bridge/netfilter/ebt_mark.c

43105Sdfr// SPDX-License-Identifier: GPL-2.0-only
43105Sdfr/*
43105Sdfr *  ebt_mark
43105Sdfr *
43105Sdfr *	Authors:
43105Sdfr *	Bart De Schuymer <bdschuym@pandora.be>
43105Sdfr *
43105Sdfr *  July, 2002
43105Sdfr *
43105Sdfr */
43105Sdfr
43105Sdfr/* The mark target can be used in any chain,
43105Sdfr * I believe adding a mangle table just for marking is total overkill.
43105Sdfr * Marking a frame doesn't really change anything in the frame anyway.
43105Sdfr */
43105Sdfr
43105Sdfr#include <linux/module.h>
43105Sdfr#include <linux/netfilter/x_tables.h>
43105Sdfr#include <linux/netfilter_bridge/ebtables.h>
43105Sdfr#include <linux/netfilter_bridge/ebt_mark_t.h>
43105Sdfr
43105Sdfrstatic unsigned int
43105Sdfrebt_mark_tg(struct sk_buff *skb, const struct xt_action_param *par)
43105Sdfr{
43105Sdfr	const struct ebt_mark_t_info *info = par->targinfo;
43105Sdfr	int action = info->target & -16;
116181Sobrien
116181Sobrien	if (action == MARK_SET_VALUE)
116181Sobrien		skb->mark = info->mark;
43105Sdfr	else if (action == MARK_OR_VALUE)
43105Sdfr		skb->mark |= info->mark;
43105Sdfr	else if (action == MARK_AND_VALUE)
43105Sdfr		skb->mark &= info->mark;
43105Sdfr	else
129880Sphk		skb->mark ^= info->mark;
43105Sdfr
43105Sdfr	return info->target | ~EBT_VERDICT_BITS;
47400Sdfr}
47400Sdfr
159541Simpstatic int ebt_mark_tg_check(const struct xt_tgchk_param *par)
43105Sdfr{
147271Smarius	const struct ebt_mark_t_info *info = par->targinfo;
147271Smarius	int tmp;
43105Sdfr
43105Sdfr	tmp = info->target | ~EBT_VERDICT_BITS;
43105Sdfr	if (BASE_CHAIN && tmp == EBT_RETURN)
43105Sdfr		return -EINVAL;
147271Smarius	if (ebt_invalid_target(tmp))
147271Smarius		return -EINVAL;
212413Savg	tmp = info->target & ~EBT_VERDICT_BITS;
188160Simp	if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE &&
216492Sjhb	    tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE)
216492Sjhb		return -EINVAL;
216492Sjhb	return 0;
216492Sjhb}
216492Sjhb#ifdef CONFIG_NETFILTER_XTABLES_COMPAT
43105Sdfrstruct compat_ebt_mark_t_info {
147271Smarius	compat_ulong_t mark;
147271Smarius	compat_uint_t target;
147271Smarius};
47296Syokota
47296Syokotastatic void mark_tg_compat_from_user(void *dst, const void *src)
43105Sdfr{
147271Smarius	const struct compat_ebt_mark_t_info *user = src;
43105Sdfr	struct ebt_mark_t_info *kern = dst;
43105Sdfr
43105Sdfr	kern->mark = user->mark;
83147Syokota	kern->target = user->target;
216492Sjhb}
216492Sjhb
43105Sdfrstatic int mark_tg_compat_to_user(void __user *dst, const void *src)
43105Sdfr{
83147Syokota	struct compat_ebt_mark_t_info __user *user = dst;
83147Syokota	const struct ebt_mark_t_info *kern = src;
83147Syokota
43105Sdfr	if (put_user(kern->mark, &user->mark) ||
43105Sdfr	    put_user(kern->target, &user->target))
43105Sdfr		return -EFAULT;
43105Sdfr	return 0;
43105Sdfr}
43105Sdfr#endif
147271Smarius
43105Sdfrstatic struct xt_target ebt_mark_tg_reg __read_mostly = {
147271Smarius	.name		= "mark",
43105Sdfr	.revision	= 0,
43105Sdfr	.family		= NFPROTO_BRIDGE,
43105Sdfr	.target		= ebt_mark_tg,
58271Syokota	.checkentry	= ebt_mark_tg_check,
58271Syokota	.targetsize	= sizeof(struct ebt_mark_t_info),
58271Syokota#ifdef CONFIG_NETFILTER_XTABLES_COMPAT
58271Syokota	.compatsize	= sizeof(struct compat_ebt_mark_t_info),
58271Syokota	.compat_from_user = mark_tg_compat_from_user,
43105Sdfr	.compat_to_user	= mark_tg_compat_to_user,
147271Smarius#endif
43105Sdfr	.me		= THIS_MODULE,
58271Syokota};
58271Syokota
83147Syokotastatic int __init ebt_mark_init(void)
83147Syokota{
58271Syokota	return xt_register_target(&ebt_mark_tg_reg);
58271Syokota}
207354Ssobomax
158041Ssobomaxstatic void __exit ebt_mark_fini(void)
158041Ssobomax{
158041Ssobomax	xt_unregister_target(&ebt_mark_tg_reg);
158041Ssobomax}
158041Ssobomax
43105Sdfrmodule_init(ebt_mark_init);
58271Syokotamodule_exit(ebt_mark_fini);
58271SyokotaMODULE_DESCRIPTION("Ebtables: Packet mark modification");
58271SyokotaMODULE_LICENSE("GPL");
47618Sdfr