From 2c3c1048746a4622d8c89a29670120dc8fab93c4 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 20:49:45 +0200
Subject: Adding upstream version 6.1.76.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 include/net/netfilter/nf_tables_ipv4.h | 86 ++++++++++++++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 include/net/netfilter/nf_tables_ipv4.h

(limited to 'include/net/netfilter/nf_tables_ipv4.h')

diff --git a/include/net/netfilter/nf_tables_ipv4.h b/include/net/netfilter/nf_tables_ipv4.h
new file mode 100644
index 000000000..5225d2bd1
--- /dev/null
+++ b/include/net/netfilter/nf_tables_ipv4.h
@@ -0,0 +1,86 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _NF_TABLES_IPV4_H_
+#define _NF_TABLES_IPV4_H_
+
+#include <net/netfilter/nf_tables.h>
+#include <net/ip.h>
+
+static inline void nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt)
+{
+	struct iphdr *ip;
+
+	ip = ip_hdr(pkt->skb);
+	pkt->flags = NFT_PKTINFO_L4PROTO;
+	pkt->tprot = ip->protocol;
+	pkt->thoff = ip_hdrlen(pkt->skb);
+	pkt->fragoff = ntohs(ip->frag_off) & IP_OFFSET;
+}
+
+static inline int __nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt)
+{
+	struct iphdr *iph, _iph;
+	u32 len, thoff;
+
+	iph = skb_header_pointer(pkt->skb, skb_network_offset(pkt->skb),
+				 sizeof(*iph), &_iph);
+	if (!iph)
+		return -1;
+
+	if (iph->ihl < 5 || iph->version != 4)
+		return -1;
+
+	len = iph_totlen(pkt->skb, iph);
+	thoff = skb_network_offset(pkt->skb) + (iph->ihl * 4);
+	if (pkt->skb->len < len)
+		return -1;
+	else if (len < thoff)
+		return -1;
+
+	pkt->flags = NFT_PKTINFO_L4PROTO;
+	pkt->tprot = iph->protocol;
+	pkt->thoff = thoff;
+	pkt->fragoff = ntohs(iph->frag_off) & IP_OFFSET;
+
+	return 0;
+}
+
+static inline void nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt)
+{
+	if (__nft_set_pktinfo_ipv4_validate(pkt) < 0)
+		nft_set_pktinfo_unspec(pkt);
+}
+
+static inline int nft_set_pktinfo_ipv4_ingress(struct nft_pktinfo *pkt)
+{
+	struct iphdr *iph;
+	u32 len, thoff;
+
+	if (!pskb_may_pull(pkt->skb, sizeof(*iph)))
+		return -1;
+
+	iph = ip_hdr(pkt->skb);
+	if (iph->ihl < 5 || iph->version != 4)
+		goto inhdr_error;
+
+	len = iph_totlen(pkt->skb, iph);
+	thoff = iph->ihl * 4;
+	if (pkt->skb->len < len) {
+		__IP_INC_STATS(nft_net(pkt), IPSTATS_MIB_INTRUNCATEDPKTS);
+		return -1;
+	} else if (len < thoff) {
+		goto inhdr_error;
+	}
+
+	pkt->flags = NFT_PKTINFO_L4PROTO;
+	pkt->tprot = iph->protocol;
+	pkt->thoff = thoff;
+	pkt->fragoff = ntohs(iph->frag_off) & IP_OFFSET;
+
+	return 0;
+
+inhdr_error:
+	__IP_INC_STATS(nft_net(pkt), IPSTATS_MIB_INHDRERRORS);
+	return -1;
+}
+
+#endif
-- 
cgit v1.2.3