2 * Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
8 * Development of this code funded by Astaro AG (http://www.astaro.com/)
11 #include <linux/kernel.h>
12 #include <linux/init.h>
13 #include <linux/module.h>
14 #include <linux/netlink.h>
15 #include <linux/netfilter.h>
16 #include <linux/netfilter/nf_tables.h>
17 #include <net/netfilter/nf_tables.h>
25 enum nft_registers dreg
:8;
28 static void nft_exthdr_eval(const struct nft_expr
*expr
,
29 struct nft_data data
[NFT_REG_MAX
+ 1],
30 const struct nft_pktinfo
*pkt
)
32 struct nft_exthdr
*priv
= nft_expr_priv(expr
);
33 struct nft_data
*dest
= &data
[priv
->dreg
];
34 unsigned int offset
= 0;
37 err
= ipv6_find_hdr(pkt
->skb
, &offset
, priv
->type
, NULL
, NULL
);
40 offset
+= priv
->offset
;
42 if (skb_copy_bits(pkt
->skb
, offset
, dest
->data
, priv
->len
) < 0)
46 data
[NFT_REG_VERDICT
].verdict
= NFT_BREAK
;
49 static const struct nla_policy nft_exthdr_policy
[NFTA_EXTHDR_MAX
+ 1] = {
50 [NFTA_EXTHDR_DREG
] = { .type
= NLA_U32
},
51 [NFTA_EXTHDR_TYPE
] = { .type
= NLA_U8
},
52 [NFTA_EXTHDR_OFFSET
] = { .type
= NLA_U32
},
53 [NFTA_EXTHDR_LEN
] = { .type
= NLA_U32
},
56 static int nft_exthdr_init(const struct nft_ctx
*ctx
,
57 const struct nft_expr
*expr
,
58 const struct nlattr
* const tb
[])
60 struct nft_exthdr
*priv
= nft_expr_priv(expr
);
63 if (tb
[NFTA_EXTHDR_DREG
] == NULL
||
64 tb
[NFTA_EXTHDR_TYPE
] == NULL
||
65 tb
[NFTA_EXTHDR_OFFSET
] == NULL
||
66 tb
[NFTA_EXTHDR_LEN
] == NULL
)
69 priv
->type
= nla_get_u8(tb
[NFTA_EXTHDR_TYPE
]);
70 priv
->offset
= ntohl(nla_get_be32(tb
[NFTA_EXTHDR_OFFSET
]));
71 priv
->len
= ntohl(nla_get_be32(tb
[NFTA_EXTHDR_LEN
]));
73 priv
->len
> FIELD_SIZEOF(struct nft_data
, data
))
76 priv
->dreg
= ntohl(nla_get_be32(tb
[NFTA_EXTHDR_DREG
]));
77 err
= nft_validate_output_register(priv
->dreg
);
80 return nft_validate_data_load(ctx
, priv
->dreg
, NULL
, NFT_DATA_VALUE
);
83 static int nft_exthdr_dump(struct sk_buff
*skb
, const struct nft_expr
*expr
)
85 const struct nft_exthdr
*priv
= nft_expr_priv(expr
);
87 if (nla_put_be32(skb
, NFTA_EXTHDR_DREG
, htonl(priv
->dreg
)))
89 if (nla_put_u8(skb
, NFTA_EXTHDR_TYPE
, priv
->type
))
91 if (nla_put_be32(skb
, NFTA_EXTHDR_OFFSET
, htonl(priv
->offset
)))
93 if (nla_put_be32(skb
, NFTA_EXTHDR_LEN
, htonl(priv
->len
)))
101 static struct nft_expr_type nft_exthdr_type
;
102 static const struct nft_expr_ops nft_exthdr_ops
= {
103 .type
= &nft_exthdr_type
,
104 .size
= NFT_EXPR_SIZE(sizeof(struct nft_exthdr
)),
105 .eval
= nft_exthdr_eval
,
106 .init
= nft_exthdr_init
,
107 .dump
= nft_exthdr_dump
,
110 static struct nft_expr_type nft_exthdr_type __read_mostly
= {
112 .ops
= &nft_exthdr_ops
,
113 .policy
= nft_exthdr_policy
,
114 .maxattr
= NFTA_EXTHDR_MAX
,
115 .owner
= THIS_MODULE
,
118 static int __init
nft_exthdr_module_init(void)
120 return nft_register_expr(&nft_exthdr_type
);
123 static void __exit
nft_exthdr_module_exit(void)
125 nft_unregister_expr(&nft_exthdr_type
);
128 module_init(nft_exthdr_module_init
);
129 module_exit(nft_exthdr_module_exit
);
131 MODULE_LICENSE("GPL");
132 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
133 MODULE_ALIAS_NFT_EXPR("exthdr");
