[NETFILTER]: x_tables: replace IPv4 DSCP target by address family independent version

This replaces IPv4 DSCP target by address family independent version. This also - utilizes dsfield.h to get/mangle DS field in IPv4/IPv6 header - fixes Kconfig help text. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> 2006-08-22 03:30:26 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 17:55:22 -0400
commit: a468701db58a8b3e08e3f55fa6ac66db42014922 (patch)
tree: 7b4b0fe62a7d15eae25b3013fd3ecaf13bce5028
parent: 9ba1627617d396135a4d679542a3623d5819e628 (diff)
8 files changed, 165 insertions, 112 deletions
diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h
new file mode 100644
index 000000000000..3c7c963997bd
--- /dev/null
+++ b/include/linux/netfilter/xt_DSCP.h
@@ -0,0 +1,20 @@
+/* x_tables module for setting the IPv4/IPv6 DSCP field
+ *
+ * (C) 2002 Harald Welte <laforge@gnumonks.org>
+ * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
+ * This software is distributed under GNU GPL v2, 1991
+ *
+ * See RFC2474 for a description of the DSCP field within the IP Header.
+ *
+ * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
+*/
+#ifndef _XT_DSCP_TARGET_H
+#define _XT_DSCP_TARGET_H
+#include <linux/netfilter/xt_dscp.h>
+/* target info */
+struct xt_DSCP_info {
+        u_int8_t dscp;
+};
+#endif /* _XT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter_ipv4/ipt_DSCP.h b/include/linux/netfilter_ipv4/ipt_DSCP.h
index b30f510b5bef..3491e524d5ea 100644
--- a/include/linux/netfilter_ipv4/ipt_DSCP.h
+++ b/include/linux/netfilter_ipv4/ipt_DSCP.h
@@ -11,10 +11,8 @@
 #ifndef _IPT_DSCP_TARGET_H
 #define _IPT_DSCP_TARGET_H
 #include <linux/netfilter_ipv4/ipt_dscp.h>
+#include <linux/netfilter/xt_DSCP.h>
-/* target info */
+#define ipt_DSCP_info xt_DSCP_info
-struct ipt_DSCP_info {
-        u_int8_t dscp;
-};
 #endif /* _IPT_DSCP_TARGET_H */
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index d88d71d1ce0d..a55b8ff70ded 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -557,17 +557,6 @@ config IP_NF_TARGET_ECN
          To compile it as a module, choose M here.  If unsure, say N.
-config IP_NF_TARGET_DSCP
-        tristate "DSCP target support"
-        depends on IP_NF_MANGLE
-        help
-          This option adds a `DSCP' match, which allows you to match against
-          the IPv4 header DSCP field (DSCP codepoint).
-          The DSCP codepoint can have any value between 0x0 and 0x4f.
-          To compile it as a module, choose M here.  If unsure, say N.
 config IP_NF_TARGET_TTL
        tristate  'TTL target support'
        depends on IP_NF_MANGLE
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index b946b0f3ea9d..09aaed1a8063 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -67,7 +67,6 @@ obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
 obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
 obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
-obj-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP.o
 obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
 obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
 obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
diff --git a/net/ipv4/netfilter/ipt_DSCP.c b/net/ipv4/netfilter/ipt_DSCP.c
deleted file mode 100644
index c8e971288dfe..000000000000
--- a/net/ipv4/netfilter/ipt_DSCP.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* iptables module for setting the IPv4 DSCP field, Version 1.8
- *
- * (C) 2002 by Harald Welte <laforge@netfilter.org>
- * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as 
- * published by the Free Software Foundation.
- * 
- * See RFC2474 for a description of the DSCP field within the IP Header.
- *
- * ipt_DSCP.c,v 1.8 2002/08/06 18:41:57 laforge Exp
-*/
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/ip.h>
-#include <net/checksum.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_DSCP.h>
-MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
-MODULE_DESCRIPTION("iptables DSCP modification module");
-MODULE_LICENSE("GPL");
-static unsigned int
-target(struct sk_buff **pskb,
-       const struct net_device *in,
-       const struct net_device *out,
-       unsigned int hooknum,
-       const struct xt_target *target,
-       const void *targinfo,
-       void *userinfo)
-{
-        const struct ipt_DSCP_info *dinfo = targinfo;
-        u_int8_t sh_dscp = ((dinfo->dscp << IPT_DSCP_SHIFT) & IPT_DSCP_MASK);
-        if (((*pskb)->nh.iph->tos & IPT_DSCP_MASK) != sh_dscp) {
-                u_int16_t diffs[2];
-                if (!skb_make_writable(pskb, sizeof(struct iphdr)))
-                        return NF_DROP;
-                diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF;
-                (*pskb)->nh.iph->tos = ((*pskb)->nh.iph->tos & ~IPT_DSCP_MASK)
-                        | sh_dscp;
-                diffs[1] = htons((*pskb)->nh.iph->tos);
-                (*pskb)->nh.iph->check
-                        = csum_fold(csum_partial((char *)diffs,
-                                                 sizeof(diffs),
-                                                 (*pskb)->nh.iph->check
-                                                 ^ 0xFFFF));
-        }
-        return IPT_CONTINUE;
-}
-static int
-checkentry(const char *tablename,
-           const void *e_void,
-           const struct xt_target *target,
-           void *targinfo,
-           unsigned int targinfosize,
-           unsigned int hook_mask)
-{
-        const u_int8_t dscp = ((struct ipt_DSCP_info *)targinfo)->dscp;
-        if ((dscp > IPT_DSCP_MAX)) {
-                printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
-                return 0;
-        }
-        return 1;
-}
-static struct ipt_target ipt_dscp_reg = {
-        .name           = "DSCP",
-        .target         = target,
-        .targetsize     = sizeof(struct ipt_DSCP_info),
-        .table          = "mangle",
-        .checkentry     = checkentry,
-        .me             = THIS_MODULE,
-};
-static int __init ipt_dscp_init(void)
-{
-        return ipt_register_target(&ipt_dscp_reg);
-}
-static void __exit ipt_dscp_fini(void)
-{
-        ipt_unregister_target(&ipt_dscp_reg);
-}
-module_init(ipt_dscp_init);
-module_exit(ipt_dscp_fini);
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index f781405f5d65..0a28d2c5c44f 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -148,6 +148,18 @@ config NETFILTER_XT_TARGET_CONNMARK
          <file:Documentation/modules.txt>.  The module will be called
          ipt_CONNMARK.o.  If unsure, say `N'.
+config NETFILTER_XT_TARGET_DSCP
+        tristate '"DSCP" target support'
+        depends on NETFILTER_XTABLES
+        depends on IP_NF_MANGLE || IP6_NF_MANGLE
+        help
+          This option adds a `DSCP' target, which allows you to manipulate
+          the IPv4/IPv6 header DSCP field (differentiated services codepoint).
+          The DSCP field can have any value between 0x0 and 0x3f inclusive.
+          To compile it as a module, choose M here.  If unsure, say N.
 config NETFILTER_XT_TARGET_MARK
        tristate '"MARK" target support'
        depends on NETFILTER_XTABLES
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 0b8a70c1df46..a74be492fd0a 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -25,6 +25,7 @@ obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
 # targets
 obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
+obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
new file mode 100644
index 000000000000..79df8165cd79
--- /dev/null
+++ b/net/netfilter/xt_DSCP.c
@@ -0,0 +1,130 @@
+/* x_tables module for setting the IPv4/IPv6 DSCP field, Version 1.8
+ *
+ * (C) 2002 by Harald Welte <laforge@netfilter.org>
+ * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * See RFC2474 for a description of the DSCP field within the IP Header.
