[packages/kernel.git] / kernel-pom-ng-IPMARK.patch

diff -NurpP --minimal linux-2.6.21.a/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-2.6.21.b/include/linux/netfilter_ipv4/ipt_IPMARK.h
--- linux-2.6.21.a/include/linux/netfilter_ipv4/ipt_IPMARK.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.21.b/include/linux/netfilter_ipv4/ipt_IPMARK.h	2007-05-30 12:01:20.000000000 +0200
@@ -0,0 +1,13 @@
+#ifndef _IPT_IPMARK_H_target
+#define _IPT_IPMARK_H_target
+
+struct ipt_ipmark_target_info {
+	unsigned long andmask;
+	unsigned long ormask;
+	unsigned char addr;
+};
+
+#define IPT_IPMARK_SRC    0
+#define IPT_IPMARK_DST    1
+
+#endif /*_IPT_IPMARK_H_target*/
diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Kconfig linux-2.6.21.b/net/ipv4/netfilter/Kconfig
--- linux-2.6.21.a/net/ipv4/netfilter/Kconfig	2007-05-30 12:01:03.000000000 +0200
+++ linux-2.6.21.b/net/ipv4/netfilter/Kconfig	2007-05-30 12:01:20.000000000 +0200
@@ -893,5 +893,23 @@ config IP_NF_RSH
 	  If you want to compile it as a module, say M here and read
 	  <file:Documentation/modules.txt>.  If unsure, say `N'.
 
+config IP_NF_TARGET_IPMARK
+	tristate  'IPMARK target support'
+	depends on IP_NF_MANGLE
+	help
+	  This option adds a `IPMARK' target, which allows you to create rules
+	  in the `mangle' table which alter the netfilter mark field basing
+	  on the source or destination ip address of the packet.
+	  This is very useful for very fast massive shaping - using only one
+	  rule you can direct packets to houndreds different queues.
+	  You will probably find it helpful only if your linux machine acts as
+	  a shaper for many others computers.
+
+	  If you want to compile it as a module, say M here and read
+	  <file:Documentation/modules.txt>. The module will be called
+	  ipt_IPMARK.o.  If unsure, say `N'.
+
+
+
 endmenu
 
diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Makefile linux-2.6.21.b/net/ipv4/netfilter/Makefile
--- linux-2.6.21.a/net/ipv4/netfilter/Makefile	2007-05-30 12:01:03.000000000 +0200
+++ linux-2.6.21.b/net/ipv4/netfilter/Makefile	2007-05-30 12:01:21.000000000 +0200
@@ -82,6 +82,7 @@
 obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
 obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
 obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
+obj-$(CONFIG_IP_NF_TARGET_IPMARK) += ipt_IPMARK.o
 
 obj-$(CONFIG_IP_NF_MATCH_IPV4OPTIONS) += ipt_ipv4options.o
 
diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/ipt_IPMARK.c linux-2.6.21.b/net/ipv4/netfilter/ipt_IPMARK.c
--- linux-2.6.21.a/net/ipv4/netfilter/ipt_IPMARK.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.21.b/net/ipv4/netfilter/ipt_IPMARK.c	2007-05-30 12:01:21.000000000 +0200
@@ -0,0 +1,125 @@
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/version.h>
+#include <linux/ip.h>
+#include <net/checksum.h>
+
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_IPMARK.h>
+
+MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz@Janoszka.pl>");
+MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address");
+MODULE_LICENSE("GPL");
+
+static unsigned int
+target(struct sk_buff **pskb,
+       const struct net_device *in,
+       const struct net_device *out,
+       unsigned int hooknum,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+       const struct xt_target *target,
+#endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+       const void *targinfo,
+       void *userinfo)
+#else
+       const void *targinfo)
+#endif
+{
+	const struct ipt_ipmark_target_info *ipmarkinfo = targinfo;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
+	struct iphdr *iph = ip_hdr(*pskb);
+#else
+	struct iphdr *iph = (*pskb)->nh.iph;
+#endif
+	unsigned long mark;
+
+	if (ipmarkinfo->addr == IPT_IPMARK_SRC)
+		mark = (unsigned long) ntohl(iph->saddr);
+	else
+		mark = (unsigned long) ntohl(iph->daddr);
+
+	mark &= ipmarkinfo->andmask;
+	mark |= ipmarkinfo->ormask;
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20)
+	if ((*pskb)->nfmark != mark)
+		(*pskb)->nfmark = mark;
+#else
+	if ((*pskb)->mark != mark)
+		(*pskb)->mark = mark;
+#endif
+	return IPT_CONTINUE;
+}
+
+static int
+checkentry(const char *tablename,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
+	   const void *e,
+#else
+	   const struct ipt_entry *e,
+#endif
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+	   const struct xt_target *target,
+#endif
+           void *targinfo,
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+           unsigned int targinfosize,
+#endif
+           unsigned int hook_mask)
+{
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
+	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ipmark_target_info))) {
+		printk(KERN_WARNING "IPMARK: targinfosize %u != %Zu\n",
+		       targinfosize,
+		       IPT_ALIGN(sizeof(struct ipt_ipmark_target_info)));
+		return 0;
+	}
+#endif
+
+	if (strcmp(tablename, "mangle") != 0) {
+		printk(KERN_WARNING "IPMARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
+		return 0;
+	}
+
+	return 1;
+}
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+static struct xt_target ipt_ipmark_reg = {
+#else
+static struct ipt_target ipt_ipmark_reg = { 
+#endif
+	.name		= "IPMARK",
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+	.family		= AF_INET,
+#endif
+	.target		= target,
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
+	.targetsize	= sizeof(struct ipt_ipmark_target_info),
+#endif
+	.checkentry	= checkentry,
+	.me		= THIS_MODULE
+};
+
+static int __init init(void)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+	return xt_register_target(&ipt_ipmark_reg);
+#else
+	return ipt_register_target(&ipt_ipmark_reg);
+#endif
+}
+
+static void __exit fini(void)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
+	xt_unregister_target(&ipt_ipmark_reg);
+#else
+	ipt_unregister_target(&ipt_ipmark_reg);
+#endif
+}
+
+module_init(init);
+module_exit(fini);
Commit	Line	Data
6890440f	1	diff -NurpP --minimal linux-2.6.21.a/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-2.6.21.b/include/linux/netfilter_ipv4/ipt_IPMARK.h
	2	--- linux-2.6.21.a/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100
	3	+++ linux-2.6.21.b/include/linux/netfilter_ipv4/ipt_IPMARK.h 2007-05-30 12:01:20.000000000 +0200
1aedc22c	4	@@ -0,0 +1,13 @@
	5	+#ifndef _IPT_IPMARK_H_target
	6	+#define _IPT_IPMARK_H_target
	7	+
	8	+struct ipt_ipmark_target_info {
	9	+ unsigned long andmask;
	10	+ unsigned long ormask;
	11	+ unsigned char addr;
	12	+};
	13	+
	14	+#define IPT_IPMARK_SRC 0
	15	+#define IPT_IPMARK_DST 1
	16	+
	17	+#endif /_IPT_IPMARK_H_target/
6890440f	18	diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Kconfig linux-2.6.21.b/net/ipv4/netfilter/Kconfig
	19	--- linux-2.6.21.a/net/ipv4/netfilter/Kconfig 2007-05-30 12:01:03.000000000 +0200
	20	+++ linux-2.6.21.b/net/ipv4/netfilter/Kconfig 2007-05-30 12:01:20.000000000 +0200
	21	@@ -893,5 +893,23 @@ config IP_NF_RSH
06c0c671	22	If you want to compile it as a module, say M here and read
06c0c671	23	<file:Documentation/modules.txt>. If unsure, say `N'.
1aedc22c	24
	25	+config IP_NF_TARGET_IPMARK
	26	+ tristate 'IPMARK target support'
	27	+ depends on IP_NF_MANGLE
	28	+ help
	29	+ This option adds a `IPMARK' target, which allows you to create rules
	30	+ in the `mangle' table which alter the netfilter mark field basing
	31	+ on the source or destination ip address of the packet.
	32	+ This is very useful for very fast massive shaping - using only one
	33	+ rule you can direct packets to houndreds different queues.
	34	+ You will probably find it helpful only if your linux machine acts as
	35	+ a shaper for many others computers.
	36	+
	37	+ If you want to compile it as a module, say M here and read
	38	+ <file:Documentation/modules.txt>. The module will be called
	39	+ ipt_IPMARK.o. If unsure, say `N'.
	40	+
	41	+
	42	+
	43	endmenu
	44
6890440f	45	diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Makefile linux-2.6.21.b/net/ipv4/netfilter/Makefile
	46	--- linux-2.6.21.a/net/ipv4/netfilter/Makefile 2007-05-30 12:01:03.000000000 +0200
	47	+++ linux-2.6.21.b/net/ipv4/netfilter/Makefile 2007-05-30 12:01:21.000000000 +0200
050096bf AM	48	@@ -82,6 +82,7 @@
050096bf AM	49	obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
1aedc22c	50	obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
050096bf	51	obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
1aedc22c	52	+obj-$(CONFIG_IP_NF_TARGET_IPMARK) += ipt_IPMARK.o
1aedc22c	53
050096bf AM	54	obj-$(CONFIG_IP_NF_MATCH_IPV4OPTIONS) += ipt_ipv4options.o
050096bf AM	55
6890440f	56	diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/ipt_IPMARK.c linux-2.6.21.b/net/ipv4/netfilter/ipt_IPMARK.c
	57	--- linux-2.6.21.a/net/ipv4/netfilter/ipt_IPMARK.c 1970-01-01 01:00:00.000000000 +0100
	58	+++ linux-2.6.21.b/net/ipv4/netfilter/ipt_IPMARK.c 2007-05-30 12:01:21.000000000 +0200
34eb83bb	59	@@ -0,0 +1,125 @@
1aedc22c	60	+#include <linux/module.h>
	61	+#include <linux/skbuff.h>
	62	+#include <linux/version.h>
	63	+#include <linux/ip.h>
	64	+#include <net/checksum.h>
34eb83bb	65	+
1aedc22c	66	+#include <linux/netfilter_ipv4/ip_tables.h>
	67	+#include <linux/netfilter_ipv4/ipt_IPMARK.h>
	68	+
	69	+MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz@Janoszka.pl>");
	70	+MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address");
	71	+MODULE_LICENSE("GPL");
	72	+
	73	+static unsigned int
	74	+target(struct sk_buff **pskb,
	75	+ const struct net_device *in,
	76	+ const struct net_device *out,
	77	+ unsigned int hooknum,
	78	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
	79	+ const struct xt_target *target,
	80	+#endif
34eb83bb AM	81	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
	82	+ const void *targinfo,
	83	+ void *userinfo)
	84	+#else
	85	+ const void *targinfo)
	86	+#endif
1aedc22c	87	+{
1aedc22c	88	+ const struct ipt_ipmark_target_info *ipmarkinfo = targinfo;
34eb83bb	89	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
5ce52adc	90	+ struct iphdr iph = ip_hdr(pskb);
34eb83bb AM	91	+#else
	92	+ struct iphdr iph = (pskb)->nh.iph;
	93	+#endif
1aedc22c	94	+ unsigned long mark;
	95	+
	96	+ if (ipmarkinfo->addr == IPT_IPMARK_SRC)
	97	+ mark = (unsigned long) ntohl(iph->saddr);
	98	+ else
	99	+ mark = (unsigned long) ntohl(iph->daddr);
	100	+
	101	+ mark &= ipmarkinfo->andmask;
	102	+ mark \|= ipmarkinfo->ormask;
34eb83bb AM	103	+
	104	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,20)
	105	+ if ((*pskb)->nfmark != mark)
	106	+ (*pskb)->nfmark = mark;
	107	+#else
ca74d27b	108	+ if ((*pskb)->mark != mark)
ca74d27b	109	+ (*pskb)->mark = mark;
34eb83bb	110	+#endif
1aedc22c	111	+ return IPT_CONTINUE;
	112	+}
	113	+
	114	+static int
	115	+checkentry(const char *tablename,
	116	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
	117	+ const void *e,
	118	+#else
	119	+ const struct ipt_entry *e,
	120	+#endif
	121	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
	122	+ const struct xt_target *target,
	123	+#endif
	124	+ void *targinfo,
34eb83bb AM	125	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
	126	+ unsigned int targinfosize,
	127	+#endif
1aedc22c	128	+ unsigned int hook_mask)
	129	+{
	130	+
	131	+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
	132	+ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ipmark_target_info))) {
	133	+ printk(KERN_WARNING "IPMARK: targinfosize %u != %Zu\n",
	134	+ targinfosize,
	135	+ IPT_ALIGN(sizeof(struct ipt_ipmark_target_info)));
	136	+ return 0;
	137	+ }
	138	+#endif
	139	+
	140	+ if (strcmp(tablename, "mangle") != 0) {
	141	+ printk(KERN_WARNING "IPMARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
	142	+ return 0;
	143	+ }
	144	+
	145	+ return 1;
	146	+}
	147	+
34eb83bb AM	148	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
	149	+static struct xt_target ipt_ipmark_reg = {
	150	+#else
1aedc22c	151	+static struct ipt_target ipt_ipmark_reg = {
34eb83bb	152	+#endif
1aedc22c	153	+ .name = "IPMARK",
34eb83bb AM	154	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
	155	+ .family = AF_INET,
	156	+#endif
1aedc22c	157	+ .target = target,
	158	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
	159	+ .targetsize = sizeof(struct ipt_ipmark_target_info),
	160	+#endif
	161	+ .checkentry = checkentry,
	162	+ .me = THIS_MODULE
	163	+};
	164	+
	165	+static int __init init(void)
	166	+{
34eb83bb	167	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
6447fea8	168	+ return xt_register_target(&ipt_ipmark_reg);
34eb83bb AM	169	+#else
	170	+ return ipt_register_target(&ipt_ipmark_reg);
	171	+#endif
1aedc22c	172	+}
	173	+
	174	+static void __exit fini(void)
	175	+{
34eb83bb	176	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
6447fea8	177	+ xt_unregister_target(&ipt_ipmark_reg);
34eb83bb AM	178	+#else
	179	+ ipt_unregister_target(&ipt_ipmark_reg);
	180	+#endif
1aedc22c	181	+}
	182	+
	183	+module_init(init);
	184	+module_exit(fini);