tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / netfilter / nfnetlink_queue.c
at v2.6.15-rc4 1122 lines 26 kB view raw
1/* 2 * This is a module which is used for queueing packets and communicating with 3 * userspace via nfetlink. 4 * 5 * (C) 2005 by Harald Welte <laforge@netfilter.org> 6 * 7 * Based on the old ipv4-only ip_queue.c: 8 * (C) 2000-2002 James Morris <jmorris@intercode.com.au> 9 * (C) 2003-2005 Netfilter Core Team <coreteam@netfilter.org> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 * 15 */ 16#include <linux/module.h> 17#include <linux/skbuff.h> 18#include <linux/init.h> 19#include <linux/spinlock.h> 20#include <linux/notifier.h> 21#include <linux/netdevice.h> 22#include <linux/netfilter.h> 23#include <linux/proc_fs.h> 24#include <linux/netfilter_ipv4.h> 25#include <linux/netfilter_ipv6.h> 26#include <linux/netfilter/nfnetlink.h> 27#include <linux/netfilter/nfnetlink_queue.h> 28#include <linux/list.h> 29#include <net/sock.h> 30 31#include <asm/atomic.h> 32 33#ifdef CONFIG_BRIDGE_NETFILTER 34#include "../bridge/br_private.h" 35#endif 36 37#define NFQNL_QMAX_DEFAULT 1024 38 39#if 0 40#define QDEBUG(x, args ...) printk(KERN_DEBUG "%s(%d):%s(): " x, \ 41 __FILE__, __LINE__, __FUNCTION__, \ 42 ## args) 43#else 44#define QDEBUG(x, ...) 45#endif 46 47struct nfqnl_queue_entry { 48 struct list_head list; 49 struct nf_info *info; 50 struct sk_buff *skb; 51 unsigned int id; 52}; 53 54struct nfqnl_instance { 55 struct hlist_node hlist; /* global list of queues */ 56 atomic_t use; 57 58 int peer_pid; 59 unsigned int queue_maxlen; 60 unsigned int copy_range; 61 unsigned int queue_total; 62 unsigned int queue_dropped; 63 unsigned int queue_user_dropped; 64 65 atomic_t id_sequence; /* 'sequence' of pkt ids */ 66 67 u_int16_t queue_num; /* number of this queue */ 68 u_int8_t copy_mode; 69 70 spinlock_t lock; 71 72 struct list_head queue_list; /* packets in queue */ 73}; 74 75typedef int (*nfqnl_cmpfn)(struct nfqnl_queue_entry *, unsigned long); 76 77static DEFINE_RWLOCK(instances_lock); 78 79#define INSTANCE_BUCKETS 16 80static struct hlist_head instance_table[INSTANCE_BUCKETS]; 81 82static inline u_int8_t instance_hashfn(u_int16_t queue_num) 83{ 84 return ((queue_num >> 8) | queue_num) % INSTANCE_BUCKETS; 85} 86 87static struct nfqnl_instance * 88__instance_lookup(u_int16_t queue_num) 89{ 90 struct hlist_head *head; 91 struct hlist_node *pos; 92 struct nfqnl_instance *inst; 93 94 head = &instance_table[instance_hashfn(queue_num)]; 95 hlist_for_each_entry(inst, pos, head, hlist) { 96 if (inst->queue_num == queue_num) 97 return inst; 98 } 99 return NULL; 100} 101 102static struct nfqnl_instance * 103instance_lookup_get(u_int16_t queue_num) 104{ 105 struct nfqnl_instance *inst; 106 107 read_lock_bh(&instances_lock); 108 inst = __instance_lookup(queue_num); 109 if (inst) 110 atomic_inc(&inst->use); 111 read_unlock_bh(&instances_lock); 112 113 return inst; 114} 115 116static void 117instance_put(struct nfqnl_instance *inst) 118{ 119 if (inst && atomic_dec_and_test(&inst->use)) { 120 QDEBUG("kfree(inst=%p)\n", inst); 121 kfree(inst); 122 } 123} 124 125static struct nfqnl_instance * 126instance_create(u_int16_t queue_num, int pid) 127{ 128 struct nfqnl_instance *inst; 129 130 QDEBUG("entering for queue_num=%u, pid=%d\n", queue_num, pid); 131 132 write_lock_bh(&instances_lock); 133 if (__instance_lookup(queue_num)) { 134 inst = NULL; 135 QDEBUG("aborting, instance already exists\n"); 136 goto out_unlock; 137 } 138 139 inst = kzalloc(sizeof(*inst), GFP_ATOMIC); 140 if (!inst) 141 goto out_unlock; 142 143 inst->queue_num = queue_num; 144 inst->peer_pid = pid; 145 inst->queue_maxlen = NFQNL_QMAX_DEFAULT; 146 inst->copy_range = 0xfffff; 147 inst->copy_mode = NFQNL_COPY_NONE; 148 atomic_set(&inst->id_sequence, 0); 149 /* needs to be two, since we _put() after creation */ 150 atomic_set(&inst->use, 2); 151 inst->lock = SPIN_LOCK_UNLOCKED; 152 INIT_LIST_HEAD(&inst->queue_list); 153 154 if (!try_module_get(THIS_MODULE)) 155 goto out_free; 156 157 hlist_add_head(&inst->hlist, 158 &instance_table[instance_hashfn(queue_num)]); 159 160 write_unlock_bh(&instances_lock); 161 162 QDEBUG("successfully created new instance\n"); 163 164 return inst; 165 166out_free: 167 kfree(inst); 168out_unlock: 169 write_unlock_bh(&instances_lock); 170 return NULL; 171} 172 173static void nfqnl_flush(struct nfqnl_instance *queue, int verdict); 174 175static void 176_instance_destroy2(struct nfqnl_instance *inst, int lock) 177{ 178 /* first pull it out of the global list */ 179 if (lock) 180 write_lock_bh(&instances_lock); 181 182 QDEBUG("removing instance %p (queuenum=%u) from hash\n", 183 inst, inst->queue_num); 184 hlist_del(&inst->hlist); 185 186 if (lock) 187 write_unlock_bh(&instances_lock); 188 189 /* then flush all pending skbs from the queue */ 190 nfqnl_flush(inst, NF_DROP); 191 192 /* and finally put the refcount */ 193 instance_put(inst); 194 195 module_put(THIS_MODULE); 196} 197 198static inline void 199__instance_destroy(struct nfqnl_instance *inst) 200{ 201 _instance_destroy2(inst, 0); 202} 203 204static inline void 205instance_destroy(struct nfqnl_instance *inst) 206{ 207 _instance_destroy2(inst, 1); 208} 209 210 211 212static void 213issue_verdict(struct nfqnl_queue_entry *entry, int verdict) 214{ 215 QDEBUG("entering for entry %p, verdict %u\n", entry, verdict); 216 217 /* TCP input path (and probably other bits) assume to be called 218 * from softirq context, not from syscall, like issue_verdict is 219 * called. TCP input path deadlocks with locks taken from timer 220 * softirq, e.g. We therefore emulate this by local_bh_disable() */ 221 222 local_bh_disable(); 223 nf_reinject(entry->skb, entry->info, verdict); 224 local_bh_enable(); 225 226 kfree(entry); 227} 228 229static inline void 230__enqueue_entry(struct nfqnl_instance *queue, 231 struct nfqnl_queue_entry *entry) 232{ 233 list_add(&entry->list, &queue->queue_list); 234 queue->queue_total++; 235} 236 237/* 238 * Find and return a queued entry matched by cmpfn, or return the last 239 * entry if cmpfn is NULL. 240 */ 241static inline struct nfqnl_queue_entry * 242__find_entry(struct nfqnl_instance *queue, nfqnl_cmpfn cmpfn, 243 unsigned long data) 244{ 245 struct list_head *p; 246 247 list_for_each_prev(p, &queue->queue_list) { 248 struct nfqnl_queue_entry *entry = (struct nfqnl_queue_entry *)p; 249 250 if (!cmpfn || cmpfn(entry, data)) 251 return entry; 252 } 253 return NULL; 254} 255 256static inline void 257__dequeue_entry(struct nfqnl_instance *q, struct nfqnl_queue_entry *entry) 258{ 259 list_del(&entry->list); 260 q->queue_total--; 261} 262 263static inline struct nfqnl_queue_entry * 264__find_dequeue_entry(struct nfqnl_instance *queue, 265 nfqnl_cmpfn cmpfn, unsigned long data) 266{ 267 struct nfqnl_queue_entry *entry; 268 269 entry = __find_entry(queue, cmpfn, data); 270 if (entry == NULL) 271 return NULL; 272 273 __dequeue_entry(queue, entry); 274 return entry; 275} 276 277 278static inline void 279__nfqnl_flush(struct nfqnl_instance *queue, int verdict) 280{ 281 struct nfqnl_queue_entry *entry; 282 283 while ((entry = __find_dequeue_entry(queue, NULL, 0))) 284 issue_verdict(entry, verdict); 285} 286 287static inline int 288__nfqnl_set_mode(struct nfqnl_instance *queue, 289 unsigned char mode, unsigned int range) 290{ 291 int status = 0; 292 293 switch (mode) { 294 case NFQNL_COPY_NONE: 295 case NFQNL_COPY_META: 296 queue->copy_mode = mode; 297 queue->copy_range = 0; 298 break; 299 300 case NFQNL_COPY_PACKET: 301 queue->copy_mode = mode; 302 /* we're using struct nfattr which has 16bit nfa_len */ 303 if (range > 0xffff) 304 queue->copy_range = 0xffff; 305 else 306 queue->copy_range = range; 307 break; 308 309 default: 310 status = -EINVAL; 311 312 } 313 return status; 314} 315 316static struct nfqnl_queue_entry * 317find_dequeue_entry(struct nfqnl_instance *queue, 318 nfqnl_cmpfn cmpfn, unsigned long data) 319{ 320 struct nfqnl_queue_entry *entry; 321 322 spin_lock_bh(&queue->lock); 323 entry = __find_dequeue_entry(queue, cmpfn, data); 324 spin_unlock_bh(&queue->lock); 325 326 return entry; 327} 328 329static void 330nfqnl_flush(struct nfqnl_instance *queue, int verdict) 331{ 332 spin_lock_bh(&queue->lock); 333 __nfqnl_flush(queue, verdict); 334 spin_unlock_bh(&queue->lock); 335} 336 337static struct sk_buff * 338nfqnl_build_packet_message(struct nfqnl_instance *queue, 339 struct nfqnl_queue_entry *entry, int *errp) 340{ 341 unsigned char *old_tail; 342 size_t size; 343 size_t data_len = 0; 344 struct sk_buff *skb; 345 struct nfqnl_msg_packet_hdr pmsg; 346 struct nlmsghdr *nlh; 347 struct nfgenmsg *nfmsg; 348 unsigned int tmp_uint; 349 350 QDEBUG("entered\n"); 351 352 /* all macros expand to constant values at compile time */ 353 size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) 354 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ 355 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ 356#ifdef CONFIG_BRIDGE_NETFILTER 357 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ 358 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ 359#endif 360 + NLMSG_SPACE(sizeof(u_int32_t)) /* mark */ 361 + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw)) 362 + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); 363 364 spin_lock_bh(&queue->lock); 365 366 switch (queue->copy_mode) { 367 case NFQNL_COPY_META: 368 case NFQNL_COPY_NONE: 369 data_len = 0; 370 break; 371 372 case NFQNL_COPY_PACKET: 373 if (entry->skb->ip_summed == CHECKSUM_HW && 374 (*errp = skb_checksum_help(entry->skb, 375 entry->info->outdev == NULL))) { 376 spin_unlock_bh(&queue->lock); 377 return NULL; 378 } 379 if (queue->copy_range == 0 380 || queue->copy_range > entry->skb->len) 381 data_len = entry->skb->len; 382 else 383 data_len = queue->copy_range; 384 385 size += NLMSG_SPACE(data_len); 386 break; 387 388 default: 389 *errp = -EINVAL; 390 spin_unlock_bh(&queue->lock); 391 return NULL; 392 } 393 394 spin_unlock_bh(&queue->lock); 395 396 skb = alloc_skb(size, GFP_ATOMIC); 397 if (!skb) 398 goto nlmsg_failure; 399 400 old_tail= skb->tail; 401 nlh = NLMSG_PUT(skb, 0, 0, 402 NFNL_SUBSYS_QUEUE << 8 | NFQNL_MSG_PACKET, 403 sizeof(struct nfgenmsg)); 404 nfmsg = NLMSG_DATA(nlh); 405 nfmsg->nfgen_family = entry->info->pf; 406 nfmsg->version = NFNETLINK_V0; 407 nfmsg->res_id = htons(queue->queue_num); 408 409 pmsg.packet_id = htonl(entry->id); 410 pmsg.hw_protocol = htons(entry->skb->protocol); 411 pmsg.hook = entry->info->hook; 412 413 NFA_PUT(skb, NFQA_PACKET_HDR, sizeof(pmsg), &pmsg); 414 415 if (entry->info->indev) { 416 tmp_uint = htonl(entry->info->indev->ifindex); 417#ifndef CONFIG_BRIDGE_NETFILTER 418 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); 419#else 420 if (entry->info->pf == PF_BRIDGE) { 421 /* Case 1: indev is physical input device, we need to 422 * look for bridge group (when called from 423 * netfilter_bridge) */ 424 NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint), 425 &tmp_uint); 426 /* this is the bridge group "brX" */ 427 tmp_uint = htonl(entry->info->indev->br_port->br->dev->ifindex); 428 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), 429 &tmp_uint); 430 } else { 431 /* Case 2: indev is bridge group, we need to look for 432 * physical device (when called from ipv4) */ 433 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), 434 &tmp_uint); 435 if (entry->skb->nf_bridge 436 && entry->skb->nf_bridge->physindev) { 437 tmp_uint = htonl(entry->skb->nf_bridge->physindev->ifindex); 438 NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, 439 sizeof(tmp_uint), &tmp_uint); 440 } 441 } 442#endif 443 } 444 445 if (entry->info->outdev) { 446 tmp_uint = htonl(entry->info->outdev->ifindex); 447#ifndef CONFIG_BRIDGE_NETFILTER 448 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); 449#else 450 if (entry->info->pf == PF_BRIDGE) { 451 /* Case 1: outdev is physical output device, we need to 452 * look for bridge group (when called from 453 * netfilter_bridge) */ 454 NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint), 455 &tmp_uint); 456 /* this is the bridge group "brX" */ 457 tmp_uint = htonl(entry->info->outdev->br_port->br->dev->ifindex); 458 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), 459 &tmp_uint); 460 } else { 461 /* Case 2: outdev is bridge group, we need to look for 462 * physical output device (when called from ipv4) */ 463 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), 464 &tmp_uint); 465 if (entry->skb->nf_bridge 466 && entry->skb->nf_bridge->physoutdev) { 467 tmp_uint = htonl(entry->skb->nf_bridge->physoutdev->ifindex); 468 NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, 469 sizeof(tmp_uint), &tmp_uint); 470 } 471 } 472#endif 473 } 474 475 if (entry->skb->nfmark) { 476 tmp_uint = htonl(entry->skb->nfmark); 477 NFA_PUT(skb, NFQA_MARK, sizeof(u_int32_t), &tmp_uint); 478 } 479 480 if (entry->info->indev && entry->skb->dev 481 && entry->skb->dev->hard_header_parse) { 482 struct nfqnl_msg_packet_hw phw; 483 484 phw.hw_addrlen = 485 entry->skb->dev->hard_header_parse(entry->skb, 486 phw.hw_addr); 487 phw.hw_addrlen = htons(phw.hw_addrlen); 488 NFA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw); 489 } 490 491 if (entry->skb->tstamp.off_sec) { 492 struct nfqnl_msg_packet_timestamp ts; 493 494 ts.sec = cpu_to_be64(entry->skb->tstamp.off_sec); 495 ts.usec = cpu_to_be64(entry->skb->tstamp.off_usec); 496 497 NFA_PUT(skb, NFQA_TIMESTAMP, sizeof(ts), &ts); 498 } 499 500 if (data_len) { 501 struct nfattr *nfa; 502 int size = NFA_LENGTH(data_len); 503 504 if (skb_tailroom(skb) < (int)NFA_SPACE(data_len)) { 505 printk(KERN_WARNING "nf_queue: no tailroom!\n"); 506 goto nlmsg_failure; 507 } 508 509 nfa = (struct nfattr *)skb_put(skb, NFA_ALIGN(size)); 510 nfa->nfa_type = NFQA_PAYLOAD; 511 nfa->nfa_len = size; 512 513 if (skb_copy_bits(entry->skb, 0, NFA_DATA(nfa), data_len)) 514 BUG(); 515 } 516 517 nlh->nlmsg_len = skb->tail - old_tail; 518 return skb; 519 520nlmsg_failure: 521nfattr_failure: 522 if (skb) 523 kfree_skb(skb); 524 *errp = -EINVAL; 525 if (net_ratelimit()) 526 printk(KERN_ERR "nf_queue: error creating packet message\n"); 527 return NULL; 528} 529 530static int 531nfqnl_enqueue_packet(struct sk_buff *skb, struct nf_info *info, 532 unsigned int queuenum, void *data) 533{ 534 int status = -EINVAL; 535 struct sk_buff *nskb; 536 struct nfqnl_instance *queue; 537 struct nfqnl_queue_entry *entry; 538 539 QDEBUG("entered\n"); 540 541 queue = instance_lookup_get(queuenum); 542 if (!queue) { 543 QDEBUG("no queue instance matching\n"); 544 return -EINVAL; 545 } 546 547 if (queue->copy_mode == NFQNL_COPY_NONE) { 548 QDEBUG("mode COPY_NONE, aborting\n"); 549 status = -EAGAIN; 550 goto err_out_put; 551 } 552 553 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 554 if (entry == NULL) { 555 if (net_ratelimit()) 556 printk(KERN_ERR 557 "nf_queue: OOM in nfqnl_enqueue_packet()\n"); 558 status = -ENOMEM; 559 goto err_out_put; 560 } 561 562 entry->info = info; 563 entry->skb = skb; 564 entry->id = atomic_inc_return(&queue->id_sequence); 565 566 nskb = nfqnl_build_packet_message(queue, entry, &status); 567 if (nskb == NULL) 568 goto err_out_free; 569 570 spin_lock_bh(&queue->lock); 571 572 if (!queue->peer_pid) 573 goto err_out_free_nskb; 574 575 if (queue->queue_total >= queue->queue_maxlen) { 576 queue->queue_dropped++; 577 status = -ENOSPC; 578 if (net_ratelimit()) 579 printk(KERN_WARNING "ip_queue: full at %d entries, " 580 "dropping packets(s). Dropped: %d\n", 581 queue->queue_total, queue->queue_dropped); 582 goto err_out_free_nskb; 583 } 584 585 /* nfnetlink_unicast will either free the nskb or add it to a socket */ 586 status = nfnetlink_unicast(nskb, queue->peer_pid, MSG_DONTWAIT); 587 if (status < 0) { 588 queue->queue_user_dropped++; 589 goto err_out_unlock; 590 } 591 592 __enqueue_entry(queue, entry); 593 594 spin_unlock_bh(&queue->lock); 595 instance_put(queue); 596 return status; 597 598err_out_free_nskb: 599 kfree_skb(nskb); 600 601err_out_unlock: 602 spin_unlock_bh(&queue->lock); 603 604err_out_free: 605 kfree(entry); 606err_out_put: 607 instance_put(queue); 608 return status; 609} 610 611static int 612nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) 613{ 614 int diff; 615 616 diff = data_len - e->skb->len; 617 if (diff < 0) 618 skb_trim(e->skb, data_len); 619 else if (diff > 0) { 620 if (data_len > 0xFFFF) 621 return -EINVAL; 622 if (diff > skb_tailroom(e->skb)) { 623 struct sk_buff *newskb; 624 625 newskb = skb_copy_expand(e->skb, 626 skb_headroom(e->skb), 627 diff, 628 GFP_ATOMIC); 629 if (newskb == NULL) { 630 printk(KERN_WARNING "ip_queue: OOM " 631 "in mangle, dropping packet\n"); 632 return -ENOMEM; 633 } 634 if (e->skb->sk) 635 skb_set_owner_w(newskb, e->skb->sk); 636 kfree_skb(e->skb); 637 e->skb = newskb; 638 } 639 skb_put(e->skb, diff); 640 } 641 if (!skb_make_writable(&e->skb, data_len)) 642 return -ENOMEM; 643 memcpy(e->skb->data, data, data_len); 644 e->skb->ip_summed = CHECKSUM_NONE; 645 return 0; 646} 647 648static inline int 649id_cmp(struct nfqnl_queue_entry *e, unsigned long id) 650{ 651 return (id == e->id); 652} 653 654static int 655nfqnl_set_mode(struct nfqnl_instance *queue, 656 unsigned char mode, unsigned int range) 657{ 658 int status; 659 660 spin_lock_bh(&queue->lock); 661 status = __nfqnl_set_mode(queue, mode, range); 662 spin_unlock_bh(&queue->lock); 663 664 return status; 665} 666 667static int 668dev_cmp(struct nfqnl_queue_entry *entry, unsigned long ifindex) 669{ 670 if (entry->info->indev) 671 if (entry->info->indev->ifindex == ifindex) 672 return 1; 673 674 if (entry->info->outdev) 675 if (entry->info->outdev->ifindex == ifindex) 676 return 1; 677 678 return 0; 679} 680 681/* drop all packets with either indev or outdev == ifindex from all queue 682 * instances */ 683static void 684nfqnl_dev_drop(int ifindex) 685{ 686 int i; 687 688 QDEBUG("entering for ifindex %u\n", ifindex); 689 690 /* this only looks like we have to hold the readlock for a way too long 691 * time, issue_verdict(), nf_reinject(), ... - but we always only 692 * issue NF_DROP, which is processed directly in nf_reinject() */ 693 read_lock_bh(&instances_lock); 694 695 