xref: /linux/net/netfilter/xt_mark.c (revision d44cd8226449114780a8554fd253c7e3d171a0a6) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *	xt_mark - Netfilter module to match NFMARK value
4  *
5  *	(C) 1999-2001 Marc Boucher <marc@mbsi.ca>
6  *	Copyright © CC Computer Consultants GmbH, 2007 - 2008
7  *	Jan Engelhardt <jengelh@medozas.de>
8  */
9 
10 #include <linux/module.h>
11 #include <linux/skbuff.h>
12 
13 #include <linux/netfilter/xt_mark.h>
14 #include <linux/netfilter/x_tables.h>
15 
16 MODULE_LICENSE("GPL");
17 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
18 MODULE_DESCRIPTION("Xtables: packet mark operations");
19 MODULE_ALIAS("ipt_mark");
20 MODULE_ALIAS("ip6t_mark");
21 MODULE_ALIAS("ipt_MARK");
22 MODULE_ALIAS("ip6t_MARK");
23 MODULE_ALIAS("arpt_MARK");
24 
25 static unsigned int
mark_tg(struct sk_buff * skb,const struct xt_action_param * par)26 mark_tg(struct sk_buff *skb, const struct xt_action_param *par)
27 {
28 	const struct xt_mark_tginfo2 *info = par->targinfo;
29 
30 	skb->mark = (skb->mark & ~info->mask) ^ info->mark;
31 	return XT_CONTINUE;
32 }
33 
34 static bool
mark_mt(const struct sk_buff * skb,struct xt_action_param * par)35 mark_mt(const struct sk_buff *skb, struct xt_action_param *par)
36 {
37 	const struct xt_mark_mtinfo1 *info = par->matchinfo;
38 
39 	return ((skb->mark & info->mask) == info->mark) ^ info->invert;
40 }
41 
42 static struct xt_target mark_tg_reg[] __read_mostly = {
43 	{
44 		.name           = "MARK",
45 		.revision       = 2,
46 		.family         = NFPROTO_IPV4,
47 		.target         = mark_tg,
48 		.targetsize     = sizeof(struct xt_mark_tginfo2),
49 		.me             = THIS_MODULE,
50 	},
51 #if IS_ENABLED(CONFIG_IP_NF_ARPTABLES)
52 	{
53 		.name           = "MARK",
54 		.revision       = 2,
55 		.family         = NFPROTO_ARP,
56 		.target         = mark_tg,
57 		.targetsize     = sizeof(struct xt_mark_tginfo2),
58 		.me             = THIS_MODULE,
59 	},
60 #endif
61 #if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
62 	{
63 		.name           = "MARK",
64 		.revision       = 2,
65 		.family         = NFPROTO_IPV6,
66 		.target         = mark_tg,
67 		.targetsize     = sizeof(struct xt_mark_tginfo2),
68 		.me             = THIS_MODULE,
69 	},
70 #endif
71 };
72 
73 static struct xt_match mark_mt_reg __read_mostly = {
74 	.name           = "mark",
75 	.revision       = 1,
76 	.family         = NFPROTO_UNSPEC,
77 	.match          = mark_mt,
78 	.matchsize      = sizeof(struct xt_mark_mtinfo1),
79 	.me             = THIS_MODULE,
80 };
81 
mark_mt_init(void)82 static int __init mark_mt_init(void)
83 {
84 	int ret;
85 
86 	ret = xt_register_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
87 	if (ret < 0)
88 		return ret;
89 	ret = xt_register_match(&mark_mt_reg);
90 	if (ret < 0) {
91 		xt_unregister_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
92 		return ret;
93 	}
94 	return 0;
95 }
96 
mark_mt_exit(void)97 static void __exit mark_mt_exit(void)
98 {
99 	xt_unregister_match(&mark_mt_reg);
100 	xt_unregister_targets(mark_tg_reg, ARRAY_SIZE(mark_tg_reg));
101 }
102 
103 module_init(mark_mt_init);
104 module_exit(mark_mt_exit);
105