Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / refs/heads/int/10/fp3 / . / net / netfilter / nft_meta.c
blob: cec8dc0e5e6f2479527fd1dc1d3ee981d58b85e6 [file] [log] [blame]
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]1/*
Patrick McHardyef1f7df2013-10-10 11:41:20 +0200[diff] [blame]2 * Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net>
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 *
8 * Development of this code funded by Astaro AG (http://www.astaro.com/)
9 */
10
11#include <linux/kernel.h>
12#include <linux/init.h>
13#include <linux/module.h>
14#include <linux/netlink.h>
15#include <linux/netfilter.h>
16#include <linux/netfilter/nf_tables.h>
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]17#include <linux/in.h>
18#include <linux/ip.h>
19#include <linux/ipv6.h>
Ana Reyafc5be302014-08-24 14:08:36 +0200[diff] [blame]20#include <linux/smp.h>
Florian Westphale639f7a2015-11-28 21:53:05 +0100[diff] [blame]21#include <linux/static_key.h>
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]22#include <net/dst.h>
23#include <net/sock.h>
24#include <net/tcp_states.h> /* for TCP_TIME_WAIT */
25#include <net/netfilter/nf_tables.h>
Florian Westphale639f7a2015-11-28 21:53:05 +0100[diff] [blame]26#include <net/netfilter/nf_tables_core.h>
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]27#include <net/netfilter/nft_meta.h>
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]28
Florian Westphalb4aae752015-12-10 18:04:07 +0100[diff] [blame]29#include <uapi/linux/netfilter_bridge.h> /* NF_BR_PRE_ROUTING */
30
Florian Westphalb07edbe2016-02-16 17:24:08 +0100[diff] [blame]31static DEFINE_PER_CPU(struct rnd_state, nft_prandom_state);
32
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]33void nft_meta_get_eval(const struct nft_expr *expr,
Patrick McHardya55e22e2015-04-11 02:27:31 +0100[diff] [blame]34 struct nft_regs *regs,
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]35 const struct nft_pktinfo *pkt)
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]36{
37 const struct nft_meta *priv = nft_expr_priv(expr);
38 const struct sk_buff *skb = pkt->skb;
39 const struct net_device *in = pkt->in, *out = pkt->out;
Eric Dumazet3aed8222015-11-08 10:54:12 -0800[diff] [blame]40 struct sock *sk;
Patrick McHardy49499c32015-04-11 02:27:37 +0100[diff] [blame]41 u32 *dest = &regs->data[priv->dreg];
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]42
43 switch (priv->key) {
44 case NFT_META_LEN:
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]45 *dest = skb->len;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]46 break;
47 case NFT_META_PROTOCOL:
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]48 nft_reg_store16(dest, (__force u16)skb->protocol);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]49 break;
Patrick McHardy124edfa2014-01-03 12:16:17 +0000[diff] [blame]50 case NFT_META_NFPROTO:
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]51 nft_reg_store8(dest, pkt->pf);
Patrick McHardy124edfa2014-01-03 12:16:17 +0000[diff] [blame]52 break;
Patrick McHardy4566bf22014-01-03 12:16:18 +0000[diff] [blame]53 case NFT_META_L4PROTO:
Pablo Neira Ayusobeac5af2016-09-09 12:42:49 +0200[diff] [blame]54 if (!pkt->tprot_set)
55 goto err;
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]56 nft_reg_store8(dest, pkt->tprot);
Patrick McHardy4566bf22014-01-03 12:16:18 +0000[diff] [blame]57 break;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]58 case NFT_META_PRIORITY:
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]59 *dest = skb->priority;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]60 break;
61 case NFT_META_MARK:
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]62 *dest = skb->mark;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]63 break;
64 case NFT_META_IIF:
65 if (in == NULL)
66 goto err;
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]67 *dest = in->ifindex;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]68 break;
69 case NFT_META_OIF:
70 if (out == NULL)
71 goto err;
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]72 *dest = out->ifindex;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]73 break;
74 case NFT_META_IIFNAME:
75 if (in == NULL)
76 goto err;
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]77 strncpy((char *)dest, in->name, IFNAMSIZ);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]78 break;
79 case NFT_META_OIFNAME:
80 if (out == NULL)
81 goto err;
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]82 strncpy((char *)dest, out->name, IFNAMSIZ);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]83 break;
84 case NFT_META_IIFTYPE:
85 if (in == NULL)
86 goto err;
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]87 nft_reg_store16(dest, in->type);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]88 break;
89 case NFT_META_OIFTYPE:
90 if (out == NULL)
91 goto err;
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]92 nft_reg_store16(dest, out->type);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]93 break;
94 case NFT_META_SKUID:
Eric Dumazet3aed8222015-11-08 10:54:12 -0800[diff] [blame]95 sk = skb_to_full_sk(skb);
96 if (!sk || !sk_fullsock(sk))
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]97 goto err;
98
Eric Dumazet3aed8222015-11-08 10:54:12 -0800[diff] [blame]99 read_lock_bh(&sk->sk_callback_lock);
100 if (sk->sk_socket == NULL ||
101 sk->sk_socket->file == NULL) {
102 read_unlock_bh(&sk->sk_callback_lock);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]103 goto err;
104 }
105
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]106 *dest = from_kuid_munged(&init_user_ns,
Eric Dumazet3aed8222015-11-08 10:54:12 -0800[diff] [blame]107 sk->sk_socket->file->f_cred->fsuid);
108 read_unlock_bh(&sk->sk_callback_lock);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]109 break;
110 case NFT_META_SKGID:
Eric Dumazet3aed8222015-11-08 10:54:12 -0800[diff] [blame]111 sk = skb_to_full_sk(skb);
112 if (!sk || !sk_fullsock(sk))
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]113 goto err;
114
Eric Dumazet3aed8222015-11-08 10:54:12 -0800[diff] [blame]115 read_lock_bh(&sk->sk_callback_lock);
116 if (sk->sk_socket == NULL ||
117 sk->sk_socket->file == NULL) {
118 read_unlock_bh(&sk->sk_callback_lock);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]119 goto err;
120 }
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]121 *dest = from_kgid_munged(&init_user_ns,
Eric Dumazet3aed8222015-11-08 10:54:12 -0800[diff] [blame]122 sk->sk_socket->file->f_cred->fsgid);
123 read_unlock_bh(&sk->sk_callback_lock);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]124 break;
Paul Bolle06efbd62014-02-12 10:53:01 +0100[diff] [blame]125#ifdef CONFIG_IP_ROUTE_CLASSID
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]126 case NFT_META_RTCLASSID: {
127 const struct dst_entry *dst = skb_dst(skb);
128
129 if (dst == NULL)
130 goto err;
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]131 *dest = dst->tclassid;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]132 break;
133 }
134#endif
135#ifdef CONFIG_NETWORK_SECMARK
136 case NFT_META_SECMARK:
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]137 *dest = skb->secmark;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]138 break;
139#endif
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]140 case NFT_META_PKTTYPE:
141 if (skb->pkt_type != PACKET_LOOPBACK) {
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]142 nft_reg_store8(dest, skb->pkt_type);
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]143 break;
144 }
145
Eric W. Biederman6aa187f2015-09-18 14:32:57 -0500[diff] [blame]146 switch (pkt->pf) {
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]147 case NFPROTO_IPV4:
148 if (ipv4_is_multicast(ip_hdr(skb)->daddr))
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]149 nft_reg_store8(dest, PACKET_MULTICAST);
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]150 else
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]151 nft_reg_store8(dest, PACKET_BROADCAST);
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]152 break;
153 case NFPROTO_IPV6:
154 if (ipv6_hdr(skb)->daddr.s6_addr[0] == 0xFF)
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]155 nft_reg_store8(dest, PACKET_MULTICAST);
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]156 else
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]157 nft_reg_store8(dest, PACKET_BROADCAST);
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]158 break;
Liping Zhangc5493c62017-01-07 21:33:55 +0800[diff] [blame]159 case NFPROTO_NETDEV:
160 switch (skb->protocol) {
161 case htons(ETH_P_IP): {
162 int noff = skb_network_offset(skb);
163 struct iphdr *iph, _iph;
164
165 iph = skb_header_pointer(skb, noff,
166 sizeof(_iph), &_iph);
167 if (!iph)
168 goto err;
169
170 if (ipv4_is_multicast(iph->daddr))
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]171 nft_reg_store8(dest, PACKET_MULTICAST);
Liping Zhangc5493c62017-01-07 21:33:55 +0800[diff] [blame]172 else
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]173 nft_reg_store8(dest, PACKET_BROADCAST);
Liping Zhangc5493c62017-01-07 21:33:55 +0800[diff] [blame]174
175 break;
176 }
177 case htons(ETH_P_IPV6):
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]178 nft_reg_store8(dest, PACKET_MULTICAST);
Liping Zhangc5493c62017-01-07 21:33:55 +0800[diff] [blame]179 break;
180 default:
181 WARN_ON_ONCE(1);
182 goto err;
183 }
184 break;
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]185 default:
Liping Zhangc5493c62017-01-07 21:33:55 +0800[diff] [blame]186 WARN_ON_ONCE(1);
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]187 goto err;
188 }
189 break;
Ana Reyafc5be302014-08-24 14:08:36 +0200[diff] [blame]190 case NFT_META_CPU:
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]191 *dest = raw_smp_processor_id();
Ana Reyafc5be302014-08-24 14:08:36 +0200[diff] [blame]192 break;
Ana Rey3045d762014-09-02 20:36:14 +0200[diff] [blame]193 case NFT_META_IIFGROUP:
194 if (in == NULL)
195 goto err;
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]196 *dest = in->group;
Ana Rey3045d762014-09-02 20:36:14 +0200[diff] [blame]197 break;
198 case NFT_META_OIFGROUP:
199 if (out == NULL)
200 goto err;
Patrick McHardyfad136e2015-04-11 02:27:33 +0100[diff] [blame]201 *dest = out->group;
Ana Rey3045d762014-09-02 20:36:14 +0200[diff] [blame]202 break;
Mathias Krausee181a542015-07-19 22:21:13 +0200[diff] [blame]203#ifdef CONFIG_CGROUP_NET_CLASSID
Ana Reyce674172014-11-03 18:10:50 +0100[diff] [blame]204 case NFT_META_CGROUP:
Eric Dumazet3aed8222015-11-08 10:54:12 -0800[diff] [blame]205 sk = skb_to_full_sk(skb);
206 if (!sk || !sk_fullsock(sk))
Pablo Neira Ayusoc5035c72015-03-27 12:14:13 +0100[diff] [blame]207 goto err;
Tejun Heo2a56a1f2015-12-07 17:38:52 -0500[diff] [blame]208 *dest = sock_cgroup_classid(&sk->sk_cgrp_data);
Ana Reyce674172014-11-03 18:10:50 +0100[diff] [blame]209 break;
Mathias Krausee181a542015-07-19 22:21:13 +0200[diff] [blame]210#endif
Florian Westphalb07edbe2016-02-16 17:24:08 +0100[diff] [blame]211 case NFT_META_PRANDOM: {
212 struct rnd_state *state = this_cpu_ptr(&nft_prandom_state);
213 *dest = prandom_u32_state(state);
214 break;
215 }
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]216 default:
217 WARN_ON(1);
218 goto err;
219 }
220 return;
221
222err:
Patrick McHardya55e22e2015-04-11 02:27:31 +0100[diff] [blame]223 regs->verdict.code = NFT_BREAK;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]224}
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]225EXPORT_SYMBOL_GPL(nft_meta_get_eval);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]226
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]227void nft_meta_set_eval(const struct nft_expr *expr,
Patrick McHardya55e22e2015-04-11 02:27:31 +0100[diff] [blame]228 struct nft_regs *regs,
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]229 const struct nft_pktinfo *pkt)
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]230{
231 const struct nft_meta *meta = nft_expr_priv(expr);
232 struct sk_buff *skb = pkt->skb;
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]233 u32 *sreg = &regs->data[meta->sreg];
234 u32 value = *sreg;
235 u8 pkt_type;
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]236
237 switch (meta->key) {
238 case NFT_META_MARK:
239 skb->mark = value;
240 break;
241 case NFT_META_PRIORITY:
242 skb->priority = value;
243 break;
Florian Westphalb4aae752015-12-10 18:04:07 +0100[diff] [blame]244 case NFT_META_PKTTYPE:
Liping Zhang1894d7c2017-03-08 22:54:18 +0800[diff] [blame]245 pkt_type = nft_reg_load8(sreg);
246
247 if (skb->pkt_type != pkt_type &&
248 skb_pkt_type_ok(pkt_type) &&
249 skb_pkt_type_ok(skb->pkt_type))
250 skb->pkt_type = pkt_type;
Florian Westphalb4aae752015-12-10 18:04:07 +0100[diff] [blame]251 break;
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]252 case NFT_META_NFTRACE:
Liping Zhang62131e52016-06-08 20:20:10 +0800[diff] [blame]253 skb->nf_trace = !!value;
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]254 break;
255 default:
256 WARN_ON(1);
257 }
258}
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]259EXPORT_SYMBOL_GPL(nft_meta_set_eval);
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]260
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]261const struct nla_policy nft_meta_policy[NFTA_META_MAX + 1] = {
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]262 [NFTA_META_DREG] = { .type = NLA_U32 },
263 [NFTA_META_KEY] = { .type = NLA_U32 },
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]264 [NFTA_META_SREG] = { .type = NLA_U32 },
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]265};
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]266EXPORT_SYMBOL_GPL(nft_meta_policy);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]267
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]268int nft_meta_get_init(const struct nft_ctx *ctx,
269 const struct nft_expr *expr,
270 const struct nlattr * const tb[])
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]271{
Patrick McHardyd2caa692014-03-29 10:43:02 +0000[diff] [blame]272 struct nft_meta *priv = nft_expr_priv(expr);
Patrick McHardy45d9bcd2015-04-11 02:27:26 +0100[diff] [blame]273 unsigned int len;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]274
Patrick McHardyd2caa692014-03-29 10:43:02 +0000[diff] [blame]275 priv->key = ntohl(nla_get_be32(tb[NFTA_META_KEY]));
