Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
xt_devgroup.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2011 Patrick McHardy <[email protected]>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License version 2 as
6  * published by the Free Software Foundation.
7  */
8 
9 #include <linux/module.h>
10 #include <linux/skbuff.h>
11 #include <linux/netdevice.h>
12 
13 #include <linux/netfilter/xt_devgroup.h>
14 #include <linux/netfilter/x_tables.h>
15 
16 MODULE_AUTHOR("Patrick McHardy <[email protected]>");
17 MODULE_LICENSE("GPL");
18 MODULE_DESCRIPTION("Xtables: Device group match");
19 MODULE_ALIAS("ipt_devgroup");
20 MODULE_ALIAS("ip6t_devgroup");
21 
22 static bool devgroup_mt(const struct sk_buff *skb, struct xt_action_param *par)
23 {
24  const struct xt_devgroup_info *info = par->matchinfo;
25 
26  if (info->flags & XT_DEVGROUP_MATCH_SRC &&
27  (((info->src_group ^ par->in->group) & info->src_mask ? 1 : 0) ^
28  ((info->flags & XT_DEVGROUP_INVERT_SRC) ? 1 : 0)))
29  return false;
30 
31  if (info->flags & XT_DEVGROUP_MATCH_DST &&
32  (((info->dst_group ^ par->out->group) & info->dst_mask ? 1 : 0) ^
33  ((info->flags & XT_DEVGROUP_INVERT_DST) ? 1 : 0)))
34  return false;
35 
36  return true;
37 }
38 
39 static int devgroup_mt_checkentry(const struct xt_mtchk_param *par)
40 {
41  const struct xt_devgroup_info *info = par->matchinfo;
42 
43  if (info->flags & ~(XT_DEVGROUP_MATCH_SRC | XT_DEVGROUP_INVERT_SRC |
44  XT_DEVGROUP_MATCH_DST | XT_DEVGROUP_INVERT_DST))
45  return -EINVAL;
46 
47  if (info->flags & XT_DEVGROUP_MATCH_SRC &&
48  par->hook_mask & ~((1 << NF_INET_PRE_ROUTING) |
49  (1 << NF_INET_LOCAL_IN) |
50  (1 << NF_INET_FORWARD)))
51  return -EINVAL;
52 
53  if (info->flags & XT_DEVGROUP_MATCH_DST &&
54  par->hook_mask & ~((1 << NF_INET_FORWARD) |
55  (1 << NF_INET_LOCAL_OUT) |
56  (1 << NF_INET_POST_ROUTING)))
57  return -EINVAL;
58 
59  return 0;
60 }
61 
62 static struct xt_match devgroup_mt_reg __read_mostly = {
63  .name = "devgroup",
64  .match = devgroup_mt,
65  .checkentry = devgroup_mt_checkentry,
66  .matchsize = sizeof(struct xt_devgroup_info),
67  .family = NFPROTO_UNSPEC,
68  .me = THIS_MODULE
69 };
70 
71 static int __init devgroup_mt_init(void)
72 {
73  return xt_register_match(&devgroup_mt_reg);
74 }
75 
76 static void __exit devgroup_mt_exit(void)
77 {
78  xt_unregister_match(&devgroup_mt_reg);
79 }
80 
81 module_init(devgroup_mt_init);
82 module_exit(devgroup_mt_exit);
Generated on Thu Jan 10 2013 15:00:53 for Linux Kernel by   doxygen 1.8.2