linux/net/bridge/netfilter/nft_meta_bridge.c
<<
>>
Prefs 
   1/*
   2 * Copyright (c) 2014 Intel Corporation
   3 *
   4 * This program is free software; you can redistribute it and/or modify
   5 * it under the terms of the GNU General Public License version 2 as
   6 * published by the Free Software Foundation.
   7 *
   8 */
   9
  10#include <linux/kernel.h>
  11#include <linux/init.h>
  12#include <linux/module.h>
  13#include <linux/netlink.h>
  14#include <linux/netfilter.h>
  15#include <linux/netfilter/nf_tables.h>
  16#include <net/netfilter/nf_tables.h>
  17#include <net/netfilter/nft_meta.h>
  18
  19#include "../br_private.h"
  20
  21static void nft_meta_bridge_get_eval(const struct nft_expr *expr,
  22                                     struct nft_regs *regs,
  23                                     const struct nft_pktinfo *pkt)
  24{
  25        const struct nft_meta *priv = nft_expr_priv(expr);
  26        const struct net_device *in = nft_in(pkt), *out = nft_out(pkt);
  27        u32 *dest = &regs->data[priv->dreg];
  28        const struct net_bridge_port *p;
  29
  30        switch (priv->key) {
  31        case NFT_META_BRI_IIFNAME:
  32                if (in == NULL || (p = br_port_get_rcu(in)) == NULL)
  33                        goto err;
  34                break;
  35        case NFT_META_BRI_OIFNAME:
  36                if (out == NULL || (p = br_port_get_rcu(out)) == NULL)
  37                        goto err;
  38                break;
  39        default:
  40                goto out;
  41        }
  42
  43        strncpy((char *)dest, p->br->dev->name, IFNAMSIZ);
  44        return;
  45out:
  46        return nft_meta_get_eval(expr, regs, pkt);
  47err:
  48        regs->verdict.code = NFT_BREAK;
  49}
  50
  51static int nft_meta_bridge_get_init(const struct nft_ctx *ctx,
  52                                    const struct nft_expr *expr,
  53                                    const struct nlattr * const tb[])
  54{
  55        struct nft_meta *priv = nft_expr_priv(expr);
  56        unsigned int len;
  57
  58        priv->key = ntohl(nla_get_be32(tb[NFTA_META_KEY]));
  59        switch (priv->key) {
  60        case NFT_META_BRI_IIFNAME:
  61        case NFT_META_BRI_OIFNAME:
  62                len = IFNAMSIZ;
  63                break;
  64        default:
  65                return nft_meta_get_init(ctx, expr, tb);
  66        }
  67
  68        priv->dreg = nft_parse_register(tb[NFTA_META_DREG]);
  69        return nft_validate_register_store(ctx, priv->dreg, NULL,
  70                                           NFT_DATA_VALUE, len);
  71}
  72
  73static struct nft_expr_type nft_meta_bridge_type;
  74static const struct nft_expr_ops nft_meta_bridge_get_ops = {
  75        .type           = &nft_meta_bridge_type,
  76        .size           = NFT_EXPR_SIZE(sizeof(struct nft_meta)),
  77        .eval           = nft_meta_bridge_get_eval,
  78        .init           = nft_meta_bridge_get_init,
  79        .dump           = nft_meta_get_dump,
  80};
  81
  82static const struct nft_expr_ops nft_meta_bridge_set_ops = {
  83        .type           = &nft_meta_bridge_type,
  84        .size           = NFT_EXPR_SIZE(sizeof(struct nft_meta)),
  85        .eval           = nft_meta_set_eval,
  86        .init           = nft_meta_set_init,
  87        .destroy        = nft_meta_set_destroy,
  88        .dump           = nft_meta_set_dump,
  89        .validate       = nft_meta_set_validate,
  90};
  91
  92static const struct nft_expr_ops *
  93nft_meta_bridge_select_ops(const struct nft_ctx *ctx,
  94                           const struct nlattr * const tb[])
  95{
  96        if (tb[NFTA_META_KEY] == NULL)
  97                return ERR_PTR(-EINVAL);
  98
  99        if (tb[NFTA_META_DREG] && tb[NFTA_META_SREG])
 100                return ERR_PTR(-EINVAL);
 101
 102        if (tb[NFTA_META_DREG])
 103                return &nft_meta_bridge_get_ops;
 104
 105        if (tb[NFTA_META_SREG])
 106                return &nft_meta_bridge_set_ops;
 107
 108        return ERR_PTR(-EINVAL);
 109}
 110
 111static struct nft_expr_type nft_meta_bridge_type __read_mostly = {
 112        .family         = NFPROTO_BRIDGE,
 113        .name           = "meta",
 114        .select_ops     = nft_meta_bridge_select_ops,
 115        .policy         = nft_meta_policy,
 116        .maxattr        = NFTA_META_MAX,
 117        .owner          = THIS_MODULE,
 118};
 119
 120static int __init nft_meta_bridge_module_init(void)
 121{
 122        return nft_register_expr(&nft_meta_bridge_type);
 123}
 124
 125static void __exit nft_meta_bridge_module_exit(void)
 126{
 127        nft_unregister_expr(&nft_meta_bridge_type);
 128}
 129
 130module_init(nft_meta_bridge_module_init);
 131module_exit(nft_meta_bridge_module_exit);
 132
 133MODULE_LICENSE("GPL");
 134MODULE_AUTHOR("Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>");
 135MODULE_ALIAS_NFT_AF_EXPR(AF_BRIDGE, "meta");
 136
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.