Author: cieciwa Date: Thu Sep 15 08:11:47 2005 GMT Module: SOURCES Tag: LINUX_2_6 ---- Log message: - [extra] ip_queue_vwmark - kernel and iptables patch.
---- Files affected: SOURCES: linux-2.6-nf-ip_queue_vwmark.patch (NONE -> 1.1.2.1) (NEW), iptables-nf-ip_queue_vwmark.patch (NONE -> 1.1.2.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/linux-2.6-nf-ip_queue_vwmark.patch diff -u /dev/null SOURCES/linux-2.6-nf-ip_queue_vwmark.patch:1.1.2.1 --- /dev/null Thu Sep 15 10:11:47 2005 +++ SOURCES/linux-2.6-nf-ip_queue_vwmark.patch Thu Sep 15 10:11:41 2005 @@ -0,0 +1,89 @@ + include/linux/netfilter_ipv4/ip_queue.h | 13 ++++++++++- + net/ipv4/netfilter/ip_queue.c | 35 ++++++++++++++++++++++++++++++++ + 2 files changed, 47 insertions(+), 1 deletion(-) + +diff -Nur --exclude '*.orig' linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_queue.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_queue.h +--- linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_queue.h 2005-09-10 04:42:58.000000000 +0200 ++++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_queue.h 2005-09-15 10:01:34.000000000 +0200 +@@ -47,10 +47,20 @@ + unsigned char payload[0]; /* Optional replacement packet */ + } ipq_verdict_msg_t; + ++typedef struct ipq_vwmark_msg { ++ unsigned int value; /* Verdict to hand to netfilter */ ++ unsigned long id; /* Packet ID for this verdict */ ++ size_t data_len; /* Length of replacement data */ ++ unsigned char payload[0]; /* Optional replacement packet */ ++ unsigned long nfmark; /* Mark for the Packet */ ++} ipq_vwmark_msg_t; ++ ++ + typedef struct ipq_peer_msg { + union { + ipq_verdict_msg_t verdict; + ipq_mode_msg_t mode; ++ ipq_vwmark_msg_t vwmark; + } msg; + } ipq_peer_msg_t; + +@@ -67,6 +77,7 @@ + #define IPQM_MODE (IPQM_BASE + 1) /* Mode request from peer */ + #define IPQM_VERDICT (IPQM_BASE + 2) /* Verdict from peer */ + #define IPQM_PACKET (IPQM_BASE + 3) /* Packet from kernel */ +-#define IPQM_MAX (IPQM_BASE + 4) ++#define IPQM_VWMARK (IPQM_BASE + 4) /* Verdict and mark from peer */ ++#define IPQM_MAX (IPQM_BASE + 5) + + #endif /*_IP_QUEUE_H*/ +diff -Nur --exclude '*.orig' linux-2.6.13.1.org/net/ipv4/netfilter/ip_queue.c linux-2.6.13.1/net/ipv4/netfilter/ip_queue.c +--- linux-2.6.13.1.org/net/ipv4/netfilter/ip_queue.c 2005-09-10 04:42:58.000000000 +0200 ++++ linux-2.6.13.1/net/ipv4/netfilter/ip_queue.c 2005-09-15 10:01:34.000000000 +0200 +@@ -450,6 +450,33 @@ + } + + static int ++ipq_set_vwmark(struct ipq_vwmark_msg *vmsg, unsigned int len) ++{ ++ struct ipq_queue_entry *entry; ++ ++ if (vmsg->value > NF_MAX_VERDICT) ++ return -EINVAL; ++ ++ entry = ipq_find_dequeue_entry(id_cmp, vmsg->id); ++ if (entry == NULL) ++ return -ENOENT; ++ else { ++ int verdict = vmsg->value; ++ ++ if (vmsg->data_len && vmsg->data_len == len) ++ if (ipq_mangle_ipv4((ipq_verdict_msg_t *)vmsg, entry) < 0) ++ verdict = NF_DROP; ++ ++ /* set mark of associated skb */ ++ entry->skb->nfmark = vmsg->nfmark; ++ ++ ipq_issue_verdict(entry, verdict); ++ return 0; ++ } ++} ++ ++ ++static int + ipq_receive_peer(struct