1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * xt_mark - Netfilter module to match NFMARK value 4 * 5 * (C) 1999-2001 Marc Boucher <marc@mbsi.ca> 6 * Copyright © CC Computer Consultants GmbH, 2007 - 2008 7 * Jan Engelhardt <jengelh@medozas.de> 8 */ 9 10 #include <linux/module.h> 11 #include <linux/skbuff.h> 12 13 #include <linux/netfilter/xt_mark.h> 14 #include <linux/netfilter/x_tables.h> 15 16 MODULE_LICENSE("GPL"); 17 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); 18 MODULE_DESCRIPTION("Xtables: packet mark operations"); 19 MODULE_ALIAS("ipt_mark"); 20 MODULE_ALIAS("ip6t_mark"); 21 MODULE_ALIAS("ipt_MARK"); 22 MODULE_ALIAS("ip6t_MARK"); 23 MODULE_ALIAS("arpt_MARK"); 24 25 static unsigned int 26 mark_tg(struct sk_buff *skb, const struct xt_action_param *par) 27 { 28 const struct xt_mark_tginfo2 *info = par->targinfo; 29 30 skb->mark = (skb->mark & ~info->mask) ^ info->mark; 31 return XT_CONTINUE; 32 } 33 34 static bool 35 mark_mt(const struct sk_buff *skb, struct xt_action_param *par) 36 { 37 const struct xt_mark_mtinfo1 *info = par->matchinfo; 38 39 return ((skb->mark & info->mask) == info->mark) ^ info->invert; 40 } 41 42 static struct xt_target mark_tg_reg __read_mostly = { 43 .name = "MARK", 44 .revision = 2, 45 .family = NFPROTO_UNSPEC, 46 .target = mark_tg, 47 .targetsize = sizeof(struct xt_mark_tginfo2), 48 .me = THIS_MODULE, 49 }; 50 51 static struct xt_match mark_mt_reg __read_mostly = { 52 .name = "mark", 53 .revision = 1, 54 .family = NFPROTO_UNSPEC, 55 .match = mark_mt, 56 .matchsize = sizeof(struct xt_mark_mtinfo1), 57 .me = THIS_MODULE, 58 }; 59 60 static int __init mark_mt_init(void) 61 { 62 int ret; 63 64 ret = xt_register_target(&mark_tg_reg); 65 if (ret < 0) 66 return ret; 67 ret = xt_register_match(&mark_mt_reg); 68 if (ret < 0) { 69 xt_unregister_target(&mark_tg_reg); 70 return ret; 71 } 72 return 0; 73 } 74 75 static void __exit mark_mt_exit(void) 76 { 77 xt_unregister_match(&mark_mt_reg); 78 xt_unregister_target(&mark_tg_reg); 79 } 80 81 module_init(mark_mt_init); 82 module_exit(mark_mt_exit); 83