1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
diff -Naupr iptables-1.6.0_orig/extensions/libxt_IMQ.c iptables-1.6.0/extensions/libxt_IMQ.c
--- iptables-1.6.0_orig/extensions/libxt_IMQ.c 1970-01-01 07:00:00.000000000 +0700
+++ iptables-1.6.0/extensions/libxt_IMQ.c 2016-05-17 22:16:54.609657870 +0600
@@ -0,0 +1,105 @@
+/* Shared library add-on to iptables to add IMQ target support. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <getopt.h>
+
+#include <xtables.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter/xt_IMQ.h>
+
+/* Function which prints out usage message. */
+static void IMQ_help(void)
+{
+ printf(
+"IMQ target options:\n"
+" --todev <N> enqueue to imq<N>, defaults to 0\n");
+
+}
+
+static struct option IMQ_opts[] = {
+ { "todev", 1, 0, '1' },
+ { 0 }
+};
+
+/* Initialize the target. */
+static void IMQ_init(struct xt_entry_target *t)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)t->data;
+
+ mr->todev = 0;
+}
+
+/* Function which parses command options; returns true if it
+ ate an option */
+static int IMQ_parse(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry, struct xt_entry_target **target)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)(*target)->data;
+
+ switch(c) {
+ case '1':
+/* if (xtables_check_inverse(optarg, &invert, NULL, 0, argv))
+ xtables_error(PARAMETER_PROBLEM,
+ "Unexpected `!' after --todev");
+*/
+ mr->todev=atoi(optarg);
+ break;
+
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+/* Prints out the targinfo. */
+static void IMQ_print(const void *ip,
+ const struct xt_entry_target *target,
+ int numeric)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
+
+ printf("IMQ: todev %u ", mr->todev);
+}
+
+/* Saves the union ipt_targinfo in parsable form to stdout. */
+static void IMQ_save(const void *ip, const struct xt_entry_target *target)
+{
+ struct xt_imq_info *mr = (struct xt_imq_info*)target->data;
+
+ printf(" --todev %u", mr->todev);
+}
+
+static struct xtables_target imq_target = {
+ .name = "IMQ",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV4,
+ .size = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .help = IMQ_help,
+ .init = IMQ_init,
+ .parse = IMQ_parse,
+ .print = IMQ_print,
+ .save = IMQ_save,
+ .extra_opts = IMQ_opts,
+};
+
+static struct xtables_target imq_target6 = {
+ .name = "IMQ",
+ .version = XTABLES_VERSION,
+ .family = NFPROTO_IPV6,
+ .size = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .userspacesize = XT_ALIGN(sizeof(struct xt_imq_info)),
+ .help = IMQ_help,
+ .init = IMQ_init,
+ .parse = IMQ_parse,
+ .print = IMQ_print,
+ .save = IMQ_save,
+ .extra_opts = IMQ_opts,
+};
+
+// void __attribute((constructor)) nf_ext_init(void){
+void _init(void){
+ xtables_register_target(&imq_target);
+ xtables_register_target(&imq_target6);
+}
diff -Naupr iptables-1.6.0_orig/extensions/libxt_IMQ.man iptables-1.6.0/extensions/libxt_IMQ.man
--- iptables-1.6.0_orig/extensions/libxt_IMQ.man 1970-01-01 07:00:00.000000000 +0700
+++ iptables-1.6.0/extensions/libxt_IMQ.man 2016-05-17 22:16:54.609657870 +0600
@@ -0,0 +1,15 @@
+This target is used to redirect the traffic to the IMQ driver and you can apply
+QoS rules like HTB or CBQ.
+For example you can select only traffic comming from a specific interface or
+is going out on a specific interface.
+Also it permits to capture the traffic BEFORE NAT in the case of outgoing traffic
+or AFTER NAT in the case of incomming traffic.
+.TP
+\fB\-\-to\-dev\fP \fIvalue\fP
+Set the IMQ interface where to send this traffic
+.TP
+Example:
+.TP
+Redirect incomming traffic from interface eth0 to imq0 and outgoing traffic to imq1:
+iptables \-t mangle \-A FORWARD \-i eth0 \-j IMQ \-\-to\-dev 0
+iptables \-t mangle \-A FORWARD \-o eth0 \-j IMQ \-\-to\-dev 1
diff -Naupr iptables-1.6.0_orig/include/linux/netfilter/xt_IMQ.h iptables-1.6.0/include/linux/netfilter/xt_IMQ.h
--- iptables-1.6.0_orig/include/linux/netfilter/xt_IMQ.h 1970-01-01 07:00:00.000000000 +0700
+++ iptables-1.6.0/include/linux/netfilter/xt_IMQ.h 2016-05-17 22:16:54.609657870 +0600
@@ -0,0 +1,9 @@
+#ifndef _XT_IMQ_H
+#define _XT_IMQ_H
+
+struct xt_imq_info {
+ unsigned int todev; /* target imq device */
+};
+
+#endif /* _XT_IMQ_H */
+
|
