net/netfilter/xt_statistic.c at v2.6.25-rc6

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / net / netfilter / xt_statistic.c
at v2.6.25-rc6 101 lines 2.7 kB view raw
wrap content
  1/*
  2 * Copyright (c) 2006 Patrick McHardy <kaber@trash.net>
  3 *
  4 * This program is free software; you can redistribute it and/or modify
  5 * it under the terms of the GNU General Public License version 2 as
  6 * published by the Free Software Foundation.
  7 *
  8 * Based on ipt_random and ipt_nth by Fabrice MARIE <fabrice@netfilter.org>.
  9 */
 10
 11#include <linux/init.h>
 12#include <linux/spinlock.h>
 13#include <linux/skbuff.h>
 14#include <linux/net.h>
 15
 16#include <linux/netfilter/xt_statistic.h>
 17#include <linux/netfilter/x_tables.h>
 18
 19MODULE_LICENSE("GPL");
 20MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
 21MODULE_DESCRIPTION("Xtables: statistics-based matching (\"Nth\", random)");
 22MODULE_ALIAS("ipt_statistic");
 23MODULE_ALIAS("ip6t_statistic");
 24
 25static DEFINE_SPINLOCK(nth_lock);
 26
 27static bool
 28statistic_mt(const struct sk_buff *skb, const struct net_device *in,
 29             const struct net_device *out, const struct xt_match *match,
 30             const void *matchinfo, int offset, unsigned int protoff,
 31             bool *hotdrop)
 32{
 33	struct xt_statistic_info *info = (struct xt_statistic_info *)matchinfo;
 34	bool ret = info->flags & XT_STATISTIC_INVERT;
 35
 36	switch (info->mode) {
 37	case XT_STATISTIC_MODE_RANDOM:
 38		if ((net_random() & 0x7FFFFFFF) < info->u.random.probability)
 39			ret = !ret;
 40		break;
 41	case XT_STATISTIC_MODE_NTH:
 42		info = info->master;
 43		spin_lock_bh(&nth_lock);
 44		if (info->u.nth.count++ == info->u.nth.every) {
 45			info->u.nth.count = 0;
 46			ret = !ret;
 47		}
 48		spin_unlock_bh(&nth_lock);
 49		break;
 50	}
 51
 52	return ret;
 53}
 54
 55static bool
 56statistic_mt_check(const char *tablename, const void *entry,
 57                   const struct xt_match *match, void *matchinfo,
 58                   unsigned int hook_mask)
 59{
 60	struct xt_statistic_info *info = matchinfo;
 61
 62	if (info->mode > XT_STATISTIC_MODE_MAX ||
 63	    info->flags & ~XT_STATISTIC_MASK)
 64		return false;
 65	info->master = info;
 66	return true;
 67}
 68
 69static struct xt_match statistic_mt_reg[] __read_mostly = {
 70	{
 71		.name		= "statistic",
 72		.family		= AF_INET,
 73		.checkentry	= statistic_mt_check,
 74		.match		= statistic_mt,
 75		.matchsize	= sizeof(struct xt_statistic_info),
 76		.me		= THIS_MODULE,
 77	},
 78	{
 79		.name		= "statistic",
 80		.family		= AF_INET6,
 81		.checkentry	= statistic_mt_check,
 82		.match		= statistic_mt,
 83		.matchsize	= sizeof(struct xt_statistic_info),
 84		.me		= THIS_MODULE,
 85	},
 86};
 87
 88static int __init statistic_mt_init(void)
 89{
 90	return xt_register_matches(statistic_mt_reg,
 91	       ARRAY_SIZE(statistic_mt_reg));
 92}
 93
 94static void __exit statistic_mt_exit(void)
 95{
 96	xt_unregister_matches(statistic_mt_reg,
 97	                      ARRAY_SIZE(statistic_mt_reg));
 98}
 99
100module_init(statistic_mt_init);
101module_exit(statistic_mt_exit);
Configure Feed

Configure Feed
