Linux Kernel
3.7.1
Main Page
Related Pages
Modules
Namespaces
Data Structures
Files
File List
Globals
All
Data Structures
Namespaces
Files
Functions
Variables
Typedefs
Enumerations
Enumerator
Macros
Groups
Pages
net
netfilter
xt_helper.c
Go to the documentation of this file.
1
/* iptables module to match on related connections */
2
/*
3
* (C) 2001 Martin Josefsson <
[email protected]
>
4
*
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
8
*/
9
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10
#include <linux/module.h>
11
#include <
linux/skbuff.h
>
12
#include <linux/netfilter.h>
13
#include <
net/netfilter/nf_conntrack.h
>
14
#include <
net/netfilter/nf_conntrack_core.h
>
15
#include <
net/netfilter/nf_conntrack_helper.h
>
16
#include <linux/netfilter/x_tables.h>
17
#include <
linux/netfilter/xt_helper.h
>
18
19
MODULE_LICENSE
(
"GPL"
);
20
MODULE_AUTHOR
(
"Martin Josefsson <
[email protected]
>"
);
21
MODULE_DESCRIPTION
(
"Xtables: Related connection matching"
);
22
MODULE_ALIAS
(
"ipt_helper"
);
23
MODULE_ALIAS
(
"ip6t_helper"
);
24
25
26
static
bool
27
helper_mt(
const
struct
sk_buff
*
skb
,
struct
xt_action_param
*par)
28
{
29
const
struct
xt_helper_info
*
info
= par->
matchinfo
;
30
const
struct
nf_conn
*
ct
;
31
const
struct
nf_conn_help
*master_help;
32
const
struct
nf_conntrack_helper
*helper;
33
enum
ip_conntrack_info
ctinfo;
34
bool
ret
= info->
invert
;
35
36
ct = nf_ct_get(skb, &ctinfo);
37
if
(!ct || !ct->
master
)
38
return
ret
;
39
40
master_help = nfct_help(ct->
master
);
41
if
(!master_help)
42
return
ret
;
43
44
/* rcu_read_lock()ed by nf_hook_slow */
45
helper =
rcu_dereference
(master_help->
helper
);
46
if
(!helper)
47
return
ret
;
48
49
if
(info->
name
[0] ==
'\0'
)
50
ret = !
ret
;
51
else
52
ret ^= !
strncmp
(helper->
name
, info->
name
,
53
strlen
(helper->
name
));
54
return
ret
;
55
}
56
57
static
int
helper_mt_check(
const
struct
xt_mtchk_param
*par)
58
{
59
struct
xt_helper_info
*info = par->
matchinfo
;
60
int
ret
;
61
62
ret =
nf_ct_l3proto_try_module_get
(par->
family
);
63
if
(ret < 0) {
64
pr_info
(
"cannot load conntrack support for proto=%u\n"
,
65
par->
family
);
66
return
ret
;
67
}
68
info->
name
[29] =
'\0'
;
69
return
0;
70
}
71
72
static
void
helper_mt_destroy(
const
struct
xt_mtdtor_param
*par)
73
{
74
nf_ct_l3proto_module_put
(par->
family
);
75
}
76
77
static
struct
xt_match
helper_mt_reg
__read_mostly
= {
78
.name =
"helper"
,
79
.revision = 0,
80
.family =
NFPROTO_UNSPEC
,
81
.checkentry = helper_mt_check,
82
.match = helper_mt,
83
.destroy = helper_mt_destroy,
84
.matchsize =
sizeof
(
struct
xt_helper_info
),
85
.me =
THIS_MODULE
,
86
};
87
88
static
int
__init
helper_mt_init(
void
)
89
{
90
return
xt_register_match
(&helper_mt_reg);
91
}
92
93
static
void
__exit
helper_mt_exit(
void
)
94
{
95
xt_unregister_match
(&helper_mt_reg);
96
}
97
98
module_init
(helper_mt_init);
99
module_exit
(helper_mt_exit);
Generated on Thu Jan 10 2013 15:00:54 for Linux Kernel by
1.8.2
1.8.2