Eric Lee / smarc-fsl-linux-kernel

Blame view

net/netfilter/xt_connmark.c 4.36 KB

96e322726 Jan Engelhardt [NETFILTER]: xt_c...	1	/*
b8f00ba27 Jan Engelhardt netfilter: xtable...	2	* xt_connmark - Netfilter module to operate on connection marks
1da177e4c Linus Torvalds Linux-2.6.12-rc2	3	*
96e322726 Jan Engelhardt [NETFILTER]: xt_c...	4 5 6	* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> * by Henrik Nordstrom <hno@marasystems.com> * Copyright © CC Computer Consultants GmbH, 2007 - 2008
408ffaa4a Jan Engelhardt netfilter: update...	7	* Jan Engelhardt <jengelh@medozas.de>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	8 9 10 11 12 13 14 15 16 17 18 19	* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License
e664eabd1 Jeff Kirsher netfilter: Fix FS...	20	* along with this program; if not, see <http://www.gnu.org/licenses/>.
1da177e4c Linus Torvalds Linux-2.6.12-rc2	21 22 23 24	*/ #include <linux/module.h> #include <linux/skbuff.h>
587aa6416 Patrick McHardy [NETFILTER]: Remo...	25	#include <net/netfilter/nf_conntrack.h>
b8f00ba27 Jan Engelhardt netfilter: xtable...	26	#include <net/netfilter/nf_conntrack_ecache.h>
587aa6416 Patrick McHardy [NETFILTER]: Remo...	27 28	#include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_connmark.h>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	29
3a4fa0a25 Robert P. J. Day Fix misspellings ...	30	MODULE_AUTHOR("Henrik Nordstrom <hno@marasystems.com>");
b8f00ba27 Jan Engelhardt netfilter: xtable...	31	MODULE_DESCRIPTION("Xtables: connection mark operations");
1da177e4c Linus Torvalds Linux-2.6.12-rc2	32	MODULE_LICENSE("GPL");
b8f00ba27 Jan Engelhardt netfilter: xtable...	33 34	MODULE_ALIAS("ipt_CONNMARK"); MODULE_ALIAS("ip6t_CONNMARK");
2e4e6a17a Harald Welte [NETFILTER] x_tab...	35	MODULE_ALIAS("ipt_connmark");
73aaf9355 Jan Engelhardt [NETFILTER]: x_ta...	36	MODULE_ALIAS("ip6t_connmark");
1da177e4c Linus Torvalds Linux-2.6.12-rc2	37
b8f00ba27 Jan Engelhardt netfilter: xtable...	38	static unsigned int
4b560b447 Jan Engelhardt netfilter: xtable...	39	connmark_tg(struct sk_buff skb, const struct xt_action_param par)
b8f00ba27 Jan Engelhardt netfilter: xtable...	40 41 42 43 44 45 46	{ const struct xt_connmark_tginfo1 info = par->targinfo; enum ip_conntrack_info ctinfo; struct nf_conn ct; u_int32_t newmark; ct = nf_ct_get(skb, &ctinfo);
ab8bc7ed8 Florian Westphal netfilter: remove...	47	if (ct == NULL)
b8f00ba27 Jan Engelhardt netfilter: xtable...	48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74	return XT_CONTINUE; switch (info->mode) { case XT_CONNMARK_SET: newmark = (ct->mark & ~info->ctmask) ^ info->ctmark; if (ct->mark != newmark) { ct->mark = newmark; nf_conntrack_event_cache(IPCT_MARK, ct); } break; case XT_CONNMARK_SAVE: newmark = (ct->mark & ~info->ctmask) ^ (skb->mark & info->nfmask); if (ct->mark != newmark) { ct->mark = newmark; nf_conntrack_event_cache(IPCT_MARK, ct); } break; case XT_CONNMARK_RESTORE: newmark = (skb->mark & ~info->nfmask) ^ (ct->mark & info->ctmask); skb->mark = newmark; break; } return XT_CONTINUE; }
135367b8f Jan Engelhardt netfilter: xtable...	75	static int connmark_tg_check(const struct xt_tgchk_param *par)
b8f00ba27 Jan Engelhardt netfilter: xtable...	76	{
4a5a5c73b Jan Engelhardt netfilter: xtable...	77	int ret;
ecb2421b5 Florian Westphal netfilter: add an...	78	ret = nf_ct_netns_get(par->net, par->family);
f95c74e33 Jan Engelhardt netfilter: xtable...	79	if (ret < 0)
8bee4bad0 Jan Engelhardt netfilter: xt ext...	80 81 82	pr_info("cannot load conntrack support for proto=%u ", par->family);
f95c74e33 Jan Engelhardt netfilter: xtable...	83	return ret;
b8f00ba27 Jan Engelhardt netfilter: xtable...	84 85 86 87	} static void connmark_tg_destroy(const struct xt_tgdtor_param *par) {
ecb2421b5 Florian Westphal netfilter: add an...	88	nf_ct_netns_put(par->net, par->family);
b8f00ba27 Jan Engelhardt netfilter: xtable...	89	}
1d93a9cba Jan Engelhardt [NETFILTER]: x_ta...	90	static bool
62fc80510 Jan Engelhardt netfilter: xtable...	91	connmark_mt(const struct sk_buff skb, struct xt_action_param par)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	92	{
f7108a20d Jan Engelhardt netfilter: xtable...	93	const struct xt_connmark_mtinfo1 *info = par->matchinfo;
96e322726 Jan Engelhardt [NETFILTER]: xt_c...	94 95 96 97	enum ip_conntrack_info ctinfo; const struct nf_conn *ct; ct = nf_ct_get(skb, &ctinfo);
ab8bc7ed8 Florian Westphal netfilter: remove...	98	if (ct == NULL)
96e322726 Jan Engelhardt [NETFILTER]: xt_c...	99 100 101 102	return false; return ((ct->mark & info->mask) == info->mark) ^ info->invert; }
b0f38452f Jan Engelhardt netfilter: xtable...	103	static int connmark_mt_check(const struct xt_mtchk_param *par)
96e322726 Jan Engelhardt [NETFILTER]: xt_c...	104	{
4a5a5c73b Jan Engelhardt netfilter: xtable...	105	int ret;
ecb2421b5 Florian Westphal netfilter: add an...	106	ret = nf_ct_netns_get(par->net, par->family);
f95c74e33 Jan Engelhardt netfilter: xtable...	107	if (ret < 0)
8bee4bad0 Jan Engelhardt netfilter: xt ext...	108 109 110	pr_info("cannot load conntrack support for proto=%u ", par->family);
f95c74e33 Jan Engelhardt netfilter: xtable...	111	return ret;
96e322726 Jan Engelhardt [NETFILTER]: xt_c...	112	}
6be3d8598 Jan Engelhardt netfilter: xtable...	113	static void connmark_mt_destroy(const struct xt_mtdtor_param *par)
b9f78f9fc Pablo Neira Ayuso [NETFILTER]: nf_c...	114	{
ecb2421b5 Florian Westphal netfilter: add an...	115	nf_ct_netns_put(par->net, par->family);
b9f78f9fc Pablo Neira Ayuso [NETFILTER]: nf_c...	116	}
b8f00ba27 Jan Engelhardt netfilter: xtable...	117 118 119 120 121 122 123 124 125 126	static struct xt_target connmark_tg_reg __read_mostly = { .name = "CONNMARK", .revision = 1, .family = NFPROTO_UNSPEC, .checkentry = connmark_tg_check, .target = connmark_tg, .targetsize = sizeof(struct xt_connmark_tginfo1), .destroy = connmark_tg_destroy, .me = THIS_MODULE, };
84899a2b9 Jan Engelhardt netfilter: xtable...	127 128 129 130 131 132 133 134 135	static struct xt_match connmark_mt_reg __read_mostly = { .name = "connmark", .revision = 1, .family = NFPROTO_UNSPEC, .checkentry = connmark_mt_check, .match = connmark_mt, .matchsize = sizeof(struct xt_connmark_mtinfo1), .destroy = connmark_mt_destroy, .me = THIS_MODULE,
1da177e4c Linus Torvalds Linux-2.6.12-rc2	136	};
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	137	static int __init connmark_mt_init(void)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	138	{
b8f00ba27 Jan Engelhardt netfilter: xtable...	139 140 141 142 143 144 145 146 147 148 149	int ret; ret = xt_register_target(&connmark_tg_reg); if (ret < 0) return ret; ret = xt_register_match(&connmark_mt_reg); if (ret < 0) { xt_unregister_target(&connmark_tg_reg); return ret; } return 0;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	150	}
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	151	static void __exit connmark_mt_exit(void)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	152	{
84899a2b9 Jan Engelhardt netfilter: xtable...	153	xt_unregister_match(&connmark_mt_reg);
b8f00ba27 Jan Engelhardt netfilter: xtable...	154	xt_unregister_target(&connmark_tg_reg);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	155	}
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	156 157	module_init(connmark_mt_init); module_exit(connmark_mt_exit);