18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only 28c2ecf20Sopenharmony_ci/* 38c2ecf20Sopenharmony_ci * net/sched/em_ipset.c ipset ematch 48c2ecf20Sopenharmony_ci * 58c2ecf20Sopenharmony_ci * Copyright (c) 2012 Florian Westphal <fw@strlen.de> 68c2ecf20Sopenharmony_ci */ 78c2ecf20Sopenharmony_ci 88c2ecf20Sopenharmony_ci#include <linux/gfp.h> 98c2ecf20Sopenharmony_ci#include <linux/module.h> 108c2ecf20Sopenharmony_ci#include <linux/types.h> 118c2ecf20Sopenharmony_ci#include <linux/kernel.h> 128c2ecf20Sopenharmony_ci#include <linux/string.h> 138c2ecf20Sopenharmony_ci#include <linux/skbuff.h> 148c2ecf20Sopenharmony_ci#include <linux/netfilter/xt_set.h> 158c2ecf20Sopenharmony_ci#include <linux/ipv6.h> 168c2ecf20Sopenharmony_ci#include <net/ip.h> 178c2ecf20Sopenharmony_ci#include <net/pkt_cls.h> 188c2ecf20Sopenharmony_ci 198c2ecf20Sopenharmony_cistatic int em_ipset_change(struct net *net, void *data, int data_len, 208c2ecf20Sopenharmony_ci struct tcf_ematch *em) 218c2ecf20Sopenharmony_ci{ 228c2ecf20Sopenharmony_ci struct xt_set_info *set = data; 238c2ecf20Sopenharmony_ci ip_set_id_t index; 248c2ecf20Sopenharmony_ci 258c2ecf20Sopenharmony_ci if (data_len != sizeof(*set)) 268c2ecf20Sopenharmony_ci return -EINVAL; 278c2ecf20Sopenharmony_ci 288c2ecf20Sopenharmony_ci index = ip_set_nfnl_get_byindex(net, set->index); 298c2ecf20Sopenharmony_ci if (index == IPSET_INVALID_ID) 308c2ecf20Sopenharmony_ci return -ENOENT; 318c2ecf20Sopenharmony_ci 328c2ecf20Sopenharmony_ci em->datalen = sizeof(*set); 338c2ecf20Sopenharmony_ci em->data = (unsigned long)kmemdup(data, em->datalen, GFP_KERNEL); 348c2ecf20Sopenharmony_ci if (em->data) 358c2ecf20Sopenharmony_ci return 0; 368c2ecf20Sopenharmony_ci 378c2ecf20Sopenharmony_ci ip_set_nfnl_put(net, index); 388c2ecf20Sopenharmony_ci return -ENOMEM; 398c2ecf20Sopenharmony_ci} 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_cistatic void em_ipset_destroy(struct tcf_ematch *em) 428c2ecf20Sopenharmony_ci{ 438c2ecf20Sopenharmony_ci const struct xt_set_info *set = (const void *) em->data; 448c2ecf20Sopenharmony_ci if (set) { 458c2ecf20Sopenharmony_ci ip_set_nfnl_put(em->net, set->index); 468c2ecf20Sopenharmony_ci kfree((void *) em->data); 478c2ecf20Sopenharmony_ci } 488c2ecf20Sopenharmony_ci} 498c2ecf20Sopenharmony_ci 508c2ecf20Sopenharmony_cistatic int em_ipset_match(struct sk_buff *skb, struct tcf_ematch *em, 518c2ecf20Sopenharmony_ci struct tcf_pkt_info *info) 528c2ecf20Sopenharmony_ci{ 538c2ecf20Sopenharmony_ci struct ip_set_adt_opt opt; 548c2ecf20Sopenharmony_ci struct xt_action_param acpar; 558c2ecf20Sopenharmony_ci const struct xt_set_info *set = (const void *) em->data; 568c2ecf20Sopenharmony_ci struct net_device *dev, *indev = NULL; 578c2ecf20Sopenharmony_ci struct nf_hook_state state = { 588c2ecf20Sopenharmony_ci .net = em->net, 598c2ecf20Sopenharmony_ci }; 608c2ecf20Sopenharmony_ci int ret, network_offset; 618c2ecf20Sopenharmony_ci 628c2ecf20Sopenharmony_ci switch (skb_protocol(skb, true)) { 638c2ecf20Sopenharmony_ci case htons(ETH_P_IP): 648c2ecf20Sopenharmony_ci state.pf = NFPROTO_IPV4; 658c2ecf20Sopenharmony_ci if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) 