[NETFILTER]: x_tables: replace IPv4 dscp match by address family independent version

This replaces IPv4 dscp match by address family independent version. This also - utilizes dsfield.h to get the DS field in IPv4/IPv6 header, and - checks for the DSCP value from user space. - fixes Kconfig help text. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> 2006-08-22 03:29:37 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-22 17:55:21 -0400
commit: 9ba1627617d396135a4d679542a3623d5819e628 (patch)
tree: 4a0a72bca0e4a6ad91ae89b572ac58a074ba4eab /net/ipv4
parent: 131852176c1f5b4350b4af811d1836db387d0c61 (diff)
3 files changed, 0 insertions, 66 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index ef0b5aac58..d88d71d1ce 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -278,17 +278,6 @@ config IP_NF_MATCH_ECN
          To compile it as a module, choose M here.  If unsure, say N.
-config IP_NF_MATCH_DSCP
-        tristate "DSCP match support"
-        depends on IP_NF_IPTABLES
-        help
-          This option adds a `DSCP' match, which allows you to match against
-          the IPv4 header DSCP field (DSCP codepoint).
-          The DSCP codepoint can have any value between 0x0 and 0x4f.
-          To compile it as a module, choose M here.  If unsure, say N.
 config IP_NF_MATCH_AH
        tristate "AH match support"
        depends on IP_NF_IPTABLES
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 3ded4a3af5..b946b0f3ea 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -59,7 +59,6 @@ obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o
 obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o
 obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
 obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
-obj-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp.o
 obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
 obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
 obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
diff --git a/net/ipv4/netfilter/ipt_dscp.c b/net/ipv4/netfilter/ipt_dscp.c
deleted file mode 100644
index 47177591ae..0000000000
--- a/net/ipv4/netfilter/ipt_dscp.c
+++ /dev/null
@@ -1,54 +0,0 @@
-/* IP tables module for matching the value of the IPv4 DSCP field
- *
- * ipt_dscp.c,v 1.3 2002/08/05 19:00:21 laforge Exp
- *
- * (C) 2002 by Harald Welte <laforge@netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/netfilter_ipv4/ipt_dscp.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
-MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
-MODULE_DESCRIPTION("iptables DSCP matching module");
-MODULE_LICENSE("GPL");
-static int match(const struct sk_buff *skb,
-                 const struct net_device *in, const struct net_device *out,
-                 const struct xt_match *match, const void *matchinfo,
-                 int offset, unsigned int protoff, int *hotdrop)
-{
-        const struct ipt_dscp_info *info = matchinfo;
-        const struct iphdr *iph = skb->nh.iph;
-        u_int8_t sh_dscp = ((info->dscp << IPT_DSCP_SHIFT) & IPT_DSCP_MASK);
-        return ((iph->tos&IPT_DSCP_MASK) == sh_dscp) ^ info->invert;
-}
-static struct ipt_match dscp_match = {
-        .name           = "dscp",
-        .match          = match,
-        .matchsize      = sizeof(struct ipt_dscp_info),
-        .me             = THIS_MODULE,
-};
-static int __init ipt_dscp_init(void)
-{
-        return ipt_register_match(&dscp_match);
-}
-static void __exit ipt_dscp_fini(void)
-{
-        ipt_unregister_match(&dscp_match);
-}
-module_init(ipt_dscp_init);
-module_exit(ipt_dscp_fini);
author	Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>	2006-08-22 03:29:37 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-22 17:55:21 -0400
commit	9ba1627617d396135a4d679542a3623d5819e628 (patch)
tree	4a0a72bca0e4a6ad91ae89b572ac58a074ba4eab /net/ipv4
parent	131852176c1f5b4350b4af811d1836db387d0c61 (diff)

diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index ef0b5aac58..d88d71d1ce 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig
@@ -278,17 +278,6 @@ config IP_NF_MATCH_ECN
278		278
279	To compile it as a module, choose M here. If unsure, say N.	279	To compile it as a module, choose M here. If unsure, say N.
280		280
281	config IP_NF_MATCH_DSCP
282	tristate "DSCP match support"
283	depends on IP_NF_IPTABLES
284	help
285	This option adds a `DSCP' match, which allows you to match against
286	the IPv4 header DSCP field (DSCP codepoint).
287
288	The DSCP codepoint can have any value between 0x0 and 0x4f.
289
290	To compile it as a module, choose M here. If unsure, say N.
291
292	config IP_NF_MATCH_AH	281	config IP_NF_MATCH_AH
293	tristate "AH match support"	282	tristate "AH match support"
294	depends on IP_NF_IPTABLES	283	depends on IP_NF_IPTABLES


diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 3ded4a3af5..b946b0f3ea 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile
@@ -59,7 +59,6 @@ obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o
59	obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o	59	obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o
60	obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o	60	obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
61	obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o	61	obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
62	obj-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp.o
63	obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o	62	obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
64	obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o	63	obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
65	obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o	64	obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o


diff --git a/net/ipv4/netfilter/ipt_dscp.c b/net/ipv4/netfilter/ipt_dscp.c deleted file mode 100644 index 47177591ae..0000000000 --- a/net/ipv4/netfilter/ipt_dscp.c +++ /dev/null
@@ -1,54 +0,0 @@
1	/* IP tables module for matching the value of the IPv4 DSCP field
2	*
3	* ipt_dscp.c,v 1.3 2002/08/05 19:00:21 laforge Exp
4	*
5	* (C) 2002 by Harald Welte <laforge@netfilter.org>
6	*
7	* This program is free software; you can redistribute it and/or modify
8	* it under the terms of the GNU General Public License version 2 as
9	* published by the Free Software Foundation.
10	*/
11
12	#include <linux/module.h>
13	#include <linux/skbuff.h>
14
15	#include <linux/netfilter_ipv4/ipt_dscp.h>
16	#include <linux/netfilter_ipv4/ip_tables.h>
17
18	MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
19	MODULE_DESCRIPTION("iptables DSCP matching module");
20	MODULE_LICENSE("GPL");
21
22	static int match(const struct sk_buff *skb,
23	const struct net_device in, const struct net_device out,
24	const struct xt_match match, const void matchinfo,
25	int offset, unsigned int protoff, int *hotdrop)
26	{
27	const struct ipt_dscp_info *info = matchinfo;
28	const struct iphdr *iph = skb->nh.iph;
29
30	u_int8_t sh_dscp = ((info->dscp << IPT_DSCP_SHIFT) & IPT_DSCP_MASK);
31
32	return ((iph->tos&IPT_DSCP_MASK) == sh_dscp) ^ info->invert;
33	}
34
35	static struct ipt_match dscp_match = {
36	.name = "dscp",
37	.match = match,
38	.matchsize = sizeof(struct ipt_dscp_info),
39	.me = THIS_MODULE,
40	};
41
42	static int __init ipt_dscp_init(void)
43	{
44	return ipt_register_match(&dscp_match);
45	}
46
47	static void __exit ipt_dscp_fini(void)
48	{
49	ipt_unregister_match(&dscp_match);
50
51	}
52
53	module_init(ipt_dscp_init);
54	module_exit(ipt_dscp_fini);