Merge git://git.kernel.org/pub/scm/linux/kernel/git/hpa/linux-2.6-inttypes

[linux.git] / net / netfilter / xt_dscp.c

diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c
index 56b247ecc283b7dbc8f546526a80335b24c9dd80..26f4aab9c42943ce4bcb7cf57bc3630ac3bdc3e1 100644 (file)
--- a/net/netfilter/xt_dscp.c
+++ b/net/netfilter/xt_dscp.c
@@ -13,23 +13,22 @@
 #include <linux/ipv6.h>
 #include <net/dsfield.h>
 
-#include <linux/netfilter/xt_dscp.h>
 #include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_dscp.h>
+#include <linux/netfilter_ipv4/ipt_tos.h>
 
 MODULE_AUTHOR("Harald Welte <[email protected]>");
-MODULE_DESCRIPTION("x_tables DSCP matching module");
+MODULE_DESCRIPTION("Xtables: DSCP/TOS field match");
 MODULE_LICENSE("GPL");
 MODULE_ALIAS("ipt_dscp");
 MODULE_ALIAS("ip6t_dscp");
+MODULE_ALIAS("ipt_tos");
+MODULE_ALIAS("ip6t_tos");
 
-static int match(const struct sk_buff *skb,
-                const struct net_device *in,
-                const struct net_device *out,
-                const struct xt_match *match,
-                const void *matchinfo,
-                int offset,
-                unsigned int protoff,
-                int *hotdrop)
+static bool
+dscp_mt(const struct sk_buff *skb, const struct net_device *in,
+        const struct net_device *out, const struct xt_match *match,
+        const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop)
 {
        const struct xt_dscp_info *info = matchinfo;
        u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
@@ -37,14 +36,11 @@ static int match(const struct sk_buff *skb,
        return (dscp == info->dscp) ^ !!info->invert;
 }
 
-static int match6(const struct sk_buff *skb,
-                 const struct net_device *in,
-                 const struct net_device *out,
-                 const struct xt_match *match,
-                 const void *matchinfo,
-                 int offset,
-                 unsigned int protoff,
-                 int *hotdrop)
+static bool
+dscp_mt6(const struct sk_buff *skb, const struct net_device *in,
+         const struct net_device *out, const struct xt_match *match,
+         const void *matchinfo, int offset, unsigned int protoff,
+         bool *hotdrop)
 {
        const struct xt_dscp_info *info = matchinfo;
        u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
@@ -52,50 +48,98 @@ static int match6(const struct sk_buff *skb,
        return (dscp == info->dscp) ^ !!info->invert;
 }
 
-static int checkentry(const char *tablename,
-                     const void *info,
-                     const struct xt_match *match,
-                     void *matchinfo,
-                     unsigned int hook_mask)
+static bool
+dscp_mt_check(const char *tablename, const void *info,
+              const struct xt_match *match, void *matchinfo,
+              unsigned int hook_mask)
 {
        const u_int8_t dscp = ((struct xt_dscp_info *)matchinfo)->dscp;
 
        if (dscp > XT_DSCP_MAX) {
                printk(KERN_ERR "xt_dscp: dscp %x out of range\n", dscp);
-               return 0;
+               return false;
        }
 
-       return 1;
+       return true;
+}
+
+static bool tos_mt_v0(const struct sk_buff *skb, const struct net_device *in,
+                      const struct net_device *out,
+                      const struct xt_match *match, const void *matchinfo,
+                      int offset, unsigned int protoff, bool *hotdrop)
+{
+       const struct ipt_tos_info *info = matchinfo;
+
+       return (ip_hdr(skb)->tos == info->tos) ^ info->invert;
 }
 
-static struct xt_match xt_dscp_match[] = {
+static bool tos_mt(const struct sk_buff *skb, const struct net_device *in,
+                   const struct net_device *out, const struct xt_match *match,
+                   const void *matchinfo, int offset, unsigned int protoff,
+                   bool *hotdrop)
+{
+       const struct xt_tos_match_info *info = matchinfo;
+
+       if (match->family == AF_INET)
+               return ((ip_hdr(skb)->tos & info->tos_mask) ==
+                      info->tos_value) ^ !!info->invert;
+       else
+               return ((ipv6_get_dsfield(ipv6_hdr(skb)) & info->tos_mask) ==
+                      info->tos_value) ^ !!info->invert;
+}
+
+static struct xt_match dscp_mt_reg[] __read_mostly = {
        {
                .name           = "dscp",
                .family         = AF_INET,
-               .checkentry     = checkentry,
-               .match          = match,
+               .checkentry     = dscp_mt_check,
+               .match          = dscp_mt,
                .matchsize      = sizeof(struct xt_dscp_info),
                .me             = THIS_MODULE,
        },
        {
                .name           = "dscp",
                .family         = AF_INET6,
-               .checkentry     = checkentry,
-               .match          = match6,
+               .checkentry     = dscp_mt_check,
+               .match          = dscp_mt6,
                .matchsize      = sizeof(struct xt_dscp_info),
                .me             = THIS_MODULE,
        },
+       {
+               .name           = "tos",
+               .revision       = 0,
+               .family         = AF_INET,
+               .match          = tos_mt_v0,
+               .matchsize      = sizeof(struct ipt_tos_info),
+               .me             = THIS_MODULE,
+       },
+       {
+               .name           = "tos",
+               .revision       = 1,
+               .family         = AF_INET,
+               .match          = tos_mt,
+               .matchsize      = sizeof(struct xt_tos_match_info),
+               .me             = THIS_MODULE,
+       },
+       {
+               .name           = "tos",
+               .revision       = 1,
+               .family         = AF_INET6,
+               .match          = tos_mt,
+               .matchsize      = sizeof(struct xt_tos_match_info),
+               .me             = THIS_MODULE,
+       },
 };
 
-static int __init xt_dscp_match_init(void)
+static int __init dscp_mt_init(void)
 {
-       return xt_register_matches(xt_dscp_match, ARRAY_SIZE(xt_dscp_match));
+       return xt_register_matches(dscp_mt_reg, ARRAY_SIZE(dscp_mt_reg));
 }
 
-static void __exit xt_dscp_match_fini(void)
+static void __exit dscp_mt_exit(void)
 {
-       xt_unregister_matches(xt_dscp_match, ARRAY_SIZE(xt_dscp_match));
+       xt_unregister_matches(dscp_mt_reg, ARRAY_SIZE(dscp_mt_reg));
 }
 
-module_init(xt_dscp_match_init);
-module_exit(xt_dscp_match_fini);
+module_init(dscp_mt_init);
+module_exit(dscp_mt_exit);