search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix a kmap leak in virtio_console
[linux/fpc-iii.git] / net / netfilter / nft_queue.c
blobcbea473d69e953e9ba9e9d36ec4962aa3af57c1e
1 /*
2 * Copyright (c) 2013 Eric Leblond <eric@regit.org>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 *
8 * Development of this code partly funded by OISF
9 * (http://www.openinfosecfoundation.org/)
10 */
11
12 #include <linux/kernel.h>
13 #include <linux/init.h>
14 #include <linux/module.h>
15 #include <linux/netlink.h>
16 #include <linux/jhash.h>
17 #include <linux/netfilter.h>
18 #include <linux/netfilter/nf_tables.h>
19 #include <net/netfilter/nf_tables.h>
20 #include <net/netfilter/nf_queue.h>
21
22 static u32 jhash_initval __read_mostly;
23
24 struct nft_queue {
25 u16 queuenum;
26 u16 queues_total;
27 u16 flags;
28 u8 family;
29 };
30
31 static void nft_queue_eval(const struct nft_expr *expr,
32 struct nft_data data[NFT_REG_MAX + 1],
33 const struct nft_pktinfo *pkt)
34 {
35 struct nft_queue *priv = nft_expr_priv(expr);
36 u32 queue = priv->queuenum;
37 u32 ret;
38
39 if (priv->queues_total > 1) {
40 if (priv->flags & NFT_QUEUE_FLAG_CPU_FANOUT) {
41 int cpu = smp_processor_id();
42
43 queue = priv->queuenum + cpu % priv->queues_total;
44 } else {
45 queue = nfqueue_hash(pkt->skb, queue,
46 priv->queues_total, priv->family,
47 jhash_initval);
48 }
49 }
50
51 ret = NF_QUEUE_NR(queue);
52 if (priv->flags & NFT_QUEUE_FLAG_BYPASS)
53 ret |= NF_VERDICT_FLAG_QUEUE_BYPASS;
54
55 data[NFT_REG_VERDICT].verdict = ret;
56 }
57
58 static const struct nla_policy nft_queue_policy[NFTA_QUEUE_MAX + 1] = {
59 [NFTA_QUEUE_NUM] = { .type = NLA_U16 },
60 [NFTA_QUEUE_TOTAL] = { .type = NLA_U16 },
61 [NFTA_QUEUE_FLAGS] = { .type = NLA_U16 },
62 };
63
64 static int nft_queue_init(const struct nft_ctx *ctx,
65 const struct nft_expr *expr,
66 const struct nlattr * const tb[])
67 {
68 struct nft_queue *priv = nft_expr_priv(expr);
69
70 if (tb[NFTA_QUEUE_NUM] == NULL)
71 return -EINVAL;
72
73 init_hashrandom(&jhash_initval);
74 priv->family = ctx->afi->family;
75 priv->queuenum = ntohs(nla_get_be16(tb[NFTA_QUEUE_NUM]));
76
77 if (tb[NFTA_QUEUE_TOTAL] != NULL)
78 priv->queues_total = ntohs(nla_get_be16(tb[NFTA_QUEUE_TOTAL]));
79 if (tb[NFTA_QUEUE_FLAGS] != NULL) {
80 priv->flags = ntohs(nla_get_be16(tb[NFTA_QUEUE_FLAGS]));
81 if (priv->flags & ~NFT_QUEUE_FLAG_MASK)
82 return -EINVAL;
83 }
84 return 0;
85 }
86
87 static int nft_queue_dump(struct sk_buff *skb, const struct nft_expr *expr)
88 {
89 const struct nft_queue *priv = nft_expr_priv(expr);
90
91 if (nla_put_be16(skb, NFTA_QUEUE_NUM, htons(priv->queuenum)) ||
92 nla_put_be16(skb, NFTA_QUEUE_TOTAL, htons(priv->queues_total)) ||
93 nla_put_be16(skb, NFTA_QUEUE_FLAGS, htons(priv->flags)))
94 goto nla_put_failure;
95
96 return 0;
97
98 nla_put_failure:
99 return -1;
100 }
101
102 static struct nft_expr_type nft_queue_type;
103 static const struct nft_expr_ops nft_queue_ops = {
104 .type = &nft_queue_type,
105 .size = NFT_EXPR_SIZE(sizeof(struct nft_queue)),
106 .eval = nft_queue_eval,
107 .init = nft_queue_init,
108 .dump = nft_queue_dump,
109 };
110
111 static struct nft_expr_type nft_queue_type __read_mostly = {
112 .name = "queue",
113 .ops = &nft_queue_ops,
114 .policy = nft_queue_policy,
115 .maxattr = NFTA_QUEUE_MAX,
116 .owner = THIS_MODULE,
117 };
118
119 static int __init nft_queue_module_init(void)
120 {
121 return nft_register_expr(&nft_queue_type);
122 }
123
124 static void __exit nft_queue_module_exit(void)
125 {
126 nft_unregister_expr(&nft_queue_type);
127 }
128
129 module_init(nft_queue_module_init);
130 module_exit(nft_queue_module_exit);
131
132 MODULE_LICENSE("GPL");
133 MODULE_AUTHOR("Eric Leblond <eric@regit.org>");
134 MODULE_ALIAS_NFT_EXPR("queue");
Linux with added FPC-III support