SOURCES (LINUX_2_6): linux-2.6-nf-ip_queue_vwmark.patch (NEW), ipt...

cieciwa Thu, 15 Sep 2005 01:12:48 -0700

Author: cieciwa                      Date: Thu Sep 15 08:11:47 2005 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- [extra] ip_queue_vwmark - kernel and iptables patch.


---- Files affected:
SOURCES:
   linux-2.6-nf-ip_queue_vwmark.patch (NONE -> 1.1.2.1)  (NEW), 
iptables-nf-ip_queue_vwmark.patch (NONE -> 1.1.2.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-nf-ip_queue_vwmark.patch
diff -u /dev/null SOURCES/linux-2.6-nf-ip_queue_vwmark.patch:1.1.2.1
--- /dev/null   Thu Sep 15 10:11:47 2005
+++ SOURCES/linux-2.6-nf-ip_queue_vwmark.patch  Thu Sep 15 10:11:41 2005
@@ -0,0 +1,89 @@
+ include/linux/netfilter_ipv4/ip_queue.h |   13 ++++++++++-
+ net/ipv4/netfilter/ip_queue.c           |   35 
++++++++++++++++++++++++++++++++
+ 2 files changed, 47 insertions(+), 1 deletion(-)
+
+diff -Nur --exclude '*.orig' 
linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_queue.h 
linux-2.6.13.1/include/linux/netfilter_ipv4/ip_queue.h
+--- linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_queue.h 2005-09-10 
04:42:58.000000000 +0200
++++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_queue.h     2005-09-15 
10:01:34.000000000 +0200
+@@ -47,10 +47,20 @@
+       unsigned char payload[0];       /* Optional replacement packet */
+ } ipq_verdict_msg_t;
+ 
++typedef struct ipq_vwmark_msg {
++      unsigned int value;             /* Verdict to hand to netfilter */
++      unsigned long id;               /* Packet ID for this verdict */
++      size_t data_len;                /* Length of replacement data */
++      unsigned char payload[0];       /* Optional replacement packet */
++      unsigned long nfmark;           /* Mark for the Packet */
++} ipq_vwmark_msg_t;
++
++
+ typedef struct ipq_peer_msg {
+       union {
+               ipq_verdict_msg_t verdict;
+               ipq_mode_msg_t mode;
++                ipq_vwmark_msg_t vwmark;
+       } msg;
+ } ipq_peer_msg_t;
+ 
+@@ -67,6 +77,7 @@
+ #define IPQM_MODE     (IPQM_BASE + 1)         /* Mode request from peer */
+ #define IPQM_VERDICT  (IPQM_BASE + 2)         /* Verdict from peer */ 
+ #define IPQM_PACKET   (IPQM_BASE + 3)         /* Packet from kernel */
+-#define IPQM_MAX      (IPQM_BASE + 4)
++#define IPQM_VWMARK   (IPQM_BASE + 4)         /* Verdict and mark from peer */
++#define IPQM_MAX      (IPQM_BASE + 5)
+ 
+ #endif /*_IP_QUEUE_H*/
+diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv4/netfilter/ip_queue.c 
linux-2.6.13.1/net/ipv4/netfilter/ip_queue.c
+--- linux-2.6.13.1.org/net/ipv4/netfilter/ip_queue.c   2005-09-10 
04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv4/netfilter/ip_queue.c       2005-09-15 
10:01:34.000000000 +0200
+@@ -450,6 +450,33 @@
+ }
+ 
+ static int
++ipq_set_vwmark(struct ipq_vwmark_msg *vmsg, unsigned int len)
++{
++      struct ipq_queue_entry *entry;
++
++      if (vmsg->value > NF_MAX_VERDICT)
++              return -EINVAL;
++
++      entry = ipq_find_dequeue_entry(id_cmp, vmsg->id);
++      if (entry == NULL)
++              return -ENOENT;
++      else {
++              int verdict = vmsg->value;
++              
++              if (vmsg->data_len && vmsg->data_len == len)
++                      if (ipq_mangle_ipv4((ipq_verdict_msg_t *)vmsg, entry) < 
0)
++                              verdict = NF_DROP;
++
++              /* set mark of associated skb */
++              entry->skb->nfmark = vmsg->nfmark;
++              
++              ipq_issue_verdict(entry, verdict);
++              return 0;
++      }
++}
++
++
++static int
+ ipq_receive_peer(struct ipq_peer_msg *pmsg,
+                  unsigned char type, unsigned int len)
+ {
+@@ -471,6 +498,14 @@
+                       status = ipq_set_verdict(&pmsg->msg.verdict,
+                                                len - sizeof(*pmsg));
+                       break;
++        case IPQM_VWMARK:
++              if (pmsg->msg.verdict.value > NF_MAX_VERDICT)
++                      status = -EINVAL;
++              else
++                      status = ipq_set_vwmark(&pmsg->msg.vwmark,
++                                               len - sizeof(*pmsg));
++                      break;
++
+       default:
+               status = -EINVAL;
+       }

