Commit | Line | Data |
---|---|---|
e0a812ae JE |
1 | /* |
2 | * xt_MARK - Netfilter module to modify the NFMARK field of an skb | |
3 | * | |
4 | * (C) 1999-2001 Marc Boucher <marc@mbsi.ca> | |
5 | * Copyright © CC Computer Consultants GmbH, 2007 - 2008 | |
6 | * Jan Engelhardt <jengelh@computergmbh.de> | |
1da177e4 | 7 | * |
e0a812ae JE |
8 | * This program is free software; you can redistribute it and/or modify |
9 | * it under the terms of the GNU General Public License version 2 as | |
10 | * published by the Free Software Foundation. | |
1da177e4 LT |
11 | */ |
12 | ||
13 | #include <linux/module.h> | |
14 | #include <linux/skbuff.h> | |
15 | #include <linux/ip.h> | |
16 | #include <net/checksum.h> | |
17 | ||
2e4e6a17 HW |
18 | #include <linux/netfilter/x_tables.h> |
19 | #include <linux/netfilter/xt_MARK.h> | |
1da177e4 LT |
20 | |
21 | MODULE_LICENSE("GPL"); | |
22 | MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); | |
2ae15b64 | 23 | MODULE_DESCRIPTION("Xtables: packet mark modification"); |
2e4e6a17 HW |
24 | MODULE_ALIAS("ipt_MARK"); |
25 | MODULE_ALIAS("ip6t_MARK"); | |
1da177e4 LT |
26 | |
27 | static unsigned int | |
7eb35586 | 28 | mark_tg_v0(struct sk_buff *skb, const struct xt_target_param *par) |
1da177e4 | 29 | { |
7eb35586 | 30 | const struct xt_mark_target_info *markinfo = par->targinfo; |
1da177e4 | 31 | |
3db05fea | 32 | skb->mark = markinfo->mark; |
2e4e6a17 | 33 | return XT_CONTINUE; |
1da177e4 LT |
34 | } |
35 | ||
36 | static unsigned int | |
7eb35586 | 37 | mark_tg_v1(struct sk_buff *skb, const struct xt_target_param *par) |
1da177e4 | 38 | { |
7eb35586 | 39 | const struct xt_mark_target_info_v1 *markinfo = par->targinfo; |
1da177e4 LT |
40 | int mark = 0; |
41 | ||
42 | switch (markinfo->mode) { | |
2e4e6a17 | 43 | case XT_MARK_SET: |
1da177e4 LT |
44 | mark = markinfo->mark; |
45 | break; | |
601e68e1 | 46 | |
2e4e6a17 | 47 | case XT_MARK_AND: |
3db05fea | 48 | mark = skb->mark & markinfo->mark; |
1da177e4 | 49 | break; |
601e68e1 | 50 | |
2e4e6a17 | 51 | case XT_MARK_OR: |
3db05fea | 52 | mark = skb->mark | markinfo->mark; |
1da177e4 LT |
53 | break; |
54 | } | |
55 | ||
3db05fea | 56 | skb->mark = mark; |
2e4e6a17 | 57 | return XT_CONTINUE; |
1da177e4 LT |
58 | } |
59 | ||
e0a812ae | 60 | static unsigned int |
7eb35586 | 61 | mark_tg(struct sk_buff *skb, const struct xt_target_param *par) |
e0a812ae | 62 | { |
7eb35586 | 63 | const struct xt_mark_tginfo2 *info = par->targinfo; |
e0a812ae JE |
64 | |
65 | skb->mark = (skb->mark & ~info->mask) ^ info->mark; | |
66 | return XT_CONTINUE; | |
67 | } | |
68 | ||
af5d6dc2 | 69 | static bool mark_tg_check_v0(const struct xt_tgchk_param *par) |
1da177e4 | 70 | { |
af5d6dc2 | 71 | const struct xt_mark_target_info *markinfo = par->targinfo; |
bf3a46aa | 72 | |
bf3a46aa HW |
73 | if (markinfo->mark > 0xffffffff) { |
74 | printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n"); | |
e1931b78 | 75 | return false; |
bf3a46aa | 76 | } |
e1931b78 | 77 | return true; |
1da177e4 LT |
78 | } |
79 | ||
af5d6dc2 | 80 | static bool mark_tg_check_v1(const struct xt_tgchk_param *par) |
1da177e4 | 81 | { |
af5d6dc2 | 82 | const struct xt_mark_target_info_v1 *markinfo = par->targinfo; |
1da177e4 | 83 | |
2e4e6a17 HW |
84 | if (markinfo->mode != XT_MARK_SET |
85 | && markinfo->mode != XT_MARK_AND | |
86 | && markinfo->mode != XT_MARK_OR) { | |
1da177e4 LT |
87 | printk(KERN_WARNING "MARK: unknown mode %u\n", |
88 | markinfo->mode); | |
e1931b78 | 89 | return false; |
1da177e4 | 90 | } |
bf3a46aa HW |
91 | if (markinfo->mark > 0xffffffff) { |
92 | printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n"); | |
e1931b78 | 93 | return false; |
bf3a46aa | 94 | } |
e1931b78 | 95 | return true; |
1da177e4 LT |
96 | } |
97 | ||
be7263b7 | 98 | #ifdef CONFIG_COMPAT |
1fe57237 PM |
99 | struct compat_xt_mark_target_info { |
100 | compat_ulong_t mark; | |
101 | }; | |
102 | ||
e0a812ae | 103 | static void mark_tg_compat_from_user_v0(void *dst, void *src) |
1fe57237 PM |
104 | { |
105 | const struct compat_xt_mark_target_info *cm = src; | |
106 | struct xt_mark_target_info m = { | |
107 | .mark = cm->mark, | |
108 | }; | |
109 | memcpy(dst, &m, sizeof(m)); | |
110 | } | |
111 | ||
e0a812ae | 112 | static int mark_tg_compat_to_user_v0(void __user *dst, void *src) |
1fe57237 PM |
113 | { |
114 | const struct xt_mark_target_info *m = src; | |
115 | struct compat_xt_mark_target_info cm = { | |
116 | .mark = m->mark, | |
117 | }; | |
118 | return copy_to_user(dst, &cm, sizeof(cm)) ? -EFAULT : 0; | |
119 | } | |
120 | ||
be7263b7 PM |
121 | struct compat_xt_mark_target_info_v1 { |
122 | compat_ulong_t mark; | |
123 | u_int8_t mode; | |
124 | u_int8_t __pad1; | |
125 | u_int16_t __pad2; | |
126 | }; | |
127 | ||
1fe57237 | 128 | static void mark_tg_compat_from_user_v1(void *dst, void *src) |
be7263b7 | 129 | { |
a47362a2 | 130 | const struct compat_xt_mark_target_info_v1 *cm = src; |
be7263b7 PM |
131 | struct xt_mark_target_info_v1 m = { |
132 | .mark = cm->mark, | |
133 | .mode = cm->mode, | |
134 | }; | |
135 | memcpy(dst, &m, sizeof(m)); | |
136 | } | |
137 | ||
1fe57237 | 138 | static int mark_tg_compat_to_user_v1(void __user *dst, void *src) |
be7263b7 | 139 | { |
a47362a2 | 140 | const struct xt_mark_target_info_v1 *m = src; |
be7263b7 PM |
141 | struct compat_xt_mark_target_info_v1 cm = { |
142 | .mark = m->mark, | |
143 | .mode = m->mode, | |
144 | }; | |
145 | return copy_to_user(dst, &cm, sizeof(cm)) ? -EFAULT : 0; | |
146 | } | |
147 | #endif /* CONFIG_COMPAT */ | |
148 | ||
d3c5ee6d | 149 | static struct xt_target mark_tg_reg[] __read_mostly = { |
4470bbc7 PM |
150 | { |
151 | .name = "MARK", | |
ab4f21e6 | 152 | .family = NFPROTO_UNSPEC, |
4470bbc7 | 153 | .revision = 0, |
d3c5ee6d JE |
154 | .checkentry = mark_tg_check_v0, |
155 | .target = mark_tg_v0, | |
4470bbc7 | 156 | .targetsize = sizeof(struct xt_mark_target_info), |
1fe57237 PM |
157 | #ifdef CONFIG_COMPAT |
158 | .compatsize = sizeof(struct compat_xt_mark_target_info), | |
e0a812ae JE |
159 | .compat_from_user = mark_tg_compat_from_user_v0, |
160 | .compat_to_user = mark_tg_compat_to_user_v0, | |
1fe57237 | 161 | #endif |
4470bbc7 PM |
162 | .table = "mangle", |
163 | .me = THIS_MODULE, | |
164 | }, | |
165 | { | |
166 | .name = "MARK", | |
ab4f21e6 | 167 | .family = NFPROTO_UNSPEC, |
311af5cb | 168 | .revision = 1, |
e0a812ae JE |
169 | .checkentry = mark_tg_check_v1, |
170 | .target = mark_tg_v1, | |
311af5cb PM |
171 | .targetsize = sizeof(struct xt_mark_target_info_v1), |
172 | #ifdef CONFIG_COMPAT | |
173 | .compatsize = sizeof(struct compat_xt_mark_target_info_v1), | |
1fe57237 PM |
174 | .compat_from_user = mark_tg_compat_from_user_v1, |
175 | .compat_to_user = mark_tg_compat_to_user_v1, | |
311af5cb PM |
176 | #endif |
177 | .table = "mangle", | |
178 | .me = THIS_MODULE, | |
179 | }, | |
e0a812ae JE |
180 | { |
181 | .name = "MARK", | |
182 | .revision = 2, | |
55b69e91 | 183 | .family = NFPROTO_UNSPEC, |
e0a812ae JE |
184 | .target = mark_tg, |
185 | .targetsize = sizeof(struct xt_mark_tginfo2), | |
186 | .me = THIS_MODULE, | |
187 | }, | |
2e4e6a17 HW |
188 | }; |
189 | ||
d3c5ee6d | 190 | static int __init mark_tg_init(void) |
1da177e4 | 191 | { |
d3c5ee6d | 192 | return xt_register_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg)); |
1da177e4 LT |
193 | } |
194 | ||
d3c5ee6d | 195 | static void __exit mark_tg_exit(void) |
1da177e4 | 196 | { |
d3c5ee6d | 197 | xt_unregister_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg)); |
1da177e4 LT |
198 | } |
199 | ||
d3c5ee6d JE |
200 | module_init(mark_tg_init); |
201 | module_exit(mark_tg_exit); |