// SPDX-License-Identifier: GPL-2.0-only /* * Copyright (c) 2008-2009 Patrick McHardy <[email protected]> * Copyright (c) 2016 Pablo Neira Ayuso <[email protected]> * * Development of this code funded by Astaro AG (http://www.astaro.com/) */ #include <linux/kernel.h> #include <linux/init.h> #include <linux/module.h> #include <linux/netlink.h> #include <linux/netfilter.h> #include <linux/netfilter/nf_tables.h> #include <net/netfilter/nf_tables_core.h> #include <net/netfilter/nf_conntrack.h> #include <net/netfilter/nf_conntrack_acct.h> #include <net/netfilter/nf_conntrack_tuple.h> #include <net/netfilter/nf_conntrack_helper.h> #include <net/netfilter/nf_conntrack_ecache.h> #include <net/netfilter/nf_conntrack_labels.h> #include <net/netfilter/nf_conntrack_timeout.h> #include <net/netfilter/nf_conntrack_l4proto.h> #include <net/netfilter/nf_conntrack_expect.h> struct nft_ct_helper_obj { … }; #ifdef CONFIG_NF_CONNTRACK_ZONES static DEFINE_PER_CPU(struct nf_conn *, nft_ct_pcpu_template); static unsigned int nft_ct_pcpu_template_refcnt __read_mostly; static DEFINE_MUTEX(nft_ct_pcpu_mutex); #endif static u64 nft_ct_get_eval_counter(const struct nf_conn_counter *c, enum nft_ct_keys k, enum ip_conntrack_dir d) { … } static void nft_ct_get_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) { … } #ifdef CONFIG_NF_CONNTRACK_ZONES static void nft_ct_set_zone_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) { … } #endif static void nft_ct_set_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) { … } static const struct nla_policy nft_ct_policy[NFTA_CT_MAX + 1] = …; #ifdef CONFIG_NF_CONNTRACK_ZONES static void nft_ct_tmpl_put_pcpu(void) { … } static bool nft_ct_tmpl_alloc_pcpu(void) { … } #endif static int nft_ct_get_init(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nlattr * const tb[]) { … } static void __nft_ct_set_destroy(const struct nft_ctx *ctx, struct nft_ct *priv) { … } static int nft_ct_set_init(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nlattr * const tb[]) { … } static void nft_ct_get_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) { … } static void nft_ct_set_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) { … } static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr, bool reset) { … } static bool nft_ct_get_reduce(struct nft_regs_track *track, const struct nft_expr *expr) { … } static int nft_ct_set_dump(struct sk_buff *skb, const struct nft_expr *expr, bool reset) { … } static struct nft_expr_type nft_ct_type; static const struct nft_expr_ops nft_ct_get_ops = …; static bool nft_ct_set_reduce(struct nft_regs_track *track, const struct nft_expr *expr) { … } #ifdef CONFIG_MITIGATION_RETPOLINE static const struct nft_expr_ops nft_ct_get_fast_ops = …; #endif static const struct nft_expr_ops nft_ct_set_ops = …; #ifdef CONFIG_NF_CONNTRACK_ZONES static const struct nft_expr_ops nft_ct_set_zone_ops = …; #endif static const struct nft_expr_ops * nft_ct_select_ops(const struct nft_ctx *ctx, const struct nlattr * const tb[]) { … } static struct nft_expr_type nft_ct_type __read_mostly = …; static void nft_notrack_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) { … } static struct nft_expr_type nft_notrack_type; static const struct nft_expr_ops nft_notrack_ops = …; static struct nft_expr_type nft_notrack_type __read_mostly = …; #ifdef CONFIG_NF_CONNTRACK_TIMEOUT static int nft_ct_timeout_parse_policy(void *timeouts, const struct nf_conntrack_l4proto *l4proto, struct net *net, const struct nlattr *attr) { … } struct nft_ct_timeout_obj { … }; static void nft_ct_timeout_obj_eval(struct nft_object *obj, struct nft_regs *regs, const struct nft_pktinfo *pkt) { … } static int nft_ct_timeout_obj_init(const struct nft_ctx *ctx, const struct nlattr * const tb[], struct nft_object *obj) { … } static void nft_ct_timeout_obj_destroy(const struct nft_ctx *ctx, struct nft_object *obj) { … } static int nft_ct_timeout_obj_dump(struct sk_buff *skb, struct nft_object *obj, bool reset) { … } static const struct nla_policy nft_ct_timeout_policy[NFTA_CT_TIMEOUT_MAX + 1] = …; static struct nft_object_type nft_ct_timeout_obj_type; static const struct nft_object_ops nft_ct_timeout_obj_ops = …; static struct nft_object_type nft_ct_timeout_obj_type __read_mostly = …; #endif /* CONFIG_NF_CONNTRACK_TIMEOUT */ static int nft_ct_helper_obj_init(const struct nft_ctx *ctx, const struct nlattr * const tb[], struct nft_object *obj) { … } static void nft_ct_helper_obj_destroy(const struct nft_ctx *ctx, struct nft_object *obj) { … } static void nft_ct_helper_obj_eval(struct nft_object *obj, struct nft_regs *regs, const struct nft_pktinfo *pkt) { … } static int nft_ct_helper_obj_dump(struct sk_buff *skb, struct nft_object *obj, bool reset) { … } static const struct nla_policy nft_ct_helper_policy[NFTA_CT_HELPER_MAX + 1] = …; static struct nft_object_type nft_ct_helper_obj_type; static const struct nft_object_ops nft_ct_helper_obj_ops = …; static struct nft_object_type nft_ct_helper_obj_type __read_mostly = …; struct nft_ct_expect_obj { … }; static int nft_ct_expect_obj_init(const struct nft_ctx *ctx, const struct nlattr * const tb[], struct nft_object *obj) { … } static void nft_ct_expect_obj_destroy(const struct nft_ctx *ctx, struct nft_object *obj) { … } static int nft_ct_expect_obj_dump(struct sk_buff *skb, struct nft_object *obj, bool reset) { … } static void nft_ct_expect_obj_eval(struct nft_object *obj, struct nft_regs *regs, const struct nft_pktinfo *pkt) { … } static const struct nla_policy nft_ct_expect_policy[NFTA_CT_EXPECT_MAX + 1] = …; static struct nft_object_type nft_ct_expect_obj_type; static const struct nft_object_ops nft_ct_expect_obj_ops = …; static struct nft_object_type nft_ct_expect_obj_type __read_mostly = …; static int __init nft_ct_module_init(void) { … } static void __exit nft_ct_module_exit(void) { … } module_init(…) …; module_exit(nft_ct_module_exit); MODULE_LICENSE(…) …; MODULE_AUTHOR(…) …; MODULE_ALIAS_NFT_EXPR(…) …; MODULE_ALIAS_NFT_EXPR(…) …; MODULE_ALIAS_NFT_OBJ(…); MODULE_ALIAS_NFT_OBJ(…); MODULE_ALIAS_NFT_OBJ(…); MODULE_DESCRIPTION(…) …;
Codebase Browser
linux