tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / netfilter / nfnetlink_queue.c
at v2.6.14-rc3 1127 lines 27 kB view raw
1/* 2 * This is a module which is used for queueing packets and communicating with 3 * userspace via nfetlink. 4 * 5 * (C) 2005 by Harald Welte <laforge@netfilter.org> 6 * 7 * Based on the old ipv4-only ip_queue.c: 8 * (C) 2000-2002 James Morris <jmorris@intercode.com.au> 9 * (C) 2003-2005 Netfilter Core Team <coreteam@netfilter.org> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 * 15 */ 16#include <linux/module.h> 17#include <linux/skbuff.h> 18#include <linux/init.h> 19#include <linux/spinlock.h> 20#include <linux/notifier.h> 21#include <linux/netdevice.h> 22#include <linux/netfilter.h> 23#include <linux/proc_fs.h> 24#include <linux/netfilter_ipv4.h> 25#include <linux/netfilter_ipv6.h> 26#include <linux/netfilter/nfnetlink.h> 27#include <linux/netfilter/nfnetlink_queue.h> 28#include <linux/list.h> 29#include <net/sock.h> 30 31#include <asm/atomic.h> 32 33#ifdef CONFIG_BRIDGE_NETFILTER 34#include "../bridge/br_private.h" 35#endif 36 37#define NFQNL_QMAX_DEFAULT 1024 38 39#if 0 40#define QDEBUG(x, args ...) printk(KERN_DEBUG "%s(%d):%s(): " x, \ 41 __FILE__, __LINE__, __FUNCTION__, \ 42 ## args) 43#else 44#define QDEBUG(x, ...) 45#endif 46 47struct nfqnl_queue_entry { 48 struct list_head list; 49 struct nf_info *info; 50 struct sk_buff *skb; 51 unsigned int id; 52}; 53 54struct nfqnl_instance { 55 struct hlist_node hlist; /* global list of queues */ 56 atomic_t use; 57 58 int peer_pid; 59 unsigned int queue_maxlen; 60 unsigned int copy_range; 61 unsigned int queue_total; 62 unsigned int queue_dropped; 63 unsigned int queue_user_dropped; 64 65 atomic_t id_sequence; /* 'sequence' of pkt ids */ 66 67 u_int16_t queue_num; /* number of this queue */ 68 u_int8_t copy_mode; 69 70 spinlock_t lock; 71 72 struct list_head queue_list; /* packets in queue */ 73}; 74 75typedef int (*nfqnl_cmpfn)(struct nfqnl_queue_entry *, unsigned long); 76 77static DEFINE_RWLOCK(instances_lock); 78 79#define INSTANCE_BUCKETS 16 80static struct hlist_head instance_table[INSTANCE_BUCKETS]; 81 82static inline u_int8_t instance_hashfn(u_int16_t queue_num) 83{ 84 return ((queue_num >> 8) | queue_num) % INSTANCE_BUCKETS; 85} 86 87static struct nfqnl_instance * 88__instance_lookup(u_int16_t queue_num) 89{ 90 struct hlist_head *head; 91 struct hlist_node *pos; 92 struct nfqnl_instance *inst; 93 94 head = &instance_table[instance_hashfn(queue_num)]; 95 hlist_for_each_entry(inst, pos, head, hlist) { 96 if (inst->queue_num == queue_num) 97 return inst; 98 } 99 return NULL; 100} 101 102static struct nfqnl_instance * 103instance_lookup_get(u_int16_t queue_num) 104{ 105 struct nfqnl_instance *inst; 106 107 read_lock_bh(&instances_lock); 108 inst = __instance_lookup(queue_num); 109 if (inst) 110 atomic_inc(&inst->use); 111 read_unlock_bh(&instances_lock); 112 113 return inst; 114} 115 116static void 117instance_put(struct nfqnl_instance *inst) 118{ 119 if (inst && atomic_dec_and_test(&inst->use)) { 120 QDEBUG("kfree(inst=%p)\n", inst); 121 kfree(inst); 122 } 123} 124 125static struct nfqnl_instance * 126instance_create(u_int16_t queue_num, int pid) 127{ 128 struct nfqnl_instance *inst; 129 130 QDEBUG("entering for queue_num=%u, pid=%d\n", queue_num, pid); 131 132 write_lock_bh(&instances_lock); 133 if (__instance_lookup(queue_num)) { 134 inst = NULL; 135 QDEBUG("aborting, instance already exists\n"); 136 goto out_unlock; 137 } 138 139 inst = kmalloc(sizeof(*inst), GFP_ATOMIC); 140 if (!inst) 141 goto out_unlock; 142 143 memset(inst, 0, sizeof(*inst)); 144 inst->queue_num = queue_num; 145 inst->peer_pid = pid; 146 inst->queue_maxlen = NFQNL_QMAX_DEFAULT; 147 inst->copy_range = 0xfffff; 148 inst->copy_mode = NFQNL_COPY_NONE; 149 atomic_set(&inst->id_sequence, 0); 150 /* needs to be two, since we _put() after creation */ 151 atomic_set(&inst->use, 2); 152 inst->lock = SPIN_LOCK_UNLOCKED; 153 INIT_LIST_HEAD(&inst->queue_list); 154 155 if (!try_module_get(THIS_MODULE)) 156 goto out_free; 157 158 hlist_add_head(&inst->hlist, 159 &instance_table[instance_hashfn(queue_num)]); 160 161 write_unlock_bh(&instances_lock); 162 163 QDEBUG("successfully created new instance\n"); 164 165 return inst; 166 167out_free: 168 kfree(inst); 169out_unlock: 170 write_unlock_bh(&instances_lock); 171 return NULL; 172} 173 174static void nfqnl_flush(struct nfqnl_instance *queue, int verdict); 175 176static void 177_instance_destroy2(struct nfqnl_instance *inst, int lock) 178{ 179 /* first pull it out of the global list */ 180 if (lock) 181 write_lock_bh(&instances_lock); 182 183 QDEBUG("removing instance %p (queuenum=%u) from hash\n", 184 inst, inst->queue_num); 185 hlist_del(&inst->hlist); 186 187 if (lock) 188 write_unlock_bh(&instances_lock); 189 190 /* then flush all pending skbs from the queue */ 191 nfqnl_flush(inst, NF_DROP); 192 193 /* and finally put the refcount */ 194 instance_put(inst); 195 196 module_put(THIS_MODULE); 197} 198 199static inline void 200__instance_destroy(struct nfqnl_instance *inst) 201{ 202 _instance_destroy2(inst, 0); 203} 204 205static inline void 206instance_destroy(struct nfqnl_instance *inst) 207{ 208 _instance_destroy2(inst, 1); 209} 210 211 212 213static void 214issue_verdict(struct nfqnl_queue_entry *entry, int verdict) 215{ 216 QDEBUG("entering for entry %p, verdict %u\n", entry, verdict); 217 218 /* TCP input path (and probably other bits) assume to be called 219 * from softirq context, not from syscall, like issue_verdict is 220 * called. TCP input path deadlocks with locks taken from timer 221 * softirq, e.g. We therefore emulate this by local_bh_disable() */ 222 223 local_bh_disable(); 224 nf_reinject(entry->skb, entry->info, verdict); 225 local_bh_enable(); 226 227 kfree(entry); 228} 229 230static inline void 231__enqueue_entry(struct nfqnl_instance *queue, 232 struct nfqnl_queue_entry *entry) 233{ 234 list_add(&entry->list, &queue->queue_list); 235 queue->queue_total++; 236} 237 238/* 239 * Find and return a queued entry matched by cmpfn, or return the last 240 * entry if cmpfn is NULL. 241 */ 242static inline struct nfqnl_queue_entry * 243__find_entry(struct nfqnl_instance *queue, nfqnl_cmpfn cmpfn, 244 unsigned long data) 245{ 246 struct list_head *p; 247 248 list_for_each_prev(p, &queue->queue_list) { 249 struct nfqnl_queue_entry *entry = (struct nfqnl_queue_entry *)p; 250 251 if (!cmpfn || cmpfn(entry, data)) 252 return entry; 253 } 254 return NULL; 255} 256 257static inline void 258__dequeue_entry(struct nfqnl_instance *q, struct nfqnl_queue_entry *entry) 259{ 260 list_del(&entry->list); 261 q->queue_total--; 262} 263 264static inline struct nfqnl_queue_entry * 265__find_dequeue_entry(struct nfqnl_instance *queue, 266 nfqnl_cmpfn cmpfn, unsigned long data) 267{ 268 struct nfqnl_queue_entry *entry; 269 270 entry = __find_entry(queue, cmpfn, data); 271 if (entry == NULL) 272 return NULL; 273 274 __dequeue_entry(queue, entry); 275 return entry; 276} 277 278 279static inline void 280__nfqnl_flush(struct nfqnl_instance *queue, int verdict) 281{ 282 struct nfqnl_queue_entry *entry; 283 284 while ((entry = __find_dequeue_entry(queue, NULL, 0))) 285 issue_verdict(entry, verdict); 286} 287 288static inline int 289__nfqnl_set_mode(struct nfqnl_instance *queue, 290 unsigned char