diff options
| author | Jan Engelhardt <jengelh@computergmbh.de> | 2007-12-05 02:38:13 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:55:59 -0500 |
| commit | c9fd49680954714473d6cbd2546d6ff120f96840 (patch) | |
| tree | e848220ea1a3133cb16ec9eb5dbe49cf29e70474 | |
| parent | c3b33e6a2cdefba38d83442ebae2ee42e853ea51 (diff) | |
[NETFILTER]: Merge ipt_TOS into xt_DSCP
Merge ipt_TOS into xt_DSCP.
Merge ipt_TOS (tos v0 target) into xt_DSCP. They both modify the same
field in the IPv4 header, so it seems reasonable to keep them in one
piece. This is part two of the implicit 4-patch series to move tos to
xtables and extend it by IPv6.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/ipv4/netfilter/Kconfig | 10 | ||||
| -rw-r--r-- | net/ipv4/netfilter/Makefile | 1 | ||||
| -rw-r--r-- | net/netfilter/Kconfig | 6 | ||||
| -rw-r--r-- | net/netfilter/xt_DSCP.c | 51 |
4 files changed, 56 insertions, 12 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 232817c828c9..b11231df62c9 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
| @@ -293,16 +293,6 @@ config IP_NF_MANGLE | |||
| 293 | 293 | ||
| 294 | To compile it as a module, choose M here. If unsure, say N. | 294 | To compile it as a module, choose M here. If unsure, say N. |
| 295 | 295 | ||
| 296 | config IP_NF_TARGET_TOS | ||
| 297 | tristate "TOS target support" | ||
| 298 | depends on IP_NF_MANGLE | ||
| 299 | help | ||
| 300 | This option adds a `TOS' target, which allows you to create rules in | ||
| 301 | the `mangle' table which alter the Type Of Service field of an IP | ||
| 302 | packet prior to routing. | ||
| 303 | |||
| 304 | To compile it as a module, choose M here. If unsure, say N. | ||
| 305 | |||
| 306 | config IP_NF_TARGET_ECN | 296 | config IP_NF_TARGET_ECN |
| 307 | tristate "ECN target support" | 297 | tristate "ECN target support" |
| 308 | depends on IP_NF_MANGLE | 298 | depends on IP_NF_MANGLE |
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 00c19c74ce77..2fc05619f919 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile | |||
| @@ -57,7 +57,6 @@ obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o | |||
| 57 | obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o | 57 | obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o |
| 58 | obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o | 58 | obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o |
| 59 | obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o | 59 | obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o |
| 60 | obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o | ||
| 61 | obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o | 60 | obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o |
| 62 | obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o | 61 | obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o |
| 63 | 62 | ||
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 1804916e95f1..9c82d4cc86bf 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
| @@ -293,7 +293,7 @@ config NETFILTER_XT_TARGET_CONNMARK | |||
| 293 | ipt_CONNMARK.ko. If unsure, say `N'. | 293 | ipt_CONNMARK.ko. If unsure, say `N'. |
| 294 | 294 | ||
| 295 | config NETFILTER_XT_TARGET_DSCP | 295 | config NETFILTER_XT_TARGET_DSCP |
| 296 | tristate '"DSCP" target support' | 296 | tristate '"DSCP" and "TOS" target support' |
| 297 | depends on NETFILTER_XTABLES | 297 | depends on NETFILTER_XTABLES |
| 298 | depends on IP_NF_MANGLE || IP6_NF_MANGLE | 298 | depends on IP_NF_MANGLE || IP6_NF_MANGLE |
| 299 | help | 299 | help |
| @@ -302,6 +302,10 @@ config NETFILTER_XT_TARGET_DSCP | |||
| 302 | 302 | ||
| 303 | The DSCP field can have any value between 0x0 and 0x3f inclusive. | 303 | The DSCP field can have any value between 0x0 and 0x3f inclusive. |
| 304 | 304 | ||
| 305 | It also adds the "TOS" target, which allows you to create rules in | ||
| 306 | the "mangle" table which alter the Type Of Service field of an IPv4 | ||
| 307 | packet prior to routing. | ||
| 308 | |||
| 305 | To compile it as a module, choose M here. If unsure, say N. | 309 | To compile it as a module, choose M here. If unsure, say N. |
| 306 | 310 | ||
| 307 | config NETFILTER_XT_TARGET_MARK | 311 | config NETFILTER_XT_TARGET_MARK |
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index 188235587979..40a4f1d71916 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c | |||
| @@ -18,12 +18,14 @@ | |||
| 18 | 18 | ||
| 19 | #include <linux/netfilter/x_tables.h> | 19 | #include <linux/netfilter/x_tables.h> |
| 20 | #include <linux/netfilter/xt_DSCP.h> | 20 | #include <linux/netfilter/xt_DSCP.h> |
| 21 | #include <linux/netfilter_ipv4/ipt_TOS.h> | ||
| 21 | 22 | ||
| 22 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | 23 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); |
| 23 | MODULE_DESCRIPTION("x_tables DSCP modification module"); | 24 | MODULE_DESCRIPTION("x_tables DSCP modification module"); |
| 24 | MODULE_LICENSE("GPL"); | 25 | MODULE_LICENSE("GPL"); |
| 25 | MODULE_ALIAS("ipt_DSCP"); | 26 | MODULE_ALIAS("ipt_DSCP"); |
| 26 | MODULE_ALIAS("ip6t_DSCP"); | 27 | MODULE_ALIAS("ip6t_DSCP"); |
| 28 | MODULE_ALIAS("ipt_TOS"); | ||
| 27 | 29 | ||
| 28 | static unsigned int | 30 | static unsigned int |
| 29 | dscp_tg(struct sk_buff *skb, const struct net_device *in, | 31 | dscp_tg(struct sk_buff *skb, const struct net_device *in, |
| @@ -76,6 +78,45 @@ dscp_tg_check(const char *tablename, const void *e_void, | |||
| 76 | return true; | 78 | return true; |
| 77 | } | 79 | } |
| 78 | 80 | ||
| 81 | static unsigned int | ||
| 82 | tos_tg_v0(struct sk_buff *skb, const struct net_device *in, | ||
| 83 | const struct net_device *out, unsigned int hooknum, | ||
| 84 | const struct xt_target *target, const void *targinfo) | ||
| 85 | { | ||
| 86 | const struct ipt_tos_target_info *info = targinfo; | ||
| 87 | struct iphdr *iph = ip_hdr(skb); | ||
| 88 | u_int8_t oldtos; | ||
| 89 | |||
| 90 | if ((iph->tos & IPTOS_TOS_MASK) != info->tos) { | ||
| 91 | if (!skb_make_writable(skb, sizeof(struct iphdr))) | ||
| 92 | return NF_DROP; | ||
| 93 | |||
| 94 | iph = ip_hdr(skb); | ||
| 95 | oldtos = iph->tos; | ||
| 96 | iph->tos = (iph->tos & IPTOS_PREC_MASK) | info->tos; | ||
| 97 | csum_replace2(&iph->check, htons(oldtos), htons(iph->tos)); | ||
| 98 | } | ||
| 99 | |||
| 100 | return XT_CONTINUE; | ||
| 101 | } | ||
| 102 | |||
| 103 | static bool | ||
| 104 | tos_tg_check_v0(const char *tablename, const void *e_void, | ||
| 105 | const struct xt_target *target, void *targinfo, | ||
| 106 | unsigned int hook_mask) | ||
| 107 | { | ||
| 108 | const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos; | ||
| 109 | |||
| 110 | if (tos != IPTOS_LOWDELAY && tos != IPTOS_THROUGHPUT && | ||
| 111 | tos != IPTOS_RELIABILITY && tos != IPTOS_MINCOST && | ||
| 112 | tos != IPTOS_NORMALSVC) { | ||
| 113 | printk(KERN_WARNING "TOS: bad tos value %#x\n", tos); | ||
| 114 | return false; | ||
| 115 | } | ||
| 116 | |||
| 117 | return true; | ||
| 118 | } | ||
| 119 | |||
| 79 | static struct xt_target dscp_tg_reg[] __read_mostly = { | 120 | static struct xt_target dscp_tg_reg[] __read_mostly = { |
| 80 | { | 121 | { |
| 81 | .name = "DSCP", | 122 | .name = "DSCP", |
| @@ -95,6 +136,16 @@ static struct xt_target dscp_tg_reg[] __read_mostly = { | |||
| 95 | .table = "mangle", | 136 | .table = "mangle", |
| 96 | .me = THIS_MODULE, | 137 | .me = THIS_MODULE, |
| 97 | }, | 138 | }, |
| 139 | { | ||
| 140 | .name = "TOS", | ||
| 141 | .revision = 0, | ||
| 142 | .family = AF_INET, | ||
| 143 | .table = "mangle", | ||
| 144 | .target = tos_tg_v0, | ||
| 145 | .targetsize = sizeof(struct ipt_tos_target_info), | ||
| 146 | .checkentry = tos_tg_check_v0, | ||
| 147 | .me = THIS_MODULE, | ||
| 148 | }, | ||
| 98 | }; | 149 | }; |
| 99 | 150 | ||
| 100 | static int __init dscp_tg_init(void) | 151 | static int __init dscp_tg_init(void) |