1d9e78914SFlorian Westphal // SPDX-License-Identifier: GPL-2.0-only 2d9e78914SFlorian Westphal #if IS_ENABLED(CONFIG_NFT_CT) 3d9e78914SFlorian Westphal #include <linux/netfilter/nf_tables.h> 4d9e78914SFlorian Westphal #include <net/netfilter/nf_tables_core.h> 5d9e78914SFlorian Westphal #include <net/netfilter/nf_conntrack.h> 6d9e78914SFlorian Westphal nft_ct_get_fast_eval(const struct nft_expr * expr,struct nft_regs * regs,const struct nft_pktinfo * pkt)7d9e78914SFlorian Westphalvoid nft_ct_get_fast_eval(const struct nft_expr *expr, 8d9e78914SFlorian Westphal struct nft_regs *regs, 9d9e78914SFlorian Westphal const struct nft_pktinfo *pkt) 10d9e78914SFlorian Westphal { 11d9e78914SFlorian Westphal const struct nft_ct *priv = nft_expr_priv(expr); 12d9e78914SFlorian Westphal u32 *dest = ®s->data[priv->dreg]; 13d9e78914SFlorian Westphal enum ip_conntrack_info ctinfo; 14d9e78914SFlorian Westphal const struct nf_conn *ct; 15d9e78914SFlorian Westphal unsigned int state; 16d9e78914SFlorian Westphal 17d9e78914SFlorian Westphal ct = nf_ct_get(pkt->skb, &ctinfo); 18d9e78914SFlorian Westphal 19d9e78914SFlorian Westphal switch (priv->key) { 20d9e78914SFlorian Westphal case NFT_CT_STATE: 21d9e78914SFlorian Westphal if (ct) 22d9e78914SFlorian Westphal state = NF_CT_STATE_BIT(ctinfo); 23d9e78914SFlorian Westphal else if (ctinfo == IP_CT_UNTRACKED) 24d9e78914SFlorian Westphal state = NF_CT_STATE_UNTRACKED_BIT; 25d9e78914SFlorian Westphal else 26d9e78914SFlorian Westphal state = NF_CT_STATE_INVALID_BIT; 27d9e78914SFlorian Westphal *dest = state; 28d9e78914SFlorian Westphal return; 29*f057b63bSFlorian Westphal default: 30*f057b63bSFlorian Westphal break; 31*f057b63bSFlorian Westphal } 32*f057b63bSFlorian Westphal 33*f057b63bSFlorian Westphal if (!ct) { 34*f057b63bSFlorian Westphal regs->verdict.code = NFT_BREAK; 35*f057b63bSFlorian Westphal return; 36*f057b63bSFlorian Westphal } 37*f057b63bSFlorian Westphal 38*f057b63bSFlorian Westphal switch (priv->key) { 39d9e78914SFlorian Westphal case NFT_CT_DIRECTION: 40d9e78914SFlorian Westphal nft_reg_store8(dest, CTINFO2DIR(ctinfo)); 41d9e78914SFlorian Westphal return; 42d9e78914SFlorian Westphal case NFT_CT_STATUS: 43d9e78914SFlorian Westphal *dest = ct->status; 44d9e78914SFlorian Westphal return; 45d9e78914SFlorian Westphal #ifdef CONFIG_NF_CONNTRACK_MARK 46d9e78914SFlorian Westphal case NFT_CT_MARK: 47d9e78914SFlorian Westphal *dest = ct->mark; 48d9e78914SFlorian Westphal return; 49d9e78914SFlorian Westphal #endif 50d9e78914SFlorian Westphal #ifdef CONFIG_NF_CONNTRACK_SECMARK 51d9e78914SFlorian Westphal case NFT_CT_SECMARK: 52d9e78914SFlorian Westphal *dest = ct->secmark; 53d9e78914SFlorian Westphal return; 54d9e78914SFlorian Westphal #endif 55d9e78914SFlorian Westphal default: 56d9e78914SFlorian Westphal WARN_ON_ONCE(1); 57d9e78914SFlorian Westphal regs->verdict.code = NFT_BREAK; 58d9e78914SFlorian Westphal break; 59d9e78914SFlorian Westphal } 60d9e78914SFlorian Westphal } 61d9e78914SFlorian Westphal EXPORT_SYMBOL_GPL(nft_ct_get_fast_eval); 62d9e78914SFlorian Westphal #endif 63