Blame view
net/netfilter/xt_DSCP.c
3.79 KB
d2912cb15 treewide: Replace... |
1 |
// SPDX-License-Identifier: GPL-2.0-only |
a468701db [NETFILTER]: x_ta... |
2 3 4 5 6 |
/* x_tables module for setting the IPv4/IPv6 DSCP field, Version 1.8 * * (C) 2002 by Harald Welte <laforge@netfilter.org> * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> * |
a468701db [NETFILTER]: x_ta... |
7 |
* See RFC2474 for a description of the DSCP field within the IP Header. |
a468701db [NETFILTER]: x_ta... |
8 |
*/ |
8bee4bad0 netfilter: xt ext... |
9 |
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
a468701db [NETFILTER]: x_ta... |
10 11 12 13 14 15 16 17 18 19 |
#include <linux/module.h> #include <linux/skbuff.h> #include <linux/ip.h> #include <linux/ipv6.h> #include <net/dsfield.h> #include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_DSCP.h> MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); |
2ae15b64e [NETFILTER]: Upda... |
20 |
MODULE_DESCRIPTION("Xtables: DSCP/TOS field modification"); |
a468701db [NETFILTER]: x_ta... |
21 22 23 |
MODULE_LICENSE("GPL"); MODULE_ALIAS("ipt_DSCP"); MODULE_ALIAS("ip6t_DSCP"); |
c9fd49680 [NETFILTER]: Merg... |
24 |
MODULE_ALIAS("ipt_TOS"); |
5c350e5a3 [NETFILTER]: IPv6... |
25 |
MODULE_ALIAS("ip6t_TOS"); |
a468701db [NETFILTER]: x_ta... |
26 |
|
d3c5ee6d5 [NETFILTER]: x_ta... |
27 |
static unsigned int |
4b560b447 netfilter: xtable... |
28 |
dscp_tg(struct sk_buff *skb, const struct xt_action_param *par) |
a468701db [NETFILTER]: x_ta... |
29 |
{ |
7eb355865 netfilter: xtable... |
30 |
const struct xt_DSCP_info *dinfo = par->targinfo; |
3db05fea5 [NETFILTER]: Repl... |
31 |
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; |
a468701db [NETFILTER]: x_ta... |
32 33 |
if (dscp != dinfo->dscp) { |
2cf6bffc4 netfilter: replac... |
34 |
if (skb_ensure_writable(skb, sizeof(struct iphdr))) |
a468701db [NETFILTER]: x_ta... |
35 |
return NF_DROP; |
567686443 netfilter: fix va... |
36 37 |
ipv4_change_dsfield(ip_hdr(skb), (__force __u8)(~XT_DSCP_MASK), |
a468701db [NETFILTER]: x_ta... |
38 39 40 41 42 |
dinfo->dscp << XT_DSCP_SHIFT); } return XT_CONTINUE; } |
d3c5ee6d5 [NETFILTER]: x_ta... |
43 |
static unsigned int |
4b560b447 netfilter: xtable... |
44 |
dscp_tg6(struct sk_buff *skb, const struct xt_action_param *par) |
a468701db [NETFILTER]: x_ta... |
45 |
{ |
7eb355865 netfilter: xtable... |
46 |
const struct xt_DSCP_info *dinfo = par->targinfo; |
3db05fea5 [NETFILTER]: Repl... |
47 |
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; |
a468701db [NETFILTER]: x_ta... |
48 49 |
if (dscp != dinfo->dscp) { |
2cf6bffc4 netfilter: replac... |
50 |
if (skb_ensure_writable(skb, sizeof(struct ipv6hdr))) |
a468701db [NETFILTER]: x_ta... |
51 |
return NF_DROP; |
567686443 netfilter: fix va... |
52 53 |
ipv6_change_dsfield(ipv6_hdr(skb), (__force __u8)(~XT_DSCP_MASK), |
a468701db [NETFILTER]: x_ta... |
54 55 56 57 |
dinfo->dscp << XT_DSCP_SHIFT); } return XT_CONTINUE; } |
135367b8f netfilter: xtable... |
58 |
static int dscp_tg_check(const struct xt_tgchk_param *par) |
a468701db [NETFILTER]: x_ta... |
59 |
{ |
af5d6dc20 netfilter: xtable... |
60 |
const struct xt_DSCP_info *info = par->targinfo; |
a468701db [NETFILTER]: x_ta... |
61 |
|
0cc9501f9 netfilter: x_tabl... |
62 |
if (info->dscp > XT_DSCP_MAX) |
4a5a5c73b netfilter: xtable... |
63 |
return -EDOM; |
d6b00a534 netfilter: xtable... |
64 |
return 0; |
a468701db [NETFILTER]: x_ta... |
65 |
} |
c9fd49680 [NETFILTER]: Merg... |
66 |
static unsigned int |
4b560b447 netfilter: xtable... |
67 |
tos_tg(struct sk_buff *skb, const struct xt_action_param *par) |
5c350e5a3 [NETFILTER]: IPv6... |
68 |
{ |
