Back to home page

OSCL-LXR
 
 

     

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Copyright (c) 2015 Pablo Neira Ayuso <pablo@netfilter.org>
0004  */
0005 
0006 #include <linux/kernel.h>
0007 #include <linux/init.h>
0008 #include <linux/module.h>
0009 #include <linux/netlink.h>
0010 #include <linux/netfilter.h>
0011 #include <linux/netfilter/nf_tables.h>
0012 #include <net/netfilter/nf_tables.h>
0013 #include <net/netfilter/nf_tables_offload.h>
0014 #include <net/netfilter/nf_dup_netdev.h>
0015 
0016 #define NF_RECURSION_LIMIT  2
0017 
0018 static DEFINE_PER_CPU(u8, nf_dup_skb_recursion);
0019 
0020 static void nf_do_netdev_egress(struct sk_buff *skb, struct net_device *dev,
0021                 enum nf_dev_hooks hook)
0022 {
0023     if (__this_cpu_read(nf_dup_skb_recursion) > NF_RECURSION_LIMIT)
0024         goto err;
0025 
0026     if (hook == NF_NETDEV_INGRESS && skb_mac_header_was_set(skb)) {
0027         if (skb_cow_head(skb, skb->mac_len))
0028             goto err;
0029 
0030         skb_push(skb, skb->mac_len);
0031     }
0032 
0033     skb->dev = dev;
0034     skb_clear_tstamp(skb);
0035     __this_cpu_inc(nf_dup_skb_recursion);
0036     dev_queue_xmit(skb);
0037     __this_cpu_dec(nf_dup_skb_recursion);
0038     return;
0039 err:
0040     kfree_skb(skb);
0041 }
0042 
0043 void nf_fwd_netdev_egress(const struct nft_pktinfo *pkt, int oif)
0044 {
0045     struct net_device *dev;
0046 
0047     dev = dev_get_by_index_rcu(nft_net(pkt), oif);
0048     if (!dev) {
0049         kfree_skb(pkt->skb);
0050         return;
0051     }
0052 
0053     nf_do_netdev_egress(pkt->skb, dev, nft_hook(pkt));
0054 }
0055 EXPORT_SYMBOL_GPL(nf_fwd_netdev_egress);
0056 
0057 void nf_dup_netdev_egress(const struct nft_pktinfo *pkt, int oif)
0058 {
0059     struct net_device *dev;
0060     struct sk_buff *skb;
0061 
0062     dev = dev_get_by_index_rcu(nft_net(pkt), oif);
0063     if (dev == NULL)
0064         return;
0065 
0066     skb = skb_clone(pkt->skb, GFP_ATOMIC);
0067     if (skb)
0068         nf_do_netdev_egress(skb, dev, nft_hook(pkt));
0069 }
0070 EXPORT_SYMBOL_GPL(nf_dup_netdev_egress);
0071 
0072 int nft_fwd_dup_netdev_offload(struct nft_offload_ctx *ctx,
0073                    struct nft_flow_rule *flow,
0074                    enum flow_action_id id, int oif)
0075 {
0076     struct flow_action_entry *entry;
0077     struct net_device *dev;
0078 
0079     /* nft_flow_rule_destroy() releases the reference on this device. */
0080     dev = dev_get_by_index(ctx->net, oif);
0081     if (!dev)
0082         return -EOPNOTSUPP;
0083 
0084     entry = &flow->rule->action.entries[ctx->num_actions++];
0085     entry->id = id;
0086     entry->dev = dev;
0087 
0088     return 0;
0089 }
0090 EXPORT_SYMBOL_GPL(nft_fwd_dup_netdev_offload);
0091 
0092 MODULE_LICENSE("GPL");
0093 MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
0094 MODULE_DESCRIPTION("Netfilter packet duplication support");
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!