1 diff -NurpP --minimal linux-2.6.21.a/include/linux/netfilter_ipv4/ipt_IPMARK.h linux-2.6.21.b/include/linux/netfilter_ipv4/ipt_IPMARK.h
2 --- linux-2.6.21.a/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100
3 +++ linux-2.6.21.b/include/linux/netfilter_ipv4/ipt_IPMARK.h 2007-05-30 12:01:20.000000000 +0200
5 +#ifndef _IPT_IPMARK_H_target
6 +#define _IPT_IPMARK_H_target
8 +struct ipt_ipmark_target_info {
9 + unsigned long andmask;
10 + unsigned long ormask;
14 +#define IPT_IPMARK_SRC 0
15 +#define IPT_IPMARK_DST 1
17 +#endif /*_IPT_IPMARK_H_target*/
18 diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Kconfig linux-2.6.21.b/net/ipv4/netfilter/Kconfig
19 --- linux-2.6.21.a/net/ipv4/netfilter/Kconfig 2007-05-30 12:01:03.000000000 +0200
20 +++ linux-2.6.21.b/net/ipv4/netfilter/Kconfig 2007-05-30 12:01:20.000000000 +0200
21 @@ -893,5 +893,23 @@ config IP_NF_RSH
22 If you want to compile it as a module, say M here and read
23 <file:Documentation/modules.txt>. If unsure, say `N'.
25 +config IP_NF_TARGET_IPMARK
26 + tristate 'IPMARK target support'
27 + depends on IP_NF_MANGLE
29 + This option adds a `IPMARK' target, which allows you to create rules
30 + in the `mangle' table which alter the netfilter mark field basing
31 + on the source or destination ip address of the packet.
32 + This is very useful for very fast massive shaping - using only one
33 + rule you can direct packets to houndreds different queues.
34 + You will probably find it helpful only if your linux machine acts as
35 + a shaper for many others computers.
37 + If you want to compile it as a module, say M here and read
38 + <file:Documentation/modules.txt>. The module will be called
39 + ipt_IPMARK.o. If unsure, say `N'.
45 diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Makefile linux-2.6.21.b/net/ipv4/netfilter/Makefile
46 --- linux-2.6.21.a/net/ipv4/netfilter/Makefile 2007-05-30 12:01:03.000000000 +0200
47 +++ linux-2.6.21.b/net/ipv4/netfilter/Makefile 2007-05-30 12:01:21.000000000 +0200
49 obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
50 obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
51 obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
52 +obj-$(CONFIG_IP_NF_TARGET_IPMARK) += ipt_IPMARK.o
54 obj-$(CONFIG_IP_NF_MATCH_IPV4OPTIONS) += ipt_ipv4options.o
56 diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/ipt_IPMARK.c linux-2.6.21.b/net/ipv4/netfilter/ipt_IPMARK.c
57 --- linux-2.6.21.a/net/ipv4/netfilter/ipt_IPMARK.c 1970-01-01 01:00:00.000000000 +0100
58 +++ linux-2.6.21.b/net/ipv4/netfilter/ipt_IPMARK.c 2007-05-30 12:01:21.000000000 +0200
60 +#include <linux/module.h>
61 +#include <linux/skbuff.h>
62 +#include <linux/version.h>
63 +#include <linux/ip.h>
64 +#include <net/checksum.h>
66 +#include <linux/netfilter_ipv4/ip_tables.h>
67 +#include <linux/netfilter_ipv4/ipt_IPMARK.h>
69 +MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz@Janoszka.pl>");
70 +MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address");
71 +MODULE_LICENSE("GPL");
74 +target(struct sk_buff *skb,
75 + const struct net_device *in,
76 + const struct net_device *out,
77 + unsigned int hooknum,
78 + const struct xt_target *target,
79 + const void *targinfo)
81 + const struct ipt_ipmark_target_info *ipmarkinfo = targinfo;
82 + struct iphdr *iph = ip_hdr(skb);
85 + if (ipmarkinfo->addr == IPT_IPMARK_SRC)
86 + mark = (unsigned long) ntohl(iph->saddr);
88 + mark = (unsigned long) ntohl(iph->daddr);
90 + mark &= ipmarkinfo->andmask;
91 + mark |= ipmarkinfo->ormask;
93 + if (skb->mark != mark)
95 + return IPT_CONTINUE;
99 +checkentry(const char *tablename,
101 + const struct xt_target *target,
103 + unsigned int hook_mask)
106 +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
107 + if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ipmark_target_info))) {
108 + printk(KERN_WARNING "IPMARK: targinfosize %u != %Zu\n",
110 + IPT_ALIGN(sizeof(struct ipt_ipmark_target_info)));
115 + if (strcmp(tablename, "mangle") != 0) {
116 + printk(KERN_WARNING "IPMARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
123 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
124 +static struct xt_target ipt_ipmark_reg = {
126 +static struct ipt_target ipt_ipmark_reg = {
129 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
133 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
134 + .targetsize = sizeof(struct ipt_ipmark_target_info),
136 + .checkentry = checkentry,
140 +static int __init init(void)
142 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
143 + return xt_register_target(&ipt_ipmark_reg);
145 + return ipt_register_target(&ipt_ipmark_reg);
149 +static void __exit fini(void)
151 +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
152 + xt_unregister_target(&ipt_ipmark_reg);
154 + ipt_unregister_target(&ipt_ipmark_reg);