[mirror_ubuntu-hirsute-kernel.git] / net / netfilter / xt_helper.c

/* iptables module to match on related connections */
/*
 * (C) 2001 Martin Josefsson <gandalf@wlug.westbo.se>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 *   19 Mar 2002 Harald Welte <laforge@gnumonks.org>:
 *   		 - Port to newnat infrastructure
 */

#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netfilter.h>
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_core.h>
#include <net/netfilter/nf_conntrack_helper.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter/xt_helper.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>");
MODULE_DESCRIPTION("iptables helper match module");
MODULE_ALIAS("ipt_helper");
MODULE_ALIAS("ip6t_helper");

#if 0
#define DEBUGP printk
#else
#define DEBUGP(format, args...)
#endif

static int
match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
      const struct xt_match *match,
      const void *matchinfo,
      int offset,
      unsigned int protoff,
      int *hotdrop)
{
	const struct xt_helper_info *info = matchinfo;
	struct nf_conn *ct;
	struct nf_conn_help *master_help;
	enum ip_conntrack_info ctinfo;
	int ret = info->invert;

	ct = nf_ct_get((struct sk_buff *)skb, &ctinfo);
	if (!ct) {
		DEBUGP("xt_helper: Eek! invalid conntrack?\n");
		return ret;
	}

	if (!ct->master) {
		DEBUGP("xt_helper: conntrack %p has no master\n", ct);
		return ret;
	}

	read_lock_bh(&nf_conntrack_lock);
	master_help = nfct_help(ct->master);
	if (!master_help || !master_help->helper) {
		DEBUGP("xt_helper: master ct %p has no helper\n",
			exp->expectant);
		goto out_unlock;
	}

	DEBUGP("master's name = %s , info->name = %s\n",
		ct->master->helper->name, info->name);

	if (info->name[0] == '\0')
		ret ^= 1;
	else
		ret ^= !strncmp(master_help->helper->name, info->name,
				strlen(master_help->helper->name));
out_unlock:
	read_unlock_bh(&nf_conntrack_lock);
	return ret;
}

static int check(const char *tablename,
		 const void *inf,
		 const struct xt_match *match,
		 void *matchinfo,
		 unsigned int hook_mask)
{
	struct xt_helper_info *info = matchinfo;

	if (nf_ct_l3proto_try_module_get(match->family) < 0) {
		printk(KERN_WARNING "can't load conntrack support for "
				    "proto=%d\n", match->family);
		return 0;
	}
	info->name[29] = '\0';
	return 1;
}

static void
destroy(const struct xt_match *match, void *matchinfo)
{
	nf_ct_l3proto_module_put(match->family);
}

static struct xt_match xt_helper_match[] = {
	{
		.name		= "helper",
		.family		= AF_INET,
		.checkentry	= check,
		.match		= match,
		.destroy	= destroy,
		.matchsize	= sizeof(struct xt_helper_info),
		.me		= THIS_MODULE,
	},
	{
		.name		= "helper",
		.family		= AF_INET6,
		.checkentry	= check,
		.match		= match,
		.destroy	= destroy,
		.matchsize	= sizeof(struct xt_helper_info),
		.me		= THIS_MODULE,
	},
};

static int __init xt_helper_init(void)
{
	return xt_register_matches(xt_helper_match,
				   ARRAY_SIZE(xt_helper_match));
}

static void __exit xt_helper_fini(void)
{
	xt_unregister_matches(xt_helper_match, ARRAY_SIZE(xt_helper_match));
}

module_init(xt_helper_init);
module_exit(xt_helper_fini);
Commit	Line	Data
1da177e4 LT	1	/* iptables module to match on related connections */
	2	/*
	3	* (C) 2001 Martin Josefsson <gandalf@wlug.westbo.se>
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License version 2 as
	7	* published by the Free Software Foundation.
	8	*
	9	* 19 Mar 2002 Harald Welte <laforge@gnumonks.org>:
	10	* - Port to newnat infrastructure
	11	*/
	12
	13	#include <linux/module.h>
	14	#include <linux/skbuff.h>
	15	#include <linux/netfilter.h>
9fb9cbb1 YK	16	#include <net/netfilter/nf_conntrack.h>
	17	#include <net/netfilter/nf_conntrack_core.h>
	18	#include <net/netfilter/nf_conntrack_helper.h>
2e4e6a17 HW	19	#include <linux/netfilter/x_tables.h>
2e4e6a17 HW	20	#include <linux/netfilter/xt_helper.h>
1da177e4 LT	21
	22	MODULE_LICENSE("GPL");
	23	MODULE_AUTHOR("Martin Josefsson <gandalf@netfilter.org>");
	24	MODULE_DESCRIPTION("iptables helper match module");
2e4e6a17 HW	25	MODULE_ALIAS("ipt_helper");
2e4e6a17 HW	26	MODULE_ALIAS("ip6t_helper");
1da177e4 LT	27
	28	#if 0
	29	#define DEBUGP printk
	30	#else
	31	#define DEBUGP(format, args...)
	32	#endif
	33
9fb9cbb1 YK	34	static int
	35	match(const struct sk_buff *skb,
	36	const struct net_device *in,
	37	const struct net_device *out,
c4986734	38	const struct xt_match *match,
9fb9cbb1 YK	39	const void *matchinfo,
9fb9cbb1 YK	40	int offset,
2e4e6a17	41	unsigned int protoff,
9fb9cbb1 YK	42	int *hotdrop)
9fb9cbb1 YK	43	{
2e4e6a17	44	const struct xt_helper_info *info = matchinfo;
9fb9cbb1	45	struct nf_conn *ct;
dc808fe2	46	struct nf_conn_help *master_help;
9fb9cbb1 YK	47	enum ip_conntrack_info ctinfo;
9fb9cbb1 YK	48	int ret = info->invert;
601e68e1	49
9fb9cbb1 YK	50	ct = nf_ct_get((struct sk_buff *)skb, &ctinfo);
9fb9cbb1 YK	51	if (!ct) {
2e4e6a17	52	DEBUGP("xt_helper: Eek! invalid conntrack?\n");
9fb9cbb1 YK	53	return ret;
	54	}
	55
	56	if (!ct->master) {
2e4e6a17	57	DEBUGP("xt_helper: conntrack %p has no master\n", ct);
9fb9cbb1 YK	58	return ret;
	59	}
	60
	61	read_lock_bh(&nf_conntrack_lock);
dc808fe2 HW	62	master_help = nfct_help(ct->master);
dc808fe2 HW	63	if (!master_help \|\| !master_help->helper) {
601e68e1	64	DEBUGP("xt_helper: master ct %p has no helper\n",
9fb9cbb1 YK	65	exp->expectant);
	66	goto out_unlock;
	67	}
	68
601e68e1	69	DEBUGP("master's name = %s , info->name = %s\n",
9fb9cbb1 YK	70	ct->master->helper->name, info->name);
	71
	72	if (info->name[0] == '\0')
	73	ret ^= 1;
	74	else
dc808fe2	75	ret ^= !strncmp(master_help->helper->name, info->name,
601e68e1	76	strlen(master_help->helper->name));
9fb9cbb1 YK	77	out_unlock:
	78	read_unlock_bh(&nf_conntrack_lock);
	79	return ret;
	80	}
9fb9cbb1	81
1da177e4	82	static int check(const char *tablename,
2e4e6a17	83	const void *inf,
c4986734	84	const struct xt_match *match,
1da177e4	85	void *matchinfo,
1da177e4 LT	86	unsigned int hook_mask)
1da177e4 LT	87	{
2e4e6a17	88	struct xt_helper_info *info = matchinfo;
1da177e4	89
b9f78f9f	90	if (nf_ct_l3proto_try_module_get(match->family) < 0) {
fe0b9294	91	printk(KERN_WARNING "can't load conntrack support for "
b9f78f9f PNA	92	"proto=%d\n", match->family);
	93	return 0;
	94	}
1da177e4	95	info->name[29] = '\0';
1da177e4 LT	96	return 1;
	97	}
	98
b9f78f9f	99	static void
efa74165	100	destroy(const struct xt_match match, void matchinfo)
b9f78f9f	101	{
b9f78f9f	102	nf_ct_l3proto_module_put(match->family);
b9f78f9f PNA	103	}
b9f78f9f PNA	104
4470bbc7 PM	105	static struct xt_match xt_helper_match[] = {
	106	{
	107	.name = "helper",
	108	.family = AF_INET,
	109	.checkentry = check,
	110	.match = match,
	111	.destroy = destroy,
	112	.matchsize = sizeof(struct xt_helper_info),
	113	.me = THIS_MODULE,
	114	},
	115	{
	116	.name = "helper",
	117	.family = AF_INET6,
	118	.checkentry = check,
	119	.match = match,
	120	.destroy = destroy,
	121	.matchsize = sizeof(struct xt_helper_info),
	122	.me = THIS_MODULE,
	123	},
1da177e4 LT	124	};
1da177e4 LT	125
65b4b4e8	126	static int __init xt_helper_init(void)
1da177e4	127	{
4470bbc7 PM	128	return xt_register_matches(xt_helper_match,
4470bbc7 PM	129	ARRAY_SIZE(xt_helper_match));
1da177e4 LT	130	}
1da177e4 LT	131
65b4b4e8	132	static void __exit xt_helper_fini(void)
1da177e4	133	{
4470bbc7	134	xt_unregister_matches(xt_helper_match, ARRAY_SIZE(xt_helper_match));
1da177e4 LT	135	}
1da177e4 LT	136
65b4b4e8 AM	137	module_init(xt_helper_init);
65b4b4e8 AM	138	module_exit(xt_helper_fini);
1da177e4	139