]>
Commit | Line | Data |
---|---|---|
4f957025 | 1 | include/linux/netfilter_ipv4/ipt_IPMARK.h | 13 ++++ |
2 | net/ipv4/netfilter/Kconfig | 18 +++++ | |
3 | net/ipv4/netfilter/Makefile | 1 | |
4 | net/ipv4/netfilter/ipt_IPMARK.c | 96 ++++++++++++++++++++++++++++++ | |
5 | 4 files changed, 128 insertions(+) | |
6 | ||
7 | diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_IPMARK.h linux/include/linux/netfilter_ipv4/ipt_IPMARK.h | |
8 | --- linux.org/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 00:00:00.000000000 +0000 | |
9 | +++ linux/include/linux/netfilter_ipv4/ipt_IPMARK.h 2006-08-29 12:27:47.000000000 +0000 | |
10 | @@ -0,0 +1,13 @@ | |
11 | +#ifndef _IPT_IPMARK_H_target | |
12 | +#define _IPT_IPMARK_H_target | |
13 | + | |
14 | +struct ipt_ipmark_target_info { | |
15 | + unsigned long andmask; | |
16 | + unsigned long ormask; | |
17 | + unsigned char addr; | |
18 | +}; | |
19 | + | |
20 | +#define IPT_IPMARK_SRC 0 | |
21 | +#define IPT_IPMARK_DST 1 | |
22 | + | |
23 | +#endif /*_IPT_IPMARK_H_target*/ | |
24 | diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPMARK.c linux/net/ipv4/netfilter/ipt_IPMARK.c | |
25 | --- linux.org/net/ipv4/netfilter/ipt_IPMARK.c 1970-01-01 00:00:00.000000000 +0000 | |
26 | +++ linux/net/ipv4/netfilter/ipt_IPMARK.c 2006-08-29 12:27:47.000000000 +0000 | |
27 | @@ -0,0 +1,96 @@ | |
28 | +#include <linux/module.h> | |
29 | +#include <linux/skbuff.h> | |
30 | +#include <linux/version.h> | |
31 | +#include <linux/ip.h> | |
32 | +#include <net/checksum.h> | |
33 | + | |
34 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
35 | +#include <linux/netfilter_ipv4/ipt_IPMARK.h> | |
36 | + | |
37 | +MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz@Janoszka.pl>"); | |
38 | +MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address"); | |
39 | +MODULE_LICENSE("GPL"); | |
40 | + | |
41 | +static unsigned int | |
42 | +target(struct sk_buff **pskb, | |
43 | + const struct net_device *in, | |
44 | + const struct net_device *out, | |
45 | + unsigned int hooknum, | |
46 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) | |
47 | + const struct xt_target *target, | |
48 | +#endif | |
49 | + const void *targinfo, | |
50 | + void *userinfo) | |
51 | +{ | |
52 | + const struct ipt_ipmark_target_info *ipmarkinfo = targinfo; | |
53 | + struct iphdr *iph = (*pskb)->nh.iph; | |
54 | + unsigned long mark; | |
55 | + | |
56 | + if (ipmarkinfo->addr == IPT_IPMARK_SRC) | |
57 | + mark = (unsigned long) ntohl(iph->saddr); | |
58 | + else | |
59 | + mark = (unsigned long) ntohl(iph->daddr); | |
60 | + | |
61 | + mark &= ipmarkinfo->andmask; | |
62 | + mark |= ipmarkinfo->ormask; | |
63 | + | |
64 | + if ((*pskb)->nfmark != mark) | |
65 | + (*pskb)->nfmark = mark; | |
66 | + | |
67 | + return IPT_CONTINUE; | |
68 | +} | |
69 | + | |
70 | +static int | |
71 | +checkentry(const char *tablename, | |
72 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) | |
73 | + const void *e, | |
74 | +#else | |
75 | + const struct ipt_entry *e, | |
76 | +#endif | |
77 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) | |
78 | + const struct xt_target *target, | |
79 | +#endif | |
80 | + void *targinfo, | |
81 | + unsigned int targinfosize, | |
82 | + unsigned int hook_mask) | |
83 | +{ | |
84 | + | |
85 | +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) | |
86 | + if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ipmark_target_info))) { | |
87 | + printk(KERN_WARNING "IPMARK: targinfosize %u != %Zu\n", | |
88 | + targinfosize, | |
89 | + IPT_ALIGN(sizeof(struct ipt_ipmark_target_info))); | |
90 | + return 0; | |
91 | + } | |
92 | +#endif | |
93 | + | |
94 | + if (strcmp(tablename, "mangle") != 0) { | |
95 | + printk(KERN_WARNING "IPMARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename); | |
96 | + return 0; | |
97 | + } | |
98 | + | |
99 | + return 1; | |
100 | +} | |
101 | + | |
102 | +static struct ipt_target ipt_ipmark_reg = { | |
103 | + .name = "IPMARK", | |
104 | + .target = target, | |
105 | +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) | |
106 | + .targetsize = sizeof(struct ipt_ipmark_target_info), | |
107 | +#endif | |
108 | + .checkentry = checkentry, | |
109 | + .me = THIS_MODULE | |
110 | +}; | |
111 | + | |
112 | +static int __init init(void) | |
113 | +{ | |
114 | + return ipt_register_target(&ipt_ipmark_reg); | |
115 | +} | |
116 | + | |
117 | +static void __exit fini(void) | |
118 | +{ | |
119 | + ipt_unregister_target(&ipt_ipmark_reg); | |
120 | +} | |
121 | + | |
122 | +module_init(init); | |
123 | +module_exit(fini); | |
124 | diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig | |
125 | --- linux.org/net/ipv4/netfilter/Kconfig 2006-06-18 01:49:35.000000000 +0000 | |
126 | +++ linux/net/ipv4/netfilter/Kconfig 2006-08-29 12:27:47.000000000 +0000 | |
127 | @@ -613,5 +613,23 @@ | |
128 | Allows altering the ARP packet payload: source and destination | |
129 | hardware and network addresses. | |
130 | ||
131 | +config IP_NF_TARGET_IPMARK | |
132 | + tristate 'IPMARK target support' | |
133 | + depends on IP_NF_MANGLE | |
134 | + help | |
135 | + This option adds a `IPMARK' target, which allows you to create rules | |
136 | + in the `mangle' table which alter the netfilter mark field basing | |
137 | + on the source or destination ip address of the packet. | |
138 | + This is very useful for very fast massive shaping - using only one | |
139 | + rule you can direct packets to houndreds different queues. | |
140 | + You will probably find it helpful only if your linux machine acts as | |
141 | + a shaper for many others computers. | |
142 | + | |
143 | + If you want to compile it as a module, say M here and read | |
144 | + <file:Documentation/modules.txt>. The module will be called | |
145 | + ipt_IPMARK.o. If unsure, say `N'. | |
146 | + | |
147 | + | |
148 | + | |
149 | endmenu | |
150 | ||
151 | diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile | |
152 | --- linux.org/net/ipv4/netfilter/Makefile 2006-06-18 01:49:35.000000000 +0000 | |
153 | +++ linux/net/ipv4/netfilter/Makefile 2006-08-29 12:27:47.000000000 +0000 | |
154 | @@ -0,0 +0,1 @@ | |
155 | +obj-$(CONFIG_IP_NF_TARGET_IPMARK) += ipt_IPMARK.o |