1/* SPDX-License-Identifier: GPL-2.0 */
2
3#ifndef _NF_CONNTRACK_LABELS_H
4#define _NF_CONNTRACK_LABELS_H
5
6#include <linux/netfilter/nf_conntrack_common.h>
7#include <linux/netfilter/nf_conntrack_tuple_common.h>
8#include <linux/types.h>
9#include <net/net_namespace.h>
10#include <net/netfilter/nf_conntrack.h>
11#include <net/netfilter/nf_conntrack_extend.h>
12#include <uapi/linux/netfilter/xt_connlabel.h>
13
14#define NF_CT_LABELS_MAX_SIZE ((XT_CONNLABEL_MAXBIT + 1) / BITS_PER_BYTE)
15
16struct nf_conn_labels {
17 unsigned long bits[NF_CT_LABELS_MAX_SIZE / sizeof(long)];
18};
19
20/* Can't use nf_ct_ext_find(), flow dissector cannot use symbols
21 * exported by nf_conntrack module.
22 */
23static inline struct nf_conn_labels *nf_ct_labels_find(const struct nf_conn *ct)
24{
25#ifdef CONFIG_NF_CONNTRACK_LABELS
26 struct nf_ct_ext *ext = ct->ext;
27
28 if (!ext || !__nf_ct_ext_exist(ext, id: NF_CT_EXT_LABELS))
29 return NULL;
30
31 return (void *)ct->ext + ct->ext->offset[NF_CT_EXT_LABELS];
32#else
33 return NULL;
34#endif
35}
36
37static inline struct nf_conn_labels *nf_ct_labels_ext_add(struct nf_conn *ct)
38{
39#ifdef CONFIG_NF_CONNTRACK_LABELS
40 struct net *net = nf_ct_net(ct);
41
42 if (atomic_read(v: &net->ct.labels_used) == 0)
43 return NULL;
44
45 return nf_ct_ext_add(ct, id: NF_CT_EXT_LABELS, GFP_ATOMIC);
46#else
47 return NULL;
48#endif
49}
50
51int nf_connlabels_replace(struct nf_conn *ct,
52 const u32 *data, const u32 *mask, unsigned int words);
53
54#ifdef CONFIG_NF_CONNTRACK_LABELS
55int nf_connlabels_get(struct net *net, unsigned int bit);
56void nf_connlabels_put(struct net *net);
57#else
58static inline int nf_connlabels_get(struct net *net, unsigned int bit) { return 0; }
59static inline void nf_connlabels_put(struct net *net) {}
60#endif
61
62#endif /* _NF_CONNTRACK_LABELS_H */
63

source code of linux/include/net/netfilter/nf_conntrack_labels.h