projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
| Commit | Line | Data |
|---|---|---|
| 1da177e4 LT |
1 | /* iptables module to match on related connections */ |
| 2 | /* | |
| 3 | * (C) 2001 Martin Josefsson <gandalf@wlug.westbo.se> | |
| 4 | * | |
| 5 | * This program is free software; you can redistribute it and/or modify | |
| 6 | * it under the terms of the GNU General Public License version 2 as | |
| 7 | * published by the Free Software Foundation. | |
| 8 | * | |
| 9 | * 19 Mar 2002 Harald Welte <laforge@gnumonks.org>: | |
| 10 | * - Port to newnat infrastructure | |
| 11 | */ | |
| 12 | ||
| 13 | #include <linux/module.h> | |
| 14 | #include <linux/skbuff.h> | |
| 15 | #include <linux/netfilter.h> | |
| 3cbc4ab5 | 16 | #include <linux/interrupt.h> |
| 9fb9cbb1 | 17 | #if defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE) |
| 1da177e4 LT |
18 | #include <linux/netfilter_ipv4/ip_conntrack.h> |
| 19 | #include <linux/netfilter_ipv4/ip_conntrack_core.h> | |
| 20 | #include <linux/netfilter_ipv4/ip_conntrack_helper.h> | |
| 9fb9cbb1 YK |
21 | #else |
| 22 | #include <net/netfilter/nf_conntrack.h> | |
| 23 | #include <net/netfilter/nf_conntrack_core.h> | |
| 24 | #include <net/netfilter/nf_conntrack_helper.h> | |
| 25 | #endif | |
| 1da177e4 LT |
26 | #include <linux/netfilter_ipv4/ip_tables.h> |
| 27 | #include <linux/netfilter_ipv4/ipt_helper.h> | |
| 28 | ||
| 29 | MODULE_LICENSE("GPL"); | |
| 30 | MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>"); | |
| 31 | MODULE_DESCRIPTION("iptables helper match module"); | |
| 32 | ||
| 33 | #if 0 | |
| 34 | #define DEBUGP printk | |
| 35 | #else | |
| 36 | #define DEBUGP(format, args...) | |
| 37 | #endif | |
| 38 | ||
| 9fb9cbb1 | 39 | #if defined(CONFIG_IP_NF_CONNTRACK) || defined(CONFIG_IP_NF_CONNTRACK_MODULE) |
| 1da177e4 LT |
40 | static int |
| 41 | match(const struct sk_buff *skb, | |
| 42 | const struct net_device *in, | |
| 43 | const struct net_device *out, | |
| 44 | const void *matchinfo, | |
| 45 | int offset, | |
| 46 | int *hotdrop) | |
| 47 | { | |
| 48 | const struct ipt_helper_info *info = matchinfo; | |
| 49 | struct ip_conntrack *ct; | |
| 50 | enum ip_conntrack_info ctinfo; | |
| 51 | int ret = info->invert; | |
| 52 | ||
| 53 | ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo); | |
| 54 | if (!ct) { | |
| 55 | DEBUGP("ipt_helper: Eek! invalid conntrack?\n"); | |
| 56 | return ret; | |
| 57 | } | |
| 58 | ||
| 59 | if (!ct->master) { | |
| 60 | DEBUGP("ipt_helper: conntrack %p has no master\n", ct); | |
| 61 | return ret; | |
| 62 | } | |
| 63 | ||
| e45b1be8 | 64 | read_lock_bh(&ip_conntrack_lock); |
| 1da177e4 LT |
65 | if (!ct->master->helper) { |
| 66 | DEBUGP("ipt_helper: master ct %p has no helper\n", | |
| 67 | exp->expectant); | |
| 68 | goto out_unlock; | |
| 69 | } | |
| 70 | ||
| 71 | DEBUGP("master's name = %s , info->name = %s\n", | |
| 72 | ct->master->helper->name, info->name); | |
