linux/net/netfilter/xt_statistic.c
<<
>>
Prefs
   1/*
   2 * Copyright (c) 2006 Patrick McHardy <kaber@trash.net>
   3 *
   4 * This program is free software; you can redistribute it and/or modify
   5 * it under the terms of the GNU General Public License version 2 as
   6 * published by the Free Software Foundation.
   7 *
   8 * Based on ipt_random and ipt_nth by Fabrice MARIE <fabrice@netfilter.org>.
   9 */
  10
  11#include <linux/init.h>
  12#include <linux/spinlock.h>
  13#include <linux/skbuff.h>
  14#include <linux/net.h>
  15#include <linux/slab.h>
  16
  17#include <linux/netfilter/xt_statistic.h>
  18#include <linux/netfilter/x_tables.h>
  19#include <linux/module.h>
  20
  21struct xt_statistic_priv {
  22        atomic_t count;
  23} ____cacheline_aligned_in_smp;
  24
  25MODULE_LICENSE("GPL");
  26MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
  27MODULE_DESCRIPTION("Xtables: statistics-based matching (\"Nth\", random)");
  28MODULE_ALIAS("ipt_statistic");
  29MODULE_ALIAS("ip6t_statistic");
  30
  31static bool
  32statistic_mt(const struct sk_buff *skb, struct xt_action_param *par)
  33{
  34        const struct xt_statistic_info *info = par->matchinfo;
  35        bool ret = info->flags & XT_STATISTIC_INVERT;
  36        int nval, oval;
  37
  38        switch (info->mode) {
  39        case XT_STATISTIC_MODE_RANDOM:
  40                if ((prandom_u32() & 0x7FFFFFFF) < info->u.random.probability)
  41                        ret = !ret;
  42                break;
  43        case XT_STATISTIC_MODE_NTH:
  44                do {
  45                        oval = atomic_read(&info->master->count);
  46                        nval = (oval == info->u.nth.every) ? 0 : oval + 1;
  47                } while (atomic_cmpxchg(&info->master->count, oval, nval) != oval);
  48                if (nval == 0)
  49                        ret = !ret;
  50                break;
  51        }
  52
  53        return ret;
  54}
  55
  56static int statistic_mt_check(const struct xt_mtchk_param *par)
  57{
  58        struct xt_statistic_info *info = par->matchinfo;
  59
  60        if (info->mode > XT_STATISTIC_MODE_MAX ||
  61            info->flags & ~XT_STATISTIC_MASK)
  62                return -EINVAL;
  63
  64        info->master = kzalloc(sizeof(*info->master), GFP_KERNEL);
  65        if (info->master == NULL)
  66                return -ENOMEM;
  67        atomic_set(&info->master->count, info->u.nth.count);
  68
  69        return 0;
  70}
  71
  72static void statistic_mt_destroy(const struct xt_mtdtor_param *par)
  73{
  74        const struct xt_statistic_info *info = par->matchinfo;
  75
  76        kfree(info->master);
  77}
  78
  79static struct xt_match xt_statistic_mt_reg __read_mostly = {
  80        .name       = "statistic",
  81        .revision   = 0,
  82        .family     = NFPROTO_UNSPEC,
  83        .match      = statistic_mt,
  84        .checkentry = statistic_mt_check,
  85        .destroy    = statistic_mt_destroy,
  86        .matchsize  = sizeof(struct xt_statistic_info),
  87        .me         = THIS_MODULE,
  88};
  89
  90static int __init statistic_mt_init(void)
  91{
  92        return xt_register_match(&xt_statistic_mt_reg);
  93}
  94
  95static void __exit statistic_mt_exit(void)
  96{
  97        xt_unregister_match(&xt_statistic_mt_reg);
  98}
  99
 100module_init(statistic_mt_init);
 101module_exit(statistic_mt_exit);
 102