1/* 2 * Copyright (c) 2006 Patrick McHardy <kaber@trash.net> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License version 2 as 6 * published by the Free Software Foundation. 7 * 8 * Based on ipt_random and ipt_nth by Fabrice MARIE <fabrice@netfilter.org>. 9 */ 10 11#include <linux/init.h> 12#include <linux/spinlock.h> 13#include <linux/skbuff.h> 14#include <linux/net.h> 15#include <linux/slab.h> 16 17#include <linux/netfilter/xt_statistic.h> 18#include <linux/netfilter/x_tables.h> 19 20struct xt_statistic_priv { 21 atomic_t count; 22} ____cacheline_aligned_in_smp; 23 24MODULE_LICENSE("GPL"); 25MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); 26MODULE_DESCRIPTION("Xtables: statistics-based matching (\"Nth\", random)"); 27MODULE_ALIAS("ipt_statistic"); 28MODULE_ALIAS("ip6t_statistic"); 29 30static bool 31statistic_mt(const struct sk_buff *skb, struct xt_action_param *par) 32{ 33 const struct xt_statistic_info *info = par->matchinfo; 34 bool ret = info->flags & XT_STATISTIC_INVERT; 35 int nval, oval; 36 37 switch (info->mode) { 38 case XT_STATISTIC_MODE_RANDOM: 39 if ((net_random() & 0x7FFFFFFF) < info->u.random.probability) 40 ret = !ret; 41 break; 42 case XT_STATISTIC_MODE_NTH: 43 do { 44 oval = atomic_read(&info->master->count); 45 nval = (oval == info->u.nth.every) ? 0 : oval + 1; 46 } while (atomic_cmpxchg(&info->master->count, oval, nval) != oval); 47 if (nval == 0) 48 ret = !ret; 49 break; 50 } 51 52 return ret; 53} 54 55static int statistic_mt_check(const struct xt_mtchk_param *par) 56{ 57 struct xt_statistic_info *info = par->matchinfo; 58 59 if (info->mode > XT_STATISTIC_MODE_MAX || 60 info->flags & ~XT_STATISTIC_MASK) 61 return -EINVAL; 62 63 info->master = kzalloc(sizeof(*info->master), GFP_KERNEL); 64 if (info->master == NULL) 65 return -ENOMEM; 66 atomic_set(&info->master->count, info->u.nth.count); 67 68 return 0; 69} 70 71static void statistic_mt_destroy(const struct xt_mtdtor_param *par) 72{ 73 const struct xt_statistic_info *info = par->matchinfo; 74 75 kfree(info->master); 76} 77 78static struct xt_match xt_statistic_mt_reg __read_mostly = { 79 .name = "statistic", 80 .revision = 0, 81 .family = NFPROTO_UNSPEC, 82 .match = statistic_mt, 83 .checkentry = statistic_mt_check, 84 .destroy = statistic_mt_destroy, 85 .matchsize = sizeof(struct xt_statistic_info), 86 .me = THIS_MODULE, 87}; 88 89static int __init statistic_mt_init(void) 90{ 91 return xt_register_match(&xt_statistic_mt_reg); 92} 93 94static void __exit statistic_mt_exit(void) 95{ 96 xt_unregister_match(&xt_statistic_mt_reg); 97} 98 99module_init(statistic_mt_init); 100module_exit(statistic_mt_exit); 101