1d2912cb1SThomas Gleixner // SPDX-License-Identifier: GPL-2.0-only 2cc4723caSPatrick McHardy /* 3cc4723caSPatrick McHardy * Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net> 4cc4723caSPatrick McHardy * Copyright (c) 2013 Eric Leblond <eric@regit.org> 5cc4723caSPatrick McHardy * 6cc4723caSPatrick McHardy * Development of this code funded by Astaro AG (http://www.astaro.com/) 7cc4723caSPatrick McHardy */ 8cc4723caSPatrick McHardy 9cc4723caSPatrick McHardy #include <linux/kernel.h> 10cc4723caSPatrick McHardy #include <linux/init.h> 11cc4723caSPatrick McHardy #include <linux/module.h> 12cc4723caSPatrick McHardy #include <linux/netlink.h> 13cc4723caSPatrick McHardy #include <linux/netfilter.h> 14cc4723caSPatrick McHardy #include <linux/netfilter/nf_tables.h> 15cc4723caSPatrick McHardy #include <net/netfilter/nf_tables.h> 16cc4723caSPatrick McHardy #include <net/netfilter/ipv4/nf_reject.h> 17cc4723caSPatrick McHardy #include <net/netfilter/nft_reject.h> 18cc4723caSPatrick McHardy 1956768644SFlorian Westphal static void nft_reject_ipv4_eval(const struct nft_expr *expr, 20a55e22e9SPatrick McHardy struct nft_regs *regs, 21cc4723caSPatrick McHardy const struct nft_pktinfo *pkt) 22cc4723caSPatrick McHardy { 23cc4723caSPatrick McHardy struct nft_reject *priv = nft_expr_priv(expr); 24cc4723caSPatrick McHardy 25cc4723caSPatrick McHardy switch (priv->type) { 26cc4723caSPatrick McHardy case NFT_REJECT_ICMP_UNREACH: 270e5a1c7eSPablo Neira Ayuso nf_send_unreach(pkt->skb, priv->icmp_code, nft_hook(pkt)); 28cc4723caSPatrick McHardy break; 29cc4723caSPatrick McHardy case NFT_REJECT_TCP_RST: 300e5a1c7eSPablo Neira Ayuso nf_send_reset(nft_net(pkt), pkt->skb, nft_hook(pkt)); 31cc4723caSPatrick McHardy break; 32c1f86676SDavid Miller default: 33c1f86676SDavid Miller break; 34cc4723caSPatrick McHardy } 35cc4723caSPatrick McHardy 36a55e22e9SPatrick McHardy regs->verdict.code = NF_DROP; 37cc4723caSPatrick McHardy } 38cc4723caSPatrick McHardy 39cc4723caSPatrick McHardy static struct nft_expr_type nft_reject_ipv4_type; 40cc4723caSPatrick McHardy static const struct nft_expr_ops nft_reject_ipv4_ops = { 41cc4723caSPatrick McHardy .type = &nft_reject_ipv4_type, 42cc4723caSPatrick McHardy .size = NFT_EXPR_SIZE(sizeof(struct nft_reject)), 43cc4723caSPatrick McHardy .eval = nft_reject_ipv4_eval, 44cc4723caSPatrick McHardy .init = nft_reject_init, 45cc4723caSPatrick McHardy .dump = nft_reject_dump, 4689e1f6d2SLiping Zhang .validate = nft_reject_validate, 47cc4723caSPatrick McHardy }; 48cc4723caSPatrick McHardy 49cc4723caSPatrick McHardy static struct nft_expr_type nft_reject_ipv4_type __read_mostly = { 50cc4723caSPatrick McHardy .family = NFPROTO_IPV4, 51cc4723caSPatrick McHardy .name = "reject", 52cc4723caSPatrick McHardy .ops = &nft_reject_ipv4_ops, 53cc4723caSPatrick McHardy .policy = nft_reject_policy, 54cc4723caSPatrick McHardy .maxattr = NFTA_REJECT_MAX, 55cc4723caSPatrick McHardy .owner = THIS_MODULE, 56cc4723caSPatrick McHardy }; 57cc4723caSPatrick McHardy 58cc4723caSPatrick McHardy static int __init nft_reject_ipv4_module_init(void) 59cc4723caSPatrick McHardy { 60cc4723caSPatrick McHardy return nft_register_expr(&nft_reject_ipv4_type); 61cc4723caSPatrick McHardy } 62cc4723caSPatrick McHardy 63cc4723caSPatrick McHardy static void __exit nft_reject_ipv4_module_exit(void) 64cc4723caSPatrick McHardy { 65cc4723caSPatrick McHardy nft_unregister_expr(&nft_reject_ipv4_type); 66cc4723caSPatrick McHardy } 67cc4723caSPatrick McHardy 68cc4723caSPatrick McHardy module_init(nft_reject_ipv4_module_init); 69cc4723caSPatrick McHardy module_exit(nft_reject_ipv4_module_exit); 70cc4723caSPatrick McHardy 71cc4723caSPatrick McHardy MODULE_LICENSE("GPL"); 72cc4723caSPatrick McHardy MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); 73cc4723caSPatrick McHardy MODULE_ALIAS_NFT_AF_EXPR(AF_INET, "reject"); 74