nf_conntrack_snmp.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt

nf_conntrack_snmp.c (2048B)

      1// SPDX-License-Identifier: GPL-2.0-or-later
      2/*
      3 *      SNMP service broadcast connection tracking helper
      4 *
      5 *      (c) 2011 Jiri Olsa <jolsa@redhat.com>
      6 */
      7#include <linux/kernel.h>
      8#include <linux/module.h>
      9#include <linux/init.h>
     10#include <linux/in.h>
     11
     12#include <net/netfilter/nf_conntrack.h>
     13#include <net/netfilter/nf_conntrack_helper.h>
     14#include <net/netfilter/nf_conntrack_expect.h>
     15#include <linux/netfilter/nf_conntrack_snmp.h>
     16
     17#define SNMP_PORT	161
     18
     19MODULE_AUTHOR("Jiri Olsa <jolsa@redhat.com>");
     20MODULE_DESCRIPTION("SNMP service broadcast connection tracking helper");
     21MODULE_LICENSE("GPL");
     22MODULE_ALIAS_NFCT_HELPER("snmp");
     23
     24static unsigned int timeout __read_mostly = 30;
     25module_param(timeout, uint, 0400);
     26MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds");
     27
     28int (*nf_nat_snmp_hook)(struct sk_buff *skb,
     29			unsigned int protoff,
     30			struct nf_conn *ct,
     31			enum ip_conntrack_info ctinfo);
     32EXPORT_SYMBOL_GPL(nf_nat_snmp_hook);
     33
     34static int snmp_conntrack_help(struct sk_buff *skb, unsigned int protoff,
     35			       struct nf_conn *ct,
     36			       enum ip_conntrack_info ctinfo)
     37{
     38	typeof(nf_nat_snmp_hook) nf_nat_snmp;
     39
     40	nf_conntrack_broadcast_help(skb, ct, ctinfo, timeout);
     41
     42	nf_nat_snmp = rcu_dereference(nf_nat_snmp_hook);
     43	if (nf_nat_snmp && ct->status & IPS_NAT_MASK)
     44		return nf_nat_snmp(skb, protoff, ct, ctinfo);
     45
     46	return NF_ACCEPT;
     47}
     48
     49static struct nf_conntrack_expect_policy exp_policy = {
     50	.max_expected	= 1,
     51};
     52
     53static struct nf_conntrack_helper helper __read_mostly = {
     54	.name			= "snmp",
     55	.tuple.src.l3num	= NFPROTO_IPV4,
     56	.tuple.src.u.udp.port	= cpu_to_be16(SNMP_PORT),
     57	.tuple.dst.protonum	= IPPROTO_UDP,
     58	.me			= THIS_MODULE,
     59	.help			= snmp_conntrack_help,
     60	.expect_policy		= &exp_policy,
     61};
     62
     63static int __init nf_conntrack_snmp_init(void)
     64{
     65	exp_policy.timeout = timeout;
     66	return nf_conntrack_helper_register(&helper);
     67}
     68
     69static void __exit nf_conntrack_snmp_fini(void)
     70{
     71	nf_conntrack_helper_unregister(&helper);
     72}
     73
     74module_init(nf_conntrack_snmp_init);
     75module_exit(nf_conntrack_snmp_fini);