nft_fib_inet.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt

nft_fib_inet.c (2024B)

      1// SPDX-License-Identifier: GPL-2.0-only
      2
      3#include <linux/kernel.h>
      4#include <linux/init.h>
      5#include <linux/module.h>
      6#include <linux/netlink.h>
      7#include <linux/netfilter.h>
      8#include <linux/netfilter/nf_tables.h>
      9#include <net/netfilter/nf_tables_core.h>
     10#include <net/netfilter/nf_tables.h>
     11
     12#include <net/netfilter/nft_fib.h>
     13
     14static void nft_fib_inet_eval(const struct nft_expr *expr,
     15			      struct nft_regs *regs,
     16			      const struct nft_pktinfo *pkt)
     17{
     18	const struct nft_fib *priv = nft_expr_priv(expr);
     19
     20	switch (nft_pf(pkt)) {
     21	case NFPROTO_IPV4:
     22		switch (priv->result) {
     23		case NFT_FIB_RESULT_OIF:
     24		case NFT_FIB_RESULT_OIFNAME:
     25			return nft_fib4_eval(expr, regs, pkt);
     26		case NFT_FIB_RESULT_ADDRTYPE:
     27			return nft_fib4_eval_type(expr, regs, pkt);
     28		}
     29		break;
     30	case NFPROTO_IPV6:
     31		switch (priv->result) {
     32		case NFT_FIB_RESULT_OIF:
     33		case NFT_FIB_RESULT_OIFNAME:
     34			return nft_fib6_eval(expr, regs, pkt);
     35		case NFT_FIB_RESULT_ADDRTYPE:
     36			return nft_fib6_eval_type(expr, regs, pkt);
     37		}
     38		break;
     39	}
     40
     41	regs->verdict.code = NF_DROP;
     42}
     43
     44static struct nft_expr_type nft_fib_inet_type;
     45static const struct nft_expr_ops nft_fib_inet_ops = {
     46	.type		= &nft_fib_inet_type,
     47	.size		= NFT_EXPR_SIZE(sizeof(struct nft_fib)),
     48	.eval		= nft_fib_inet_eval,
     49	.init		= nft_fib_init,
     50	.dump		= nft_fib_dump,
     51	.validate	= nft_fib_validate,
     52	.reduce		= nft_fib_reduce,
     53};
     54
     55static struct nft_expr_type nft_fib_inet_type __read_mostly = {
     56	.family		= NFPROTO_INET,
     57	.name		= "fib",
     58	.ops		= &nft_fib_inet_ops,
     59	.policy		= nft_fib_policy,
     60	.maxattr	= NFTA_FIB_MAX,
     61	.owner		= THIS_MODULE,
     62};
     63
     64static int __init nft_fib_inet_module_init(void)
     65{
     66	return nft_register_expr(&nft_fib_inet_type);
     67}
     68
     69static void __exit nft_fib_inet_module_exit(void)
     70{
     71	nft_unregister_expr(&nft_fib_inet_type);
     72}
     73
     74module_init(nft_fib_inet_module_init);
     75module_exit(nft_fib_inet_module_exit);
     76
     77MODULE_LICENSE("GPL");
     78MODULE_AUTHOR("Florian Westphal <fw@strlen.de>");
     79MODULE_ALIAS_NFT_AF_EXPR(1, "fib");
     80MODULE_DESCRIPTION("nftables fib inet support");