================================================================
Index: SOURCES/iptables-nf-ip_queue_vwmark.patch
diff -u /dev/null SOURCES/iptables-nf-ip_queue_vwmark.patch:1.1.2.1
--- /dev/null   Thu Sep 15 10:11:47 2005
+++ SOURCES/iptables-nf-ip_queue_vwmark.patch   Thu Sep 15 10:11:41 2005
@@ -0,0 +1,79 @@
+ include/libipq/libipq.h |    7 +++++++
+ libipq/libipq.c         |   48 
++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 55 insertions(+)
+
+diff -Nur --exclude '*.orig' iptables.org/include/libipq/libipq.h 
iptables/include/libipq/libipq.h
+--- iptables.org/include/libipq/libipq.h       2005-09-15 08:05:35.000000000 
+0200
++++ iptables/include/libipq/libipq.h   2005-09-15 10:01:34.000000000 +0200
+@@ -79,6 +79,13 @@
+                     size_t data_len,
+                     unsigned char *buf);
+ 
++int ipq_set_vwmark(const struct ipq_handle *h,
++                    ipq_id_t id,
++                    unsigned int verdict,
++                    unsigned long nfmark,
++                    size_t data_len,
++                    unsigned char *buf);
++
+ int ipq_ctl(const struct ipq_handle *h, int request, ...);
+ 
+ char *ipq_errstr(void);
+diff -Nur --exclude '*.orig' iptables.org/libipq/libipq.c 
iptables/libipq/libipq.c
+--- iptables.org/libipq/libipq.c       2005-09-15 08:05:34.000000000 +0200
++++ iptables/libipq/libipq.c   2005-09-15 10:01:34.000000000 +0200
+@@ -353,6 +353,54 @@
+       return ipq_netlink_sendmsg(h, &msg, 0);
+ }
+ 
++int ipq_set_vwmark(const struct ipq_handle *h,
++                    ipq_id_t id,
++                    unsigned int verdict,
++                    unsigned long nfmark,
++                    size_t data_len,
++                    unsigned char *buf)
++{
++      unsigned char nvecs;
++      size_t tlen;
++      struct nlmsghdr nlh;
++      ipq_peer_msg_t pm;
++      struct iovec iov[3];
++      struct msghdr msg;
++
++      memset(&nlh, 0, sizeof(nlh));
++      nlh.nlmsg_flags = NLM_F_REQUEST;
++      nlh.nlmsg_type = IPQM_VWMARK;
++      nlh.nlmsg_pid = h->local.nl_pid;
++      memset(&pm, 0, sizeof(pm));
++      pm.msg.vwmark.value = verdict;
++      pm.msg.vwmark.id = id;
++      pm.msg.vwmark.data_len = data_len;
++      pm.msg.vwmark.nfmark = nfmark;
++      iov[0].iov_base = &nlh;
++      iov[0].iov_len = sizeof(nlh);
++      iov[1].iov_base = &pm;
++      iov[1].iov_len = sizeof(pm);
++      tlen = sizeof(nlh) + sizeof(pm);
++      nvecs = 2;
++      if (data_len && buf) {
++              iov[2].iov_base = buf;
++              iov[2].iov_len = data_len;
++              tlen += data_len;
++              nvecs++;
++      }
++      msg.msg_name = (void *)&h->peer;
++      msg.msg_namelen = sizeof(h->peer);
++      msg.msg_iov = iov;
++      msg.msg_iovlen = nvecs;
++      msg.msg_control = NULL;
++      msg.msg_controllen = 0;
++      msg.msg_flags = 0;
++      nlh.nlmsg_len = tlen;
++      return ipq_netlink_sendmsg(h, &msg, 0);
++}
++
++
++
+ /* Not implemented yet */
+ int ipq_ctl(const struct ipq_handle *h, int request, ...)
+ {
================================================================
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

SOURCES (LINUX_2_6): linux-2.6-nf-ip_queue_vwmark.patch (NEW), ipt...

Reply via email to