[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / netfilter / xt_helper.c

/* iptables module to match on related connections */
/*
 * (C) 2001 Martin Josefsson <gandalf@wlug.westbo.se>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netfilter.h>
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_core.h>
#include <net/netfilter/nf_conntrack_helper.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_helper.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>");
MODULE_DESCRIPTION("iptables helper match module");
MODULE_ALIAS("ipt_helper");
MODULE_ALIAS("ip6t_helper");

#if 0
#define DEBUGP printk
#else
#define DEBUGP(format, args...)
#endif

static bool
match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
      const struct xt_match *match,
      const void *matchinfo,
      int offset,
      unsigned int protoff,
      bool *hotdrop)
{
	const struct xt_helper_info *info = matchinfo;
	struct nf_conn *ct;
	struct nf_conn_help *master_help;
	enum ip_conntrack_info ctinfo;
	bool ret = info->invert;

	ct = nf_ct_get((struct sk_buff *)skb, &ctinfo);
	if (!ct) {
		DEBUGP("xt_helper: Eek! invalid conntrack?\n");
		return ret;
	}

	if (!ct->master) {
		DEBUGP("xt_helper: conntrack %p has no master\n", ct);
		return ret;
	}

	read_lock_bh(&nf_conntrack_lock);
	master_help = nfct_help(ct->master);
	if (!master_help || !master_help->helper) {
		DEBUGP("xt_helper: master ct %p has no helper\n",
			exp->expectant);
		goto out_unlock;
	}

	DEBUGP("master's name = %s , info->name = %s\n",
		ct->master->helper->name, info->name);

	if (info->name[0] == '\0')
		ret = !ret;
	else
		ret ^= !strncmp(master_help->helper->name, info->name,
				strlen(master_help->helper->name));
out_unlock:
	read_unlock_bh(&nf_conntrack_lock);
	return ret;
}

static bool check(const char *tablename,
		  const void *inf,
		  const struct xt_match *match,
		  void *matchinfo,
		  unsigned int hook_mask)
{
	struct xt_helper_info *info = matchinfo;

	if (nf_ct_l3proto_try_module_get(match->family) < 0) {
		printk(KERN_WARNING "can't load conntrack support for "
				    "proto=%d\n", match->family);
		return false;
	}
	info->name[29] = '\0';
	return true;
}

static void
destroy(const struct xt_match *match, void *matchinfo)
{
	nf_ct_l3proto_module_put(match->family);
}

static struct xt_match xt_helper_match[] = {
	{
		.name		= "helper",
		.family		= AF_INET,
		.checkentry	= check,
		.match		= match,
		.destroy	= destroy,
		.matchsize	= sizeof(struct xt_helper_info),
		.me		= THIS_MODULE,
	},
	{
		.name		= "helper",
		.family		= AF_INET6,
		.checkentry	= check,
		.match		= match,
		.destroy	= destroy,
		.matchsize	= sizeof(struct xt_helper_info),
		.me		= THIS_MODULE,
	},
};

static int __init xt_helper_init(void)
{
	return xt_register_matches(xt_helper_match,
				   ARRAY_SIZE(xt_helper_match));
}

static void __exit xt_helper_fini(void)
{
	xt_unregister_matches(xt_helper_match, ARRAY_SIZE(xt_helper_match));
}

