net/netfilter/xt_mark.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  *      xt_mark - Netfilter module to match NFMARK value
   4  *
   5  *      (C) 1999-2001 Marc Boucher <marc@mbsi.ca>
   6  *      Copyright © CC Computer Consultants GmbH, 2007 - 2008
   7  *      Jan Engelhardt <jengelh@medozas.de>
   8  */
   9
  10 #include <linux/module.h>
  11 #include <linux/skbuff.h>
  12
  13 #include <linux/netfilter/xt_mark.h>
  14 #include <linux/netfilter/x_tables.h>
  15
  16 MODULE_LICENSE("GPL");
  17 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
  18 MODULE_DESCRIPTION("Xtables: packet mark operations");
  19 MODULE_ALIAS("ipt_mark");
  20 MODULE_ALIAS("ip6t_mark");
  21 MODULE_ALIAS("ipt_MARK");
  22 MODULE_ALIAS("ip6t_MARK");
  23 MODULE_ALIAS("arpt_MARK");
  24
  25 static unsigned int
  26 mark_tg(struct sk_buff *skb, const struct xt_action_param *par)
  27 {
  28         const struct xt_mark_tginfo2 *info = par->targinfo;
  29
  30         skb->mark = (skb->mark & ~info->mask) ^ info->mark;
  31         return XT_CONTINUE;
  32 }
  33
  34 static bool
  35 mark_mt(const struct sk_buff *skb, struct xt_action_param *par)
  36 {
  37         const struct xt_mark_mtinfo1 *info = par->matchinfo;
  38
  39         return ((skb->mark & info->mask) == info->mark) ^ info->invert;
  40 }
  41
  42 static struct xt_target mark_tg_reg[] __read_mostly = {
  43         {
  44                 .name           = "MARK",
  45                 .revision       = 2,
  46                 .family         = NFPROTO_IPV4,
  47                 .target         = mark_tg,
  48                 .targetsize     = sizeof(struct xt_mark_tginfo2),
  49                 .me             = THIS_MODULE,
  50         },
  51 #if IS_ENABLED(CONFIG_IP_NF_ARPTABLES)
  52         {
  53                 .name           = "MARK",
  54                 .revision       = 2,
  55                 .family         = NFPROTO_ARP,
  56                 .target         = mark_tg,
  57                 .targetsize     = sizeof(struct xt_mark_tginfo2),
  58                 .me             = THIS_MODULE,
  59         },
  60 #endif
  61 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
  62         {
  63                 .name           = "MARK",
  64                 .revision       = 2,
  65                 .family         = NFPROTO_IPV6,
  66                 .target         = mark_tg,
  67                 .targetsize     = sizeof(struct xt_mark_tginfo2),
  68                 .me             = THIS_MODULE,
  69         },
  70 #endif
  71 };
  72
  73 static struct xt_match mark_mt_reg __read_mostly = {
  74         .name           = "mark",
  75         .revision       = 1,
  76         .family         = NFPROTO_UNSPEC,
  77         .match          = mark_mt,
  78         .matchsize      = sizeof(struct xt_mark_mtinfo1),
  79         .me             = THIS_MODULE,
  80 };
  81
  82 static int __init mark_mt_init(void)
  83 {
  84         int ret;
  85
  86         ret = xt_register_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
  87         if (ret < 0)
  88                 return ret;
  89         ret = xt_register_match(&mark_mt_reg);
  90         if (ret < 0) {
  91                 xt_unregister_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
  92                 return ret;
  93         }
  94         return 0;
  95 }
  96
  97 static void __exit mark_mt_exit(void)
  98 {
  99         xt_unregister_match(&mark_mt_reg);
 100         xt_unregister_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
 101 }
 102
 103 module_init(mark_mt_init);
 104 module_exit(mark_mt_exit);