cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

xt_devgroup.c (2135B)

      1// SPDX-License-Identifier: GPL-2.0-only
      2/*
      3 * Copyright (c) 2011 Patrick McHardy <kaber@trash.net>
      4 */
      5
      6#include <linux/module.h>
      7#include <linux/skbuff.h>
      8#include <linux/netdevice.h>
      9
     10#include <linux/netfilter/xt_devgroup.h>
     11#include <linux/netfilter/x_tables.h>
     12
     13MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
     14MODULE_LICENSE("GPL");
     15MODULE_DESCRIPTION("Xtables: Device group match");
     16MODULE_ALIAS("ipt_devgroup");
     17MODULE_ALIAS("ip6t_devgroup");
     18
     19static bool devgroup_mt(const struct sk_buff *skb, struct xt_action_param *par)
     20{
     21	const struct xt_devgroup_info *info = par->matchinfo;
     22
     23	if (info->flags & XT_DEVGROUP_MATCH_SRC &&
     24	    (((info->src_group ^ xt_in(par)->group) & info->src_mask ? 1 : 0) ^
     25	     ((info->flags & XT_DEVGROUP_INVERT_SRC) ? 1 : 0)))
     26		return false;
     27
     28	if (info->flags & XT_DEVGROUP_MATCH_DST &&
     29	    (((info->dst_group ^ xt_out(par)->group) & info->dst_mask ? 1 : 0) ^
     30	     ((info->flags & XT_DEVGROUP_INVERT_DST) ? 1 : 0)))
     31		return false;
     32
     33	return true;
     34}
     35
     36static int devgroup_mt_checkentry(const struct xt_mtchk_param *par)
     37{
     38	const struct xt_devgroup_info *info = par->matchinfo;
     39
     40	if (info->flags & ~(XT_DEVGROUP_MATCH_SRC | XT_DEVGROUP_INVERT_SRC |
     41			    XT_DEVGROUP_MATCH_DST | XT_DEVGROUP_INVERT_DST))
     42		return -EINVAL;
     43
     44	if (info->flags & XT_DEVGROUP_MATCH_SRC &&
     45	    par->hook_mask & ~((1 << NF_INET_PRE_ROUTING) |
     46			       (1 << NF_INET_LOCAL_IN) |
     47			       (1 << NF_INET_FORWARD)))
     48		return -EINVAL;
     49
     50	if (info->flags & XT_DEVGROUP_MATCH_DST &&
     51	    par->hook_mask & ~((1 << NF_INET_FORWARD) |
     52			       (1 << NF_INET_LOCAL_OUT) |
     53			       (1 << NF_INET_POST_ROUTING)))
     54		return -EINVAL;
     55
     56	return 0;
     57}
     58
     59static struct xt_match devgroup_mt_reg __read_mostly = {
     60	.name		= "devgroup",
     61	.match		= devgroup_mt,
     62	.checkentry	= devgroup_mt_checkentry,
     63	.matchsize	= sizeof(struct xt_devgroup_info),
     64	.family		= NFPROTO_UNSPEC,
     65	.me		= THIS_MODULE
     66};
     67
     68static int __init devgroup_mt_init(void)
     69{
     70	return xt_register_match(&devgroup_mt_reg);
     71}
     72
     73static void __exit devgroup_mt_exit(void)
     74{
     75	xt_unregister_match(&devgroup_mt_reg);
     76}
     77
     78module_init(devgroup_mt_init);
     79module_exit(devgroup_mt_exit);