[PATCH] IPMARK - version with xtables (for 2.6.16 kernel)

[PATCH] IPMARK - version with xtables (for 2.6.16 kernel)

[Grzegorz Janoszka]

[-- Attachment #1: Type: TEXT/PLAIN, Size: 254 bytes --]


Hello,

Attached is patch to patch-o-matic-ng-20060319 but it should apply clearly 
to any of current development snapshots. All the changes are to fulfill 
kernel 2.6.16 and xtables requirements.
Please include it.

Best regards,

-- 
Grzegorz Janoszka

[-- Attachment #2: Type: TEXT/PLAIN, Size: 9900 bytes --]

diff -urN patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/include/linux/netfilter/xt_MARK.h patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/include/linux/netfilter/xt_MARK.h
--- patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/include/linux/netfilter/xt_MARK.h	1970-01-01 01:00:00.000000000 +0100
+++ patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/include/linux/netfilter/xt_MARK.h	2006-01-31 23:58:46.000000000 +0100
@@ -0,0 +1,13 @@
+#ifndef _XT_IPMARK_H_target
+#define _XT_IPMARK_H_target
+
+struct xt_ipmark_target_info {
+	unsigned long andmask;
+	unsigned long ormask;
+	unsigned char addr;
+};
+
+#define XT_IPMARK_SRC    0
+#define XT_IPMARK_DST    1
+
+#endif /*_XT_IPMARK_H_target*/
diff -urN patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h
--- patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h	2006-01-31 23:57:49.000000000 +0100
+++ patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h	1970-01-01 01:00:00.000000000 +0100
@@ -1,13 +0,0 @@
-#ifndef _IPT_IPMARK_H_target
-#define _IPT_IPMARK_H_target
-
-struct ipt_ipmark_target_info {
-	unsigned long andmask;
-	unsigned long ormask;
-	unsigned char addr;
-};
-
-#define IPT_IPMARK_SRC    0
-#define IPT_IPMARK_DST    1
-
-#endif /*_IPT_IPMARK_H_target*/
diff -urN patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c
--- patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c	2006-01-31 23:57:49.000000000 +0100
+++ patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c	1970-01-01 01:00:00.000000000 +0100
@@ -1,79 +0,0 @@
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/ip.h>
-#include <net/checksum.h>
-
-#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_IPMARK.h>
-
-MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz@Janoszka.pl>");
-MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address");
-MODULE_LICENSE("GPL");
-
-static unsigned int
-target(struct sk_buff **pskb,
-       const struct net_device *in,
-       const struct net_device *out,
-       unsigned int hooknum,
-       const void *targinfo,
-       void *userinfo)
-{
-	const struct ipt_ipmark_target_info *ipmarkinfo = targinfo;
-	struct iphdr *iph = (*pskb)->nh.iph;
-	unsigned long mark;
-
-	if (ipmarkinfo->addr == IPT_IPMARK_SRC)
-		mark = (unsigned long) ntohl(iph->saddr);
-	else
-		mark = (unsigned long) ntohl(iph->daddr);
-
-	mark &= ipmarkinfo->andmask;
-	mark |= ipmarkinfo->ormask;
-	
-	if ((*pskb)->nfmark != mark)
-		(*pskb)->nfmark = mark;
-
-	return IPT_CONTINUE;
-}
-
-static int
-checkentry(const char *tablename,
-	   const struct ipt_entry *e,
-           void *targinfo,
-           unsigned int targinfosize,
-           unsigned int hook_mask)
-{
-	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ipmark_target_info))) {
-		printk(KERN_WARNING "IPMARK: targinfosize %u != %Zu\n",
-		       targinfosize,
-		       IPT_ALIGN(sizeof(struct ipt_ipmark_target_info)));
-		return 0;
-	}
-
-	if (strcmp(tablename, "mangle") != 0) {
-		printk(KERN_WARNING "IPMARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
-		return 0;
-	}
-
-	return 1;
-}
-
-static struct ipt_target ipt_ipmark_reg = { 
-	.name = "IPMARK",
-	.target = target,
-	.checkentry = checkentry,
-	.me = THIS_MODULE
-};
-
-static int __init init(void)
-{
-	return ipt_register_target(&ipt_ipmark_reg);
-}
-
-static void __exit fini(void)
-{
-	ipt_unregister_target(&ipt_ipmark_reg);
-}
-
-module_init(init);
-module_exit(fini);
diff -urN patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd
--- patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd	2006-01-31 23:57:49.000000000 +0100
+++ patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd	1970-01-01 01:00:00.000000000 +0100
@@ -1,17 +0,0 @@
-config IP_NF_TARGET_IPMARK
-	tristate  'IPMARK target support'
-	depends on IP_NF_MANGLE
-	help
-	  This option adds a `IPMARK' target, which allows you to create rules
-	  in the `mangle' table which alter the netfilter mark field basing
-	  on the source or destination ip address of the packet.
-	  This is very useful for very fast massive shaping - using only one
-	  rule you can direct packets to houndreds different queues.