+ *
+ * xt_DSCP.c,v 1.8 2002/08/06 18:41:57 laforge Exp
+*/
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <net/dsfield.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_DSCP.h>
+MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
+MODULE_DESCRIPTION("x_tables DSCP modification module");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("ipt_DSCP");
+MODULE_ALIAS("ip6t_DSCP");
+static unsigned int target(struct sk_buff **pskb,
+                           const struct net_device *in,
+                           const struct net_device *out,
+                           unsigned int hooknum,
+                           const struct xt_target *target,
+                           const void *targinfo,
+                           void *userinfo)
+{
+        const struct xt_DSCP_info *dinfo = targinfo;
+        u_int8_t dscp = ipv4_get_dsfield((*pskb)->nh.iph) >> XT_DSCP_SHIFT;
+        if (dscp != dinfo->dscp) {
+                if (!skb_make_writable(pskb, sizeof(struct iphdr)))
+                        return NF_DROP;
+                ipv4_change_dsfield((*pskb)->nh.iph, (__u8)(~XT_DSCP_MASK),
+                                    dinfo->dscp << XT_DSCP_SHIFT);
+        }
+        return XT_CONTINUE;
+}
+static unsigned int target6(struct sk_buff **pskb,
+                            const struct net_device *in,
+                            const struct net_device *out,
+                            unsigned int hooknum,
+                            const struct xt_target *target,
+                            const void *targinfo,
+                            void *userinfo)
+{
+        const struct xt_DSCP_info *dinfo = targinfo;
+        u_int8_t dscp = ipv6_get_dsfield((*pskb)->nh.ipv6h) >> XT_DSCP_SHIFT;
+        if (dscp != dinfo->dscp) {
+                if (!skb_make_writable(pskb, sizeof(struct ipv6hdr)))
+                        return NF_DROP;
+                ipv6_change_dsfield((*pskb)->nh.ipv6h, (__u8)(~XT_DSCP_MASK),
+                                    dinfo->dscp << XT_DSCP_SHIFT);
+        }
+        return XT_CONTINUE;
+}
+static int checkentry(const char *tablename,
+                      const void *e_void,
+                      const struct xt_target *target,
+                      void *targinfo,
+                      unsigned int targinfosize,
+                      unsigned int hook_mask)
+{
+        const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
+        if ((dscp > XT_DSCP_MAX)) {
+                printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
+                return 0;
+        }
+        return 1;
+}
+static struct xt_target xt_dscp_reg = {
+        .name           = "DSCP",
+        .target         = target,
+        .targetsize     = sizeof(struct xt_DSCP_info),
+        .table          = "mangle",
+        .checkentry     = checkentry,
+        .family         = AF_INET,
+        .me             = THIS_MODULE,
+};
+static struct xt_target xt_dscp6_reg = {
+        .name           = "DSCP",
+        .target         = target6,
+        .targetsize     = sizeof(struct xt_DSCP_info),
+        .table          = "mangle",
+        .checkentry     = checkentry,
+        .family         = AF_INET6,
+        .me             = THIS_MODULE,
+};
+static int __init xt_dscp_target_init(void)
+{
+        int ret;
+        ret = xt_register_target(&xt_dscp_reg);
+        if (ret)
+                return ret;
+        ret = xt_register_target(&xt_dscp6_reg);
+        if (ret)
+                xt_unregister_target(&xt_dscp_reg);
+        return ret;
+}
+static void __exit xt_dscp_target_fini(void)
+{
+        xt_unregister_target(&xt_dscp_reg);
+        xt_unregister_target(&xt_dscp6_reg);
+}
+module_init(xt_dscp_target_init);
+module_exit(xt_dscp_target_fini);
author	Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>	2006-08-22 03:30:26 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 17:55:22 -0400
commit	a468701db58a8b3e08e3f55fa6ac66db42014922 (patch)
tree	7b4b0fe62a7d15eae25b3013fd3ecaf13bce5028
parent	9ba1627617d396135a4d679542a3623d5819e628 (diff)

diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h new file mode 100644 index 000000000000..3c7c963997bd --- /dev/null +++ b/include/linux/netfilter/xt_DSCP.h
@@ -0,0 +1,20 @@
		1	/* x_tables module for setting the IPv4/IPv6 DSCP field
		2	*
		3	* (C) 2002 Harald Welte <laforge@gnumonks.org>
		4	* based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
		5	* This software is distributed under GNU GPL v2, 1991
		6	*
		7	* See RFC2474 for a description of the DSCP field within the IP Header.
