[deliverable/linux.git] / net / netfilter / nfnetlink_queue_ct.c

/*
 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 */

#include <linux/skbuff.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nfnetlink_queue.h>
#include <net/netfilter/nf_conntrack.h>

struct nf_conn *nfqnl_ct_get(struct sk_buff *entskb, size_t *size,
			     enum ip_conntrack_info *ctinfo)
{
	struct nfq_ct_hook *nfq_ct;
	struct nf_conn *ct;

	/* rcu_read_lock()ed by __nf_queue already. */
	nfq_ct = rcu_dereference(nfq_ct_hook);
	if (nfq_ct == NULL)
		return NULL;

	ct = nf_ct_get(entskb, ctinfo);
	if (ct) {
		if (!nf_ct_is_untracked(ct))
			*size += nfq_ct->build_size(ct);
		else
			ct = NULL;
	}
	return ct;
}

struct nf_conn *
nfqnl_ct_parse(const struct sk_buff *skb, const struct nlattr *attr,
	       enum ip_conntrack_info *ctinfo)
{
	struct nfq_ct_hook *nfq_ct;
	struct nf_conn *ct;

	/* rcu_read_lock()ed by __nf_queue already. */
	nfq_ct = rcu_dereference(nfq_ct_hook);
	if (nfq_ct == NULL)
		return NULL;

	ct = nf_ct_get(skb, ctinfo);
	if (ct && !nf_ct_is_untracked(ct))
		nfq_ct->parse(attr, ct);

	return ct;
}

int nfqnl_ct_put(struct sk_buff *skb, struct nf_conn *ct,
		 enum ip_conntrack_info ctinfo)
{
	struct nfq_ct_hook *nfq_ct;
	struct nlattr *nest_parms;
	u_int32_t tmp;

	nfq_ct = rcu_dereference(nfq_ct_hook);
	if (nfq_ct == NULL)
		return 0;

	nest_parms = nla_nest_start(skb, NFQA_CT | NLA_F_NESTED);
	if (!nest_parms)
		goto nla_put_failure;

	if (nfq_ct->build(skb, ct) < 0)
		goto nla_put_failure;

	nla_nest_end(skb, nest_parms);

	tmp = ctinfo;
	if (nla_put_be32(skb, NFQA_CT_INFO, htonl(tmp)))
		goto nla_put_failure;

	return 0;

nla_put_failure:
	return -1;
}

void nfqnl_ct_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
			 enum ip_conntrack_info ctinfo, int diff)
{
	struct nfq_ct_nat_hook *nfq_nat_ct;

	nfq_nat_ct = rcu_dereference(nfq_ct_nat_hook);
	if (nfq_nat_ct == NULL)
		return;

	if ((ct->status & IPS_NAT_MASK) && diff)
		nfq_nat_ct->seq_adjust(skb, ct, ctinfo, diff);
}
Commit	Line	Data
7c622345 PNA	1	/*
	2	* (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
	3	*
	4	* This program is free software; you can redistribute it and/or modify
	5	* it under the terms of the GNU General Public License version 2 as
	6	* published by the Free Software Foundation.
	7	*
	8	*/
	9
	10	#include <linux/skbuff.h>
	11	#include <linux/netfilter.h>
	12	#include <linux/netfilter/nfnetlink.h>
	13	#include <linux/netfilter/nfnetlink_queue.h>
	14	#include <net/netfilter/nf_conntrack.h>
	15
	16	struct nf_conn nfqnl_ct_get(struct sk_buff entskb, size_t *size,
	17	enum ip_conntrack_info *ctinfo)
	18	{
	19	struct nfq_ct_hook *nfq_ct;
	20	struct nf_conn *ct;
	21
	22	/* rcu_read_lock()ed by __nf_queue already. */
	23	nfq_ct = rcu_dereference(nfq_ct_hook);
	24	if (nfq_ct == NULL)
	25	return NULL;
	26
	27	ct = nf_ct_get(entskb, ctinfo);
	28	if (ct) {
	29	if (!nf_ct_is_untracked(ct))
	30	*size += nfq_ct->build_size(ct);
	31	else
	32	ct = NULL;
	33	}
	34	return ct;
	35	}
	36
	37	struct nf_conn *
	38	nfqnl_ct_parse(const struct sk_buff skb, const struct nlattr attr,
	39	enum ip_conntrack_info *ctinfo)
	40	{
	41	struct nfq_ct_hook *nfq_ct;
	42	struct nf_conn *ct;
	43
	44	/* rcu_read_lock()ed by __nf_queue already. */
	45	nfq_ct = rcu_dereference(nfq_ct_hook);
	46	if (nfq_ct == NULL)
	47	return NULL;
	48
	49	ct = nf_ct_get(skb, ctinfo);
	50	if (ct && !nf_ct_is_untracked(ct))
	51	nfq_ct->parse(attr, ct);
	52
	53	return ct;
	54	}
	55
	56	int nfqnl_ct_put(struct sk_buff skb, struct nf_conn ct,
	57	enum ip_conntrack_info ctinfo)
	58	{
	59	struct nfq_ct_hook *nfq_ct;
	60	struct nlattr *nest_parms;
	61	u_int32_t tmp;
	62
	63	nfq_ct = rcu_dereference(nfq_ct_hook);
	64	if (nfq_ct == NULL)
65	return 0;
66
67	nest_parms = nla_nest_start(skb, NFQA_CT \| NLA_F_NESTED);
68	if (!nest_parms)
69	goto nla_put_failure;
70
71	if (nfq_ct->build(skb, ct) < 0)
72	goto nla_put_failure;
73
74	nla_nest_end(skb, nest_parms);
75
76	tmp = ctinfo;
77	if (nla_put_be32(skb, NFQA_CT_INFO, htonl(tmp)))
78	goto nla_put_failure;
79
80	return 0;
81
82	nla_put_failure:
83	return -1;
84	}
85
86	void nfqnl_ct_seq_adjust(struct sk_buff skb, struct nf_conn ct,
87	enum ip_conntrack_info ctinfo, int diff)
88	{
d584a61a	89	struct nfq_ct_nat_hook *nfq_nat_ct;
7c622345	90
d584a61a PNA	91	nfq_nat_ct = rcu_dereference(nfq_ct_nat_hook);
d584a61a PNA	92	if (nfq_nat_ct == NULL)
7c622345 PNA	93	return;
	94
	95	if ((ct->status & IPS_NAT_MASK) && diff)
d584a61a	96	nfq_nat_ct->seq_adjust(skb, ct, ctinfo, diff);
7c622345	97	}