nft_fib_netdev.c (2311B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* 3 * Copyright (c) 2017 Pablo M. Bermudo Garay <pablombg@gmail.com> 4 * 5 * This code is based on net/netfilter/nft_fib_inet.c, written by 6 * Florian Westphal <fw@strlen.de>. 7 */ 8 9#include <linux/kernel.h> 10#include <linux/init.h> 11#include <linux/module.h> 12#include <linux/netlink.h> 13#include <linux/netfilter.h> 14#include <linux/netfilter/nf_tables.h> 15#include <net/netfilter/nf_tables_core.h> 16#include <net/netfilter/nf_tables.h> 17#include <net/ipv6.h> 18 19#include <net/netfilter/nft_fib.h> 20 21static void nft_fib_netdev_eval(const struct nft_expr *expr, 22 struct nft_regs *regs, 23 const struct nft_pktinfo *pkt) 24{ 25 const struct nft_fib *priv = nft_expr_priv(expr); 26 27 switch (ntohs(pkt->skb->protocol)) { 28 case ETH_P_IP: 29 switch (priv->result) { 30 case NFT_FIB_RESULT_OIF: 31 case NFT_FIB_RESULT_OIFNAME: 32 return nft_fib4_eval(expr, regs, pkt); 33 case NFT_FIB_RESULT_ADDRTYPE: 34 return nft_fib4_eval_type(expr, regs, pkt); 35 } 36 break; 37 case ETH_P_IPV6: 38 if (!ipv6_mod_enabled()) 39 break; 40 switch (priv->result) { 41 case NFT_FIB_RESULT_OIF: 42 case NFT_FIB_RESULT_OIFNAME: 43 return nft_fib6_eval(expr, regs, pkt); 44 case NFT_FIB_RESULT_ADDRTYPE: 45 return nft_fib6_eval_type(expr, regs, pkt); 46 } 47 break; 48 } 49 50 regs->verdict.code = NFT_BREAK; 51} 52 53static struct nft_expr_type nft_fib_netdev_type; 54static const struct nft_expr_ops nft_fib_netdev_ops = { 55 .type = &nft_fib_netdev_type, 56 .size = NFT_EXPR_SIZE(sizeof(struct nft_fib)), 57 .eval = nft_fib_netdev_eval, 58 .init = nft_fib_init, 59 .dump = nft_fib_dump, 60 .validate = nft_fib_validate, 61 .reduce = nft_fib_reduce, 62}; 63 64static struct nft_expr_type nft_fib_netdev_type __read_mostly = { 65 .family = NFPROTO_NETDEV, 66 .name = "fib", 67 .ops = &nft_fib_netdev_ops, 68 .policy = nft_fib_policy, 69 .maxattr = NFTA_FIB_MAX, 70 .owner = THIS_MODULE, 71}; 72 73static int __init nft_fib_netdev_module_init(void) 74{ 75 return nft_register_expr(&nft_fib_netdev_type); 76} 77 78static void __exit nft_fib_netdev_module_exit(void) 79{ 80 nft_unregister_expr(&nft_fib_netdev_type); 81} 82 83module_init(nft_fib_netdev_module_init); 84module_exit(nft_fib_netdev_module_exit); 85 86MODULE_LICENSE("GPL"); 87MODULE_AUTHOR("Pablo M. Bermudo Garay <pablombg@gmail.com>"); 88MODULE_ALIAS_NFT_AF_EXPR(5, "fib"); 89MODULE_DESCRIPTION("nftables netdev fib lookups support");