aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@computergmbh.de>2007-12-05 02:37:54 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:55:58 -0500
commitc3b33e6a2cdefba38d83442ebae2ee42e853ea51 (patch)
tree94035811ab565178e10b7db09b489f7d40dad37b /net
parent3c3f486603438130b93b33acd92db0f994ec3e55 (diff)
[NETFILTER]: Merge ipt_tos into xt_dscp
Merge ipt_tos into xt_dscp. Merge ipt_tos (tos v0 match) into xt_dscp. They both match on the same field in the IPv4 header, so it seems reasonable to keep them in one piece. This is part one of the implicit 4-patch series to move tos to xtables and extend it by IPv6. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/Kconfig9
-rw-r--r--net/ipv4/netfilter/Makefile1
-rw-r--r--net/ipv4/netfilter/ipt_tos.c50
-rw-r--r--net/netfilter/Kconfig6
-rw-r--r--net/netfilter/xt_dscp.c24
5 files changed, 27 insertions, 63 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 244e91daf04e..232817c828c9 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -63,15 +63,6 @@ config IP_NF_MATCH_IPRANGE
63 63
64 To compile it as a module, choose M here. If unsure, say N. 64 To compile it as a module, choose M here. If unsure, say N.
65 65
66config IP_NF_MATCH_TOS
67 tristate "TOS match support"
68 depends on IP_NF_IPTABLES
69 help
70 TOS matching allows you to match packets based on the Type Of
71 Service fields of the IP packet.
72
73 To compile it as a module, choose M here. If unsure, say N.
74
75config IP_NF_MATCH_RECENT 66config IP_NF_MATCH_RECENT
76 tristate '"recent" match support' 67 tristate '"recent" match support'
77 depends on IP_NF_IPTABLES 68 depends on IP_NF_IPTABLES
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 42199e93b86c..00c19c74ce77 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -46,7 +46,6 @@ obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
46obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o 46obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
47obj-$(CONFIG_IP_NF_MATCH_IPRANGE) += ipt_iprange.o 47obj-$(CONFIG_IP_NF_MATCH_IPRANGE) += ipt_iprange.o
48obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o 48obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
49obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o
50obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o 49obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
51 50
52# targets 51# targets
diff --git a/net/ipv4/netfilter/ipt_tos.c b/net/ipv4/netfilter/ipt_tos.c
deleted file mode 100644
index 7d6086825840..000000000000
--- a/net/ipv4/netfilter/ipt_tos.c
+++ /dev/null
@@ -1,50 +0,0 @@
1/* Kernel module to match TOS values. */
2
3/* (C) 1999-2001 Paul `Rusty' Russell
4 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 */
10
11#include <linux/ip.h>
12#include <linux/module.h>
13#include <linux/skbuff.h>
14
15#include <linux/netfilter_ipv4/ipt_tos.h>
16#include <linux/netfilter/x_tables.h>
17
18MODULE_LICENSE("GPL");
19MODULE_DESCRIPTION("iptables TOS match module");
20
21static bool
22tos_mt(const struct sk_buff *skb, const struct net_device *in,
23 const struct net_device *out, const struct xt_match *match,
24 const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
25{
26 const struct ipt_tos_info *info = matchinfo;
27
28 return (ip_hdr(skb)->tos == info->tos) ^ info->invert;
29}
30
31static struct xt_match tos_mt_reg __read_mostly = {
32 .name = "tos",
33 .family = AF_INET,
34 .match = tos_mt,
35 .matchsize = sizeof(struct ipt_tos_info),
36 .me = THIS_MODULE,
37};
38
39static int __init tos_mt_init(void)
40{
41 return xt_register_match(&tos_mt_reg);
42}
43
44static void __exit tos_mt_exit(void)
45{
46 xt_unregister_match(&tos_mt_reg);
47}
48
49module_init(tos_mt_init);
50module_exit(tos_mt_exit);
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index d220607cc037..1804916e95f1 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -487,7 +487,7 @@ config NETFILTER_XT_MATCH_DCCP
487 <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. 487 <file:Documentation/kbuild/modules.txt>. If unsure, say `N'.
488 488
489config NETFILTER_XT_MATCH_DSCP 489config NETFILTER_XT_MATCH_DSCP
490 tristate '"dscp" match support' 490 tristate '"dscp" and "tos" match support'
491 depends on NETFILTER_XTABLES 491 depends on NETFILTER_XTABLES
492 help 492 help
493 This option adds a `DSCP' match, which allows you to match against 493 This option adds a `DSCP' match, which allows you to match against
@@ -495,6 +495,10 @@ config NETFILTER_XT_MATCH_DSCP
495 495
496 The DSCP field can have any value between 0x0 and 0x3f inclusive. 496 The DSCP field can have any value between 0x0 and 0x3f inclusive.
497 497
498 It will also add a "tos" match, which allows you to match packets
499 based on the Type Of Service fields of the IPv4 packet (which share
500 the same bits as DSCP).
501
498 To compile it as a module, choose M here. If unsure, say N. 502 To compile it as a module, choose M here. If unsure, say N.
499 503
500config NETFILTER_XT_MATCH_ESP 504config NETFILTER_XT_MATCH_ESP
diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c
index 63f7354ca9aa..75b0df990d4f 100644
--- a/net/netfilter/xt_dscp.c
+++ b/net/netfilter/xt_dscp.c
@@ -13,14 +13,16 @@
13#include <linux/ipv6.h> 13#include <linux/ipv6.h>
14#include <net/dsfield.h> 14#include <net/dsfield.h>
15 15
16#include <linux/netfilter/xt_dscp.h>
17#include <linux/netfilter/x_tables.h> 16#include <linux/netfilter/x_tables.h>
17#include <linux/netfilter/xt_dscp.h>
18#include <linux/netfilter_ipv4/ipt_tos.h>
18 19
19MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 20MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
20MODULE_DESCRIPTION("x_tables DSCP matching module"); 21MODULE_DESCRIPTION("x_tables DSCP/tos matching module");
21MODULE_LICENSE("GPL"); 22MODULE_LICENSE("GPL");
22MODULE_ALIAS("ipt_dscp"); 23MODULE_ALIAS("ipt_dscp");
23MODULE_ALIAS("ip6t_dscp"); 24MODULE_ALIAS("ip6t_dscp");
25MODULE_ALIAS("ipt_tos");
24 26
25static bool 27static bool
26dscp_mt(const struct sk_buff *skb, const struct net_device *in, 28dscp_mt(const struct sk_buff *skb, const struct net_device *in,
@@ -60,6 +62,16 @@ dscp_mt_check(const char *tablename, const void *info,
60 return true; 62 return true;
61} 63}
62 64
65static bool tos_mt_v0(const struct sk_buff *skb, const struct net_device *in,
66 const struct net_device *out,
67 const struct xt_match *match, const void *matchinfo,
68 int offset, unsigned int protoff, bool *hotdrop)
69{
70 const struct ipt_tos_info *info = matchinfo;
71
72 return (ip_hdr(skb)->tos == info->tos) ^ info->invert;
73}
74
63static struct xt_match dscp_mt_reg[] __read_mostly = { 75static struct xt_match dscp_mt_reg[] __read_mostly = {
64 { 76 {
65 .name = "dscp", 77 .name = "dscp",
@@ -77,6 +89,14 @@ static struct xt_match dscp_mt_reg[] __read_mostly = {
77 .matchsize = sizeof(struct xt_dscp_info), 89 .matchsize = sizeof(struct xt_dscp_info),
78 .me = THIS_MODULE, 90 .me = THIS_MODULE,
79 }, 91 },
92 {
93 .name = "tos",
94 .revision = 0,
95 .family = AF_INET,
96 .match = tos_mt_v0,
97 .matchsize = sizeof(struct ipt_tos_info),
98 .me = THIS_MODULE,
99 },
80}; 100};
81 101
82static int __init dscp_mt_init(void) 102static int __init dscp_mt_init(void)
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-23 23:37:53 -0500