668c2ecf20Sopenharmony_ci return 0; 678c2ecf20Sopenharmony_ci acpar.thoff = ip_hdrlen(skb); 688c2ecf20Sopenharmony_ci break; 698c2ecf20Sopenharmony_ci case htons(ETH_P_IPV6): 708c2ecf20Sopenharmony_ci state.pf = NFPROTO_IPV6; 718c2ecf20Sopenharmony_ci if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) 728c2ecf20Sopenharmony_ci return 0; 738c2ecf20Sopenharmony_ci /* doesn't call ipv6_find_hdr() because ipset doesn't use thoff, yet */ 748c2ecf20Sopenharmony_ci acpar.thoff = sizeof(struct ipv6hdr); 758c2ecf20Sopenharmony_ci break; 768c2ecf20Sopenharmony_ci default: 778c2ecf20Sopenharmony_ci return 0; 788c2ecf20Sopenharmony_ci } 798c2ecf20Sopenharmony_ci 808c2ecf20Sopenharmony_ci opt.family = state.pf; 818c2ecf20Sopenharmony_ci opt.dim = set->dim; 828c2ecf20Sopenharmony_ci opt.flags = set->flags; 838c2ecf20Sopenharmony_ci opt.cmdflags = 0; 848c2ecf20Sopenharmony_ci opt.ext.timeout = ~0u; 858c2ecf20Sopenharmony_ci 868c2ecf20Sopenharmony_ci network_offset = skb_network_offset(skb); 878c2ecf20Sopenharmony_ci skb_pull(skb, network_offset); 888c2ecf20Sopenharmony_ci 898c2ecf20Sopenharmony_ci dev = skb->dev; 908c2ecf20Sopenharmony_ci 918c2ecf20Sopenharmony_ci rcu_read_lock(); 928c2ecf20Sopenharmony_ci 938c2ecf20Sopenharmony_ci if (skb->skb_iif) 948c2ecf20Sopenharmony_ci indev = dev_get_by_index_rcu(em->net, skb->skb_iif); 958c2ecf20Sopenharmony_ci 968c2ecf20Sopenharmony_ci state.in = indev ? indev : dev; 978c2ecf20Sopenharmony_ci state.out = dev; 988c2ecf20Sopenharmony_ci acpar.state = &state; 998c2ecf20Sopenharmony_ci 1008c2ecf20Sopenharmony_ci ret = ip_set_test(set->index, skb, &acpar, &opt); 1018c2ecf20Sopenharmony_ci 1028c2ecf20Sopenharmony_ci rcu_read_unlock(); 1038c2ecf20Sopenharmony_ci 1048c2ecf20Sopenharmony_ci skb_push(skb, network_offset); 1058c2ecf20Sopenharmony_ci return ret; 1068c2ecf20Sopenharmony_ci} 1078c2ecf20Sopenharmony_ci 1088c2ecf20Sopenharmony_cistatic struct tcf_ematch_ops em_ipset_ops = { 1098c2ecf20Sopenharmony_ci .kind = TCF_EM_IPSET, 1108c2ecf20Sopenharmony_ci .change = em_ipset_change, 1118c2ecf20Sopenharmony_ci .destroy = em_ipset_destroy, 1128c2ecf20Sopenharmony_ci .match = em_ipset_match, 1138c2ecf20Sopenharmony_ci .owner = THIS_MODULE, 1148c2ecf20Sopenharmony_ci .link = LIST_HEAD_INIT(em_ipset_ops.link) 1158c2ecf20Sopenharmony_ci}; 1168c2ecf20Sopenharmony_ci 1178c2ecf20Sopenharmony_cistatic int __init init_em_ipset(void) 1188c2ecf20Sopenharmony_ci{ 1198c2ecf20Sopenharmony_ci return tcf_em_register(&em_ipset_ops); 1208c2ecf20Sopenharmony_ci} 1218c2ecf20Sopenharmony_ci 1228c2ecf20Sopenharmony_cistatic void __exit exit_em_ipset(void) 1238c2ecf20Sopenharmony_ci{ 1248c2ecf20Sopenharmony_ci tcf_em_unregister(&em_ipset_ops); 1258c2ecf20Sopenharmony_ci} 1268c2ecf20Sopenharmony_ci 1278c2ecf20Sopenharmony_ciMODULE_LICENSE("GPL"); 1288c2ecf20Sopenharmony_ciMODULE_AUTHOR("Florian Westphal <fw@strlen.de>"); 1298c2ecf20Sopenharmony_ciMODULE_DESCRIPTION("TC extended match for IP sets"); 1308c2ecf20Sopenharmony_ci 1318c2ecf20Sopenharmony_cimodule_init(init_em_ipset); 1328c2ecf20Sopenharmony_cimodule_exit(exit_em_ipset); 1338c2ecf20Sopenharmony_ci 1348c2ecf20Sopenharmony_ciMODULE_ALIAS_TCF_EMATCH(TCF_EM_IPSET); 135