tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* This kernel module is used to modify the connection mark values, or
2 * to optionally restore the skb nfmark from the connection mark
3 *
4 * Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
5 * by Henrik Nordstrom <hno@marasystems.com>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21#include <linux/module.h>
22#include <linux/skbuff.h>
23#include <linux/ip.h>
24#include <net/checksum.h>
25
26MODULE_AUTHOR("Henrik Nordstrom <hno@marasytems.com>");
27MODULE_DESCRIPTION("IP tables CONNMARK matching module");
28MODULE_LICENSE("GPL");
29MODULE_ALIAS("ipt_CONNMARK");
30
31#include <linux/netfilter/x_tables.h>
32#include <linux/netfilter/xt_CONNMARK.h>
33#include <net/netfilter/nf_conntrack_compat.h>
34
35static unsigned int
36target(struct sk_buff **pskb,
37 const struct net_device *in,
38 const struct net_device *out,
39 unsigned int hooknum,
40 const struct xt_target *target,
41 const void *targinfo,
42 void *userinfo)
43{
44 const struct xt_connmark_target_info *markinfo = targinfo;
45 u_int32_t diff;
46 u_int32_t nfmark;
47 u_int32_t newmark;
48 u_int32_t ctinfo;
49 u_int32_t *ctmark = nf_ct_get_mark(*pskb, &ctinfo);
50
51 if (ctmark) {
52 switch(markinfo->mode) {
53 case XT_CONNMARK_SET:
54 newmark = (*ctmark & ~markinfo->mask) | markinfo->mark;
55 if (newmark != *ctmark)
56 *ctmark = newmark;
57 break;
58 case XT_CONNMARK_SAVE:
59 newmark = (*ctmark & ~markinfo->mask) | ((*pskb)->nfmark & markinfo->mask);
60 if (*ctmark != newmark)
61 *ctmark = newmark;
62 break;
63 case XT_CONNMARK_RESTORE:
64 nfmark = (*pskb)->nfmark;
65 diff = (*ctmark ^ nfmark) & markinfo->mask;
66 if (diff != 0)
67 (*pskb)->nfmark = nfmark ^ diff;
68 break;
69 }
70 }
71
72 return XT_CONTINUE;
73}
74
75static int
76checkentry(const char *tablename,
77 const void *entry,
78 const struct xt_target *target,
79 void *targinfo,
80 unsigned int targinfosize,
81 unsigned int hook_mask)
82{
83 struct xt_connmark_target_info *matchinfo = targinfo;
84
85 if (matchinfo->mode == XT_CONNMARK_RESTORE) {
86 if (strcmp(tablename, "mangle") != 0) {
87 printk(KERN_WARNING "CONNMARK: restore can only be called from \"mangle\" table, not \"%s\"\n", tablename);
88 return 0;
89 }
90 }
91
92 if (matchinfo->mark > 0xffffffff || matchinfo->mask > 0xffffffff) {
93 printk(KERN_WARNING "CONNMARK: Only supports 32bit mark\n");
94 return 0;
95 }
96
97 return 1;
98}
99
100static struct xt_target connmark_reg = {
101 .name = "CONNMARK",
102 .target = target,
103 .targetsize = sizeof(struct xt_connmark_target_info),
104 .checkentry = checkentry,
105 .family = AF_INET,
106 .me = THIS_MODULE
107};
108
109static struct xt_target connmark6_reg = {
110 .name = "CONNMARK",
111 .target = target,
112 .targetsize = sizeof(struct xt_connmark_target_info),
113 .checkentry = checkentry,
114 .family = AF_INET6,
115 .me = THIS_MODULE
116};
117
118static int __init xt_connmark_init(void)
119{
120 int ret;
121
122 need_conntrack();
123
124 ret = xt_register_target(&connmark_reg);
125 if (ret)
126 return ret;
127
128 ret = xt_register_target(&connmark6_reg);
129 if (ret)
130 xt_unregister_target(&connmark_reg);
131
132 return ret;
133}
134
135static void __exit xt_connmark_fini(void)
136{
137 xt_unregister_target(&connmark_reg);
138 xt_unregister_target(&connmark6_reg);
139}
140
141module_init(xt_connmark_init);
142module_exit(xt_connmark_fini);