Merge "netfilter: xt_socket: add XT_SOCKET_RESTORESKMARK flag"

enum {

	XT_SOCKET_TRANSPARENT = 1 << 0,

	XT_SOCKET_NOWILDCARD = 1 << 1,

	XT_SOCKET_RESTORESKMARK = 1 << 2,

};

struct xt_socket_mtinfo1 {

};

#define XT_SOCKET_FLAGS_V2 (XT_SOCKET_TRANSPARENT | XT_SOCKET_NOWILDCARD)

struct xt_socket_mtinfo3 {

	__u8 flags;

};

#define XT_SOCKET_FLAGS_V3 (XT_SOCKET_TRANSPARENT \

			   | XT_SOCKET_NOWILDCARD \

			   | XT_SOCKET_RESTORESKMARK)

struct sock *xt_socket_get4_sk(const struct sk_buff *skb,

			       struct xt_action_param *par);

struct sock *xt_socket_get6_sk(const struct sk_buff *skb,

socket_match(const struct sk_buff *skb, struct xt_action_param *par,

	     const struct xt_socket_mtinfo1 *info)

{

	struct sk_buff *pskb = (struct sk_buff *)skb;

	struct sock *sk;

	sk = xt_socket_get4_sk(skb, par);

				       (sk->sk_state == TCP_TIME_WAIT &&

					inet_twsk(sk)->tw_transparent));

		if (info->flags & XT_SOCKET_RESTORESKMARK && !wildcard &&

		    transparent)

			pskb->mark = sk->sk_mark;

		if (sk != skb->sk)

			sock_gen_put(sk);

}

static bool

socket_mt4_v1_v2(const struct sk_buff *skb, struct xt_action_param *par)

socket_mt4_v1_v2_v3(const struct sk_buff *skb, struct xt_action_param *par)

{

	return socket_match(skb, par, par->matchinfo);

}

EXPORT_SYMBOL(xt_socket_get6_sk);

static bool

socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par)

socket_mt6_v1_v2_v3(const struct sk_buff *skb, struct xt_action_param *par)

{

	struct sk_buff *pskb = (struct sk_buff *)skb;

	struct sock *sk;

	const struct xt_socket_mtinfo1 *info;

				       (sk->sk_state == TCP_TIME_WAIT &&

					inet_twsk(sk)->tw_transparent));

		if (info->flags & XT_SOCKET_RESTORESKMARK && !wildcard &&

		    transparent)

			pskb->mark = sk->sk_mark;

		if (sk != skb->sk)

			sock_gen_put(sk);

	return 0;

}

static int socket_mt_v3_check(const struct xt_mtchk_param *par)

{

	const struct xt_socket_mtinfo3 *info =

				     (struct xt_socket_mtinfo3 *)par->matchinfo;

	if (info->flags & ~XT_SOCKET_FLAGS_V3) {

		pr_info("unknown flags 0x%x\n",

			info->flags & ~XT_SOCKET_FLAGS_V3);

		return -EINVAL;

	}

	return 0;

}

static struct xt_match socket_mt_reg[] __read_mostly = {

	{

		.name		= "socket",

		.name		= "socket",

		.revision	= 1,

		.family		= NFPROTO_IPV4,

		.match		= socket_mt4_v1_v2,

		.match		= socket_mt4_v1_v2_v3,

		.checkentry	= socket_mt_v1_check,

		.matchsize	= sizeof(struct xt_socket_mtinfo1),

		.hooks		= (1 << NF_INET_PRE_ROUTING) |

		.name		= "socket",

		.revision	= 1,

		.family		= NFPROTO_IPV6,

		.match		= socket_mt6_v1_v2,

		.match		= socket_mt6_v1_v2_v3,

		.checkentry	= socket_mt_v1_check,

		.matchsize	= sizeof(struct xt_socket_mtinfo1),

		.hooks		= (1 << NF_INET_PRE_ROUTING) |

		.name		= "socket",

		.revision	= 2,

		.family		= NFPROTO_IPV4,

		.match		= socket_mt4_v1_v2,

		.match		= socket_mt4_v1_v2_v3,

		.checkentry	= socket_mt_v2_check,

		.matchsize	= sizeof(struct xt_socket_mtinfo1),

		.hooks		= (1 << NF_INET_PRE_ROUTING) |

		.name		= "socket",

		.revision	= 2,

		.family		= NFPROTO_IPV6,

		.match		= socket_mt6_v1_v2,

		.match		= socket_mt6_v1_v2_v3,

		.checkentry	= socket_mt_v2_check,

		.matchsize	= sizeof(struct xt_socket_mtinfo1),

		.hooks		= (1 << NF_INET_PRE_ROUTING) |

				  (1 << NF_INET_LOCAL_IN),

		.me		= THIS_MODULE,

	},

#endif

	{

		.name = "socket",

		.revision = 3,

		.family = NFPROTO_IPV4,

		.match = socket_mt4_v1_v2_v3,

		.checkentry = socket_mt_v3_check,

		.matchsize = sizeof(struct xt_socket_mtinfo1),

		.hooks = (1 << NF_INET_PRE_ROUTING) |

			 (1 << NF_INET_LOCAL_IN),

		.me = THIS_MODULE,

	},

#ifdef XT_SOCKET_HAVE_IPV6

	{

		.name = "socket",

		.revision = 3,

		.family = NFPROTO_IPV6,

		.match = socket_mt6_v1_v2_v3,

		.checkentry = socket_mt_v3_check,

		.matchsize = sizeof(struct xt_socket_mtinfo1),

		.hooks = (1 << NF_INET_PRE_ROUTING) |

			 (1 << NF_INET_LOCAL_IN),

		.me = THIS_MODULE,

	},

#endif

};