276 switch (priv->key) {
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]277 case NFT_META_PROTOCOL:
Patrick McHardy45d9bcd2015-04-11 02:27:26 +0100[diff] [blame]278 case NFT_META_IIFTYPE:
279 case NFT_META_OIFTYPE:
280 len = sizeof(u16);
281 break;
Patrick McHardy124edfa2014-01-03 12:16:17 +0000[diff] [blame]282 case NFT_META_NFPROTO:
Patrick McHardy4566bf22014-01-03 12:16:18 +0000[diff] [blame]283 case NFT_META_L4PROTO:
Patrick McHardy45d9bcd2015-04-11 02:27:26 +0100[diff] [blame]284 case NFT_META_LEN:
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]285 case NFT_META_PRIORITY:
286 case NFT_META_MARK:
287 case NFT_META_IIF:
288 case NFT_META_OIF:
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]289 case NFT_META_SKUID:
290 case NFT_META_SKGID:
Paul Bolle06efbd62014-02-12 10:53:01 +0100[diff] [blame]291#ifdef CONFIG_IP_ROUTE_CLASSID
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]292 case NFT_META_RTCLASSID:
293#endif
294#ifdef CONFIG_NETWORK_SECMARK
295 case NFT_META_SECMARK:
296#endif
Ana Reye2a093f2014-08-06 13:52:49 +0200[diff] [blame]297 case NFT_META_PKTTYPE:
Ana Reyafc5be302014-08-24 14:08:36 +0200[diff] [blame]298 case NFT_META_CPU:
Ana Rey3045d762014-09-02 20:36:14 +0200[diff] [blame]299 case NFT_META_IIFGROUP:
300 case NFT_META_OIFGROUP:
Mathias Krausee181a542015-07-19 22:21:13 +0200[diff] [blame]301#ifdef CONFIG_CGROUP_NET_CLASSID
Ana Reyce674172014-11-03 18:10:50 +0100[diff] [blame]302 case NFT_META_CGROUP:
Mathias Krausee181a542015-07-19 22:21:13 +0200[diff] [blame]303#endif
Patrick McHardy45d9bcd2015-04-11 02:27:26 +0100[diff] [blame]304 len = sizeof(u32);
305 break;
306 case NFT_META_IIFNAME:
307 case NFT_META_OIFNAME:
308 len = IFNAMSIZ;
Patrick McHardyd2caa692014-03-29 10:43:02 +0000[diff] [blame]309 break;
Florian Westphalb07edbe2016-02-16 17:24:08 +0100[diff] [blame]310 case NFT_META_PRANDOM:
311 prandom_init_once(&nft_prandom_state);
312 len = sizeof(u32);
313 break;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]314 default:
315 return -EOPNOTSUPP;
316 }
317
Patrick McHardyb1c96ed2015-04-11 02:27:36 +0100[diff] [blame]318 priv->dreg = nft_parse_register(tb[NFTA_META_DREG]);
Patrick McHardy27e6d202015-04-11 02:27:29 +0100[diff] [blame]319 return nft_validate_register_store(ctx, priv->dreg, NULL,
320 NFT_DATA_VALUE, len);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]321}
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]322EXPORT_SYMBOL_GPL(nft_meta_get_init);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]323
Liping Zhang960fa722016-08-22 22:57:56 +0800[diff] [blame]324int nft_meta_set_validate(const struct nft_ctx *ctx,
325 const struct nft_expr *expr,
326 const struct nft_data **data)
Florian Westphalb4aae752015-12-10 18:04:07 +0100[diff] [blame]327{
Liping Zhang960fa722016-08-22 22:57:56 +0800[diff] [blame]328 struct nft_meta *priv = nft_expr_priv(expr);
Florian Westphalb4aae752015-12-10 18:04:07 +0100[diff] [blame]329 unsigned int hooks;
330
Liping Zhang960fa722016-08-22 22:57:56 +0800[diff] [blame]331 if (priv->key != NFT_META_PKTTYPE)
332 return 0;
333
Florian Westphalb4aae752015-12-10 18:04:07 +0100[diff] [blame]334 switch (ctx->afi->family) {
335 case NFPROTO_BRIDGE:
336 hooks = 1 << NF_BR_PRE_ROUTING;
337 break;
338 case NFPROTO_NETDEV:
339 hooks = 1 << NF_NETDEV_INGRESS;
340 break;
341 default:
342 return -EOPNOTSUPP;
343 }
344
345 return nft_chain_validate_hooks(ctx->chain, hooks);
346}
Liping Zhang960fa722016-08-22 22:57:56 +0800[diff] [blame]347EXPORT_SYMBOL_GPL(nft_meta_set_validate);
Florian Westphalb4aae752015-12-10 18:04:07 +0100[diff] [blame]348
