Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
netfilter: add more files that got slaughtered by Huawei
yes im maybe possibly working on this again because it might have a use
- Loading branch information
Daz Jones
committed
Sep 13, 2013
1 parent
8950737
commit 1eef8ea
Showing
4 changed files
with
469 additions
and
0 deletions.
There are no files selected for viewing
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,164 @@ | ||
/* x_tables module for setting the IPv4/IPv6 DSCP field, Version 1.8 | ||
* | ||
* (C) 2002 by Harald Welte <laforge@netfilter.org> | ||
* based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com> | ||
* | ||
* This program is free software; you can redistribute it and/or modify | ||
* it under the terms of the GNU General Public License version 2 as | ||
* published by the Free Software Foundation. | ||
* | ||
* See RFC2474 for a description of the DSCP field within the IP Header. | ||
*/ | ||
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | ||
#include <linux/module.h> | ||
#include <linux/skbuff.h> | ||
#include <linux/ip.h> | ||
#include <linux/ipv6.h> | ||
#include <net/dsfield.h> | ||
|
||
#include <linux/netfilter/x_tables.h> | ||
#include <linux/netfilter/xt_DSCP.h> | ||
|
||
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | ||
MODULE_DESCRIPTION("Xtables: DSCP/TOS field modification"); | ||
MODULE_LICENSE("GPL"); | ||
MODULE_ALIAS("ipt_DSCP"); | ||
MODULE_ALIAS("ip6t_DSCP"); | ||
MODULE_ALIAS("ipt_TOS"); | ||
MODULE_ALIAS("ip6t_TOS"); | ||
|
||
static unsigned int | ||
dscp_tg(struct sk_buff *skb, const struct xt_action_param *par) | ||
{ | ||
const struct xt_DSCP_info *dinfo = par->targinfo; | ||
u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; | ||
|
||
if (dscp != dinfo->dscp) { | ||
if (!skb_make_writable(skb, sizeof(struct iphdr))) | ||
return NF_DROP; | ||
|
||
ipv4_change_dsfield(ip_hdr(skb), (__u8)(~XT_DSCP_MASK), | ||
dinfo->dscp << XT_DSCP_SHIFT); | ||
|
||
} | ||
return XT_CONTINUE; | ||
} | ||
|
||
static unsigned int | ||
dscp_tg6(struct sk_buff *skb, const struct xt_action_param *par) | ||
{ | ||
const struct xt_DSCP_info *dinfo = par->targinfo; | ||
u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; | ||
|
||
if (dscp != dinfo->dscp) { | ||
if (!skb_make_writable(skb, sizeof(struct ipv6hdr))) | ||
return NF_DROP; | ||
|
||
ipv6_change_dsfield(ipv6_hdr(skb), (__u8)(~XT_DSCP_MASK), | ||
dinfo->dscp << XT_DSCP_SHIFT); | ||
} | ||
return XT_CONTINUE; | ||
} | ||
|
||
static int dscp_tg_check(const struct xt_tgchk_param *par) | ||
{ | ||
const struct xt_DSCP_info *info = par->targinfo; | ||
|
||
if (info->dscp > XT_DSCP_MAX) { | ||
pr_info("dscp %x out of range\n", info->dscp); | ||
return -EDOM; | ||
} | ||
return 0; | ||
} | ||
|
||
static unsigned int | ||
tos_tg(struct sk_buff *skb, const struct xt_action_param *par) | ||
{ | ||
const struct xt_tos_target_info *info = par->targinfo; | ||
struct iphdr *iph = ip_hdr(skb); | ||
u_int8_t orig, nv; | ||
|
||
orig = ipv4_get_dsfield(iph); | ||
nv = (orig & ~info->tos_mask) ^ info->tos_value; | ||
|
||
if (orig != nv) { | ||
if (!skb_make_writable(skb, sizeof(struct iphdr))) | ||
return NF_DROP; | ||
iph = ip_hdr(skb); | ||
ipv4_change_dsfield(iph, 0, nv); | ||
} | ||
|
||
return XT_CONTINUE; | ||
} | ||
|
||
static unsigned int | ||
tos_tg6(struct sk_buff *skb, const struct xt_action_param *par) | ||
{ | ||
const struct xt_tos_target_info *info = par->targinfo; | ||
struct ipv6hdr *iph = ipv6_hdr(skb); | ||
u_int8_t orig, nv; | ||
|
||
orig = ipv6_get_dsfield(iph); | ||
nv = (orig & ~info->tos_mask) ^ info->tos_value; | ||
|
||
if (orig != nv) { | ||
if (!skb_make_writable(skb, sizeof(struct iphdr))) | ||
return NF_DROP; | ||
iph = ipv6_hdr(skb); | ||
ipv6_change_dsfield(iph, 0, nv); | ||
} | ||
|
||
return XT_CONTINUE; | ||
} | ||
|
||
static struct xt_target dscp_tg_reg[] __read_mostly = { | ||
{ | ||
.name = "DSCP", | ||
.family = NFPROTO_IPV4, | ||
.checkentry = dscp_tg_check, | ||
.target = dscp_tg, | ||
.targetsize = sizeof(struct xt_DSCP_info), | ||
.table = "mangle", | ||
.me = THIS_MODULE, | ||
}, | ||
{ | ||
.name = "DSCP", | ||
.family = NFPROTO_IPV6, | ||
.checkentry = dscp_tg_check, | ||
.target = dscp_tg6, | ||
.targetsize = sizeof(struct xt_DSCP_info), | ||
.table = "mangle", | ||
.me = THIS_MODULE, | ||
}, | ||
{ | ||
.name = "TOS", | ||
.revision = 1, | ||
.family = NFPROTO_IPV4, | ||
.table = "mangle", | ||
.target = tos_tg, | ||
.targetsize = sizeof(struct xt_tos_target_info), | ||
.me = THIS_MODULE, | ||
}, | ||
{ | ||
.name = "TOS", | ||
.revision = 1, | ||
.family = NFPROTO_IPV6, | ||
.table = "mangle", | ||
.target = tos_tg6, | ||
.targetsize = sizeof(struct xt_tos_target_info), | ||
.me = THIS_MODULE, | ||
}, | ||
}; | ||
|
||
static int __init dscp_tg_init(void) | ||
{ | ||
return xt_register_targets(dscp_tg_reg, ARRAY_SIZE(dscp_tg_reg)); | ||
} | ||
|
||
static void __exit dscp_tg_exit(void) | ||
{ | ||
xt_unregister_targets(dscp_tg_reg, ARRAY_SIZE(dscp_tg_reg)); | ||
} | ||
|
||
module_init(dscp_tg_init); | ||
module_exit(dscp_tg_exit); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,195 @@ | ||
/* | ||
* (C) 2007 Patrick McHardy <kaber@trash.net> | ||
* | ||
* This program is free software; you can redistribute it and/or modify | ||
* it under the terms of the GNU General Public License version 2 as | ||
* published by the Free Software Foundation. | ||
*/ | ||
#include <linux/module.h> | ||
#include <linux/skbuff.h> | ||
#include <linux/gen_stats.h> | ||
#include <linux/jhash.h> | ||
#include <linux/rtnetlink.h> | ||
#include <linux/random.h> | ||
#include <linux/slab.h> | ||
#include <net/gen_stats.h> | ||
#include <net/netlink.h> | ||
|
||
#include <linux/netfilter/x_tables.h> | ||
#include <linux/netfilter/xt_RATEEST.h> | ||
#include <net/netfilter/xt_rateest.h> | ||
|
||
static DEFINE_MUTEX(xt_rateest_mutex); | ||
|
||
#define RATEEST_HSIZE 16 | ||
static struct hlist_head rateest_hash[RATEEST_HSIZE] __read_mostly; | ||
static unsigned int jhash_rnd __read_mostly; | ||
static bool rnd_inited __read_mostly; | ||
|
||
static unsigned int xt_rateest_hash(const char *name) | ||
{ | ||
return jhash(name, FIELD_SIZEOF(struct xt_rateest, name), jhash_rnd) & | ||
(RATEEST_HSIZE - 1); | ||
} | ||
|
||
static void xt_rateest_hash_insert(struct xt_rateest *est) | ||
{ | ||
unsigned int h; | ||
|
||
h = xt_rateest_hash(est->name); | ||
hlist_add_head(&est->list, &rateest_hash[h]); | ||
} | ||
|
||
struct xt_rateest *xt_rateest_lookup(const char *name) | ||
{ | ||
struct xt_rateest *est; | ||
struct hlist_node *n; | ||
unsigned int h; | ||
|
||
h = xt_rateest_hash(name); | ||
mutex_lock(&xt_rateest_mutex); | ||
hlist_for_each_entry(est, n, &rateest_hash[h], list) { | ||
if (strcmp(est->name, name) == 0) { | ||
est->refcnt++; | ||
mutex_unlock(&xt_rateest_mutex); | ||
return est; | ||
} | ||
} | ||
mutex_unlock(&xt_rateest_mutex); | ||
return NULL; | ||
} | ||
EXPORT_SYMBOL_GPL(xt_rateest_lookup); | ||
|
||
void xt_rateest_put(struct xt_rateest *est) | ||
{ | ||
mutex_lock(&xt_rateest_mutex); | ||
