Linux/net/netfilter/xt

Version: ~ [ linux-6.4-rc3 ] ~ [ linux-6.3.4 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.30 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.113 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.180 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.243 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.283 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.315 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 /* iptables module for using new netfilter netlink queue 2 * 3 * (C) 2005 by Harald Welte <laforge@netfilter.org> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 */ 10 11 #include <linux/module.h> 12 #include <linux/skbuff.h> 13 14 #include <linux/netfilter.h> 15 #include <linux/netfilter_arp.h> 16 #include <linux/netfilter/x_tables.h> 17 #include <linux/netfilter/xt_NFQUEUE.h> 18 19 #include <net/netfilter/nf_queue.h> 20 21 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 22 MODULE_DESCRIPTION("Xtables: packet forwarding to netlink"); 23 MODULE_LICENSE("GPL"); 24 MODULE_ALIAS("ipt_NFQUEUE"); 25 MODULE_ALIAS("ip6t_NFQUEUE"); 26 MODULE_ALIAS("arpt_NFQUEUE"); 27 28 static u32 jhash_initval __read_mostly; 29 30 static unsigned int 31 nfqueue_tg(struct sk_buff *skb, const struct xt_action_param *par) 32 { 33 const struct xt_NFQ_info *tinfo = par->targinfo; 34 35 return NF_QUEUE_NR(tinfo->queuenum); 36 } 37 38 static unsigned int 39 nfqueue_tg_v1(struct sk_buff *skb, const struct xt_action_param *par) 40 { 41 const struct xt_NFQ_info_v1 *info = par->targinfo; 42 u32 queue = info->queuenum; 43 44 if (info->queues_total > 1) { 45 queue = nfqueue_hash(skb, queue, info->queues_total, 46 xt_family(par), jhash_initval); 47 } 48 return NF_QUEUE_NR(queue); 49 } 50 51 static unsigned int 52 nfqueue_tg_v2(struct sk_buff *skb, const struct xt_action_param *par) 53 { 54 const struct xt_NFQ_info_v2 *info = par->targinfo; 55 unsigned int ret = nfqueue_tg_v1(skb, par); 56 57 if (info->bypass) 58 ret |= NF_VERDICT_FLAG_QUEUE_BYPASS; 59 return ret; 60 } 61 62 static int nfqueue_tg_check(const struct xt_tgchk_param *par) 63 { 64 const struct xt_NFQ_info_v3 *info = par->targinfo; 65 u32 maxid; 66 67 init_hashrandom(&jhash_initval); 68 69 if (info->queues_total == 0) { 70 pr_err("NFQUEUE: number of total queues is 0\n"); 71 return -EINVAL; 72 } 73 maxid = info->queues_total - 1 + info->queuenum; 74 if (maxid > 0xffff) { 75 pr_err("NFQUEUE: number of queues (%u) out of range (got %u)\n", 76 info->queues_total, maxid); 77 return -ERANGE; 78 } 79 if (par->target->revision == 2 && info->flags > 1) 80 return -EINVAL; 81 if (par->target->revision == 3 && info->flags & ~NFQ_FLAG_MASK) 82 return -EINVAL; 83 84 return 0; 85 } 86 87 static unsigned int 88 nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par) 89 { 90 const struct xt_NFQ_info_v3 *info = par->targinfo; 91 u32 queue = info->queuenum; 92 int ret; 93 94 if (info->queues_total > 1) { 95 if (info->flags & NFQ_FLAG_CPU_FANOUT) { 96 int cpu = smp_processor_id(); 97 98 queue = info->queuenum + cpu % info->queues_total; 99 } else { 100 queue = nfqueue_hash(skb, queue, info->queues_total, 101 xt_family(par), jhash_initval); 102 } 103 } 104 105 ret = NF_QUEUE_NR(queue); 106 if (info->flags & NFQ_FLAG_BYPASS) 107 ret |= NF_VERDICT_FLAG_QUEUE_BYPASS; 108 109 return ret; 110 } 111 112 static struct xt_target nfqueue_tg_reg[] __read_mostly = { 113 { 114 .name = "NFQUEUE", 115 .family = NFPROTO_UNSPEC, 116 .target = nfqueue_tg, 117 .targetsize = sizeof(struct xt_NFQ_info), 118 .me = THIS_MODULE, 119 }, 120 { 121 .name = "NFQUEUE", 122 .revision = 1, 123 .family = NFPROTO_UNSPEC, 124 .checkentry = nfqueue_tg_check, 125 .target = nfqueue_tg_v1, 126 .targetsize = sizeof(struct xt_NFQ_info_v1), 127 .me = THIS_MODULE, 128 }, 129 { 130 .name = "NFQUEUE", 131 .revision = 2, 132 .family = NFPROTO_UNSPEC, 133 .checkentry = nfqueue_tg_check, 134 .target = nfqueue_tg_v2, 135 .targetsize = sizeof(struct xt_NFQ_info_v2), 136 .me = THIS_MODULE, 137 }, 138 { 139 .name = "NFQUEUE", 140 .revision = 3, 141 .family = NFPROTO_UNSPEC, 142 .checkentry = nfqueue_tg_check, 143 .target = nfqueue_tg_v3, 144 .targetsize = sizeof(struct xt_NFQ_info_v3), 145 .me = THIS_MODULE, 146 }, 147 }; 148 149 static int __init nfqueue_tg_init(void) 150 { 151 return xt_register_targets(nfqueue_tg_reg, ARRAY_SIZE(nfqueue_tg_reg)); 152 } 153 154 static void __exit nfqueue_tg_exit(void) 155 { 156 xt_unregister_targets(nfqueue_tg_reg, ARRAY_SIZE(nfqueue_tg_reg)); 157 } 158 159 module_init(nfqueue_tg_init); 160 module_exit(nfqueue_tg_exit); 161

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/net/netfilter/xt_NFQUEUE.c

TOMOYO Linux Cross Reference
Linux/net/netfilter/xt_NFQUEUE.c