diff options
| author | Jan Engelhardt <jengelh@computergmbh.de> | 2007-12-04 23:37:54 -0800 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-28 14:55:58 -0800 |
| commit | c3b33e6a2cdefba38d83442ebae2ee42e853ea51 (patch) | |
| tree | 94035811ab565178e10b7db09b489f7d40dad37b /net/netfilter | |
| parent | 3c3f486603438130b93b33acd92db0f994ec3e55 (diff) | |
| download | kernel_samsung_aries-c3b33e6a2cdefba38d83442ebae2ee42e853ea51.zip kernel_samsung_aries-c3b33e6a2cdefba38d83442ebae2ee42e853ea51.tar.gz kernel_samsung_aries-c3b33e6a2cdefba38d83442ebae2ee42e853ea51.tar.bz2 | |
[NETFILTER]: Merge ipt_tos into xt_dscp
Merge ipt_tos into xt_dscp.
Merge ipt_tos (tos v0 match) into xt_dscp. They both match on the same
field in the IPv4 header, so it seems reasonable to keep them in one
piece. This is part one of the implicit 4-patch series to move tos to
xtables and extend it by IPv6.
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/Kconfig | 6 | ||||
| -rw-r--r-- | net/netfilter/xt_dscp.c | 24 |
2 files changed, 27 insertions, 3 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index d220607..1804916 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -487,7 +487,7 @@ config NETFILTER_XT_MATCH_DCCP <file:Documentation/kbuild/modules.txt>. If unsure, say `N'. config NETFILTER_XT_MATCH_DSCP - tristate '"dscp" match support' + tristate '"dscp" and "tos" match support' depends on NETFILTER_XTABLES help This option adds a `DSCP' match, which allows you to match against @@ -495,6 +495,10 @@ config NETFILTER_XT_MATCH_DSCP The DSCP field can have any value between 0x0 and 0x3f inclusive. + It will also add a "tos" match, which allows you to match packets + based on the Type Of Service fields of the IPv4 packet (which share + the same bits as DSCP). + To compile it as a module, choose M here. If unsure, say N. config NETFILTER_XT_MATCH_ESP diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c index 63f7354..75b0df9 100644 --- a/net/netfilter/xt_dscp.c +++ b/net/netfilter/xt_dscp.c @@ -13,14 +13,16 @@ #include <linux/ipv6.h> #include <net/dsfield.h> -#include <linux/netfilter/xt_dscp.h> #include <linux/netfilter/x_tables.h> +#include <linux/netfilter/xt_dscp.h> +#include <linux/netfilter_ipv4/ipt_tos.h> MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); -MODULE_DESCRIPTION("x_tables DSCP matching module"); +MODULE_DESCRIPTION("x_tables DSCP/tos matching module"); MODULE_LICENSE("GPL"); MODULE_ALIAS("ipt_dscp"); MODULE_ALIAS("ip6t_dscp"); +MODULE_ALIAS("ipt_tos"); static bool dscp_mt(const struct sk_buff *skb, const struct net_device *in, @@ -60,6 +62,16 @@ dscp_mt_check(const char *tablename, const void *info, return true; } +static bool tos_mt_v0(const struct sk_buff *skb, const struct net_device *in, + const struct net_device *out, + const struct xt_match *match, const void *matchinfo, + int offset, unsigned int protoff, bool *hotdrop) +{ + const struct ipt_tos_info *info = matchinfo; + + return (ip_hdr(skb)->tos == info->tos) ^ info->invert; +} + static struct xt_match dscp_mt_reg[] __read_mostly = { { .name = "dscp", @@ -77,6 +89,14 @@ static struct xt_match dscp_mt_reg[] __read_mostly = { .matchsize = sizeof(struct xt_dscp_info), .me = THIS_MODULE, }, + { + .name = "tos", + .revision = 0, + .family = AF_INET, + .match = tos_mt_v0, + .matchsize = sizeof(struct ipt_tos_info), + .me = THIS_MODULE, + }, }; static int __init dscp_mt_init(void) |