1 --- a/include/uapi/linux/netfilter/Kbuild
2 +++ b/include/uapi/linux/netfilter/Kbuild
3 @@ -54,6 +54,7 @@ header-y += xt_ecn.h
5 header-y += xt_hashlimit.h
6 header-y += xt_helper.h
8 header-y += xt_iprange.h
10 header-y += xt_layer7.h
12 +++ b/include/uapi/linux/netfilter/xt_id.h
22 --- a/net/netfilter/Kconfig
23 +++ b/net/netfilter/Kconfig
24 @@ -1033,6 +1033,13 @@ config NETFILTER_XT_MATCH_HL
25 in the IPv6 header, or the time-to-live field in the IPv4
28 +config NETFILTER_XT_MATCH_ID
29 + tristate '"id" match support'
30 + depends on NETFILTER_ADVANCED
32 + This option adds a `id' dummy-match, which allows you to put
33 + numeric IDs into your iptables ruleset.
35 config NETFILTER_XT_MATCH_IPRANGE
36 tristate '"iprange" address range match support'
37 depends on NETFILTER_ADVANCED
38 --- a/net/netfilter/Makefile
39 +++ b/net/netfilter/Makefile
40 @@ -133,6 +133,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) +=
41 obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o
42 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
43 obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
44 +obj-$(CONFIG_NETFILTER_XT_MATCH_ID) += xt_id.o
45 obj-$(CONFIG_NETFILTER_XT_MATCH_IPRANGE) += xt_iprange.o
46 obj-$(CONFIG_NETFILTER_XT_MATCH_IPVS) += xt_ipvs.o
47 obj-$(CONFIG_NETFILTER_XT_MATCH_LENGTH) += xt_length.o
49 +++ b/net/netfilter/xt_id.c
52 + * Implements a dummy match to allow attaching IDs to rules
54 + * 2014-08-01 Jo-Philipp Wich <jow@openwrt.org>
57 +#include <linux/module.h>
58 +#include <linux/skbuff.h>
59 +#include <linux/netfilter/x_tables.h>
60 +#include <linux/netfilter/xt_id.h>
62 +MODULE_AUTHOR("Jo-Philipp Wich <jow@openwrt.org>");
63 +MODULE_DESCRIPTION("Xtables: No-op match which can be tagged with a 32bit ID");
64 +MODULE_LICENSE("GPL");
65 +MODULE_ALIAS("ipt_id");
66 +MODULE_ALIAS("ip6t_id");
69 +id_mt(const struct sk_buff *skb, struct xt_action_param *par)
71 + /* We always match */
75 +static struct xt_match id_mt_reg __read_mostly = {
78 + .family = NFPROTO_UNSPEC,
80 + .matchsize = sizeof(struct xt_id_info),
84 +static int __init id_mt_init(void)
86 + return xt_register_match(&id_mt_reg);
89 +static void __exit id_mt_exit(void)
91 + xt_unregister_match(&id_mt_reg);
94 +module_init(id_mt_init);
95 +module_exit(id_mt_exit);