if (--est->refcnt == 0) { | ||
hlist_del(&est->list); | ||
gen_kill_estimator(&est->bstats, &est->rstats); | ||
/* | ||
* gen_estimator est_timer() might access est->lock or bstats, | ||
* wait a RCU grace period before freeing 'est' | ||
*/ | ||
kfree_rcu(est, rcu); | ||
} | ||
mutex_unlock(&xt_rateest_mutex); | ||
} | ||
EXPORT_SYMBOL_GPL(xt_rateest_put); | ||
|
||
static unsigned int | ||
xt_rateest_tg(struct sk_buff *skb, const struct xt_action_param *par) | ||
{ | ||
const struct xt_rateest_target_info *info = par->targinfo; | ||
struct gnet_stats_basic_packed *stats = &info->est->bstats; | ||
|
||
spin_lock_bh(&info->est->lock); | ||
stats->bytes += skb->len; | ||
stats->packets++; | ||
spin_unlock_bh(&info->est->lock); | ||
|
||
return XT_CONTINUE; | ||
} | ||
|
||
static int xt_rateest_tg_checkentry(const struct xt_tgchk_param *par) | ||
{ | ||
struct xt_rateest_target_info *info = par->targinfo; | ||
struct xt_rateest *est; | ||
struct { | ||
struct nlattr opt; | ||
struct gnet_estimator est; | ||
} cfg; | ||
int ret; | ||
|
||
if (unlikely(!rnd_inited)) { | ||
get_random_bytes(&jhash_rnd, sizeof(jhash_rnd)); | ||
rnd_inited = true; | ||
} | ||
|
||
est = xt_rateest_lookup(info->name); | ||
if (est) { | ||
/* | ||
* If estimator parameters are specified, they must match the | ||
* existing estimator. | ||
*/ | ||
if ((!info->interval && !info->ewma_log) || | ||
(info->interval != est->params.interval || | ||
info->ewma_log != est->params.ewma_log)) { | ||
xt_rateest_put(est); | ||
return -EINVAL; | ||
} | ||
info->est = est; | ||
return 0; | ||
} | ||
|
||
ret = -ENOMEM; | ||
est = kzalloc(sizeof(*est), GFP_KERNEL); | ||
if (!est) | ||
goto err1; | ||
|
||
strlcpy(est->name, info->name, sizeof(est->name)); | ||
spin_lock_init(&est->lock); | ||
est->refcnt = 1; | ||
est->params.interval = info->interval; | ||
est->params.ewma_log = info->ewma_log; | ||
|
||
cfg.opt.nla_len = nla_attr_size(sizeof(cfg.est)); | ||
cfg.opt.nla_type = TCA_STATS_RATE_EST; | ||
cfg.est.interval = info->interval; | ||
cfg.est.ewma_log = info->ewma_log; | ||
|
||
ret = gen_new_estimator(&est->bstats, &est->rstats, | ||
&est->lock, &cfg.opt); | ||
if (ret < 0) | ||
goto err2; | ||
|
||
info->est = est; | ||
xt_rateest_hash_insert(est); | ||
return 0; | ||
|
||
err2: | ||
kfree(est); | ||
err1: | ||
return ret; | ||
} | ||
|
||
static void xt_rateest_tg_destroy(const struct xt_tgdtor_param *par) | ||
{ | ||
struct xt_rateest_target_info *info = par->targinfo; | ||
|
||
xt_rateest_put(info->est); | ||
} | ||
|
||
static struct xt_target xt_rateest_tg_reg __read_mostly = { | ||
.name = "RATEEST", | ||
.revision = 0, | ||
.family = NFPROTO_UNSPEC, | ||
.target = xt_rateest_tg, | ||
.checkentry = xt_rateest_tg_checkentry, | ||
.destroy = xt_rateest_tg_destroy, | ||
.targetsize = sizeof(struct xt_rateest_target_info), | ||
.me = THIS_MODULE, | ||
}; | ||
|
||
static int __init xt_rateest_tg_init(void) | ||
{ | ||
unsigned int i; | ||
|
||
for (i = 0; i < ARRAY_SIZE(rateest_hash); i++) | ||
INIT_HLIST_HEAD(&rateest_hash[i]); | ||
|
||
return xt_register_target(&xt_rateest_tg_reg); | ||
} | ||
|
||
static void __exit xt_rateest_tg_fini(void) | ||
{ | ||
xt_unregister_target(&xt_rateest_tg_reg); | ||
} | ||
|
||
|
||
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | ||
MODULE_LICENSE("GPL"); | ||
MODULE_DESCRIPTION("Xtables: packet rate estimator"); | ||
MODULE_ALIAS("ipt_RATEEST"); | ||
MODULE_ALIAS("ip6t_RATEEST"); | ||
module_init(xt_rateest_tg_init); | ||
module_exit(xt_rateest_tg_fini); |
Oops, something went wrong.