-	  You will probably find it helpful only if your linux machine acts as
-	  a shaper for many others computers.
-
-	  If you want to compile it as a module, say M here and read
-	  <file:Documentation/modules.txt>. The module will be called
-	  ipt_IPMARK.o.  If unsure, say `N'.
-
-
diff -urN patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Makefile.ladd patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Makefile.ladd
--- patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Makefile.ladd	2006-01-31 23:57:49.000000000 +0100
+++ patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Makefile.ladd	1970-01-01 01:00:00.000000000 +0100
@@ -1,2 +0,0 @@
-obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o
-obj-$(CONFIG_IP_NF_TARGET_IPMARK) += ipt_IPMARK.o
diff -urN patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/netfilter/Kconfig.ladd patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/netfilter/Kconfig.ladd
--- patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/netfilter/Kconfig.ladd	1970-01-01 01:00:00.000000000 +0100
+++ patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/netfilter/Kconfig.ladd	2006-02-01 00:13:49.000000000 +0100
@@ -0,0 +1,16 @@
+config NETFILTER_XT_TARGET_IPMARK
+	tristate  '"IPMARK" target support'
+	depends on NETFILTER_XTABLES
+	help
+	  This option adds a `IPMARK' target, which allows you to create rules
+	  in the `mangle' table which alter the netfilter mark field basing
+	  on the source or destination ip address of the packet.
+	  This is very useful for very fast massive shaping - using only one
+	  rule you can direct packets to houndreds different queues.
+	  You will probably find it helpful only if your linux machine acts as
+	  a shaper for many others computers.
+
+	  To compile it as a module, say M here. The module will be called
+	  xt_IPMARK.o.  If unsure, say `N'.
+
+
diff -urN patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/netfilter/Makefile.ladd patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/netfilter/Makefile.ladd
--- patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/netfilter/Makefile.ladd	1970-01-01 01:00:00.000000000 +0100
+++ patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/netfilter/Makefile.ladd	2006-02-01 00:14:52.000000000 +0100
@@ -0,0 +1,2 @@
+obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
+obj-$(CONFIG_NETFILTER_XT_TARGET_IPMARK) += xt_IPMARK.o
diff -urN patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/netfilter/xt_IPMARK.c patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/netfilter/xt_IPMARK.c
--- patch-o-matic-ng-20060319-orig/patchlets/IPMARK/linux-2.6/net/netfilter/xt_IPMARK.c	1970-01-01 01:00:00.000000000 +0100
+++ patch-o-matic-ng-20060319/patchlets/IPMARK/linux-2.6/net/netfilter/xt_IPMARK.c	2006-03-20 11:19:40.000000000 +0100
@@ -0,0 +1,80 @@
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <net/checksum.h>
+
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_IPMARK.h>
+
+MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz@Janoszka.pl>");
+MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("ipt_IPMARK");
+
+static unsigned int
+target(struct sk_buff **pskb,
+       const struct net_device *in,
+       const struct net_device *out,
+       unsigned int hooknum,
+       const void *targinfo,
+       void *userinfo)
+{
+	const struct xt_ipmark_target_info *ipmarkinfo = targinfo;
+	struct iphdr *iph = (*pskb)->nh.iph;
+	unsigned long mark;
+
+	if (ipmarkinfo->addr == IPT_IPMARK_SRC)
+		mark = (unsigned long) ntohl(iph->saddr);
+	else
+		mark = (unsigned long) ntohl(iph->daddr);
+
+	mark &= ipmarkinfo->andmask;
+	mark |= ipmarkinfo->ormask;
+	
+	if ((*pskb)->nfmark != mark)
+		(*pskb)->nfmark = mark;
+
+	return XT_CONTINUE;
+}
+
+static int
+checkentry(const char *tablename,
+	   const void *entry,
+           void *targinfo,
+           unsigned int targinfosize,
+           unsigned int hook_mask)
+{
+	if (targinfosize != XT_ALIGN(sizeof(struct xt_ipmark_target_info))) {
+		printk(KERN_WARNING "IPMARK: targinfosize %u != %Zu\n",
+		       targinfosize,
+		       XT_ALIGN(sizeof(struct xt_ipmark_target_info)));
+		return 0;
+	}
+
+	if (strcmp(tablename, "mangle") != 0) {
+		printk(KERN_WARNING "IPMARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
+		return 0;
+	}
+
+	return 1;
+}
+
+static struct xt_target xt_ipmark_reg = { 
+	.name = "IPMARK",
+	.target = target,
+	.checkentry = checkentry,
+	.me = THIS_MODULE
+};
+
+static int __init init(void)
+{
+	return xt_register_target(AF_INET, &xt_ipmark_reg);
+}
+
+static void __exit fini(void)
+{
+	xt_unregister_target(AF_INET, &xt_ipmark_reg);
+}
+
+module_init(init);
+module_exit(fini);

Re: [PATCH] IPMARK - version with xtables (for 2.6.16 kernel)

[Grzegorz Janoszka]

On Mon, 20 Mar 2006, Grzegorz Janoszka wrote:

> Attached is patch to patch-o-matic-ng-20060319 but it should apply clearly to 
> any of current development snapshots. All the changes are to fulfill kernel 
> 2.6.16 and xtables requirements.
> Please include it.

Can I ask anybody to patch current patch-o-matic with the included patch?

Thanks in advance.

-- 
Grzegorz Janoszka

Re: [PATCH] IPMARK - version with xtables (for 2.6.16 kernel)

[Patrick McHardy]

Grzegorz Janoszka wrote:
> 
> Hello,
> 
> Attached is patch to patch-o-matic-ng-20060319 but it should apply
> clearly to any of current development snapshots. All the changes are to
> fulfill kernel 2.6.16 and xtables requirements.
> Please include it.

Why do you want to port it to x_tables? So far your port still only
works with IPv4. Are you planning to add IPv6 support?

Re: [PATCH] IPMARK - version with xtables (for 2.6.16 kernel)

[Grzegorz Janoszka]

On Wed, 29 Mar 2006, Patrick McHardy wrote:

>> Attached is patch to patch-o-matic-ng-20060319 but it should apply
>> clearly to any of current development snapshots. All the changes are to
>> fulfill kernel 2.6.16 and xtables requirements.
>> Please include it.
> Why do you want to port it to x_tables? So far your port still only
> works with IPv4. Are you planning to add IPv6 support?

First - I thougt all netfilter targets must go to x_tables. I saw config 
of 2.6.16 and there is no such thing like iptables there.
Second - yes, I plan ipv6 when it will be commonly used.

Best regards,

-- 
Grzegorz Janoszka

Re: [PATCH] IPMARK - version with xtables (for 2.6.16 kernel)

[Patrick McHardy]

Grzegorz Janoszka wrote:
> On Wed, 29 Mar 2006, Patrick McHardy wrote:
> 
>>> Attached is patch to patch-o-matic-ng-20060319 but it should apply
>>> clearly to any of current development snapshots. All the changes are to
>>> fulfill kernel 2.6.16 and xtables requirements.
>>> Please include it.
>>
>> Why do you want to port it to x_tables? So far your port still only
>> works with IPv4. Are you planning to add IPv6 support?
> 
> 
> First - I thougt all netfilter targets must go to x_tables. I saw config
> of 2.6.16 and there is no such thing like iptables there.

No, x_tables is meant to avoid code duplication between IPv4 and IPv6.
Pure IPv4/IPv6 matches/targets should stay where they are. BTW, there
still is an iptables config option.

> Second - yes, I plan ipv6 when it will be commonly used.

That would be that point at which it should be converted to x_tables.