xref: /linux/net/bridge/netfilter/ebt_mark_m.c (revision 0be3ff0c) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *  ebt_mark_m
4  *
5  *	Authors:
6  *	Bart De Schuymer <bdschuym@pandora.be>
7  *
8  *  July, 2002
9  *
10  */
11 #include <linux/module.h>
12 #include <linux/netfilter/x_tables.h>
13 #include <linux/netfilter_bridge/ebtables.h>
14 #include <linux/netfilter_bridge/ebt_mark_m.h>
15 
16 static bool
17 ebt_mark_mt(const struct sk_buff *skb, struct xt_action_param *par)
18 {
19 	const struct ebt_mark_m_info *info = par->matchinfo;
20 
21 	if (info->bitmask & EBT_MARK_OR)
22 		return !!(skb->mark & info->mask) ^ info->invert;
23 	return ((skb->mark & info->mask) == info->mark) ^ info->invert;
24 }
25 
26 static int ebt_mark_mt_check(const struct xt_mtchk_param *par)
27 {
28 	const struct ebt_mark_m_info *info = par->matchinfo;
29 
30 	if (info->bitmask & ~EBT_MARK_MASK)
31 		return -EINVAL;
32 	if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND))
33 		return -EINVAL;
34 	if (!info->bitmask)
35 		return -EINVAL;
36 	return 0;
37 }
38 
39 
40 #ifdef CONFIG_NETFILTER_XTABLES_COMPAT
41 struct compat_ebt_mark_m_info {
42 	compat_ulong_t mark, mask;
43 	uint8_t invert, bitmask;
44 };
45 
46 static void mark_mt_compat_from_user(void *dst, const void *src)
47 {
48 	const struct compat_ebt_mark_m_info *user = src;
49 	struct ebt_mark_m_info *kern = dst;
50 
51 	kern->mark = user->mark;
52 	kern->mask = user->mask;
53 	kern->invert = user->invert;
54 	kern->bitmask = user->bitmask;
55 }
56 
57 static int mark_mt_compat_to_user(void __user *dst, const void *src)
58 {
59 	struct compat_ebt_mark_m_info __user *user = dst;
60 	const struct ebt_mark_m_info *kern = src;
61 
62 	if (put_user(kern->mark, &user->mark) ||
63 	    put_user(kern->mask, &user->mask) ||
64 	    put_user(kern->invert, &user->invert) ||
65 	    put_user(kern->bitmask, &user->bitmask))
66 		return -EFAULT;
67 	return 0;
68 }
69 #endif
70 
71 static struct xt_match ebt_mark_mt_reg __read_mostly = {
72 	.name		= "mark_m",
73 	.revision	= 0,
74 	.family		= NFPROTO_BRIDGE,
75 	.match		= ebt_mark_mt,
76 	.checkentry	= ebt_mark_mt_check,
77 	.matchsize	= sizeof(struct ebt_mark_m_info),
78 #ifdef CONFIG_NETFILTER_XTABLES_COMPAT
79 	.compatsize	= sizeof(struct compat_ebt_mark_m_info),
80 	.compat_from_user = mark_mt_compat_from_user,
81 	.compat_to_user	= mark_mt_compat_to_user,
82 #endif
83 	.me		= THIS_MODULE,
84 };
85 
86 static int __init ebt_mark_m_init(void)
87 {
88 	return xt_register_match(&ebt_mark_mt_reg);
89 }
90 
91 static void __exit ebt_mark_m_fini(void)
92 {
93 	xt_unregister_match(&ebt_mark_mt_reg);
94 }
95 
96 module_init(ebt_mark_m_init);
97 module_exit(ebt_mark_m_fini);
98 MODULE_DESCRIPTION("Ebtables: Packet mark match");
99 MODULE_LICENSE("GPL");
100