Commit c9fd4968 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by David S. Miller

[NETFILTER]: Merge ipt_TOS into xt_DSCP

Merge ipt_TOS into xt_DSCP.

Merge ipt_TOS (tos v0 target) into xt_DSCP. They both modify the same
field in the IPv4 header, so it seems reasonable to keep them in one
piece. This is part two of the implicit 4-patch series to move tos to
xtables and extend it by IPv6.
Signed-off-by: default avatarJan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent c3b33e6a
...@@ -293,16 +293,6 @@ config IP_NF_MANGLE ...@@ -293,16 +293,6 @@ config IP_NF_MANGLE
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
config IP_NF_TARGET_TOS
tristate "TOS target support"
depends on IP_NF_MANGLE
help
This option adds a `TOS' target, which allows you to create rules in
the `mangle' table which alter the Type Of Service field of an IP
packet prior to routing.
To compile it as a module, choose M here. If unsure, say N.
config IP_NF_TARGET_ECN config IP_NF_TARGET_ECN
tristate "ECN target support" tristate "ECN target support"
depends on IP_NF_MANGLE depends on IP_NF_MANGLE
......
...@@ -57,7 +57,6 @@ obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o ...@@ -57,7 +57,6 @@ obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o
obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
......
...@@ -293,7 +293,7 @@ config NETFILTER_XT_TARGET_CONNMARK ...@@ -293,7 +293,7 @@ config NETFILTER_XT_TARGET_CONNMARK
ipt_CONNMARK.ko. If unsure, say `N'. ipt_CONNMARK.ko. If unsure, say `N'.
config NETFILTER_XT_TARGET_DSCP config NETFILTER_XT_TARGET_DSCP
tristate '"DSCP" target support' tristate '"DSCP" and "TOS" target support'
depends on NETFILTER_XTABLES depends on NETFILTER_XTABLES
depends on IP_NF_MANGLE || IP6_NF_MANGLE depends on IP_NF_MANGLE || IP6_NF_MANGLE
help help
...@@ -302,6 +302,10 @@ config NETFILTER_XT_TARGET_DSCP ...@@ -302,6 +302,10 @@ config NETFILTER_XT_TARGET_DSCP
The DSCP field can have any value between 0x0 and 0x3f inclusive. The DSCP field can have any value between 0x0 and 0x3f inclusive.
It also adds the "TOS" target, which allows you to create rules in
the "mangle" table which alter the Type Of Service field of an IPv4
packet prior to routing.
To compile it as a module, choose M here. If unsure, say N. To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_TARGET_MARK config NETFILTER_XT_TARGET_MARK
......
...@@ -18,12 +18,14 @@ ...@@ -18,12 +18,14 @@
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_DSCP.h> #include <linux/netfilter/xt_DSCP.h>
#include <linux/netfilter_ipv4/ipt_TOS.h>
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("x_tables DSCP modification module"); MODULE_DESCRIPTION("x_tables DSCP modification module");
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_ALIAS("ipt_DSCP"); MODULE_ALIAS("ipt_DSCP");
MODULE_ALIAS("ip6t_DSCP"); MODULE_ALIAS("ip6t_DSCP");
MODULE_ALIAS("ipt_TOS");
static unsigned int static unsigned int
dscp_tg(struct sk_buff *skb, const struct net_device *in, dscp_tg(struct sk_buff *skb, const struct net_device *in,
...@@ -76,6 +78,45 @@ dscp_tg_check(const char *tablename, const void *e_void, ...@@ -76,6 +78,45 @@ dscp_tg_check(const char *tablename, const void *e_void,
return true; return true;
} }
static unsigned int
tos_tg_v0(struct sk_buff *skb, const struct net_device *in,
const struct net_device *out, unsigned int hooknum,
const struct xt_target *target, const void *targinfo)
{
const struct ipt_tos_target_info *info = targinfo;
struct iphdr *iph = ip_hdr(skb);
u_int8_t oldtos;
if ((iph->tos & IPTOS_TOS_MASK) != info->tos) {
if (!skb_make_writable(skb, sizeof(struct iphdr)))
return NF_DROP;
iph = ip_hdr(skb);
oldtos = iph->tos;
iph->tos = (iph->tos & IPTOS_PREC_MASK) | info->tos;
csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
}
return XT_CONTINUE;
}
static bool
tos_tg_check_v0(const char *tablename, const void *e_void,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
{
const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos;
if (tos != IPTOS_LOWDELAY && tos != IPTOS_THROUGHPUT &&
tos != IPTOS_RELIABILITY && tos != IPTOS_MINCOST &&
tos != IPTOS_NORMALSVC) {
printk(KERN_WARNING "TOS: bad tos value %#x\n", tos);
return false;
}
return true;
}
static struct xt_target dscp_tg_reg[] __read_mostly = { static struct xt_target dscp_tg_reg[] __read_mostly = {
{ {
.name = "DSCP", .name = "DSCP",
...@@ -95,6 +136,16 @@ static struct xt_target dscp_tg_reg[] __read_mostly = { ...@@ -95,6 +136,16 @@ static struct xt_target dscp_tg_reg[] __read_mostly = {
.table = "mangle", .table = "mangle",
.me = THIS_MODULE, .me = THIS_MODULE,
}, },
{
.name = "TOS",
.revision = 0,
.family = AF_INET,
.table = "mangle",
.target = tos_tg_v0,
.targetsize = sizeof(struct ipt_tos_target_info),
.checkentry = tos_tg_check_v0,
.me = THIS_MODULE,
},
}; };
static int __init dscp_tg_init(void) static int __init dscp_tg_init(void)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment