Blame view
net/sched/em_ipset.c
2.95 KB
d2912cb15 treewide: Replace... |
1 |
// SPDX-License-Identifier: GPL-2.0-only |
6d4fa852a net: sched: add i... |
2 3 4 5 |
/* * net/sched/em_ipset.c ipset ematch * * Copyright (c) 2012 Florian Westphal <fw@strlen.de> |
6d4fa852a net: sched: add i... |
6 7 8 9 10 11 12 13 14 15 16 17 |
*/ #include <linux/gfp.h> #include <linux/module.h> #include <linux/types.h> #include <linux/kernel.h> #include <linux/string.h> #include <linux/skbuff.h> #include <linux/netfilter/xt_set.h> #include <linux/ipv6.h> #include <net/ip.h> #include <net/pkt_cls.h> |
82a470f11 net: sched: remov... |
18 |
static int em_ipset_change(struct net *net, void *data, int data_len, |
6d4fa852a net: sched: add i... |
19 20 21 22 23 24 25 |
struct tcf_ematch *em) { struct xt_set_info *set = data; ip_set_id_t index; if (data_len != sizeof(*set)) return -EINVAL; |
1785e8f47 netfiler: ipset: ... |
26 |
index = ip_set_nfnl_get_byindex(net, set->index); |
6d4fa852a net: sched: add i... |
27 28 29 30 31 32 33 |
if (index == IPSET_INVALID_ID) return -ENOENT; em->datalen = sizeof(*set); em->data = (unsigned long)kmemdup(data, em->datalen, GFP_KERNEL); if (em->data) return 0; |
1785e8f47 netfiler: ipset: ... |
34 |
ip_set_nfnl_put(net, index); |
6d4fa852a net: sched: add i... |
35 36 |
return -ENOMEM; } |
82a470f11 net: sched: remov... |
37 |
static void em_ipset_destroy(struct tcf_ematch *em) |
6d4fa852a net: sched: add i... |
38 39 40 |
{ const struct xt_set_info *set = (const void *) em->data; if (set) { |
82a470f11 net: sched: remov... |
41 |
ip_set_nfnl_put(em->net, set->index); |
6d4fa852a net: sched: add i... |
42 43 44 45 46 47 48 49 50 51 52 |
kfree((void *) em->data); } } static int em_ipset_match(struct sk_buff *skb, struct tcf_ematch *em, struct tcf_pkt_info *info) { struct ip_set_adt_opt opt; struct xt_action_param acpar; const struct xt_set_info *set = (const void *) em->data; struct net_device *dev, *indev = NULL; |
613dbd957 netfilter: x_tabl... |
53 54 55 |
struct nf_hook_state state = { .net = em->net, }; |
6d4fa852a net: sched: add i... |
56 |
int ret, network_offset; |
d7bf2ebeb sched: consistent... |
57 |
switch (skb_protocol(skb, true)) { |
6d4fa852a net: sched: add i... |
58 |
case htons(ETH_P_IP): |
613dbd957 netfilter: x_tabl... |
59 |
state.pf = NFPROTO_IPV4; |
6d4fa852a net: sched: add i... |
60 61 62 63 64 |
if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) return 0; acpar.thoff = ip_hdrlen(skb); break; case htons(ETH_P_IPV6): |
613dbd957 netfilter: x_tabl... |
65 |
state.pf = NFPROTO_IPV6; |
6d4fa852a net: sched: add i... |
66 67 68 69 70 71 72 73 |
if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) return 0; /* doesn't call ipv6_find_hdr() because ipset doesn't use thoff, yet */ acpar.thoff = sizeof(struct ipv6hdr); break; default: return 0; } |
613dbd957 netfilter: x_tabl... |
74 |
opt.family = state.pf; |
6d4fa852a net: sched: add i... |
75 76 77 |
opt.dim = set->dim; opt.flags = set->flags; opt.cmdflags = 0; |
075e64c04 netfilter: ipset:... |
78 |
opt.ext.timeout = ~0u; |
6d4fa852a net: sched: add i... |
79 80 81 82 83 84 85 |
network_offset = skb_network_offset(skb); skb_pull(skb, network_offset); dev = skb->dev; rcu_read_lock(); |
17cebfd09 net: sched: Simpl... |
86 87 |
if (skb->skb_iif) indev = dev_get_by_index_rcu(em->net, skb->skb_iif); |
6d4fa852a net: sched: add i... |
88 |
|
613dbd957 netfilter: x_tabl... |
89 90 91 |
state.in = indev ? indev : dev; state.out = dev; acpar.state = &state; |
6d4fa852a net: sched: add i... |
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 |
ret = ip_set_test(set->index, skb, &acpar, &opt); rcu_read_unlock(); skb_push(skb, network_offset); return ret; } static struct tcf_ematch_ops em_ipset_ops = { .kind = TCF_EM_IPSET, .change = em_ipset_change, .destroy = em_ipset_destroy, .match = em_ipset_match, .owner = THIS_MODULE, .link = LIST_HEAD_INIT(em_ipset_ops.link) }; static int __init init_em_ipset(void) { return tcf_em_register(&em_ipset_ops); } static void __exit exit_em_ipset(void) { tcf_em_unregister(&em_ipset_ops); } MODULE_LICENSE("GPL"); MODULE_AUTHOR("Florian Westphal <fw@strlen.de>"); MODULE_DESCRIPTION("TC extended match for IP sets"); module_init(init_em_ipset); module_exit(exit_em_ipset); MODULE_ALIAS_TCF_EMATCH(TCF_EM_IPSET); |