ipq_peer_msg *pmsg, + unsigned char type, unsigned int len) + { +@@ -471,6 +498,14 @@ + status = ipq_set_verdict(&pmsg->msg.verdict, + len - sizeof(*pmsg)); + break; ++ case IPQM_VWMARK: ++ if (pmsg->msg.verdict.value > NF_MAX_VERDICT) ++ status = -EINVAL; ++ else ++ status = ipq_set_vwmark(&pmsg->msg.vwmark, ++ len - sizeof(*pmsg)); ++ break; ++ + default: + status = -EINVAL; + } ================================================================ Index: SOURCES/iptables-nf-ip_queue_vwmark.patch diff -u /dev/null SOURCES/iptables-nf-ip_queue_vwmark.patch:1.1.2.1 --- /dev/null Thu Sep 15 10:11:47 2005 +++ SOURCES/iptables-nf-ip_queue_vwmark.patch Thu Sep 15 10:11:41 2005 @@ -0,0 +1,79 @@ + include/libipq/libipq.h | 7 +++++++ + libipq/libipq.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 55 insertions(+) + +diff -Nur --exclude '*.orig' iptables.org/include/libipq/libipq.h iptables/include/libipq/libipq.h +--- iptables.org/include/libipq/libipq.h 2005-09-15 08:05:35.000000000 +0200 ++++ iptables/include/libipq/libipq.h 2005-09-15 10:01:34.000000000 +0200 +@@ -79,6 +79,13 @@ + size_t data_len, + unsigned char *buf); + ++int ipq_set_vwmark(const struct ipq_handle *h, ++ ipq_id_t id, ++ unsigned int verdict, ++ unsigned long nfmark, ++ size_t data_len, ++ unsigned char *buf); ++ + int ipq_ctl(const struct ipq_handle *h, int request, ...); + + char *ipq_errstr(void); +diff -Nur --exclude '*.orig' iptables.org/libipq/libipq.c iptables/libipq/libipq.c +--- iptables.org/libipq/libipq.c 2005-09-15 08:05:34.000000000 +0200 ++++ iptables/libipq/libipq.c 2005-09-15 10:01:34.000000000 +0200 +@@ -353,6 +353,54 @@ + return ipq_netlink_sendmsg(h, &msg, 0); + } + ++int ipq_set_vwmark(const struct ipq_handle *h, ++ ipq_id_t id, ++ unsigned int verdict, ++ unsigned long nfmark, ++ size_t data_len, ++ unsigned char *buf) ++{ ++ unsigned char nvecs; ++ size_t tlen; ++ struct nlmsghdr nlh; ++ ipq_peer_msg_t pm; ++ struct iovec iov[3]; ++ struct msghdr msg; ++ ++ memset(&nlh, 0, sizeof(nlh)); ++ nlh.nlmsg_flags = NLM_F_REQUEST; ++ nlh.nlmsg_type = IPQM_VWMARK; ++ nlh.nlmsg_pid = h->local.nl_pid; ++ memset(&pm, 0, sizeof(pm)); ++ pm.msg.vwmark.value = verdict; ++ pm.msg.vwmark.id = id; ++ pm.msg.vwmark.data_len = data_len; ++ pm.msg.vwmark.nfmark = nfmark; ++ iov[0].iov_base = &nlh; ++ iov[0].iov_len = sizeof(nlh); ++ iov[1].iov_base = ± ++ iov[1].iov_len = sizeof(pm); ++ tlen = sizeof(nlh) + sizeof(pm); ++ nvecs = 2; ++ if (data_len && buf) { ++ iov[2].iov_base = buf; ++ iov[2].iov_len = data_len; ++ tlen += data_len; ++ nvecs++; ++ } ++ msg.msg_name = (void *)&h->peer; ++ msg.msg_namelen = sizeof(h->peer); ++ msg.msg_iov = iov; ++ msg.msg_iovlen = nvecs; ++ msg.msg_control = NULL; ++ msg.msg_controllen = 0; ++ msg.msg_flags = 0; ++ nlh.nlmsg_len = tlen; ++ return ipq_netlink_sendmsg(h, &msg, 0); ++} ++ ++ ++ + /* Not implemented yet */ + int ipq_ctl(const struct ipq_handle *h, int request, ...) + { ================================================================ _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit