Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 6be3d8598e883fb632edf059ba2f8d1b9f4da138 / . / net / netfilter / xt_connbytes.c
blob: 5bf4aa08b0fd081486b79a4746c8210a5f6e4c46 [file] [log] [blame]
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]1/* Kernel module to match connection tracking byte counter.
2 * GPL (C) 2002 Martin Devera (devik@cdi.cz).
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]3 */
4#include <linux/module.h>
Jiri Slaby1977f032007-10-18 23:40:25 -0700[diff] [blame]5#include <linux/bitops.h>
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]6#include <linux/skbuff.h>
Roman Zippel6f6d6a12008-05-01 04:34:28 -0700[diff] [blame]7#include <linux/math64.h>
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]8#include <linux/netfilter/x_tables.h>
9#include <linux/netfilter/xt_connbytes.h>
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]10#include <net/netfilter/nf_conntrack.h>
Krzysztof Piotr Oledzki58401572008-07-21 10:01:34 -0700[diff] [blame]11#include <net/netfilter/nf_conntrack_acct.h>
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]12
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]13MODULE_LICENSE("GPL");
14MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
Jan Engelhardt2ae15b62008-01-14 23:42:28 -0800[diff] [blame]15MODULE_DESCRIPTION("Xtables: Number of packets/bytes per connection matching");
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]16MODULE_ALIAS("ipt_connbytes");
Jan Engelhardt73aaf932007-10-11 14:36:40 -0700[diff] [blame]17MODULE_ALIAS("ip6t_connbytes");
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]18
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]19static bool
Jan Engelhardtf7108a22008-10-08 11:35:18 +0200[diff] [blame]20connbytes_mt(const struct sk_buff *skb, const struct xt_match_param *par)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]21{
Jan Engelhardtf7108a22008-10-08 11:35:18 +0200[diff] [blame]22 const struct xt_connbytes_info *sinfo = par->matchinfo;
Jan Engelhardta47362a2007-07-07 22:16:55 -0700[diff] [blame]23 const struct nf_conn *ct;
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]24 enum ip_conntrack_info ctinfo;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]25 u_int64_t what = 0; /* initialize to make gcc happy */
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]26 u_int64_t bytes = 0;
27 u_int64_t pkts = 0;
Krzysztof Piotr Oledzki58401572008-07-21 10:01:34 -0700[diff] [blame]28 const struct nf_conn_counter *counters;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]29
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]30 ct = nf_ct_get(skb, &ctinfo);
31 if (!ct)
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]32 return false;
Krzysztof Piotr Oledzki58401572008-07-21 10:01:34 -0700[diff] [blame]33
34 counters = nf_conn_acct_find(ct);
35 if (!counters)
36 return false;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]37
38 switch (sinfo->what) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]39 case XT_CONNBYTES_PKTS:
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]40 switch (sinfo->direction) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]41 case XT_CONNBYTES_DIR_ORIGINAL:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]42 what = counters[IP_CT_DIR_ORIGINAL].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]43 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]44 case XT_CONNBYTES_DIR_REPLY:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]45 what = counters[IP_CT_DIR_REPLY].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]46 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]47 case XT_CONNBYTES_DIR_BOTH:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]48 what = counters[IP_CT_DIR_ORIGINAL].packets;
49 what += counters[IP_CT_DIR_REPLY].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]50 break;
51 }
52 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]53 case XT_CONNBYTES_BYTES:
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]54 switch (sinfo->direction) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]55 case XT_CONNBYTES_DIR_ORIGINAL:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]56 what = counters[IP_CT_DIR_ORIGINAL].bytes;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]57 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]58 case XT_CONNBYTES_DIR_REPLY:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]59 what = counters[IP_CT_DIR_REPLY].bytes;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]60 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]61 case XT_CONNBYTES_DIR_BOTH:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]62 what = counters[IP_CT_DIR_ORIGINAL].bytes;
63 what += counters[IP_CT_DIR_REPLY].bytes;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]64 break;
65 }
66 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]67 case XT_CONNBYTES_AVGPKT:
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]68 switch (sinfo->direction) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]69 case XT_CONNBYTES_DIR_ORIGINAL:
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]70 bytes = counters[IP_CT_DIR_ORIGINAL].bytes;
71 pkts = counters[IP_CT_DIR_ORIGINAL].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]72 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]73 case XT_CONNBYTES_DIR_REPLY:
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]74 bytes = counters[IP_CT_DIR_REPLY].bytes;
75 pkts = counters[IP_CT_DIR_REPLY].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]76 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]77 case XT_CONNBYTES_DIR_BOTH:
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]78 bytes = counters[IP_CT_DIR_ORIGINAL].bytes +
79 counters[IP_CT_DIR_REPLY].bytes;
80 pkts = counters[IP_CT_DIR_ORIGINAL].packets +
81 counters[IP_CT_DIR_REPLY].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]82 break;
83 }
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]84 if (pkts != 0)
Roman Zippel6f6d6a12008-05-01 04:34:28 -0700[diff] [blame]85 what = div64_u64(bytes, pkts);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]86 break;
87 }
88
89 if (sinfo->count.to)
Jan Engelhardt7c4e36b2007-07-07 22:19:08 -0700[diff] [blame]90 return what <= sinfo->count.to && what >= sinfo->count.from;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]91 else
Jan Engelhardt7c4e36b2007-07-07 22:19:08 -0700[diff] [blame]92 return what >= sinfo->count.from;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]93}
94
Jan Engelhardt9b4fce72008-10-08 11:35:18 +0200[diff] [blame]95static bool connbytes_mt_check(const struct xt_mtchk_param *par)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]96{
Jan Engelhardt9b4fce72008-10-08 11:35:18 +0200[diff] [blame]97 const struct xt_connbytes_info *sinfo = par->matchinfo;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]98
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]99 if (sinfo->what != XT_CONNBYTES_PKTS &&
100 sinfo->what != XT_CONNBYTES_BYTES &&
101 sinfo->what != XT_CONNBYTES_AVGPKT)
Jan Engelhardtccb79bd2007-07-07 22:16:00 -0700[diff] [blame]102 return false;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]103
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]104 if (sinfo->direction != XT_CONNBYTES_DIR_ORIGINAL &&
105 sinfo->direction != XT_CONNBYTES_DIR_REPLY &&
106 sinfo->direction != XT_CONNBYTES_DIR_BOTH)
Jan Engelhardtccb79bd2007-07-07 22:16:00 -0700[diff] [blame]107 return false;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]108
Jan Engelhardt9b4fce72008-10-08 11:35:18 +0200[diff] [blame]109 if (nf_ct_l3proto_try_module_get(par->match->family) < 0) {
Yasuyuki Kozakai11078c32006-12-12 00:29:02 -0800[diff] [blame]110 printk(KERN_WARNING "can't load conntrack support for "
Jan Engelhardt9b4fce72008-10-08 11:35:18 +0200[diff] [blame]111 "proto=%u\n", par->match->family);
Jan Engelhardtccb79bd2007-07-07 22:16:00 -0700[diff] [blame]112 return false;
Yasuyuki Kozakai11078c32006-12-12 00:29:02 -0800[diff] [blame]113 }
114
Jan Engelhardtccb79bd2007-07-07 22:16:00 -0700[diff] [blame]115 return true;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]116}
117
Jan Engelhardt6be3d852008-10-08 11:35:19 +0200[diff] [blame^]118static void connbytes_mt_destroy(const struct xt_mtdtor_param *par)
Yasuyuki Kozakai11078c32006-12-12 00:29:02 -0800[diff] [blame]119{
Jan Engelhardt6be3d852008-10-08 11:35:19 +0200[diff] [blame^]120 nf_ct_l3proto_module_put(par->match->family);
Yasuyuki Kozakai11078c32006-12-12 00:29:02 -0800[diff] [blame]121}
122
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]123static struct xt_match connbytes_mt_reg[] __read_mostly = {
Patrick McHardy4470bbc2006-08-22 00:34:04 -0700[diff] [blame]124 {
125 .name = "connbytes",
Jan Engelhardtee999d82008-10-08 11:35:01 +0200[diff] [blame]126 .family = NFPROTO_IPV4,
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]127 .checkentry = connbytes_mt_check,
128 .match = connbytes_mt,
129 .destroy = connbytes_mt_destroy,
Patrick McHardy4470bbc2006-08-22 00:34:04 -0700[diff] [blame]130 .matchsize = sizeof(struct xt_connbytes_info),
131 .me = THIS_MODULE
132 },
133 {
134 .name = "connbytes",
Jan Engelhardtee999d82008-10-08 11:35:01 +0200[diff] [blame]135 .family = NFPROTO_IPV6,
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]136 .checkentry = connbytes_mt_check,
137 .match = connbytes_mt,
138 .destroy = connbytes_mt_destroy,
Patrick McHardy4470bbc2006-08-22 00:34:04 -0700[diff] [blame]139 .matchsize = sizeof(struct xt_connbytes_info),
140 .me = THIS_MODULE
141 },
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]142};
143
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]144static int __init connbytes_mt_init(void)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]145{
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]146 return xt_register_matches(connbytes_mt_reg,
147 ARRAY_SIZE(connbytes_mt_reg));
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]148}
149
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]150static void __exit connbytes_mt_exit(void)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]151{
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]152 xt_unregister_matches(connbytes_mt_reg, ARRAY_SIZE(connbytes_mt_reg));
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]153}
154
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]155module_init(connbytes_mt_init);
156module_exit(connbytes_mt_exit);