[NETFILTER]: x_tables: replace IPv4 dscp match by address family independent version

/* x_tables module for matching the IPv4/IPv6 DSCP field

 *

 * (C) 2002 Harald Welte <laforge@gnumonks.org>

 * This software is distributed under GNU GPL v2, 1991

 *

 * See RFC2474 for a description of the DSCP field within the IP Header.

 *

 * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp

*/

#ifndef _XT_DSCP_H

#define _XT_DSCP_H

#define XT_DSCP_MASK	0xfc	/* 11111100 */

#define XT_DSCP_SHIFT	2

#define XT_DSCP_MAX	0x3f	/* 00111111 */

/* match info */

struct xt_dscp_info {

	u_int8_t dscp;

	u_int8_t invert;

};

#endif /* _XT_DSCP_H */

#ifndef _IPT_DSCP_H

#define _IPT_DSCP_H

#define IPT_DSCP_MASK	0xfc	/* 11111100 */

#define IPT_DSCP_SHIFT	2

#define IPT_DSCP_MAX	0x3f	/* 00111111 */

#include <linux/netfilter/xt_dscp.h>

/* match info */

struct ipt_dscp_info {

	u_int8_t dscp;

	u_int8_t invert;

};

#define IPT_DSCP_MASK	XT_DSCP_MASK

#define IPT_DSCP_SHIFT	XT_DSCP_SHIFT

#define IPT_DSCP_MAX	XT_DSCP_MAX

#define ipt_dscp_info	xt_dscp_info

#endif /* _IPT_DSCP_H */

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_NF_MATCH_DSCP

	tristate "DSCP match support"

	depends on IP_NF_IPTABLES

	help

	  This option adds a `DSCP' match, which allows you to match against

	  the IPv4 header DSCP field (DSCP codepoint).

	  The DSCP codepoint can have any value between 0x0 and 0x4f.

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_NF_MATCH_AH

	tristate "AH match support"

	depends on IP_NF_IPTABLES

obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o

obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o

obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o

obj-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp.o

obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o

obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o

obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o

/* IP tables module for matching the value of the IPv4 DSCP field

 *

 * ipt_dscp.c,v 1.3 2002/08/05 19:00:21 laforge Exp

 *

 * (C) 2002 by Harald Welte <laforge@netfilter.org>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 */

#include <linux/module.h>

#include <linux/skbuff.h>

#include <linux/netfilter_ipv4/ipt_dscp.h>

#include <linux/netfilter_ipv4/ip_tables.h>

MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");

MODULE_DESCRIPTION("iptables DSCP matching module");

MODULE_LICENSE("GPL");

static int match(const struct sk_buff *skb,

		 const struct net_device *in, const struct net_device *out,

		 const struct xt_match *match, const void *matchinfo,

		 int offset, unsigned int protoff, int *hotdrop)

{

	const struct ipt_dscp_info *info = matchinfo;

	const struct iphdr *iph = skb->nh.iph;

	u_int8_t sh_dscp = ((info->dscp << IPT_DSCP_SHIFT) & IPT_DSCP_MASK);

	return ((iph->tos&IPT_DSCP_MASK) == sh_dscp) ^ info->invert;

}

static struct ipt_match dscp_match = {

	.name		= "dscp",

	.match		= match,

	.matchsize	= sizeof(struct ipt_dscp_info),

	.me		= THIS_MODULE,

};

static int __init ipt_dscp_init(void)

{

	return ipt_register_match(&dscp_match);

}

static void __exit ipt_dscp_fini(void)

{

	ipt_unregister_match(&dscp_match);

}

module_init(ipt_dscp_init);

module_exit(ipt_dscp_fini);