Commit | Line | Data |
---|---|---|
c539f017 FW |
1 | /* |
2 | * test/set flag bits stored in conntrack extension area. | |
3 | * | |
4 | * (C) 2013 Astaro GmbH & Co KG | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License version 2 as | |
8 | * published by the Free Software Foundation. | |
9 | */ | |
10 | ||
c539f017 | 11 | #include <linux/export.h> |
c539f017 | 12 | #include <linux/types.h> |
c539f017 FW |
13 | |
14 | #include <net/netfilter/nf_conntrack_ecache.h> | |
15 | #include <net/netfilter/nf_conntrack_labels.h> | |
16 | ||
17 | static unsigned int label_bits(const struct nf_conn_labels *l) | |
18 | { | |
19 | unsigned int longs = l->words; | |
20 | return longs * BITS_PER_LONG; | |
21 | } | |
22 | ||
23 | bool nf_connlabel_match(const struct nf_conn *ct, u16 bit) | |
24 | { | |
25 | struct nf_conn_labels *labels = nf_ct_labels_find(ct); | |
26 | ||
27 | if (!labels) | |
28 | return false; | |
29 | ||
30 | return bit < label_bits(labels) && test_bit(bit, labels->bits); | |
31 | } | |
32 | EXPORT_SYMBOL_GPL(nf_connlabel_match); | |
33 | ||
34 | int nf_connlabel_set(struct nf_conn *ct, u16 bit) | |
35 | { | |
36 | struct nf_conn_labels *labels = nf_ct_labels_find(ct); | |
37 | ||
38 | if (!labels || bit >= label_bits(labels)) | |
39 | return -ENOSPC; | |
40 | ||
41 | if (test_bit(bit, labels->bits)) | |
42 | return 0; | |
43 | ||
797a7d66 | 44 | if (!test_and_set_bit(bit, labels->bits)) |
0ceabd83 | 45 | nf_conntrack_event_cache(IPCT_LABEL, ct); |
c539f017 FW |
46 | |
47 | return 0; | |
48 | } | |
49 | EXPORT_SYMBOL_GPL(nf_connlabel_set); | |
50 | ||
9b21f6a9 FW |
51 | #if IS_ENABLED(CONFIG_NF_CT_NETLINK) |
52 | static void replace_u32(u32 *address, u32 mask, u32 new) | |
53 | { | |
54 | u32 old, tmp; | |
55 | ||
56 | do { | |
57 | old = *address; | |
58 | tmp = (old & mask) ^ new; | |
59 | } while (cmpxchg(address, old, tmp) != old); | |
60 | } | |
61 | ||
62 | int nf_connlabels_replace(struct nf_conn *ct, | |
63 | const u32 *data, | |
64 | const u32 *mask, unsigned int words32) | |
65 | { | |
66 | struct nf_conn_labels *labels; | |
67 | unsigned int size, i; | |
68 | u32 *dst; | |
69 | ||
70 | labels = nf_ct_labels_find(ct); | |
71 | if (!labels) | |
72 | return -ENOSPC; | |
73 | ||
74 | size = labels->words * sizeof(long); | |
75 | if (size < (words32 * sizeof(u32))) | |
76 | words32 = size / sizeof(u32); | |
77 | ||
78 | dst = (u32 *) labels->bits; | |
79 | if (words32) { | |
80 | for (i = 0; i < words32; i++) | |
81 | replace_u32(&dst[i], mask ? ~mask[i] : 0, data[i]); | |
82 | } | |
83 | ||
84 | size /= sizeof(u32); | |
85 | for (i = words32; i < size; i++) /* pad */ | |
86 | replace_u32(&dst[i], 0, 0); | |
87 | ||
88 | nf_conntrack_event_cache(IPCT_LABEL, ct); | |
89 | return 0; | |
90 | } | |
91 | EXPORT_SYMBOL_GPL(nf_connlabels_replace); | |
92 | #endif | |
93 | ||
c539f017 FW |
94 | static struct nf_ct_ext_type labels_extend __read_mostly = { |
95 | .len = sizeof(struct nf_conn_labels), | |
96 | .align = __alignof__(struct nf_conn_labels), | |
97 | .id = NF_CT_EXT_LABELS, | |
98 | }; | |
99 | ||
5f69b8f5 | 100 | int nf_conntrack_labels_init(void) |
c539f017 | 101 | { |
5f69b8f5 | 102 | return nf_ct_extend_register(&labels_extend); |
c539f017 FW |
103 | } |
104 | ||
5f69b8f5 | 105 | void nf_conntrack_labels_fini(void) |
c539f017 | 106 | { |
5f69b8f5 | 107 | nf_ct_extend_unregister(&labels_extend); |
c539f017 | 108 | } |