		8	*
		9	* xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
		10	*/
		11	#ifndef _XT_DSCP_TARGET_H
		12	#define _XT_DSCP_TARGET_H
		13	#include <linux/netfilter/xt_dscp.h>
		14
		15	/* target info */
		16	struct xt_DSCP_info {
		17	u_int8_t dscp;
		18	};
		19
		20	#endif /* _XT_DSCP_TARGET_H */


diff --git a/include/linux/netfilter_ipv4/ipt_DSCP.h b/include/linux/netfilter_ipv4/ipt_DSCP.h index b30f510b5bef..3491e524d5ea 100644 --- a/include/linux/netfilter_ipv4/ipt_DSCP.h +++ b/include/linux/netfilter_ipv4/ipt_DSCP.h
@@ -11,10 +11,8 @@
11	#ifndef _IPT_DSCP_TARGET_H	11	#ifndef _IPT_DSCP_TARGET_H
12	#define _IPT_DSCP_TARGET_H	12	#define _IPT_DSCP_TARGET_H
13	#include <linux/netfilter_ipv4/ipt_dscp.h>	13	#include <linux/netfilter_ipv4/ipt_dscp.h>
		14	#include <linux/netfilter/xt_DSCP.h>
14		15
15	/* target info */	16	#define ipt_DSCP_info xt_DSCP_info
16	struct ipt_DSCP_info {
17	u_int8_t dscp;
18	};
19		17
20	#endif /* _IPT_DSCP_TARGET_H */	18	#endif /* _IPT_DSCP_TARGET_H */


diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index d88d71d1ce0d..a55b8ff70ded 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig
@@ -557,17 +557,6 @@ config IP_NF_TARGET_ECN
557		557
558	To compile it as a module, choose M here. If unsure, say N.	558	To compile it as a module, choose M here. If unsure, say N.
559		559
560	config IP_NF_TARGET_DSCP
561	tristate "DSCP target support"
562	depends on IP_NF_MANGLE
563	help
564	This option adds a `DSCP' match, which allows you to match against
565	the IPv4 header DSCP field (DSCP codepoint).
566
567	The DSCP codepoint can have any value between 0x0 and 0x4f.
568
569	To compile it as a module, choose M here. If unsure, say N.
570
571	config IP_NF_TARGET_TTL	560	config IP_NF_TARGET_TTL
572	tristate 'TTL target support'	561	tristate 'TTL target support'
573	depends on IP_NF_MANGLE	562	depends on IP_NF_MANGLE


diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index b946b0f3ea9d..09aaed1a8063 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile
@@ -67,7 +67,6 @@ obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
67	obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o	67	obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
68	obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o	68	obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
69	obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o	69	obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
70	obj-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP.o
71	obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o	70	obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
72	obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o	71	obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
73	obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o	72	obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o


diff --git a/net/ipv4/netfilter/ipt_DSCP.c b/net/ipv4/netfilter/ipt_DSCP.c deleted file mode 100644 index c8e971288dfe..000000000000 --- a/net/ipv4/netfilter/ipt_DSCP.c +++ /dev/null
@@ -1,96 +0,0 @@
1	/* iptables module for setting the IPv4 DSCP field, Version 1.8
2	*
3	* (C) 2002 by Harald Welte <laforge@netfilter.org>
4	* based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License version 2 as
8	* published by the Free Software Foundation.
9	*
10	* See RFC2474 for a description of the DSCP field within the IP Header.
