Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / a265f01218ee3aaa58c87a76ff8e63aab3747cd3 / . / include / net / netfilter / nf_conntrack_zones.h
blob: 64a718b60839812c4dd7ecae5351e4b0a44e804d [file] [log] [blame]
Patrick McHardy5d0aa2c2010-02-15 18:13:33 +0100[diff] [blame]1#ifndef _NF_CONNTRACK_ZONES_H
2#define _NF_CONNTRACK_ZONES_H
3
Daniel Borkmann62da9862015-09-03 01:26:07 +0200[diff] [blame]4#include <linux/netfilter/nf_conntrack_zones_common.h>
Daniel Borkmann308ac912015-08-08 21:40:01 +0200[diff] [blame]5
6#if IS_ENABLED(CONFIG_NF_CONNTRACK)
7#include <net/netfilter/nf_conntrack_extend.h>
8
9static inline const struct nf_conntrack_zone *
10nf_ct_zone(const struct nf_conn *ct)
Patrick McHardy5d0aa2c2010-02-15 18:13:33 +0100[diff] [blame]11{
12#ifdef CONFIG_NF_CONNTRACK_ZONES
Florian Westphal6c8dee92016-06-11 21:57:35 +0200[diff] [blame]13 return &ct->zone;
14#else
15 return &nf_ct_zone_dflt;
Patrick McHardy5d0aa2c2010-02-15 18:13:33 +0100[diff] [blame]16#endif
Patrick McHardy5d0aa2c2010-02-15 18:13:33 +0100[diff] [blame]17}
18
Daniel Borkmann308ac912015-08-08 21:40:01 +0200[diff] [blame]19static inline const struct nf_conntrack_zone *
Daniel Borkmann5e8018f2015-08-14 16:03:40 +0200[diff] [blame]20nf_ct_zone_init(struct nf_conntrack_zone *zone, u16 id, u8 dir, u8 flags)
Daniel Borkmann308ac912015-08-08 21:40:01 +0200[diff] [blame]21{
Daniel Borkmann5e8018f2015-08-14 16:03:40 +0200[diff] [blame]22 zone->id = id;
23 zone->flags = flags;
24 zone->dir = dir;
25
26 return zone;
27}
28
29static inline const struct nf_conntrack_zone *
30nf_ct_zone_tmpl(const struct nf_conn *tmpl, const struct sk_buff *skb,
31 struct nf_conntrack_zone *tmp)
32{
Florian Westphal6c8dee92016-06-11 21:57:35 +0200[diff] [blame]33#ifdef CONFIG_NF_CONNTRACK_ZONES
Daniel Borkmann5e8018f2015-08-14 16:03:40 +0200[diff] [blame]34 if (!tmpl)
35 return &nf_ct_zone_dflt;
36
Florian Westphal6c8dee92016-06-11 21:57:35 +0200[diff] [blame]37 if (tmpl->zone.flags & NF_CT_FLAG_MARK)
38 return nf_ct_zone_init(tmp, skb->mark, tmpl->zone.dir, 0);
39#endif
40 return nf_ct_zone(tmpl);
Daniel Borkmann5e8018f2015-08-14 16:03:40 +0200[diff] [blame]41}
42
Florian Westphal6c8dee92016-06-11 21:57:35 +0200[diff] [blame]43static inline void nf_ct_zone_add(struct nf_conn *ct,
44 const struct nf_conntrack_zone *zone)
Daniel Borkmann5e8018f2015-08-14 16:03:40 +0200[diff] [blame]45{
46#ifdef CONFIG_NF_CONNTRACK_ZONES
Florian Westphal6c8dee92016-06-11 21:57:35 +0200[diff] [blame]47 ct->zone = *zone;
Daniel Borkmann5e8018f2015-08-14 16:03:40 +0200[diff] [blame]48#endif
Daniel Borkmann308ac912015-08-08 21:40:01 +0200[diff] [blame]49}
50
Daniel Borkmanndeedb592015-08-14 16:03:39 +0200[diff] [blame]51static inline bool nf_ct_zone_matches_dir(const struct nf_conntrack_zone *zone,
52 enum ip_conntrack_dir dir)
53{
54 return zone->dir & (1 << dir);
55}
56
57static inline u16 nf_ct_zone_id(const struct nf_conntrack_zone *zone,
58 enum ip_conntrack_dir dir)
59{
Florian Westphal506e65d2016-06-10 23:09:01 +0200[diff] [blame]60#ifdef CONFIG_NF_CONNTRACK_ZONES
Daniel Borkmanndeedb592015-08-14 16:03:39 +0200[diff] [blame]61 return nf_ct_zone_matches_dir(zone, dir) ?
62 zone->id : NF_CT_DEFAULT_ZONE_ID;
Florian Westphal506e65d2016-06-10 23:09:01 +0200[diff] [blame]63#else
64 return NF_CT_DEFAULT_ZONE_ID;
65#endif
Daniel Borkmanndeedb592015-08-14 16:03:39 +0200[diff] [blame]66}
67
Daniel Borkmann308ac912015-08-08 21:40:01 +0200[diff] [blame]68static inline bool nf_ct_zone_equal(const struct nf_conn *a,
Daniel Borkmanndeedb592015-08-14 16:03:39 +0200[diff] [blame]69 const struct nf_conntrack_zone *b,
70 enum ip_conntrack_dir dir)
71{
Florian Westphal506e65d2016-06-10 23:09:01 +0200[diff] [blame]72#ifdef CONFIG_NF_CONNTRACK_ZONES
Daniel Borkmanndeedb592015-08-14 16:03:39 +0200[diff] [blame]73 return nf_ct_zone_id(nf_ct_zone(a), dir) ==
74 nf_ct_zone_id(b, dir);
Florian Westphal506e65d2016-06-10 23:09:01 +0200[diff] [blame]75#else
76 return true;
77#endif
Daniel Borkmanndeedb592015-08-14 16:03:39 +0200[diff] [blame]78}
79
80static inline bool nf_ct_zone_equal_any(const struct nf_conn *a,
81 const struct nf_conntrack_zone *b)
Daniel Borkmann308ac912015-08-08 21:40:01 +0200[diff] [blame]82{
Florian Westphal506e65d2016-06-10 23:09:01 +0200[diff] [blame]83#ifdef CONFIG_NF_CONNTRACK_ZONES
Daniel Borkmann308ac912015-08-08 21:40:01 +0200[diff] [blame]84 return nf_ct_zone(a)->id == b->id;
Florian Westphal506e65d2016-06-10 23:09:01 +0200[diff] [blame]85#else
86 return true;
87#endif
Daniel Borkmann308ac912015-08-08 21:40:01 +0200[diff] [blame]88}
89#endif /* IS_ENABLED(CONFIG_NF_CONNTRACK) */
Patrick McHardy5d0aa2c2010-02-15 18:13:33 +0100[diff] [blame]90#endif /* _NF_CONNTRACK_ZONES_H */