Commit 28b94988 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Patrick McHardy

netfilter: xtables: merge xt_MARK into xt_mark

Two arguments for combining the two:
- xt_mark is pretty useless without xt_MARK
- the actual code is so small anyway that the kmod metadata and the module
  in its loaded state totally outweighs the combined actual code size.

i586-before:
-rw-r--r-- 1 jengelh users 3821 Feb 10 01:01 xt_MARK.ko
-rw-r--r-- 1 jengelh users 2592 Feb 10 00:04 xt_MARK.o
-rw-r--r-- 1 jengelh users 3274 Feb 10 01:01 xt_mark.ko
-rw-r--r-- 1 jengelh users 2108 Feb 10 00:05 xt_mark.o
   text    data     bss     dec     hex filename
    354     264       0     618     26a xt_MARK.o
    223     176       0     399     18f xt_mark.o
And the runtime size is like 14 KB.

i586-after:
-rw-r--r-- 1 jengelh users 3264 Feb 18 17:28 xt_mark.o
Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
parent 44c58731
#ifndef _XT_MARK_H_target #ifndef _XT_MARK_H_target
#define _XT_MARK_H_target #define _XT_MARK_H_target
#include <linux/types.h> #include <linux/netfilter/xt_mark.h>
struct xt_mark_tginfo2 {
__u32 mark, mask;
};
#endif /*_XT_MARK_H_target */ #endif /*_XT_MARK_H_target */
...@@ -3,6 +3,10 @@ ...@@ -3,6 +3,10 @@
#include <linux/types.h> #include <linux/types.h>
struct xt_mark_tginfo2 {
__u32 mark, mask;
};
struct xt_mark_mtinfo1 { struct xt_mark_mtinfo1 {
__u32 mark, mask; __u32 mark, mask;
__u8 invert; __u8 invert;
......
...@@ -314,6 +314,23 @@ config NETFILTER_XTABLES ...@@ -314,6 +314,23 @@ config NETFILTER_XTABLES
if NETFILTER_XTABLES if NETFILTER_XTABLES
comment "Xtables combined modules"
config NETFILTER_XT_MARK
tristate 'nfmark target and match support'
default m if NETFILTER_ADVANCED=n
---help---
This option adds the "MARK" target and "mark" match.
Netfilter mark matching allows you to match packets based on the
"nfmark" value in the packet.
The target allows you to create rules in the "mangle" table which alter
the netfilter mark (nfmark) field associated with the packet.
Prior to routing, the nfmark can influence the routing method (see
"Use netfilter MARK value as routing key") and can also be used by
other subsystems to change their behavior.
# alphabetically ordered list of targets # alphabetically ordered list of targets
comment "Xtables targets" comment "Xtables targets"
...@@ -425,16 +442,12 @@ config NETFILTER_XT_TARGET_LED ...@@ -425,16 +442,12 @@ config NETFILTER_XT_TARGET_LED
config NETFILTER_XT_TARGET_MARK config NETFILTER_XT_TARGET_MARK
tristate '"MARK" target support' tristate '"MARK" target support'
default m if NETFILTER_ADVANCED=n depends on NETFILTER_ADVANCED
help select NETFILTER_XT_MARK
This option adds a `MARK' target, which allows you to create rules ---help---
in the `mangle' table which alter the netfilter mark (nfmark) field This is a backwards-compat option for the user's convenience
associated with the packet prior to routing. This can change (e.g. when running oldconfig). It selects
the routing method (see `Use netfilter MARK value as routing CONFIG_NETFILTER_XT_MARK (combined mark/MARK module).
key') and can also be used by other subsystems to change their
behavior.
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_TARGET_NFLOG config NETFILTER_XT_TARGET_NFLOG
tristate '"NFLOG" target support' tristate '"NFLOG" target support'
...@@ -739,13 +752,12 @@ config NETFILTER_XT_MATCH_MAC ...@@ -739,13 +752,12 @@ config NETFILTER_XT_MATCH_MAC
config NETFILTER_XT_MATCH_MARK config NETFILTER_XT_MATCH_MARK
tristate '"mark" match support' tristate '"mark" match support'
default m if NETFILTER_ADVANCED=n depends on NETFILTER_ADVANCED
help select NETFILTER_XT_MARK
Netfilter mark matching allows you to match packets based on the ---help---
`nfmark' value in the packet. This can be set by the MARK target This is a backwards-compat option for the user's convenience
(see below). (e.g. when running oldconfig). It selects
CONFIG_NETFILTER_XT_MARK (combined mark/MARK module).
To compile it as a module, choose M here. If unsure, say N.
config NETFILTER_XT_MATCH_MULTIPORT config NETFILTER_XT_MATCH_MULTIPORT
tristate '"multiport" Multiple port match support' tristate '"multiport" Multiple port match support'
......
...@@ -40,6 +40,9 @@ obj-$(CONFIG_NETFILTER_TPROXY) += nf_tproxy_core.o ...@@ -40,6 +40,9 @@ obj-$(CONFIG_NETFILTER_TPROXY) += nf_tproxy_core.o
# generic X tables # generic X tables
obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
# combos
obj-$(CONFIG_NETFILTER_XT_MARK) += xt_mark.o
