Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 6f6d6a1a6a1336431a6cba60ace9e97c3a496a19 / . / net / netfilter / xt_connbytes.c
blob: d7e8983cd37f6303921edf25bc201eca7e99c4a2 [file] [log] [blame]
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]1/* Kernel module to match connection tracking byte counter.
2 * GPL (C) 2002 Martin Devera (devik@cdi.cz).
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]3 */
4#include <linux/module.h>
Jiri Slaby1977f032007-10-18 23:40:25 -0700[diff] [blame]5#include <linux/bitops.h>
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]6#include <linux/skbuff.h>
Roman Zippel6f6d6a12008-05-01 04:34:28 -0700[diff] [blame^]7#include <linux/math64.h>
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]8#include <linux/netfilter/x_tables.h>
9#include <linux/netfilter/xt_connbytes.h>
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]10#include <net/netfilter/nf_conntrack.h>
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]11
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]12MODULE_LICENSE("GPL");
13MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
Jan Engelhardt2ae15b62008-01-14 23:42:28 -0800[diff] [blame]14MODULE_DESCRIPTION("Xtables: Number of packets/bytes per connection matching");
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]15MODULE_ALIAS("ipt_connbytes");
Jan Engelhardt73aaf932007-10-11 14:36:40 -0700[diff] [blame]16MODULE_ALIAS("ip6t_connbytes");
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]17
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]18static bool
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]19connbytes_mt(const struct sk_buff *skb, const struct net_device *in,
20 const struct net_device *out, const struct xt_match *match,
21 const void *matchinfo, int offset, unsigned int protoff,
22 bool *hotdrop)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]23{
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]24 const struct xt_connbytes_info *sinfo = matchinfo;
Jan Engelhardta47362a2007-07-07 22:16:55 -0700[diff] [blame]25 const struct nf_conn *ct;
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]26 enum ip_conntrack_info ctinfo;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]27 u_int64_t what = 0; /* initialize to make gcc happy */
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]28 u_int64_t bytes = 0;
29 u_int64_t pkts = 0;
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]30 const struct ip_conntrack_counter *counters;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]31
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]32 ct = nf_ct_get(skb, &ctinfo);
33 if (!ct)
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]34 return false;
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]35 counters = ct->counters;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]36
37 switch (sinfo->what) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]38 case XT_CONNBYTES_PKTS:
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]39 switch (sinfo->direction) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]40 case XT_CONNBYTES_DIR_ORIGINAL:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]41 what = counters[IP_CT_DIR_ORIGINAL].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]42 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]43 case XT_CONNBYTES_DIR_REPLY:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]44 what = counters[IP_CT_DIR_REPLY].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]45 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]46 case XT_CONNBYTES_DIR_BOTH:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]47 what = counters[IP_CT_DIR_ORIGINAL].packets;
48 what += counters[IP_CT_DIR_REPLY].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]49 break;
50 }
51 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]52 case XT_CONNBYTES_BYTES:
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]53 switch (sinfo->direction) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]54 case XT_CONNBYTES_DIR_ORIGINAL:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]55 what = counters[IP_CT_DIR_ORIGINAL].bytes;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]56 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]57 case XT_CONNBYTES_DIR_REPLY:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]58 what = counters[IP_CT_DIR_REPLY].bytes;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]59 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]60 case XT_CONNBYTES_DIR_BOTH:
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]61 what = counters[IP_CT_DIR_ORIGINAL].bytes;
62 what += counters[IP_CT_DIR_REPLY].bytes;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]63 break;
64 }
65 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]66 case XT_CONNBYTES_AVGPKT:
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]67 switch (sinfo->direction) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]68 case XT_CONNBYTES_DIR_ORIGINAL:
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]69 bytes = counters[IP_CT_DIR_ORIGINAL].bytes;
70 pkts = counters[IP_CT_DIR_ORIGINAL].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]71 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]72 case XT_CONNBYTES_DIR_REPLY:
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]73 bytes = counters[IP_CT_DIR_REPLY].bytes;
74 pkts = counters[IP_CT_DIR_REPLY].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]75 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]76 case XT_CONNBYTES_DIR_BOTH:
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]77 bytes = counters[IP_CT_DIR_ORIGINAL].bytes +
78 counters[IP_CT_DIR_REPLY].bytes;
79 pkts = counters[IP_CT_DIR_ORIGINAL].packets +
80 counters[IP_CT_DIR_REPLY].packets;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]81 break;
82 }
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]83 if (pkts != 0)
Roman Zippel6f6d6a12008-05-01 04:34:28 -0700[diff] [blame^]84 what = div64_u64(bytes, pkts);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]85 break;
86 }
87
88 if (sinfo->count.to)
Jan Engelhardt7c4e36b2007-07-07 22:19:08 -0700[diff] [blame]89 return what <= sinfo->count.to && what >= sinfo->count.from;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]90 else
Jan Engelhardt7c4e36b2007-07-07 22:19:08 -0700[diff] [blame]91 return what >= sinfo->count.from;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]92}
93
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]94static bool
95connbytes_mt_check(const char *tablename, const void *ip,
96 const struct xt_match *match, void *matchinfo,
97 unsigned int hook_mask)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]98{
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]99 const struct xt_connbytes_info *sinfo = matchinfo;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]100
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]101 if (sinfo->what != XT_CONNBYTES_PKTS &&
102 sinfo->what != XT_CONNBYTES_BYTES &&
103 sinfo->what != XT_CONNBYTES_AVGPKT)
Jan Engelhardtccb79bd2007-07-07 22:16:00 -0700[diff] [blame]104 return false;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]105
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]106 if (sinfo->direction != XT_CONNBYTES_DIR_ORIGINAL &&
107 sinfo->direction != XT_CONNBYTES_DIR_REPLY &&
108 sinfo->direction != XT_CONNBYTES_DIR_BOTH)
Jan Engelhardtccb79bd2007-07-07 22:16:00 -0700[diff] [blame]109 return false;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]110
Yasuyuki Kozakai11078c32006-12-12 00:29:02 -0800[diff] [blame]111 if (nf_ct_l3proto_try_module_get(match->family) < 0) {
112 printk(KERN_WARNING "can't load conntrack support for "
Jan Engelhardtdf54aae2007-12-17 22:43:15 -0800[diff] [blame]113 "proto=%u\n", match->family);
Jan Engelhardtccb79bd2007-07-07 22:16:00 -0700[diff] [blame]114 return false;
Yasuyuki Kozakai11078c32006-12-12 00:29:02 -0800[diff] [blame]115 }
116
Jan Engelhardtccb79bd2007-07-07 22:16:00 -0700[diff] [blame]117 return true;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]118}
119
Yasuyuki Kozakai11078c32006-12-12 00:29:02 -0800[diff] [blame]120static void
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]121connbytes_mt_destroy(const struct xt_match *match, void *matchinfo)
Yasuyuki Kozakai11078c32006-12-12 00:29:02 -0800[diff] [blame]122{
123 nf_ct_l3proto_module_put(match->family);
124}
125
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]126static struct xt_match connbytes_mt_reg[] __read_mostly = {
Patrick McHardy4470bbc2006-08-22 00:34:04 -0700[diff] [blame]127 {
128 .name = "connbytes",
129 .family = AF_INET,
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]130 .checkentry = connbytes_mt_check,
131 .match = connbytes_mt,
132 .destroy = connbytes_mt_destroy,
Patrick McHardy4470bbc2006-08-22 00:34:04 -0700[diff] [blame]133 .matchsize = sizeof(struct xt_connbytes_info),
134 .me = THIS_MODULE
135 },
136 {
137 .name = "connbytes",
138 .family = AF_INET6,
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]139 .checkentry = connbytes_mt_check,
140 .match = connbytes_mt,
141 .destroy = connbytes_mt_destroy,
Patrick McHardy4470bbc2006-08-22 00:34:04 -0700[diff] [blame]142 .matchsize = sizeof(struct xt_connbytes_info),
143 .me = THIS_MODULE
144 },
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]145};
146
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]147static int __init connbytes_mt_init(void)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]148{
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]149 return xt_register_matches(connbytes_mt_reg,
150 ARRAY_SIZE(connbytes_mt_reg));
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]151}
152
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]153static void __exit connbytes_mt_exit(void)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]154{
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]155 xt_unregister_matches(connbytes_mt_reg, ARRAY_SIZE(connbytes_mt_reg));
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]156}
157
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]158module_init(connbytes_mt_init);
159module_exit(connbytes_mt_exit);