Re: [LARTC] How to mark a device not to be used with IMQ?

[Patrick McHardy <kaber@trash.net>]

[-- Attachment #1: Type: text/plain, Size: 1152 bytes --]

Martin Devera schrieb:
> 
> > I understand what you mean... but i thought there has to be a way from what I
> > read on the IMQ-site (http://luxik.cdi.cz/~devik/qos/imq.htm):
> >
> > --- snipp ---
> >
> > Each non-marked skb is intercepted in dev_queue_xmit and queued to IMQ if it is
> > up. Immediately it tries to dequeue it (software pump).
> >
> > --- snapp ---
> >
> > "Each non-marked skb" <-- Thats what made me think that there is a way to "mark"
> > a device...
> 
> this is only internal mark to know whether the skb was
> already in IMQ. You could use it but you would have to
> add new user parameter to the interface structure.
> I didn't want to do it as I want the pach to be as simple
> as possible.
> devik

Hi.

The same problem was bugging me a couple of days ago so i wrote an
iptables target which
allows you to exclude packets from beeing enqueued to the imq device.
The patch is tested with iptables-1.2.6a but should work with almost any
recent version.
After applying it you have to execute a "chmod +x
extensions/.IMQX-test", then
make patch-o-matic as usual.
Martin, maybe you want to put it on your imq page ?

Bye,
Patrick

[-- Attachment #2: IMQX_iptables-1.2.6a.patch --]
[-- Type: text/plain, Size: 6149 bytes --]

