1
2
3
4
5
6
7
8
9#include <linux/module.h>
10#include <linux/skbuff.h>
11
12#include <linux/netfilter/x_tables.h>
13#include <linux/netfilter/nfnetlink_acct.h>
14#include <linux/netfilter/xt_nfacct.h>
15
16MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
17MODULE_DESCRIPTION("Xtables: match for the extended accounting infrastructure");
18MODULE_LICENSE("GPL");
19MODULE_ALIAS("ipt_nfacct");
20MODULE_ALIAS("ip6t_nfacct");
21
22static bool nfacct_mt(const struct sk_buff *skb, struct xt_action_param *par)
23{
24 const struct xt_nfacct_match_info *info = par->targinfo;
25
26 nfnl_acct_update(skb, info->nfacct);
27
28 return true;
29}
30
31static int
32nfacct_mt_checkentry(const struct xt_mtchk_param *par)
33{
34 struct xt_nfacct_match_info *info = par->matchinfo;
35 struct nf_acct *nfacct;
36
37 nfacct = nfnl_acct_find_get(info->name);
38 if (nfacct == NULL) {
39 pr_info("xt_nfacct: accounting object with name `%s' "
40 "does not exists\n", info->name);
41 return -ENOENT;
42 }
43 info->nfacct = nfacct;
44 return 0;
45}
46
47static void
48nfacct_mt_destroy(const struct xt_mtdtor_param *par)
49{
50 const struct xt_nfacct_match_info *info = par->matchinfo;
51
52 nfnl_acct_put(info->nfacct);
53}
54
55static struct xt_match nfacct_mt_reg __read_mostly = {
56 .name = "nfacct",
57 .family = NFPROTO_UNSPEC,
58 .checkentry = nfacct_mt_checkentry,
59 .match = nfacct_mt,
60 .destroy = nfacct_mt_destroy,
61 .matchsize = sizeof(struct xt_nfacct_match_info),
62 .me = THIS_MODULE,
63};
64
65static int __init nfacct_mt_init(void)
66{
67 return xt_register_match(&nfacct_mt_reg);
68}
69
70static void __exit nfacct_mt_exit(void)
71{
72 xt_unregister_match(&nfacct_mt_reg);
73}
74
75module_init(nfacct_mt_init);
76module_exit(nfacct_mt_exit);
77
