mem[i] with
+ * a pointer to the node's kernelspace structure.
+ * This avoids searching for a node in the match() and
+ * destroy() functions.
+ */
+ info->mem[i] = node;
+ }
+
+ return 1;
}
-static void xt_geoip_mt_destroy(const struct xt_match *matcn,
- void *matchinfo)
+static void xt_geoip_mt_destroy(const struct xt_match *match, void *matchinfo)
{
- struct xt_geoip_match_info *info = matchinfo;
- struct geoip_info *node; /* this keeps the code sexy */
- u_int8_t i;
-
- /* This entry has been removed from the table so
- * decrease the refcount of all countries it is
- * using.
- */
-
- for (i = 0; i < info->count; i++)
- if ((node = info->mem[i]) != NULL) {
- atomic_dec((atomic_t *)&node->ref);
-
- /* Free up some memory if that node isn't used
- * anymore. */
- if (node->ref < 1)
- remove_node(node);
- }
- else
- /* Something strange happened. There's no memory allocated for this
- * country. Please send this bug to the mailing list. */
- printk(KERN_ERR
- "xt_geoip: What happened peejix ? What happened acidfu ?\n"
- "xt_geoip: please report this bug to the maintainers\n");
- return;
+ struct xt_geoip_match_info *info = matchinfo;
+ struct geoip_info *node; /* this keeps the code sexy */
+ u_int8_t i;
+
+ /* This entry has been removed from the table so
+ * decrease the refcount of all countries it is
+ * using.
+ */
+
+ for (i = 0; i < info->count; i++)
+ if ((node = info->mem[i]) != NULL) {
+ atomic_dec((atomic_t *)&node->ref);
+
+ /* Free up some memory if that node isn't used
+ * anymore. */
+ if (node->ref < 1)
+ remove_node(node);
+ }
+ else
+ /* Something strange happened. There's no memory allocated for this
+ * country. Please send this bug to the mailing list. */
+ printk(KERN_ERR
+ "xt_geoip: What happened peejix ? What happened acidfu ?\n"
+ "xt_geoip: please report this bug to the maintainers\n");
+ return;
}
static struct xt_match xt_geoip_match __read_mostly = {
- .family = AF_INET,
- .name = "geoip",
- .match = &xt_geoip_mt,
- .checkentry = &xt_geoip_mt_checkentry,
- .destroy = &xt_geoip_mt_destroy,
- .matchsize = sizeof(struct xt_geoip_match_info),
- .me = THIS_MODULE,
+ .family = AF_INET,
+ .name = "geoip",
+ .match = xt_geoip_mt,
+ .checkentry = xt_geoip_mt_checkentry,
+ .destroy = xt_geoip_mt_destroy,
+ .matchsize = sizeof(struct xt_geoip_match_info),
+ .me = THIS_MODULE,
};
static int __init xt_geoip_mt_init(void)
{
- return xt_register_match(&xt_geoip_match);
+ return xt_register_match(&xt_geoip_match);
}
static void __exit xt_geoip_mt_fini(void)
{
- xt_unregister_match(&xt_geoip_match);
+ xt_unregister_match(&xt_geoip_match);
}
module_init(xt_geoip_mt_init);
projects / thirdparty / xtables-addons.git / commitdiff
