1/* Kernel module to match NFMARK values. */ 2#include <linux/module.h> 3#include <linux/skbuff.h> 4 5#include <linux/netfilter_ipv6/ip6t_mark.h> 6#include <linux/netfilter_ipv6/ip6_tables.h> 7 8static int 9match(const struct sk_buff *skb, 10 const struct net_device *in, 11 const struct net_device *out, 12 const void *matchinfo, 13 int offset, 14 const void *hdr, 15 u_int16_t datalen, 16 int *hotdrop) 17{ 18 const struct ip6t_mark_info *info = matchinfo; 19 20 return ((skb->nfmark & info->mask) == info->mark) ^ info->invert; 21} 22 23static int 24checkentry(const char *tablename, 25 const struct ip6t_ip6 *ip, 26 void *matchinfo, 27 unsigned int matchsize, 28 unsigned int hook_mask) 29{ 30 if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_mark_info))) 31 return 0; 32 33 return 1; 34} 35 36static struct ip6t_match mark_match 37= { { NULL, NULL }, "mark", &match, &checkentry, NULL, THIS_MODULE }; 38 39static int __init init(void) 40{ 41 return ip6t_register_match(&mark_match); 42} 43 44static void __exit fini(void) 45{ 46 ip6t_unregister_match(&mark_match); 47} 48 49module_init(init); 50module_exit(fini); 51MODULE_LICENSE("GPL"); 52