Linux Kernel  3.7.1
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
xt_state.c
Go to the documentation of this file.
1 /* Kernel module to match connection tracking information. */
2 
3 /* (C) 1999-2001 Paul `Rusty' Russell
4  * (C) 2002-2005 Netfilter Core Team <coreteam@netfilter.org>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation.
9  */
10 
11 #include <linux/module.h>
12 #include <linux/skbuff.h>
13 #include <net/netfilter/nf_conntrack.h>
14 #include <linux/netfilter/x_tables.h>
15 #include <linux/netfilter/xt_state.h>
16 
17 MODULE_LICENSE("GPL");
18 MODULE_AUTHOR("Rusty Russell <rusty@rustcorp.com.au>");
19 MODULE_DESCRIPTION("ip[6]_tables connection tracking state match module");
20 MODULE_ALIAS("ipt_state");
21 MODULE_ALIAS("ip6t_state");
22 
23 static bool
24 state_mt(const struct sk_buff *skb, struct xt_action_param *par)
25 {
26  const struct xt_state_info *sinfo = par->matchinfo;
27  enum ip_conntrack_info ctinfo;
28  unsigned int statebit;
29  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
30 
31  if (!ct)
32  statebit = XT_STATE_INVALID;
33  else {
34  if (nf_ct_is_untracked(ct))
35  statebit = XT_STATE_UNTRACKED;
36  else
37  statebit = XT_STATE_BIT(ctinfo);
38  }
39  return (sinfo->statemask & statebit);
40 }
41 
42 static int state_mt_check(const struct xt_mtchk_param *par)
43 {
44  int ret;
45 
46  ret = nf_ct_l3proto_try_module_get(par->family);
47  if (ret < 0)
48  pr_info("cannot load conntrack support for proto=%u\n",
49  par->family);
50  return ret;
51 }
52 
53 static void state_mt_destroy(const struct xt_mtdtor_param *par)
54 {
55  nf_ct_l3proto_module_put(par->family);
56 }
57 
58 static struct xt_match state_mt_reg __read_mostly = {
59  .name = "state",
60  .family = NFPROTO_UNSPEC,
61  .checkentry = state_mt_check,
62  .match = state_mt,
63  .destroy = state_mt_destroy,
64  .matchsize = sizeof(struct xt_state_info),
65  .me = THIS_MODULE,
66 };
67 
68 static int __init state_mt_init(void)
69 {
70  return xt_register_match(&state_mt_reg);
71 }
72 
73 static void __exit state_mt_exit(void)
74 {
75  xt_unregister_match(&state_mt_reg);
76 }
77 
78 module_init(state_mt_init);
79 module_exit(state_mt_exit);
Generated on Thu Jan 10 2013 15:01:00 for Linux Kernel by   doxygen 1.8.2