11	*
12	* ipt_DSCP.c,v 1.8 2002/08/06 18:41:57 laforge Exp
13	*/
14
15	#include <linux/module.h>
16	#include <linux/skbuff.h>
17	#include <linux/ip.h>
18	#include <net/checksum.h>
19
20	#include <linux/netfilter_ipv4/ip_tables.h>
21	#include <linux/netfilter_ipv4/ipt_DSCP.h>
22
23	MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
24	MODULE_DESCRIPTION("iptables DSCP modification module");
25	MODULE_LICENSE("GPL");
26
27	static unsigned int
28	target(struct sk_buff **pskb,
29	const struct net_device *in,
30	const struct net_device *out,
31	unsigned int hooknum,
32	const struct xt_target *target,
33	const void *targinfo,
34	void *userinfo)
35	{
36	const struct ipt_DSCP_info *dinfo = targinfo;
37	u_int8_t sh_dscp = ((dinfo->dscp << IPT_DSCP_SHIFT) & IPT_DSCP_MASK);
38
39
40	if (((*pskb)->nh.iph->tos & IPT_DSCP_MASK) != sh_dscp) {
41	u_int16_t diffs[2];
42
43	if (!skb_make_writable(pskb, sizeof(struct iphdr)))
44	return NF_DROP;
45
46	diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF;
47	(pskb)->nh.iph->tos = ((pskb)->nh.iph->tos & ~IPT_DSCP_MASK)
48	\| sh_dscp;
49	diffs[1] = htons((*pskb)->nh.iph->tos);
50	(*pskb)->nh.iph->check
51	= csum_fold(csum_partial((char *)diffs,
52	sizeof(diffs),
53	(*pskb)->nh.iph->check
54	^ 0xFFFF));
55	}
56	return IPT_CONTINUE;
57	}
58
59	static int
60	checkentry(const char *tablename,
61	const void *e_void,
62	const struct xt_target *target,
63	void *targinfo,
64	unsigned int targinfosize,
65	unsigned int hook_mask)
66	{
67	const u_int8_t dscp = ((struct ipt_DSCP_info *)targinfo)->dscp;
68
69	if ((dscp > IPT_DSCP_MAX)) {
70	printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
71	return 0;
72	}
73	return 1;
74	}
75
76	static struct ipt_target ipt_dscp_reg = {
77	.name = "DSCP",
78	.target = target,
79	.targetsize = sizeof(struct ipt_DSCP_info),
80	.table = "mangle",
81	.checkentry = checkentry,
82	.me = THIS_MODULE,
83	};
84
85	static int __init ipt_dscp_init(void)
86	{
87	return ipt_register_target(&ipt_dscp_reg);
88	}
89
90	static void __exit ipt_dscp_fini(void)
91	{
92	ipt_unregister_target(&ipt_dscp_reg);
93	}
94
95	module_init(ipt_dscp_init);
96	module_exit(ipt_dscp_fini);


diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index f781405f5d65..0a28d2c5c44f 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig
@@ -148,6 +148,18 @@ config NETFILTER_XT_TARGET_CONNMARK
148	<file:Documentation/modules.txt>. The module will be called	148	<file:Documentation/modules.txt>. The module will be called
149	ipt_CONNMARK.o. If unsure, say `N'.	149	ipt_CONNMARK.o. If unsure, say `N'.
150		150
		151	config NETFILTER_XT_TARGET_DSCP
		152	tristate '"DSCP" target support'
		153	depends on NETFILTER_XTABLES
		154	depends on IP_NF_MANGLE \|\| IP6_NF_MANGLE
		155	help
		156	This option adds a `DSCP' target, which allows you to manipulate
		157	the IPv4/IPv6 header DSCP field (differentiated services codepoint).
		158
		159	The DSCP field can have any value between 0x0 and 0x3f inclusive.
		160
		161	To compile it as a module, choose M here. If unsure, say N.
		162
151	config NETFILTER_XT_TARGET_MARK	163	config NETFILTER_XT_TARGET_MARK
152	tristate '"MARK" target support'	164	tristate '"MARK" target support'
153	depends on NETFILTER_XTABLES	165	depends on NETFILTER_XTABLES


diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile index 0b8a70c1df46..a74be492fd0a 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile
@@ -25,6 +25,7 @@ obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
25	# targets	25	# targets
26	obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o	26	obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
27	obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o	27	obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
		28	obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
28	obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o	29	obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
29	obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o	30	obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
30	obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o	31	obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o


diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c new file mode 100644 index 000000000000..79df8165cd79 --- /dev/null +++ b/net/netfilter/xt_DSCP.c
@@ -0,0 +1,130 @@
		1	/* x_tables module for setting the IPv4/IPv6 DSCP field, Version 1.8
		2	*
		3	* (C) 2002 by Harald Welte <laforge@netfilter.org>
		4	* based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License version 2 as
		8	* published by the Free Software Foundation.
		9	*
		10	* See RFC2474 for a description of the DSCP field within the IP Header.
