Commit | Line | Data |
---|---|---|
c539f017 FW |
1 | /* |
2 | * test/set flag bits stored in conntrack extension area. | |
3 | * | |
4 | * (C) 2013 Astaro GmbH & Co KG | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License version 2 as | |
8 | * published by the Free Software Foundation. | |
9 | */ | |
10 | ||
11 | #include <linux/ctype.h> | |
12 | #include <linux/export.h> | |
13 | #include <linux/jhash.h> | |
14 | #include <linux/spinlock.h> | |
15 | #include <linux/types.h> | |
16 | #include <linux/slab.h> | |
17 | ||
18 | #include <net/netfilter/nf_conntrack_ecache.h> | |
19 | #include <net/netfilter/nf_conntrack_labels.h> | |
20 | ||
21 | static unsigned int label_bits(const struct nf_conn_labels *l) | |
22 | { | |
23 | unsigned int longs = l->words; | |
24 | return longs * BITS_PER_LONG; | |
25 | } | |
26 | ||
27 | bool nf_connlabel_match(const struct nf_conn *ct, u16 bit) | |
28 | { | |
29 | struct nf_conn_labels *labels = nf_ct_labels_find(ct); | |
30 | ||
31 | if (!labels) | |
32 | return false; | |
33 | ||
34 | return bit < label_bits(labels) && test_bit(bit, labels->bits); | |
35 | } | |
36 | EXPORT_SYMBOL_GPL(nf_connlabel_match); | |
37 | ||
38 | int nf_connlabel_set(struct nf_conn *ct, u16 bit) | |
39 | { | |
40 | struct nf_conn_labels *labels = nf_ct_labels_find(ct); | |
41 | ||
42 | if (!labels || bit >= label_bits(labels)) | |
43 | return -ENOSPC; | |
44 | ||
45 | if (test_bit(bit, labels->bits)) | |
46 | return 0; | |
47 | ||
797a7d66 | 48 | if (!test_and_set_bit(bit, labels->bits)) |
0ceabd83 | 49 | nf_conntrack_event_cache(IPCT_LABEL, ct); |
c539f017 FW |
50 | |
51 | return 0; | |
52 | } | |
53 | EXPORT_SYMBOL_GPL(nf_connlabel_set); | |
54 | ||
9b21f6a9 FW |
55 | #if IS_ENABLED(CONFIG_NF_CT_NETLINK) |
56 | static void replace_u32(u32 *address, u32 mask, u32 new) | |
57 | { | |
58 | u32 old, tmp; | |
59 | ||
60 | do { | |
61 | old = *address; | |
62 | tmp = (old & mask) ^ new; | |
63 | } while (cmpxchg(address, old, tmp) != old); | |
64 | } | |
65 | ||
66 | int nf_connlabels_replace(struct nf_conn *ct, | |
67 | const u32 *data, | |
68 | const u32 *mask, unsigned int words32) | |
69 | { | |
70 | struct nf_conn_labels *labels; | |
71 | unsigned int size, i; | |
72 | u32 *dst; | |
73 | ||
74 | labels = nf_ct_labels_find(ct); | |
75 | if (!labels) | |
76 | return -ENOSPC; | |
77 | ||
78 | size = labels->words * sizeof(long); | |
79 | if (size < (words32 * sizeof(u32))) | |
80 | words32 = size / sizeof(u32); | |
81 | ||
82 | dst = (u32 *) labels->bits; | |
83 | if (words32) { | |
84 | for (i = 0; i < words32; i++) | |
85 | replace_u32(&dst[i], mask ? ~mask[i] : 0, data[i]); | |
86 | } | |
87 | ||
88 | size /= sizeof(u32); | |
89 | for (i = words32; i < size; i++) /* pad */ | |
90 | replace_u32(&dst[i], 0, 0); | |
91 | ||
92 | nf_conntrack_event_cache(IPCT_LABEL, ct); | |
93 | return 0; | |
94 | } | |
95 | EXPORT_SYMBOL_GPL(nf_connlabels_replace); | |
96 | #endif | |
97 | ||
c539f017 FW |
98 | static struct nf_ct_ext_type labels_extend __read_mostly = { |
99 | .len = sizeof(struct nf_conn_labels), | |
100 | .align = __alignof__(struct nf_conn_labels), | |
101 | .id = NF_CT_EXT_LABELS, | |
102 | }; | |
103 | ||
5f69b8f5 | 104 | int nf_conntrack_labels_init(void) |
c539f017 | 105 | { |
5f69b8f5 | 106 | return nf_ct_extend_register(&labels_extend); |
c539f017 FW |
107 | } |
108 | ||
5f69b8f5 | 109 | void nf_conntrack_labels_fini(void) |
c539f017 | 110 | { |
5f69b8f5 | 111 | nf_ct_extend_unregister(&labels_extend); |
c539f017 | 112 | } |