Linux/net/netfilter/xt

Version: ~ [ linux-6.6-rc1 ] ~ [ linux-6.5.2 ] ~ [ linux-6.4.15 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.52 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.131 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.194 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.256 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.294 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.325 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 /* 2 * Copyright (c) 2011 Patrick McHardy <kaber@trash.net> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License version 2 as 6 * published by the Free Software Foundation. 7 */ 8 9 #include <linux/module.h> 10 #include <linux/skbuff.h> 11 #include <linux/netdevice.h> 12 13 #include <linux/netfilter/xt_devgroup.h> 14 #include <linux/netfilter/x_tables.h> 15 16 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); 17 MODULE_LICENSE("GPL"); 18 MODULE_DESCRIPTION("Xtables: Device group match"); 19 MODULE_ALIAS("ipt_devgroup"); 20 MODULE_ALIAS("ip6t_devgroup"); 21 22 static bool devgroup_mt(const struct sk_buff *skb, struct xt_action_param *par) 23 { 24 const struct xt_devgroup_info *info = par->matchinfo; 25 26 if (info->flags & XT_DEVGROUP_MATCH_SRC && 27 (((info->src_group ^ xt_in(par)->group) & info->src_mask ? 1 : 0) ^ 28 ((info->flags & XT_DEVGROUP_INVERT_SRC) ? 1 : 0))) 29 return false; 30 31 if (info->flags & XT_DEVGROUP_MATCH_DST && 32 (((info->dst_group ^ xt_out(par)->group) & info->dst_mask ? 1 : 0) ^ 33 ((info->flags & XT_DEVGROUP_INVERT_DST) ? 1 : 0))) 34 return false; 35 36 return true; 37 } 38 39 static int devgroup_mt_checkentry(const struct xt_mtchk_param *par) 40 { 41 const struct xt_devgroup_info *info = par->matchinfo; 42 43 if (info->flags & ~(XT_DEVGROUP_MATCH_SRC | XT_DEVGROUP_INVERT_SRC | 44 XT_DEVGROUP_MATCH_DST | XT_DEVGROUP_INVERT_DST)) 45 return -EINVAL; 46 47 if (info->flags & XT_DEVGROUP_MATCH_SRC && 48 par->hook_mask & ~((1 << NF_INET_PRE_ROUTING) | 49 (1 << NF_INET_LOCAL_IN) | 50 (1 << NF_INET_FORWARD))) 51 return -EINVAL; 52 53 if (info->flags & XT_DEVGROUP_MATCH_DST && 54 par->hook_mask & ~((1 << NF_INET_FORWARD) | 55 (1 << NF_INET_LOCAL_OUT) | 56 (1 << NF_INET_POST_ROUTING))) 57 return -EINVAL; 58 59 return 0; 60 } 61 62 static struct xt_match devgroup_mt_reg __read_mostly = { 63 .name = "devgroup", 64 .match = devgroup_mt, 65 .checkentry = devgroup_mt_checkentry, 66 .matchsize = sizeof(struct xt_devgroup_info), 67 .family = NFPROTO_UNSPEC, 68 .me = THIS_MODULE 69 }; 70 71 static int __init devgroup_mt_init(void) 72 { 73 return xt_register_match(&devgroup_mt_reg); 74 } 75 76 static void __exit devgroup_mt_exit(void) 77 { 78 xt_unregister_match(&devgroup_mt_reg); 79 } 80 81 module_init(devgroup_mt_init); 82 module_exit(devgroup_mt_exit); 83

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/net/netfilter/xt_devgroup.c

TOMOYO Linux Cross Reference
Linux/net/netfilter/xt_devgroup.c