net/netfilter/nf_conntrack_labels.c

   1 /*
   2  * test/set flag bits stored in conntrack extension area.
   3  *
   4  * (C) 2013 Astaro GmbH & Co KG
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License version 2 as
   8  * published by the Free Software Foundation.
   9  */
  10
  11 #include <linux/export.h>
  12 #include <linux/types.h>
  13
  14 #include <net/netfilter/nf_conntrack_ecache.h>
  15 #include <net/netfilter/nf_conntrack_labels.h>
  16
  17 static spinlock_t nf_connlabels_lock;
  18
  19 int nf_connlabel_set(struct nf_conn *ct, u16 bit)
  20 {
  21         struct nf_conn_labels *labels = nf_ct_labels_find(ct);
  22
  23         if (!labels || BIT_WORD(bit) >= labels->words)
  24                 return -ENOSPC;
  25
  26         if (test_bit(bit, labels->bits))
  27                 return 0;
  28
  29         if (!test_and_set_bit(bit, labels->bits))
  30                 nf_conntrack_event_cache(IPCT_LABEL, ct);
  31
  32         return 0;
  33 }
  34 EXPORT_SYMBOL_GPL(nf_connlabel_set);
  35
  36 static int replace_u32(u32 *address, u32 mask, u32 new)
  37 {
  38         u32 old, tmp;
  39
  40         do {
  41                 old = *address;
  42                 tmp = (old & mask) ^ new;
  43                 if (old == tmp)
  44                         return 0;
  45         } while (cmpxchg(address, old, tmp) != old);
  46
  47         return 1;
  48 }
  49
  50 int nf_connlabels_replace(struct nf_conn *ct,
  51                           const u32 *data,
  52                           const u32 *mask, unsigned int words32)
  53 {
  54         struct nf_conn_labels *labels;
  55         unsigned int size, i;
  56         int changed = 0;
  57         u32 *dst;
  58
  59         labels = nf_ct_labels_find(ct);
  60         if (!labels)
  61                 return -ENOSPC;
  62
  63         size = labels->words * sizeof(long);
  64         if (size < (words32 * sizeof(u32)))
  65                 words32 = size / sizeof(u32);
  66
  67         dst = (u32 *) labels->bits;
  68         for (i = 0; i < words32; i++)
  69                 changed |= replace_u32(&dst[i], mask ? ~mask[i] : 0, data[i]);
  70
  71         size /= sizeof(u32);
  72         for (i = words32; i < size; i++) /* pad */
  73                 replace_u32(&dst[i], 0, 0);
  74
  75         if (changed)
  76                 nf_conntrack_event_cache(IPCT_LABEL, ct);
  77         return 0;
  78 }
  79 EXPORT_SYMBOL_GPL(nf_connlabels_replace);
  80
  81 int nf_connlabels_get(struct net *net, unsigned int bits)
  82 {
  83         size_t words;
  84
  85         words = BIT_WORD(bits) + 1;
  86         if (words > NF_CT_LABELS_MAX_SIZE / sizeof(long))
  87                 return -ERANGE;
  88
  89         spin_lock(&nf_connlabels_lock);
  90         net->ct.labels_used++;
  91         if (words > net->ct.label_words)
  92                 net->ct.label_words = words;
  93         spin_unlock(&nf_connlabels_lock);
  94
  95         return 0;
  96 }
  97 EXPORT_SYMBOL_GPL(nf_connlabels_get);
  98
  99 void nf_connlabels_put(struct net *net)
 100 {
 101         spin_lock(&nf_connlabels_lock);
 102         net->ct.labels_used--;
 103         if (net->ct.labels_used == 0)
 104                 net->ct.label_words = 0;
 105         spin_unlock(&nf_connlabels_lock);
 106 }
 107 EXPORT_SYMBOL_GPL(nf_connlabels_put);
 108
 109 static struct nf_ct_ext_type labels_extend __read_mostly = {
 110         .len    = sizeof(struct nf_conn_labels),
 111         .align  = __alignof__(struct nf_conn_labels),
 112         .id     = NF_CT_EXT_LABELS,
 113 };
 114
 115 int nf_conntrack_labels_init(void)
 116 {
 117         BUILD_BUG_ON(NF_CT_LABELS_MAX_SIZE / sizeof(long) >= U8_MAX);
 118
 119         spin_lock_init(&nf_connlabels_lock);
 120         return nf_ct_extend_register(&labels_extend);
 121 }
 122
 123 void nf_conntrack_labels_fini(void)
 124 {
 125         nf_ct_extend_unregister(&labels_extend);
 126 }