Linux/net/netfilter/xt

Version: ~ [ linux-6.6-rc1 ] ~ [ linux-6.5.2 ] ~ [ linux-6.4.15 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.52 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.131 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.194 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.256 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.294 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.325 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * (C) 2007 Patrick McHardy <kaber@trash.net> 4 */ 5 #include <linux/module.h> 6 #include <linux/skbuff.h> 7 #include <linux/gen_stats.h> 8 9 #include <linux/netfilter/x_tables.h> 10 #include <linux/netfilter/xt_rateest.h> 11 #include <net/netfilter/xt_rateest.h> 12 13 14 static bool 15 xt_rateest_mt(const struct sk_buff *skb, struct xt_action_param *par) 16 { 17 const struct xt_rateest_match_info *info = par->matchinfo; 18 struct gnet_stats_rate_est64 sample = {0}; 19 u_int32_t bps1, bps2, pps1, pps2; 20 bool ret = true; 21 22 gen_estimator_read(&info->est1->rate_est, &sample); 23 24 if (info->flags & XT_RATEEST_MATCH_DELTA) { 25 bps1 = info->bps1 >= sample.bps ? info->bps1 - sample.bps : 0; 26 pps1 = info->pps1 >= sample.pps ? info->pps1 - sample.pps : 0; 27 } else { 28 bps1 = sample.bps; 29 pps1 = sample.pps; 30 } 31 32 if (info->flags & XT_RATEEST_MATCH_ABS) { 33 bps2 = info->bps2; 34 pps2 = info->pps2; 35 } else { 36 gen_estimator_read(&info->est2->rate_est, &sample); 37 38 if (info->flags & XT_RATEEST_MATCH_DELTA) { 39 bps2 = info->bps2 >= sample.bps ? info->bps2 - sample.bps : 0; 40 pps2 = info->pps2 >= sample.pps ? info->pps2 - sample.pps : 0; 41 } else { 42 bps2 = sample.bps; 43 pps2 = sample.pps; 44 } 45 } 46 47 switch (info->mode) { 48 case XT_RATEEST_MATCH_LT: 49 if (info->flags & XT_RATEEST_MATCH_BPS) 50 ret &= bps1 < bps2; 51 if (info->flags & XT_RATEEST_MATCH_PPS) 52 ret &= pps1 < pps2; 53 break; 54 case XT_RATEEST_MATCH_GT: 55 if (info->flags & XT_RATEEST_MATCH_BPS) 56 ret &= bps1 > bps2; 57 if (info->flags & XT_RATEEST_MATCH_PPS) 58 ret &= pps1 > pps2; 59 break; 60 case XT_RATEEST_MATCH_EQ: 61 if (info->flags & XT_RATEEST_MATCH_BPS) 62 ret &= bps1 == bps2; 63 if (info->flags & XT_RATEEST_MATCH_PPS) 64 ret &= pps1 == pps2; 65 break; 66 } 67 68 ret ^= info->flags & XT_RATEEST_MATCH_INVERT ? true : false; 69 return ret; 70 } 71 72 static int xt_rateest_mt_checkentry(const struct xt_mtchk_param *par) 73 { 74 struct xt_rateest_match_info *info = par->matchinfo; 75 struct xt_rateest *est1, *est2; 76 int ret = -EINVAL; 77 78 if (hweight32(info->flags & (XT_RATEEST_MATCH_ABS | 79 XT_RATEEST_MATCH_REL)) != 1) 80 goto err1; 81 82 if (!(info->flags & (XT_RATEEST_MATCH_BPS | XT_RATEEST_MATCH_PPS))) 83 goto err1; 84 85 switch (info->mode) { 86 case XT_RATEEST_MATCH_EQ: 87 case XT_RATEEST_MATCH_LT: 88 case XT_RATEEST_MATCH_GT: 89 break; 90 default: 91 goto err1; 92 } 93 94 ret = -ENOENT; 95 est1 = xt_rateest_lookup(par->net, info->name1); 96 if (!est1) 97 goto err1; 98 99 est2 = NULL; 100 if (info->flags & XT_RATEEST_MATCH_REL) { 101 est2 = xt_rateest_lookup(par->net, info->name2); 102 if (!est2) 103 goto err2; 104 } 105 106 info->est1 = est1; 107 info->est2 = est2; 108 return 0; 109 110 err2: 111 xt_rateest_put(par->net, est1); 112 err1: 113 return ret; 114 } 115 116 static void xt_rateest_mt_destroy(const struct xt_mtdtor_param *par) 117 { 118 struct xt_rateest_match_info *info = par->matchinfo; 119 120 xt_rateest_put(par->net, info->est1); 121 if (info->est2) 122 xt_rateest_put(par->net, info->est2); 123 } 124 125 static struct xt_match xt_rateest_mt_reg __read_mostly = { 126 .name = "rateest", 127 .revision = 0, 128 .family = NFPROTO_UNSPEC, 129 .match = xt_rateest_mt, 130 .checkentry = xt_rateest_mt_checkentry, 131 .destroy = xt_rateest_mt_destroy, 132 .matchsize = sizeof(struct xt_rateest_match_info), 133 .usersize = offsetof(struct xt_rateest_match_info, est1), 134 .me = THIS_MODULE, 135 }; 136 137 static int __init xt_rateest_mt_init(void) 138 { 139 return xt_register_match(&xt_rateest_mt_reg); 140 } 141 142 static void __exit xt_rateest_mt_fini(void) 143 { 144 xt_unregister_match(&xt_rateest_mt_reg); 145 } 146 147 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); 148 MODULE_LICENSE("GPL"); 149 MODULE_DESCRIPTION("xtables rate estimator match"); 150 MODULE_ALIAS("ipt_rateest"); 151 MODULE_ALIAS("ip6t_rateest"); 152 module_init(xt_rateest_mt_init); 153 module_exit(xt_rateest_mt_fini); 154

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/net/netfilter/xt_rateest.c

TOMOYO Linux Cross Reference
Linux/net/netfilter/xt_rateest.c