xref: /openbmc/linux/net/netfilter/xt_connmark.c (revision 84899a2b) 
1 /*
2  *	xt_connmark - Netfilter module to match connection mark values
3  *
4  *	Copyright (C) 2002,2004 MARA Systems AB <http://www.marasystems.com>
5  *	by Henrik Nordstrom <hno@marasystems.com>
6  *	Copyright © CC Computer Consultants GmbH, 2007 - 2008
7  *	Jan Engelhardt <jengelh@computergmbh.de>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program; if not, write to the Free Software
21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  */
23 
24 #include <linux/module.h>
25 #include <linux/skbuff.h>
26 #include <net/netfilter/nf_conntrack.h>
27 #include <linux/netfilter/x_tables.h>
28 #include <linux/netfilter/xt_connmark.h>
29 
30 MODULE_AUTHOR("Henrik Nordstrom <hno@marasystems.com>");
31 MODULE_DESCRIPTION("Xtables: connection mark match");
32 MODULE_LICENSE("GPL");
33 MODULE_ALIAS("ipt_connmark");
34 MODULE_ALIAS("ip6t_connmark");
35 
36 static bool
37 connmark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
38 {
39 	const struct xt_connmark_mtinfo1 *info = par->matchinfo;
40 	enum ip_conntrack_info ctinfo;
41 	const struct nf_conn *ct;
42 
43 	ct = nf_ct_get(skb, &ctinfo);
44 	if (ct == NULL)
45 		return false;
46 
47 	return ((ct->mark & info->mask) == info->mark) ^ info->invert;
48 }
49 
50 static bool connmark_mt_check(const struct xt_mtchk_param *par)
51 {
52 	if (nf_ct_l3proto_try_module_get(par->family) < 0) {
53 		printk(KERN_WARNING "cannot load conntrack support for "
54 		       "proto=%u\n", par->family);
55 		return false;
56 	}
57 	return true;
58 }
59 
60 static void connmark_mt_destroy(const struct xt_mtdtor_param *par)
61 {
62 	nf_ct_l3proto_module_put(par->family);
63 }
64 
65 static struct xt_match connmark_mt_reg __read_mostly = {
66 	.name           = "connmark",
67 	.revision       = 1,
68 	.family         = NFPROTO_UNSPEC,
69 	.checkentry     = connmark_mt_check,
70 	.match          = connmark_mt,
71 	.matchsize      = sizeof(struct xt_connmark_mtinfo1),
72 	.destroy        = connmark_mt_destroy,
73 	.me             = THIS_MODULE,
74 };
75 
76 static int __init connmark_mt_init(void)
77 {
78 	return xt_register_match(&connmark_mt_reg);
79 }
80 
81 static void __exit connmark_mt_exit(void)
82 {
83 	xt_unregister_match(&connmark_mt_reg);
84 }
85 
86 module_init(connmark_mt_init);
87 module_exit(connmark_mt_exit);
88