[NETFILTER]: xt_MARK target, revision 2

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Introduces the xt_MARK target revision 2. It uses fixed types, and
also uses the more expressive XOR logic.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Jan Engelhardt and committed by

David S. Miller 18 years ago e0a812ae 0dc8c760

+56 -22

2 changed files

expand all

include

linux

netfilter

xt_MARK.h

net

netfilter

xt_MARK.c

include/linux/netfilter/xt_MARK.h

··· 18 18 u_int8_t mode; 19 19 }; 20 20 21 + struct xt_mark_tginfo2 { 22 + u_int32_t mark, mask; 23 + }; 24 + 21 25 #endif /*_XT_MARK_H_target */

+52 -22

net/netfilter/xt_MARK.c

··· 1 - /* This is a module which is used for setting the NFMARK field of an skb. */ 2 - 3 - /* (C) 1999-2001 Marc Boucher <marc@mbsi.ca> 1 + /* 2 + * xt_MARK - Netfilter module to modify the NFMARK field of an skb 4 3 * 5 - * This program is free software; you can redistribute it and/or modify 6 - * it under the terms of the GNU General Public License version 2 as 7 - * published by the Free Software Foundation. 4 + * (C) 1999-2001 Marc Boucher <marc@mbsi.ca> 5 + * Copyright © CC Computer Consultants GmbH, 2007 - 2008 6 + * Jan Engelhardt <jengelh@computergmbh.de> 7 + * 8 + * This program is free software; you can redistribute it and/or modify 9 + * it under the terms of the GNU General Public License version 2 as 10 + * published by the Free Software Foundation. 8 11 */ 9 12 10 13 #include <linux/module.h> ··· 36 33 } 37 34 38 35 static unsigned int 39 - mark_tg(struct sk_buff *skb, const struct net_device *in, 40 - const struct net_device *out, unsigned int hooknum, 41 - const struct xt_target *target, const void *targinfo) 36 + mark_tg_v1(struct sk_buff *skb, const struct net_device *in, 37 + const struct net_device *out, unsigned int hooknum, 38 + const struct xt_target *target, const void *targinfo) 42 39 { 43 40 const struct xt_mark_target_info_v1 *markinfo = targinfo; 44 41 int mark = 0; ··· 61 58 return XT_CONTINUE; 62 59 } 63 60 61 + static unsigned int 62 + mark_tg(struct sk_buff *skb, const struct net_device *in, 63 + const struct net_device *out, unsigned int hooknum, 64 + const struct xt_target *target, const void *targinfo) 65 + { 66 + const struct xt_mark_tginfo2 *info = targinfo; 67 + 68 + skb->mark = (skb->mark & ~info->mask) ^ info->mark; 69 + return XT_CONTINUE; 70 + } 71 + 64 72 static bool 65 73 mark_tg_check_v0(const char *tablename, const void *entry, 66 74 const struct xt_target *target, void *targinfo, ··· 87 73 } 88 74 89 75 static bool 90 - mark_tg_check(const char *tablename, const void *entry, 91 - const struct xt_target *target, void *targinfo, 92 - unsigned int hook_mask) 76 + mark_tg_check_v1(const char *tablename, const void *entry, 77 + const struct xt_target *target, void *targinfo, 78 + unsigned int hook_mask) 93 79 { 94 80 const struct xt_mark_target_info_v1 *markinfo = targinfo; 95 81 ··· 112 98 compat_ulong_t mark; 113 99 }; 114 100 115 - static void mark_tg_compat_from_user(void *dst, void *src) 101 + static void mark_tg_compat_from_user_v0(void *dst, void *src) 116 102 { 117 103 const struct compat_xt_mark_target_info *cm = src; 118 104 struct xt_mark_target_info m = { ··· 121 107 memcpy(dst, &m, sizeof(m)); 122 108 } 123 109 124 - static int mark_tg_compat_to_user(void __user *dst, void *src) 110 + static int mark_tg_compat_to_user_v0(void __user *dst, void *src) 125 111 { 126 112 const struct xt_mark_target_info *m = src; 127 113 struct compat_xt_mark_target_info cm = { ··· 168 154 .targetsize = sizeof(struct xt_mark_target_info), 169 155 #ifdef CONFIG_COMPAT 170 156 .compatsize = sizeof(struct compat_xt_mark_target_info), 171 - .compat_from_user = mark_tg_compat_from_user, 172 - .compat_to_user = mark_tg_compat_to_user, 157 + .compat_from_user = mark_tg_compat_from_user_v0, 158 + .compat_to_user = mark_tg_compat_to_user_v0, 173 159 #endif 174 160 .table = "mangle", 175 161 .me = THIS_MODULE, ··· 178 164 .name = "MARK", 179 165 .family = AF_INET, 180 166 .revision = 1, 181 - .checkentry = mark_tg_check, 182 - .target = mark_tg, 167 + .checkentry = mark_tg_check_v1, 168 + .target = mark_tg_v1, 183 169 .targetsize = sizeof(struct xt_mark_target_info_v1), 184 170 #ifdef CONFIG_COMPAT 185 171 .compatsize = sizeof(struct compat_xt_mark_target_info_v1), ··· 198 184 .targetsize = sizeof(struct xt_mark_target_info), 199 185 #ifdef CONFIG_COMPAT 200 186 .compatsize = sizeof(struct compat_xt_mark_target_info), 201 - .compat_from_user = mark_tg_compat_from_user, 202 - .compat_to_user = mark_tg_compat_to_user, 187 + .compat_from_user = mark_tg_compat_from_user_v0, 188 + .compat_to_user = mark_tg_compat_to_user_v0, 203 189 #endif 204 190 .table = "mangle", 205 191 .me = THIS_MODULE, ··· 208 194 .name = "MARK", 209 195 .family = AF_INET6, 210 196 .revision = 1, 211 - .checkentry = mark_tg_check, 212 - .target = mark_tg, 197 + .checkentry = mark_tg_check_v1, 198 + .target = mark_tg_v1, 213 199 .targetsize = sizeof(struct xt_mark_target_info_v1), 214 200 #ifdef CONFIG_COMPAT 215 201 .compatsize = sizeof(struct compat_xt_mark_target_info_v1), ··· 218 204 #endif 219 205 .table = "mangle", 220 206 .me = THIS_MODULE, 207 + }, 208 + { 209 + .name = "MARK", 210 + .revision = 2, 211 + .family = AF_INET, 212 + .target = mark_tg, 213 + .targetsize = sizeof(struct xt_mark_tginfo2), 214 + .me = THIS_MODULE, 215 + }, 216 + { 217 + .name = "MARK", 218 + .revision = 2, 219 + .family = AF_INET6, 220 + .target = mark_tg, 221 + .targetsize = sizeof(struct xt_mark_tginfo2), 222 + .me = THIS_MODULE, 221 223 }, 222 224 }; 223 225