SOURCES (LINUX_2_6): linux-2.6-nf-ip_queue_vwmark.patch (NEW), ipt...

cieciwa cieciwa at pld-linux.org
Thu Sep 15 10:11:47 CEST 2005 

Author: cieciwa                      Date: Thu Sep 15 08:11:47 2005 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- [extra] ip_queue_vwmark - kernel and iptables patch.

---- Files affected:
SOURCES:
   linux-2.6-nf-ip_queue_vwmark.patch (NONE -> 1.1.2.1)  (NEW), iptables-nf-ip_queue_vwmark.patch (NONE -> 1.1.2.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-nf-ip_queue_vwmark.patch
diff -u /dev/null SOURCES/linux-2.6-nf-ip_queue_vwmark.patch:1.1.2.1
--- /dev/null	Thu Sep 15 10:11:47 2005
+++ SOURCES/linux-2.6-nf-ip_queue_vwmark.patch	Thu Sep 15 10:11:41 2005
@@ -0,0 +1,89 @@
+ include/linux/netfilter_ipv4/ip_queue.h |   13 ++++++++++-
+ net/ipv4/netfilter/ip_queue.c           |   35 ++++++++++++++++++++++++++++++++
+ 2 files changed, 47 insertions(+), 1 deletion(-)
+
+diff -Nur --exclude '*.orig' linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_queue.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_queue.h
+--- linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_queue.h	2005-09-10 04:42:58.000000000 +0200
++++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_queue.h	2005-09-15 10:01:34.000000000 +0200
+@@ -47,10 +47,20 @@
+ 	unsigned char payload[0];	/* Optional replacement packet */
+ } ipq_verdict_msg_t;
+ 
++typedef struct ipq_vwmark_msg {
++	unsigned int value;		/* Verdict to hand to netfilter */
++	unsigned long id;		/* Packet ID for this verdict */
++	size_t data_len;		/* Length of replacement data */
++	unsigned char payload[0];	/* Optional replacement packet */
++	unsigned long nfmark;		/* Mark for the Packet */
++} ipq_vwmark_msg_t;
++
++
+ typedef struct ipq_peer_msg {
+ 	union {
+ 		ipq_verdict_msg_t verdict;
+ 		ipq_mode_msg_t mode;
++                ipq_vwmark_msg_t vwmark;
+ 	} msg;
+ } ipq_peer_msg_t;
+ 
+@@ -67,6 +77,7 @@
+ #define IPQM_MODE	(IPQM_BASE + 1)		/* Mode request from peer */
+ #define IPQM_VERDICT	(IPQM_BASE + 2)		/* Verdict from peer */ 
+ #define IPQM_PACKET	(IPQM_BASE + 3)		/* Packet from kernel */
+-#define IPQM_MAX	(IPQM_BASE + 4)
++#define IPQM_VWMARK	(IPQM_BASE + 4)		/* Verdict and mark from peer */
++#define IPQM_MAX	(IPQM_BASE + 5)
+ 
+ #endif /*_IP_QUEUE_H*/
+diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv4/netfilter/ip_queue.c linux-2.6.13.1/net/ipv4/netfilter/ip_queue.c
+--- linux-2.6.13.1.org/net/ipv4/netfilter/ip_queue.c	2005-09-10 04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv4/netfilter/ip_queue.c	2005-09-15 10:01:34.000000000 +0200
+@@ -450,6 +450,33 @@
+ }
+ 
+ static int
++ipq_set_vwmark(struct ipq_vwmark_msg *vmsg, unsigned int len)
++{
++	struct ipq_queue_entry *entry;
++
++	if (vmsg->value > NF_MAX_VERDICT)
++		return -EINVAL;
++
++	entry = ipq_find_dequeue_entry(id_cmp, vmsg->id);
++	if (entry == NULL)
++		return -ENOENT;
++	else {
++		int verdict = vmsg->value;
++		
++		if (vmsg->data_len && vmsg->data_len == len)
++			if (ipq_mangle_ipv4((ipq_verdict_msg_t *)vmsg, entry) < 0)
++				verdict = NF_DROP;
++
++		/* set mark of associated skb */
++		entry->skb->nfmark = vmsg->nfmark;
++		
++		ipq_issue_verdict(entry, verdict);
++		return 0;
++	}
++}
++
++
++static int
+ ipq_receive_peer(struct ipq_peer_msg *pmsg,
+                  unsigned char type, unsigned int len)
+ {
+@@ -471,6 +498,14 @@
+ 			status = ipq_set_verdict(&pmsg->msg.verdict,
+ 			                         len - sizeof(*pmsg));
+ 			break;
++        case IPQM_VWMARK:
++		if (pmsg->msg.verdict.value > NF_MAX_VERDICT)
++			status = -EINVAL;
++		else
++			status = ipq_set_vwmark(&pmsg->msg.vwmark,
++			                         len - sizeof(*pmsg));
++			break;
++
+ 	default:
+ 		status = -EINVAL;
+ 	}

================================================================
Index: SOURCES/iptables-nf-ip_queue_vwmark.patch
diff -u /dev/null SOURCES/iptables-nf-ip_queue_vwmark.patch:1.1.2.1
--- /dev/null	Thu Sep 15 10:11:47 2005
+++ SOURCES/iptables-nf-ip_queue_vwmark.patch	Thu Sep 15 10:11:41 2005
@@ -0,0 +1,79 @@
+ include/libipq/libipq.h |    7 +++++++
+ libipq/libipq.c         |   48 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 55 insertions(+)
+
+diff -Nur --exclude '*.orig' iptables.org/include/libipq/libipq.h iptables/include/libipq/libipq.h
+--- iptables.org/include/libipq/libipq.h	2005-09-15 08:05:35.000000000 +0200
++++ iptables/include/libipq/libipq.h	2005-09-15 10:01:34.000000000 +0200
+@@ -79,6 +79,13 @@
+                     size_t data_len,
+                     unsigned char *buf);
+ 
++int ipq_set_vwmark(const struct ipq_handle *h,
++                    ipq_id_t id,
++                    unsigned int verdict,
++                    unsigned long nfmark,
++                    size_t data_len,
++                    unsigned char *buf);
++
+ int ipq_ctl(const struct ipq_handle *h, int request, ...);
+ 
+ char *ipq_errstr(void);
+diff -Nur --exclude '*.orig' iptables.org/libipq/libipq.c iptables/libipq/libipq.c
+--- iptables.org/libipq/libipq.c	2005-09-15 08:05:34.000000000 +0200
++++ iptables/libipq/libipq.c	2005-09-15 10:01:34.000000000 +0200
+@@ -353,6 +353,54 @@
+ 	return ipq_netlink_sendmsg(h, &msg, 0);
+ }
+ 
++int ipq_set_vwmark(const struct ipq_handle *h,
++                    ipq_id_t id,
++                    unsigned int verdict,
++                    unsigned long nfmark,
++                    size_t data_len,
++                    unsigned char *buf)
++{
++	unsigned char nvecs;
++	size_t tlen;
++	struct nlmsghdr nlh;
++	ipq_peer_msg_t pm;
++	struct iovec iov[3];
++	struct msghdr msg;
++
++	memset(&nlh, 0, sizeof(nlh));
++	nlh.nlmsg_flags = NLM_F_REQUEST;
++	nlh.nlmsg_type = IPQM_VWMARK;
++	nlh.nlmsg_pid = h->local.nl_pid;
++	memset(&pm, 0, sizeof(pm));
++	pm.msg.vwmark.value = verdict;
++	pm.msg.vwmark.id = id;
++	pm.msg.vwmark.data_len = data_len;
++	pm.msg.vwmark.nfmark = nfmark;
++	iov[0].iov_base = &nlh;
++	iov[0].iov_len = sizeof(nlh);
++	iov[1].iov_base = &pm;
++	iov[1].iov_len = sizeof(pm);
++	tlen = sizeof(nlh) + sizeof(pm);
++	nvecs = 2;
++	if (data_len && buf) {
++		iov[2].iov_base = buf;
++		iov[2].iov_len = data_len;
++		tlen += data_len;
++		nvecs++;
++	}
++	msg.msg_name = (void *)&h->peer;
++	msg.msg_namelen = sizeof(h->peer);
++	msg.msg_iov = iov;
++	msg.msg_iovlen = nvecs;
++	msg.msg_control = NULL;
++	msg.msg_controllen = 0;
++	msg.msg_flags = 0;
++	nlh.nlmsg_len = tlen;
++	return ipq_netlink_sendmsg(h, &msg, 0);
++}
++
++
++
+ /* Not implemented yet */
+ int ipq_ctl(const struct ipq_handle *h, int request, ...)
+ {
================================================================

More information about the pld-cvs-commit mailing list