1/*
2 * Copyright (c) 2006 Patrick McHardy <kaber@trash.net>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 *
8 * Based on ipt_random and ipt_nth by Fabrice MARIE <fabrice@netfilter.org>.
9 */
10
11#include <linux/init.h>
12#include <linux/spinlock.h>
13#include <linux/skbuff.h>
14#include <linux/net.h>
15#include <linux/slab.h>
16
17#include <linux/netfilter/xt_statistic.h>
18#include <linux/netfilter/x_tables.h>
19#include <linux/module.h>
20
21struct xt_statistic_priv {
22	atomic_t count;
23} ____cacheline_aligned_in_smp;
24
25MODULE_LICENSE("GPL");
26MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
27MODULE_DESCRIPTION("Xtables: statistics-based matching (\"Nth\", random)");
28MODULE_ALIAS("ipt_statistic");
29MODULE_ALIAS("ip6t_statistic");
30
31static bool
32statistic_mt(const struct sk_buff *skb, struct xt_action_param *par)
33{
34	const struct xt_statistic_info *info = par->matchinfo;
35	bool ret = info->flags & XT_STATISTIC_INVERT;
36	int nval, oval;
37
38	switch (info->mode) {
39	case XT_STATISTIC_MODE_RANDOM:
40		if ((prandom_u32() & 0x7FFFFFFF) < info->u.random.probability)
41			ret = !ret;
42		break;
43	case XT_STATISTIC_MODE_NTH:
44		do {
45			oval = atomic_read(&info->master->count);
46			nval = (oval == info->u.nth.every) ? 0 : oval + 1;
47		} while (atomic_cmpxchg(&info->master->count, oval, nval) != oval);
48		if (nval == 0)
49			ret = !ret;
50		break;
51	}
52
53	return ret;
54}
55
56static int statistic_mt_check(const struct xt_mtchk_param *par)
57{
58	struct xt_statistic_info *info = par->matchinfo;
59
60	if (info->mode > XT_STATISTIC_MODE_MAX ||
61	    info->flags & ~XT_STATISTIC_MASK)
62		return -EINVAL;
63
64	info->master = kzalloc(sizeof(*info->master), GFP_KERNEL);
65	if (info->master == NULL)
66		return -ENOMEM;
67	atomic_set(&info->master->count, info->u.nth.count);
68
69	return 0;
70}
71
72static void statistic_mt_destroy(const struct xt_mtdtor_param *par)
73{
74	const struct xt_statistic_info *info = par->matchinfo;
75
76	kfree(info->master);
77}
78
79static struct xt_match xt_statistic_mt_reg __read_mostly = {
80	.name       = "statistic",
81	.revision   = 0,
82	.family     = NFPROTO_UNSPEC,
83	.match      = statistic_mt,
84	.checkentry = statistic_mt_check,
85	.destroy    = statistic_mt_destroy,
86	.matchsize  = sizeof(struct xt_statistic_info),
87	.me         = THIS_MODULE,
88};
89
90static int __init statistic_mt_init(void)
91{
92	return xt_register_match(&xt_statistic_mt_reg);
93}
94
95static void __exit statistic_mt_exit(void)
96{
97	xt_unregister_match(&xt_statistic_mt_reg);
98}
99
100module_init(statistic_mt_init);
101module_exit(statistic_mt_exit);
102