projects / deliverable / linux.git / blame
| Commit | Line | Data |
|---|---|---|
| 1da177e4 LT |
1 | /* Kernel module to match connection tracking information. */ |
| 2 | ||
| 3 | /* (C) 1999-2001 Paul `Rusty' Russell | |
| 2e4e6a17 | 4 | * (C) 2002-2005 Netfilter Core Team <coreteam@netfilter.org> |
| 1da177e4 LT |
5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify | |
| 7 | * it under the terms of the GNU General Public License version 2 as | |
| 8 | * published by the Free Software Foundation. | |
| 9 | */ | |
| 10 | ||
| 11 | #include <linux/module.h> | |
| 12 | #include <linux/skbuff.h> | |
| 9fb9cbb1 | 13 | #include <net/netfilter/nf_conntrack_compat.h> |
| 2e4e6a17 HW |
14 | #include <linux/netfilter/x_tables.h> |
| 15 | #include <linux/netfilter/xt_state.h> | |
| 1da177e4 LT |
16 | |
| 17 | MODULE_LICENSE("GPL"); | |
| 18 | MODULE_AUTHOR("Rusty Russell <rusty@rustcorp.com.au>"); | |
| 2e4e6a17 HW |
19 | MODULE_DESCRIPTION("ip[6]_tables connection tracking state match module"); |
| 20 | MODULE_ALIAS("ipt_state"); | |
| 21 | MODULE_ALIAS("ip6t_state"); | |
| 1da177e4 LT |
22 | |
| 23 | static int | |
| 24 | match(const struct sk_buff *skb, | |
| 25 | const struct net_device *in, | |
| 26 | const struct net_device *out, | |
| c4986734 | 27 | const struct xt_match *match, |
| 1da177e4 LT |
28 | const void *matchinfo, |
| 29 | int offset, | |
| 2e4e6a17 | 30 | unsigned int protoff, |
| 1da177e4 LT |
31 | int *hotdrop) |
| 32 | { | |
| 2e4e6a17 | 33 | const struct xt_state_info *sinfo = matchinfo; |
| 1da177e4 LT |
34 | enum ip_conntrack_info ctinfo; |
| 35 | unsigned int statebit; | |
| 36 | ||
| 9fb9cbb1 | 37 | if (nf_ct_is_untracked(skb)) |
| 2e4e6a17 | 38 | statebit = XT_STATE_UNTRACKED; |
| 9fb9cbb1 | 39 | else if (!nf_ct_get_ctinfo(skb, &ctinfo)) |
| 2e4e6a17 | 40 | statebit = XT_STATE_INVALID; |
| 1da177e4 | 41 | else |
| 2e4e6a17 | 42 | statebit = XT_STATE_BIT(ctinfo); |
| 1da177e4 LT |
43 | |
| 44 | return (sinfo->statemask & statebit); | |
| 45 | } | |
| 46 | ||
| 2e4e6a17 HW |
47 | static struct xt_match state_match = { |
| 48 | .name = "state", | |
| 5d04bff0 PM |
49 | .match = match, |
| 50 | .matchsize = sizeof(struct xt_state_info), | |
| a45049c5 | 51 | .family = AF_INET, |
| 2e4e6a17 HW |
52 | .me = THIS_MODULE, |
| 53 | }; | |
| 54 | ||
| 55 | static struct xt_match state6_match = { | |
| 1da177e4 | 56 | .name = "state", |
| 5d04bff0 PM |
57 | .match = match, |
| 58 | .matchsize = sizeof(struct xt_state_info), | |
| a45049c5 | 59 | .family = AF_INET6, |
| 1da177e4 LT |
60 | .me = THIS_MODULE, |
| 61 | }; | |
| 62 | ||
| 63 | static int __init init(void) | |
| 64 | { | |
| 2e4e6a17 HW |
65 | int ret; |
| 66 | ||
| 67 | need_conntrack(); | |
| 68 | ||
| a45049c5 | 69 | ret = xt_register_match(&state_match); |
| 2e4e6a17 HW |
70 | if (ret < 0) |
| 71 | return ret; | |
| 72 | ||
| a45049c5 | 73 | ret = xt_register_match(&state6_match); |
| 2e4e6a17 | 74 | if (ret < 0) |
| a45049c5 | 75 | xt_unregister_match(&state_match); |
| 2e4e6a17 HW |
76 | |
| 77 | return ret; | |
| 1da177e4 LT |
78 | } |
| 79 | ||
| 80 | static void __exit fini(void) | |
| 81 | { | |
| a45049c5 PNA |
82 | xt_unregister_match(&state_match); |
| 83 | xt_unregister_match(&state6_match); | |
| 1da177e4 LT |
84 | } |
| 85 | ||
| 86 | module_init(init); | |
| 87 | module_exit(fini); |