~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv4/netfilter/nf_defrag_ipv4.c

Version: ~ [ linux-5.6 ] ~ [ linux-5.5.13 ] ~ [ linux-5.4.28 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.113 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.174 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.217 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.217 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.82 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* (C) 1999-2001 Paul `Rusty' Russell
  2  * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
  3  *
  4  * This program is free software; you can redistribute it and/or modify
  5  * it under the terms of the GNU General Public License version 2 as
  6  * published by the Free Software Foundation.
  7  */
  8 
  9 #include <linux/types.h>
 10 #include <linux/ip.h>
 11 #include <linux/netfilter.h>
 12 #include <linux/module.h>
 13 #include <linux/skbuff.h>
 14 #include <net/route.h>
 15 #include <net/ip.h>
 16 
 17 #include <linux/netfilter_bridge.h>
 18 #include <linux/netfilter_ipv4.h>
 19 #include <net/netfilter/ipv4/nf_defrag_ipv4.h>
 20 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 21 #include <net/netfilter/nf_conntrack.h>
 22 #endif
 23 #include <net/netfilter/nf_conntrack_zones.h>
 24 
 25 static int nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
 26 {
 27         int err;
 28 
 29         skb_orphan(skb);
 30 
 31         local_bh_disable();
 32         err = ip_defrag(skb, user);
 33         local_bh_enable();
 34 
 35         if (!err) {
 36                 ip_send_check(ip_hdr(skb));
 37                 skb->local_df = 1;
 38         }
 39 
 40         return err;
 41 }
 42 
 43 static enum ip_defrag_users nf_ct_defrag_user(unsigned int hooknum,
 44                                               struct sk_buff *skb)
 45 {
 46         u16 zone = NF_CT_DEFAULT_ZONE;
 47 
 48 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 49         if (skb->nfct)
 50                 zone = nf_ct_zone((struct nf_conn *)skb->nfct);
 51 #endif
 52 
 53 #ifdef CONFIG_BRIDGE_NETFILTER
 54         if (skb->nf_bridge &&
 55             skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)
 56                 return IP_DEFRAG_CONNTRACK_BRIDGE_IN + zone;
 57 #endif
 58         if (hooknum == NF_INET_PRE_ROUTING)
 59                 return IP_DEFRAG_CONNTRACK_IN + zone;
 60         else
 61                 return IP_DEFRAG_CONNTRACK_OUT + zone;
 62 }
 63 
 64 static unsigned int ipv4_conntrack_defrag(unsigned int hooknum,
 65                                           struct sk_buff *skb,
 66                                           const struct net_device *in,
 67                                           const struct net_device *out,
 68                                           int (*okfn)(struct sk_buff *))
 69 {
 70         struct sock *sk = skb->sk;
 71         struct inet_sock *inet = inet_sk(skb->sk);
 72 
 73         if (sk && (sk->sk_family == PF_INET) &&
 74             inet->nodefrag)
 75                 return NF_ACCEPT;
 76 
 77 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 78 #if !defined(CONFIG_NF_NAT) && !defined(CONFIG_NF_NAT_MODULE)
 79         /* Previously seen (loopback)?  Ignore.  Do this before
 80            fragment check. */
 81         if (skb->nfct && !nf_ct_is_template((struct nf_conn *)skb->nfct))
 82                 return NF_ACCEPT;
 83 #endif
 84 #endif
 85         /* Gather fragments. */
 86         if (ip_is_fragment(ip_hdr(skb))) {
 87                 enum ip_defrag_users user = nf_ct_defrag_user(hooknum, skb);
 88                 if (nf_ct_ipv4_gather_frags(skb, user))
 89                         return NF_STOLEN;
 90         }
 91         return NF_ACCEPT;
 92 }
 93 
 94 static struct nf_hook_ops ipv4_defrag_ops[] = {
 95         {
 96                 .hook           = ipv4_conntrack_defrag,
 97                 .owner          = THIS_MODULE,
 98                 .pf             = NFPROTO_IPV4,
 99                 .hooknum        = NF_INET_PRE_ROUTING,
100                 .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
101         },
102         {
103                 .hook           = ipv4_conntrack_defrag,
104                 .owner          = THIS_MODULE,
105                 .pf             = NFPROTO_IPV4,
106                 .hooknum        = NF_INET_LOCAL_OUT,
107                 .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
108         },
109 };
110 
111 static int __init nf_defrag_init(void)
112 {
113         return nf_register_hooks(ipv4_defrag_ops, ARRAY_SIZE(ipv4_defrag_ops));
114 }
115 
116 static void __exit nf_defrag_fini(void)
117 {
118         nf_unregister_hooks(ipv4_defrag_ops, ARRAY_SIZE(ipv4_defrag_ops));
119 }
120 
121 void nf_defrag_ipv4_enable(void)
122 {
123 }
124 EXPORT_SYMBOL_GPL(nf_defrag_ipv4_enable);
125 
126 module_init(nf_defrag_init);
127 module_exit(nf_defrag_fini);
128 
129 MODULE_LICENSE("GPL");
130 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp