static int __init nft_compat_module_init(void) { int ret; ret = nft_register_expr(&nft_match_type); if (ret < 0) return ret; ret = nft_register_expr(&nft_target_type); if (ret < 0) goto err_match; ret = nfnetlink_subsys_register(&nfnl_compat_subsys); if (ret < 0) { pr_err("nft_compat: cannot register with nfnetlink.\n"); goto err_target; } return ret; err_target: nft_unregister_expr(&nft_target_type); err_match: nft_unregister_expr(&nft_match_type); return ret; }
static int __init nf_table_nat_init(void) { int err; list_add_tail(&nf_chain_nat_prerouting.chain.list, &nf_table_nat_ipv4.chains); list_add_tail(&nf_chain_nat_postrouting.chain.list, &nf_table_nat_ipv4.chains); list_add_tail(&nf_chain_nat_output.chain.list, &nf_table_nat_ipv4.chains); list_add_tail(&nf_chain_nat_input.chain.list, &nf_table_nat_ipv4.chains); err = nft_register_table(&nf_table_nat_ipv4, NFPROTO_IPV4); if (err < 0) goto err1; err = nft_register_expr(&nft_nat_ops); if (err < 0) goto err2; return 0; err2: nft_unregister_table(&nf_table_nat_ipv4, NFPROTO_IPV4); err1: return err; }
static int __init nft_masq_ipv6_module_init(void) { int ret; ret = nft_register_expr(&nft_masq_ipv6_type); if (ret < 0) return ret; nf_nat_masquerade_ipv6_register_notifier(); return ret; }
static int __init nft_connlimit_module_init(void) { int err; err = nft_register_obj(&nft_connlimit_obj_type); if (err < 0) return err; err = nft_register_expr(&nft_connlimit_type); if (err < 0) goto err1; return 0; err1: nft_unregister_obj(&nft_connlimit_obj_type); return err; }
static int __init nft_chain_nat_init(void) { int err; err = nft_register_chain_type(&nft_chain_nat_ipv4); if (err < 0) return err; err = nft_register_expr(&nft_nat_type); if (err < 0) goto err; return 0; err: nft_unregister_chain_type(&nft_chain_nat_ipv4); return err; }
static int __init nft_counter_module_init(void) { int cpu, err; for_each_possible_cpu(cpu) seqcount_init(per_cpu_ptr(&nft_counter_seq, cpu)); err = nft_register_obj(&nft_counter_obj_type); if (err < 0) return err; err = nft_register_expr(&nft_counter_type); if (err < 0) goto err1; return 0; err1: nft_unregister_obj(&nft_counter_obj_type); return err; }
int __init nft_bitwise_module_init(void) { return nft_register_expr(&nft_bitwise_type); }
int __init nft_immediate_module_init(void) { return nft_register_expr(&nft_imm_type); }
static int __init nft_reject_ipv4_module_init(void) { return nft_register_expr(&nft_reject_ipv4_type); }
static int __init nft_objref_module_init(void) { return nft_register_expr(&nft_objref_type); }
static int __init nft_dup_netdev_module_init(void) { return nft_register_expr(&nft_dup_netdev_type); }
int __init nft_lookup_module_init(void) { return nft_register_expr(&nft_lookup_type); }
static int __init nft_meta_target_init(void) { return nft_register_expr(&meta_target); }
static u32 __nft_fib6_eval_type(const struct nft_fib *priv, const struct nft_pktinfo *pkt) { const struct net_device *dev = NULL; const struct nf_ipv6_ops *v6ops; const struct nf_afinfo *afinfo; int route_err, addrtype; struct rt6_info *rt; struct flowi6 fl6 = { .flowi6_iif = LOOPBACK_IFINDEX, .flowi6_proto = pkt->tprot, }; u32 ret = 0; afinfo = nf_get_afinfo(NFPROTO_IPV6); if (!afinfo) return RTN_UNREACHABLE; if (priv->flags & NFTA_FIB_F_IIF) dev = nft_in(pkt); else if (priv->flags & NFTA_FIB_F_OIF) dev = nft_out(pkt); nft_fib6_flowi_init(&fl6, priv, pkt, dev); v6ops = nf_get_ipv6_ops(); if (dev && v6ops && v6ops->chk_addr(nft_net(pkt), &fl6.daddr, dev, true)) ret = RTN_LOCAL; route_err = afinfo->route(nft_net(pkt), (struct dst_entry **)&rt, flowi6_to_flowi(&fl6), false); if (route_err) goto err; if (rt->rt6i_flags & RTF_REJECT) { route_err = rt->dst.error; dst_release(&rt->dst); goto err; } if (ipv6_anycast_destination((struct dst_entry *)rt, &fl6.daddr)) ret = RTN_ANYCAST; else if (!dev && rt->rt6i_flags & RTF_LOCAL) ret = RTN_LOCAL; dst_release(&rt->dst); if (ret) return ret; addrtype = ipv6_addr_type(&fl6.daddr); if (addrtype & IPV6_ADDR_MULTICAST) return RTN_MULTICAST; if (addrtype & IPV6_ADDR_UNICAST) return RTN_UNICAST; return RTN_UNSPEC; err: switch (route_err) { case -EINVAL: return RTN_BLACKHOLE; case -EACCES: return RTN_PROHIBIT; case -EAGAIN: return RTN_THROW; default: break; } return RTN_UNREACHABLE; } void nft_fib6_eval_type(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) { const struct nft_fib *priv = nft_expr_priv(expr); u32 *dest = ®s->data[priv->dreg]; *dest = __nft_fib6_eval_type(priv, pkt); } EXPORT_SYMBOL_GPL(nft_fib6_eval_type); void nft_fib6_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) { const struct nft_fib *priv = nft_expr_priv(expr); const struct net_device *oif = NULL; u32 *dest = ®s->data[priv->dreg]; struct flowi6 fl6 = { .flowi6_iif = LOOPBACK_IFINDEX, .flowi6_proto = pkt->tprot, }; struct rt6_info *rt; int lookup_flags; if (priv->flags & NFTA_FIB_F_IIF) oif = nft_in(pkt); else if (priv->flags & NFTA_FIB_F_OIF) oif = nft_out(pkt); lookup_flags = nft_fib6_flowi_init(&fl6, priv, pkt, oif); if (nft_hook(pkt) == NF_INET_PRE_ROUTING && nft_fib_is_loopback(pkt->skb, nft_in(pkt))) { nft_fib_store_result(dest, priv->result, pkt, nft_in(pkt)->ifindex); return; } *dest = 0; again: rt = (void *)ip6_route_lookup(nft_net(pkt), &fl6, lookup_flags); if (rt->dst.error) goto put_rt_err; /* Should not see RTF_LOCAL here */ if (rt->rt6i_flags & (RTF_REJECT | RTF_ANYCAST | RTF_LOCAL)) goto put_rt_err; if (oif && oif != rt->rt6i_idev->dev) { /* multipath route? Try again with F_IFACE */ if ((lookup_flags & RT6_LOOKUP_F_IFACE) == 0) { lookup_flags |= RT6_LOOKUP_F_IFACE; fl6.flowi6_oif = oif->ifindex; ip6_rt_put(rt); goto again; } } switch (priv->result) { case NFT_FIB_RESULT_OIF: *dest = rt->rt6i_idev->dev->ifindex; break; case NFT_FIB_RESULT_OIFNAME: strncpy((char *)dest, rt->rt6i_idev->dev->name, IFNAMSIZ); break; default: WARN_ON_ONCE(1); break; } put_rt_err: ip6_rt_put(rt); } EXPORT_SYMBOL_GPL(nft_fib6_eval); static struct nft_expr_type nft_fib6_type; static const struct nft_expr_ops nft_fib6_type_ops = { .type = &nft_fib6_type, .size = NFT_EXPR_SIZE(sizeof(struct nft_fib)), .eval = nft_fib6_eval_type, .init = nft_fib_init, .dump = nft_fib_dump, .validate = nft_fib_validate, }; static const struct nft_expr_ops nft_fib6_ops = { .type = &nft_fib6_type, .size = NFT_EXPR_SIZE(sizeof(struct nft_fib)), .eval = nft_fib6_eval, .init = nft_fib_init, .dump = nft_fib_dump, .validate = nft_fib_validate, }; static const struct nft_expr_ops * nft_fib6_select_ops(const struct nft_ctx *ctx, const struct nlattr * const tb[]) { enum nft_fib_result result; if (!tb[NFTA_FIB_RESULT]) return ERR_PTR(-EINVAL); result = ntohl(nla_get_be32(tb[NFTA_FIB_RESULT])); switch (result) { case NFT_FIB_RESULT_OIF: return &nft_fib6_ops; case NFT_FIB_RESULT_OIFNAME: return &nft_fib6_ops; case NFT_FIB_RESULT_ADDRTYPE: return &nft_fib6_type_ops; default: return ERR_PTR(-EOPNOTSUPP); } } static struct nft_expr_type nft_fib6_type __read_mostly = { .name = "fib", .select_ops = &nft_fib6_select_ops, .policy = nft_fib_policy, .maxattr = NFTA_FIB_MAX, .family = NFPROTO_IPV6, .owner = THIS_MODULE, }; static int __init nft_fib6_module_init(void) { return nft_register_expr(&nft_fib6_type); } static void __exit nft_fib6_module_exit(void) { nft_unregister_expr(&nft_fib6_type); } module_init(nft_fib6_module_init); module_exit(nft_fib6_module_exit); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Florian Westphal <*****@*****.**>"); MODULE_ALIAS_NFT_AF_EXPR(10, "fib");
int __init nft_byteorder_module_init(void) { return nft_register_expr(&nft_byteorder_type); }
static int __init nft_meta_bridge_module_init(void) { return nft_register_expr(&nft_meta_bridge_type); }
static int __init nft_redir_ipv6_module_init(void) { return nft_register_expr(&nft_redir_ipv6_type); }
static int __init nft_queue_module_init(void) { return nft_register_expr(&nft_queue_type); }
static int __init nft_limit_module_init(void) { return nft_register_expr(&nft_limit_type); }
static int __init nft_ct_module_init(void) { BUILD_BUG_ON(NF_CT_LABELS_MAX_SIZE > NFT_REG_SIZE); return nft_register_expr(&nft_ct_type); }