[NETFILTER 05/05]: ebt_mark: add or/and/xor action support to mark target

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 05/05]: ebt_mark: add or/and/xor action support to mark target
Date: Mon,  2 Oct 2006 17:46:10 +0200 (MEST)	[thread overview]
Message-ID: <20061002154723.13121.55358.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20061002154716.13121.53265.sendpatchset@localhost.localdomain>

[NETFILTER]: ebt_mark: add or/and/xor action support to mark target

The following patch adds or/and/xor functionality for the mark target,
while staying backwards compatible.

Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 9a2c1735d4cf9c120d67d9bf82bb4455804f2041
tree 9049c23fafecd717254cbe066c1f9e310e5227a8
parent 606add40816396611545a6239c1029a473448d9f
author Bart De Schuymer <bdschuym@pandora.be> Mon, 02 Oct 2006 17:39:55 +0200
committer Patrick McHardy <kaber@trash.net> Mon, 02 Oct 2006 17:39:55 +0200

 include/linux/netfilter_bridge/ebt_mark_t.h |   12 ++++++++++++
 net/bridge/netfilter/ebt_mark.c             |   21 +++++++++++++++++----
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/include/linux/netfilter_bridge/ebt_mark_t.h b/include/linux/netfilter_bridge/ebt_mark_t.h
index 110fec6..6270f6f 100644
--- a/include/linux/netfilter_bridge/ebt_mark_t.h
+++ b/include/linux/netfilter_bridge/ebt_mark_t.h
@@ -1,6 +1,18 @@
 #ifndef __LINUX_BRIDGE_EBT_MARK_T_H
 #define __LINUX_BRIDGE_EBT_MARK_T_H
 
+/* The target member is reused for adding new actions, the
+ * value of the real target is -1 to -NUM_STANDARD_TARGETS.
+ * For backward compatibility, the 4 lsb (2 would be enough,
+ * but let's play it safe) are kept to designate this target.
+ * The remaining bits designate the action. By making the set
+ * action 0xfffffff0, the result will look ok for older
+ * versions. [September 2006] */
+#define MARK_SET_VALUE (0xfffffff0)
+#define MARK_OR_VALUE  (0xffffffe0)
+#define MARK_AND_VALUE (0xffffffd0)
+#define MARK_XOR_VALUE (0xffffffc0)
+
 struct ebt_mark_t_info
 {
 	unsigned long mark;
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index 770c0df..b54306a 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -22,24 +22,37 @@ static int ebt_target_mark(struct sk_buf
    const void *data, unsigned int datalen)
 {
 	struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data;
+	int action = info->target & -16;
 
-	if ((*pskb)->nfmark != info->mark)
+	if (action == MARK_SET_VALUE)
 		(*pskb)->nfmark = info->mark;
+	else if (action == MARK_OR_VALUE)
+		(*pskb)->nfmark |= info->mark;
+	else if (action == MARK_AND_VALUE)
+		(*pskb)->nfmark &= info->mark;
+	else
+		(*pskb)->nfmark ^= info->mark;
 
-	return info->target;
+	return info->target | -16;
 }
 
 static int ebt_target_mark_check(const char *tablename, unsigned int hookmask,
    const struct ebt_entry *e, void *data, unsigned int datalen)
 {
 	struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data;
+	int tmp;
 
 	if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_t_info)))
 		return -EINVAL;
-	if (BASE_CHAIN && info->target == EBT_RETURN)
+	tmp = info->target | -16;
+	if (BASE_CHAIN && tmp == EBT_RETURN)
 		return -EINVAL;
 	CLEAR_BASE_CHAIN_BIT;
-	if (INVALID_TARGET)
+	if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
+		return -EINVAL;
+	tmp = info->target & -16;
+	if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE &&
+	    tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE)
 		return -EINVAL;
 	return 0;
 }

next prev parent reply	other threads:[~2006-10-02 15:46 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-10-02 15:46 [NETFILTER 00/05]: Small netfilter update Patrick McHardy
2006-10-02 15:46 ` [NETFILTER 01/05]: Kconfig: fix xt_physdev dependencies Patrick McHardy
2006-10-02 15:46 ` [NETFILTER 02/05]: add type parameter to ip_route_me_harder Patrick McHardy
2006-10-02 15:46 ` [NETFILTER 03/05]: Honour source routing for LVS-NAT Patrick McHardy
2006-10-02 15:46 ` [NETFILTER 04/05]: ipt_REJECT: remove largely duplicate route_reverse function Patrick McHardy
2006-10-02 15:46 ` Patrick McHardy [this message]
2006-10-02 23:13 ` [NETFILTER 00/05]: Small netfilter update David Miller
2006-10-10  4:38   ` Patrick McHardy

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:110fec6 dfblob:6270f6f dfblob:770c0df dfblob:b54306a )
 OR (
bs:"[NETFILTER 05/05]: ebt_mark: add or/and/xor action support to mark target" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20061002154723.13121.55358.sendpatchset@localhost.localdomain \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.