Home Explore Help
Register Sign In
dingyu
/
CooCenter-System-kernel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
CooCenter-Sy...
/
net
/
ipv6
/
netfilter
/
nf_dup_ipv6.c

nf_dup_ipv6.c 2.3 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. /*
    2. 

  2.  * (C) 2007 by Sebastian Claßen <sebastian.classen@freenet.ag>
    3. 

  3.  * (C) 2007-2010 by Jan Engelhardt <jengelh@medozas.de>
    4. 

  4.  *
    5. 

  5.  * Extracted from xt_TEE.c
    6. 

  6.  *
    7. 

  7.  * This program is free software; you can redistribute it and/or modify it
    8. 

  8.  * under the terms of the GNU General Public License version 2 or later, as
    9. 

  9.  * published by the Free Software Foundation.
    10. 

  10.  */
    11. 

  11. #include <linux/module.h>
    12. 

  12. #include <linux/percpu.h>
    13. 

  13. #include <linux/skbuff.h>
    14. 

  14. #include <linux/netfilter.h>
    15. 

  15. #include <net/ipv6.h>
    16. 

  16. #include <net/ip6_route.h>
    17. 

  17. #include <net/netfilter/ipv6/nf_dup_ipv6.h>
    18. 

  18. #if IS_ENABLED(CONFIG_NF_CONNTRACK)
    19. 

  19. #include <net/netfilter/nf_conntrack.h>
    20. 

  20. #endif
    21. 

  21. 

  22. static bool nf_dup_ipv6_route(struct net *net, struct sk_buff *skb,
    23. 

  23. 			      const struct in6_addr *gw, int oif)
    24. 

  24. {
    25. 

  25. 	const struct ipv6hdr *iph = ipv6_hdr(skb);
    26. 

  26. 	struct dst_entry *dst;
    27. 

  27. 	struct flowi6 fl6;
    28. 

  28. 

  29. 	memset(&fl6, 0, sizeof(fl6));
    30. 

  30. 	if (oif != -1)
    31. 

  31. 		fl6.flowi6_oif = oif;
    32. 

  32. 

  33. 	fl6.daddr = *gw;
    34. 

  34. 	fl6.flowlabel = (__force __be32)(((iph->flow_lbl[0] & 0xF) << 16) |
    35. 

  35. 			(iph->flow_lbl[1] << 8) | iph->flow_lbl[2]);
    36. 

  36. 	fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH;
    37. 

  37. 	dst = ip6_route_output(net, NULL, &fl6);
    38. 

  38. 	if (dst->error) {
    39. 

  39. 		dst_release(dst);
    40. 

  40. 		return false;
    41. 

  41. 	}
    42. 

  42. 	skb_dst_drop(skb);
    43. 

  43. 	skb_dst_set(skb, dst);
    44. 

  44. 	skb->dev      = dst->dev;
    45. 

  45. 	skb->protocol = htons(ETH_P_IPV6);
    46. 

  46. 

  47. 	return true;
    48. 

  48. }
    49. 

  49. 

  50. void nf_dup_ipv6(struct net *net, struct sk_buff *skb, unsigned int hooknum,
    51. 

  51. 		 const struct in6_addr *gw, int oif)
    52. 

  52. {
    53. 

  53. 	if (this_cpu_read(nf_skb_duplicated))
    54. 

  54. 		return;
    55. 

  55. 	skb = pskb_copy(skb, GFP_ATOMIC);
    56. 

  56. 	if (skb == NULL)
    57. 

  57. 		return;
    58. 

  58. 

  59. #if IS_ENABLED(CONFIG_NF_CONNTRACK)
    60. 

  60. 	nf_conntrack_put(skb->nfct);
    61. 

  61. 	skb->nfct     = &nf_ct_untracked_get()->ct_general;
    62. 

  62. 	skb->nfctinfo = IP_CT_NEW;
    63. 

  63. 	nf_conntrack_get(skb->nfct);
    64. 

  64. #endif
    65. 

  65. 	if (hooknum == NF_INET_PRE_ROUTING ||
    66. 

  66. 	    hooknum == NF_INET_LOCAL_IN) {
    67. 

  67. 		struct ipv6hdr *iph = ipv6_hdr(skb);
    68. 

  68. 		--iph->hop_limit;
    69. 

  69. 	}
    70. 

  70. 	if (nf_dup_ipv6_route(net, skb, gw, oif)) {
    71. 

  71. 		__this_cpu_write(nf_skb_duplicated, true);
    72. 

  72. 		ip6_local_out(net, skb->sk, skb);
    73. 

  73. 		__this_cpu_write(nf_skb_duplicated, false);
    74. 

  74. 	} else {
    75. 

  75. 		kfree_skb(skb);
    76. 

  76. 	}
    77. 

  77. }
    78. 

  78. EXPORT_SYMBOL_GPL(nf_dup_ipv6);
    79. 

  79. 

  80. MODULE_AUTHOR("Sebastian Claßen <sebastian.classen@freenet.ag>");
    81. 

  81. MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
    82. 

  82. MODULE_DESCRIPTION("nf_dup_ipv6: IPv6 packet duplication");
    83. 

  83. MODULE_LICENSE("GPL");
    84.