static int __init nft_compat_module_init(void)
{
int ret;
ret = nft_register_expr(&nft_match_type);
if (ret < 0)
return ret;
ret = nft_register_expr(&nft_target_type);
if (ret < 0)
goto err_match;
ret = nfnetlink_subsys_register(&nfnl_compat_subsys);
if (ret < 0) {
pr_err("nft_compat: cannot register with nfnetlink.\n");
goto err_target;
}
return ret;
err_target:
nft_unregister_expr(&nft_target_type);
err_match:
nft_unregister_expr(&nft_match_type);
return ret;
}
static void __exit nft_reject_ipv4_module_exit(void)
{
nft_unregister_expr(&nft_reject_ipv4_type);
}
static void __exit nft_quota_module_exit(void)
{
nft_unregister_expr(&nft_quota_type);
nft_unregister_obj(&nft_quota_obj_type);
}
static void __exit nft_dup_netdev_module_exit(void)
{
nft_unregister_expr(&nft_dup_netdev_type);
}
void nft_range_module_exit(void)
{
nft_unregister_expr(&nft_range_type);
}
void nft_bitwise_module_exit(void)
{
nft_unregister_expr(&nft_bitwise_type);
}
static void __exit nft_meta_bridge_module_exit(void)
{
nft_unregister_expr(&nft_meta_bridge_type);
}
static u32 __nft_fib6_eval_type(const struct nft_fib *priv,
const struct nft_pktinfo *pkt)
{
const struct net_device *dev = NULL;
const struct nf_ipv6_ops *v6ops;
const struct nf_afinfo *afinfo;
int route_err, addrtype;
struct rt6_info *rt;
struct flowi6 fl6 = {
.flowi6_iif = LOOPBACK_IFINDEX,
.flowi6_proto = pkt->tprot,
};
u32 ret = 0;
afinfo = nf_get_afinfo(NFPROTO_IPV6);
if (!afinfo)
return RTN_UNREACHABLE;
if (priv->flags & NFTA_FIB_F_IIF)
dev = nft_in(pkt);
else if (priv->flags & NFTA_FIB_F_OIF)
dev = nft_out(pkt);
nft_fib6_flowi_init(&fl6, priv, pkt, dev);
v6ops = nf_get_ipv6_ops();
if (dev && v6ops && v6ops->chk_addr(nft_net(pkt), &fl6.daddr, dev, true))
ret = RTN_LOCAL;
route_err = afinfo->route(nft_net(pkt), (struct dst_entry **)&rt,
flowi6_to_flowi(&fl6), false);
if (route_err)
goto err;
if (rt->rt6i_flags & RTF_REJECT) {
route_err = rt->dst.error;
dst_release(&rt->dst);
goto err;
}
if (ipv6_anycast_destination((struct dst_entry *)rt, &fl6.daddr))
ret = RTN_ANYCAST;
else if (!dev && rt->rt6i_flags & RTF_LOCAL)
ret = RTN_LOCAL;
dst_release(&rt->dst);
if (ret)
return ret;
addrtype = ipv6_addr_type(&fl6.daddr);
if (addrtype & IPV6_ADDR_MULTICAST)
return RTN_MULTICAST;
if (addrtype & IPV6_ADDR_UNICAST)
return RTN_UNICAST;
return RTN_UNSPEC;
err:
switch (route_err) {
case -EINVAL:
return RTN_BLACKHOLE;
case -EACCES:
return RTN_PROHIBIT;
case -EAGAIN:
return RTN_THROW;
default:
break;
}
return RTN_UNREACHABLE;
}
void nft_fib6_eval_type(const struct nft_expr *expr, struct nft_regs *regs,
const struct nft_pktinfo *pkt)
{
const struct nft_fib *priv = nft_expr_priv(expr);
u32 *dest = ®s->data[priv->dreg];
*dest = __nft_fib6_eval_type(priv, pkt);
}
EXPORT_SYMBOL_GPL(nft_fib6_eval_type);
void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs,
const struct nft_pktinfo *pkt)
{
const struct nft_fib *priv = nft_expr_priv(expr);
const struct net_device *oif = NULL;
u32 *dest = ®s->data[priv->dreg];
struct flowi6 fl6 = {
.flowi6_iif = LOOPBACK_IFINDEX,
.flowi6_proto = pkt->tprot,
};
struct rt6_info *rt;
int lookup_flags;
if (priv->flags & NFTA_FIB_F_IIF)
oif = nft_in(pkt);
else if (priv->flags & NFTA_FIB_F_OIF)
oif = nft_out(pkt);
lookup_flags = nft_fib6_flowi_init(&fl6, priv, pkt, oif);
if (nft_hook(pkt) == NF_INET_PRE_ROUTING &&
nft_fib_is_loopback(pkt->skb, nft_in(pkt))) {
nft_fib_store_result(dest, priv->result, pkt,
nft_in(pkt)->ifindex);
return;
}
*dest = 0;
again:
rt = (void *)ip6_route_lookup(nft_net(pkt), &fl6, lookup_flags);
if (rt->dst.error)
goto put_rt_err;
/* Should not see RTF_LOCAL here */
if (rt->rt6i_flags & (RTF_REJECT | RTF_ANYCAST | RTF_LOCAL))
goto put_rt_err;
if (oif && oif != rt->rt6i_idev->dev) {