mode, unsigned int range) 291{ 292 int status = 0; 293 294 switch (mode) { 295 case NFQNL_COPY_NONE: 296 case NFQNL_COPY_META: 297 queue->copy_mode = mode; 298 queue->copy_range = 0; 299 break; 300 301 case NFQNL_COPY_PACKET: 302 queue->copy_mode = mode; 303 /* we're using struct nfattr which has 16bit nfa_len */ 304 if (range > 0xffff) 305 queue->copy_range = 0xffff; 306 else 307 queue->copy_range = range; 308 break; 309 310 default: 311 status = -EINVAL; 312 313 } 314 return status; 315} 316 317static struct nfqnl_queue_entry * 318find_dequeue_entry(struct nfqnl_instance *queue, 319 nfqnl_cmpfn cmpfn, unsigned long data) 320{ 321 struct nfqnl_queue_entry *entry; 322 323 spin_lock_bh(&queue->lock); 324 entry = __find_dequeue_entry(queue, cmpfn, data); 325 spin_unlock_bh(&queue->lock); 326 327 return entry; 328} 329 330static void 331nfqnl_flush(struct nfqnl_instance *queue, int verdict) 332{ 333 spin_lock_bh(&queue->lock); 334 __nfqnl_flush(queue, verdict); 335 spin_unlock_bh(&queue->lock); 336} 337 338static struct sk_buff * 339nfqnl_build_packet_message(struct nfqnl_instance *queue, 340 struct nfqnl_queue_entry *entry, int *errp) 341{ 342 unsigned char *old_tail; 343 size_t size; 344 size_t data_len = 0; 345 struct sk_buff *skb; 346 struct nfqnl_msg_packet_hdr pmsg; 347 struct nlmsghdr *nlh; 348 struct nfgenmsg *nfmsg; 349 unsigned int tmp_uint; 350 351 QDEBUG("entered\n"); 352 353 /* all macros expand to constant values at compile time */ 354 size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) 355 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ 356 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ 357#ifdef CONFIG_BRIDGE_NETFILTER 358 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ 359 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ 360#endif 361 + NLMSG_SPACE(sizeof(u_int32_t)) /* mark */ 362 + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw)) 363 + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); 364 365 spin_lock_bh(&queue->lock); 366 367 switch (queue->copy_mode) { 368 case NFQNL_COPY_META: 369 case NFQNL_COPY_NONE: 370 data_len = 0; 371 break; 372 373 case NFQNL_COPY_PACKET: 374 if (entry->skb->ip_summed == CHECKSUM_HW && 375 (*errp = skb_checksum_help(entry->skb, 376 entry->info->outdev == NULL))) { 377 spin_unlock_bh(&queue->lock); 378 return NULL; 379 } 380 if (queue->copy_range == 0 381 || queue->copy_range > entry->skb->len) 382 data_len = entry->skb->len; 383 else 384 data_len = queue->copy_range; 385 386 size += NLMSG_SPACE(data_len); 387 break; 388 389 default: 390 *errp = -EINVAL; 391 spin_unlock_bh(&queue->lock); 392 return NULL; 393 } 394 395 spin_unlock_bh(&queue->lock); 396 397 skb = alloc_skb(size, GFP_ATOMIC); 398 if (!skb) 399 goto nlmsg_failure; 400 401 old_tail= skb->tail; 402 nlh = NLMSG_PUT(skb, 0, 0, 403 NFNL_SUBSYS_QUEUE << 8 | NFQNL_MSG_PACKET, 404 sizeof(struct nfgenmsg)); 405 nfmsg = NLMSG_DATA(nlh); 406 nfmsg->nfgen_family = entry->info->pf; 407 nfmsg->version = NFNETLINK_V0; 408 nfmsg->res_id = htons(queue->queue_num); 409 410 pmsg.packet_id = htonl(entry->id); 411 pmsg.hw_protocol = htons(entry->skb->protocol); 412 pmsg.hook = entry->info->hook; 413 414 NFA_PUT(skb, NFQA_PACKET_HDR, sizeof(pmsg), &pmsg); 415 416 if (entry->info->indev) { 417 tmp_uint = htonl(entry->info->indev->ifindex); 418#ifndef CONFIG_BRIDGE_NETFILTER 419 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); 420#else 421 if (entry->info->pf == PF_BRIDGE) { 422 /* Case 1: indev is physical input device, we need to 423 * look for bridge group (when called from 424 * netfilter_bridge) */ 425 NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint), 426 &tmp_uint); 427 /* this is the bridge group "brX" */ 428 tmp_uint = htonl(entry->info->indev->br_port->br->dev->ifindex); 429 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), 430 &tmp_uint); 431 } else { 432 /* Case 2: indev is bridge group, we need to look for 433 * physical device (when called from ipv4) */ 434 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), 435 &tmp_uint); 436 if (entry->skb->nf_bridge 437 && entry->skb->nf_bridge->physindev) { 438 tmp_uint = htonl(entry->skb->nf_bridge->physindev->ifindex); 439 NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, 440 sizeof(tmp_uint), &tmp_uint); 441 } 442 } 443#endif 444 } 445 446 if (entry->info->outdev) { 447 tmp_uint = htonl(entry->info->outdev->ifindex); 448#ifndef CONFIG_BRIDGE_NETFILTER 449 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); 450#else 451 if (entry->info->pf == PF_BRIDGE) { 452 /* Case 1: outdev is physical output device, we need to 453 * look for bridge group (when called from 454 * netfilter_bridge) */ 455 NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint), 456 &tmp_uint); 457 /* this is the bridge group "brX" */ 458 tmp_uint = htonl(entry->info->outdev->br_port->br->dev->ifindex); 459 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), 460 &tmp_uint); 461 } else { 462 /* Case 2: outdev is bridge group, we need to look for 463 * physical output device (when called from ipv4) */ 464 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), 465 &tmp_uint); 466 if (entry->skb->nf_bridge 467 && entry->skb->nf_bridge->physoutdev) { 468 tmp_uint = htonl(entry->skb->nf_bridge->physoutdev->ifindex); 469 NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, 470 sizeof(tmp_uint), &tmp_uint); 471 } 472 } 473#endif 474 } 475 476 if (entry->skb->nfmark) { 477 tmp_uint = htonl(entry->skb->nfmark); 478 NFA_PUT(skb, NFQA_MARK, sizeof(u_int32_t), &tmp_uint); 479 } 480 481 if (entry->info->indev && entry->skb->dev 482 && entry->skb->dev->hard_header_parse) { 483 struct nfqnl_msg_packet_hw phw; 484 485 phw.hw_addrlen = 486 entry->skb->dev->hard_header_parse(entry->skb, 487 phw.hw_addr); 488 phw.hw_addrlen = htons(phw.hw_addrlen); 489 NFA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw); 490 } 491 492 if (entry->skb->tstamp.off_sec) { 493 struct nfqnl_msg_packet_timestamp ts; 494 495 ts.sec = cpu_to_be64(skb_tv_base.tv_sec + entry->skb->tstamp.off_sec); 496 ts.usec = cpu_to_be64(skb_tv_base.tv_usec + entry->skb->tstamp.off_usec); 497 498 NFA_PUT(skb, NFQA_TIMESTAMP, sizeof(ts), &ts); 499 } 500 501 if (data_len) { 502 struct nfattr *nfa; 503 int size = NFA_LENGTH(data_len); 504 505 if (skb_tailroom(skb) < (int)NFA_SPACE(data_len)) { 506 printk(KERN_WARNING "nf_queue: no tailroom!\n"); 507 goto nlmsg_failure; 508 } 509 510 nfa = (struct nfattr *)skb_put(skb, NFA_ALIGN(size)); 511 nfa->nfa_type = NFQA_PAYLOAD; 512 nfa->nfa_len = size; 513 514 if (skb_copy_bits(entry->skb, 0, NFA_DATA(nfa), data_len)) 515 BUG(); 516 } 517 518 nlh->nlmsg_len = skb->tail - old_tail; 519 return skb; 520 521nlmsg_failure: 522nfattr_failure: 523 if (skb) 524 kfree_skb(skb); 525 *errp = -EINVAL; 526 if (net_ratelimit()) 527 printk(KERN_ERR "nf_queue: error creating packet message\n"); 528 return NULL; 529} 530 531static int 532nfqnl_enqueue_packet(struct sk_buff *skb, struct nf_info *info, 533 unsigned int queuenum, void *data) 534{ 535 int status = -EINVAL; 536 struct sk_buff *nskb; 537 struct nfqnl_instance *queue; 538 struct nfqnl_queue_entry *entry; 539 540 QDEBUG("entered\n"); 541 542 queue = instance_lookup_get(queuenum); 543 if (!queue) { 544 QDEBUG("no queue instance matching\n"); 545 return -EINVAL; 