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]349int nft_meta_set_init(const struct nft_ctx *ctx,
350 const struct nft_expr *expr,
351 const struct nlattr * const tb[])
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]352{
353 struct nft_meta *priv = nft_expr_priv(expr);
Patrick McHardyd07db982015-04-11 02:27:30 +0100[diff] [blame]354 unsigned int len;
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]355 int err;
356
357 priv->key = ntohl(nla_get_be32(tb[NFTA_META_KEY]));
Patrick McHardyd2caa692014-03-29 10:43:02 +0000[diff] [blame]358 switch (priv->key) {
359 case NFT_META_MARK:
360 case NFT_META_PRIORITY:
Patrick McHardyd07db982015-04-11 02:27:30 +0100[diff] [blame]361 len = sizeof(u32);
362 break;
Patrick McHardyd2caa692014-03-29 10:43:02 +0000[diff] [blame]363 case NFT_META_NFTRACE:
Patrick McHardyd07db982015-04-11 02:27:30 +0100[diff] [blame]364 len = sizeof(u8);
Patrick McHardyd2caa692014-03-29 10:43:02 +0000[diff] [blame]365 break;
Florian Westphalb4aae752015-12-10 18:04:07 +0100[diff] [blame]366 case NFT_META_PKTTYPE:
Florian Westphalb4aae752015-12-10 18:04:07 +0100[diff] [blame]367 len = sizeof(u8);
368 break;
Patrick McHardyd2caa692014-03-29 10:43:02 +0000[diff] [blame]369 default:
370 return -EOPNOTSUPP;
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]371 }
372
Liping Zhang960fa722016-08-22 22:57:56 +0800[diff] [blame]373 err = nft_meta_set_validate(ctx, expr, NULL);
374 if (err < 0)
375 return err;
376
Patrick McHardyb1c96ed2015-04-11 02:27:36 +0100[diff] [blame]377 priv->sreg = nft_parse_register(tb[NFTA_META_SREG]);
Patrick McHardyd07db982015-04-11 02:27:30 +0100[diff] [blame]378 err = nft_validate_register_load(priv->sreg, len);
Pablo Neira Ayusob38895c2014-01-09 20:03:55 +0100[diff] [blame]379 if (err < 0)
380 return err;
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]381
Florian Westphale639f7a2015-11-28 21:53:05 +0100[diff] [blame]382 if (priv->key == NFT_META_NFTRACE)
383 static_branch_inc(&nft_trace_enabled);
384
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]385 return 0;
386}
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]387EXPORT_SYMBOL_GPL(nft_meta_set_init);
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]388
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]389int nft_meta_get_dump(struct sk_buff *skb,
390 const struct nft_expr *expr)
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]391{
392 const struct nft_meta *priv = nft_expr_priv(expr);
393
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]394 if (nla_put_be32(skb, NFTA_META_KEY, htonl(priv->key)))
395 goto nla_put_failure;
Patrick McHardyb1c96ed2015-04-11 02:27:36 +0100[diff] [blame]396 if (nft_dump_register(skb, NFTA_META_DREG, priv->dreg))
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]397 goto nla_put_failure;
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]398 return 0;
399
400nla_put_failure:
401 return -1;
402}
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]403EXPORT_SYMBOL_GPL(nft_meta_get_dump);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]404
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]405int nft_meta_set_dump(struct sk_buff *skb,
406 const struct nft_expr *expr)
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]407{
408 const struct nft_meta *priv = nft_expr_priv(expr);
409
410 if (nla_put_be32(skb, NFTA_META_KEY, htonl(priv->key)))
411 goto nla_put_failure;
Patrick McHardyb1c96ed2015-04-11 02:27:36 +0100[diff] [blame]412 if (nft_dump_register(skb, NFTA_META_SREG, priv->sreg))
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]413 goto nla_put_failure;
