net/netfilter/xt_statistic.c at v2.6.35-rc4

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / net / netfilter / xt_statistic.c
at v2.6.35-rc4 101 lines 2.5 kB view raw
wrap content
  1/*
  2 * Copyright (c) 2006 Patrick McHardy <kaber@trash.net>
  3 *
  4 * This program is free software; you can redistribute it and/or modify
  5 * it under the terms of the GNU General Public License version 2 as
  6 * published by the Free Software Foundation.
  7 *
  8 * Based on ipt_random and ipt_nth by Fabrice MARIE <fabrice@netfilter.org>.
  9 */
 10
 11#include <linux/init.h>
 12#include <linux/spinlock.h>
 13#include <linux/skbuff.h>
 14#include <linux/net.h>
 15#include <linux/slab.h>
 16
 17#include <linux/netfilter/xt_statistic.h>
 18#include <linux/netfilter/x_tables.h>
 19
 20struct xt_statistic_priv {
 21	uint32_t count;
 22};
 23
 24MODULE_LICENSE("GPL");
 25MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
 26MODULE_DESCRIPTION("Xtables: statistics-based matching (\"Nth\", random)");
 27MODULE_ALIAS("ipt_statistic");
 28MODULE_ALIAS("ip6t_statistic");
 29
 30static DEFINE_SPINLOCK(nth_lock);
 31
 32static bool
 33statistic_mt(const struct sk_buff *skb, struct xt_action_param *par)
 34{
 35	const struct xt_statistic_info *info = par->matchinfo;
 36	bool ret = info->flags & XT_STATISTIC_INVERT;
 37
 38	switch (info->mode) {
 39	case XT_STATISTIC_MODE_RANDOM:
 40		if ((net_random() & 0x7FFFFFFF) < info->u.random.probability)
 41			ret = !ret;
 42		break;
 43	case XT_STATISTIC_MODE_NTH:
 44		spin_lock_bh(&nth_lock);
 45		if (info->master->count++ == info->u.nth.every) {
 46			info->master->count = 0;
 47			ret = !ret;
 48		}
 49		spin_unlock_bh(&nth_lock);
 50		break;
 51	}
 52
 53	return ret;
 54}
 55
 56static int statistic_mt_check(const struct xt_mtchk_param *par)
 57{
 58	struct xt_statistic_info *info = par->matchinfo;
 59
 60	if (info->mode > XT_STATISTIC_MODE_MAX ||
 61	    info->flags & ~XT_STATISTIC_MASK)
 62		return -EINVAL;
 63
 64	info->master = kzalloc(sizeof(*info->master), GFP_KERNEL);
 65	if (info->master == NULL)
 66		return -ENOMEM;
 67	info->master->count = info->u.nth.count;
 68
 69	return 0;
 70}
 71
 72static void statistic_mt_destroy(const struct xt_mtdtor_param *par)
 73{
 74	const struct xt_statistic_info *info = par->matchinfo;
 75
 76	kfree(info->master);
 77}
 78
 79static struct xt_match xt_statistic_mt_reg __read_mostly = {
 80	.name       = "statistic",
 81	.revision   = 0,
 82	.family     = NFPROTO_UNSPEC,
 83	.match      = statistic_mt,
 84	.checkentry = statistic_mt_check,
 85	.destroy    = statistic_mt_destroy,
 86	.matchsize  = sizeof(struct xt_statistic_info),
 87	.me         = THIS_MODULE,
 88};
 89
 90static int __init statistic_mt_init(void)
 91{
 92	return xt_register_match(&xt_statistic_mt_reg);
 93}
 94
 95static void __exit statistic_mt_exit(void)
 96{
 97	xt_unregister_match(&xt_statistic_mt_reg);
 98}
 99
100module_init(statistic_mt_init);
101module_exit(statistic_mt_exit);
Configure Feed

Configure Feed
