[mirror_ubuntu-jammy-kernel.git] / net / netfilter / nf_conntrack_labels.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * test/set flag bits stored in conntrack extension area.
 *
 * (C) 2013 Astaro GmbH & Co KG
 */

#include <linux/export.h>
#include <linux/types.h>

#include <net/netfilter/nf_conntrack_ecache.h>
#include <net/netfilter/nf_conntrack_labels.h>

static DEFINE_SPINLOCK(nf_connlabels_lock);

static int replace_u32(u32 *address, u32 mask, u32 new)
{
	u32 old, tmp;

	do {
		old = *address;
		tmp = (old & mask) ^ new;
		if (old == tmp)
			return 0;
	} while (cmpxchg(address, old, tmp) != old);

	return 1;
}

int nf_connlabels_replace(struct nf_conn *ct,
			  const u32 *data,
			  const u32 *mask, unsigned int words32)
{
	struct nf_conn_labels *labels;
	unsigned int size, i;
	int changed = 0;
	u32 *dst;

	labels = nf_ct_labels_find(ct);
	if (!labels)
		return -ENOSPC;

	size = sizeof(labels->bits);
	if (size < (words32 * sizeof(u32)))
		words32 = size / sizeof(u32);

	dst = (u32 *) labels->bits;
	for (i = 0; i < words32; i++)
		changed |= replace_u32(&dst[i], mask ? ~mask[i] : 0, data[i]);

	size /= sizeof(u32);
	for (i = words32; i < size; i++) /* pad */
		replace_u32(&dst[i], 0, 0);

	if (changed)
		nf_conntrack_event_cache(IPCT_LABEL, ct);
	return 0;
}
EXPORT_SYMBOL_GPL(nf_connlabels_replace);

int nf_connlabels_get(struct net *net, unsigned int bits)
{
	if (BIT_WORD(bits) >= NF_CT_LABELS_MAX_SIZE / sizeof(long))
		return -ERANGE;

	spin_lock(&nf_connlabels_lock);
	net->ct.labels_used++;
	spin_unlock(&nf_connlabels_lock);

	return 0;
}
EXPORT_SYMBOL_GPL(nf_connlabels_get);

void nf_connlabels_put(struct net *net)
{
	spin_lock(&nf_connlabels_lock);
	net->ct.labels_used--;
	spin_unlock(&nf_connlabels_lock);
}
EXPORT_SYMBOL_GPL(nf_connlabels_put);

static const struct nf_ct_ext_type labels_extend = {
	.len    = sizeof(struct nf_conn_labels),
	.align  = __alignof__(struct nf_conn_labels),
	.id     = NF_CT_EXT_LABELS,
};

int nf_conntrack_labels_init(void)
{
	BUILD_BUG_ON(NF_CT_LABELS_MAX_SIZE / sizeof(long) >= U8_MAX);

	return nf_ct_extend_register(&labels_extend);
}

void nf_conntrack_labels_fini(void)
{
	nf_ct_extend_unregister(&labels_extend);
}
Commit	Line	Data
d2912cb1	1	// SPDX-License-Identifier: GPL-2.0-only
c539f017 FW	2	/*
	3	* test/set flag bits stored in conntrack extension area.
	4	*
	5	* (C) 2013 Astaro GmbH & Co KG
c539f017 FW	6	*/
c539f017 FW	7
c539f017	8	#include <linux/export.h>
c539f017	9	#include <linux/types.h>
c539f017 FW	10
	11	#include <net/netfilter/nf_conntrack_ecache.h>
	12	#include <net/netfilter/nf_conntrack_labels.h>
	13
44b63b0a	14	static DEFINE_SPINLOCK(nf_connlabels_lock);
86ca02e7	15
5a8145f7	16	static int replace_u32(u32 *address, u32 mask, u32 new)
9b21f6a9 FW	17	{
	18	u32 old, tmp;
	19
	20	do {
	21	old = *address;
	22	tmp = (old & mask) ^ new;
5a8145f7 FW	23	if (old == tmp)
5a8145f7 FW	24	return 0;
9b21f6a9	25	} while (cmpxchg(address, old, tmp) != old);
5a8145f7 FW	26
5a8145f7 FW	27	return 1;
9b21f6a9 FW	28	}
	29
	30	int nf_connlabels_replace(struct nf_conn *ct,
	31	const u32 *data,
	32	const u32 *mask, unsigned int words32)
	33	{
	34	struct nf_conn_labels *labels;
	35	unsigned int size, i;
5a8145f7	36	int changed = 0;
9b21f6a9 FW	37	u32 *dst;
	38
	39	labels = nf_ct_labels_find(ct);
	40	if (!labels)
	41	return -ENOSPC;
	42
23014011	43	size = sizeof(labels->bits);
9b21f6a9 FW	44	if (size < (words32 * sizeof(u32)))
	45	words32 = size / sizeof(u32);
	46
	47	dst = (u32 *) labels->bits;
5a8145f7 FW	48	for (i = 0; i < words32; i++)
5a8145f7 FW	49	changed \|= replace_u32(&dst[i], mask ? ~mask[i] : 0, data[i]);
9b21f6a9 FW	50
	51	size /= sizeof(u32);
	52	for (i = words32; i < size; i++) /* pad */
	53	replace_u32(&dst[i], 0, 0);
	54
5a8145f7 FW	55	if (changed)
5a8145f7 FW	56	nf_conntrack_event_cache(IPCT_LABEL, ct);
9b21f6a9 FW	57	return 0;
	58	}
	59	EXPORT_SYMBOL_GPL(nf_connlabels_replace);
9b21f6a9	60
adff6c65	61	int nf_connlabels_get(struct net *net, unsigned int bits)
86ca02e7	62	{
23014011	63	if (BIT_WORD(bits) >= NF_CT_LABELS_MAX_SIZE / sizeof(long))
86ca02e7 JS	64	return -ERANGE;
86ca02e7 JS	65
86ca02e7 JS	66	spin_lock(&nf_connlabels_lock);
86ca02e7 JS	67	net->ct.labels_used++;
86ca02e7 JS	68	spin_unlock(&nf_connlabels_lock);
	69
	70	return 0;
	71	}
	72	EXPORT_SYMBOL_GPL(nf_connlabels_get);
	73
	74	void nf_connlabels_put(struct net *net)
	75	{
	76	spin_lock(&nf_connlabels_lock);
	77	net->ct.labels_used--;
86ca02e7 JS	78	spin_unlock(&nf_connlabels_lock);
	79	}
	80	EXPORT_SYMBOL_GPL(nf_connlabels_put);
	81
23f671a1	82	static const struct nf_ct_ext_type labels_extend = {
c539f017 FW	83	.len = sizeof(struct nf_conn_labels),
	84	.align = __alignof__(struct nf_conn_labels),
	85	.id = NF_CT_EXT_LABELS,
	86	};
	87
5f69b8f5	88	int nf_conntrack_labels_init(void)
c539f017	89	{
adff6c65 FW	90	BUILD_BUG_ON(NF_CT_LABELS_MAX_SIZE / sizeof(long) >= U8_MAX);
adff6c65 FW	91
5f69b8f5	92	return nf_ct_extend_register(&labels_extend);
c539f017 FW	93	}
c539f017 FW	94
5f69b8f5	95	void nf_conntrack_labels_fini(void)
c539f017	96	{
5f69b8f5	97	nf_ct_extend_unregister(&labels_extend);
c539f017	98	}