414
415 return 0;
416
417nla_put_failure:
418 return -1;
419}
Tomasz Bursztykaaa456602014-04-14 15:41:27 +0300[diff] [blame]420EXPORT_SYMBOL_GPL(nft_meta_set_dump);
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]421
Florian Westphale639f7a2015-11-28 21:53:05 +0100[diff] [blame]422void nft_meta_set_destroy(const struct nft_ctx *ctx,
423 const struct nft_expr *expr)
424{
425 const struct nft_meta *priv = nft_expr_priv(expr);
426
427 if (priv->key == NFT_META_NFTRACE)
428 static_branch_dec(&nft_trace_enabled);
429}
430EXPORT_SYMBOL_GPL(nft_meta_set_destroy);
431
Patrick McHardyef1f7df2013-10-10 11:41:20 +0200[diff] [blame]432static struct nft_expr_type nft_meta_type;
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]433static const struct nft_expr_ops nft_meta_get_ops = {
Patrick McHardyef1f7df2013-10-10 11:41:20 +0200[diff] [blame]434 .type = &nft_meta_type,
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]435 .size = NFT_EXPR_SIZE(sizeof(struct nft_meta)),
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]436 .eval = nft_meta_get_eval,
Patrick McHardyd2caa692014-03-29 10:43:02 +0000[diff] [blame]437 .init = nft_meta_get_init,
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]438 .dump = nft_meta_get_dump,
Patrick McHardyef1f7df2013-10-10 11:41:20 +0200[diff] [blame]439};
440
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]441static const struct nft_expr_ops nft_meta_set_ops = {
442 .type = &nft_meta_type,
443 .size = NFT_EXPR_SIZE(sizeof(struct nft_meta)),
444 .eval = nft_meta_set_eval,
Patrick McHardyd2caa692014-03-29 10:43:02 +0000[diff] [blame]445 .init = nft_meta_set_init,
Florian Westphale639f7a2015-11-28 21:53:05 +0100[diff] [blame]446 .destroy = nft_meta_set_destroy,
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]447 .dump = nft_meta_set_dump,
Liping Zhang960fa722016-08-22 22:57:56 +0800[diff] [blame]448 .validate = nft_meta_set_validate,
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]449};
450
451static const struct nft_expr_ops *
452nft_meta_select_ops(const struct nft_ctx *ctx,
453 const struct nlattr * const tb[])
454{
455 if (tb[NFTA_META_KEY] == NULL)
456 return ERR_PTR(-EINVAL);
457
458 if (tb[NFTA_META_DREG] && tb[NFTA_META_SREG])
459 return ERR_PTR(-EINVAL);
460
461 if (tb[NFTA_META_DREG])
462 return &nft_meta_get_ops;
463
464 if (tb[NFTA_META_SREG])
465 return &nft_meta_set_ops;
466
467 return ERR_PTR(-EINVAL);
468}
469
Patrick McHardyef1f7df2013-10-10 11:41:20 +0200[diff] [blame]470static struct nft_expr_type nft_meta_type __read_mostly = {
471 .name = "meta",
Arturo Borrero Gonzaleze035b772013-12-26 16:38:01 +0100[diff] [blame]472 .select_ops = &nft_meta_select_ops,
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]473 .policy = nft_meta_policy,
474 .maxattr = NFTA_META_MAX,
Patrick McHardyef1f7df2013-10-10 11:41:20 +0200[diff] [blame]475 .owner = THIS_MODULE,
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]476};
477
478static int __init nft_meta_module_init(void)
479{
Patrick McHardyef1f7df2013-10-10 11:41:20 +0200[diff] [blame]480 return nft_register_expr(&nft_meta_type);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]481}
482
483static void __exit nft_meta_module_exit(void)
484{
Patrick McHardyef1f7df2013-10-10 11:41:20 +0200[diff] [blame]485 nft_unregister_expr(&nft_meta_type);
Patrick McHardy96518512013-10-14 11:00:02 +0200[diff] [blame]486}
487
488module_init(nft_meta_module_init);
489module_exit(nft_meta_module_exit);
490
491MODULE_LICENSE("GPL");
492MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
493MODULE_ALIAS_NFT_EXPR("meta");