netfilter: introduce xt_id match

This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r41945

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42007 3c298f89-4303-0410-b956-a3cf2f4a3e73

1 files changed, 59 insertions, 0 deletions

diff --git a/package/network/utils/iptables/patches/500-add-xt_id-match.patch b/package/network/utils/iptables/patches/500-add-xt_id-match.patch
new file mode 100644
index 0000000000..94762f0ab7
--- /dev/null
+++ b/package/network/utils/iptables/patches/500-add-xt_id-match.patch
@@ -0,0 +1,59 @@
+--- /dev/null
++++ b/extensions/libxt_id.c
+@@ -0,0 +1,45 @@
++/* Shared library add-on to iptables to add id match support. */
++
++#include <stdio.h>
++#include <xtables.h>
++#include <linux/netfilter/xt_id.h>
++
++enum {
++	O_ID = 0,
++};
++
++static const struct xt_option_entry id_opts[] = {
++	{
++		.name  = "id",
++		.id    = O_ID,
++		.type  = XTTYPE_UINT32,
++		.flags = XTOPT_MAND | XTOPT_PUT,
++		XTOPT_POINTER(struct xt_id_info, id)
++	},
++	XTOPT_TABLEEND,
++};
++
++/* Saves the union ipt_matchinfo in parsable form to stdout. */
++static void
++id_save(const void *ip, const struct xt_entry_match *match)
++{
++	struct xt_id_info *idinfo = (void *)match->data;
++
++	printf(" --id %lu", idinfo->id);
++}
++
++static struct xtables_match id_match = {
++	.family		= NFPROTO_UNSPEC,
++	.name		= "id",
++	.version	= XTABLES_VERSION,
++	.size		= XT_ALIGN(sizeof(struct xt_id_info)),
++	.userspacesize	= XT_ALIGN(sizeof(struct xt_id_info)),
++	.save 		= id_save,
++	.x6_parse	= xtables_option_parse,
++	.x6_options	= id_opts,
++};
++
++void _init(void)
++{
++	xtables_register_match(&id_match);
++}
+--- /dev/null
++++ b/include/linux/netfilter/xt_id.h
+@@ -0,0 +1,8 @@
++#ifndef _XT_ID_H
++#define _XT_ID_H
++
++struct xt_id_info {
++	__u32 id;
++};
++
++#endif /* XT_ID_H */