		11	*
		12	* xt_DSCP.c,v 1.8 2002/08/06 18:41:57 laforge Exp
		13	*/
		14
		15	#include <linux/module.h>
		16	#include <linux/skbuff.h>
		17	#include <linux/ip.h>
		18	#include <linux/ipv6.h>
		19	#include <net/dsfield.h>
		20
		21	#include <linux/netfilter/x_tables.h>
		22	#include <linux/netfilter/xt_DSCP.h>
		23
		24	MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
		25	MODULE_DESCRIPTION("x_tables DSCP modification module");
		26	MODULE_LICENSE("GPL");
		27	MODULE_ALIAS("ipt_DSCP");
		28	MODULE_ALIAS("ip6t_DSCP");
		29
		30	static unsigned int target(struct sk_buff **pskb,
		31	const struct net_device *in,
		32	const struct net_device *out,
		33	unsigned int hooknum,
		34	const struct xt_target *target,
		35	const void *targinfo,
		36	void *userinfo)
		37	{
		38	const struct xt_DSCP_info *dinfo = targinfo;
		39	u_int8_t dscp = ipv4_get_dsfield((*pskb)->nh.iph) >> XT_DSCP_SHIFT;
		40
		41	if (dscp != dinfo->dscp) {
		42	if (!skb_make_writable(pskb, sizeof(struct iphdr)))
		43	return NF_DROP;
		44
		45	ipv4_change_dsfield((*pskb)->nh.iph, (__u8)(~XT_DSCP_MASK),
		46	dinfo->dscp << XT_DSCP_SHIFT);
		47
		48	}
		49	return XT_CONTINUE;
		50	}
		51
		52	static unsigned int target6(struct sk_buff **pskb,
		53	const struct net_device *in,
		54	const struct net_device *out,
		55	unsigned int hooknum,
		56	const struct xt_target *target,
		57	const void *targinfo,
		58	void *userinfo)
		59	{
		60	const struct xt_DSCP_info *dinfo = targinfo;
		61	u_int8_t dscp = ipv6_get_dsfield((*pskb)->nh.ipv6h) >> XT_DSCP_SHIFT;
		62
		63	if (dscp != dinfo->dscp) {
		64	if (!skb_make_writable(pskb, sizeof(struct ipv6hdr)))
		65	return NF_DROP;
		66
		67	ipv6_change_dsfield((*pskb)->nh.ipv6h, (__u8)(~XT_DSCP_MASK),
		68	dinfo->dscp << XT_DSCP_SHIFT);
		69	}
		70	return XT_CONTINUE;
		71	}
		72
		73	static int checkentry(const char *tablename,
		74	const void *e_void,
		75	const struct xt_target *target,
		76	void *targinfo,
		77	unsigned int targinfosize,
		78	unsigned int hook_mask)
		79	{
		80	const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
		81
		82	if ((dscp > XT_DSCP_MAX)) {
		83	printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
		84	return 0;
		85	}
		86	return 1;
		87	}
		88
		89	static struct xt_target xt_dscp_reg = {
		90	.name = "DSCP",
		91	.target = target,
		92	.targetsize = sizeof(struct xt_DSCP_info),
		93	.table = "mangle",
		94	.checkentry = checkentry,
		95	.family = AF_INET,
		96	.me = THIS_MODULE,
		97	};
		98
		99	static struct xt_target xt_dscp6_reg = {
		100	.name = "DSCP",
		101	.target = target6,
		102	.targetsize = sizeof(struct xt_DSCP_info),
		103	.table = "mangle",
		104	.checkentry = checkentry,
		105	.family = AF_INET6,
		106	.me = THIS_MODULE,
		107	};
		108
		109	static int __init xt_dscp_target_init(void)
		110	{
		111	int ret;
		112	ret = xt_register_target(&xt_dscp_reg);
		113	if (ret)
		114	return ret;
		115
		116	ret = xt_register_target(&xt_dscp6_reg);
		117	if (ret)
		118	xt_unregister_target(&xt_dscp_reg);
		119
		120	return ret;
		121	}
		122
		123	static void __exit xt_dscp_target_fini(void)
		124	{
		125	xt_unregister_target(&xt_dscp_reg);
		126	xt_unregister_target(&xt_dscp6_reg);
		127	}
		128
		129	module_init(xt_dscp_target_init);
		130	module_exit(xt_dscp_target_fini);