# targets # targets
obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
...@@ -48,7 +51,6 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o ...@@ -48,7 +51,6 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o
obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o
obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o obj-$(CONFIG_NETFILTER_XT_TARGET_NOTRACK) += xt_NOTRACK.o
...@@ -76,7 +78,6 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_IPRANGE) += xt_iprange.o ...@@ -76,7 +78,6 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_IPRANGE) += xt_iprange.o
obj-$(CONFIG_NETFILTER_XT_MATCH_LENGTH) += xt_length.o obj-$(CONFIG_NETFILTER_XT_MATCH_LENGTH) += xt_length.o
obj-$(CONFIG_NETFILTER_XT_MATCH_LIMIT) += xt_limit.o obj-$(CONFIG_NETFILTER_XT_MATCH_LIMIT) += xt_limit.o
obj-$(CONFIG_NETFILTER_XT_MATCH_MAC) += xt_mac.o obj-$(CONFIG_NETFILTER_XT_MATCH_MAC) += xt_mac.o
obj-$(CONFIG_NETFILTER_XT_MATCH_MARK) += xt_mark.o
obj-$(CONFIG_NETFILTER_XT_MATCH_MULTIPORT) += xt_multiport.o obj-$(CONFIG_NETFILTER_XT_MATCH_MULTIPORT) += xt_multiport.o
obj-$(CONFIG_NETFILTER_XT_MATCH_OSF) += xt_osf.o obj-$(CONFIG_NETFILTER_XT_MATCH_OSF) += xt_osf.o
obj-$(CONFIG_NETFILTER_XT_MATCH_OWNER) += xt_owner.o obj-$(CONFIG_NETFILTER_XT_MATCH_OWNER) += xt_owner.o
......
/*
* xt_MARK - Netfilter module to modify the NFMARK field of an skb
*
* (C) 1999-2001 Marc Boucher <marc@mbsi.ca>
* Copyright © CC Computer Consultants GmbH, 2007 - 2008
* Jan Engelhardt <jengelh@computergmbh.de>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <net/checksum.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_MARK.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
MODULE_DESCRIPTION("Xtables: packet mark modification");
MODULE_ALIAS("ipt_MARK");
MODULE_ALIAS("ip6t_MARK");
static unsigned int
mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
{
const struct xt_mark_tginfo2 *info = par->targinfo;
skb->mark = (skb->mark & ~info->mask) ^ info->mark;
return XT_CONTINUE;
}
static struct xt_target mark_tg_reg __read_mostly = {
.name = "MARK",
.revision = 2,
.family = NFPROTO_UNSPEC,
.target = mark_tg,
.targetsize = sizeof(struct xt_mark_tginfo2),
.me = THIS_MODULE,
};
static int __init mark_tg_init(void)
{
return xt_register_target(&mark_tg_reg);
}
static void __exit mark_tg_exit(void)
{
xt_unregister_target(&mark_tg_reg);
}
module_init(mark_tg_init);
module_exit(mark_tg_exit);
...@@ -18,9 +18,20 @@ ...@@ -18,9 +18,20 @@
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
MODULE_DESCRIPTION("Xtables: packet mark match"); MODULE_DESCRIPTION("Xtables: packet mark operations");
MODULE_ALIAS("ipt_mark"); MODULE_ALIAS("ipt_mark");
MODULE_ALIAS("ip6t_mark"); MODULE_ALIAS("ip6t_mark");
MODULE_ALIAS("ipt_MARK");
MODULE_ALIAS("ip6t_MARK");
static unsigned int
mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
{
const struct xt_mark_tginfo2 *info = par->targinfo;
skb->mark = (skb->mark & ~info->mask) ^ info->mark;
return XT_CONTINUE;
}
static bool static bool
mark_mt(const struct sk_buff *skb, const struct xt_match_param *par) mark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
...@@ -30,6 +41,15 @@ mark_mt(const struct sk_buff *skb, const struct xt_match_param *par) ...@@ -30,6 +41,15 @@ mark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
return ((skb->mark & info->mask) == info->mark) ^ info->invert; return ((skb->mark & info->mask) == info->mark) ^ info->invert;
} }
static struct xt_target mark_tg_reg __read_mostly = {
.name = "MARK",
.revision = 2,
.family = NFPROTO_UNSPEC,
.target = mark_tg,
.targetsize = sizeof(struct xt_mark_tginfo2),
.me = THIS_MODULE,
};
static struct xt_match mark_mt_reg __read_mostly = { static struct xt_match mark_mt_reg __read_mostly = {
.name = "mark", .name = "mark",
.revision = 1, .revision = 1,
...@@ -41,12 +61,23 @@ static struct xt_match mark_mt_reg __read_mostly = { ...@@ -41,12 +61,23 @@ static struct xt_match mark_mt_reg __read_mostly = {
static int __init mark_mt_init(void) static int __init mark_mt_init(void)
{ {
return xt_register_match(&mark_mt_reg); int ret;
ret = xt_register_target(&mark_tg_reg);
if (ret < 0)
return ret;
ret = xt_register_match(&mark_mt_reg);
if (ret < 0) {
xt_unregister_target(&mark_tg_reg);
return ret;
}
return 0;
} }
static void __exit mark_mt_exit(void) static void __exit mark_mt_exit(void)
{ {
xt_unregister_match(&mark_mt_reg); xt_unregister_match(&mark_mt_reg);
xt_unregister_target(&mark_tg_reg);
} }
module_init(mark_mt_init); module_init(mark_mt_init);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment