[PATCH] iproute2 -- add fwmarkmask
Michael Richardson
mcr at sandelman.ottawa.on.ca
Mon Feb 20 17:27:08 CET 2006
{see discussion about RTA_FWMARK in other posting}
diff-tree 573e55d29ef2f014218508d01eee678d82c7c9b7 (from cb420780b79a1d6f5db2082bdac0b310dbc5ebcc)
Author: Michael Richardson <mcr at xelerance.com>
Date: Mon Feb 20 10:21:05 2006 -0500
this patch adds a mask operation to the fwmark rule case, permitting
one to test for only certain bits being set in the fwmark.
(cherry picked from 5fb85fa9da78cc3822f929f181c651391e35de73 commit)
diff --git a/ChangeLog b/ChangeLog
index 68d2342..b67b81d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
+2006-02-20 Michael Richardson <mcr at xelerance.com>
+
+ * Added fwmarkmask option to ip rule to go with addition to kernel.
+
2006-01-12 Patrick McHardy <kaber at trash.net>
* Handle DCCP in ipxfrm.c to allow using port numbers in the selector.
2006-01-10 Masahide NAKAMURA <nakam at linux-ipv6.org>
diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h
index ced29f2..7f4a258 100644
--- a/include/linux/rtnetlink.h
+++ b/include/linux/rtnetlink.h
@@ -263,10 +263,13 @@ enum rtattr_type_t
RTA_SESSION,
RTA_MP_ALGO,
__RTA_MAX
};
+#define RTA_FWMARK RTA_PROTOINFO
+#define RTA_FWMARK_MASK RTA_CACHEINFO
+
#define RTA_MAX (__RTA_MAX - 1)
#define RTM_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct rtmsg))))
#define RTM_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct rtmsg))
diff --git a/ip/iprule.c b/ip/iprule.c
index ccf699f..90ffcce 100644
--- a/ip/iprule.c
+++ b/ip/iprule.c
@@ -33,11 +33,11 @@ extern struct rtnl_handle rth;
static void usage(void) __attribute__((noreturn));
static void usage(void)
{
fprintf(stderr, "Usage: ip rule [ list | add | del | flush ] SELECTOR ACTION\n");
- fprintf(stderr, "SELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK ]\n");
+ fprintf(stderr, "SELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK ] [ fwmarkmask MASK ]\n");
fprintf(stderr, " [ dev STRING ] [ pref NUMBER ]\n");
fprintf(stderr, "ACTION := [ table TABLE_ID ]\n");
fprintf(stderr, " [ prohibit | reject | unreachable ]\n");
fprintf(stderr, " [ realms [SRCREALM/]DSTREALM ]\n");
fprintf(stderr, "TABLE_ID := [ local | main | default | NUMBER ]\n");
@@ -119,14 +119,22 @@ static int print_rule(const struct socka
if (r->rtm_tos) {
SPRINT_BUF(b1);
fprintf(fp, "tos %s ", rtnl_dsfield_n2a(r->rtm_tos, b1, sizeof(b1)));
}
- if (tb[RTA_PROTOINFO]) {
- fprintf(fp, "fwmark %#x ", *(__u32*)RTA_DATA(tb[RTA_PROTOINFO]));
+ if (tb[RTA_FWMARK]) {
+ __u32 value = *(__u32*)RTA_DATA(tb[RTA_PROTOINFO]);
+ if (tb[RTA_FWMARK_MASK]) {
+ __u32 mask;
+ mask=*(__u32*)RTA_DATA(tb[RTA_FWMARK_MASK]);
+ fprintf(fp, "fwmark %#x&%#x ", value, mask);
+ } else {
+ fprintf(fp, "fwmark %#x&0xffffffff ", value);
+ }
}
+
if (tb[RTA_IIF]) {
fprintf(fp, "iif %s ", (char*)RTA_DATA(tb[RTA_IIF]));
}
if (r->rtm_table)
@@ -242,11 +250,17 @@ static int iprule_modify(int cmd, int ar
} else if (strcmp(*argv, "fwmark") == 0) {
__u32 fwmark;
NEXT_ARG();
if (get_u32(&fwmark, *argv, 0))
invarg("fwmark value is invalid\n", *argv);
- addattr32(&req.n, sizeof(req), RTA_PROTOINFO, fwmark);
+ addattr32(&req.n, sizeof(req), RTA_FWMARK, fwmark);
+ } else if (strcmp(*argv, "fwmarkmask") == 0) {
+ __u32 fwmarkmask;
+ NEXT_ARG();
+ if (get_u32(&fwmarkmask, *argv, 0))
+ invarg("fwmarkmask value is invalid\n", *argv);
+ addattr32(&req.n, sizeof(req), RTA_FWMARK_MASK, fwmarkmask);
} else if (matches(*argv, "realms") == 0) {
__u32 realm;
NEXT_ARG();
if (get_rt_realms(&realm, *argv))
invarg("invalid realms\n", *argv);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 480 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20060220/97ae26c4/attachment.pgp
More information about the netfilter-devel
mailing list