for (i = 0; i < INSTANCE_BUCKETS; i++) { 696 struct hlist_node *tmp; 697 struct nfqnl_instance *inst; 698 struct hlist_head *head = &instance_table[i]; 699 700 hlist_for_each_entry(inst, tmp, head, hlist) { 701 struct nfqnl_queue_entry *entry; 702 while ((entry = find_dequeue_entry(inst, dev_cmp, 703 ifindex)) != NULL) 704 issue_verdict(entry, NF_DROP); 705 } 706 } 707 708 read_unlock_bh(&instances_lock); 709} 710 711#define RCV_SKB_FAIL(err) do { netlink_ack(skb, nlh, (err)); return; } while (0) 712 713static int 714nfqnl_rcv_dev_event(struct notifier_block *this, 715 unsigned long event, void *ptr) 716{ 717 struct net_device *dev = ptr; 718 719 /* Drop any packets associated with the downed device */ 720 if (event == NETDEV_DOWN) 721 nfqnl_dev_drop(dev->ifindex); 722 return NOTIFY_DONE; 723} 724 725static struct notifier_block nfqnl_dev_notifier = { 726 .notifier_call = nfqnl_rcv_dev_event, 727}; 728 729static int 730nfqnl_rcv_nl_event(struct notifier_block *this, 731 unsigned long event, void *ptr) 732{ 733 struct netlink_notify *n = ptr; 734 735 if (event == NETLINK_URELEASE && 736 n->protocol == NETLINK_NETFILTER && n->pid) { 737 int i; 738 739 /* destroy all instances for this pid */ 740 write_lock_bh(&instances_lock); 741 for (i = 0; i < INSTANCE_BUCKETS; i++) { 742 struct hlist_node *tmp, *t2; 743 struct nfqnl_instance *inst; 744 struct hlist_head *head = &instance_table[i]; 745 746 hlist_for_each_entry_safe(inst, tmp, t2, head, hlist) { 747 if (n->pid == inst->peer_pid) 748 __instance_destroy(inst); 749 } 750 } 751 write_unlock_bh(&instances_lock); 752 } 753 return NOTIFY_DONE; 754} 755 756static struct notifier_block nfqnl_rtnl_notifier = { 757 .notifier_call = nfqnl_rcv_nl_event, 758}; 759 760static const int nfqa_verdict_min[NFQA_MAX] = { 761 [NFQA_VERDICT_HDR-1] = sizeof(struct nfqnl_msg_verdict_hdr), 762 [NFQA_MARK-1] = sizeof(u_int32_t), 763 [NFQA_PAYLOAD-1] = 0, 764}; 765 766static int 767nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb, 768 struct nlmsghdr *nlh, struct nfattr *nfqa[], int *errp) 769{ 770 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); 771 u_int16_t queue_num = ntohs(nfmsg->res_id); 772 773 struct nfqnl_msg_verdict_hdr *vhdr; 774 struct nfqnl_instance *queue; 775 unsigned int verdict; 776 struct nfqnl_queue_entry *entry; 777 int err; 778 779 if (nfattr_bad_size(nfqa, NFQA_MAX, nfqa_verdict_min)) { 780 QDEBUG("bad attribute size\n"); 781 return -EINVAL; 782 } 783 784 queue = instance_lookup_get(queue_num); 785 if (!queue) 786 return -ENODEV; 787 788 if (queue->peer_pid != NETLINK_CB(skb).pid) { 789 err = -EPERM; 790 goto err_out_put; 791 } 792 793 if (!nfqa[NFQA_VERDICT_HDR-1]) { 794 err = -EINVAL; 795 goto err_out_put; 796 } 797 798 vhdr = NFA_DATA(nfqa[NFQA_VERDICT_HDR-1]); 799 verdict = ntohl(vhdr->verdict); 800 801 if ((verdict & NF_VERDICT_MASK) > NF_MAX_VERDICT) { 802 err = -EINVAL; 803 goto err_out_put; 804 } 805 806 entry = find_dequeue_entry(queue, id_cmp, ntohl(vhdr->id)); 807 if (entry == NULL) { 808 err = -ENOENT; 809 goto err_out_put; 810 } 811 812 if (nfqa[NFQA_PAYLOAD-1]) { 813 if (nfqnl_mangle(NFA_DATA(nfqa[NFQA_PAYLOAD-1]), 814 NFA_PAYLOAD(nfqa[NFQA_PAYLOAD-1]), entry) < 0) 815 verdict = NF_DROP; 816 } 817 818 if (nfqa[NFQA_MARK-1]) 819 skb->nfmark = ntohl(*(u_int32_t *)NFA_DATA(nfqa[NFQA_MARK-1])); 820 821 issue_verdict(entry, verdict); 822 instance_put(queue); 823 return 0; 824 825err_out_put: 826 instance_put(queue); 827 return err; 828} 829 830static int 831nfqnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb, 832 struct nlmsghdr *nlh, struct nfattr *nfqa[], int *errp) 833{ 834 return -ENOTSUPP; 