[PATCH V3 0/2] add mark target

[PATCH V3 0/2] add mark target

[Zhang Chunyu]

v1:
  add mark target for arptables

v2:
  add --and-mark
  add --or-mark
  add revision for common api

v3:
  fold 2/4, 3/4 and 4/4 patch into one single patch
  use C99 initialization
  change some format

Zhang Chunyu (2):
  Add MARK target for arptables

 arptables.8                              |  17 ++++
 arptables.c                              |   2 +
 extensions/Makefile                      |   2 +-
 extensions/arpt_CLASSIFY.c               |   1 +
 extensions/arpt_MARK.c                   | 151 +++++++++++++++++++++++++++++++
 extensions/arpt_mangle.c                 |   1 +
 extensions/arpt_standard.c               |   1 +
 include/arptables.h                      |   6 ++
 include/linux/netfilter_arp/arp_tables.h |   3 +-
 9 files changed, 182 insertions(+), 2 deletions(-)
 create mode 100644 extensions/arpt_MARK.c

-- 
1.7.12.4

[PATCH V3 1/2] Add revision field for xt_entry_target

[Zhang Chunyu]

From: zhangcy <zhangcy@cn.fujitsu.com>

This filed is useful if we want to add TARGET which
has revision for arptables rules.

Also make sure xt_entry_target is consistent with
the definition in kernel.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Zhang Chunyu <zhangcy@cn.fujitsu.com>
---
 arptables.c                              | 2 ++
 extensions/arpt_CLASSIFY.c               | 1 +
 extensions/arpt_mangle.c                 | 1 +
 extensions/arpt_standard.c               | 1 +
 include/arptables.h                      | 6 ++++++
 include/linux/netfilter_arp/arp_tables.h | 3 ++-
 6 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/arptables.c b/arptables.c
index 845e226..3f24ef1 100644
--- a/arptables.c
+++ b/arptables.c
@@ -2067,6 +2067,7 @@ int do_command(int argc, char *argv[], char **table, arptc_handle_t *handle)
 				target->t->u.target_size = size;
 				strncpy(target->t->u.user.name, jumpto, sizeof(target->t->u.user.name));
 				target->t->u.user.name[sizeof(target->t->u.user.name)-1] = '\0';
+				target->t->u.user.revision = target->revision;
 /*
 				target->init(target->t, &fw.nfcache);
 */
@@ -2391,6 +2392,7 @@ int do_command(int argc, char *argv[], char **table, arptc_handle_t *handle)
 			target->t = fw_calloc(1, size);
 			target->t->u.target_size = size;
 			strcpy(target->t->u.user.name, jumpto);
+			target->t->u.user.revision = target->revision;
 			target->init(target->t);
 		}
 
diff --git a/extensions/arpt_CLASSIFY.c b/extensions/arpt_CLASSIFY.c
index cb5770b..7893aed 100644
--- a/extensions/arpt_CLASSIFY.c
+++ b/extensions/arpt_CLASSIFY.c
@@ -105,6 +105,7 @@ struct arptables_target classify
 	ARPTABLES_VERSION,
 	ARPT_ALIGN(sizeof(struct xt_classify_target_info)),
 	ARPT_ALIGN(sizeof(struct xt_classify_target_info)),
+	0,
 	&help,
 	&init,
 	&parse,
diff --git a/extensions/arpt_mangle.c b/extensions/arpt_mangle.c
index c38fc16..502fc2b 100644
--- a/extensions/arpt_mangle.c
+++ b/extensions/arpt_mangle.c
@@ -199,6 +199,7 @@ struct arptables_target change
     ARPTABLES_VERSION,
     ARPT_ALIGN(sizeof(struct arpt_mangle)),
     ARPT_ALIGN(sizeof(struct arpt_mangle)),
+	0,
     &help,
     &init,
     &parse,
diff --git a/extensions/arpt_standard.c b/extensions/arpt_standard.c
index cb3891d..c647316 100644
--- a/extensions/arpt_standard.c
+++ b/extensions/arpt_standard.c
@@ -54,6 +54,7 @@ struct arptables_target standard
     ARPTABLES_VERSION,
     ARPT_ALIGN(sizeof(int)),
     ARPT_ALIGN(sizeof(int)),
+	0,
     &help,
     &init,
     &parse,
diff --git a/include/arptables.h b/include/arptables.h
index 820b664..82e6e9a 100644
--- a/include/arptables.h
+++ b/include/arptables.h
@@ -32,6 +32,9 @@ struct arptables_match
 	/* Size of match data relevent for userspace comparison purposes */
 	size_t userspacesize;
 
+	/* Revision of target (0 by default). */
+	u_int8_t revision;
+
 	/* Function which prints out usage message. */
 	void (*help)(void);
 
@@ -81,6 +84,9 @@ struct arptables_target
 	/* Size of target data relevent for userspace comparison purposes */
 	size_t userspacesize;
 
+	/* Revision of target (0 by default). */
+	u_int8_t revision;
+
 	/* Function which prints out usage message. */
 	void (*help)(void);
 
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index 0acda66..0bf2457 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -19,7 +19,7 @@
 
 #include <linux/netfilter_arp.h>
 
-#define ARPT_FUNCTION_MAXNAMELEN 30
+#define ARPT_FUNCTION_MAXNAMELEN 29
 #define ARPT_TABLE_MAXNAMELEN 32
 
 #define ARPT_DEV_ADDR_LEN_MAX 16
@@ -69,6 +69,7 @@ struct arpt_entry_target
 
 			/* Used by userspace */
 			char name[ARPT_FUNCTION_MAXNAMELEN];
+			u_int8_t revision;
 		} user;
 		struct {
 			u_int16_t target_size;
-- 
1.7.12.4

[PATCH V3 2/2] Add MARK target for arptables

[Zhang Chunyu]

We can use MARK target to set make value for arp packet.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Zhang Chunyu <zhangcy@cn.fujitsu.com>
---
 arptables.8            |  17 ++++++
 extensions/Makefile    |   2 +-
 extensions/arpt_MARK.c | 151 +++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 169 insertions(+), 1 deletion(-)
 create mode 100644 extensions/arpt_MARK.c

diff --git a/arptables.8 b/arptables.8
index 78b2c60..676b884 100644
--- a/arptables.8
+++ b/arptables.8
@@ -315,6 +315,23 @@ sify the packet into a specific CBQ class).
 Set the major and minor  class  value.  The  values  are  always
 interpreted as hexadecimal even if no 0x prefix is given.
 
+.SS MARK
+This  module  allows you to set the skb->mark value (and thus classify
+the packet by the mark in u32)
+
+.TP
+.BR "--set-mark mark"
+Set the mark value. The  values  are  always
+interpreted as hexadecimal even if no 0x prefix is given
+
+.TP
+.BR "--and-mark mark"
+Binary AND the mark with bits.
+
+.TP
+.BR "--or-mark mark"
+Binary OR the mark with bits.
+
 .SH MAILINGLISTS
 .BR "" "See " http://netfilter.org/mailinglists.html
 .SH SEE ALSO
diff --git a/extensions/Makefile b/extensions/Makefile
index 09b244e..0189cc9 100644
--- a/extensions/Makefile
+++ b/extensions/Makefile
@@ -1,6 +1,6 @@
 #! /usr/bin/make
 
-EXT_FUNC+=standard mangle CLASSIFY
+EXT_FUNC+=standard mangle CLASSIFY MARK
 EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/arpt_$(T).o)
 
 extensions/ebt_%.o: extensions/arpt_%.c include/arptables.h include/arptables_common.h
diff --git a/extensions/arpt_MARK.c b/extensions/arpt_MARK.c
new file mode 100644
index 0000000..698161e
--- /dev/null
+++ b/extensions/arpt_MARK.c
@@ -0,0 +1,151 @@
+/*
+ * (C) 2014 by Gao Feng <gaofeng@cn.fujitsu.com>
+ *
+ * arpt_MARK.c -- arptables extension to set mark for arp packet
+ *
+ *	This program is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *
+ *	This program is distributed in the hope that it will be useful,
+ *	but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *	GNU General Public License for more details.
+ *
+ *	You should have received a copy of the GNU General Public License
+ *	along with this program; if not, write to the Free Software
+ *	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#include <stdio.h>
+#include <getopt.h>
+#include <arptables.h>
+#include <linux/netfilter/xt_mark.h>
+#include <linux/netfilter/xt_MARK.h>
+#include <linux/netfilter/x_tables.h>
+
+static void help(void)
+{
+	printf(
+"MARK target v%s options:\n"
+"--set-mark mark : set the mark value\n"
+"--and-mark value : binary AND the mark with value\n"
+"--or-mark value : binary OR the mark with value\n",
+	ARPTABLES_VERSION);
+}
+
+#define MARK_OPT 1
+#define AND_MARK_OPT 2
+#define OR_MARK_OPT 3
+
+
+static struct option opts[] = {
+	{ .name = "set-mark", .has_arg = required_argument, .flag = 0, .val = MARK_OPT },
+	{ .name = "and-mark", .has_arg = required_argument, .flag = 0, .val = AND_MARK_OPT },
+	{ .name = "or-mark", .has_arg = required_argument, .flag = 0, .val =  OR_MARK_OPT },
+	{ .name = NULL}
+};
+
+static void init(struct arpt_entry_target *t)
+{
+	struct xt_mark_tginfo2 *info = (struct xt_mark_tginfo2 *) t->data;
+
+	info->mark = 0;
+}
+
+static int parse(int c, char **argv, int invert, unsigned int *flags,
+	const struct arpt_entry *e,
+	struct arpt_entry_target **t)
+{
+	struct xt_mark_tginfo2 *info = (struct xt_mark_tginfo2 *)(*t)->data;
+	int i;
+
+	switch (c) {
+	case MARK_OPT:
+		if (sscanf(argv[optind-1], "%x", &i) != 1) {
+			exit_error(PARAMETER_PROBLEM,
+				"Bad mark value `%s'", optarg);
+			return 0;
+		}
+		info->mark = i;
+		if (*flags)
+			exit_error(PARAMETER_PROBLEM,
+				"MARK: Can't specify --set-mark twice");
+		*flags = 1;
+		break;
+	case AND_MARK_OPT:
+		if (sscanf(argv[optind-1], "%x", &i) != 1) {
+			exit_error(PARAMETER_PROBLEM,
+				"Bad mark value `%s'", optarg);
+			return 0;
+		}
+		info->mark = 0;
+		info->mask = ~i;
+		if (*flags)
+			exit_error(PARAMETER_PROBLEM,
+				"MARK: Can't specify --and-mark twice");
+		*flags = 1;
+		break;
+	case OR_MARK_OPT:
+		if (sscanf(argv[optind-1], "%x", &i) != 1) {
+			exit_error(PARAMETER_PROBLEM,
+				"Bad mark value `%s'", optarg);
+			return 0;
+		}
+		info->mark = info->mask = i;
+		if (*flags)
+			exit_error(PARAMETER_PROBLEM,
+				"MARK: Can't specify --or-mark twice");
+		*flags = 1;
+		break;
+	default:
+		return 0;
+	}
+	return 1;
+}
+
+static void final_check(unsigned int flags)
+{
+	if (!flags)
+		exit_error(PARAMETER_PROBLEM, "MARK: Parameter --set-mark/--and-mark/--or-mark is required");
+}
+
+static void print(const struct arpt_arp *ip,
+	const struct arpt_entry_target *target, int numeric)
+{
+	struct xt_mark_tginfo2 *info = (struct xt_mark_tginfo2 *)(target->data);
+	
+	if (info->mark == 0)
+		printf("--and-mark %x", (unsigned int)(uint32_t)~info->mask);
+	else if (info->mark == info->mask)
+		printf("--or-mark %x", info->mark);
+	else
+		printf("--set-mark %x", info->mark);
+}
+
+static void save(const struct arpt_arp *ip, const struct arpt_entry_target *target)
+{
+}
+
+static struct arptables_target mark = {
+	.next          = NULL,
+	.name          = "MARK",
+	.version       = ARPTABLES_VERSION,
+	.size          = ARPT_ALIGN(sizeof(struct xt_mark_tginfo2)),
+	.userspacesize = ARPT_ALIGN(sizeof(struct xt_mark_tginfo2)),
+	.revision      = 2,
+	.help          = help,
+	.init          = init,
+	.parse         = parse,
+	.final_check   = final_check,
+	.print         = print,
+	.save          = save,
+	.extra_opts    = opts
+};
+
+static void _init(void) __attribute__ ((constructor));
+static void _init(void)
+{
+	register_target(&mark);
+}
-- 
1.7.12.4

Re: [PATCH V3 1/2] Add revision field for xt_entry_target

[Pablo Neira Ayuso]

On Thu, Mar 26, 2015 at 05:33:29AM -0400, Zhang Chunyu wrote:
> ---
>  arptables.c                              | 2 ++
>  extensions/arpt_CLASSIFY.c               | 1 +
>  extensions/arpt_mangle.c                 | 1 +
>  extensions/arpt_standard.c               | 1 +
>  include/arptables.h                      | 6 ++++++
>  include/linux/netfilter_arp/arp_tables.h | 3 ++-
>  6 files changed, 13 insertions(+), 1 deletion(-)
>
[...] 
> diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
> index 0acda66..0bf2457 100644
> --- a/include/linux/netfilter_arp/arp_tables.h
> +++ b/include/linux/netfilter_arp/arp_tables.h
> @@ -19,7 +19,7 @@
>  
>  #include <linux/netfilter_arp.h>
>  
> -#define ARPT_FUNCTION_MAXNAMELEN 30
> +#define ARPT_FUNCTION_MAXNAMELEN 29
>  #define ARPT_TABLE_MAXNAMELEN 32
>  
>  #define ARPT_DEV_ADDR_LEN_MAX 16
> @@ -69,6 +69,7 @@ struct arpt_entry_target
>  
>  			/* Used by userspace */
>  			char name[ARPT_FUNCTION_MAXNAMELEN];
> +			u_int8_t revision;
>  		} user;
>  		struct {
>  			u_int16_t target_size;

Could you also resubmit the kernel patch to adds this? Please, no need
to resend the full userspace series, just send the kernel patch as a
follow up.

