LXR linux/net/netfilter/xt

   1/*
   2 * Copyright (c) 2006 Patrick McHardy <kaber@trash.net>
   3 *
   4 * This program is free software; you can redistribute it and/or modify
   5 * it under the terms of the GNU General Public License version 2 as
   6 * published by the Free Software Foundation.
   7 *
   8 * Based on ipt_random and ipt_nth by Fabrice MARIE <fabrice@netfilter.org>.
   9 */
  10
  11#include <linux/init.h>
  12#include <linux/spinlock.h>
  13#include <linux/skbuff.h>
  14#include <linux/net.h>
  15
  16#include <linux/netfilter/xt_statistic.h>
  17#include <linux/netfilter/x_tables.h>
  18
  19struct xt_statistic_priv {
  20        uint32_t count;
  21};
  22
  23MODULE_LICENSE("GPL");
  24MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
  25MODULE_DESCRIPTION("Xtables: statistics-based matching (\"Nth\", random)");
  26MODULE_ALIAS("ipt_statistic");
  27MODULE_ALIAS("ip6t_statistic");
  28
  29static DEFINE_SPINLOCK(nth_lock);
  30
  31static bool
  32statistic_mt(const struct sk_buff *skb, const struct xt_match_param *par)
  33{
  34        const struct xt_statistic_info *info = par->matchinfo;
  35        bool ret = info->flags & XT_STATISTIC_INVERT;
  36
  37        switch (info->mode) {
  38        case XT_STATISTIC_MODE_RANDOM:
  39                if ((net_random() & 0x7FFFFFFF) < info->u.random.probability)
  40                        ret = !ret;
  41                break;
  42        case XT_STATISTIC_MODE_NTH:
  43                spin_lock_bh(&nth_lock);
  44                if (info->master->count++ == info->u.nth.every) {
  45                        info->master->count = 0;
  46                        ret = !ret;
  47                }
  48                spin_unlock_bh(&nth_lock);
  49                break;
  50        }
  51
  52        return ret;
  53}
  54
  55static bool statistic_mt_check(const struct xt_mtchk_param *par)
  56{
  57        struct xt_statistic_info *info = par->matchinfo;
  58
  59        if (info->mode > XT_STATISTIC_MODE_MAX ||
  60            info->flags & ~XT_STATISTIC_MASK)
  61                return false;
  62
  63        info->master = kzalloc(sizeof(*info->master), GFP_KERNEL);
  64        if (info->master == NULL) {
  65                printk(KERN_ERR KBUILD_MODNAME ": Out of memory\n");
  66                return false;
  67        }
  68        info->master->count = info->u.nth.count;
  69
  70        return true;
  71}
  72
  73static void statistic_mt_destroy(const struct xt_mtdtor_param *par)
  74{
  75        const struct xt_statistic_info *info = par->matchinfo;
  76
  77        kfree(info->master);
  78}
  79
  80static struct xt_match xt_statistic_mt_reg __read_mostly = {
  81        .name       = "statistic",
  82        .revision   = 0,
  83        .family     = NFPROTO_UNSPEC,
  84        .match      = statistic_mt,
  85        .checkentry = statistic_mt_check,
  86        .destroy    = statistic_mt_destroy,
  87        .matchsize  = sizeof(struct xt_statistic_info),
  88        .me         = THIS_MODULE,
  89};
  90
  91static int __init statistic_mt_init(void)
  92{
  93        return xt_register_match(&xt_statistic_mt_reg);
  94}
  95
  96static void __exit statistic_mt_exit(void)
  97{
  98        xt_unregister_match(&xt_statistic_mt_reg);
  99}
 100
 101module_init(statistic_mt_init);
 102module_exit(statistic_mt_exit);
 103