Eric Lee / smarc-ti-linux-kernel | Embedian Git Server

Blame view

net/netfilter/xt_connmark.c 4.36 KB

96e322726 Jan Engelhardt [NETFILTER]: xt_c...	1	/*
b8f00ba27 Jan Engelhardt netfilter: xtable...	2	* xt_connmark - Netfilter module to operate on connection marks
1da177e4c Linus Torvalds Linux-2.6.12-rc2	3	*
96e322726 Jan Engelhardt [NETFILTER]: xt_c...	4 5 6	* Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com> * by Henrik Nordstrom <hno@marasystems.com> * Copyright © CC Computer Consultants GmbH, 2007 - 2008
408ffaa4a Jan Engelhardt netfilter: update...	7	* Jan Engelhardt <jengelh@medozas.de>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	8 9 10 11 12 13 14 15 16 17 18 19	* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License
e664eabd1 Jeff Kirsher netfilter: Fix FS...	20	* along with this program; if not, see <http://www.gnu.org/licenses/>.
1da177e4c Linus Torvalds Linux-2.6.12-rc2	21 22 23 24	*/ #include <linux/module.h> #include <linux/skbuff.h>
587aa6416 Patrick McHardy [NETFILTER]: Remo...	25	#include <net/netfilter/nf_conntrack.h>
b8f00ba27 Jan Engelhardt netfilter: xtable...	26	#include <net/netfilter/nf_conntrack_ecache.h>
587aa6416 Patrick McHardy [NETFILTER]: Remo...	27 28	#include <linux/netfilter/x_tables.h> #include <linux/netfilter/xt_connmark.h>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	29
3a4fa0a25 Robert P. J. Day Fix misspellings ...	30	MODULE_AUTHOR("Henrik Nordstrom <hno@marasystems.com>");
b8f00ba27 Jan Engelhardt netfilter: xtable...	31	MODULE_DESCRIPTION("Xtables: connection mark operations");
1da177e4c Linus Torvalds Linux-2.6.12-rc2	32	MODULE_LICENSE("GPL");
b8f00ba27 Jan Engelhardt netfilter: xtable...	33 34	MODULE_ALIAS("ipt_CONNMARK"); MODULE_ALIAS("ip6t_CONNMARK");
2e4e6a17a Harald Welte [NETFILTER] x_tab...	35	MODULE_ALIAS("ipt_connmark");
73aaf9355 Jan Engelhardt [NETFILTER]: x_ta...	36	MODULE_ALIAS("ip6t_connmark");
1da177e4c Linus Torvalds Linux-2.6.12-rc2	37
b8f00ba27 Jan Engelhardt netfilter: xtable...	38	static unsigned int
4b560b447 Jan Engelhardt netfilter: xtable...	39	connmark_tg(struct sk_buff skb, const struct xt_action_param par)
b8f00ba27 Jan Engelhardt netfilter: xtable...	40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74	{ const struct xt_connmark_tginfo1 info = par->targinfo; enum ip_conntrack_info ctinfo; struct nf_conn ct; u_int32_t newmark; ct = nf_ct_get(skb, &ctinfo); if (ct == NULL) return XT_CONTINUE; switch (info->mode) { case XT_CONNMARK_SET: newmark = (ct->mark & ~info->ctmask) ^ info->ctmark; if (ct->mark != newmark) { ct->mark = newmark; nf_conntrack_event_cache(IPCT_MARK, ct); } break; case XT_CONNMARK_SAVE: newmark = (ct->mark & ~info->ctmask) ^ (skb->mark & info->nfmask); if (ct->mark != newmark) { ct->mark = newmark; nf_conntrack_event_cache(IPCT_MARK, ct); } break; case XT_CONNMARK_RESTORE: newmark = (skb->mark & ~info->nfmask) ^ (ct->mark & info->ctmask); skb->mark = newmark; break; } return XT_CONTINUE; }
135367b8f Jan Engelhardt netfilter: xtable...	75	static int connmark_tg_check(const struct xt_tgchk_param *par)
b8f00ba27 Jan Engelhardt netfilter: xtable...	76	{
4a5a5c73b Jan Engelhardt netfilter: xtable...	77 78 79	int ret; ret = nf_ct_l3proto_try_module_get(par->family);
f95c74e33 Jan Engelhardt netfilter: xtable...	80	if (ret < 0)
8bee4bad0 Jan Engelhardt netfilter: xt ext...	81 82 83	pr_info("cannot load conntrack support for proto=%u ", par->family);
f95c74e33 Jan Engelhardt netfilter: xtable...	84	return ret;
b8f00ba27 Jan Engelhardt netfilter: xtable...	85 86 87 88 89 90	} static void connmark_tg_destroy(const struct xt_tgdtor_param *par) { nf_ct_l3proto_module_put(par->family); }
1d93a9cba Jan Engelhardt [NETFILTER]: x_ta...	91	static bool
62fc80510 Jan Engelhardt netfilter: xtable...	92	connmark_mt(const struct sk_buff skb, struct xt_action_param par)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	93	{
f7108a20d Jan Engelhardt netfilter: xtable...	94	const struct xt_connmark_mtinfo1 *info = par->matchinfo;
96e322726 Jan Engelhardt [NETFILTER]: xt_c...	95 96 97 98 99 100 101 102 103	enum ip_conntrack_info ctinfo; const struct nf_conn *ct; ct = nf_ct_get(skb, &ctinfo); if (ct == NULL) return false; return ((ct->mark & info->mask) == info->mark) ^ info->invert; }
b0f38452f Jan Engelhardt netfilter: xtable...	104	static int connmark_mt_check(const struct xt_mtchk_param *par)
96e322726 Jan Engelhardt [NETFILTER]: xt_c...	105	{
4a5a5c73b Jan Engelhardt netfilter: xtable...	106 107 108	int ret; ret = nf_ct_l3proto_try_module_get(par->family);
f95c74e33 Jan Engelhardt netfilter: xtable...	109	if (ret < 0)
8bee4bad0 Jan Engelhardt netfilter: xt ext...	110 111 112	pr_info("cannot load conntrack support for proto=%u ", par->family);
f95c74e33 Jan Engelhardt netfilter: xtable...	113	return ret;
96e322726 Jan Engelhardt [NETFILTER]: xt_c...	114	}
6be3d8598 Jan Engelhardt netfilter: xtable...	115	static void connmark_mt_destroy(const struct xt_mtdtor_param *par)
b9f78f9fc Pablo Neira Ayuso [NETFILTER]: nf_c...	116	{
92f3b2b1b Jan Engelhardt netfilter: xtable...	117	nf_ct_l3proto_module_put(par->family);
b9f78f9fc Pablo Neira Ayuso [NETFILTER]: nf_c...	118	}
b8f00ba27 Jan Engelhardt netfilter: xtable...	119 120 121 122 123 124 125 126 127 128	static struct xt_target connmark_tg_reg __read_mostly = { .name = "CONNMARK", .revision = 1, .family = NFPROTO_UNSPEC, .checkentry = connmark_tg_check, .target = connmark_tg, .targetsize = sizeof(struct xt_connmark_tginfo1), .destroy = connmark_tg_destroy, .me = THIS_MODULE, };
84899a2b9 Jan Engelhardt netfilter: xtable...	129 130 131 132 133 134 135 136 137	static struct xt_match connmark_mt_reg __read_mostly = { .name = "connmark", .revision = 1, .family = NFPROTO_UNSPEC, .checkentry = connmark_mt_check, .match = connmark_mt, .matchsize = sizeof(struct xt_connmark_mtinfo1), .destroy = connmark_mt_destroy, .me = THIS_MODULE,
1da177e4c Linus Torvalds Linux-2.6.12-rc2	138	};
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	139	static int __init connmark_mt_init(void)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	140	{
b8f00ba27 Jan Engelhardt netfilter: xtable...	141 142 143 144 145 146 147 148 149 150 151	int ret; ret = xt_register_target(&connmark_tg_reg); if (ret < 0) return ret; ret = xt_register_match(&connmark_mt_reg); if (ret < 0) { xt_unregister_target(&connmark_tg_reg); return ret; } return 0;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	152	}
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	153	static void __exit connmark_mt_exit(void)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	154	{
84899a2b9 Jan Engelhardt netfilter: xtable...	155	xt_unregister_match(&connmark_mt_reg);
b8f00ba27 Jan Engelhardt netfilter: xtable...	156	xt_unregister_target(&connmark_tg_reg);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	157	}
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	158 159	module_init(connmark_mt_init); module_exit(connmark_mt_exit);