[NETFILTER]: x_tables: replace IPv4 DSCP target by address family independent version

This replaces IPv4 DSCP target by address family independent version. This also - utilizes dsfield.h to get/mangle DS field in IPv4/IPv6 header - fixes Kconfig help text. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> 2006-08-22 03:30:26 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 17:55:22 -0400
commit: a468701db58a8b3e08e3f55fa6ac66db42014922 (patch)
tree: 7b4b0fe62a7d15eae25b3013fd3ecaf13bce5028 /net/netfilter
parent: 9ba1627617d396135a4d679542a3623d5819e628 (diff)
3 files changed, 143 insertions, 0 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index f781405f5d65..0a28d2c5c44f 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -148,6 +148,18 @@ config NETFILTER_XT_TARGET_CONNMARK
          <file:Documentation/modules.txt>.  The module will be called
          ipt_CONNMARK.o.  If unsure, say `N'.
+config NETFILTER_XT_TARGET_DSCP
+        tristate '"DSCP" target support'
+        depends on NETFILTER_XTABLES
+        depends on IP_NF_MANGLE || IP6_NF_MANGLE
+        help
+          This option adds a `DSCP' target, which allows you to manipulate
+          the IPv4/IPv6 header DSCP field (differentiated services codepoint).
+          The DSCP field can have any value between 0x0 and 0x3f inclusive.
+          To compile it as a module, choose M here.  If unsure, say N.
 config NETFILTER_XT_TARGET_MARK
        tristate '"MARK" target support'
        depends on NETFILTER_XTABLES
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 0b8a70c1df46..a74be492fd0a 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -25,6 +25,7 @@ obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
 # targets
 obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
+obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
new file mode 100644
index 000000000000..79df8165cd79
--- /dev/null
+++ b/net/netfilter/xt_DSCP.c
@@ -0,0 +1,130 @@
+/* x_tables module for setting the IPv4/IPv6 DSCP field, Version 1.8
+ *
+ * (C) 2002 by Harald Welte <laforge@netfilter.org>
+ * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * See RFC2474 for a description of the DSCP field within the IP Header.
+ *
+ * xt_DSCP.c,v 1.8 2002/08/06 18:41:57 laforge Exp
+*/
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <net/dsfield.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_DSCP.h>
+MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
+MODULE_DESCRIPTION("x_tables DSCP modification module");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("ipt_DSCP");
+MODULE_ALIAS("ip6t_DSCP");
+static unsigned int target(struct sk_buff **pskb,
+                           const struct net_device *in,
+                           const struct net_device *out,
+                           unsigned int hooknum,
+                           const struct xt_target *target,
+                           const void *targinfo,
+                           void *userinfo)
+{
+        const struct xt_DSCP_info *dinfo = targinfo;
+        u_int8_t dscp = ipv4_get_dsfield((*pskb)->nh.iph) >> XT_DSCP_SHIFT;
+        if (dscp != dinfo->dscp) {
+                if (!skb_make_writable(pskb, sizeof(struct iphdr)))
+                        return NF_DROP;
+                ipv4_change_dsfield((*pskb)->nh.iph, (__u8)(~XT_DSCP_MASK),
+                                    dinfo->dscp << XT_DSCP_SHIFT);
+        }
+        return XT_CONTINUE;
+}
+static unsigned int target6(struct sk_buff **pskb,
+                            const struct net_device *in,
+                            const struct net_device *out,
+                            unsigned int hooknum,
+                            const struct xt_target *target,
+                            const void *targinfo,
+                            void *userinfo)
+{
+        const struct xt_DSCP_info *dinfo = targinfo;
+        u_int8_t dscp = ipv6_get_dsfield((*pskb)->nh.ipv6h) >> XT_DSCP_SHIFT;
+        if (dscp != dinfo->dscp) {
+                if (!skb_make_writable(pskb, sizeof(struct ipv6hdr)))
+                        return NF_DROP;
+                ipv6_change_dsfield((*pskb)->nh.ipv6h, (__u8)(~XT_DSCP_MASK),
+                                    dinfo->dscp << XT_DSCP_SHIFT);
+        }
+        return XT_CONTINUE;
+}
+static int checkentry(const char *tablename,
+                      const void *e_void,
+                      const struct xt_target *target,
+                      void *targinfo,
+                      unsigned int targinfosize,
+                      unsigned int hook_mask)
+{
+        const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
+        if ((dscp > XT_DSCP_MAX)) {
+                printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
+                return 0;
+        }
+        return 1;
+}
+static struct xt_target xt_dscp_reg = {
+        .name           = "DSCP",
+        .target         = target,
+        .targetsize     = sizeof(struct xt_DSCP_info),
+        .table          = "mangle",
+        .checkentry     = checkentry,
+        .family         = AF_INET,
+        .me             = THIS_MODULE,
+};
+static struct xt_target xt_dscp6_reg = {
+        .name           = "DSCP",
+        .target         = target6,
+        .targetsize     = sizeof(struct xt_DSCP_info),
+        .table          = "mangle",
+        .checkentry     = checkentry,
+        .family         = AF_INET6,
+        .me             = THIS_MODULE,
+};
+static int __init xt_dscp_target_init(void)
+{
+        int ret;
+        ret = xt_register_target(&xt_dscp_reg);
+        if (ret)
+                return ret;
+        ret = xt_register_target(&xt_dscp6_reg);
+        if (ret)
+                xt_unregister_target(&xt_dscp_reg);
+        return ret;
+}
+static void __exit xt_dscp_target_fini(void)
+{
+        xt_unregister_target(&xt_dscp_reg);
+        xt_unregister_target(&xt_dscp6_reg);
+}
+module_init(xt_dscp_target_init);
+module_exit(xt_dscp_target_fini);
author	Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>	2006-08-22 03:30:26 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 17:55:22 -0400
commit	a468701db58a8b3e08e3f55fa6ac66db42014922 (patch)
tree	7b4b0fe62a7d15eae25b3013fd3ecaf13bce5028 /net/netfilter
parent	9ba1627617d396135a4d679542a3623d5819e628 (diff)

diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index f781405f5d65..0a28d2c5c44f 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig
@@ -148,6 +148,18 @@ config NETFILTER_XT_TARGET_CONNMARK
148	<file:Documentation/modules.txt>. The module will be called	148	<file:Documentation/modules.txt>. The module will be called
149	ipt_CONNMARK.o. If unsure, say `N'.	149	ipt_CONNMARK.o. If unsure, say `N'.
150		150
		151	config NETFILTER_XT_TARGET_DSCP
		152	tristate '"DSCP" target support'
		153	depends on NETFILTER_XTABLES
		154	depends on IP_NF_MANGLE \|\| IP6_NF_MANGLE
		155	help
		156	This option adds a `DSCP' target, which allows you to manipulate
		157	the IPv4/IPv6 header DSCP field (differentiated services codepoint).
		158
		159	The DSCP field can have any value between 0x0 and 0x3f inclusive.
		160
		161	To compile it as a module, choose M here. If unsure, say N.
		162
151	config NETFILTER_XT_TARGET_MARK	163	config NETFILTER_XT_TARGET_MARK
152	tristate '"MARK" target support'	164	tristate '"MARK" target support'
153	depends on NETFILTER_XTABLES	165	depends on NETFILTER_XTABLES


diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile index 0b8a70c1df46..a74be492fd0a 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile
@@ -25,6 +25,7 @@ obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
25	# targets	25	# targets
26	obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o	26	obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
27	obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o	27	obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
		28	obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
28	obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o	29	obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
29	obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o	30	obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
30	obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o	31	obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o


diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c new file mode 100644 index 000000000000..79df8165cd79 --- /dev/null +++ b/net/netfilter/xt_DSCP.c
@@ -0,0 +1,130 @@
		1	/* x_tables module for setting the IPv4/IPv6 DSCP field, Version 1.8
		2	*
		3	* (C) 2002 by Harald Welte <laforge@netfilter.org>
		4	* based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License version 2 as
		8	* published by the Free Software Foundation.
		9	*
		10	* See RFC2474 for a description of the DSCP field within the IP Header.
		11	*
		12	* xt_DSCP.c,v 1.8 2002/08/06 18:41:57 laforge Exp
		13	*/
		14
		15	#include <linux/module.h>
		16	#include <linux/skbuff.h>
		17	#include <linux/ip.h>
		18	#include <linux/ipv6.h>
		19	#include <net/dsfield.h>
		20
		21	#include <linux/netfilter/x_tables.h>
		22	#include <linux/netfilter/xt_DSCP.h>
		23
		24	MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
		25	MODULE_DESCRIPTION("x_tables DSCP modification module");
		26	MODULE_LICENSE("GPL");
		27	MODULE_ALIAS("ipt_DSCP");
		28	MODULE_ALIAS("ip6t_DSCP");
		29
		30	static unsigned int target(struct sk_buff **pskb,
		31	const struct net_device *in,
		32	const struct net_device *out,
		33	unsigned int hooknum,
		34	const struct xt_target *target,
		35	const void *targinfo,
		36	void *userinfo)
		37	{
		38	const struct xt_DSCP_info *dinfo = targinfo;
		39	u_int8_t dscp = ipv4_get_dsfield((*pskb)->nh.iph) >> XT_DSCP_SHIFT;
		40
		41	if (dscp != dinfo->dscp) {
		42	if (!skb_make_writable(pskb, sizeof(struct iphdr)))
		43	return NF_DROP;
		44
		45	ipv4_change_dsfield((*pskb)->nh.iph, (__u8)(~XT_DSCP_MASK),
		46	dinfo->dscp << XT_DSCP_SHIFT);
		47
		48	}
		49	return XT_CONTINUE;
		50	}
		51
		52	static unsigned int target6(struct sk_buff **pskb,
		53	const struct net_device *in,
		54	const struct net_device *out,
		55	unsigned int hooknum,
		56	const struct xt_target *target,
		57	const void *targinfo,
		58	void *userinfo)
		59	{
		60	const struct xt_DSCP_info *dinfo = targinfo;
		61	u_int8_t dscp = ipv6_get_dsfield((*pskb)->nh.ipv6h) >> XT_DSCP_SHIFT;
		62
		63	if (dscp != dinfo->dscp) {
		64	if (!skb_make_writable(pskb, sizeof(struct ipv6hdr)))
		65	return NF_DROP;
		66
		67	ipv6_change_dsfield((*pskb)->nh.ipv6h, (__u8)(~XT_DSCP_MASK),
		68	dinfo->dscp << XT_DSCP_SHIFT);
		69	}
		70	return XT_CONTINUE;
		71	}
		72
		73	static int checkentry(const char *tablename,
		74	const void *e_void,
		75	const struct xt_target *target,
		76	void *targinfo,
		77	unsigned int targinfosize,
		78	unsigned int hook_mask)
		79	{
		80	const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
		81
		82	if ((dscp > XT_DSCP_MAX)) {
		83	printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
		84	return 0;
		85	}
		86	return 1;
		87	}
		88
		89	static struct xt_target xt_dscp_reg = {
		90	.name = "DSCP",
		91	.target = target,
		92	.targetsize = sizeof(struct xt_DSCP_info),
		93	.table = "mangle",
		94	.checkentry = checkentry,
		95	.family = AF_INET,
		96	.me = THIS_MODULE,
		97	};
		98
		99	static struct xt_target xt_dscp6_reg = {
		100	.name = "DSCP",
		101	.target = target6,
		102	.targetsize = sizeof(struct xt_DSCP_info),
		103	.table = "mangle",
		104	.checkentry = checkentry,
		105	.family = AF_INET6,
		106	.me = THIS_MODULE,
		107	};
		108
		109	static int __init xt_dscp_target_init(void)
		110	{
		111	int ret;
		112	ret = xt_register_target(&xt_dscp_reg);
		113	if (ret)
		114	return ret;
		115
		116	ret = xt_register_target(&xt_dscp6_reg);
		117	if (ret)
		118	xt_unregister_target(&xt_dscp_reg);
		119
		120	return ret;
		121	}
		122
		123	static void __exit xt_dscp_target_fini(void)
		124	{
		125	xt_unregister_target(&xt_dscp_reg);
		126	xt_unregister_target(&xt_dscp6_reg);
		127	}
		128
		129	module_init(xt_dscp_target_init);
		130	module_exit(xt_dscp_target_fini);