~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv4/netfilter/nf_dup_ipv4.c

Version: ~ [ linux-5.15-rc5 ] ~ [ linux-5.14.11 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.72 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.152 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.210 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.250 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.286 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.288 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: GPL-2.0-or-later
  2 /*
  3  * (C) 2007 by Sebastian Claßen <sebastian.classen@freenet.ag>
  4  * (C) 2007-2010 by Jan Engelhardt <jengelh@medozas.de>
  5  *
  6  * Extracted from xt_TEE.c
  7  */
  8 #include <linux/ip.h>
  9 #include <linux/module.h>
 10 #include <linux/percpu.h>
 11 #include <linux/route.h>
 12 #include <linux/skbuff.h>
 13 #include <linux/netfilter.h>
 14 #include <net/checksum.h>
 15 #include <net/icmp.h>
 16 #include <net/ip.h>
 17 #include <net/route.h>
 18 #include <net/netfilter/ipv4/nf_dup_ipv4.h>
 19 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
 20 #include <net/netfilter/nf_conntrack.h>
 21 #endif
 22 
 23 static bool nf_dup_ipv4_route(struct net *net, struct sk_buff *skb,
 24                               const struct in_addr *gw, int oif)
 25 {
 26         const struct iphdr *iph = ip_hdr(skb);
 27         struct rtable *rt;
 28         struct flowi4 fl4;
 29 
 30         memset(&fl4, 0, sizeof(fl4));
 31         if (oif != -1)
 32                 fl4.flowi4_oif = oif;
 33 
 34         fl4.daddr = gw->s_addr;
 35         fl4.flowi4_tos = RT_TOS(iph->tos);
 36         fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
 37         fl4.flowi4_flags = FLOWI_FLAG_KNOWN_NH;
 38         rt = ip_route_output_key(net, &fl4);
 39         if (IS_ERR(rt))
 40                 return false;
 41 
 42         skb_dst_drop(skb);
 43         skb_dst_set(skb, &rt->dst);
 44         skb->dev      = rt->dst.dev;
 45         skb->protocol = htons(ETH_P_IP);
 46 
 47         return true;
 48 }
 49 
 50 void nf_dup_ipv4(struct net *net, struct sk_buff *skb, unsigned int hooknum,
 51                  const struct in_addr *gw, int oif)
 52 {
 53         struct iphdr *iph;
 54 
 55         if (this_cpu_read(nf_skb_duplicated))
 56                 return;
 57         /*
 58          * Copy the skb, and route the copy. Will later return %XT_CONTINUE for
 59          * the original skb, which should continue on its way as if nothing has
 60          * happened. The copy should be independently delivered to the gateway.
 61          */
 62         skb = pskb_copy(skb, GFP_ATOMIC);
 63         if (skb == NULL)
 64                 return;
 65 
 66 #if IS_ENABLED(CONFIG_NF_CONNTRACK)
 67         /* Avoid counting cloned packets towards the original connection. */
 68         nf_reset(skb);
 69         nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
 70 #endif
 71         /*
 72          * If we are in PREROUTING/INPUT, decrease the TTL to mitigate potential
 73          * loops between two hosts.
 74          *
 75          * Set %IP_DF so that the original source is notified of a potentially
 76          * decreased MTU on the clone route. IPv6 does this too.
 77          *
 78          * IP header checksum will be recalculated at ip_local_out.
 79          */
 80         iph = ip_hdr(skb);
 81         iph->frag_off |= htons(IP_DF);
 82         if (hooknum == NF_INET_PRE_ROUTING ||
 83             hooknum == NF_INET_LOCAL_IN)
 84                 --iph->ttl;
 85 
 86         if (nf_dup_ipv4_route(net, skb, gw, oif)) {
 87                 __this_cpu_write(nf_skb_duplicated, true);
 88                 ip_local_out(net, skb->sk, skb);
 89                 __this_cpu_write(nf_skb_duplicated, false);
 90         } else {
 91                 kfree_skb(skb);
 92         }
 93 }
 94 EXPORT_SYMBOL_GPL(nf_dup_ipv4);
 95 
 96 MODULE_AUTHOR("Sebastian Claßen <sebastian.classen@freenet.ag>");
 97 MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
 98 MODULE_DESCRIPTION("nf_dup_ipv4: Duplicate IPv4 packet");
 99 MODULE_LICENSE("GPL");
100 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp