summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Josefsson <gandalf@wlug.westbo.se>2004-05-26 21:56:26 +0000
committerMartin Josefsson <gandalf@wlug.westbo.se>2004-05-26 21:56:26 +0000
commitc5617bf84475028dd1663cde076b93f355ce42a7 (patch)
tree198938989ba4ca43c19bc02c100af0aca8d06e15
parenta28d495285ad7dd9f286d63958cf20d74eec6bcb (diff)
With a 64bit kernel only the high 32bits of nfmark was used regardless of
32/64bit userspace. This makes it quite hard to interoperate with 'tc'. Sync ipv6 versions with ipv4 versions. Tested on x86 and sparc64 with both 32bit and 64bit userspace.
-rw-r--r--extensions/libip6t_MARK.c33
-rw-r--r--extensions/libip6t_mark.c46
-rw-r--r--extensions/libipt_MARK.c27
-rw-r--r--extensions/libipt_mark.c22
-rw-r--r--include/linux/netfilter_ipv4/ipt_MARK.h12
-rw-r--r--include/linux/netfilter_ipv4/ipt_mark.h13
-rw-r--r--include/linux/netfilter_ipv6/ip6t_MARK.h12
-rw-r--r--include/linux/netfilter_ipv6/ip6t_mark.h13
8 files changed, 154 insertions, 24 deletions
diff --git a/extensions/libip6t_MARK.c b/extensions/libip6t_MARK.c
index 292f9571..a7f1a9d4 100644
--- a/extensions/libip6t_MARK.c
+++ b/extensions/libip6t_MARK.c
@@ -6,7 +6,8 @@
#include <ip6tables.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
-#include <linux/netfilter_ipv6/ip6t_MARK.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv6/ip6t_MARK.h"
/* Function which prints out usage message. */
static void
@@ -41,10 +42,14 @@ parse(int c, char **argv, int invert, unsigned int *flags,
= (struct ip6t_mark_target_info *)(*target)->data;
switch (c) {
- char *end;
case '1':
- markinfo->mark = strtoul(optarg, &end, 0);
- if (*end != '\0' || end == optarg)
+#ifdef KERNEL_64_USERSPACE_32
+ if (string_to_number_ll(optarg, 0, 0,
+ &markinfo->mark))
+#else
+ if (string_to_number_l(optarg, 0, 0,
+ &markinfo->mark))
+#endif
exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
if (*flags)
exit_error(PARAMETER_PROBLEM,
@@ -67,6 +72,20 @@ final_check(unsigned int flags)
"MARK target: Parameter --set-mark is required");
}
+#ifdef KERNEL_64_USERSPACE_32
+static void
+print_mark(unsigned long long mark)
+{
+ printf("0x%llx ", mark);
+}
+#else
+static void
+print_mark(unsigned long mark)
+{
+ printf("0x%lx ", mark);
+}
+#endif
+
/* Prints out the targinfo. */
static void
print(const struct ip6t_ip6 *ip,
@@ -76,7 +95,8 @@ print(const struct ip6t_ip6 *ip,
const struct ip6t_mark_target_info *markinfo =
(const struct ip6t_mark_target_info *)target->data;
- printf("MARK set 0x%lx ", markinfo->mark);
+ printf("MARK set ");
+ print_mark(markinfo->mark);
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
@@ -86,7 +106,8 @@ save(const struct ip6t_ip6 *ip, const struct ip6t_entry_target *target)
const struct ip6t_mark_target_info *markinfo =
(const struct ip6t_mark_target_info *)target->data;
- printf("--set-mark 0x%lx ", markinfo->mark);
+ printf("--set-mark ");
+ print_mark(markinfo->mark);
}
static
diff --git a/extensions/libip6t_mark.c b/extensions/libip6t_mark.c
index 4aa606e3..5f335ebe 100644
--- a/extensions/libip6t_mark.c
+++ b/extensions/libip6t_mark.c
@@ -6,7 +6,8 @@
#include <getopt.h>
#include <ip6tables.h>
-#include <linux/netfilter_ipv6/ip6t_mark.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv6/ip6t_mark.h"
/* Function which prints out usage message. */
static void
@@ -46,11 +47,19 @@ parse(int c, char **argv, int invert, unsigned int *flags,
char *end;
case '1':
check_inverse(optarg, &invert, &optind, 0);
+#ifdef KERNEL_64_USERSPACE_32
+ markinfo->mark = strtoull(optarg, &end, 0);
+ if (*end == '/') {
+ markinfo->mask = strtoull(end+1, &end, 0);
+ } else
+ markinfo->mask = 0xffffffffffffffffULL;
+#else
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
} else
markinfo->mask = 0xffffffff;
+#endif
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
if (invert)
@@ -64,17 +73,25 @@ parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
+#ifdef KERNEL_64_USERSPACE_32
static void
-print_mark(unsigned long mark, unsigned long mask, int invert, int numeric)
+print_mark(unsigned long long mark, unsigned long long mask, int numeric)
+{
+ if(mask != 0xffffffffffffffffULL)
+ printf("0x%llx/0x%llx ", mark, mask);
+ else
+ printf("0x%llx ", mark);
+}
+#else
+static void
+print_mark(unsigned long mark, unsigned long mask, int numeric)
{
- if (invert)
- fputc('!', stdout);
-
if(mask != 0xffffffff)
printf("0x%lx/0x%lx ", mark, mask);
else
printf("0x%lx ", mark);
}
+#endif
/* Final check; must have specified --mark. */
static void
@@ -91,20 +108,27 @@ print(const struct ip6t_ip6 *ip,
const struct ip6t_entry_match *match,
int numeric)
{
+ struct ip6t_mark_info *info = (struct ip6t_mark_info *)match->data;
+
printf("MARK match ");
- print_mark(((struct ip6t_mark_info *)match->data)->mark,
- ((struct ip6t_mark_info *)match->data)->mask,
- ((struct ip6t_mark_info *)match->data)->invert, numeric);
+
+ if (info->invert)
+ printf("!");
+
+ print_mark(info->mark, info->mask, numeric);
}
/* Saves the union ip6t_matchinfo in parsable form to stdout. */
static void
save(const struct ip6t_ip6 *ip, const struct ip6t_entry_match *match)
{
+ struct ip6t_mark_info *info = (struct ip6t_mark_info *)match->data;
+
+ if (info->invert)
+ printf("! ");
+
printf("--mark ");
- print_mark(((struct ip6t_mark_info *)match->data)->mark,
- ((struct ip6t_mark_info *)match->data)->mask,
- ((struct ip6t_mark_info *)match->data)->invert, 0);
+ print_mark(info->mark, info->mask, 0);
}
static
diff --git a/extensions/libipt_MARK.c b/extensions/libipt_MARK.c
index 0a96e39f..56b09f57 100644
--- a/extensions/libipt_MARK.c
+++ b/extensions/libipt_MARK.c
@@ -6,7 +6,8 @@
#include <iptables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_MARK.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv4/ipt_MARK.h"
/* Function which prints out usage message. */
static void
@@ -42,8 +43,13 @@ parse(int c, char **argv, int invert, unsigned int *flags,
switch (c) {
case '1':
- if (string_to_number(optarg, 0, 0xffffffff,
- (unsigned int *)&markinfo->mark))
+#ifdef KERNEL_64_USERSPACE_32
+ if (string_to_number_ll(optarg, 0, 0,
+ &markinfo->mark))
+#else
+ if (string_to_number_l(optarg, 0, 0,
+ &markinfo->mark))
+#endif
exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
if (*flags)
exit_error(PARAMETER_PROBLEM,
@@ -66,11 +72,19 @@ final_check(unsigned int flags)
"MARK target: Parameter --set-mark is required");
}
+#ifdef KERNEL_64_USERSPACE_32
static void
-print_mark(unsigned long mark, int numeric)
+print_mark(unsigned long long mark)
+{
+ printf("0x%llx ", mark);
+}
+#else
+static void
+print_mark(unsigned long mark)
{
printf("0x%lx ", mark);
}
+#endif
/* Prints out the targinfo. */
static void
@@ -81,7 +95,7 @@ print(const struct ipt_ip *ip,
const struct ipt_mark_target_info *markinfo =
(const struct ipt_mark_target_info *)target->data;
printf("MARK set ");
- print_mark(markinfo->mark, numeric);
+ print_mark(markinfo->mark);
}
/* Saves the union ipt_targinfo in parsable form to stdout. */
@@ -91,7 +105,8 @@ save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
const struct ipt_mark_target_info *markinfo =
(const struct ipt_mark_target_info *)target->data;
