~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/netfilter/nf_flow_table_inet.c

Version: ~ [ linux-6.11-rc3 ] ~ [ linux-6.10.4 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.45 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.104 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.164 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.223 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.281 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.319 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 // SPDX-License-Identifier: GPL-2.0-only
  2 #include <linux/kernel.h>
  3 #include <linux/init.h>
  4 #include <linux/module.h>
  5 #include <linux/netfilter.h>
  6 #include <linux/rhashtable.h>
  7 #include <net/netfilter/nf_flow_table.h>
  8 #include <net/netfilter/nf_tables.h>
  9 #include <linux/if_vlan.h>
 10 
 11 static unsigned int
 12 nf_flow_offload_inet_hook(void *priv, struct sk_buff *skb,
 13                           const struct nf_hook_state *state)
 14 {
 15         struct vlan_ethhdr *veth;
 16         __be16 proto;
 17 
 18         switch (skb->protocol) {
 19         case htons(ETH_P_8021Q):
 20                 veth = (struct vlan_ethhdr *)skb_mac_header(skb);
 21                 proto = veth->h_vlan_encapsulated_proto;
 22                 break;
 23         case htons(ETH_P_PPP_SES):
 24                 if (!nf_flow_pppoe_proto(skb, &proto))
 25                         return NF_ACCEPT;
 26                 break;
 27         default:
 28                 proto = skb->protocol;
 29                 break;
 30         }
 31 
 32         switch (proto) {
 33         case htons(ETH_P_IP):
 34                 return nf_flow_offload_ip_hook(priv, skb, state);
 35         case htons(ETH_P_IPV6):
 36                 return nf_flow_offload_ipv6_hook(priv, skb, state);
 37         }
 38 
 39         return NF_ACCEPT;
 40 }
 41 
 42 static int nf_flow_rule_route_inet(struct net *net,
 43                                    struct flow_offload *flow,
 44                                    enum flow_offload_tuple_dir dir,
 45                                    struct nf_flow_rule *flow_rule)
 46 {
 47         const struct flow_offload_tuple *flow_tuple = &flow->tuplehash[dir].tuple;
 48         int err;
 49 
 50         switch (flow_tuple->l3proto) {
 51         case NFPROTO_IPV4:
 52                 err = nf_flow_rule_route_ipv4(net, flow, dir, flow_rule);
 53                 break;
 54         case NFPROTO_IPV6:
 55                 err = nf_flow_rule_route_ipv6(net, flow, dir, flow_rule);
 56                 break;
 57         default:
 58                 err = -1;
 59                 break;
 60         }
 61 
 62         return err;
 63 }
 64 
 65 static struct nf_flowtable_type flowtable_inet = {
 66         .family         = NFPROTO_INET,
 67         .init           = nf_flow_table_init,
 68         .setup          = nf_flow_table_offload_setup,
 69         .action         = nf_flow_rule_route_inet,
 70         .free           = nf_flow_table_free,
 71         .hook           = nf_flow_offload_inet_hook,
 72         .owner          = THIS_MODULE,
 73 };
 74 
 75 static struct nf_flowtable_type flowtable_ipv4 = {
 76         .family         = NFPROTO_IPV4,
 77         .init           = nf_flow_table_init,
 78         .setup          = nf_flow_table_offload_setup,
 79         .action         = nf_flow_rule_route_ipv4,
 80         .free           = nf_flow_table_free,
 81         .hook           = nf_flow_offload_ip_hook,
 82         .owner          = THIS_MODULE,
 83 };
 84 
 85 static struct nf_flowtable_type flowtable_ipv6 = {
 86         .family         = NFPROTO_IPV6,
 87         .init           = nf_flow_table_init,
 88         .setup          = nf_flow_table_offload_setup,
 89         .action         = nf_flow_rule_route_ipv6,
 90         .free           = nf_flow_table_free,
 91         .hook           = nf_flow_offload_ipv6_hook,
 92         .owner          = THIS_MODULE,
 93 };
 94 
 95 static int __init nf_flow_inet_module_init(void)
 96 {
 97         nft_register_flowtable_type(&flowtable_ipv4);
 98         nft_register_flowtable_type(&flowtable_ipv6);
 99         nft_register_flowtable_type(&flowtable_inet);
100 
101         return nf_flow_register_bpf();
102 }
103 
104 static void __exit nf_flow_inet_module_exit(void)
105 {
106         nft_unregister_flowtable_type(&flowtable_inet);
107         nft_unregister_flowtable_type(&flowtable_ipv6);
108         nft_unregister_flowtable_type(&flowtable_ipv4);
109 }
110 
111 module_init(nf_flow_inet_module_init);
112 module_exit(nf_flow_inet_module_exit);
113 
114 MODULE_LICENSE("GPL");
115 MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
116 MODULE_ALIAS_NF_FLOWTABLE(AF_INET);
117 MODULE_ALIAS_NF_FLOWTABLE(AF_INET6);
118 MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */
119 MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module");
120
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php