1/* iptables module for setting the IPv4 DSCP field, Version 1.8 2 * 3 * (C) 2002 by Harald Welte <laforge@gnumonks.org> 4 * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> 5 * This software is distributed under GNU GPL v2, 1991 6 * 7 * See RFC2474 for a description of the DSCP field within the IP Header. 8 * 9 * ipt_DSCP.c,v 1.8 2002/08/06 18:41:57 laforge Exp 10*/ 11 12#include <linux/module.h> 13#include <linux/skbuff.h> 14#include <linux/ip.h> 15#include <net/checksum.h> 16 17#include <linux/netfilter_ipv4/ip_tables.h> 18#include <linux/netfilter_ipv4/ipt_DSCP.h> 19 20MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); 21MODULE_DESCRIPTION("IP tables DSCP modification module"); 22MODULE_LICENSE("GPL"); 23 24static unsigned int 25target(struct sk_buff **pskb, 26 unsigned int hooknum, 27 const struct net_device *in, 28 const struct net_device *out, 29 const void *targinfo, 30 void *userinfo) 31{ 32 struct iphdr *iph = (*pskb)->nh.iph; 33 const struct ipt_DSCP_info *dinfo = targinfo; 34 u_int8_t sh_dscp = ((dinfo->dscp << IPT_DSCP_SHIFT) & IPT_DSCP_MASK); 35 36 37 if ((iph->tos & IPT_DSCP_MASK) != sh_dscp) { 38 u_int16_t diffs[2]; 39 40 /* raw socket (tcpdump) may have clone of incoming 41 * skb: don't disturb it --RR */ 42 if (skb_cloned(*pskb) && !(*pskb)->sk) { 43 struct sk_buff *nskb = skb_copy(*pskb, GFP_ATOMIC); 44 if (!nskb) 45 return NF_DROP; 46 kfree_skb(*pskb); 47 *pskb = nskb; 48 iph = (*pskb)->nh.iph; 49 } 50 51 diffs[0] = htons(iph->tos) ^ 0xFFFF; 52 iph->tos = (iph->tos & ~IPT_DSCP_MASK) | sh_dscp; 53 diffs[1] = htons(iph->tos); 54 iph->check = csum_fold(csum_partial((char *)diffs, 55 sizeof(diffs), 56 iph->check^0xFFFF)); 57 (*pskb)->nfcache |= NFC_ALTERED; 58 } 59 return IPT_CONTINUE; 60} 61 62static int 63checkentry(const char *tablename, 64 const struct ipt_entry *e, 65 void *targinfo, 66 unsigned int targinfosize, 67 unsigned int hook_mask) 68{ 69 const u_int8_t dscp = ((struct ipt_DSCP_info *)targinfo)->dscp; 70 71 if (targinfosize != IPT_ALIGN(sizeof(struct ipt_DSCP_info))) { 72 printk(KERN_WARNING "DSCP: targinfosize %u != %Zu\n", 73 targinfosize, 74 IPT_ALIGN(sizeof(struct ipt_DSCP_info))); 75 return 0; 76 } 77 78 if (strcmp(tablename, "mangle") != 0) { 79 printk(KERN_WARNING "DSCP: can only be called from \"mangle\" table, not \"%s\"\n", tablename); 80 return 0; 81 } 82 83 if ((dscp > IPT_DSCP_MAX)) { 84 printk(KERN_WARNING "DSCP: dscp %x out of range\n", dscp); 85 return 0; 86 } 87 88 return 1; 89} 90 91static struct ipt_target ipt_dscp_reg 92= { { NULL, NULL }, "DSCP", target, checkentry, NULL, THIS_MODULE }; 93 94static int __init init(void) 95{ 96 if (ipt_register_target(&ipt_dscp_reg)) 97 return -EINVAL; 98 99 return 0; 100} 101 102static void __exit fini(void) 103{ 104 ipt_unregister_target(&ipt_dscp_reg); 105} 106 107module_init(init); 108module_exit(fini); 109