Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / refs/tags/FP3-REL-Q-3.A.0107 / . / net / netfilter / xt_connbytes.c
blob: d4bec261e74e636e5a51c8ea95480f15bc61a1ab [file] [log] [blame]
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]1/* Kernel module to match connection tracking byte counter.
2 * GPL (C) 2002 Martin Devera (devik@cdi.cz).
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]3 */
Jan Engelhardt8bee4ba2010-03-17 16:04:40 +0100[diff] [blame]4#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]5#include <linux/module.h>
Jiri Slaby1977f032007-10-18 23:40:25 -0700[diff] [blame]6#include <linux/bitops.h>
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]7#include <linux/skbuff.h>
Roman Zippel6f6d6a12008-05-01 04:34:28 -0700[diff] [blame]8#include <linux/math64.h>
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]9#include <linux/netfilter/x_tables.h>
10#include <linux/netfilter/xt_connbytes.h>
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]11#include <net/netfilter/nf_conntrack.h>
Krzysztof Piotr Oledzki58401572008-07-21 10:01:34 -0700[diff] [blame]12#include <net/netfilter/nf_conntrack_acct.h>
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]13
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]14MODULE_LICENSE("GPL");
15MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
Jan Engelhardt2ae15b62008-01-14 23:42:28 -0800[diff] [blame]16MODULE_DESCRIPTION("Xtables: Number of packets/bytes per connection matching");
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]17MODULE_ALIAS("ipt_connbytes");
Jan Engelhardt73aaf932007-10-11 14:36:40 -0700[diff] [blame]18MODULE_ALIAS("ip6t_connbytes");
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]19
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]20static bool
Jan Engelhardt62fc8052009-07-07 20:42:08 +0200[diff] [blame]21connbytes_mt(const struct sk_buff *skb, struct xt_action_param *par)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]22{
Jan Engelhardtf7108a22008-10-08 11:35:18 +0200[diff] [blame]23 const struct xt_connbytes_info *sinfo = par->matchinfo;
Jan Engelhardta47362a2007-07-07 22:16:55 -0700[diff] [blame]24 const struct nf_conn *ct;
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]25 enum ip_conntrack_info ctinfo;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]26 u_int64_t what = 0; /* initialize to make gcc happy */
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]27 u_int64_t bytes = 0;
28 u_int64_t pkts = 0;
Holger Eitzenbergerf7b13e42013-09-26 17:31:51 +0200[diff] [blame]29 const struct nf_conn_acct *acct;
Krzysztof Piotr Oledzki58401572008-07-21 10:01:34 -0700[diff] [blame]30 const struct nf_conn_counter *counters;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]31
Patrick McHardy587aa642007-03-14 16:37:25 -0700[diff] [blame]32 ct = nf_ct_get(skb, &ctinfo);
33 if (!ct)
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]34 return false;
Krzysztof Piotr Oledzki58401572008-07-21 10:01:34 -0700[diff] [blame]35
Holger Eitzenbergerf7b13e42013-09-26 17:31:51 +0200[diff] [blame]36 acct = nf_conn_acct_find(ct);
37 if (!acct)
Krzysztof Piotr Oledzki58401572008-07-21 10:01:34 -0700[diff] [blame]38 return false;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]39
Holger Eitzenbergerf7b13e42013-09-26 17:31:51 +0200[diff] [blame]40 counters = acct->counter;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]41 switch (sinfo->what) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]42 case XT_CONNBYTES_PKTS:
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]43 switch (sinfo->direction) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]44 case XT_CONNBYTES_DIR_ORIGINAL:
Eric Dumazetb3e0bfa2011-12-14 14:45:20 +0100[diff] [blame]45 what = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].packets);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]46 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]47 case XT_CONNBYTES_DIR_REPLY:
Eric Dumazetb3e0bfa2011-12-14 14:45:20 +0100[diff] [blame]48 what = atomic64_read(&counters[IP_CT_DIR_REPLY].packets);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]49 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]50 case XT_CONNBYTES_DIR_BOTH:
Eric Dumazetb3e0bfa2011-12-14 14:45:20 +0100[diff] [blame]51 what = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].packets);
52 what += atomic64_read(&counters[IP_CT_DIR_REPLY].packets);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]53 break;
54 }
55 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]56 case XT_CONNBYTES_BYTES:
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]57 switch (sinfo->direction) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]58 case XT_CONNBYTES_DIR_ORIGINAL:
Eric Dumazetb3e0bfa2011-12-14 14:45:20 +0100[diff] [blame]59 what = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].bytes);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]60 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]61 case XT_CONNBYTES_DIR_REPLY:
Eric Dumazetb3e0bfa2011-12-14 14:45:20 +0100[diff] [blame]62 what = atomic64_read(&counters[IP_CT_DIR_REPLY].bytes);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]63 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]64 case XT_CONNBYTES_DIR_BOTH:
Eric Dumazetb3e0bfa2011-12-14 14:45:20 +0100[diff] [blame]65 what = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].bytes);
66 what += atomic64_read(&counters[IP_CT_DIR_REPLY].bytes);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]67 break;
68 }
69 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]70 case XT_CONNBYTES_AVGPKT:
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]71 switch (sinfo->direction) {
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]72 case XT_CONNBYTES_DIR_ORIGINAL:
Eric Dumazetb3e0bfa2011-12-14 14:45:20 +0100[diff] [blame]73 bytes = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].bytes);
74 pkts = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].packets);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]75 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]76 case XT_CONNBYTES_DIR_REPLY:
Eric Dumazetb3e0bfa2011-12-14 14:45:20 +0100[diff] [blame]77 bytes = atomic64_read(&counters[IP_CT_DIR_REPLY].bytes);
78 pkts = atomic64_read(&counters[IP_CT_DIR_REPLY].packets);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]79 break;
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]80 case XT_CONNBYTES_DIR_BOTH:
Eric Dumazetb3e0bfa2011-12-14 14:45:20 +0100[diff] [blame]81 bytes = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].bytes) +
82 atomic64_read(&counters[IP_CT_DIR_REPLY].bytes);
83 pkts = atomic64_read(&counters[IP_CT_DIR_ORIGINAL].packets) +
84 atomic64_read(&counters[IP_CT_DIR_REPLY].packets);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]85 break;
86 }
Patrick McHardyfb74a8412007-01-30 14:24:29 -0800[diff] [blame]87 if (pkts != 0)
Roman Zippel6f6d6a12008-05-01 04:34:28 -0700[diff] [blame]88 what = div64_u64(bytes, pkts);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]89 break;
90 }
91
Florian Westphal0354b482011-12-16 18:35:15 +0100[diff] [blame]92 if (sinfo->count.to >= sinfo->count.from)
Jan Engelhardt7c4e36b2007-07-07 22:19:08 -0700[diff] [blame]93 return what <= sinfo->count.to && what >= sinfo->count.from;
Florian Westphal0354b482011-12-16 18:35:15 +0100[diff] [blame]94 else /* inverted */
95 return what < sinfo->count.to || what > sinfo->count.from;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]96}
97
Jan Engelhardtb0f38452010-03-19 17:16:42 +0100[diff] [blame]98static int connbytes_mt_check(const struct xt_mtchk_param *par)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]99{
Jan Engelhardt9b4fce72008-10-08 11:35:18 +0200[diff] [blame]100 const struct xt_connbytes_info *sinfo = par->matchinfo;
Jan Engelhardt4a5a5c72010-03-19 17:32:59 +0100[diff] [blame]101 int ret;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]102
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]103 if (sinfo->what != XT_CONNBYTES_PKTS &&
104 sinfo->what != XT_CONNBYTES_BYTES &&
105 sinfo->what != XT_CONNBYTES_AVGPKT)
Jan Engelhardtbd414ee2010-03-23 16:35:56 +0100[diff] [blame]106 return -EINVAL;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]107
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame]108 if (sinfo->direction != XT_CONNBYTES_DIR_ORIGINAL &&
109 sinfo->direction != XT_CONNBYTES_DIR_REPLY &&
110 sinfo->direction != XT_CONNBYTES_DIR_BOTH)
Jan Engelhardtbd414ee2010-03-23 16:35:56 +0100[diff] [blame]111 return -EINVAL;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]112
Jan Engelhardt4a5a5c72010-03-19 17:32:59 +0100[diff] [blame]113 ret = nf_ct_l3proto_try_module_get(par->family);
Jan Engelhardtf95c74e2010-03-21 04:05:56 +0100[diff] [blame]114 if (ret < 0)
Jan Engelhardt8bee4ba2010-03-17 16:04:40 +0100[diff] [blame]115 pr_info("cannot load conntrack support for proto=%u\n",
116 par->family);
Tim Gardnera8756202010-06-25 14:44:07 +0200[diff] [blame]117
118 /*
119 * This filter cannot function correctly unless connection tracking
120 * accounting is enabled, so complain in the hope that someone notices.
121 */
122 if (!nf_ct_acct_enabled(par->net)) {
Joe Perchesb167a372014-09-09 21:17:32 -0700[diff] [blame]123 pr_warn("Forcing CT accounting to be enabled\n");
Tim Gardnera8756202010-06-25 14:44:07 +0200[diff] [blame]124 nf_ct_set_acct(par->net, true);
125 }
126
Jan Engelhardtf95c74e2010-03-21 04:05:56 +0100[diff] [blame]127 return ret;
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]128}
129
Jan Engelhardt6be3d852008-10-08 11:35:19 +0200[diff] [blame]130static void connbytes_mt_destroy(const struct xt_mtdtor_param *par)
Yasuyuki Kozakai11078c32006-12-12 00:29:02 -0800[diff] [blame]131{
Jan Engelhardt92f3b2b2008-10-08 11:35:20 +0200[diff] [blame]132 nf_ct_l3proto_module_put(par->family);
Yasuyuki Kozakai11078c32006-12-12 00:29:02 -0800[diff] [blame]133}
134
Jan Engelhardt92f3b2b2008-10-08 11:35:20 +0200[diff] [blame]135static struct xt_match connbytes_mt_reg __read_mostly = {
136 .name = "connbytes",
137 .revision = 0,
138 .family = NFPROTO_UNSPEC,
139 .checkentry = connbytes_mt_check,
140 .match = connbytes_mt,
141 .destroy = connbytes_mt_destroy,
142 .matchsize = sizeof(struct xt_connbytes_info),
143 .me = THIS_MODULE,
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]144};
145
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]146static int __init connbytes_mt_init(void)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]147{
Jan Engelhardt92f3b2b2008-10-08 11:35:20 +0200[diff] [blame]148 return xt_register_match(&connbytes_mt_reg);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]149}
150
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]151static void __exit connbytes_mt_exit(void)
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]152{
Jan Engelhardt92f3b2b2008-10-08 11:35:20 +0200[diff] [blame]153 xt_unregister_match(&connbytes_mt_reg);
Harald Welte9d810fd2005-08-13 13:56:26 -0700[diff] [blame]154}
155
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]156module_init(connbytes_mt_init);
157module_exit(connbytes_mt_exit);