vserver 1.9.5.x5

[linux-2.6.git] / net / ipv4 / netfilter / ipt_MARK.c

diff --git a/net/ipv4/netfilter/ipt_MARK.c b/net/ipv4/netfilter/ipt_MARK.c
index 06bcb8d..33c6f9b 100644 (file)
--- a/net/ipv4/netfilter/ipt_MARK.c
+++ b/net/ipv4/netfilter/ipt_MARK.c
@@ -20,12 +20,12 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
 MODULE_DESCRIPTION("iptables MARK modification module");
 
 static unsigned int
-target(struct sk_buff **pskb,
-       const struct net_device *in,
-       const struct net_device *out,
-       unsigned int hooknum,
-       const void *targinfo,
-       void *userinfo)
+target_v0(struct sk_buff **pskb,
+         const struct net_device *in,
+         const struct net_device *out,
+         unsigned int hooknum,
+         const void *targinfo,
+         void *userinfo)
 {
        const struct ipt_mark_target_info *markinfo = targinfo;
 
@@ -36,12 +36,45 @@ target(struct sk_buff **pskb,
        return IPT_CONTINUE;
 }
 
+static unsigned int
+target_v1(struct sk_buff **pskb,
+         const struct net_device *in,
+         const struct net_device *out,
+         unsigned int hooknum,
+         const void *targinfo,
+         void *userinfo)
+{
+       const struct ipt_mark_target_info_v1 *markinfo = targinfo;
+       int mark = 0;
+
+       switch (markinfo->mode) {
+       case IPT_MARK_SET:
+               mark = markinfo->mark;
+               break;
+               
+       case IPT_MARK_AND:
+               mark = (*pskb)->nfmark & markinfo->mark;
+               break;
+               
+       case IPT_MARK_OR:
+               mark = (*pskb)->nfmark | markinfo->mark;
+               break;
+       }
+
+       if((*pskb)->nfmark != mark) {
+               (*pskb)->nfmark = mark;
+               (*pskb)->nfcache |= NFC_ALTERED;
+       }
+       return IPT_CONTINUE;
+}
+
+
 static int
-checkentry(const char *tablename,
-          const struct ipt_entry *e,
-           void *targinfo,
-           unsigned int targinfosize,
-           unsigned int hook_mask)
+checkentry_v0(const char *tablename,
+             const struct ipt_entry *e,
+             void *targinfo,
+             unsigned int targinfosize,
+             unsigned int hook_mask)
 {
        if (targinfosize != IPT_ALIGN(sizeof(struct ipt_mark_target_info))) {
                printk(KERN_WARNING "MARK: targinfosize %u != %Zu\n",
@@ -58,21 +91,71 @@ checkentry(const char *tablename,
        return 1;
 }
 
-static struct ipt_target ipt_mark_reg = {
+static int
+checkentry_v1(const char *tablename,
+             const struct ipt_entry *e,
+             void *targinfo,
+             unsigned int targinfosize,
+             unsigned int hook_mask)
+{
+       struct ipt_mark_target_info_v1 *markinfo = targinfo;
+
+       if (targinfosize != IPT_ALIGN(sizeof(struct ipt_mark_target_info_v1))){
+               printk(KERN_WARNING "MARK: targinfosize %u != %Zu\n",
+                      targinfosize,
+                      IPT_ALIGN(sizeof(struct ipt_mark_target_info_v1)));
+               return 0;
+       }
+
+       if (strcmp(tablename, "mangle") != 0) {
+               printk(KERN_WARNING "MARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
+               return 0;
+       }
+
+       if (markinfo->mode != IPT_MARK_SET
+           && markinfo->mode != IPT_MARK_AND
+           && markinfo->mode != IPT_MARK_OR) {
+               printk(KERN_WARNING "MARK: unknown mode %u\n",
+                      markinfo->mode);
+               return 0;
+       }
+
+       return 1;
+}
+
+static struct ipt_target ipt_mark_reg_v0 = {
        .name           = "MARK",
-       .target         = target,
-       .checkentry     = checkentry,
+       .target         = target_v0,
+       .checkentry     = checkentry_v0,
        .me             = THIS_MODULE,
+       .revision       = 0,
+};
+
+static struct ipt_target ipt_mark_reg_v1 = {
+       .name           = "MARK",
+       .target         = target_v1,
+       .checkentry     = checkentry_v1,
+       .me             = THIS_MODULE,
+       .revision       = 1,
 };
 
 static int __init init(void)
 {
-       return ipt_register_target(&ipt_mark_reg);
+       int err;
+
+       err = ipt_register_target(&ipt_mark_reg_v0);
+       if (!err) {
+               err = ipt_register_target(&ipt_mark_reg_v1);
+               if (err)
+                       ipt_unregister_target(&ipt_mark_reg_v0);
+       }
+       return err;
 }
 
 static void __exit fini(void)
 {
-       ipt_unregister_target(&ipt_mark_reg);
+       ipt_unregister_target(&ipt_mark_reg_v0);
+       ipt_unregister_target(&ipt_mark_reg_v1);
 }
 
 module_init(init);