diff -urN iptables-1.2.6a-clean/extensions/.IMQX-test iptables-1.2.6a/extensions/.IMQX-test
--- iptables-1.2.6a-clean/extensions/.IMQX-test	Thu Jan  1 01:00:00 1970
+++ iptables-1.2.6a/extensions/.IMQX-test	Sat Mar 23 02:37:20 2002
@@ -0,0 +1,3 @@
+#!/bin/sh
+# True if IMQX target patch is applied.
+[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQX.c ] && echo IMQX
diff -urN iptables-1.2.6a-clean/extensions/libipt_IMQX.c iptables-1.2.6a/extensions/libipt_IMQX.c
--- iptables-1.2.6a-clean/extensions/libipt_IMQX.c	Thu Jan  1 01:00:00 1970
+++ iptables-1.2.6a/extensions/libipt_IMQX.c	Sat Mar 23 02:37:49 2002
@@ -0,0 +1,81 @@
+/* Shared library add-on to iptables to add IMQX target support. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <iptables.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+/* Function which prints out usage message. */
+static void
+help(void)
+{
+	printf(
+"IMQX target v%s has no options\n", 
+NETFILTER_VERSION);
+}
+
+static struct option opts[] = {
+	{ 0 }
+};
+
+/* Initialize the target. */
+static void
+init(struct ipt_entry_target *t, unsigned int *nfcache)
+{
+}
+
+/* Function which parses command options; returns true if it
+   ate an option */
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+      const struct ipt_entry *entry,
+      struct ipt_entry_target **target)
+{
+	if (c) 
+		return 0;
+
+	return 1;
+}
+
+static void
+final_check(unsigned int flags)
+{
+}
+
+/* Prints out the targinfo. */
+static void
+print(const struct ipt_ip *ip,
+      const struct ipt_entry_target *target,
+      int numeric)
+{
+	printf("IMQX");
+}
+
+/* Saves the union ipt_targinfo in parsable form to stdout. */
+static void
+save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
+{
+}
+
+static
+struct iptables_target mark
+= { NULL,
+    "IMQX",
+    NETFILTER_VERSION,
+    0,
+    0,
+    &help,
+    &init,
+    &parse,
+    &final_check,
+    &print,
+    &save,
+    opts
+};
+
+void _init(void)
+{
+	register_target(&mark);
+}
diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch iptables-1.2.6a/patch-o-matic/extra/IMQX.patch
--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch	Thu Jan  1 01:00:00 1970
+++ iptables-1.2.6a/patch-o-matic/extra/IMQX.patch	Sat Mar 23 02:37:20 2002
@@ -0,0 +1,60 @@
+diff -urN linux-2.4.18-clean/net/ipv4/netfilter/ipt_IMQX.c linux-2.4.18/net/ipv4/netfilter/ipt_IMQX.c
+--- linux-2.4.18-clean/net/ipv4/netfilter/ipt_IMQX.c	Thu Jan  1 01:00:00 1970
++++ linux-2.4.18/net/ipv4/netfilter/ipt_IMQX.c	Sat Mar 23 01:48:23 2002
+@@ -0,0 +1,56 @@
++/* This is a module which is used for setting the from_imq field of an skb. */
++#include <linux/module.h>
++#include <linux/skbuff.h>
++#include <linux/ip.h>
++#include <net/checksum.h>
++
++#include <linux/netfilter_ipv4/ip_tables.h>
++
++static unsigned int
++target(struct sk_buff **pskb,
++       unsigned int hooknum,
++       const struct net_device *in,
++       const struct net_device *out,
++       const void *targinfo,
++       void *userinfo)
++{
++	(*pskb)->from_imq = 1;
++	(*pskb)->nfcache |= NFC_ALTERED;
++
++	return IPT_CONTINUE;
++}
++
++static int
++checkentry(const char *tablename,
++	   const struct ipt_entry *e,
++           void *targinfo,
++           unsigned int targinfosize,
++           unsigned int hook_mask)
++{
++	if (strcmp(tablename, "mangle") != 0) {
++		printk(KERN_WARNING "IMQX: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
++		return 0;
++	}
++
++	return 1;
++}
++
++static struct ipt_target ipt_imqx_reg
++= { { NULL, NULL }, "IMQX", target, checkentry, NULL, THIS_MODULE };
++
++static int __init init(void)
++{
++	if (ipt_register_target(&ipt_imqx_reg))
++		return -EINVAL;
++
++	return 0;
++}
++
++static void __exit fini(void)
++{
++	ipt_unregister_target(&ipt_imqx_reg);
++}
++
++module_init(init);
++module_exit(fini);
++MODULE_LICENSE("GPL");
diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.config.in iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.config.in
--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.config.in	Thu Jan  1 01:00:00 1970
+++ iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.config.in	Sat Mar 23 02:37:20 2002
@@ -0,0 +1,4 @@
+    dep_tristate '    MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
+    if [ "$CONFIG_IMQ" == "y" ]; then
+      dep_tristate '    IMQX target support' CONFIG_IP_NF_TARGET_IMQX $CONFIG_IP_NF_MANGLE
+    fi
diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.configure.help iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.configure.help
--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.configure.help	Thu Jan  1 01:00:00 1970
+++ iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.configure.help	Sat Mar 23 02:37:20 2002
@@ -0,0 +1,8 @@
+CONFIG_IP_NF_TARGET_MARK
+IMQX target support
+CONFIG_IP_NF_TARGET_IMQX
+  IMQX allows you to exclude packets from beeing enqueued
+  to the IMQ device
+
+  If you want to compile it as a module, say M here and read
+  Documentation/modules.txt.  If unsure, say `N'.
diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.help iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.help
--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.help	Thu Jan  1 01:00:00 1970
+++ iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.help	Sat Mar 23 02:37:20 2002
@@ -0,0 +1,14 @@
+Author: Patrick McHardy <kaber@trash.net>
+Status: working
+
+This patch adds IMQX (IMQ eXclude) target for excluding
+traffic from beeing enqueued to the IMQ device.
+
+Usage:
+
+    IMQX
+	This target excludes traffic from beeing enqueued
+	to the IMQ device.
+
+Example:
+	iptables -t mangle -A POSTROUTING -o eth0 -j IMQX
diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.makefile iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.makefile
--- iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.makefile	Thu Jan  1 01:00:00 1970
+++ iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.makefile	Sat Mar 23 02:37:20 2002
@@ -0,0 +1,2 @@
+obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o
+obj-$(CONFIG_IP_NF_TARGET_IMQX) += ipt_IMQX.o