Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Initial import of L3DSR sources from Yahoo!

  • Loading branch information...
commit 4096f817009336e45ffea7ac1883dc1a082d7eb1 0 parents
Jan Schaumann jschauma authored

Showing 31 changed files with 2,633 additions and 0 deletions. Show diff stats Hide diff stats

  1. +32 0 README
  2. BIN  docs/nanog51.pdf
  3. +35 0 freebsd/CHANGES
  4. +29 0 freebsd/LICENSE
  5. +5 0 freebsd/README
  6. +120 0 freebsd/dscp_rewrite-install
  7. +5 0 freebsd/kmod/Makefile
  8. +280 0 freebsd/kmod/dscp_rewrite.c
  9. +339 0 linux/LICENSE
  10. +97 0 linux/Makefile
  11. +8 0 linux/README
  12. +57 0 linux/extensions/Makefile
  13. +6 0 linux/extensions/Makefile.incl
  14. +2 0  linux/extensions/README
  15. +8 0 linux/extensions/ipt_DADDR.h
  16. +154 0 linux/extensions/libipt_DADDR.c
  17. +86 0 linux/iptables-daddr.spec.sed
  18. +3 0  linux/kmod/Install.sed
  19. +94 0 linux/kmod/Makefile
  20. +7 0 linux/kmod/Makefile.incl
  21. +1 0  linux/kmod/Makefile.kmod
  22. +75 0 linux/kmod/ipt_DADDR.c
  23. +8 0 linux/kmod/ipt_DADDR.h
  24. +47 0 yvipagent/CHANGES
  25. +28 0 yvipagent/LICENSE
  26. +42 0 yvipagent/Makefile
  27. +6 0 yvipagent/README
  28. +61 0 yvipagent/doc/yvip.conf.5
  29. +114 0 yvipagent/doc/yvipagent.8
  30. +105 0 yvipagent/src/yvip.sh
  31. +779 0 yvipagent/src/yvipagent.pl
32 README
... ... @@ -0,0 +1,32 @@
  1 +Direct Server Return (DSR) load balancing is a common way to distribute
  2 +network traffic using an approach that currently requires the load
  3 +balancer and all hosts behind the Virtual IP (VIP) to be within the same
  4 +Layer 2 network. This is a severe limitation that hinders scaling VIPs
  5 +beyond a single contiguous subnet. To overcome this limitation, we
  6 +present a method to perform DSR load balancing across Layer 3 boundaries
  7 +(``L3DSR''), a solution that allows Yahoo! to serve up to ten times as
  8 +many VIPs on a single hardware Load Balancer compared to other Layer 3
  9 +load balancing methods.
  10 +
  11 +In order to overcome Layer 2 limitations, we use the 6-bit bit
  12 +Differentiated Services Code Point (DSCP) field of the IPv4 header used
  13 +for packet classification to relay information to the server. The server
  14 +inspects the header and rewrites the destination address based on the
  15 +value of the DSCP field and according to its own mapping of DSCP values to
  16 +destination addresses.
  17 +
  18 +L3DSR is currently supported by:
  19 + - A10 AX3200 >= 2.2.5
  20 + - Brocade ADX Series >= 12.1d
  21 + - Brocade/Foundry ServerIron 450
  22 + - M7 and JetCore blades
  23 + - >= 12.2.01p
  24 + - Citrix Netscaler running 8.x, 9.x
  25 +
  26 +On the server, L3DSR is currently supported by:
  27 + - FreeBSD >= 6.x
  28 + - RHEL >= 5.x
  29 +
  30 +L3DSR was developed at Yahoo! Inc. If you have questions or comments,
  31 +please contact Jan Schaumann <jschauma@yahoo-inc.com> or Carl Stanley
  32 +<cstan@yahoo-inc.com>.
BIN  docs/nanog51.pdf
Binary file not shown
35 freebsd/CHANGES
... ... @@ -0,0 +1,35 @@
  1 +Version 1.0.9 (2011-02-17)
  2 + * fix version restriction introduced in 1.0.6 that made
  3 + this package fail on FreeBSD 6.x
  4 +
  5 +Version 1.0.8 (2010-11-09)
  6 + * move unload-busy test to a point where we know the module was actually
  7 + loaded
  8 +
  9 +Version 1.0.7 (2010-11-08)
  10 + * prevent unloading of the kernel module if any vips are
  11 + configured
  12 +
  13 +Version 1.0.6 (2010-10-05):
  14 + * make this package available for FreeBSD7 by making it os
  15 + version independent and bailing out in the install script if the major
  16 + version is too low
  17 +
  18 +Version 1.0.5
  19 + * Bug 3149934
  20 +
  21 +Version 1.0.4
  22 + * Build in a temporary directory to avoid confusing yinst or
  23 + leaving stale files.
  24 +
  25 +Version 1.0.3
  26 + * Guess again at bugzilla component specification
  27 +
  28 +Version 1.0.2
  29 + * Bugzilla component
  30 +
  31 +Version 1.0.1
  32 + * Cosmetic packaging tweaks
  33 +
  34 +Version 1.0.0
  35 + * Initial release
29 freebsd/LICENSE
... ... @@ -0,0 +1,29 @@
  1 +Redistribution and use of this software in source and binary forms,
  2 +with or without modification, are permitted provided that the following
  3 +conditions are met:
  4 +
  5 +* Redistributions of source code must retain the above
  6 + copyright notice, this list of conditions and the
  7 + following disclaimer.
  8 +
  9 +* Redistributions in binary form must reproduce the above
  10 + copyright notice, this list of conditions and the
  11 + following disclaimer in the documentation and/or other
  12 + materials provided with the distribution.
  13 +
  14 +* Neither the name of Yahoo! Inc. nor the names of its
  15 + contributors may be used to endorse or promote products
  16 + derived from this software without specific prior
  17 + written permission of Yahoo! Inc.
  18 +
  19 +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
  20 +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  21 +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  22 +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  23 +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  24 +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  25 +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  26 +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  27 +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  28 +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  29 +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
5 freebsd/README
... ... @@ -0,0 +1,5 @@
  1 +The software in this directory comprises a very simple packet filter that
  2 +is able to rewrite the source address of IP packets by using the DSCP/TOS
  3 +field as an index into a configurable sysctl table.
  4 +
  5 +It is licensed under a 3-clause BSD license.
120 freebsd/dscp_rewrite-install
... ... @@ -0,0 +1,120 @@
  1 +#!/usr/local/bin/perl -w
  2 +#
  3 +# Copyright (c) 2008,2009,2010,2011 Yahoo! Inc. All rights reserved.
  4 +#
  5 +# Originally written by John Baldwin in July 2008.
  6 +
  7 +# Redistribution and use of this software in source and binary forms,
  8 +# with or without modification, are permitted provided that the following
  9 +# conditions are met:
  10 +#
  11 +# * Redistributions of source code must retain the above
  12 +# copyright notice, this list of conditions and the
  13 +# following disclaimer.
  14 +#
  15 +# * Redistributions in binary form must reproduce the above
  16 +# copyright notice, this list of conditions and the
  17 +# following disclaimer in the documentation and/or other
  18 +# materials provided with the distribution.
  19 +#
  20 +# * Neither the name of Yahoo! Inc. nor the names of its
  21 +# contributors may be used to endorse or promote products
  22 +# derived from this software without specific prior
  23 +# written permission of Yahoo! Inc.
  24 +#
  25 +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
  26 +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  27 +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  28 +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  29 +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  30 +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  31 +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  32 +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  33 +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  34 +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  35 +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  36 +#
  37 +
  38 +$PROG = "dscp_rewrite-install";
  39 +if (@ARGV != 2) {
  40 + error_exit("Usage: $PROG <operation> <srcdir>");
  41 +}
  42 +my $os = `uname`;
  43 +my $osmaj = `uname -r`;
  44 +chomp($os,$osmaj);
  45 +$os = lc($os);
  46 +$osmaj =~ s/[^\d].*//;
  47 +my($op,$srcdir) = @ARGV;
  48 +$MOD = "dscp_rewrite";
  49 +if ($os eq "freebsd") {
  50 + if ($osmaj < 6) {
  51 + error_exit("Unsupported FreeBSD Version: $osmaj");
  52 + }
  53 + my $KERNEL = `/sbin/sysctl -n kern.bootfile`;
  54 + chomp($KERNEL);
  55 + $KERNEL_SOURCE = "/usr/src/sys";
  56 + $KERNEL_SOURCE_FILE = "$KERNEL_SOURCE/Makefile";
  57 + $MODF = "$MOD.ko";
  58 + $MODDIR = '';
  59 + my $modpath = `/sbin/sysctl -n kern.module_path`;
  60 + chomp($modpath);
  61 + for (split(/;/,$modpath)) {
  62 + if (/\/modules\/?$/) {
  63 + $MODDIR = $_;
  64 + last;
  65 + }
  66 + }
  67 + if (!-d $MODDIR) {
  68 + error_exit("Cannot locate modules directory");
  69 + }
  70 + $LOAD="/sbin/kldload $MODDIR/$MODF";
  71 + $STAT="/sbin/kldstat -n $MOD";
  72 + $UNLOAD="/sbin/kldunload -n $MOD";
  73 + $MAKEFILE = "-f Makefile";
  74 +} else {
  75 + error_exit("Unsupported OS: $os");
  76 +}
  77 +if ($op eq "DEACTIVATE") {
  78 + unlink("$MODDIR/$MODF");
  79 +} elsif ($op eq "START") {
  80 + system("$STAT");
  81 + if ($?) {
  82 + if (!-f $KERNEL_SOURCE_FILE) {
  83 + error_exit("Cannot locate kernel source tree");
  84 + }
  85 + print "$PROG: Compiling kernel module ($MOD) ...\n";
  86 + my $WRK=`mktemp -d -q /tmp/$MOD.XXXXXX`;
  87 + chomp($WRK);
  88 + if ($?) {
  89 + error_exit("Cannot make a compile directory");
  90 + }
  91 + system("mkdir -p $MODDIR");
  92 + !$? || exit(1);
  93 + system("cp -p $srcdir/Makefile $srcdir/dscp_rewrite.c $WRK");
  94 + !$? || exit(1);
  95 + system("(cd $WRK && /usr/bin/make $MAKEFILE -s clean && /usr/bin/make $MAKEFILE -s all)");
  96 + !$? || exit(1);
  97 + system("/bin/cp -p $WRK/$MODF $MODDIR");
  98 + !$? || error_exit("Unable to copy kernel module to $MODDIR");
  99 + system("/bin/rm -rf $WRK");
  100 + !$? || error_exit("Unable to delete temporary directory $WRK");
  101 + print "$PROG: Loading kernel module ...\n";
  102 + system("$LOAD");
  103 + !$? || error_exit("Unable to load kernel module");
  104 + }
  105 +} elsif ($op eq "STOP") {
  106 + system("$STAT");
  107 + if (!$?) {
  108 + print "$PROG: Unloading kernel module ...\n";
  109 + system("$UNLOAD");
  110 + if ($?) {
  111 + print "$PROG: Unable to unload $MOD kernel module.\n";
  112 + }
  113 + }
  114 +}
  115 +
  116 +
  117 +sub error_exit {
  118 + print "$PROG: $_[0]\n";
  119 + exit(1);
  120 +}
5 freebsd/kmod/Makefile
... ... @@ -0,0 +1,5 @@
  1 +
  2 +KMOD= dscp_rewrite
  3 +SRCS= dscp_rewrite.c
  4 +
  5 +.include <bsd.kmod.mk>
280 freebsd/kmod/dscp_rewrite.c
... ... @@ -0,0 +1,280 @@
  1 +/*
  2 + * Copyright (c) 2008,2009,2010,2011 Yahoo! Inc. All rights reserved.
  3 + *
  4 + * Redistribution and use of this software in source and binary forms,
  5 + * with or without modification, are permitted provided that the following
  6 + * conditions are met:
  7 + *
  8 + * * Redistributions of source code must retain the above
  9 + * copyright notice, this list of conditions and the
  10 + * following disclaimer.
  11 + *
  12 + * * Redistributions in binary form must reproduce the above
  13 + * copyright notice, this list of conditions and the
  14 + * following disclaimer in the documentation and/or other
  15 + * materials provided with the distribution.
  16 + *
  17 + * * Neither the name of Yahoo! Inc. nor the names of its
  18 + * contributors may be used to endorse or promote products
  19 + * derived from this software without specific prior
  20 + * written permission of Yahoo! Inc.
  21 + *
  22 + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
  23 + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  24 + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  25 + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  26 + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  27 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  28 + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  29 + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  30 + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  31 + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  32 + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  33 + *
  34 + */
  35 +
  36 +#include <sys/cdefs.h>
  37 +__RCSID("$Id: dscp_rewrite.c 17 2011-03-07 21:51:09Z jans $");
  38 +
  39 +#include <sys/param.h>
  40 +#include <sys/kernel.h>
  41 +#include <sys/mbuf.h>
  42 +#include <sys/module.h>
  43 +#include <sys/socket.h>
  44 +#include <sys/sysctl.h>
  45 +
  46 +#include <net/if.h>
  47 +#include <net/pfil.h>
  48 +
  49 +#include <netinet/in_systm.h>
  50 +#include <netinet/in.h>
  51 +#include <netinet/in_var.h>
  52 +#include <netinet/ip.h>
  53 +
  54 +SYSCTL_NODE(_net_inet_ip, OID_AUTO, dscp_rewrite, CTLFLAG_RD, NULL,
  55 + "DSCP rewrite source IP addresses");
  56 +
  57 +static int dscp_rewrite_enabled = 1;
  58 +SYSCTL_INT(_net_inet_ip_dscp_rewrite, OID_AUTO, enabled, CTLFLAG_RW,
  59 + &dscp_rewrite_enabled, 0, "DSCP rewrite enabled");
  60 +
  61 +static struct in_addr rewrite_addresses[64];
  62 +
  63 +static int
  64 +inet_aton(const char *cp, struct in_addr *addr)
  65 +{
  66 + u_long octets[4];
  67 + const char *c;
  68 + char *end;
  69 + int i;
  70 +
  71 + i = 0;
  72 + c = cp;
  73 + for (;;) {
  74 + octets[i] = strtoul(c, &end, 10);
  75 + if (c == end)
  76 + /* Unable to parse an octet. */
  77 + return (EINVAL);
  78 +
  79 + /* Parsed the whole string? */
  80 + if (*end == '\0')
  81 + break;
  82 +
  83 + /* Next octet? */
  84 + if (*end == '.') {
  85 + if (i == 3)
  86 + /* Too many octets. */
  87 + return (EINVAL);
  88 + c = end + 1;
  89 + i++;
  90 + } else
  91 + /* Invalid character. */
  92 + return (EINVAL);
  93 + }
  94 +
  95 + if (i != 3)
  96 + /* Not enough octets. */
  97 + return (EINVAL);
  98 +
  99 + /* Range-check all the octets. */
  100 + for (i = 0; i < 4; i++)
  101 + if (octets[i] > 0xff)
  102 + return (EINVAL);
  103 +
  104 + addr->s_addr = htonl(octets[0] << 24 | octets[1] << 16 |
  105 + octets[2] << 8 | octets[3]);
  106 + return (0);
  107 +}
  108 +
  109 +static int
  110 +rewrite_sysctl_handler(SYSCTL_HANDLER_ARGS)
  111 +{
  112 + char buf[24];
  113 + int error;
  114 +
  115 + inet_ntoa_r(rewrite_addresses[arg2], buf);
  116 + error = sysctl_handle_string(oidp, buf, sizeof(buf), req);
  117 + if (error)
  118 + return (error);
  119 + error = inet_aton(buf, &rewrite_addresses[arg2]);
  120 + return (error);
  121 +}
  122 +
  123 +#define DSCP_SYSCTL(index) \
  124 + SYSCTL_PROC(_net_inet_ip_dscp_rewrite, (index), index, \
  125 + CTLTYPE_STRING | CTLFLAG_RW, NULL, (index), \
  126 + rewrite_sysctl_handler, "A", "DSCP " #index " source IP")
  127 +
  128 +DSCP_SYSCTL(1);
  129 +DSCP_SYSCTL(2);
  130 +DSCP_SYSCTL(3);
  131 +DSCP_SYSCTL(4);
  132 +DSCP_SYSCTL(5);
  133 +DSCP_SYSCTL(6);
  134 +DSCP_SYSCTL(7);
  135 +DSCP_SYSCTL(8);
  136 +DSCP_SYSCTL(9);
  137 +DSCP_SYSCTL(10);
  138 +DSCP_SYSCTL(11);
  139 +DSCP_SYSCTL(12);
  140 +DSCP_SYSCTL(13);
  141 +DSCP_SYSCTL(14);
  142 +DSCP_SYSCTL(15);
  143 +DSCP_SYSCTL(16);
  144 +DSCP_SYSCTL(17);
  145 +DSCP_SYSCTL(18);
  146 +DSCP_SYSCTL(19);
  147 +DSCP_SYSCTL(20);
  148 +DSCP_SYSCTL(21);
  149 +DSCP_SYSCTL(22);
  150 +DSCP_SYSCTL(23);
  151 +DSCP_SYSCTL(24);
  152 +DSCP_SYSCTL(25);
  153 +DSCP_SYSCTL(26);
  154 +DSCP_SYSCTL(27);
  155 +DSCP_SYSCTL(28);
  156 +DSCP_SYSCTL(29);
  157 +DSCP_SYSCTL(30);
  158 +DSCP_SYSCTL(31);
  159 +DSCP_SYSCTL(32);
  160 +DSCP_SYSCTL(33);
  161 +DSCP_SYSCTL(34);
  162 +DSCP_SYSCTL(35);
  163 +DSCP_SYSCTL(36);
  164 +DSCP_SYSCTL(37);
  165 +DSCP_SYSCTL(38);
  166 +DSCP_SYSCTL(39);
  167 +DSCP_SYSCTL(40);
  168 +DSCP_SYSCTL(41);
  169 +DSCP_SYSCTL(42);
  170 +DSCP_SYSCTL(43);
  171 +DSCP_SYSCTL(44);
  172 +DSCP_SYSCTL(45);
  173 +DSCP_SYSCTL(46);
  174 +DSCP_SYSCTL(47);
  175 +DSCP_SYSCTL(48);
  176 +DSCP_SYSCTL(49);
  177 +DSCP_SYSCTL(50);
  178 +DSCP_SYSCTL(51);
  179 +DSCP_SYSCTL(52);
  180 +DSCP_SYSCTL(53);
  181 +DSCP_SYSCTL(54);
  182 +DSCP_SYSCTL(55);
  183 +DSCP_SYSCTL(56);
  184 +DSCP_SYSCTL(57);
  185 +DSCP_SYSCTL(58);
  186 +DSCP_SYSCTL(59);
  187 +DSCP_SYSCTL(60);
  188 +DSCP_SYSCTL(61);
  189 +DSCP_SYSCTL(62);
  190 +DSCP_SYSCTL(63);
  191 +
  192 +static int
  193 +dscp_rewrite_in(void *arg, struct mbuf **m0, struct ifnet *ifp, int dir,
  194 + struct inpcb *inp)
  195 +{
  196 + struct mbuf *m;
  197 + struct ip *ip;
  198 + int i;
  199 +
  200 + KASSERT(dir == PFIL_IN, ("dscp_rewrite_in wrong direction!"));
  201 +
  202 + if (!dscp_rewrite_enabled)
  203 + return (0);
  204 +
  205 + m = *m0;
  206 +
  207 + /*
  208 + * Find the IP header. Note that we assume that the full
  209 + * header is in the first mbuf since ip_input() would have
  210 + * already done an m_pullup() to that effect.
  211 + */
  212 + ip = mtod(m, struct ip *);
  213 +
  214 + /* Extract DSCP field to get index into table;
  215 + * DSCP is the first 6 bits of the 8 bit TOS field. */
  216 + i = ip->ip_tos >> 2;
  217 +
  218 + /* DSCP 0 is always passed through untouched. */
  219 + if (i == 0)
  220 + return (0);
  221 +
  222 + /* If the destination IP for this index is 0, then bail. */
  223 + if (rewrite_addresses[i].s_addr == 0)
  224 + return (0);
  225 +
  226 + ip->ip_dst = rewrite_addresses[i];
  227 +
  228 + /* XXX: Clear DSCP? */
  229 +
  230 + /*
  231 + * This intentionally does not update the checksum.
  232 + * ip_input() has already checked the checksum by the time the
  233 + * pfil hooks are run, and we are not sending this packet back
  234 + * down the stack, but up.
  235 + */
  236 + return (0);
  237 +}
  238 +
  239 +static int
  240 +dscp_rewrite_modevent(module_t mod, int type, void *arg)
  241 +{
  242 + int i;
  243 + struct pfil_head *pfh_inet;
  244 +
  245 + switch (type) {
  246 + case MOD_LOAD:
  247 + pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
  248 + if (pfh_inet == NULL)
  249 + return (ENOENT);
  250 + pfil_add_hook(dscp_rewrite_in, NULL, PFIL_IN | PFIL_WAITOK,
  251 + pfh_inet);
  252 + break;
  253 + case MOD_UNLOAD:
  254 + pfh_inet = pfil_head_get(PFIL_TYPE_AF, AF_INET);
  255 + if (pfh_inet == NULL)
  256 + return (ENOENT);
  257 + for (i=0;i<64;i++) {
  258 + if (rewrite_addresses[i].s_addr != 0)
  259 + return (EBUSY);
  260 + }
  261 + pfil_remove_hook(dscp_rewrite_in, NULL, PFIL_IN | PFIL_WAITOK,
  262 + pfh_inet);
  263 + break;
  264 + case MOD_QUIESCE:
  265 + break;
  266 + default:
  267 + return (EOPNOTSUPP);
  268 + }
  269 + return (0);
  270 +}
  271 +
  272 +static moduledata_t dscp_rewrite_mod = {
  273 + "dscp_rewrite",
  274 + dscp_rewrite_modevent,
  275 + 0,
  276 +};
  277 +
  278 +DECLARE_MODULE(dscp_rewrite, dscp_rewrite_mod, SI_SUB_PROTO_IFATTACHDOMAIN,
  279 + SI_ORDER_ANY);
  280 +MODULE_VERSION(dscp_rewrite, 1);
339 linux/LICENSE
... ... @@ -0,0 +1,339 @@
  1 + GNU GENERAL PUBLIC LICENSE
  2 + Version 2, June 1991
  3 +
  4 + Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
  5 + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  6 + Everyone is permitted to copy and distribute verbatim copies
  7 + of this license document, but changing it is not allowed.
  8 +
  9 + Preamble
  10 +
  11 + The licenses for most software are designed to take away your
  12 +freedom to share and change it. By contrast, the GNU General Public
  13 +License is intended to guarantee your freedom to share and change free
  14 +software--to make sure the software is free for all its users. This
  15 +General Public License applies to most of the Free Software
  16 +Foundation's software and to any other program whose authors commit to
  17 +using it. (Some other Free Software Foundation software is covered by
  18 +the GNU Lesser General Public License instead.) You can apply it to
  19 +your programs, too.
  20 +
  21 + When we speak of free software, we are referring to freedom, not
  22 +price. Our General Public Licenses are designed to make sure that you
  23 +have the freedom to distribute copies of free software (and charge for
  24 +this service if you wish), that you receive source code or can get it
  25 +if you want it, that you can change the software or use pieces of it
  26 +in new free programs; and that you know you can do these things.
  27 +
  28 + To protect your rights, we need to make restrictions that forbid
  29 +anyone to deny you these rights or to ask you to surrender the rights.
  30 +These restrictions translate to certain responsibilities for you if you
  31 +distribute copies of the software, or if you modify it.
  32 +
  33 + For example, if you distribute copies of such a program, whether
  34 +gratis or for a fee, you must give the recipients all the rights that
  35 +you have. You must make sure that they, too, receive or can get the
  36 +source code. And you must show them these terms so they know their
  37 +rights.
  38 +
  39 + We protect your rights with two steps: (1) copyright the software, and
  40 +(2) offer you this license which gives you legal permission to copy,
  41 +distribute and/or modify the software.
  42 +
  43 + Also, for each author's protection and ours, we want to make certain
  44 +that everyone understands that there is no warranty for this free
  45 +software. If the software is modified by someone else and passed on, we
  46 +want its recipients to know that what they have is not the original, so
  47 +that any problems introduced by others will not reflect on the original
  48 +authors' reputations.
  49 +
  50 + Finally, any free program is threatened constantly by software
  51 +patents. We wish to avoid the danger that redistributors of a free
  52 +program will individually obtain patent licenses, in effect making the
  53 +program proprietary. To prevent this, we have made it clear that any
  54 +patent must be licensed for everyone's free use or not licensed at all.
  55 +
  56 + The precise terms and conditions for copying, distribution and
  57 +modification follow.
  58 +
  59 + GNU GENERAL PUBLIC LICENSE
  60 + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  61 +
  62 + 0. This License applies to any program or other work which contains
  63 +a notice placed by the copyright holder saying it may be distributed
  64 +under the terms of this General Public License. The "Program", below,
  65 +refers to any such program or work, and a "work based on the Program"
  66 +means either the Program or any derivative work under copyright law:
  67 +that is to say, a work containing the Program or a portion of it,
  68 +either verbatim or with modifications and/or translated into another
  69 +language. (Hereinafter, translation is included without limitation in
  70 +the term "modification".) Each licensee is addressed as "you".
  71 +
  72 +Activities other than copying, distribution and modification are not
  73 +covered by this License; they are outside its scope. The act of
  74 +running the Program is not restricted, and the output from the Program
  75 +is covered only if its contents constitute a work based on the
  76 +Program (independent of having been made by running the Program).
  77 +Whether that is true depends on what the Program does.
  78 +
  79 + 1. You may copy and distribute verbatim copies of the Program's
  80 +source code as you receive it, in any medium, provided that you
  81 +conspicuously and appropriately publish on each copy an appropriate
  82 +copyright notice and disclaimer of warranty; keep intact all the
  83 +notices that refer to this License and to the absence of any warranty;
  84 +and give any other recipients of the Program a copy of this License
  85 +along with the Program.
  86 +
  87 +You may charge a fee for the physical act of transferring a copy, and
  88 +you may at your option offer warranty protection in exchange for a fee.
  89 +
  90 + 2. You may modify your copy or copies of the Program or any portion
  91 +of it, thus forming a work based on the Program, and copy and
  92 +distribute such modifications or work under the terms of Section 1
  93 +above, provided that you also meet all of these conditions:
  94 +
  95 + a) You must cause the modified files to carry prominent notices
  96 + stating that you changed the files and the date of any change.
  97 +
  98 + b) You must cause any work that you distribute or publish, that in
  99 + whole or in part contains or is derived from the Program or any
  100 + part thereof, to be licensed as a whole at no charge to all third
  101 + parties under the terms of this License.
  102 +
  103 + c) If the modified program normally reads commands interactively
  104 + when run, you must cause it, when started running for such
  105 + interactive use in the most ordinary way, to print or display an
  106 + announcement including an appropriate copyright notice and a
  107 + notice that there is no warranty (or else, saying that you provide
  108 + a warranty) and that users may redistribute the program under
  109 + these conditions, and telling the user how to view a copy of this
  110 + License. (Exception: if the Program itself is interactive but
  111 + does not normally print such an announcement, your work based on
  112 + the Program is not required to print an announcement.)
  113 +
  114 +These requirements apply to the modified work as a whole. If
  115 +identifiable sections of that work are not derived from the Program,
  116 +and can be reasonably considered independent and separate works in
  117 +themselves, then this License, and its terms, do not apply to those
  118 +sections when you distribute them as separate works. But when you
  119 +distribute the same sections as part of a whole which is a work based
  120 +on the Program, the distribution of the whole must be on the terms of
  121 +this License, whose permissions for other licensees extend to the
  122 +entire whole, and thus to each and every part regardless of who wrote it.
  123 +
  124 +Thus, it is not the intent of this section to claim rights or contest
  125 +your rights to work written entirely by you; rather, the intent is to
  126 +exercise the right to control the distribution of derivative or
  127 +collective works based on the Program.
  128 +
  129 +In addition, mere aggregation of another work not based on the Program
  130 +with the Program (or with a work based on the Program) on a volume of
  131 +a storage or distribution medium does not bring the other work under
  132 +the scope of this License.
  133 +
  134 + 3. You may copy and distribute the Program (or a work based on it,
  135 +under Section 2) in object code or executable form under the terms of
  136 +Sections 1 and 2 above provided that you also do one of the following:
  137 +
  138 + a) Accompany it with the complete corresponding machine-readable
  139 + source code, which must be distributed under the terms of Sections
  140 + 1 and 2 above on a medium customarily used for software interchange; or,
  141 +
  142 + b) Accompany it with a written offer, valid for at least three
  143 + years, to give any third party, for a charge no more than your
  144 + cost of physically performing source distribution, a complete
  145 + machine-readable copy of the corresponding source code, to be
  146 + distributed under the terms of Sections 1 and 2 above on a medium
  147 + customarily used for software interchange; or,
  148 +
  149 + c) Accompany it with the information you received as to the offer
  150 + to distribute corresponding source code. (This alternative is
  151 + allowed only for noncommercial distribution and only if you
  152 + received the program in object code or executable form with such
  153 + an offer, in accord with Subsection b above.)
  154 +
  155 +The source code for a work means the preferred form of the work for
  156 +making modifications to it. For an executable work, complete source
  157 +code means all the source code for all modules it contains, plus any
  158 +associated interface definition files, plus the scripts used to
  159 +control compilation and installation of the executable. However, as a
  160 +special exception, the source code distributed need not include
  161 +anything that is normally distributed (in either source or binary
  162 +form) with the major components (compiler, kernel, and so on) of the
  163 +operating system on which the executable runs, unless that component
  164 +itself accompanies the executable.
  165 +
  166 +If distribution of executable or object code is made by offering
  167 +access to copy from a designated place, then offering equivalent
  168 +access to copy the source code from the same place counts as
  169 +distribution of the source code, even though third parties are not
  170 +compelled to copy the source along with the object code.
  171 +
  172 + 4. You may not copy, modify, sublicense, or distribute the Program
  173 +except as expressly provided under this License. Any attempt
  174 +otherwise to copy, modify, sublicense or distribute the Program is
  175 +void, and will automatically terminate your rights under this License.
  176 +However, parties who have received copies, or rights, from you under
  177 +this License will not have their licenses terminated so long as such
  178 +parties remain in full compliance.
  179 +
  180 + 5. You are not required to accept this License, since you have not
  181 +signed it. However, nothing else grants you permission to modify or
  182 +distribute the Program or its derivative works. These actions are
  183 +prohibited by law if you do not accept this License. Therefore, by
  184 +modifying or distributing the Program (or any work based on the
  185 +Program), you indicate your acceptance of this License to do so, and
  186 +all its terms and conditions for copying, distributing or modifying
  187 +the Program or works based on it.
  188 +
  189 + 6. Each time you redistribute the Program (or any work based on the
  190 +Program), the recipient automatically receives a license from the
  191 +original licensor to copy, distribute or modify the Program subject to
  192 +these terms and conditions. You may not impose any further
  193 +restrictions on the recipients' exercise of the rights granted herein.
  194 +You are not responsible for enforcing compliance by third parties to
  195 +this License.
  196 +
  197 + 7. If, as a consequence of a court judgment or allegation of patent
  198 +infringement or for any other reason (not limited to patent issues),
  199 +conditions are imposed on you (whether by court order, agreement or
  200 +otherwise) that contradict the conditions of this License, they do not
  201 +excuse you from the conditions of this License. If you cannot
  202 +distribute so as to satisfy simultaneously your obligations under this
  203 +License and any other pertinent obligations, then as a consequence you
  204 +may not distribute the Program at all. For example, if a patent
  205 +license would not permit royalty-free redistribution of the Program by
  206 +all those who receive copies directly or indirectly through you, then
  207 +the only way you could satisfy both it and this License would be to
  208 +refrain entirely from distribution of the Program.
  209 +
  210 +If any portion of this section is held invalid or unenforceable under
  211 +any particular circumstance, the balance of the section is intended to
  212 +apply and the section as a whole is intended to apply in other
  213 +circumstances.
  214 +
  215 +It is not the purpose of this section to induce you to infringe any
  216 +patents or other property right claims or to contest validity of any
  217 +such claims; this section has the sole purpose of protecting the
  218 +integrity of the free software distribution system, which is
  219 +implemented by public license practices. Many people have made
  220 +generous contributions to the wide range of software distributed
  221 +through that system in reliance on consistent application of that
  222 +system; it is up to the author/donor to decide if he or she is willing
  223 +to distribute software through any other system and a licensee cannot
  224 +impose that choice.
  225 +
  226 +This section is intended to make thoroughly clear what is believed to
  227 +be a consequence of the rest of this License.
  228 +
  229 + 8. If the distribution and/or use of the Program is restricted in
  230 +certain countries either by patents or by copyrighted interfaces, the
  231 +original copyright holder who places the Program under this License
  232 +may add an explicit geographical distribution limitation excluding
  233 +those countries, so that distribution is permitted only in or among
  234 +countries not thus excluded. In such case, this License incorporates
  235 +the limitation as if written in the body of this License.
  236 +
  237 + 9. The Free Software Foundation may publish revised and/or new versions
  238 +of the General Public License from time to time. Such new versions will
  239 +be similar in spirit to the present version, but may differ in detail to
  240 +address new problems or concerns.
  241 +
  242 +Each version is given a distinguishing version number. If the Program
  243 +specifies a version number of this License which applies to it and "any
  244 +later version", you have the option of following the terms and conditions
  245 +either of that version or of any later version published by the Free
  246 +Software Foundation. If the Program does not specify a version number of
  247 +this License, you may choose any version ever published by the Free Software
  248 +Foundation.
  249 +
  250 + 10. If you wish to incorporate parts of the Program into other free
  251 +programs whose distribution conditions are different, write to the author
  252 +to ask for permission. For software which is copyrighted by the Free
  253 +Software Foundation, write to the Free Software Foundation; we sometimes
  254 +make exceptions for this. Our decision will be guided by the two goals
  255 +of preserving the free status of all derivatives of our free software and
  256 +of promoting the sharing and reuse of software generally.
  257 +
  258 + NO WARRANTY
  259 +
  260 + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
  261 +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
  262 +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
  263 +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
  264 +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  265 +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
  266 +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
  267 +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
  268 +REPAIR OR CORRECTION.
  269 +
  270 + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
  271 +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
  272 +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
  273 +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
  274 +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
  275 +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
  276 +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
  277 +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
  278 +POSSIBILITY OF SUCH DAMAGES.
  279 +
  280 + END OF TERMS AND CONDITIONS
  281 +
  282 + How to Apply These Terms to Your New Programs
  283 +
  284 + If you develop a new program, and you want it to be of the greatest
  285 +possible use to the public, the best way to achieve this is to make it
  286 +free software which everyone can redistribute and change under these terms.
  287 +
  288 + To do so, attach the following notices to the program. It is safest
  289 +to attach them to the start of each source file to most effectively
  290 +convey the exclusion of warranty; and each file should have at least
  291 +the "copyright" line and a pointer to where the full notice is found.
  292 +
  293 + <one line to give the program's name and a brief idea of what it does.>
  294 + Copyright (C) <year> <name of author>
  295 +
  296 + This program is free software; you can redistribute it and/or modify
  297 + it under the terms of the GNU General Public License as published by
  298 + the Free Software Foundation; either version 2 of the License, or
  299 + (at your option) any later version.
  300 +
  301 + This program is distributed in the hope that it will be useful,
  302 + but WITHOUT ANY WARRANTY; without even the implied warranty of
  303 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  304 + GNU General Public License for more details.
  305 +
  306 + You should have received a copy of the GNU General Public License along
  307 + with this program; if not, write to the Free Software Foundation, Inc.,
  308 + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  309 +
  310 +Also add information on how to contact you by electronic and paper mail.
  311 +
  312 +If the program is interactive, make it output a short notice like this
  313 +when it starts in an interactive mode:
  314 +
  315 + Gnomovision version 69, Copyright (C) year name of author
  316 + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
  317 + This is free software, and you are welcome to redistribute it
  318 + under certain conditions; type `show c' for details.
  319 +
  320 +The hypothetical commands `show w' and `show c' should show the appropriate
  321 +parts of the General Public License. Of course, the commands you use may
  322 +be called something other than `show w' and `show c'; they could even be
  323 +mouse-clicks or menu items--whatever suits your program.
  324 +
  325 +You should also get your employer (if you work as a programmer) or your
  326 +school, if any, to sign a "copyright disclaimer" for the program, if
  327 +necessary. Here is a sample; alter the names:
  328 +
  329 + Yoyodyne, Inc., hereby disclaims all copyright interest in the program
  330 + `Gnomovision' (which makes passes at compilers) written by James Hacker.
  331 +
  332 + <signature of Ty Coon>, 1 April 1989
  333 + Ty Coon, President of Vice
  334 +
  335 +This General Public License does not permit incorporating your program into
  336 +proprietary programs. If your program is a subroutine library, you may
  337 +consider it more useful to permit linking proprietary applications with the
  338 +library. If this is what you want to do, use the GNU Lesser General
  339 +Public License instead of this License.
97 linux/Makefile
... ... @@ -0,0 +1,97 @@
  1 +.PHONY: userdefault all install clean distclean tar srpm rpm
  2 +
  3 +PACKAGE = iptables-daddr
  4 +VERSION = 0.2.1
  5 +RELEASE = 20110121
  6 +DIST = .el5
  7 +PKGNAME = $(PACKAGE)-$(VERSION)-$(RELEASE)$(DIST)
  8 +MACHINE := $(shell uname -m)
  9 +PWD := $(shell pwd)
  10 +
  11 +RPMBUILD = rpmbuild --define '_topdir $(topdir)'
  12 +SUBDIRS = extensions kmod
  13 +
  14 +define nl
  15 +
  16 +
  17 +endef
  18 +
  19 +ifeq ($(topdir),)
  20 +topdir := $(PWD)/TOPDIR
  21 +endif
  22 +
  23 +ifeq ($(prefix),)
  24 +prefix := $(PWD)/BUILDROOT
  25 +endif
  26 +
  27 +ifneq ($(shell date '+%Y%m%d'),$(RELEASE))
  28 +$(warning WARNING: Today's date does not match the release date!)
  29 +endif
  30 +
  31 +
  32 +include $(addsuffix /Makefile.incl,$(SUBDIRS))
  33 +
  34 +srcfiles += \
  35 + README \
  36 + Makefile \
  37 + iptables-daddr.spec.sed
  38 +
  39 +specfile = $(PACKAGE).spec
  40 +tarprefix = $(PKGNAME)
  41 +tarfiles = $(srcfiles)
  42 +
  43 +tdbuilddirs = $(addprefix $(topdir)/,BUILD RPMS SPECS SRPMS SOURCES)
  44 +tdtarfile = $(topdir)/SOURCES/$(PKGNAME).tar.bz2
  45 +tdspecfile = $(topdir)/SPECS/$(specfile)
  46 +tdrpmfile = $(topdir)/RPMS/$(MACHINE)/$(PKGNAME).$(MACHINE).rpm
  47 +tdsrpmfile = $(topdir)/SRPMS/$(PKGNAME).src.rpm
  48 +
  49 +clean_targets = $(tarprefix)
  50 +distclean_targets = $(clean_targets) $(prefix) $(topdir)
  51 +
  52 +userdefault: srpm rpm
  53 +
  54 +all install clean distclean::
  55 + $(foreach dir,$(SUBDIRS),$(MAKE) -C '$(dir)' prefix='$(prefix)' $@$(nl))
  56 +
  57 +clean distclean::
  58 + $(foreach file,\
  59 + $(filter $(wildcard $($(@)_targets)),$($(@)_targets)),\
  60 + rm -rf -- '$(file)'\
  61 + $(nl)\
  62 + )
  63 +
  64 +
  65 +tar: $(tdtarfile)
  66 +srpm: $(tdsrpmfile)
  67 +rpm: $(tdrpmfile)
  68 +
  69 +$(tdspecfile): $(specfile).sed
  70 + rm -f -- '$@'
  71 + @[ -d '$(@D)' ] || mkdir -p -- '$(@D)'
  72 + sed \
  73 + -e 's/__PACKAGE__/$(PACKAGE)/g' \
  74 + -e 's/__VERSION__/$(VERSION)/g' \
  75 + -e 's/__RELEASE__/$(RELEASE)$(DIST)/g' \
  76 + '$<' > '$@' || rm -f -- '$@'
  77 + chmod -w -- '$@'
  78 +
  79 +$(tdtarfile): $(tarfiles)
  80 + @[ -d '$(@D)' ] || mkdir -p -- '$(@D)'
  81 + @[ -h '$(tarprefix)' ] || ln -s -- . '$(tarprefix)'
  82 + tar -cjhf '$@' --exclude .svn $(addprefix $(tarprefix)/,$^)
  83 + @rm -f '$(tarprefix)'
  84 +
  85 +$(tdrpmfile): $(tdspecfile) $(tdtarfile)
  86 + $(foreach dir,\
  87 + $(filter-out $(wildcard $(tdbuilddirs)),$(tdbuilddirs)),\
  88 + mkdir -p -- '$(dir)'$(nl)\
  89 + )
  90 + $(RPMBUILD) -bb $(tdspecfile)
  91 +
  92 +$(tdsrpmfile): $(tdspecfile) $(tdtarfile)
  93 + $(foreach dir,\
  94 + $(filter-out $(wildcard $(tdbuilddirs)),$(tdbuilddirs)),\
  95 + mkdir -p -- '$(dir)'$(nl)\
  96 + )
  97 + $(RPMBUILD) -bs $(tdspecfile)
8 linux/README
... ... @@ -0,0 +1,8 @@
  1 +This package supplies an Iptables module that allows rewriting of
  2 +the destination IP address.
  3 +
  4 +This version will only build on RHEL5 (and maybe later).
  5 +
  6 +A sample invocation using the DADDR iptables module:
  7 +# ifconfig eth0:1 10.74.92.26 netmask 255.255.255.255
  8 +# iptables -t mangle -A INPUT -m dscp --dscp 1 -j DADDR --set-daddr=10.74.92.26
57 linux/extensions/Makefile
... ... @@ -0,0 +1,57 @@
  1 +.PHONY: all install clean distclean
  2 +
  3 +MACHINE := $(shell uname -m)
  4 +
  5 +define nl
  6 +
  7 +
  8 +endef
  9 +
  10 +CFLAGS = -O2 -g
  11 +
  12 +ifeq ($(MACHINE),x86_64)
  13 +LIBDIR = lib64
  14 +else
  15 +LIBDIR = lib
  16 +endif
  17 +
  18 +ipt_libdir = $(LIBDIR)/iptables
  19 +
  20 +INSTDIR = $(prefix)/$(ipt_libdir)
  21 +
  22 +iptplugin = libipt_DADDR.so
  23 +
  24 +instiptplugin = $(addprefix $(INSTDIR)/,$(iptplugin))
  25 +
  26 +all_targets = $(iptplugin)
  27 +install_targets = $(instiptplugin)
  28 +clean_targets = $(all_targets)
  29 +distclean_targets = $(clean_targets)
  30 +
  31 +all: $(all_targets)
  32 +
  33 +install: $(install_targets)
  34 +
  35 +clean distclean:
  36 + $(foreach file,\
  37 + $(filter $(wildcard $($(@)_targets)),$($(@)_targets)),\
  38 + rm -rf -- '$(file)'\
  39 + $(nl)\
  40 + )
  41 +
  42 +lib%.so: lib%.o
  43 + $(CC) -shared -o $@ $^
  44 +
  45 +# If building in 32-bit mode on a 64-bit kernel, need
  46 +# -DIPT_MIN_ALIGN=8 -DKERNEL_64_USERSPACE_32
  47 +lib%.o: lib%.c %.h
  48 + $(CC) $(CFLAGS) \
  49 + -Wall -Wunused \
  50 + -DIPTABLES_VERSION=\"1.3.5\" \
  51 + -fPIC -c $<
  52 +
  53 +$(instiptplugin): $(iptplugin)
  54 +
  55 +$(prefix)/%:
  56 + @[ -d '$(@D)' ] || mkdir -p -- '$(@D)'
  57 + cp -fp -- '$<' '$@'
6 linux/extensions/Makefile.incl
... ... @@ -0,0 +1,6 @@
  1 +srcfiles += \
  2 + extensions/README \
  3 + extensions/Makefile \
  4 + extensions/Makefile.incl \
  5 + extensions/ipt_DADDR.h \
  6 + extensions/libipt_DADDR.c
2  linux/extensions/README
... ... @@ -0,0 +1,2 @@
  1 +The header files under the "include" directory were copied from the
  2 +source for the "iptables-1.3.5" package.
8 linux/extensions/ipt_DADDR.h
... ... @@ -0,0 +1,8 @@
  1 +#ifndef _IPT_DADDR_H_target
  2 +#define _IPT_DADDR_H_target
  3 +
  4 +struct ipt_daddr_target_info {
  5 + u_int32_t daddr;
  6 +};
  7 +
  8 +#endif /* _IPT_DADDR_H_target */
154 linux/extensions/libipt_DADDR.c
... ... @@ -0,0 +1,154 @@
  1 +/* Shared library add-on to iptables to add DADDR target support. */
  2 +
  3 +/*
  4 + * Copyright (c) 2010 Yahoo! Inc. All rights reserved.
  5 + *
  6 + * This file is free software; you can redistribute it and/or modify it
  7 + * under the terms of the GNU General Public License (GPL), version 2 only.
  8 + * This software s distributed WITHOUT ANY WARRANTY, whether express or
  9 + * implied. See the GNU GPL for more details:
  10 + * (http://www.gnu.org/licenses/gpl.html)
  11 + *
  12 + * Originally written by Quentin Barnes <qbarnes@yahoo-inc.com
  13 + *
  14 + */
  15 +
  16 +
  17 +#include <stdio.h>
  18 +#include <string.h>
  19 +#include <stdlib.h>
  20 +#include <getopt.h>
  21 +#include <limits.h>
  22 +
  23 +#include <sys/types.h>
  24 +#include <sys/socket.h>
  25 +#include <netinet/in.h>
  26 +#include <net/if.h>
  27 +#include <linux/netfilter_ipv4/ip_tables.h>
  28 +
  29 +#include <iptables.h>
  30 +#include "ipt_DADDR.h"
  31 +
  32 +/* Function which prints out usage message. */
  33 +static void
  34 +help(void)
  35 +{
  36 + printf(
  37 + "DADDR target v%s options:\n"
  38 + " --set-daddr <ipaddr>\n"
  39 + " Address to set for destination.\n",
  40 + IPTABLES_VERSION);
  41 +}
  42 +
  43 +static struct option opts[] = {
  44 + { "set-daddr", 1, 0, '1' },
  45 + { 0 }
  46 +};
  47 +
  48 +/* Initialize the target. */
  49 +static void
  50 +init(struct ipt_entry_target *t, unsigned int *nfcache)
  51 +{
  52 +}
  53 +
  54 +static void
  55 +parse_daddr(const char *s, struct ipt_daddr_target_info *info)
  56 +{
  57 + struct in_addr *ip;
  58 +
  59 + /* dotted_to_addr() is not multi-thread safe, but no need to free. */
  60 + ip = dotted_to_addr(s);
  61 + if (!ip)
  62 + exit_error(PARAMETER_PROBLEM, "Bad IP address `%s'\n", s);
  63 +
  64 + info->daddr = ip->s_addr;
  65 +}
  66 +
  67 +/* Function which parses command options; returns true if it
  68 + ate an option */
  69 +static int
  70 +parse(int c, char **argv, int invert, unsigned int *flags,
  71 + const struct ipt_entry *entry,
  72 + struct ipt_entry_target **target)
  73 +{
  74 + struct ipt_daddr_target_info *daddrinfo
  75 + = (struct ipt_daddr_target_info *)(*target)->data;
  76 +
  77 + switch (c) {
  78 + case '1':
  79 + if (*flags)
  80 + exit_error(PARAMETER_PROBLEM,
  81 + "DADDR target: Cant specify --set-daddr twice");
  82 + parse_daddr(optarg, daddrinfo);
  83 + *flags = 1;
  84 + break;
  85 +
  86 + default:
  87 + return 0;
  88 + }
  89 +
  90 + return 1;
  91 +}
  92 +
  93 +static void
  94 +final_check(unsigned int flags)
  95 +{
  96 + if (!flags)
  97 + exit_error(PARAMETER_PROBLEM,
  98 + "DADDR target: Parameter --set-daddr is required");
  99 +}
  100 +
  101 +static void
  102 +print_daddr(u_int32_t daddr)
  103 +{
  104 + int i;
  105 + unsigned char *p = (unsigned char *)&daddr;
  106 +
  107 + for (i = 0 ; i < sizeof(daddr) ; ++i)
  108 + printf("%d%s", p[i], (i<3)?".":"");
  109 +}
  110 +
  111 +/* Prints out the targinfo. */
  112 +static void
  113 +print(const struct ipt_ip *ip,
  114 + const struct ipt_entry_target *target,
  115 + int numeric)
  116 +{
  117 + const struct ipt_daddr_target_info *daddrinfo =
  118 + (const struct ipt_daddr_target_info *)target->data;
  119 + printf("DADDR set ");
  120 + print_daddr(daddrinfo->daddr);
  121 +}
  122 +
  123 +/* Saves the union ipt_targinfo in parsable form to stdout. */
  124 +static void
  125 +save(const struct ipt_ip *ip, const struct ipt_entry_target *target)
  126 +{
  127 + const struct ipt_daddr_target_info *daddrinfo =
  128 + (const struct ipt_daddr_target_info *)target->data;
  129 +
  130 + printf("--set-daddr ");
  131 + print_daddr(daddrinfo->daddr);
  132 +}
  133 +
  134 +static struct iptables_target daddr = {
  135 + .next = NULL,
  136 + .name = "DADDR",
  137 + .version = IPTABLES_VERSION,
  138 + .size = IPT_ALIGN(sizeof(struct ipt_daddr_target_info)),
  139 + .userspacesize = IPT_ALIGN(sizeof(struct ipt_daddr_target_info)),
  140 + .help = &help,
  141 + .init = &init,
  142 + .parse = &parse,
  143 + .final_check = &final_check,
  144 + .print = &print,
  145 + .save = &save,
  146 + .extra_opts = opts
  147 +};
  148 +
  149 +void constructor(void) __attribute__ ((constructor));
  150 +
  151 +void constructor(void)
  152 +{
  153 + register_target(&daddr);
  154 +}
86 linux/iptables-daddr.spec.sed
... ... @@ -0,0 +1,86 @@
  1 +Summary: Iptables destination address rewriting
  2 +Name: __PACKAGE__
  3