1 /* Shared library add-on to iptables for DSCP
3 * (C) 2002 by Harald Welte <laforge@gnumonks.org>
5 * This program is distributed under the terms of GNU GPL v2, 1991
7 * libipt_dscp.c borrowed heavily from libipt_tos.c
9 * --class support added by Iain Barnes
11 * For a list of DSCP codepoints see
12 * http://www.iana.org/assignments/dscp-registry
21 #include <linux/netfilter_ipv4/ip_tables.h>
22 #include <linux/netfilter_ipv4/ipt_dscp.h>
24 /* This is evil, but it's my code - HW*/
25 #include "libipt_dscp_helper.c"
27 static void init(struct ipt_entry_match *m, unsigned int *nfcache)
29 *nfcache |= NFC_IP_TOS;
32 static void help(void)
35 "DSCP match v%s options\n"
36 "[!] --dscp value Match DSCP codepoint with numerical value\n"
37 " This value can be in decimal (ex: 32)\n"
38 " or in hex (ex: 0x20)\n"
39 "[!] --dscp-class name Match the DiffServ class. This value may\n"
40 " be any of the BE,EF, AFxx or CSx classes\n"
42 " These two options are mutually exclusive !\n"
47 static struct option opts[] = {
48 { "dscp", 1, 0, 'F' },
49 { "dscp-class", 1, 0, 'G' },
54 parse_dscp(const unsigned char *s, struct ipt_dscp_info *dinfo)
58 if (string_to_number(s, 0, 255, &dscp) == -1)
59 exit_error(PARAMETER_PROBLEM,
60 "Invalid dscp `%s'\n", s);
62 if (dscp > IPT_DSCP_MAX)
63 exit_error(PARAMETER_PROBLEM,
64 "DSCP `%d` out of range\n", dscp);
66 dinfo->dscp = (u_int8_t )dscp;
72 parse_class(const char *s, struct ipt_dscp_info *dinfo)
74 unsigned int dscp = class_to_dscp(s);
76 /* Assign the value */
77 dinfo->dscp = (u_int8_t)dscp;
82 parse(int c, char **argv, int invert, unsigned int *flags,
83 const struct ipt_entry *entry,
84 unsigned int *nfcache,
85 struct ipt_entry_match **match)
87 struct ipt_dscp_info *dinfo
88 = (struct ipt_dscp_info *)(*match)->data;
93 exit_error(PARAMETER_PROBLEM,
94 "DSCP match: Only use --dscp ONCE!");
95 check_inverse(optarg, &invert, &optind, 0);
96 parse_dscp(argv[optind-1], dinfo);
104 exit_error(PARAMETER_PROBLEM,
105 "DSCP match: Only use --dscp-class ONCE!");
106 check_inverse(optarg, &invert, &optind, 0);
107 parse_class(argv[optind - 1], dinfo);
121 final_check(unsigned int flags)
124 exit_error(PARAMETER_PROBLEM,
125 "DSCP match: Parameter --dscp is required");
129 print_dscp(u_int8_t dscp, int invert, int numeric)
134 printf("0x%02x ", dscp);
137 /* Prints out the matchinfo. */
139 print(const struct ipt_ip *ip,
140 const struct ipt_entry_match *match,
143 const struct ipt_dscp_info *dinfo =
144 (const struct ipt_dscp_info *)match->data;
145 printf("DSCP match ");
146 print_dscp(dinfo->dscp, dinfo->invert, numeric);
149 /* Saves the union ipt_matchinfo in parsable form to stdout. */
151 save(const struct ipt_ip *ip, const struct ipt_entry_match *match)
153 const struct ipt_dscp_info *dinfo =
154 (const struct ipt_dscp_info *)match->data;
157 print_dscp(dinfo->dscp, dinfo->invert, 1);
161 struct iptables_match dscp
165 IPT_ALIGN(sizeof(struct ipt_dscp_info)),
166 IPT_ALIGN(sizeof(struct ipt_dscp_info)),
178 register_match(&dscp);