546 } 547 548 if (queue->copy_mode == NFQNL_COPY_NONE) { 549 QDEBUG("mode COPY_NONE, aborting\n"); 550 status = -EAGAIN; 551 goto err_out_put; 552 } 553 554 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 555 if (entry == NULL) { 556 if (net_ratelimit()) 557 printk(KERN_ERR 558 "nf_queue: OOM in nfqnl_enqueue_packet()\n"); 559 status = -ENOMEM; 560 goto err_out_put; 561 } 562 563 entry->info = info; 564 entry->skb = skb; 565 entry->id = atomic_inc_return(&queue->id_sequence); 566 567 nskb = nfqnl_build_packet_message(queue, entry, &status); 568 if (nskb == NULL) 569 goto err_out_free; 570 571 spin_lock_bh(&queue->lock); 572 573 if (!queue->peer_pid) 574 goto err_out_free_nskb; 575 576 if (queue->queue_total >= queue->queue_maxlen) { 577 queue->queue_dropped++; 578 status = -ENOSPC; 579 if (net_ratelimit()) 580 printk(KERN_WARNING "ip_queue: full at %d entries, " 581 "dropping packets(s). Dropped: %d\n", 582 queue->queue_total, queue->queue_dropped); 583 goto err_out_free_nskb; 584 } 585 586 /* nfnetlink_unicast will either free the nskb or add it to a socket */ 587 status = nfnetlink_unicast(nskb, queue->peer_pid, MSG_DONTWAIT); 588 if (status < 0) { 589 queue->queue_user_dropped++; 590 goto err_out_unlock; 591 } 592 593 __enqueue_entry(queue, entry); 594 595 spin_unlock_bh(&queue->lock); 596 instance_put(queue); 597 return status; 598 599err_out_free_nskb: 600 kfree_skb(nskb); 601 602err_out_unlock: 603 spin_unlock_bh(&queue->lock); 604 605err_out_free: 606 kfree(entry); 607err_out_put: 608 instance_put(queue); 609 return status; 610} 611 612static int 613nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) 614{ 615 int diff; 616 617 diff = data_len - e->skb->len; 618 if (diff < 0) 619 skb_trim(e->skb, data_len); 620 else if (diff > 0) { 621 if (data_len > 0xFFFF) 622 return -EINVAL; 623 if (diff > skb_tailroom(e->skb)) { 624 struct sk_buff *newskb; 625 626 newskb = skb_copy_expand(e->skb, 627 skb_headroom(e->skb), 628 diff, 629 GFP_ATOMIC); 630 if (newskb == NULL) { 631 printk(KERN_WARNING "ip_queue: OOM " 632 "in mangle, dropping packet\n"); 633 return -ENOMEM; 634 } 635 if (e->skb->sk) 636 skb_set_owner_w(newskb, e->skb->sk); 637 kfree_skb(e->skb); 638 e->skb = newskb; 639 } 640 skb_put(e->skb, diff); 641 } 642 if (!skb_make_writable(&e->skb, data_len)) 643 return -ENOMEM; 644 memcpy(e->skb->data, data, data_len); 645 e->skb->ip_summed = CHECKSUM_NONE; 646 return 0; 647} 648 649static inline int 650id_cmp(struct nfqnl_queue_entry *e, unsigned long id) 651{ 652 return (id == e->id); 653} 654 655static int 656nfqnl_set_mode(struct nfqnl_instance *queue, 657 unsigned char mode, unsigned int range) 658{ 659 int status; 660 661 spin_lock_bh(&queue->lock); 662 status = __nfqnl_set_mode(queue, mode, range); 663 spin_unlock_bh(&queue->lock); 664 665 return status; 666} 667 668static int 669dev_cmp(struct nfqnl_queue_entry *entry, unsigned long ifindex) 670{ 671 if (entry->info->indev) 672 if (entry->info->indev->ifindex == ifindex) 673 return 1; 674 675 if (entry->info->outdev) 676 if (entry->info->outdev->ifindex == ifindex) 677 return 1; 678 679 return 0; 680} 681 682/* drop all packets with either indev or outdev == ifindex from all queue 683 * instances */ 684static void 685nfqnl_dev_drop(int ifindex) 686{ 687 int i; 688 689 QDEBUG("entering for ifindex %u\n", ifindex); 690 691 /* this only looks like we have to hold the readlock for a way too long 692 * time, issue_verdict(), nf_reinject(), ... - but we always only 693 * issue NF_DROP, which is processed directly in nf_reinject() */ 694 read_lock_bh(&instances_lock); 695 696 for (i = 0; i < INSTANCE_BUCKETS; i++) { 697 struct hlist_node *tmp; 698 struct nfqnl_instance *inst; 699 struct hlist_head *head = &instance_table[i]; 700 701 hlist_for_each_entry(inst, tmp, head, hlist) { 702 struct nfqnl_queue_entry *entry; 703 while ((entry = find_dequeue_entry(inst, dev_cmp, 704 ifindex)) != NULL) 705 issue_verdict(entry, NF_DROP); 706 } 707 } 708 709 read_unlock_bh(&instances_lock); 710} 711 712#define RCV_SKB_FAIL(err) do { netlink_ack(skb, nlh, (err)); return; } while (0) 713 714static int 715nfqnl_rcv_dev_event(struct notifier_block *this, 716 unsigned long event, void *ptr) 717{ 718 struct net_device *dev = ptr; 719 720 /* Drop any packets associated with the downed device */ 721 if (event == NETDEV_DOWN) 722 nfqnl_dev_drop(dev->ifindex); 723 return NOTIFY_DONE; 724} 725 726static struct notifier_block nfqnl_dev_notifier = { 727 .notifier_call = nfqnl_rcv_dev_event, 728}; 729 730static int 731nfqnl_rcv_nl_event(struct notifier_block *this, 732 unsigned long event, void *ptr) 733{ 734 struct netlink_notify *n = ptr; 735 736 if (event == NETLINK_URELEASE && 737 n->protocol == NETLINK_NETFILTER && n->pid) { 738 int i; 739 740 /* destroy all instances for this pid */ 741 write_lock_bh(&instances_lock); 742 for (i = 0; i < INSTANCE_BUCKETS; i++) { 743 struct hlist_node *tmp, *t2; 744 struct nfqnl_instance *inst; 745 struct hlist_head *head = &instance_table[i]; 746 747 hlist_for_each_entry_safe(inst, tmp, t2, head, hlist) { 748 if (n->pid == inst->peer_pid) 749 __instance_destroy(inst); 750 } 751 } 752 write_unlock_bh(&instances_lock); 753 } 754 return NOTIFY_DONE; 755} 756 757static struct notifier_block nfqnl_rtnl_notifier = { 758 .notifier_call = nfqnl_rcv_nl_event, 759}; 760 761static const int nfqa_verdict_min[NFQA_MAX] = { 762 [NFQA_VERDICT_HDR-1] = sizeof(struct nfqnl_msg_verdict_hdr), 763 [NFQA_MARK-1] = sizeof(u_int32_t), 764 [NFQA_PAYLOAD-1] = 0, 765}; 766 767static int 768nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb, 769 struct nlmsghdr *nlh, struct nfattr *nfqa[], int *errp) 770{ 771 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); 772 u_int16_t queue_num = ntohs(nfmsg->res_id); 773 774 struct nfqnl_msg_verdict_hdr *vhdr; 775 struct nfqnl_instance *queue; 776 unsigned int verdict; 777 struct nfqnl_queue_entry *entry; 778 int err; 779 780 if (nfattr_bad_size(nfqa, NFQA_MAX, nfqa_verdict_min)) { 781 QDEBUG("bad attribute size\n"); 782 return -EINVAL; 783 } 784 785 queue = instance_lookup_get(queue_num); 786 if (!queue) 787 return -ENODEV; 788 789 if (queue->peer_pid != NETLINK_CB(skb).pid) { 790 err = -EPERM; 791 goto err_out_put; 792 } 793 794 if (!nfqa[NFQA_VERDICT_HDR-1]) { 795 err = -EINVAL; 796 goto err_out_put; 797 } 798 799 vhdr = NFA_DATA(nfqa[NFQA_VERDICT_HDR-1]); 800 verdict = ntohl(vhdr->verdict); 801 802 if ((verdict & NF_VERDICT_MASK) > NF_MAX_VERDICT) { 803 err = -EINVAL; 804 goto err_out_put; 805 } 806 807 entry = find_dequeue_entry(queue, id_cmp, ntohl(vhdr->id)); 808 if (entry == NULL) { 809 err = -ENOENT; 810 goto err_out_put; 811 } 812 813 if (nfqa[NFQA_PAYLOAD-1]) { 814 if (nfqnl_mangle(NFA_DATA(nfqa[NFQA_PAYLOAD-1]), 815 NFA_PAYLOAD(nfqa[NFQA_PAYLOAD-1]), entry) < 0) 816 verdict = NF_DROP; 817 } 818 819 if (nfqa[NFQA_MARK-1]) 820 skb->nfmark = ntohl(*(u_int32_t *)NFA_DATA(nfqa[NFQA_MARK-1])); 821 822 issue_verdict(entry, verdict); 823 instance_put(queue); 824 return 0; 825 826err_out_put: 827 instance_put(queue); 828 return err; 829} 830 831static int 832nfqnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb, 833 struct nlmsghdr *nlh, struct nfattr *nfqa[], int *errp) 834{ 835 return -ENOTSUPP; 836} 837 838static const int nfqa_cfg_min[NFQA_CFG_MAX] = { 839 [NFQA_CFG_CMD-1] = sizeof(struct nfqnl_msg_config_cmd), 840 [NFQA_CFG_PARAMS-1] = sizeof(struct nfqnl_msg_config_params), 841}; 842 843static struct nf_queue_handler nfqh = { 844 .name = "nf_queue", 845 .outfn = &nfqnl_enqueue_packet, 846}; 847 848static int 849nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb, 850 struct nlmsghdr *nlh, struct nfattr *nfqa[], int *errp) 851{ 852 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); 853 u_int16_t queue_num = ntohs(nfmsg->res_id); 854 struct nfqnl_instance *queue; 855 int ret = 0; 856 857 QDEBUG("entering for msg %u\n", NFNL_MSG_TYPE(nlh->nlmsg_type)); 858 859 if (nfattr_bad_size(nfqa, NFQA_CFG_MAX, nfqa_cfg_min)) { 860 QDEBUG("bad attribute size\n"); 861 return -EINVAL; 862 } 863 864 queue = instance_lookup_get(queue_num); 865 if (nfqa[NFQA_CFG_CMD-1]) { 866 struct nfqnl_msg_config_cmd *cmd; 867 cmd = NFA_DATA(nfqa[NFQA_CFG_CMD-1]); 868 QDEBUG("found CFG_CMD\n"); 869 870 switch (cmd->command) { 871 case NFQNL_CFG_CMD_BIND: 872 if (queue) 873 return -EBUSY; 874 875 queue = instance_create(queue_num, NETLINK_CB(skb).pid); 876 if (!queue) 877 return -EINVAL; 878 break; 879 case NFQNL_CFG_CMD_UNBIND: 880 if (!queue) 881 return -ENODEV; 882 883 if (queue->peer_pid != NETLINK_CB(skb).pid) { 884 ret = -EPERM; 885 goto out_put; 886 } 887 888 instance_destroy(queue); 889 break; 890 case NFQNL_CFG_CMD_PF_BIND: 891 QDEBUG("registering queue handler for pf=%u\n", 892 ntohs(cmd->pf)); 893 ret = nf_register_queue_handler(ntohs(cmd->pf), &nfqh); 894 break; 895 case NFQNL_CFG_CMD_PF_UNBIND: 896 QDEBUG("unregistering queue handler for pf=%u\n", 897 ntohs(cmd->pf)); 898 /* This is a bug and a feature. We can unregister 899 * other handlers(!) */ 900 ret = nf_unregister_queue_handler(ntohs(cmd->pf)); 901 break; 902 default: 903 ret = -EINVAL; 904 break; 905 } 906 } else { 907 if (!queue) { 908 QDEBUG("no config command, and no instance ENOENT\n"); 909 ret = -ENOENT; 910 goto out_put; 911 } 912 913 if (queue->peer_pid != NETLINK_CB(skb).pid) { 914 QDEBUG("no config command, and wrong pid\n"); 915 ret = -EPERM; 916 goto out_put; 917 } 918 } 919 920 if (nfqa[NFQA_CFG_PARAMS-1]) { 921 struct nfqnl_msg_config_params *params; 922 params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]); 923 924 nfqnl_set_mode(queue, params->copy_mode, 925 ntohl(params->copy_range)); 926 } 927 928out_put: 929 instance_put(queue); 930 return ret; 931} 932 933static struct nfnl_callback nfqnl_cb[NFQNL_MSG_MAX] = { 934 [NFQNL_MSG_PACKET] = { .call = nfqnl_recv_unsupp, 935 .attr_count = NFQA_MAX, 936 .cap_required = CAP_NET_ADMIN }, 937 [NFQNL_MSG_VERDICT] = { .call = nfqnl_recv_verdict, 938 .attr_count = NFQA_MAX, 939 .cap_required = CAP_NET_ADMIN }, 940 [NFQNL_MSG_CONFIG] = { .call = nfqnl_recv_config, 941 .attr_count = NFQA_CFG_MAX, 942 .cap_required = CAP_NET_ADMIN }, 943}; 944 945static struct nfnetlink_subsystem nfqnl_subsys = { 946 .name = "nf_queue", 947 .subsys_id = NFNL_SUBSYS_QUEUE, 948 .cb_count = NFQNL_MSG_MAX, 949 .cb = nfqnl_cb, 950}; 951 952#ifdef CONFIG_PROC_FS 953struct iter_state { 954 unsigned int bucket; 955}; 956 957static struct hlist_node *get_first(struct seq_file *seq) 958{ 959 struct iter_state *st = seq->private; 960 961 if (!st) 962 return NULL; 963 964 for (st->bucket = 0; st->bucket < INSTANCE_BUCKETS; st->bucket++) { 965 if (!hlist_empty(&instance_table[st->bucket])) 966 return instance_table[st->bucket].first; 967 } 968 return NULL; 969} 970 971static struct hlist_node *get_next(struct seq_file *seq, struct hlist_node *h) 972{ 973 struct iter_state *st = seq->private; 974 975 h = h->next; 976 while (!h) { 977 if (++st->bucket >= INSTANCE_BUCKETS) 978 return