netfilter: nft_osf: Add ttl option support

		  const struct list_head *nf_osf_fingers);

const char *nf_osf_find(const struct sk_buff *skb,

                        const struct list_head *nf_osf_fingers);

			const struct list_head *nf_osf_fingers,

			const int ttl_check);

#endif /* _NFOSF_H */

};

#define NFTA_FLOWTABLE_HOOK_MAX	(__NFTA_FLOWTABLE_HOOK_MAX - 1)

/**

 * enum nft_osf_attributes - nftables osf expression netlink attributes

 *

 * @NFTA_OSF_DREG: destination register (NLA_U32: nft_registers)

 * @NFTA_OSF_TTL: Value of the TTL osf option (NLA_U8)

 */

enum nft_osf_attributes {

	NFTA_OSF_UNSPEC,

	NFTA_OSF_DREG,

	NFTA_OSF_TTL,

	__NFTA_OSF_MAX,

};

#define NFTA_OSF_MAX (__NFTA_OSF_MAX - 1)

static inline int nf_osf_ttl(const struct sk_buff *skb,

			     int ttl_check, unsigned char f_ttl)

{

	struct in_device *in_dev = __in_dev_get_rcu(skb->dev);

	const struct iphdr *ip = ip_hdr(skb);

	int ret = 0;

	if (ttl_check != -1) {

	if (ttl_check == NF_OSF_TTL_TRUE)

		return ip->ttl == f_ttl;

	if (ttl_check == NF_OSF_TTL_NOCHECK)

		return 1;

	else if (ip->ttl <= f_ttl)

		return 1;

		else {

			struct in_device *in_dev = __in_dev_get_rcu(skb->dev);

			int ret = 0;

	for_ifa(in_dev) {

		if (inet_ifa_match(ip->saddr, ifa)) {

			break;

		}

	}

	endfor_ifa(in_dev);

	return ret;

}

	}

	return ip->ttl == f_ttl;

}

struct nf_osf_hdr_ctx {

	bool			df;

	if (!tcp)

		return false;

	ttl_check = (info->flags & NF_OSF_TTL) ? info->ttl : -1;

	ttl_check = (info->flags & NF_OSF_TTL) ? info->ttl : 0;

	list_for_each_entry_rcu(kf, &nf_osf_fingers[ctx.df], finger_entry) {

EXPORT_SYMBOL_GPL(nf_osf_match);

const char *nf_osf_find(const struct sk_buff *skb,

			const struct list_head *nf_osf_fingers)

			const struct list_head *nf_osf_fingers,

			const int ttl_check)

{

	const struct iphdr *ip = ip_hdr(skb);

	const struct nf_osf_user_finger *f;

	list_for_each_entry_rcu(kf, &nf_osf_fingers[ctx.df], finger_entry) {

		f = &kf->finger;

		if (!nf_osf_match_one(skb, f, -1, &ctx))

		if (!nf_osf_match_one(skb, f, ttl_check, &ctx))

			continue;

		genre = f->genre;

struct nft_osf {

	enum nft_registers	dreg:8;

	u8			ttl;

};

static const struct nla_policy nft_osf_policy[NFTA_OSF_MAX + 1] = {

	[NFTA_OSF_DREG]		= { .type = NLA_U32 },

	[NFTA_OSF_TTL]		= { .type = NLA_U8 },

};

static void nft_osf_eval(const struct nft_expr *expr, struct nft_regs *regs,

		return;

	}

	os_name = nf_osf_find(skb, nf_osf_fingers);

	os_name = nf_osf_find(skb, nf_osf_fingers, priv->ttl);

	if (!os_name)

		strncpy((char *)dest, "unknown", NFT_OSF_MAXGENRELEN);

	else

{

	struct nft_osf *priv = nft_expr_priv(expr);

	int err;

	u8 ttl;

	if (nla_get_u8(tb[NFTA_OSF_TTL])) {

		ttl = nla_get_u8(tb[NFTA_OSF_TTL]);

		if (ttl > 2)

			return -EINVAL;

		priv->ttl = ttl;

	}

	priv->dreg = nft_parse_register(tb[NFTA_OSF_DREG]);

	err = nft_validate_register_store(ctx, priv->dreg, NULL,

{

	const struct nft_osf *priv = nft_expr_priv(expr);

	if (nla_put_u8(skb, NFTA_OSF_TTL, priv->ttl))

		goto nla_put_failure;

	if (nft_dump_register(skb, NFTA_OSF_DREG, priv->dreg))

		goto nla_put_failure;