1*d2912cb1SThomas Gleixner // SPDX-License-Identifier: GPL-2.0-only 29291747fSPatrick McHardy /* 39291747fSPatrick McHardy * Copyright (c) 2011 Patrick McHardy <[email protected]> 49291747fSPatrick McHardy */ 59291747fSPatrick McHardy 69291747fSPatrick McHardy #include <linux/module.h> 79291747fSPatrick McHardy #include <linux/skbuff.h> 89291747fSPatrick McHardy #include <linux/netdevice.h> 99291747fSPatrick McHardy 109291747fSPatrick McHardy #include <linux/netfilter/xt_devgroup.h> 119291747fSPatrick McHardy #include <linux/netfilter/x_tables.h> 129291747fSPatrick McHardy 139291747fSPatrick McHardy MODULE_AUTHOR("Patrick McHardy <[email protected]>"); 149291747fSPatrick McHardy MODULE_LICENSE("GPL"); 159291747fSPatrick McHardy MODULE_DESCRIPTION("Xtables: Device group match"); 169291747fSPatrick McHardy MODULE_ALIAS("ipt_devgroup"); 179291747fSPatrick McHardy MODULE_ALIAS("ip6t_devgroup"); 189291747fSPatrick McHardy devgroup_mt(const struct sk_buff * skb,struct xt_action_param * par)199291747fSPatrick McHardystatic bool devgroup_mt(const struct sk_buff *skb, struct xt_action_param *par) 209291747fSPatrick McHardy { 219291747fSPatrick McHardy const struct xt_devgroup_info *info = par->matchinfo; 229291747fSPatrick McHardy 239291747fSPatrick McHardy if (info->flags & XT_DEVGROUP_MATCH_SRC && 24613dbd95SPablo Neira Ayuso (((info->src_group ^ xt_in(par)->group) & info->src_mask ? 1 : 0) ^ 259291747fSPatrick McHardy ((info->flags & XT_DEVGROUP_INVERT_SRC) ? 1 : 0))) 269291747fSPatrick McHardy return false; 279291747fSPatrick McHardy 289291747fSPatrick McHardy if (info->flags & XT_DEVGROUP_MATCH_DST && 29613dbd95SPablo Neira Ayuso (((info->dst_group ^ xt_out(par)->group) & info->dst_mask ? 1 : 0) ^ 309291747fSPatrick McHardy ((info->flags & XT_DEVGROUP_INVERT_DST) ? 1 : 0))) 319291747fSPatrick McHardy return false; 329291747fSPatrick McHardy 339291747fSPatrick McHardy return true; 349291747fSPatrick McHardy } 359291747fSPatrick McHardy devgroup_mt_checkentry(const struct xt_mtchk_param * par)369291747fSPatrick McHardystatic int devgroup_mt_checkentry(const struct xt_mtchk_param *par) 379291747fSPatrick McHardy { 389291747fSPatrick McHardy const struct xt_devgroup_info *info = par->matchinfo; 399291747fSPatrick McHardy 409291747fSPatrick McHardy if (info->flags & ~(XT_DEVGROUP_MATCH_SRC | XT_DEVGROUP_INVERT_SRC | 419291747fSPatrick McHardy XT_DEVGROUP_MATCH_DST | XT_DEVGROUP_INVERT_DST)) 429291747fSPatrick McHardy return -EINVAL; 439291747fSPatrick McHardy 449291747fSPatrick McHardy if (info->flags & XT_DEVGROUP_MATCH_SRC && 459291747fSPatrick McHardy par->hook_mask & ~((1 << NF_INET_PRE_ROUTING) | 469291747fSPatrick McHardy (1 << NF_INET_LOCAL_IN) | 479291747fSPatrick McHardy (1 << NF_INET_FORWARD))) 489291747fSPatrick McHardy return -EINVAL; 499291747fSPatrick McHardy 509291747fSPatrick McHardy if (info->flags & XT_DEVGROUP_MATCH_DST && 519291747fSPatrick McHardy par->hook_mask & ~((1 << NF_INET_FORWARD) | 529291747fSPatrick McHardy (1 << NF_INET_LOCAL_OUT) | 539291747fSPatrick McHardy (1 << NF_INET_POST_ROUTING))) 549291747fSPatrick McHardy return -EINVAL; 559291747fSPatrick McHardy 569291747fSPatrick McHardy return 0; 579291747fSPatrick McHardy } 589291747fSPatrick McHardy 599291747fSPatrick McHardy static struct xt_match devgroup_mt_reg __read_mostly = { 609291747fSPatrick McHardy .name = "devgroup", 619291747fSPatrick McHardy .match = devgroup_mt, 629291747fSPatrick McHardy .checkentry = devgroup_mt_checkentry, 639291747fSPatrick McHardy .matchsize = sizeof(struct xt_devgroup_info), 649291747fSPatrick McHardy .family = NFPROTO_UNSPEC, 659291747fSPatrick McHardy .me = THIS_MODULE 669291747fSPatrick McHardy }; 679291747fSPatrick McHardy devgroup_mt_init(void)689291747fSPatrick McHardystatic int __init devgroup_mt_init(void) 699291747fSPatrick McHardy { 709291747fSPatrick McHardy return xt_register_match(&devgroup_mt_reg); 719291747fSPatrick McHardy } 729291747fSPatrick McHardy devgroup_mt_exit(void)739291747fSPatrick McHardystatic void __exit devgroup_mt_exit(void) 749291747fSPatrick McHardy { 759291747fSPatrick McHardy xt_unregister_match(&devgroup_mt_reg); 769291747fSPatrick McHardy } 779291747fSPatrick McHardy 789291747fSPatrick McHardy module_init(devgroup_mt_init); 799291747fSPatrick McHardy module_exit(devgroup_mt_exit); 80