linux/net/netfilter/xt_statistic.c
<<
>>
Prefs
   1/*
   2 * Copyright (c) 2006 Patrick McHardy <kaber@trash.net>
   3 *
   4 * This program is free software; you can redistribute it and/or modify
   5 * it under the terms of the GNU General Public License version 2 as
   6 * published by the Free Software Foundation.
   7 *
   8 * Based on ipt_random and ipt_nth by Fabrice MARIE <fabrice@netfilter.org>.
   9 */
  10
  11#include <linux/init.h>
  12#include <linux/spinlock.h>
  13#include <linux/skbuff.h>
  14#include <linux/net.h>
  15
  16#include <linux/netfilter/xt_statistic.h>
  17#include <linux/netfilter/x_tables.h>
  18
  19MODULE_LICENSE("GPL");
  20MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
  21MODULE_DESCRIPTION("Xtables: statistics-based matching (\"Nth\", random)");
  22MODULE_ALIAS("ipt_statistic");
  23MODULE_ALIAS("ip6t_statistic");
  24
  25static DEFINE_SPINLOCK(nth_lock);
  26
  27static bool
  28statistic_mt(const struct sk_buff *skb, const struct xt_match_param *par)
  29{
  30        struct xt_statistic_info *info = (void *)par->matchinfo;
  31        bool ret = info->flags & XT_STATISTIC_INVERT;
  32
  33        switch (info->mode) {
  34        case XT_STATISTIC_MODE_RANDOM:
  35                if ((net_random() & 0x7FFFFFFF) < info->u.random.probability)
  36                        ret = !ret;
  37                break;
  38        case XT_STATISTIC_MODE_NTH:
  39                info = info->master;
  40                spin_lock_bh(&nth_lock);
  41                if (info->u.nth.count++ == info->u.nth.every) {
  42                        info->u.nth.count = 0;
  43                        ret = !ret;
  44                }
  45                spin_unlock_bh(&nth_lock);
  46                break;
  47        }
  48
  49        return ret;
  50}
  51
  52static bool statistic_mt_check(const struct xt_mtchk_param *par)
  53{
  54        struct xt_statistic_info *info = par->matchinfo;
  55
  56        if (info->mode > XT_STATISTIC_MODE_MAX ||
  57            info->flags & ~XT_STATISTIC_MASK)
  58                return false;
  59        info->master = info;
  60        return true;
  61}
  62
  63static struct xt_match xt_statistic_mt_reg __read_mostly = {
  64        .name       = "statistic",
  65        .revision   = 0,
  66        .family     = NFPROTO_UNSPEC,
  67        .match      = statistic_mt,
  68        .checkentry = statistic_mt_check,
  69        .matchsize  = sizeof(struct xt_statistic_info),
  70        .me         = THIS_MODULE,
  71};
  72
  73static int __init statistic_mt_init(void)
  74{
  75        return xt_register_match(&xt_statistic_mt_reg);
  76}
  77
  78static void __exit statistic_mt_exit(void)
  79{
  80        xt_unregister_match(&xt_statistic_mt_reg);
  81}
  82
  83module_init(statistic_mt_init);
  84module_exit(statistic_mt_exit);
  85