| Florian Westphal | c539f01 | 2013-01-11 06:30:44 +0000 | [diff] [blame] | 1 | #include <linux/types.h> |
| 2 | #include <net/net_namespace.h> |
| 3 | #include <linux/netfilter/nf_conntrack_common.h> |
| 4 | #include <linux/netfilter/nf_conntrack_tuple_common.h> |
| 5 | #include <net/netfilter/nf_conntrack.h> |
| 6 | #include <net/netfilter/nf_conntrack_extend.h> |
| 7 | |
| 8 | #include <uapi/linux/netfilter/xt_connlabel.h> |
| 9 | |
| Florian Westphal | d2bf2f3 | 2014-02-18 15:25:32 +0100 | [diff] [blame] | 10 | #define NF_CT_LABELS_MAX_SIZE ((XT_CONNLABEL_MAXBIT + 1) / BITS_PER_BYTE) |
| 11 | |
| Florian Westphal | c539f01 | 2013-01-11 06:30:44 +0000 | [diff] [blame] | 12 | struct nf_conn_labels { |
| Florian Westphal | 2301401 | 2016-07-21 12:51:16 +0200 | [diff] [blame] | 13 | unsigned long bits[NF_CT_LABELS_MAX_SIZE / sizeof(long)]; |
| Florian Westphal | c539f01 | 2013-01-11 06:30:44 +0000 | [diff] [blame] | 14 | }; |
| 15 | |
| 16 | static inline struct nf_conn_labels *nf_ct_labels_find(const struct nf_conn *ct) |
| 17 | { |
| 18 | #ifdef CONFIG_NF_CONNTRACK_LABELS |
| 19 | return nf_ct_ext_find(ct, NF_CT_EXT_LABELS); |
| 20 | #else |
| 21 | return NULL; |
| 22 | #endif |
| 23 | } |
| 24 | |
| 25 | static inline struct nf_conn_labels *nf_ct_labels_ext_add(struct nf_conn *ct) |
| 26 | { |
| 27 | #ifdef CONFIG_NF_CONNTRACK_LABELS |
| Florian Westphal | c539f01 | 2013-01-11 06:30:44 +0000 | [diff] [blame] | 28 | struct net *net = nf_ct_net(ct); |
| Florian Westphal | c539f01 | 2013-01-11 06:30:44 +0000 | [diff] [blame] | 29 | |
| Florian Westphal | 2301401 | 2016-07-21 12:51:16 +0200 | [diff] [blame] | 30 | if (net->ct.labels_used == 0) |
| Florian Westphal | c539f01 | 2013-01-11 06:30:44 +0000 | [diff] [blame] | 31 | return NULL; |
| 32 | |
| Florian Westphal | cdb436d | 2016-10-26 23:46:17 +0200 | [diff] [blame] | 33 | return nf_ct_ext_add(ct, NF_CT_EXT_LABELS, GFP_ATOMIC); |
| Florian Westphal | c539f01 | 2013-01-11 06:30:44 +0000 | [diff] [blame] | 34 | #else |
| 35 | return NULL; |
| 36 | #endif |
| 37 | } |
| 38 | |
| Florian Westphal | 9b21f6a | 2013-01-11 06:30:46 +0000 | [diff] [blame] | 39 | int nf_connlabels_replace(struct nf_conn *ct, |
| 40 | const u32 *data, const u32 *mask, unsigned int words); |
| 41 | |
| Florian Westphal | c539f01 | 2013-01-11 06:30:44 +0000 | [diff] [blame] | 42 | #ifdef CONFIG_NF_CONNTRACK_LABELS |
| Gao feng | 5f69b8f | 2013-01-21 22:10:31 +0000 | [diff] [blame] | 43 | int nf_conntrack_labels_init(void); |
| 44 | void nf_conntrack_labels_fini(void); |
| Florian Westphal | adff6c6 | 2016-04-12 18:14:25 +0200 | [diff] [blame] | 45 | int nf_connlabels_get(struct net *net, unsigned int bit); |
| Joe Stringer | 86ca02e | 2015-08-26 11:31:51 -0700 | [diff] [blame] | 46 | void nf_connlabels_put(struct net *net); |
| Florian Westphal | c539f01 | 2013-01-11 06:30:44 +0000 | [diff] [blame] | 47 | #else |
| Gao feng | 5f69b8f | 2013-01-21 22:10:31 +0000 | [diff] [blame] | 48 | static inline int nf_conntrack_labels_init(void) { return 0; } |
| 49 | static inline void nf_conntrack_labels_fini(void) {} |
| Florian Westphal | adff6c6 | 2016-04-12 18:14:25 +0200 | [diff] [blame] | 50 | static inline int nf_connlabels_get(struct net *net, unsigned int bit) { return 0; } |
| Joe Stringer | 86ca02e | 2015-08-26 11:31:51 -0700 | [diff] [blame] | 51 | static inline void nf_connlabels_put(struct net *net) {} |
| Florian Westphal | c539f01 | 2013-01-11 06:30:44 +0000 | [diff] [blame] | 52 | #endif |