Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/* IP tables module for matching the value of the IPv4/IPv6 DSCP field
3 *
4 * (C) 2002 by Harald Welte <laforge@netfilter.org>
5 */
6#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7#include <linux/module.h>
8#include <linux/skbuff.h>
9#include <linux/ip.h>
10#include <linux/ipv6.h>
11#include <net/dsfield.h>
12
13#include <linux/netfilter/x_tables.h>
14#include <linux/netfilter/xt_dscp.h>
15
16MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
17MODULE_DESCRIPTION("Xtables: DSCP/TOS field match");
18MODULE_LICENSE("GPL");
19MODULE_ALIAS("ipt_dscp");
20MODULE_ALIAS("ip6t_dscp");
21MODULE_ALIAS("ipt_tos");
22MODULE_ALIAS("ip6t_tos");
23
24static bool
25dscp_mt(const struct sk_buff *skb, struct xt_action_param *par)
26{
27 const struct xt_dscp_info *info = par->matchinfo;
28 u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
29
30 return (dscp == info->dscp) ^ !!info->invert;
31}
32
33static bool
34dscp_mt6(const struct sk_buff *skb, struct xt_action_param *par)
35{
36 const struct xt_dscp_info *info = par->matchinfo;
37 u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
38
39 return (dscp == info->dscp) ^ !!info->invert;
40}
41
42static int dscp_mt_check(const struct xt_mtchk_param *par)
43{
44 const struct xt_dscp_info *info = par->matchinfo;
45
46 if (info->dscp > XT_DSCP_MAX)
47 return -EDOM;
48
49 return 0;
50}
51
52static bool tos_mt(const struct sk_buff *skb, struct xt_action_param *par)
53{
54 const struct xt_tos_match_info *info = par->matchinfo;
55
56 if (xt_family(par) == NFPROTO_IPV4)
57 return ((ip_hdr(skb)->tos & info->tos_mask) ==
58 info->tos_value) ^ !!info->invert;
59 else
60 return ((ipv6_get_dsfield(ipv6_hdr(skb)) & info->tos_mask) ==
61 info->tos_value) ^ !!info->invert;
62}
63
64static struct xt_match dscp_mt_reg[] __read_mostly = {
65 {
66 .name = "dscp",
67 .family = NFPROTO_IPV4,
68 .checkentry = dscp_mt_check,
69 .match = dscp_mt,
70 .matchsize = sizeof(struct xt_dscp_info),
71 .me = THIS_MODULE,
72 },
73 {
74 .name = "dscp",
75 .family = NFPROTO_IPV6,
76 .checkentry = dscp_mt_check,
77 .match = dscp_mt6,
78 .matchsize = sizeof(struct xt_dscp_info),
79 .me = THIS_MODULE,
80 },
81 {
82 .name = "tos",
83 .revision = 1,
84 .family = NFPROTO_IPV4,
85 .match = tos_mt,
86 .matchsize = sizeof(struct xt_tos_match_info),
87 .me = THIS_MODULE,
88 },
89 {
90 .name = "tos",
91 .revision = 1,
92 .family = NFPROTO_IPV6,
93 .match = tos_mt,
94 .matchsize = sizeof(struct xt_tos_match_info),
95 .me = THIS_MODULE,
96 },
97};
98
99static int __init dscp_mt_init(void)
100{
101 return xt_register_matches(dscp_mt_reg, ARRAY_SIZE(dscp_mt_reg));
102}
103
104static void __exit dscp_mt_exit(void)
105{
106 xt_unregister_matches(dscp_mt_reg, ARRAY_SIZE(dscp_mt_reg));
107}
108
109module_init(dscp_mt_init);
110module_exit(dscp_mt_exit);
1/* IP tables module for matching the value of the IPv4/IPv6 DSCP field
2 *
3 * (C) 2002 by Harald Welte <laforge@netfilter.org>
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/module.h>
11#include <linux/skbuff.h>
12#include <linux/ip.h>
13#include <linux/ipv6.h>
14#include <net/dsfield.h>
15
16#include <linux/netfilter/x_tables.h>
17#include <linux/netfilter/xt_dscp.h>
18
19MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
20MODULE_DESCRIPTION("Xtables: DSCP/TOS field match");
21MODULE_LICENSE("GPL");
22MODULE_ALIAS("ipt_dscp");
23MODULE_ALIAS("ip6t_dscp");
24MODULE_ALIAS("ipt_tos");
25MODULE_ALIAS("ip6t_tos");
26
27static bool
28dscp_mt(const struct sk_buff *skb, struct xt_action_param *par)
29{
30 const struct xt_dscp_info *info = par->matchinfo;
31 u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
32
33 return (dscp == info->dscp) ^ !!info->invert;
34}
35
36static bool
37dscp_mt6(const struct sk_buff *skb, struct xt_action_param *par)
38{
39 const struct xt_dscp_info *info = par->matchinfo;
40 u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
41
42 return (dscp == info->dscp) ^ !!info->invert;
43}
44
45static int dscp_mt_check(const struct xt_mtchk_param *par)
46{
47 const struct xt_dscp_info *info = par->matchinfo;
48
49 if (info->dscp > XT_DSCP_MAX)
50 return -EDOM;
51
52 return 0;
53}
54
55static bool tos_mt(const struct sk_buff *skb, struct xt_action_param *par)
56{
57 const struct xt_tos_match_info *info = par->matchinfo;
58
59 if (xt_family(par) == NFPROTO_IPV4)
60 return ((ip_hdr(skb)->tos & info->tos_mask) ==
61 info->tos_value) ^ !!info->invert;
62 else
63 return ((ipv6_get_dsfield(ipv6_hdr(skb)) & info->tos_mask) ==
64 info->tos_value) ^ !!info->invert;
65}
66
67static struct xt_match dscp_mt_reg[] __read_mostly = {
68 {
69 .name = "dscp",
70 .family = NFPROTO_IPV4,
71 .checkentry = dscp_mt_check,
72 .match = dscp_mt,
73 .matchsize = sizeof(struct xt_dscp_info),
74 .me = THIS_MODULE,
75 },
76 {
77 .name = "dscp",
78 .family = NFPROTO_IPV6,
79 .checkentry = dscp_mt_check,
80 .match = dscp_mt6,
81 .matchsize = sizeof(struct xt_dscp_info),
82 .me = THIS_MODULE,
83 },
84 {
85 .name = "tos",
86 .revision = 1,
87 .family = NFPROTO_IPV4,
88 .match = tos_mt,
89 .matchsize = sizeof(struct xt_tos_match_info),
90 .me = THIS_MODULE,
91 },
92 {
93 .name = "tos",
94 .revision = 1,
95 .family = NFPROTO_IPV6,
96 .match = tos_mt,
97 .matchsize = sizeof(struct xt_tos_match_info),
98 .me = THIS_MODULE,
99 },
100};
101
102static int __init dscp_mt_init(void)
103{
104 return xt_register_matches(dscp_mt_reg, ARRAY_SIZE(dscp_mt_reg));
105}
106
107static void __exit dscp_mt_exit(void)
108{
109 xt_unregister_matches(dscp_mt_reg, ARRAY_SIZE(dscp_mt_reg));
110}
111
112module_init(dscp_mt_init);
113module_exit(dscp_mt_exit);