835} 836 837static const int nfqa_cfg_min[NFQA_CFG_MAX] = { 838 [NFQA_CFG_CMD-1] = sizeof(struct nfqnl_msg_config_cmd), 839 [NFQA_CFG_PARAMS-1] = sizeof(struct nfqnl_msg_config_params), 840}; 841 842static struct nf_queue_handler nfqh = { 843 .name = "nf_queue", 844 .outfn = &nfqnl_enqueue_packet, 845}; 846 847static int 848nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb, 849 struct nlmsghdr *nlh, struct nfattr *nfqa[], int *errp) 850{ 851 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); 852 u_int16_t queue_num = ntohs(nfmsg->res_id); 853 struct nfqnl_instance *queue; 854 int ret = 0; 855 856 QDEBUG("entering for msg %u\n", NFNL_MSG_TYPE(nlh->nlmsg_type)); 857 858 if (nfattr_bad_size(nfqa, NFQA_CFG_MAX, nfqa_cfg_min)) { 859 QDEBUG("bad attribute size\n"); 860 return -EINVAL; 861 } 862 863 queue = instance_lookup_get(queue_num); 864 if (nfqa[NFQA_CFG_CMD-1]) { 865 struct nfqnl_msg_config_cmd *cmd; 866 cmd = NFA_DATA(nfqa[NFQA_CFG_CMD-1]); 867 QDEBUG("found CFG_CMD\n"); 868 869 switch (cmd->command) { 870 case NFQNL_CFG_CMD_BIND: 871 if (queue) 872 return -EBUSY; 873 874 queue = instance_create(queue_num, NETLINK_CB(skb).pid); 875 if (!queue) 876 return -EINVAL; 877 break; 878 case NFQNL_CFG_CMD_UNBIND: 879 if (!queue) 880 return -ENODEV; 881 882 if (queue->peer_pid != NETLINK_CB(skb).pid) { 883 ret = -EPERM; 884 goto out_put; 885 } 886 887 instance_destroy(queue); 888 break; 889 case NFQNL_CFG_CMD_PF_BIND: 890 QDEBUG("registering queue handler for pf=%u\n", 891 ntohs(cmd->pf)); 892 ret = nf_register_queue_handler(ntohs(cmd->pf), &nfqh); 893 break; 894 case NFQNL_CFG_CMD_PF_UNBIND: 895 QDEBUG("unregistering queue handler for pf=%u\n", 896 ntohs(cmd->pf)); 897 /* This is a bug and a feature. We can unregister 898 * other handlers(!) */ 899 ret = nf_unregister_queue_handler(ntohs(cmd->pf)); 900 break; 901 default: 902 ret = -EINVAL; 903 break; 904 } 905 } else { 906 if (!queue) { 907 QDEBUG("no config command, and no instance ENOENT\n"); 908 ret = -ENOENT; 909 goto out_put; 910 } 911 912 if (queue->peer_pid != NETLINK_CB(skb).pid) { 913 QDEBUG("no config command, and wrong pid\n"); 914 ret = -EPERM; 915 goto out_put; 916 } 917 } 918 919 if (nfqa[NFQA_CFG_PARAMS-1]) { 920 struct nfqnl_msg_config_params *params; 921 params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]); 922 923 nfqnl_set_mode(queue, params->copy_mode, 924 ntohl(params->copy_range)); 925 } 926 927out_put: 928 instance_put(queue); 929 return ret; 930} 931 932static struct nfnl_callback nfqnl_cb[NFQNL_MSG_MAX] = { 933 [NFQNL_MSG_PACKET] = { .call = nfqnl_recv_unsupp, 934 .attr_count = NFQA_MAX, }, 935 [NFQNL_MSG_VERDICT] = { .call = nfqnl_recv_verdict, 936 .attr_count = NFQA_MAX, }, 937 [NFQNL_MSG_CONFIG] = { .call = nfqnl_recv_config, 938 .attr_count = NFQA_CFG_MAX, }, 939}; 940 941static struct nfnetlink_subsystem nfqnl_subsys = { 942 .name = "nf_queue", 943 .subsys_id = NFNL_SUBSYS_QUEUE, 944 .cb_count = NFQNL_MSG_MAX, 945 .cb = nfqnl_cb, 946}; 947 948#ifdef CONFIG_PROC_FS 949struct iter_state { 950 unsigned int bucket; 951}; 952 953static struct hlist_node *get_first(struct seq_file *seq) 954{ 955 struct iter_state *st = seq->private; 956 957 if (!st) 958 return NULL; 959 960 for (st->bucket = 0; st->bucket < INSTANCE_BUCKETS; st->bucket++) { 961 if (!hlist_empty(&instance_table[st->bucket])) 962 return instance_table[st->bucket].first; 963 } 964 return NULL; 965} 966 967static struct hlist_node *get_next(struct seq_file *seq, struct hlist_node *h) 968{ 969 struct iter_state *st = seq->private; 970 971 h = h->next; 972 while (!h) { 973 if (++st->bucket >= INSTANCE_BUCKETS) 974 