| 73 | ||
| 74 | if (info->name[0] == '\0') | |
| 75 | ret ^= 1; | |
| 76 | else | |
| 77 | ret ^= !strncmp(ct->master->helper->name, info->name, | |
| 78 | strlen(ct->master->helper->name)); | |
| 79 | out_unlock: | |
| e45b1be8 | 80 | read_unlock_bh(&ip_conntrack_lock); |
| 1da177e4 LT |
81 | return ret; |
| 82 | } | |
| 83 | ||
| 9fb9cbb1 YK |
84 | #else /* CONFIG_IP_NF_CONNTRACK */ |
| 85 | ||
| 86 | static int | |
| 87 | match(const struct sk_buff *skb, | |
| 88 | const struct net_device *in, | |
| 89 | const struct net_device *out, | |
| 90 | const void *matchinfo, | |
| 91 | int offset, | |
| 92 | int *hotdrop) | |
| 93 | { | |
| 94 | const struct ipt_helper_info *info = matchinfo; | |
| 95 | struct nf_conn *ct; | |
| 96 | enum ip_conntrack_info ctinfo; | |
| 97 | int ret = info->invert; | |
| 98 | ||
| 99 | ct = nf_ct_get((struct sk_buff *)skb, &ctinfo); | |
| 100 | if (!ct) { | |
| 101 | DEBUGP("ipt_helper: Eek! invalid conntrack?\n"); | |
| 102 | return ret; | |
| 103 | } | |
| 104 | ||
| 105 | if (!ct->master) { | |
| 106 | DEBUGP("ipt_helper: conntrack %p has no master\n", ct); | |
| 107 | return ret; | |
| 108 | } | |
| 109 | ||
| 110 | read_lock_bh(&nf_conntrack_lock); | |
| 111 | if (!ct->master->helper) { | |
| 112 | DEBUGP("ipt_helper: master ct %p has no helper\n", | |
| 113 | exp->expectant); | |
| 114 | goto out_unlock; | |
| 115 | } | |
| 116 | ||
| 117 | DEBUGP("master's name = %s , info->name = %s\n", | |
| 118 | ct->master->helper->name, info->name); | |
| 119 | ||
| 120 | if (info->name[0] == '\0') | |
| 121 | ret ^= 1; | |
| 122 | else | |
| 123 | ret ^= !strncmp(ct->master->helper->name, info->name, | |
| 124 | strlen(ct->master->helper->name)); | |
| 125 | out_unlock: | |
| 126 | read_unlock_bh(&nf_conntrack_lock); | |
| 127 | return ret; | |
| 128 | } | |
| 129 | #endif | |
| 130 | ||
| 1da177e4 LT |
131 | static int check(const char *tablename, |
| 132 | const struct ipt_ip *ip, | |
| 133 | void *matchinfo, | |
| 134 | unsigned int matchsize, | |
| 135 | unsigned int hook_mask) | |
| 136 | { | |
| 137 | struct ipt_helper_info *info = matchinfo; | |
| 138 | ||
| 139 | info->name[29] = '\0'; | |
| 140 | ||
| 141 | /* verify size */ | |
| 142 | if (matchsize != IPT_ALIGN(sizeof(struct ipt_helper_info))) | |
| 143 | return 0; | |
| 144 | ||
| 145 | return 1; | |
| 146 | } | |
| 147 | ||
| 148 | static struct ipt_match helper_match = { | |
| 149 | .name = "helper", | |
| 150 | .match = &match, | |
| 151 | .checkentry = &check, | |
| 152 | .me = THIS_MODULE, | |
| 153 | }; | |
| 154 | ||
| 155 | static int __init init(void) | |
| 156 | { | |
| 157 | need_ip_conntrack(); | |
| 158 | return ipt_register_match(&helper_match); | |
| 159 | } | |
| 160 | ||
| 161 | static void __exit fini(void) | |
| 162 | { | |
| 163 | ipt_unregister_match(&helper_match); | |
| 164 | } | |
| 165 | ||
| 166 | module_init(init); | |
| 167 | module_exit(fini); | |
| 168 |