module_init(xt_helper_init);
module_exit(xt_helper_fini);
Commit	Line	Data
1da177e4 LT	1	/* iptables module to match on related connections */
	2	/*
	3	* (C) 2001 Martin Josefsson <gandalf@wlug.westbo.se>
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License version 2 as
	7	* published by the Free Software Foundation.
1da177e4 LT	8	*/
	9
	10	#include <linux/module.h>
	11	#include <linux/skbuff.h>
	12	#include <linux/netfilter.h>
9fb9cbb1 YK	13	#include <net/netfilter/nf_conntrack.h>
	14	#include <net/netfilter/nf_conntrack_core.h>
	15	#include <net/netfilter/nf_conntrack_helper.h>
2e4e6a17 HW	16	#include <linux/netfilter/x_tables.h>
2e4e6a17 HW	17	#include <linux/netfilter/xt_helper.h>
1da177e4 LT	18
	19	MODULE_LICENSE("GPL");
	20	MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>");
	21	MODULE_DESCRIPTION("iptables helper match module");
2e4e6a17 HW	22	MODULE_ALIAS("ipt_helper");
2e4e6a17 HW	23	MODULE_ALIAS("ip6t_helper");
1da177e4 LT	24
	25	#if 0
	26	#define DEBUGP printk
	27	#else
	28	#define DEBUGP(format, args...)
	29	#endif
	30
1d93a9cb	31	static bool
9fb9cbb1 YK	32	match(const struct sk_buff *skb,
	33	const struct net_device *in,
	34	const struct net_device *out,
c4986734	35	const struct xt_match *match,
9fb9cbb1 YK	36	const void *matchinfo,
9fb9cbb1 YK	37	int offset,
2e4e6a17	38	unsigned int protoff,
cff533ac	39	bool *hotdrop)
9fb9cbb1	40	{
2e4e6a17	41	const struct xt_helper_info *info = matchinfo;
9fb9cbb1	42	struct nf_conn *ct;
dc808fe2	43	struct nf_conn_help *master_help;
9fb9cbb1	44	enum ip_conntrack_info ctinfo;
1d93a9cb	45	bool ret = info->invert;
601e68e1	46
9fb9cbb1 YK	47	ct = nf_ct_get((struct sk_buff *)skb, &ctinfo);
9fb9cbb1 YK	48	if (!ct) {
2e4e6a17	49	DEBUGP("xt_helper: Eek! invalid conntrack?\n");
9fb9cbb1 YK	50	return ret;
	51	}
	52
	53	if (!ct->master) {
2e4e6a17	54	DEBUGP("xt_helper: conntrack %p has no master\n", ct);
9fb9cbb1 YK	55	return ret;
	56	}
	57
	58	read_lock_bh(&nf_conntrack_lock);
dc808fe2 HW	59	master_help = nfct_help(ct->master);
dc808fe2 HW	60	if (!master_help \|\| !master_help->helper) {
601e68e1	61	DEBUGP("xt_helper: master ct %p has no helper\n",
9fb9cbb1 YK	62	exp->expectant);
	63	goto out_unlock;
	64	}
	65
601e68e1	66	DEBUGP("master's name = %s , info->name = %s\n",
9fb9cbb1 YK	67	ct->master->helper->name, info->name);
	68
	69	if (info->name[0] == '\0')
1d93a9cb	70	ret = !ret;
9fb9cbb1	71	else
dc808fe2	72	ret ^= !strncmp(master_help->helper->name, info->name,
601e68e1	73	strlen(master_help->helper->name));
9fb9cbb1 YK	74	out_unlock:
	75	read_unlock_bh(&nf_conntrack_lock);
	76	return ret;
	77	}
9fb9cbb1	78
ccb79bdc JE	79	static bool check(const char *tablename,
	80	const void *inf,
	81	const struct xt_match *match,
	82	void *matchinfo,
	83	unsigned int hook_mask)
1da177e4	84	{
2e4e6a17	85	struct xt_helper_info *info = matchinfo;
1da177e4	86
b9f78f9f	87	if (nf_ct_l3proto_try_module_get(match->family) < 0) {
fe0b9294	88	printk(KERN_WARNING "can't load conntrack support for "
b9f78f9f	89	"proto=%d\n", match->family);
ccb79bdc	90	return false;
b9f78f9f	91	}
1da177e4	92	info->name[29] = '\0';
ccb79bdc	93	return true;
1da177e4 LT	94	}
1da177e4 LT	95
b9f78f9f	96	static void
efa74165	97	destroy(const struct xt_match match, void matchinfo)
b9f78f9f	98	{
b9f78f9f	99	nf_ct_l3proto_module_put(match->family);
b9f78f9f PNA	100	}
b9f78f9f PNA	101
4470bbc7 PM	102	static struct xt_match xt_helper_match[] = {
	103	{
	104	.name = "helper",
	105	.family = AF_INET,
	106	.checkentry = check,
	107	.match = match,
	108	.destroy = destroy,
	109	.matchsize = sizeof(struct xt_helper_info),
	110	.me = THIS_MODULE,
	111	},
	112	{
	113	.name = "helper",
	114	.family = AF_INET6,
	115	.checkentry = check,
	116	.match = match,
	117	.destroy = destroy,
	118	.matchsize = sizeof(struct xt_helper_info),
	119	.me = THIS_MODULE,
	120	},
1da177e4 LT	121	};
1da177e4 LT	122
65b4b4e8	123	static int __init xt_helper_init(void)
1da177e4	124	{
4470bbc7 PM	125	return xt_register_matches(xt_helper_match,
4470bbc7 PM	126	ARRAY_SIZE(xt_helper_match));
1da177e4 LT	127	}
1da177e4 LT	128
65b4b4e8	129	static void __exit xt_helper_fini(void)
1da177e4	130	{
4470bbc7	131	xt_unregister_matches(xt_helper_match, ARRAY_SIZE(xt_helper_match));
1da177e4 LT	132	}
1da177e4 LT	133
65b4b4e8 AM	134	module_init(xt_helper_init);
65b4b4e8 AM	135	module_exit(xt_helper_fini);
1da177e4	136