return NULL; 975 976 h = instance_table[st->bucket].first; 977 } 978 return h; 979} 980 981static struct hlist_node *get_idx(struct seq_file *seq, loff_t pos) 982{ 983 struct hlist_node *head; 984 head = get_first(seq); 985 986 if (head) 987 while (pos && (head = get_next(seq, head))) 988 pos--; 989 return pos ? NULL : head; 990} 991 992static void *seq_start(struct seq_file *seq, loff_t *pos) 993{ 994 read_lock_bh(&instances_lock); 995 return get_idx(seq, *pos); 996} 997 998static void *seq_next(struct seq_file *s, void *v, loff_t *pos) 999{ 1000 (*pos)++; 1001 return get_next(s, v); 1002} 1003 1004static void seq_stop(struct seq_file *s, void *v) 1005{ 1006 read_unlock_bh(&instances_lock); 1007} 1008 1009static int seq_show(struct seq_file *s, void *v) 1010{ 1011 const struct nfqnl_instance *inst = v; 1012 1013 return seq_printf(s, "%5d %6d %5d %1d %5d %5d %5d %8d %2d\n", 1014 inst->queue_num, 1015 inst->peer_pid, inst->queue_total, 1016 inst->copy_mode, inst->copy_range, 1017 inst->queue_dropped, inst->queue_user_dropped, 1018 atomic_read(&inst->id_sequence), 1019 atomic_read(&inst->use)); 1020} 1021 1022static struct seq_operations nfqnl_seq_ops = { 1023 .start = seq_start, 1024 .next = seq_next, 1025 .stop = seq_stop, 1026 .show = seq_show, 1027}; 1028 1029static int nfqnl_open(struct inode *inode, struct file *file) 1030{ 1031 struct seq_file *seq; 1032 struct iter_state *is; 1033 int ret; 1034 1035 is = kzalloc(sizeof(*is), GFP_KERNEL); 1036 if (!is) 1037 return -ENOMEM; 1038 ret = seq_open(file, &nfqnl_seq_ops); 1039 if (ret < 0) 1040 goto out_free; 1041 seq = file->private_data; 1042 seq->private = is; 1043 return ret; 1044out_free: 1045 kfree(is); 1046 return ret; 1047} 1048 1049static struct file_operations nfqnl_file_ops = { 1050 .owner = THIS_MODULE, 1051 .open = nfqnl_open, 1052 .read = seq_read, 1053 .llseek = seq_lseek, 1054 .release = seq_release_private, 1055}; 1056 1057#endif /* PROC_FS */ 1058 1059static int 1060init_or_cleanup(int init) 1061{ 1062 int i, status = -ENOMEM; 1063#ifdef CONFIG_PROC_FS 1064 struct proc_dir_entry *proc_nfqueue; 1065#endif 1066 1067 if (!init) 1068 goto cleanup; 1069 1070 for (i = 0; i < INSTANCE_BUCKETS; i++) 1071 INIT_HLIST_HEAD(&instance_table[i]); 1072 1073 netlink_register_notifier(&nfqnl_rtnl_notifier); 1074 status = nfnetlink_subsys_register(&nfqnl_subsys); 1075 if (status < 0) { 1076 printk(KERN_ERR "nf_queue: failed to create netlink socket\n"); 1077 goto cleanup_netlink_notifier; 1078 } 1079 1080#ifdef CONFIG_PROC_FS 1081 proc_nfqueue = create_proc_entry("nfnetlink_queue", 0440, 1082 proc_net_netfilter); 1083 if (!proc_nfqueue) 1084 goto cleanup_subsys; 1085 proc_nfqueue->proc_fops = &nfqnl_file_ops; 1086#endif 1087 1088 register_netdevice_notifier(&nfqnl_dev_notifier); 1089 1090 return status; 1091 1092cleanup: 1093 nf_unregister_queue_handlers(&nfqh); 1094 unregister_netdevice_notifier(&nfqnl_dev_notifier); 1095#ifdef CONFIG_PROC_FS 1096 remove_proc_entry("nfnetlink_queue", proc_net_netfilter); 1097cleanup_subsys: 1098#endif 1099 nfnetlink_subsys_unregister(&nfqnl_subsys); 1100cleanup_netlink_notifier: 1101 netlink_unregister_notifier(&nfqnl_rtnl_notifier); 1102 return status; 1103} 1104 1105static int __init init(void) 1106{ 1107 1108 return init_or_cleanup(1); 1109} 1110 1111static void __exit fini(void) 1112{ 1113 init_or_cleanup(0); 1114} 1115 1116MODULE_DESCRIPTION("netfilter packet queue handler"); 1117MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 1118MODULE_LICENSE("GPL"); 1119MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_QUEUE); 1120 1121module_init(init); 1122module_exit(fini);