- printf("--set-mark 0x%lx ", markinfo->mark);
+ printf("--set-mark ");
+ print_mark(markinfo->mark);
}
static
diff --git a/extensions/libipt_mark.c b/extensions/libipt_mark.c
index 4aa780bc..14e179ae 100644
--- a/extensions/libipt_mark.c
+++ b/extensions/libipt_mark.c
@@ -6,7 +6,8 @@
#include <getopt.h>
#include <iptables.h>
-#include <linux/netfilter_ipv4/ipt_mark.h>
+/* For 64bit kernel / 32bit userspace */
+#include "../include/linux/netfilter_ipv4/ipt_mark.h"
/* Function which prints out usage message. */
static void
@@ -46,11 +47,19 @@ parse(int c, char **argv, int invert, unsigned int *flags,
char *end;
case '1':
check_inverse(optarg, &invert, &optind, 0);
+#ifdef KERNEL_64_USERSPACE_32
+ markinfo->mark = strtoull(optarg, &end, 0);
+ if (*end == '/') {
+ markinfo->mask = strtoull(end+1, &end, 0);
+ } else
+ markinfo->mask = 0xffffffffffffffffULL;
+#else
markinfo->mark = strtoul(optarg, &end, 0);
if (*end == '/') {
markinfo->mask = strtoul(end+1, &end, 0);
} else
markinfo->mask = 0xffffffff;
+#endif
if (*end != '\0' || end == optarg)
exit_error(PARAMETER_PROBLEM, "Bad MARK value `%s'", optarg);
if (invert)
@@ -64,6 +73,16 @@ parse(int c, char **argv, int invert, unsigned int *flags,
return 1;
}
+#ifdef KERNEL_64_USERSPACE_32
+static void
+print_mark(unsigned long long mark, unsigned long long mask, int numeric)
+{
+ if(mask != 0xffffffffffffffffULL)
+ printf("0x%llx/0x%llx ", mark, mask);
+ else
+ printf("0x%llx ", mark);
+}
+#else
static void
print_mark(unsigned long mark, unsigned long mask, int numeric)
{
@@ -72,6 +91,7 @@ print_mark(unsigned long mark, unsigned long mask, int numeric)
else
printf("0x%lx ", mark);
}
+#endif
/* Final check; must have specified --mark. */
static void
diff --git a/include/linux/netfilter_ipv4/ipt_MARK.h b/include/linux/netfilter_ipv4/ipt_MARK.h
new file mode 100644
index 00000000..6febfe64
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_MARK.h
@@ -0,0 +1,12 @@
+#ifndef _IPT_MARK_H_target
+#define _IPT_MARK_H_target
+
+struct ipt_mark_target_info {
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned long long mark;
+#else
+ unsigned long mark;
+#endif
+};
+
+#endif /*_IPT_MARK_H_target*/
diff --git a/include/linux/netfilter_ipv4/ipt_mark.h b/include/linux/netfilter_ipv4/ipt_mark.h
new file mode 100644
index 00000000..b9e79fd2
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_mark.h
@@ -0,0 +1,13 @@
+#ifndef _IPT_MARK_H
+#define _IPT_MARK_H
+
+struct ipt_mark_info {
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned long long mark, mask;
+#else
+ unsigned long mark, mask;
+#endif
+ u_int8_t invert;
+};
+
+#endif /*_IPT_MARK_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_MARK.h b/include/linux/netfilter_ipv6/ip6t_MARK.h
new file mode 100644
index 00000000..06949b82
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_MARK.h
@@ -0,0 +1,12 @@
+#ifndef _IP6T_MARK_H_target
+#define _IP6T_MARK_H_target
+
+struct ip6t_mark_target_info {
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned long long mark;
+#else
+ unsigned long mark;
+#endif
+};
+
+#endif /*_IPT_MARK_H_target*/
diff --git a/include/linux/netfilter_ipv6/ip6t_mark.h b/include/linux/netfilter_ipv6/ip6t_mark.h
new file mode 100644
index 00000000..7ede185e
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_mark.h
@@ -0,0 +1,13 @@
+#ifndef _IP6T_MARK_H
+#define _IP6T_MARK_H
+
+struct ip6t_mark_info {
+#ifdef KERNEL_64_USERSPACE_32
+ unsigned long long mark, mask;
+#else
+ unsigned long mark, mask;
+#endif
+ u_int8_t invert;
+};
+
+#endif /*_IPT_MARK_H*/