X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=net%2Fnetfilter%2Fxt_dscp.c;h=26f4aab9c42943ce4bcb7cf57bc3630ac3bdc3e1;hb=9ea319b61613085f501a79cf8d405cb221d084f3;hp=75b0df990d4fe8bd10786ab92dfbbf76101952f8;hpb=c3b33e6a2cdefba38d83442ebae2ee42e853ea51;p=linux-2.6 diff --git a/net/netfilter/xt_dscp.c b/net/netfilter/xt_dscp.c index 75b0df990d..26f4aab9c4 100644 --- a/net/netfilter/xt_dscp.c +++ b/net/netfilter/xt_dscp.c @@ -18,11 +18,12 @@ #include MODULE_AUTHOR("Harald Welte "); -MODULE_DESCRIPTION("x_tables DSCP/tos matching module"); +MODULE_DESCRIPTION("Xtables: DSCP/TOS field match"); MODULE_LICENSE("GPL"); MODULE_ALIAS("ipt_dscp"); MODULE_ALIAS("ip6t_dscp"); MODULE_ALIAS("ipt_tos"); +MODULE_ALIAS("ip6t_tos"); static bool dscp_mt(const struct sk_buff *skb, const struct net_device *in, @@ -72,6 +73,21 @@ static bool tos_mt_v0(const struct sk_buff *skb, const struct net_device *in, return (ip_hdr(skb)->tos == info->tos) ^ info->invert; } +static bool tos_mt(const struct sk_buff *skb, const struct net_device *in, + const struct net_device *out, const struct xt_match *match, + const void *matchinfo, int offset, unsigned int protoff, + bool *hotdrop) +{ + const struct xt_tos_match_info *info = matchinfo; + + if (match->family == AF_INET) + return ((ip_hdr(skb)->tos & info->tos_mask) == + info->tos_value) ^ !!info->invert; + else + return ((ipv6_get_dsfield(ipv6_hdr(skb)) & info->tos_mask) == + info->tos_value) ^ !!info->invert; +} + static struct xt_match dscp_mt_reg[] __read_mostly = { { .name = "dscp", @@ -97,6 +113,22 @@ static struct xt_match dscp_mt_reg[] __read_mostly = { .matchsize = sizeof(struct ipt_tos_info), .me = THIS_MODULE, }, + { + .name = "tos", + .revision = 1, + .family = AF_INET, + .match = tos_mt, + .matchsize = sizeof(struct xt_tos_match_info), + .me = THIS_MODULE, + }, + { + .name = "tos", + .revision = 1, + .family = AF_INET6, + .match = tos_mt, + .matchsize = sizeof(struct xt_tos_match_info), + .me = THIS_MODULE, + }, }; static int __init dscp_mt_init(void)