Re: Re: [PATCH V3 1/2] Add revision field for xt_entry_target

[Zhang, Chunyu]

hi pablo

>From: Pablo Neira Ayuso
>Date: 2015-03-26
>To: Zhang, Chunyu/章 春宇
>Subject: Re: [PATCH V3 1/2] Add revision field for xt_entry_target
>
>On Thu, Mar 26, 2015 at 05:33:29AM -0400, Zhang Chunyu wrote:
>> ---
>>  arptables.c                              | 2 ++
>>  extensions/arpt_CLASSIFY.c               | 1 +
>>  extensions/arpt_mangle.c                 | 1 +
>>  extensions/arpt_standard.c               | 1 +
>>  include/arptables.h                      | 6 ++++++
>>  include/linux/netfilter_arp/arp_tables.h | 3 ++-
>>  6 files changed, 13 insertions(+), 1 deletion(-)
>>
>[...]
>> diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
>> index 0acda66..0bf2457 100644
>> --- a/include/linux/netfilter_arp/arp_tables.h
>> +++ b/include/linux/netfilter_arp/arp_tables.h
>> @@ -19,7 +19,7 @@
>> 
>>  #include <linux/netfilter_arp.h>
>> 
>> -#define ARPT_FUNCTION_MAXNAMELEN 30
>> +#define ARPT_FUNCTION_MAXNAMELEN 29
>>  #define ARPT_TABLE_MAXNAMELEN 32
>> 
>>  #define ARPT_DEV_ADDR_LEN_MAX 16
>> @@ -69,6 +69,7 @@ struct arpt_entry_target
>> 
>>                       /* Used by userspace */
>>                       char name[ARPT_FUNCTION_MAXNAMELEN];
>> +                     u_int8_t revision;
>>               } user;
>>               struct {
>>                       u_int16_t target_size;
>
>Could you also resubmit the kernel patch to adds this? Please, no need
>to resend the full userspace series, just send the kernel patch as a
>follow up.

do you mean:
> -#define ARPT_FUNCTION_MAXNAMELEN 30

> +#define ARPT_FUNCTION_MAXNAMELEN 29
do this in another  patch ,  like this ?
patch1:  change ARPT_FUNCTION_MAXNAMELEN
patch2:  add revision
patch3:  add arp mark

Re: Re: [PATCH V3 1/2] Add revision field for xt_entry_target

[Pablo Neira Ayuso]

On Fri, Mar 27, 2015 at 01:34:06AM +0000, Zhang, Chunyu wrote:
> >From: Pablo Neira Ayuso
> >Date: 2015-03-26
> >To: Zhang, Chunyu/章 春宇
> >Subject: Re: [PATCH V3 1/2] Add revision field for xt_entry_target
> >
> >Could you also resubmit the kernel patch to adds this? Please, no need
> >to resend the full userspace series, just send the kernel patch as a
> >follow up.
> 
> do you mean:
> > -#define ARPT_FUNCTION_MAXNAMELEN 30
> 
> > +#define ARPT_FUNCTION_MAXNAMELEN 29
> do this in another  patch ,  like this ?

I mean this:

http://patchwork.ozlabs.org/patch/437065/

but never mind, I'll take that original patch. Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Re: [PATCH V3 1/2] Add revision field for xt_entry_target

[Zhang, Chunyu]

>From: netfilter-devel-owner
>Date: 2015-03-27
>To: Zhang, Chunyu/章 春宇
>Subject: Re: Re: [PATCH V3 1/2] Add revision field for xt_entry_target
>
>On Fri, Mar 27, 2015 at 01:34:06AM +0000, Zhang, Chunyu wrote:
>> >From: Pablo Neira Ayuso
>> >Date: 2015-03-26
>> >To: Zhang, Chunyu/章 春宇
>> >Subject: Re: [PATCH V3 1/2] Add revision field for xt_entry_target
>> >
>> >Could you also resubmit the kernel patch to adds this? Please, no need
>> >to resend the full userspace series, just send the kernel patch as a
>> >follow up.
>>
>> do you mean:
>> > -#define ARPT_FUNCTION_MAXNAMELEN 30
>>
>> > +#define ARPT_FUNCTION_MAXNAMELEN 29
>> do this in another  patch ,  like this ?
>
>I mean this:
>
>http://patchwork.ozlabs.org/patch/437065/

ok.  get it.
will do 
>
>but never mind, I'll take that original patch. Thanks.
>--
>To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at  http://vger.kernel.org/majordomo-info.html