aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>2006-08-22 03:30:26 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 17:55:22 -0400
commita468701db58a8b3e08e3f55fa6ac66db42014922 (patch)
tree7b4b0fe62a7d15eae25b3013fd3ecaf13bce5028 /net
parent9ba1627617d396135a4d679542a3623d5819e628 (diff)
[NETFILTER]: x_tables: replace IPv4 DSCP target by address family independent version
This replaces IPv4 DSCP target by address family independent version. This also - utilizes dsfield.h to get/mangle DS field in IPv4/IPv6 header - fixes Kconfig help text. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/Kconfig11
-rw-r--r--net/ipv4/netfilter/Makefile1
-rw-r--r--net/ipv4/netfilter/ipt_DSCP.c96
-rw-r--r--net/netfilter/Kconfig12
-rw-r--r--net/netfilter/Makefile1
-rw-r--r--net/netfilter/xt_DSCP.c130
6 files changed, 143 insertions, 108 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index d88d71d1ce0d..a55b8ff70ded 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -557,17 +557,6 @@ config IP_NF_TARGET_ECN
557 557
558 To compile it as a module, choose M here. If unsure, say N. 558 To compile it as a module, choose M here. If unsure, say N.
559 559
560config IP_NF_TARGET_DSCP
561 tristate "DSCP target support"
562 depends on IP_NF_MANGLE
563 help
564 This option adds a `DSCP' match, which allows you to match against
565 the IPv4 header DSCP field (DSCP codepoint).
566
567 The DSCP codepoint can have any value between 0x0 and 0x4f.
568
569 To compile it as a module, choose M here. If unsure, say N.
570
571config IP_NF_TARGET_TTL 560config IP_NF_TARGET_TTL
572 tristate 'TTL target support' 561 tristate 'TTL target support'
573 depends on IP_NF_MANGLE 562 depends on IP_NF_MANGLE
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index b946b0f3ea9d..09aaed1a8063 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -67,7 +67,6 @@ obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
67obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o 67obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
68obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o 68obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
69obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o 69obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
70obj-$(CONFIG_IP_NF_TARGET_DSCP) += ipt_DSCP.o
71obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o 70obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
72obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o 71obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
73obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o 72obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
diff --git a/net/ipv4/netfilter/ipt_DSCP.c b/net/ipv4/netfilter/ipt_DSCP.c
deleted file mode 100644
index c8e971288dfe..000000000000
--- a/net/ipv4/netfilter/ipt_DSCP.c
+++ /dev/null
@@ -1,96 +0,0 @@
1/* iptables module for setting the IPv4 DSCP field, Version 1.8
2 *
3 * (C) 2002 by Harald Welte <laforge@netfilter.org>
4 * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 *
10 * See RFC2474 for a description of the DSCP field within the IP Header.
11 *
12 * ipt_DSCP.c,v 1.8 2002/08/06 18:41:57 laforge Exp
13*/
14
15#include <linux/module.h>
16#include <linux/skbuff.h>
17#include <linux/ip.h>
18#include <net/checksum.h>
19
20#include <linux/netfilter_ipv4/ip_tables.h>
21#include <linux/netfilter_ipv4/ipt_DSCP.h>
22
23MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
24MODULE_DESCRIPTION("iptables DSCP modification module");
25MODULE_LICENSE("GPL");
26
27static unsigned int
28target(struct sk_buff **pskb,
29 const struct net_device *in,
30 const struct net_device *out,
31 unsigned int hooknum,
32 const struct xt_target *target,
33 const void *targinfo,
34 void *userinfo)
35{
36 const struct ipt_DSCP_info *dinfo = targinfo;
37 u_int8_t sh_dscp = ((dinfo->dscp << IPT_DSCP_SHIFT) & IPT_DSCP_MASK);
38
39
40 if (((*pskb)->nh.iph->tos & IPT_DSCP_MASK) != sh_dscp) {
41 u_int16_t diffs[2];
42
43 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
44 return NF_DROP;
45
46 diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF;
47 (*pskb)->nh.iph->tos = ((*pskb)->nh.iph->tos & ~IPT_DSCP_MASK)
48 | sh_dscp;
49 diffs[1] = htons((*pskb)->nh.iph->tos);
50 (*pskb)->nh.iph->check
51 = csum_fold(csum_partial((char *)diffs,
52 sizeof(diffs),
53 (*pskb)->nh.iph->check
54 ^ 0xFFFF));
55 }
56 return IPT_CONTINUE;
57}
58
59static int
60checkentry(const char *tablename,
61 const void *e_void,
62 const struct xt_target *target,
63 void *targinfo,
64 unsigned int targinfosize,
65 unsigned int hook_mask)
66{
67 const u_int8_t dscp = ((struct ipt_DSCP_info *)targinfo)->dscp;
68
69 if ((dscp > IPT_DSCP_MAX)) {
70 printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
71 return 0;
72 }
73 return 1;
74}
75
76static struct ipt_target ipt_dscp_reg = {
77 .name = "DSCP",
78 .target = target,
79 .targetsize = sizeof(struct ipt_DSCP_info),
80 .table = "mangle",
81 .checkentry = checkentry,
82 .me = THIS_MODULE,
83};
84
85static int __init ipt_dscp_init(void)
86{
87 return ipt_register_target(&ipt_dscp_reg);
88}
89
90static void __exit ipt_dscp_fini(void)
91{
92 ipt_unregister_target(&ipt_dscp_reg);
93}
94
95module_init(ipt_dscp_init);
96module_exit(ipt_dscp_fini);
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index f781405f5d65..0a28d2c5c44f 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -148,6 +148,18 @@ config NETFILTER_XT_TARGET_CONNMARK
148 <file:Documentation/modules.txt>. The module will be called 148 <file:Documentation/modules.txt>. The module will be called
149 ipt_CONNMARK.o. If unsure, say `N'. 149 ipt_CONNMARK.o. If unsure, say `N'.
150 150
151config NETFILTER_XT_TARGET_DSCP
152 tristate '"DSCP" target support'
153 depends on NETFILTER_XTABLES
154 depends on IP_NF_MANGLE || IP6_NF_MANGLE
155 help
156 This option adds a `DSCP' target, which allows you to manipulate
157 the IPv4/IPv6 header DSCP field (differentiated services codepoint).
158
159 The DSCP field can have any value between 0x0 and 0x3f inclusive.
160
161 To compile it as a module, choose M here. If unsure, say N.
162
151config NETFILTER_XT_TARGET_MARK 163config NETFILTER_XT_TARGET_MARK
152 tristate '"MARK" target support' 164 tristate '"MARK" target support'
153 depends on NETFILTER_XTABLES 165 depends on NETFILTER_XTABLES
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 0b8a70c1df46..a74be492fd0a 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -25,6 +25,7 @@ obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
25# targets 25# targets
26obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o 26obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
27obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o 27obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
28obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
28obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o 29obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
29obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o 30obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
30obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o 31obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o
diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c
new file mode 100644
index 000000000000..79df8165cd79
--- /dev/null
+++ b/net/netfilter/xt_DSCP.c
@@ -0,0 +1,130 @@
1/* x_tables module for setting the IPv4/IPv6 DSCP field, Version 1.8
2 *
3 * (C) 2002 by Harald Welte <laforge@netfilter.org>
4 * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2 as
8 * published by the Free Software Foundation.
9 *
10 * See RFC2474 for a description of the DSCP field within the IP Header.
11 *
12 * xt_DSCP.c,v 1.8 2002/08/06 18:41:57 laforge Exp
13*/
14
15#include <linux/module.h>
16#include <linux/skbuff.h>
17#include <linux/ip.h>
18#include <linux/ipv6.h>
19#include <net/dsfield.h>
20
21#include <linux/netfilter/x_tables.h>
22#include <linux/netfilter/xt_DSCP.h>
23
24MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
25MODULE_DESCRIPTION("x_tables DSCP modification module");
26MODULE_LICENSE("GPL");
27MODULE_ALIAS("ipt_DSCP");
28MODULE_ALIAS("ip6t_DSCP");
29
30static unsigned int target(struct sk_buff **pskb,
31 const struct net_device *in,
32 const struct net_device *out,
33 unsigned int hooknum,
34 const struct xt_target *target,
35 const void *targinfo,
36 void *userinfo)
37{
38 const struct xt_DSCP_info *dinfo = targinfo;
39 u_int8_t dscp = ipv4_get_dsfield((*pskb)->nh.iph) >> XT_DSCP_SHIFT;
40
41 if (dscp != dinfo->dscp) {
42 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
43 return NF_DROP;
44
45 ipv4_change_dsfield((*pskb)->nh.iph, (__u8)(~XT_DSCP_MASK),
46 dinfo->dscp << XT_DSCP_SHIFT);
47
48 }
49 return XT_CONTINUE;
50}
51
52static unsigned int target6(struct sk_buff **pskb,
53 const struct net_device *in,
54 const struct net_device *out,
55 unsigned int hooknum,
56 const struct xt_target *target,
57 const void *targinfo,
58 void *userinfo)
59{
60 const struct xt_DSCP_info *dinfo = targinfo;
61 u_int8_t dscp = ipv6_get_dsfield((*pskb)->nh.ipv6h) >> XT_DSCP_SHIFT;
62
63 if (dscp != dinfo->dscp) {
64 if (!skb_make_writable(pskb, sizeof(struct ipv6hdr)))
65 return NF_DROP;
66
67 ipv6_change_dsfield((*pskb)->nh.ipv6h, (__u8)(~XT_DSCP_MASK),
68 dinfo->dscp << XT_DSCP_SHIFT);
69 }
70 return XT_CONTINUE;
71}
72
73static int checkentry(const char *tablename,
74 const void *e_void,
75 const struct xt_target *target,
76 void *targinfo,
77 unsigned int targinfosize,
78 unsigned int hook_mask)
79{
80 const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
81
82 if ((dscp > XT_DSCP_MAX)) {
83 printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
84 return 0;
85 }
86 return 1;
87}
88
89static struct xt_target xt_dscp_reg = {
90 .name = "DSCP",
91 .target = target,
92 .targetsize = sizeof(struct xt_DSCP_info),
93 .table = "mangle",
94 .checkentry = checkentry,
95 .family = AF_INET,
96 .me = THIS_MODULE,
97};
98
99static struct xt_target xt_dscp6_reg = {
100 .name = "DSCP",
101 .target = target6,
102 .targetsize = sizeof(struct xt_DSCP_info),
103 .table = "mangle",
104 .checkentry = checkentry,
105 .family = AF_INET6,
106 .me = THIS_MODULE,
107};
108
109static int __init xt_dscp_target_init(void)
110{
111 int ret;
112 ret = xt_register_target(&xt_dscp_reg);
113 if (ret)
114 return ret;
115
116 ret = xt_register_target(&xt_dscp6_reg);
117 if (ret)
118 xt_unregister_target(&xt_dscp_reg);
119
120 return ret;
121}
122
123static void __exit xt_dscp_target_fini(void)
124{
125 xt_unregister_target(&xt_dscp_reg);
126 xt_unregister_target(&xt_dscp6_reg);
127}
128
129module_init(xt_dscp_target_init);
130module_exit(xt_dscp_target_fini);