1/* This is a module which is used for setting the NFMARK field of an skb. */ 2#include <linux/module.h> 3#include <linux/skbuff.h> 4#include <linux/ip.h> 5#include <net/checksum.h> 6 7#include <linux/netfilter_ipv6/ip6_tables.h> 8#include <linux/netfilter_ipv6/ip6t_MARK.h> 9 10static unsigned int 11target(struct sk_buff **pskb, 12 unsigned int hooknum, 13 const struct net_device *in, 14 const struct net_device *out, 15 const void *targinfo, 16 void *userinfo) 17{ 18 const struct ip6t_mark_target_info *markinfo = targinfo; 19 20 if((*pskb)->nfmark != markinfo->mark) { 21 (*pskb)->nfmark = markinfo->mark; 22 (*pskb)->nfcache |= NFC_ALTERED; 23 } 24 return IP6T_CONTINUE; 25} 26 27static int 28checkentry(const char *tablename, 29 const struct ip6t_entry *e, 30 void *targinfo, 31 unsigned int targinfosize, 32 unsigned int hook_mask) 33{ 34 if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_mark_target_info))) { 35 printk(KERN_WARNING "MARK: targinfosize %u != %Zu\n", 36 targinfosize, 37 IP6T_ALIGN(sizeof(struct ip6t_mark_target_info))); 38 return 0; 39 } 40 41 if (strcmp(tablename, "mangle") != 0) { 42 printk(KERN_WARNING "MARK: can only be called from \"mangle\" table, not \"%s\"\n", tablename); 43 return 0; 44 } 45 46 return 1; 47} 48 49static struct ip6t_target ip6t_mark_reg 50= { { NULL, NULL }, "MARK", target, checkentry, NULL, THIS_MODULE }; 51 52static int __init init(void) 53{ 54 printk(KERN_DEBUG "registering ipv6 mark target\n"); 55 if (ip6t_register_target(&ip6t_mark_reg)) 56 return -EINVAL; 57 58 return 0; 59} 60 61static void __exit fini(void) 62{ 63 ip6t_unregister_target(&ip6t_mark_reg); 64} 65 66module_init(init); 67module_exit(fini); 68MODULE_LICENSE("GPL"); 69