/* multipath route? Try again with F_IFACE */
if ((lookup_flags & RT6_LOOKUP_F_IFACE) == 0) {
lookup_flags |= RT6_LOOKUP_F_IFACE;
fl6.flowi6_oif = oif->ifindex;
ip6_rt_put(rt);
goto again;
}
}
switch (priv->result) {
case NFT_FIB_RESULT_OIF:
*dest = rt->rt6i_idev->dev->ifindex;
break;
case NFT_FIB_RESULT_OIFNAME:
strncpy((char *)dest, rt->rt6i_idev->dev->name, IFNAMSIZ);
break;
default:
WARN_ON_ONCE(1);
break;
}
put_rt_err:
ip6_rt_put(rt);
}
EXPORT_SYMBOL_GPL(nft_fib6_eval);
static struct nft_expr_type nft_fib6_type;
static const struct nft_expr_ops nft_fib6_type_ops = {
.type = &nft_fib6_type,
.size = NFT_EXPR_SIZE(sizeof(struct nft_fib)),
.eval = nft_fib6_eval_type,
.init = nft_fib_init,
.dump = nft_fib_dump,
.validate = nft_fib_validate,
};
static const struct nft_expr_ops nft_fib6_ops = {
.type = &nft_fib6_type,
.size = NFT_EXPR_SIZE(sizeof(struct nft_fib)),
.eval = nft_fib6_eval,
.init = nft_fib_init,
.dump = nft_fib_dump,
.validate = nft_fib_validate,
};
static const struct nft_expr_ops *
nft_fib6_select_ops(const struct nft_ctx *ctx,
const struct nlattr * const tb[])
{
enum nft_fib_result result;
if (!tb[NFTA_FIB_RESULT])
return ERR_PTR(-EINVAL);
result = ntohl(nla_get_be32(tb[NFTA_FIB_RESULT]));
switch (result) {
case NFT_FIB_RESULT_OIF:
return &nft_fib6_ops;
case NFT_FIB_RESULT_OIFNAME:
return &nft_fib6_ops;
case NFT_FIB_RESULT_ADDRTYPE:
return &nft_fib6_type_ops;
default:
return ERR_PTR(-EOPNOTSUPP);
}
}
static struct nft_expr_type nft_fib6_type __read_mostly = {
.name = "fib",
.select_ops = &nft_fib6_select_ops,
.policy = nft_fib_policy,
.maxattr = NFTA_FIB_MAX,
.family = NFPROTO_IPV6,
.owner = THIS_MODULE,
};
static int __init nft_fib6_module_init(void)
{
return nft_register_expr(&nft_fib6_type);
}
static void __exit nft_fib6_module_exit(void)
{
nft_unregister_expr(&nft_fib6_type);
}
module_init(nft_fib6_module_init);
module_exit(nft_fib6_module_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Florian Westphal <*****@*****.**>");
MODULE_ALIAS_NFT_AF_EXPR(10, "fib");
static void __exit nft_meta_target_exit(void)
{
nft_unregister_expr(&meta_target);
}
static void __exit nf_table_nat_exit(void)
{
nft_unregister_expr(&nft_nat_ops);
nft_unregister_table(&nf_table_nat_ipv4, AF_INET);
}
void nft_byteorder_module_exit(void)
{
nft_unregister_expr(&nft_byteorder_type);
}
static void __exit nft_osf_module_exit(void)
{
return nft_unregister_expr(&nft_osf_type);
}
static void __exit nft_counter_module_exit(void)
{
nft_unregister_expr(&nft_counter_type);
nft_unregister_obj(&nft_counter_obj_type);
}
static void __exit nft_objref_module_exit(void)
{
nft_unregister_expr(&nft_objref_type);
}
static void __exit nft_compat_module_exit(void)
{
nfnetlink_subsys_unregister(&nfnl_compat_subsys);
nft_unregister_expr(&nft_target_type);
nft_unregister_expr(&nft_match_type);
}
static void __exit nft_masq_ipv6_module_exit(void)
{
nft_unregister_expr(&nft_masq_ipv6_type);
nf_nat_masquerade_ipv6_unregister_notifier();
}
void nft_immediate_module_exit(void)
{
nft_unregister_expr(&nft_imm_type);
}
static void __exit nft_fib_inet_module_exit(void)
{
nft_unregister_expr(&nft_fib_inet_type);
}
static void __exit nft_connlimit_module_exit(void)
{
nft_unregister_expr(&nft_connlimit_type);
nft_unregister_obj(&nft_connlimit_obj_type);
}
void nft_lookup_module_exit(void)
{
nft_unregister_expr(&nft_lookup_type);
}
static void __exit nft_redir_ipv6_module_exit(void)
{
nft_unregister_expr(&nft_redir_ipv6_type);
}
static void __exit nft_queue_module_exit(void)
{
nft_unregister_expr(&nft_queue_type);
}
static void __exit nft_limit_module_exit(void)
{
nft_unregister_expr(&nft_limit_type);
}
static void __exit nft_chain_nat_exit(void)
{
nft_unregister_expr(&nft_nat_type);
nft_unregister_chain_type(&nft_chain_nat_ipv4);
}
