~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv4/netfilter/nf_dup_ipv4.c

Version: ~ [ linux-5.5-rc7 ] ~ [ linux-5.4.13 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.97 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.166 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.210 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.210 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.81 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * (C) 2007 by Sebastian Claßen <sebastian.classen@freenet.ag>
  3  * (C) 2007-2010 by Jan Engelhardt <jengelh@medozas.de>
  4  *
  5  * Extracted from xt_TEE.c
  6  *
  7  * This program is free software; you can redistribute it and/or modify it
  8  * under the terms of the GNU General Public License version 2 or later, as
  9  * published by the Free Software Foundation.
 10  */
 11 #include <linux/ip.h>
 12 #include <linux/module.h>
 13 #include <linux/percpu.h>
 14 #include <linux/route.h>
 15 #include <linux/skbuff.h>
 16 #include <linux/netfilter.h>
 17 #include <net/checksum.h>
 18 #include <net/icmp.h>
 19 #include <net/ip.h>
 20 #include <net/route.h>
 21 #include <net/netfilter/ipv4/nf_dup_ipv4.h>
 22 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
 23 #include <net/netfilter/nf_conntrack.h>
 24 #endif
 25 
 26 static bool nf_dup_ipv4_route(struct net *net, struct sk_buff *skb,
 27                               const struct in_addr *gw, int oif)
 28 {
 29         const struct iphdr *iph = ip_hdr(skb);
 30         struct rtable *rt;
 31         struct flowi4 fl4;
 32 
 33         memset(&fl4, 0, sizeof(fl4));
 34         if (oif != -1)
 35                 fl4.flowi4_oif = oif;
 36 
 37         fl4.daddr = gw->s_addr;
 38         fl4.flowi4_tos = RT_TOS(iph->tos);
 39         fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
 40         fl4.flowi4_flags = FLOWI_FLAG_KNOWN_NH;
 41         rt = ip_route_output_key(net, &fl4);
 42         if (IS_ERR(rt))
 43                 return false;
 44 
 45         skb_dst_drop(skb);
 46         skb_dst_set(skb, &rt->dst);
 47         skb->dev      = rt->dst.dev;
 48         skb->protocol = htons(ETH_P_IP);
 49 
 50         return true;
 51 }
 52 
 53 void nf_dup_ipv4(struct net *net, struct sk_buff *skb, unsigned int hooknum,
 54                  const struct in_addr *gw, int oif)
 55 {
 56         struct iphdr *iph;
 57 
 58         if (this_cpu_read(nf_skb_duplicated))
 59                 return;
 60         /*
 61          * Copy the skb, and route the copy. Will later return %XT_CONTINUE for
 62          * the original skb, which should continue on its way as if nothing has
 63          * happened. The copy should be independently delivered to the gateway.
 64          */
 65         skb = pskb_copy(skb, GFP_ATOMIC);
 66         if (skb == NULL)
 67                 return;
 68 
 69 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
 70         /* Avoid counting cloned packets towards the original connection. */
 71         nf_reset(skb);
 72         nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
 73 #endif
 74         /*
 75          * If we are in PREROUTING/INPUT, decrease the TTL to mitigate potential
 76          * loops between two hosts.
 77          *
 78          * Set %IP_DF so that the original source is notified of a potentially
 79          * decreased MTU on the clone route. IPv6 does this too.
 80          *
 81          * IP header checksum will be recalculated at ip_local_out.
 82          */
 83         iph = ip_hdr(skb);
 84         iph->frag_off |= htons(IP_DF);
 85         if (hooknum == NF_INET_PRE_ROUTING ||
 86             hooknum == NF_INET_LOCAL_IN)
 87                 --iph->ttl;
 88 
 89         if (nf_dup_ipv4_route(net, skb, gw, oif)) {
 90                 __this_cpu_write(nf_skb_duplicated, true);
 91                 ip_local_out(net, skb->sk, skb);
 92                 __this_cpu_write(nf_skb_duplicated, false);
 93         } else {
 94                 kfree_skb(skb);
 95         }
 96 }
 97 EXPORT_SYMBOL_GPL(nf_dup_ipv4);
 98 
 99 MODULE_AUTHOR("Sebastian Claßen <sebastian.classen@freenet.ag>");
100 MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
101 MODULE_DESCRIPTION("nf_dup_ipv4: Duplicate IPv4 packet");
102 MODULE_LICENSE("GPL");
103 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp