Convert ipt_tos to xt_tos, adding support for IPv6.
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
---
include/linux/netfilter/xt_tos.h | 13 +++++++
net/netfilter/Kconfig | 10 ++++++
net/netfilter/Makefile | 1
net/netfilter/xt_tos.c | 65 +++++++++++++++++++++++++++++++++++++++
4 files changed, 89 insertions(+)
Index: gitone/include/linux/netfilter/xt_tos.h
===================================================================
--- /dev/null
+++ gitone/include/linux/netfilter/xt_tos.h
@@ -0,0 +1,13 @@
+#ifndef _XT_TOS_MATCH_H
+#define _XT_TOS_MATCH_H
+
+struct xt_tos_info {
+ u_int8_t tos;
+ u_int8_t invert;
+};
+
+#ifndef IPTOS_NORMALSVC
+# define IPTOS_NORMALSVC 0
+#endif
+
+#endif /* _XT_TOS_MATCH_H */
Index: gitone/net/netfilter/Kconfig
===================================================================
--- gitone.orig/net/netfilter/Kconfig
+++ gitone/net/netfilter/Kconfig
@@ -679,6 +679,16 @@ config NETFILTER_XT_MATCH_TIME
If you want to compile it as a module, say M here.
If unsure, say N.
+config NETFILTER_XT_MATCH_TOS
+ tristate '"tos" match support'
+ depends on NETFILTER_XTABLES
+ ---help---
+ TOS matching allows you to match packets based on the Type Of
+ Service field of the IPv4 packet or Traffic Class field of
+ the IPv6 packet.
+
+ To compile it as a module, choose M here. If unsure, say N.
+
config NETFILTER_XT_MATCH_U32
tristate '"u32" match support'
depends on NETFILTER_XTABLES
Index: gitone/net/netfilter/Makefile
===================================================================
--- gitone.orig/net/netfilter/Makefile
+++ gitone/net/netfilter/Makefile
@@ -77,4 +77,5 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_STATISTI
obj-$(CONFIG_NETFILTER_XT_MATCH_STRING) += xt_string.o
obj-$(CONFIG_NETFILTER_XT_MATCH_TCPMSS) += xt_tcpmss.o
obj-$(CONFIG_NETFILTER_XT_MATCH_TIME) += xt_time.o
+obj-$(CONFIG_NETFILTER_XT_MATCH_TOS) += xt_tos.o
obj-$(CONFIG_NETFILTER_XT_MATCH_U32) += xt_u32.o
Index: gitone/net/netfilter/xt_tos.c
===================================================================
--- /dev/null
+++ gitone/net/netfilter/xt_tos.c
@@ -0,0 +1,65 @@
+/* Kernel module to match TOS values. */
+
+/* (C) 1999-2001 Paul `Rusty' Russell
+ * (C) 2002-2004 Netfilter Core Team <coreteam@xxxxxxxxxxxxx>
+ * © 2007 CC Computer Consultants GmbH <jengelh@xxxxxxxxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_tos.h>
+
+static bool
+xt_tos_match(const struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, const struct xt_match *match,
+ const void *matchinfo, int offset, unsigned int protoff,
+ bool *hotdrop)
+{
+ const struct xt_tos_info *info = matchinfo;
+
+ if (match->family == AF_INET)
+ return (ip_hdr(skb)->tos == info->tos) ^ info->invert;
+ else
+ return (ipv6_hdr(skb)->priority == info->tos) ^ info->invert;
+}
+
+static struct xt_match xt_tos_reg[] __read_mostly = {
+ {
+ .name = "tos",
+ .family = AF_INET,
+ .match = xt_tos_match,
+ .matchsize = sizeof(struct xt_tos_info),
+ .me = THIS_MODULE,
+ },
+ {
+ .name = "tos",
+ .family = AF_INET6,
+ .match = xt_tos_match,
+ .matchsize = sizeof(struct xt_tos_info),
+ .me = THIS_MODULE,
+ },
+};
+
+static int __init xt_tos_init(void)
+{
+ return xt_register_matches(xt_tos_reg, ARRAY_SIZE(xt_tos_reg));
+}
+
+static void __exit xt_tos_exit(void)
+{
+ xt_unregister_matches(xt_tos_reg, ARRAY_SIZE(xt_tos_reg));
+}
+
+module_init(xt_tos_init);
+module_exit(xt_tos_exit);
+MODULE_DESCRIPTION("netfilter \"tos\" match module");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("ipt_tos");
+MODULE_ALIAS("ip6t_tos");
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
