netfilter: add xt_hmark target for hash-based skb marking

The target allows you to create rules in the "raw" and "mangle" tables
which set the skbuff mark by means of hash calculation within a given
range. The nfmark can influence the routing method (see "Use netfilter
MARK value as routing key") and can also be used by other subsystems to
change their behaviour.

[ Part of this patch has been refactorized and modified by Pablo Neira Ayuso ]

Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 45 insertions, 0 deletions

diff --git a/include/linux/netfilter/xt_HMARK.h b/include/linux/netfilter/xt_HMARK.h
new file mode 100644
index 000000000000..abb1650940d2
--- /dev/null
+++ b/include/linux/netfilter/xt_HMARK.h
@@ -0,0 +1,45 @@
+#ifndef XT_HMARK_H_
+#define XT_HMARK_H_
+
+#include <linux/types.h>
+
+enum {
+        XT_HMARK_SADDR_MASK,
+        XT_HMARK_DADDR_MASK,
+        XT_HMARK_SPI,
+        XT_HMARK_SPI_MASK,
+        XT_HMARK_SPORT,
+        XT_HMARK_DPORT,
+        XT_HMARK_SPORT_MASK,
+        XT_HMARK_DPORT_MASK,
+        XT_HMARK_PROTO_MASK,
+        XT_HMARK_RND,
+        XT_HMARK_MODULUS,
+        XT_HMARK_OFFSET,
+        XT_HMARK_CT,
+        XT_HMARK_METHOD_L3,
+        XT_HMARK_METHOD_L3_4,
+};
+#define XT_HMARK_FLAG(flag)     (1 << flag)
+
+union hmark_ports {
+        struct {
+                __u16   src;
+                __u16   dst;
+        } p16;
+        __u32   v32;
+};
+
+struct xt_hmark_info {
+        union nf_inet_addr      src_mask;
+        union nf_inet_addr      dst_mask;
+        union hmark_ports       port_mask;
+        union hmark_ports       port_set;
+        __u32                   flags;
+        __u16                   proto_mask;
+        __u32                   hashrnd;
+        __u32                   hmodulus;
+        __u32                   hoffset;        /* Mark offset to start from */
+};
+
+#endif /* XT_HMARK_H_ */