Blame - net/netfilter/xt_connbytes.c - kernel/msm

blob: 302043bc41b23f6b2e435f1cad3f2bf17ae2ce44 [file] [log] [blame]

Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	1	/* Kernel module to match connection tracking byte counter.
				2	* GPL (C) 2002 Martin Devera (devik@cdi.cz).
				3	*
				4	* 2004-07-20 Harald Welte <laforge@netfilter.org>
				5	* - reimplemented to use per-connection accounting counters
				6	* - add functionality to match number of packets
				7	* - add functionality to match average packet size
				8	* - add support to match directions seperately
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	9	* 2005-10-16 Harald Welte <laforge@netfilter.org>
				10	* - Port to x_tables
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	11	*
				12	*/
				13	#include <linux/module.h>
				14	#include <linux/skbuff.h>
Yasuyuki Kozakai	9fb9cbb	2005-11-09 16:38:16 -0800	[diff] [blame]	15	#include <net/netfilter/nf_conntrack_compat.h>
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	16	#include <linux/netfilter/x_tables.h>
				17	#include <linux/netfilter/xt_connbytes.h>
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	18
				19	#include <asm/div64.h>
				20	#include <asm/bitops.h>
				21
				22	MODULE_LICENSE("GPL");
				23	MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
				24	MODULE_DESCRIPTION("iptables match for matching number of pkts/bytes per connection");
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	25	MODULE_ALIAS("ipt_connbytes");
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	26
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	27	static int
				28	match(const struct sk_buff *skb,
				29	const struct net_device *in,
				30	const struct net_device *out,
Patrick McHardy	c498673	2006-03-20 18:02:56 -0800	[diff] [blame]	31	const struct xt_match *match,
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	32	const void *matchinfo,
				33	int offset,
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	34	unsigned int protoff,
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	35	int *hotdrop)
				36	{
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	37	const struct xt_connbytes_info *sinfo = matchinfo;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	38	u_int64_t what = 0; /* initialize to make gcc happy */
Patrick McHardy	fb74a841	2007-01-30 14:24:29 -0800	[diff] [blame]	39	u_int64_t bytes = 0;
				40	u_int64_t pkts = 0;
Yasuyuki Kozakai	9fb9cbb	2005-11-09 16:38:16 -0800	[diff] [blame]	41	const struct ip_conntrack_counter *counters;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	42
Yasuyuki Kozakai	9fb9cbb	2005-11-09 16:38:16 -0800	[diff] [blame]	43	if (!(counters = nf_ct_get_counters(skb)))
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	44	return 0; /* no match */
				45
				46	switch (sinfo->what) {
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	47	case XT_CONNBYTES_PKTS:
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	48	switch (sinfo->direction) {
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	49	case XT_CONNBYTES_DIR_ORIGINAL:
Yasuyuki Kozakai	9fb9cbb	2005-11-09 16:38:16 -0800	[diff] [blame]	50	what = counters[IP_CT_DIR_ORIGINAL].packets;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	51	break;
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	52	case XT_CONNBYTES_DIR_REPLY:
Yasuyuki Kozakai	9fb9cbb	2005-11-09 16:38:16 -0800	[diff] [blame]	53	what = counters[IP_CT_DIR_REPLY].packets;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	54	break;
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	55	case XT_CONNBYTES_DIR_BOTH:
Yasuyuki Kozakai	9fb9cbb	2005-11-09 16:38:16 -0800	[diff] [blame]	56	what = counters[IP_CT_DIR_ORIGINAL].packets;
				57	what += counters[IP_CT_DIR_REPLY].packets;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	58	break;
				59	}
				60	break;
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	61	case XT_CONNBYTES_BYTES:
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	62	switch (sinfo->direction) {
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	63	case XT_CONNBYTES_DIR_ORIGINAL:
Yasuyuki Kozakai	9fb9cbb	2005-11-09 16:38:16 -0800	[diff] [blame]	64	what = counters[IP_CT_DIR_ORIGINAL].bytes;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	65	break;
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	66	case XT_CONNBYTES_DIR_REPLY:
Yasuyuki Kozakai	9fb9cbb	2005-11-09 16:38:16 -0800	[diff] [blame]	67	what = counters[IP_CT_DIR_REPLY].bytes;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	68	break;
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	69	case XT_CONNBYTES_DIR_BOTH:
Yasuyuki Kozakai	9fb9cbb	2005-11-09 16:38:16 -0800	[diff] [blame]	70	what = counters[IP_CT_DIR_ORIGINAL].bytes;
				71	what += counters[IP_CT_DIR_REPLY].bytes;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	72	break;
				73	}
				74	break;
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	75	case XT_CONNBYTES_AVGPKT:
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	76	switch (sinfo->direction) {
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	77	case XT_CONNBYTES_DIR_ORIGINAL:
Patrick McHardy	fb74a841	2007-01-30 14:24:29 -0800	[diff] [blame]	78	bytes = counters[IP_CT_DIR_ORIGINAL].bytes;
				79	pkts = counters[IP_CT_DIR_ORIGINAL].packets;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	80	break;
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	81	case XT_CONNBYTES_DIR_REPLY:
Patrick McHardy	fb74a841	2007-01-30 14:24:29 -0800	[diff] [blame]	82	bytes = counters[IP_CT_DIR_REPLY].bytes;
				83	pkts = counters[IP_CT_DIR_REPLY].packets;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	84	break;
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	85	case XT_CONNBYTES_DIR_BOTH:
Patrick McHardy	fb74a841	2007-01-30 14:24:29 -0800	[diff] [blame]	86	bytes = counters[IP_CT_DIR_ORIGINAL].bytes +
				87	counters[IP_CT_DIR_REPLY].bytes;
				88	pkts = counters[IP_CT_DIR_ORIGINAL].packets +
				89	counters[IP_CT_DIR_REPLY].packets;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	90	break;
				91	}
Patrick McHardy	fb74a841	2007-01-30 14:24:29 -0800	[diff] [blame]	92	if (pkts != 0)
				93	what = div64_64(bytes, pkts);
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	94	break;
				95	}
				96
				97	if (sinfo->count.to)
				98	return (what <= sinfo->count.to && what >= sinfo->count.from);
				99	else
				100	return (what >= sinfo->count.from);
				101	}
				102
				103	static int check(const char *tablename,
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	104	const void *ip,
Patrick McHardy	c498673	2006-03-20 18:02:56 -0800	[diff] [blame]	105	const struct xt_match *match,
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	106	void *matchinfo,
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	107	unsigned int hook_mask)
				108	{
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	109	const struct xt_connbytes_info *sinfo = matchinfo;
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	110
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	111	if (sinfo->what != XT_CONNBYTES_PKTS &&
				112	sinfo->what != XT_CONNBYTES_BYTES &&
				113	sinfo->what != XT_CONNBYTES_AVGPKT)
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	114	return 0;
				115
Harald Welte	2e4e6a1	2006-01-12 13:30:04 -0800	[diff] [blame]	116	if (sinfo->direction != XT_CONNBYTES_DIR_ORIGINAL &&
				117	sinfo->direction != XT_CONNBYTES_DIR_REPLY &&
				118	sinfo->direction != XT_CONNBYTES_DIR_BOTH)
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	119	return 0;
				120
Yasuyuki Kozakai	11078c3	2006-12-12 00:29:02 -0800	[diff] [blame]	121	if (nf_ct_l3proto_try_module_get(match->family) < 0) {
				122	printk(KERN_WARNING "can't load conntrack support for "
				123	"proto=%d\n", match->family);
				124	return 0;
				125	}
				126
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	127	return 1;
				128	}
				129
Yasuyuki Kozakai	11078c3	2006-12-12 00:29:02 -0800	[diff] [blame]	130	static void
				131	destroy(const struct xt_match match, void matchinfo)
				132	{
				133	nf_ct_l3proto_module_put(match->family);
				134	}
				135
Patrick McHardy	fe1cb10	2006-08-22 00:35:47 -0700	[diff] [blame]	136	static struct xt_match xt_connbytes_match[] = {
Patrick McHardy	4470bbc	2006-08-22 00:34:04 -0700	[diff] [blame]	137	{
				138	.name = "connbytes",
				139	.family = AF_INET,
				140	.checkentry = check,
				141	.match = match,
Yasuyuki Kozakai	11078c3	2006-12-12 00:29:02 -0800	[diff] [blame]	142	.destroy = destroy,
Patrick McHardy	4470bbc	2006-08-22 00:34:04 -0700	[diff] [blame]	143	.matchsize = sizeof(struct xt_connbytes_info),
				144	.me = THIS_MODULE
				145	},
				146	{
				147	.name = "connbytes",
				148	.family = AF_INET6,
				149	.checkentry = check,
				150	.match = match,
Yasuyuki Kozakai	11078c3	2006-12-12 00:29:02 -0800	[diff] [blame]	151	.destroy = destroy,
Patrick McHardy	4470bbc	2006-08-22 00:34:04 -0700	[diff] [blame]	152	.matchsize = sizeof(struct xt_connbytes_info),
				153	.me = THIS_MODULE
				154	},
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	155	};
				156
Andrew Morton	65b4b4e	2006-03-28 16:37:06 -0800	[diff] [blame]	157	static int __init xt_connbytes_init(void)
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	158	{
Patrick McHardy	4470bbc	2006-08-22 00:34:04 -0700	[diff] [blame]	159	return xt_register_matches(xt_connbytes_match,
				160	ARRAY_SIZE(xt_connbytes_match));
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	161	}
				162
Andrew Morton	65b4b4e	2006-03-28 16:37:06 -0800	[diff] [blame]	163	static void __exit xt_connbytes_fini(void)
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	164	{
Patrick McHardy	4470bbc	2006-08-22 00:34:04 -0700	[diff] [blame]	165	xt_unregister_matches(xt_connbytes_match,
				166	ARRAY_SIZE(xt_connbytes_match));
Harald Welte	9d810fd	2005-08-13 13:56:26 -0700	[diff] [blame]	167	}
				168
Andrew Morton	65b4b4e	2006-03-28 16:37:06 -0800	[diff] [blame]	169	module_init(xt_connbytes_init);
				170	module_exit(xt_connbytes_fini);