NULL; 979 980 h = instance_table[st->bucket].first; 981 } 982 return h; 983} 984 985static struct hlist_node *get_idx(struct seq_file *seq, loff_t pos) 986{ 987 struct hlist_node *head; 988 head = get_first(seq); 989 990 if (head) 991 while (pos && (head = get_next(seq, head))) 992 pos--; 993 return pos ? NULL : head; 994} 995 996static void *seq_start(struct seq_file *seq, loff_t *pos) 997{ 998 read_lock_bh(&instances_lock); 999 return get_idx(seq, *pos); 1000} 1001 1002static void *seq_next(struct seq_file *s, void *v, loff_t *pos) 1003{ 1004 (*pos)++; 1005 return get_next(s, v); 1006} 1007 1008static void seq_stop(struct seq_file *s, void *v) 1009{ 1010 read_unlock_bh(&instances_lock); 1011} 1012 1013static int seq_show(struct seq_file *s, void *v) 1014{ 1015 const struct nfqnl_instance *inst = v; 1016 1017 return seq_printf(s, "%5d %6d %5d %1d %5d %5d %5d %8d %2d\n", 1018 inst->queue_num, 1019 inst->peer_pid, inst->queue_total, 1020 inst->copy_mode, inst->copy_range, 1021 inst->queue_dropped, inst->queue_user_dropped, 1022 atomic_read(&inst->id_sequence), 1023 atomic_read(&inst->use)); 1024} 1025 1026static struct seq_operations nfqnl_seq_ops = { 1027 .start = seq_start, 1028 .next = seq_next, 1029 .stop = seq_stop, 1030 .show = seq_show, 1031}; 1032 1033static int nfqnl_open(struct inode *inode, struct file *file) 1034{ 1035 struct seq_file *seq; 1036 struct iter_state *is; 1037 int ret; 1038 1039 is = kmalloc(sizeof(*is), GFP_KERNEL); 1040 if (!is) 1041 return -ENOMEM; 1042 memset(is, 0, sizeof(*is)); 1043 ret = seq_open(file, &nfqnl_seq_ops); 1044 if (ret < 0) 1045 goto out_free; 1046 seq = file->private_data; 1047 seq->private = is; 1048 return ret; 1049out_free: 1050 kfree(is); 1051 return ret; 1052} 1053 1054static struct file_operations nfqnl_file_ops = { 1055 .owner = THIS_MODULE, 1056 .open = nfqnl_open, 1057 .read = seq_read, 1058 .llseek = seq_lseek, 1059 .release = seq_release_private, 1060}; 1061 1062#endif /* PROC_FS */ 1063 1064static int 1065init_or_cleanup(int init) 1066{ 1067 int i, status = -ENOMEM; 1068#ifdef CONFIG_PROC_FS 1069 struct proc_dir_entry *proc_nfqueue; 1070#endif 1071 1072 if (!init) 1073 goto cleanup; 1074 1075 for (i = 0; i < INSTANCE_BUCKETS; i++) 1076 INIT_HLIST_HEAD(&instance_table[i]); 1077 1078 netlink_register_notifier(&nfqnl_rtnl_notifier); 1079 status = nfnetlink_subsys_register(&nfqnl_subsys); 1080 if (status < 0) { 1081 printk(KERN_ERR "nf_queue: failed to create netlink socket\n"); 1082 goto cleanup_netlink_notifier; 1083 } 1084 1085#ifdef CONFIG_PROC_FS 1086 proc_nfqueue = create_proc_entry("nfnetlink_queue", 0440, 1087 proc_net_netfilter); 1088 if (!proc_nfqueue) 1089 goto cleanup_subsys; 1090 proc_nfqueue->proc_fops = &nfqnl_file_ops; 1091#endif 1092 1093 register_netdevice_notifier(&nfqnl_dev_notifier); 1094 1095 return status; 1096 1097cleanup: 1098 nf_unregister_queue_handlers(&nfqh); 1099 unregister_netdevice_notifier(&nfqnl_dev_notifier); 1100#ifdef CONFIG_PROC_FS 1101 remove_proc_entry("nfnetlink_queue", proc_net_netfilter); 1102cleanup_subsys: 1103#endif 1104 nfnetlink_subsys_unregister(&nfqnl_subsys); 1105cleanup_netlink_notifier: 1106 netlink_unregister_notifier(&nfqnl_rtnl_notifier); 1107 return status; 1108} 1109 1110static int __init init(void) 1111{ 1112 1113 return init_or_cleanup(1); 1114} 1115 1116static void __exit fini(void) 1117{ 1118 init_or_cleanup(0); 1119} 1120 1121MODULE_DESCRIPTION("netfilter packet queue handler"); 1122MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 1123MODULE_LICENSE("GPL"); 1124MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_QUEUE); 1125 1126module_init(init); 1127module_exit(fini);