7eb355865 netfilter: xtable... |
69 |
const struct xt_tos_target_info *info = par->targinfo; |
5c350e5a3 [NETFILTER]: IPv6... |
70 71 72 73 |
struct iphdr *iph = ip_hdr(skb); u_int8_t orig, nv; orig = ipv4_get_dsfield(iph); |
9bb268ed7 [NETFILTER]: xt_T... |
74 |
nv = (orig & ~info->tos_mask) ^ info->tos_value; |
5c350e5a3 [NETFILTER]: IPv6... |
75 76 |
if (orig != nv) { |
2cf6bffc4 netfilter: replac... |
77 |
if (skb_ensure_writable(skb, sizeof(struct iphdr))) |
5c350e5a3 [NETFILTER]: IPv6... |
78 79 |
return NF_DROP; iph = ip_hdr(skb); |
cdfe8b979 [NETFILTER]: xt_T... |
80 |
ipv4_change_dsfield(iph, 0, nv); |
5c350e5a3 [NETFILTER]: IPv6... |
81 82 83 84 85 86 |
} return XT_CONTINUE; } static unsigned int |
4b560b447 netfilter: xtable... |
87 |
tos_tg6(struct sk_buff *skb, const struct xt_action_param *par) |
5c350e5a3 [NETFILTER]: IPv6... |
88 |
{ |
7eb355865 netfilter: xtable... |
89 |
const struct xt_tos_target_info *info = par->targinfo; |
5c350e5a3 [NETFILTER]: IPv6... |
90 91 92 93 |
struct ipv6hdr *iph = ipv6_hdr(skb); u_int8_t orig, nv; orig = ipv6_get_dsfield(iph); |
1ed2f73d9 netfilter: IPv6: ... |
94 |
nv = (orig & ~info->tos_mask) ^ info->tos_value; |
5c350e5a3 [NETFILTER]: IPv6... |
95 96 |
if (orig != nv) { |
2cf6bffc4 netfilter: replac... |
97 |
if (skb_ensure_writable(skb, sizeof(struct iphdr))) |
5c350e5a3 [NETFILTER]: IPv6... |
98 99 |
return NF_DROP; iph = ipv6_hdr(skb); |
cdfe8b979 [NETFILTER]: xt_T... |
100 |
ipv6_change_dsfield(iph, 0, nv); |
5c350e5a3 [NETFILTER]: IPv6... |
101 102 103 104 |
} return XT_CONTINUE; } |
d3c5ee6d5 [NETFILTER]: x_ta... |
105 |
static struct xt_target dscp_tg_reg[] __read_mostly = { |
4470bbc74 [NETFILTER]: x_ta... |
106 107 |
{ .name = "DSCP", |
ee999d8b9 netfilter: x_tabl... |
108 |
.family = NFPROTO_IPV4, |
d3c5ee6d5 [NETFILTER]: x_ta... |
109 110 |
.checkentry = dscp_tg_check, .target = dscp_tg, |
4470bbc74 [NETFILTER]: x_ta... |
111 112 113 114 115 116 |
.targetsize = sizeof(struct xt_DSCP_info), .table = "mangle", .me = THIS_MODULE, }, { .name = "DSCP", |
ee999d8b9 netfilter: x_tabl... |
117 |
.family = NFPROTO_IPV6, |
d3c5ee6d5 [NETFILTER]: x_ta... |
118 119 |
.checkentry = dscp_tg_check, .target = dscp_tg6, |
4470bbc74 [NETFILTER]: x_ta... |
120 121 122 123 |
.targetsize = sizeof(struct xt_DSCP_info), .table = "mangle", .me = THIS_MODULE, }, |
c9fd49680 [NETFILTER]: Merg... |
124 125 |
{ .name = "TOS", |
5c350e5a3 [NETFILTER]: IPv6... |
126 |
.revision = 1, |
ee999d8b9 netfilter: x_tabl... |
127 |
.family = NFPROTO_IPV4, |
5c350e5a3 [NETFILTER]: IPv6... |
128 129 130 131 132 133 134 135 |
.table = "mangle", .target = tos_tg, .targetsize = sizeof(struct xt_tos_target_info), .me = THIS_MODULE, }, { .name = "TOS", .revision = 1, |
ee999d8b9 netfilter: x_tabl... |
136 |
.family = NFPROTO_IPV6, |
5c350e5a3 [NETFILTER]: IPv6... |
137 138 139 140 141 |
.table = "mangle", .target = tos_tg6, .targetsize = sizeof(struct xt_tos_target_info), .me = THIS_MODULE, }, |
a468701db [NETFILTER]: x_ta... |
142 |
}; |
d3c5ee6d5 [NETFILTER]: x_ta... |
143 |
static int __init dscp_tg_init(void) |
a468701db [NETFILTER]: x_ta... |
144 |
{ |
d3c5ee6d5 [NETFILTER]: x_ta... |
145 |
return xt_register_targets(dscp_tg_reg, ARRAY_SIZE(dscp_tg_reg)); |
a468701db [NETFILTER]: x_ta... |
146 |
} |
d3c5ee6d5 [NETFILTER]: x_ta... |
147 |
static void __exit dscp_tg_exit(void) |
a468701db [NETFILTER]: x_ta... |
148 |
{ |
d3c5ee6d5 [NETFILTER]: x_ta... |
149 |
xt_unregister_targets(dscp_tg_reg, ARRAY_SIZE(dscp_tg_reg)); |
a468701db [NETFILTER]: x_ta... |
150 |
} |
d3c5ee6d5 [NETFILTER]: x_ta... |
151 152 |
module_init(dscp_tg_init); module_exit(dscp_tg_exit); |