nf_dup_netdev.c source code [linux/net/netfilter/nf_dup_netdev.c]

1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* Copyright (c) 2015 Pablo Neira Ayuso <pablo@netfilter.org>
4	*/
5
6	#include <linux/kernel.h>
7	#include <linux/init.h>
8	#include <linux/module.h>
9	#include <linux/netlink.h>
10	#include <linux/netfilter.h>
11	#include <linux/netfilter/nf_tables.h>
12	#include <net/netfilter/nf_tables.h>
13	#include <net/netfilter/nf_tables_offload.h>
14	#include <net/netfilter/nf_dup_netdev.h>
15
16	#define NF_RECURSION_LIMIT 2
17
18	#ifndef CONFIG_PREEMPT_RT
19	static u8 nf_get_nf_dup_skb_recursion(void*)
20	{
21	return this_cpu_ptr(&softnet_data.xmit.nf_dup_skb_recursion);
22	}
23	#else
24
25	static u8 nf_get_nf_dup_skb_recursion(void*)
26	{
27	return &current->net_xmit.nf_dup_skb_recursion;
28	}
29
30	#endif
31
32	static void nf_do_netdev_egress(struct sk_buff skb, struct* net_device *dev,
33	enum nf_dev_hooks hook)
34	{
35	u8 *nf_dup_skb_recursion = nf_get_nf_dup_skb_recursion();
36
37	if (*nf_dup_skb_recursion > NF_RECURSION_LIMIT)
38	goto err;
39
40	if (hook == NF_NETDEV_INGRESS && skb_mac_header_was_set(skb)) {
41	if (skb_cow_head(skb, headroom: skb->mac_len))
42	goto err;
43
44	skb_push(skb, len: skb->mac_len);
45	}
46
47	skb->dev = dev;
48	skb_clear_tstamp(skb);
49	(*nf_dup_skb_recursion)++;
50	dev_queue_xmit(skb);
51	(*nf_dup_skb_recursion)--;
52	return;
53	err:
54	kfree_skb(skb);
55	}
56
57	void nf_fwd_netdev_egress(const struct nft_pktinfo pkt, int* oif)
58	{
59	struct net_device *dev;
60
61	dev = dev_get_by_index_rcu(net: nft_net(pkt), ifindex: oif);
62	if (!dev) {
63	kfree_skb(skb: pkt->skb);
64	return;
65	}
66
67	nf_do_netdev_egress(skb: pkt->skb, dev, hook: nft_hook(pkt));
68	}
69	EXPORT_SYMBOL_GPL(nf_fwd_netdev_egress);
70
71	void nf_dup_netdev_egress(const struct nft_pktinfo pkt, int* oif)
72	{
73	struct net_device *dev;
74	struct sk_buff *skb;
75
76	dev = dev_get_by_index_rcu(net: nft_net(pkt), ifindex: oif);
77	if (dev == NULL)
78	return;
79
80	skb = skb_clone(skb: pkt->skb, GFP_ATOMIC);
81	if (skb)
82	nf_do_netdev_egress(skb, dev, hook: nft_hook(pkt));
83	}
84	EXPORT_SYMBOL_GPL(nf_dup_netdev_egress);
85
86	int nft_fwd_dup_netdev_offload(struct nft_offload_ctx *ctx,
87	struct nft_flow_rule *flow,
88	enum flow_action_id id, int oif)
89	{
90	struct flow_action_entry *entry;
91	struct net_device *dev;
92
93	/ nft_flow_rule_destroy() releases the reference on this device. /
94	dev = dev_get_by_index(net: ctx->net, ifindex: oif);
95	if (!dev)
96	return -EOPNOTSUPP;
97
98	entry = &flow->rule->action.entries[ctx->num_actions++];
99	entry->id = id;
100	entry->dev = dev;
101
102	return `0`;
103	}
104	EXPORT_SYMBOL_GPL(nft_fwd_dup_netdev_offload);
105
106	MODULE_LICENSE("GPL");
107	MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
108	MODULE_DESCRIPTION("Netfilter packet duplication support");
109

source code of linux/net/netfilter/nf_dup_netdev.c