[mirror_ubuntu-hirsute-kernel.git] / net / netfilter / nf_flow_table_inet.c

// SPDX-License-Identifier: GPL-2.0-only
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/netfilter.h>
#include <linux/rhashtable.h>
#include <net/netfilter/nf_flow_table.h>
#include <net/netfilter/nf_tables.h>

static unsigned int
nf_flow_offload_inet_hook(void *priv, struct sk_buff *skb,
			  const struct nf_hook_state *state)
{
	switch (skb->protocol) {
	case htons(ETH_P_IP):
		return nf_flow_offload_ip_hook(priv, skb, state);
	case htons(ETH_P_IPV6):
		return nf_flow_offload_ipv6_hook(priv, skb, state);
	}

	return NF_ACCEPT;
}

static int nf_flow_rule_route_inet(struct net *net,
				   const struct flow_offload *flow,
				   enum flow_offload_tuple_dir dir,
				   struct nf_flow_rule *flow_rule)
{
	const struct flow_offload_tuple *flow_tuple = &flow->tuplehash[dir].tuple;
	int err;

	switch (flow_tuple->l3proto) {
	case NFPROTO_IPV4:
		err = nf_flow_rule_route_ipv4(net, flow, dir, flow_rule);
		break;
	case NFPROTO_IPV6:
		err = nf_flow_rule_route_ipv6(net, flow, dir, flow_rule);
		break;
	default:
		err = -1;
		break;
	}

	return err;
}

static struct nf_flowtable_type flowtable_inet = {
	.family		= NFPROTO_INET,
	.init		= nf_flow_table_init,
	.setup		= nf_flow_table_offload_setup,
	.action		= nf_flow_rule_route_inet,
	.free		= nf_flow_table_free,
	.hook		= nf_flow_offload_inet_hook,
	.owner		= THIS_MODULE,
};

static int __init nf_flow_inet_module_init(void)
{
	nft_register_flowtable_type(&flowtable_inet);

	return 0;
}

static void __exit nf_flow_inet_module_exit(void)
{
	nft_unregister_flowtable_type(&flowtable_inet);
}

module_init(nf_flow_inet_module_init);
module_exit(nf_flow_inet_module_exit);

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */
MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module");
Commit	Line	Data
09c434b8	1	// SPDX-License-Identifier: GPL-2.0-only
7c23b629 PNA	2	#include <linux/kernel.h>
	3	#include <linux/init.h>
	4	#include <linux/module.h>
	5	#include <linux/netfilter.h>
	6	#include <linux/rhashtable.h>
	7	#include <net/netfilter/nf_flow_table.h>
	8	#include <net/netfilter/nf_tables.h>
	9
	10	static unsigned int
	11	nf_flow_offload_inet_hook(void priv, struct sk_buff skb,
	12	const struct nf_hook_state *state)
	13	{
	14	switch (skb->protocol) {
	15	case htons(ETH_P_IP):
	16	return nf_flow_offload_ip_hook(priv, skb, state);
	17	case htons(ETH_P_IPV6):
	18	return nf_flow_offload_ipv6_hook(priv, skb, state);
	19	}
	20
	21	return NF_ACCEPT;
	22	}
	23
5c27d8d7 PNA	24	static int nf_flow_rule_route_inet(struct net *net,
	25	const struct flow_offload *flow,
	26	enum flow_offload_tuple_dir dir,
	27	struct nf_flow_rule *flow_rule)
	28	{
	29	const struct flow_offload_tuple *flow_tuple = &flow->tuplehash[dir].tuple;
	30	int err;
	31
	32	switch (flow_tuple->l3proto) {
	33	case NFPROTO_IPV4:
	34	err = nf_flow_rule_route_ipv4(net, flow, dir, flow_rule);
	35	break;
	36	case NFPROTO_IPV6:
	37	err = nf_flow_rule_route_ipv6(net, flow, dir, flow_rule);
	38	break;
	39	default:
	40	err = -1;
	41	break;
	42	}
	43
	44	return err;
	45	}
	46
7c23b629 PNA	47	static struct nf_flowtable_type flowtable_inet = {
7c23b629 PNA	48	.family = NFPROTO_INET,
a268de77	49	.init = nf_flow_table_init,
8bb69f3b	50	.setup = nf_flow_table_offload_setup,
5c27d8d7	51	.action = nf_flow_rule_route_inet,
b408c5b0	52	.free = nf_flow_table_free,
7c23b629 PNA	53	.hook = nf_flow_offload_inet_hook,
	54	.owner = THIS_MODULE,
	55	};
	56
	57	static int __init nf_flow_inet_module_init(void)
	58	{
	59	nft_register_flowtable_type(&flowtable_inet);
	60
	61	return 0;
	62	}
	63
	64	static void __exit nf_flow_inet_module_exit(void)
	65	{
	66	nft_unregister_flowtable_type(&flowtable_inet);
	67	}
	68
	69	module_init(nf_flow_inet_module_init);
	70	module_exit(nf_flow_inet_module_exit);
	71
	72	MODULE_LICENSE("GPL");
	73	MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
	74	MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */
4cacc395	75	MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module");