1 include/linux/netfilter_ipv4/ipt_IPMARK.h | 13 ++++
2 net/ipv4/netfilter/Kconfig | 18 ++++++
3 net/ipv4/netfilter/Makefile | 1
4 net/ipv4/netfilter/ipt_IPMARK.c | 79 ++++++++++++++++++++++++++++++
5 4 files changed, 111 insertions(+)
7 diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_IPMARK.h linux/include/linux/netfilter_ipv4/ipt_IPMARK.h
8 --- linux.org/include/linux/netfilter_ipv4/ipt_IPMARK.h 1970-01-01 01:00:00.000000000 +0100
9 +++ linux/include/linux/netfilter_ipv4/ipt_IPMARK.h 2006-05-04 11:19:22.000000000 +0200
11 +#ifndef _IPT_IPMARK_H_target
12 +#define _IPT_IPMARK_H_target
14 +struct ipt_ipmark_target_info {
15 + unsigned long andmask;
16 + unsigned long ormask;
20 +#define IPT_IPMARK_SRC 0
21 +#define IPT_IPMARK_DST 1
23 +#endif /*_IPT_IPMARK_H_target*/
24 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
25 --- linux.org/net/ipv4/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200
26 +++ linux/net/ipv4/netfilter/Kconfig 2006-05-04 11:19:22.000000000 +0200
28 Allows altering the ARP packet payload: source and destination
29 hardware and network addresses.
31 +config IP_NF_TARGET_IPMARK
32 + tristate 'IPMARK target support'
33 + depends on IP_NF_MANGLE
35 + This option adds a `IPMARK' target, which allows you to create rules
36 + in the `mangle' table which alter the netfilter mark field basing
37 + on the source or destination ip address of the packet.
38 + This is very useful for very fast massive shaping - using only one
39 + rule you can direct packets to houndreds different queues.
40 + You will probably find it helpful only if your linux machine acts as
41 + a shaper for many others computers.
43 + If you want to compile it as a module, say M here and read
44 + <file:Documentation/modules.txt>. The module will be called
45 + ipt_IPMARK.o. If unsure, say `N'.
51 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
52 --- linux.org/net/ipv4/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200
53 +++ linux/net/ipv4/netfilter/Makefile 2006-05-04 11:19:22.000000000 +0200
55 +obj-$(CONFIG_IP_NF_TARGET_IPMARK) += ipt_IPMARK.o
56 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPMARK.c linux/net/ipv4/netfilter/ipt_IPMARK.c
57 --- linux.org/net/ipv4/netfilter/ipt_IPMARK.c 1970-01-01 01:00:00.000000000 +0100
58 +++ linux/net/ipv4/netfilter/ipt_IPMARK.c 2006-05-04 11:19:22.000000000 +0200
60 +#include <linux/module.h>
61 +#include <linux/skbuff.h>
62 +#include <linux/ip.h>
63 +#include <net/checksum.h>
65 +#include <linux/netfilter_ipv4/ip_tables.h>
66 +#include <linux/netfilter_ipv4/ipt_IPMARK.h>
68 +MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz@Janoszka.pl>");
69 +MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address");
70 +MODULE_LICENSE("GPL");
73 +target(struct sk_buff **pskb,
74 + const struct net_device *in,
75 + const struct net_device *out,
76 + unsigned int hooknum,
77 + const void *targinfo,
80 + const struct ipt_ipmark_target_info *ipmarkinfo = targinfo;
81 + struct iphdr *iph = (*pskb)->nh.iph;
84 + if (ipmarkinfo->addr == IPT_IPMARK_SRC)
85 + mark = (unsigned long) ntohl(iph->saddr);
87 + mark = (unsigned long) ntohl(iph->daddr);
89 + mark &= ipmarkinfo->andmask;
90 + mark |= ipmarkinfo->ormask;
92 + if ((*pskb)->nfmark != mark)
93 + (*pskb)->nfmark = mark;
95 + return IPT_CONTINUE;
99 +checkentry(const char *tablename,
100 + const struct ipt_entry *e,
102 + unsigned int targinfosize,
103 + unsigned int hook_mask)
105 + if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ipmark_target_info))) {
106 + printk(KERN_WARNING "IPMARK: targinfosize %u != %Zu\n",
108 + IPT_ALIGN(sizeof(struct ipt_ipmark_target_info)));
112 + if (strcmp(tablename, "mangle") != 0) {
113 + printk(KERN_WARNING "IPMARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
120 +static struct ipt_target ipt_ipmark_reg = {
123 + .checkentry = checkentry,
127 +static int __init init(void)
129 + return ipt_register_target(&ipt_ipmark_reg);
132 +static void __exit fini(void)
134 + ipt_unregister_target(&ipt_ipmark_reg);