SAFE public projects git trees. - safe/jmp/linux-2.6/blob - net/netfilter/xt_DSCP.c

   1 /* x_tables module for setting the IPv4/IPv6 DSCP field, Version 1.8
   2  *
   3  * (C) 2002 by Harald Welte <laforge@netfilter.org>
   4  * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 as
   8  * published by the Free Software Foundation.
   9  *
  10  * See RFC2474 for a description of the DSCP field within the IP Header.
  11  *
  12  * xt_DSCP.c,v 1.8 2002/08/06 18:41:57 laforge Exp
  13 */
  14
  15 #include <linux/module.h>
  16 #include <linux/skbuff.h>
  17 #include <linux/ip.h>
  18 #include <linux/ipv6.h>
  19 #include <net/dsfield.h>
  20
  21 #include <linux/netfilter/x_tables.h>
  22 #include <linux/netfilter/xt_DSCP.h>
  23
  24 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
  25 MODULE_DESCRIPTION("x_tables DSCP modification module");
  26 MODULE_LICENSE("GPL");
  27 MODULE_ALIAS("ipt_DSCP");
  28 MODULE_ALIAS("ip6t_DSCP");
  29
  30 static unsigned int target(struct sk_buff **pskb,
  31                            const struct net_device *in,
  32                            const struct net_device *out,
  33                            unsigned int hooknum,
  34                            const struct xt_target *target,
  35                            const void *targinfo,
  36                            void *userinfo)
  37 {
  38         const struct xt_DSCP_info *dinfo = targinfo;
  39         u_int8_t dscp = ipv4_get_dsfield((*pskb)->nh.iph) >> XT_DSCP_SHIFT;
  40
  41         if (dscp != dinfo->dscp) {
  42                 if (!skb_make_writable(pskb, sizeof(struct iphdr)))
  43                         return NF_DROP;
  44
  45                 ipv4_change_dsfield((*pskb)->nh.iph, (__u8)(~XT_DSCP_MASK),
  46                                     dinfo->dscp << XT_DSCP_SHIFT);
  47
  48         }
  49         return XT_CONTINUE;
  50 }
  51
  52 static unsigned int target6(struct sk_buff **pskb,
  53                             const struct net_device *in,
  54                             const struct net_device *out,
  55                             unsigned int hooknum,
  56                             const struct xt_target *target,
  57                             const void *targinfo,
  58                             void *userinfo)
  59 {
  60         const struct xt_DSCP_info *dinfo = targinfo;
  61         u_int8_t dscp = ipv6_get_dsfield((*pskb)->nh.ipv6h) >> XT_DSCP_SHIFT;
  62
  63         if (dscp != dinfo->dscp) {
  64                 if (!skb_make_writable(pskb, sizeof(struct ipv6hdr)))
  65                         return NF_DROP;
  66
  67                 ipv6_change_dsfield((*pskb)->nh.ipv6h, (__u8)(~XT_DSCP_MASK),
  68                                     dinfo->dscp << XT_DSCP_SHIFT);
  69         }
  70         return XT_CONTINUE;
  71 }
  72
  73 static int checkentry(const char *tablename,
  74                       const void *e_void,
  75                       const struct xt_target *target,
  76                       void *targinfo,
  77                       unsigned int targinfosize,
  78                       unsigned int hook_mask)
  79 {
  80         const u_int8_t dscp = ((struct xt_DSCP_info *)targinfo)->dscp;
  81
  82         if ((dscp > XT_DSCP_MAX)) {
  83                 printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp);
  84                 return 0;
  85         }
  86         return 1;
  87 }
  88
  89 static struct xt_target xt_dscp_reg = {
  90         .name           = "DSCP",
  91         .target         = target,
  92         .targetsize     = sizeof(struct xt_DSCP_info),
  93         .table          = "mangle",
  94         .checkentry     = checkentry,
  95         .family         = AF_INET,
  96         .me             = THIS_MODULE,
  97 };
  98
  99 static struct xt_target xt_dscp6_reg = {
 100         .name           = "DSCP",
 101         .target         = target6,
 102         .targetsize     = sizeof(struct xt_DSCP_info),
 103         .table          = "mangle",
 104         .checkentry     = checkentry,
 105         .family         = AF_INET6,
 106         .me             = THIS_MODULE,
 107 };
 108
 109 static int __init xt_dscp_target_init(void)
 110 {
 111         int ret;
 112         ret = xt_register_target(&xt_dscp_reg);
 113         if (ret)
 114                 return ret;
 115
 116         ret = xt_register_target(&xt_dscp6_reg);
 117         if (ret)
 118                 xt_unregister_target(&xt_dscp_reg);
 119
 120         return ret;
 121 }
 122
 123 static void __exit xt_dscp_target_fini(void)
 124 {
 125         xt_unregister_target(&xt_dscp_reg);
 126         xt_unregister_target(&xt_dscp6_reg);
 127 }
 128
 129 module_init(xt_dscp_target_init);
 130 module_exit(xt_dscp_target_fini);