net/netfilter/xt_mark.c at master · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / net / netfilter / xt_mark.c
at master 2.6 kB view raw
  1// SPDX-License-Identifier: GPL-2.0-only
  2/*
  3 *	xt_mark - Netfilter module to match NFMARK value
  4 *
  5 *	(C) 1999-2001 Marc Boucher <marc@mbsi.ca>
  6 *	Copyright © CC Computer Consultants GmbH, 2007 - 2008
  7 *	Jan Engelhardt <jengelh@medozas.de>
  8 */
  9
 10#include <linux/module.h>
 11#include <linux/skbuff.h>
 12
 13#include <linux/netfilter/xt_mark.h>
 14#include <linux/netfilter/x_tables.h>
 15
 16MODULE_LICENSE("GPL");
 17MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
 18MODULE_DESCRIPTION("Xtables: packet mark operations");
 19MODULE_ALIAS("ipt_mark");
 20MODULE_ALIAS("ip6t_mark");
 21MODULE_ALIAS("ipt_MARK");
 22MODULE_ALIAS("ip6t_MARK");
 23MODULE_ALIAS("arpt_MARK");
 24
 25static unsigned int
 26mark_tg(struct sk_buff *skb, const struct xt_action_param *par)
 27{
 28	const struct xt_mark_tginfo2 *info = par->targinfo;
 29
 30	skb->mark = (skb->mark & ~info->mask) ^ info->mark;
 31	return XT_CONTINUE;
 32}
 33
 34static bool
 35mark_mt(const struct sk_buff *skb, struct xt_action_param *par)
 36{
 37	const struct xt_mark_mtinfo1 *info = par->matchinfo;
 38
 39	return ((skb->mark & info->mask) == info->mark) ^ info->invert;
 40}
 41
 42static struct xt_target mark_tg_reg[] __read_mostly = {
 43	{
 44		.name           = "MARK",
 45		.revision       = 2,
 46		.family         = NFPROTO_IPV4,
 47		.target         = mark_tg,
 48		.targetsize     = sizeof(struct xt_mark_tginfo2),
 49		.me             = THIS_MODULE,
 50	},
 51#if IS_ENABLED(CONFIG_IP_NF_ARPTABLES) || IS_ENABLED(CONFIG_NFT_COMPAT_ARP)
 52	{
 53		.name           = "MARK",
 54		.revision       = 2,
 55		.family         = NFPROTO_ARP,
 56		.target         = mark_tg,
 57		.targetsize     = sizeof(struct xt_mark_tginfo2),
 58		.me             = THIS_MODULE,
 59	},
 60#endif
 61#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
 62	{
 63		.name           = "MARK",
 64		.revision       = 2,
 65		.family         = NFPROTO_IPV6,
 66		.target         = mark_tg,
 67		.targetsize     = sizeof(struct xt_mark_tginfo2),
 68		.me             = THIS_MODULE,
 69	},
 70#endif
 71};
 72
 73static struct xt_match mark_mt_reg __read_mostly = {
 74	.name           = "mark",
 75	.revision       = 1,
 76	.family         = NFPROTO_UNSPEC,
 77	.match          = mark_mt,
 78	.matchsize      = sizeof(struct xt_mark_mtinfo1),
 79	.me             = THIS_MODULE,
 80};
 81
 82static int __init mark_mt_init(void)
 83{
 84	int ret;
 85
 86	ret = xt_register_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
 87	if (ret < 0)
 88		return ret;
 89	ret = xt_register_match(&mark_mt_reg);
 90	if (ret < 0) {
 91		xt_unregister_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
 92		return ret;
 93	}
 94	return 0;
 95}
 96
 97static void __exit mark_mt_exit(void)
 98{
 99	xt_unregister_match(&mark_mt_reg);
100	xt_unregister_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
101}
102
103module_init(mark_mt_init);
104module_exit(mark_mt_exit);