Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
dingyu
/
CooCenter-System-kernel
1
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Atzars: master
Atzari Tagi
CooCenter-Sy...
/
net
/
netfilter
/
nf_conntrack_labels.c

nf_conntrack_labels.c 3.0 KB
Patstāvīgā saite Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 
  1. /*
    2. 

  2.  * test/set flag bits stored in conntrack extension area.
    3. 

  3.  *
    4. 

  4.  * (C) 2013 Astaro GmbH & Co KG
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License version 2 as
    8. 

  8.  * published by the Free Software Foundation.
    9. 

  9.  */
    10. 

  10. 

  11. #include <linux/export.h>
    12. 

  12. #include <linux/types.h>
    13. 

  13. 

  14. #include <net/netfilter/nf_conntrack_ecache.h>
    15. 

  15. #include <net/netfilter/nf_conntrack_labels.h>
    16. 

  16. 

  17. static spinlock_t nf_connlabels_lock;
    18. 

  18. 

  19. static unsigned int label_bits(const struct nf_conn_labels *l)
    20. 

  20. {
    21. 

  21. 	unsigned int longs = l->words;
    22. 

  22. 	return longs * BITS_PER_LONG;
    23. 

  23. }
    24. 

  24. 

  25. bool nf_connlabel_match(const struct nf_conn *ct, u16 bit)
    26. 

  26. {
    27. 

  27. 	struct nf_conn_labels *labels = nf_ct_labels_find(ct);
    28. 

  28. 

  29. 	if (!labels)
    30. 

  30. 		return false;
    31. 

  31. 

  32. 	return bit < label_bits(labels) && test_bit(bit, labels->bits);
    33. 

  33. }
    34. 

  34. EXPORT_SYMBOL_GPL(nf_connlabel_match);
    35. 

  35. 

  36. int nf_connlabel_set(struct nf_conn *ct, u16 bit)
    37. 

  37. {
    38. 

  38. 	struct nf_conn_labels *labels = nf_ct_labels_find(ct);
    39. 

  39. 

  40. 	if (!labels || bit >= label_bits(labels))
    41. 

  41. 		return -ENOSPC;
    42. 

  42. 

  43. 	if (test_bit(bit, labels->bits))
    44. 

  44. 		return 0;
    45. 

  45. 

  46. 	if (!test_and_set_bit(bit, labels->bits))
    47. 

  47. 		nf_conntrack_event_cache(IPCT_LABEL, ct);
    48. 

  48. 

  49. 	return 0;
    50. 

  50. }
    51. 

  51. EXPORT_SYMBOL_GPL(nf_connlabel_set);
    52. 

  52. 

  53. static void replace_u32(u32 *address, u32 mask, u32 new)
    54. 

  54. {
    55. 

  55. 	u32 old, tmp;
    56. 

  56. 

  57. 	do {
    58. 

  58. 		old = *address;
    59. 

  59. 		tmp = (old & mask) ^ new;
    60. 

  60. 	} while (cmpxchg(address, old, tmp) != old);
    61. 

  61. }
    62. 

  62. 

  63. int nf_connlabels_replace(struct nf_conn *ct,
    64. 

  64. 			  const u32 *data,
    65. 

  65. 			  const u32 *mask, unsigned int words32)
    66. 

  66. {
    67. 

  67. 	struct nf_conn_labels *labels;
    68. 

  68. 	unsigned int size, i;
    69. 

  69. 	u32 *dst;
    70. 

  70. 

  71. 	labels = nf_ct_labels_find(ct);
    72. 

  72. 	if (!labels)
    73. 

  73. 		return -ENOSPC;
    74. 

  74. 

  75. 	size = labels->words * sizeof(long);
    76. 

  76. 	if (size < (words32 * sizeof(u32)))
    77. 

  77. 		words32 = size / sizeof(u32);
    78. 

  78. 

  79. 	dst = (u32 *) labels->bits;
    80. 

  80. 	if (words32) {
    81. 

  81. 		for (i = 0; i < words32; i++)
    82. 

  82. 			replace_u32(&dst[i], mask ? ~mask[i] : 0, data[i]);
    83. 

  83. 	}
    84. 

  84. 

  85. 	size /= sizeof(u32);
    86. 

  86. 	for (i = words32; i < size; i++) /* pad */
    87. 

  87. 		replace_u32(&dst[i], 0, 0);
    88. 

  88. 

  89. 	nf_conntrack_event_cache(IPCT_LABEL, ct);
    90. 

  90. 	return 0;
    91. 

  91. }
    92. 

  92. EXPORT_SYMBOL_GPL(nf_connlabels_replace);
    93. 

  93. 

  94. int nf_connlabels_get(struct net *net, unsigned int n_bits)
    95. 

  95. {
    96. 

  96. 	size_t words;
    97. 

  97. 

  98. 	if (n_bits > (NF_CT_LABELS_MAX_SIZE * BITS_PER_BYTE))
    99. 

  99. 		return -ERANGE;
    100. 

  100. 

  101. 	words = BITS_TO_LONGS(n_bits);
    102. 

  102. 

  103. 	spin_lock(&nf_connlabels_lock);
    104. 

  104. 	net->ct.labels_used++;
    105. 

  105. 	if (words > net->ct.label_words)
    106. 

  106. 		net->ct.label_words = words;
    107. 

  107. 	spin_unlock(&nf_connlabels_lock);
    108. 

  108. 

  109. 	return 0;
    110. 

  110. }
    111. 

  111. EXPORT_SYMBOL_GPL(nf_connlabels_get);
    112. 

  112. 

  113. void nf_connlabels_put(struct net *net)
    114. 

  114. {
    115. 

  115. 	spin_lock(&nf_connlabels_lock);
    116. 

  116. 	net->ct.labels_used--;
    117. 

  117. 	if (net->ct.labels_used == 0)
    118. 

  118. 		net->ct.label_words = 0;
    119. 

  119. 	spin_unlock(&nf_connlabels_lock);
    120. 

  120. }
    121. 

  121. EXPORT_SYMBOL_GPL(nf_connlabels_put);
    122. 

  122. 

  123. static struct nf_ct_ext_type labels_extend __read_mostly = {
    124. 

  124. 	.len    = sizeof(struct nf_conn_labels),
    125. 

  125. 	.align  = __alignof__(struct nf_conn_labels),
    126. 

  126. 	.id     = NF_CT_EXT_LABELS,
    127. 

  127. };
    128. 

  128. 

  129. int nf_conntrack_labels_init(void)
    130. 

  130. {
    131. 

  131. 	spin_lock_init(&nf_connlabels_lock);
    132. 

  132. 	return nf_ct_extend_register(&labels_extend);
    133. 

  133. }
    134. 

  134. 

  135. void nf_conntrack_labels_fini(void)
    136. 

  136. {
    137. 

  137. 	nf_ct_extend_unregister(&labels_extend);
    138. 

  138. }
    139.