tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / netfilter / nfnetlink_queue.c
at v2.6.24-rc3 1116 lines 26 kB view raw
1/* 2 * This is a module which is used for queueing packets and communicating with 3 * userspace via nfetlink. 4 * 5 * (C) 2005 by Harald Welte <laforge@netfilter.org> 6 * 7 * Based on the old ipv4-only ip_queue.c: 8 * (C) 2000-2002 James Morris <jmorris@intercode.com.au> 9 * (C) 2003-2005 Netfilter Core Team <coreteam@netfilter.org> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 * 15 */ 16#include <linux/module.h> 17#include <linux/skbuff.h> 18#include <linux/init.h> 19#include <linux/spinlock.h> 20#include <linux/notifier.h> 21#include <linux/netdevice.h> 22#include <linux/netfilter.h> 23#include <linux/proc_fs.h> 24#include <linux/netfilter_ipv4.h> 25#include <linux/netfilter_ipv6.h> 26#include <linux/netfilter/nfnetlink.h> 27#include <linux/netfilter/nfnetlink_queue.h> 28#include <linux/list.h> 29#include <net/sock.h> 30 31#include <asm/atomic.h> 32 33#ifdef CONFIG_BRIDGE_NETFILTER 34#include "../bridge/br_private.h" 35#endif 36 37#define NFQNL_QMAX_DEFAULT 1024 38 39#if 0 40#define QDEBUG(x, args ...) printk(KERN_DEBUG "%s(%d):%s(): " x, \ 41 __FILE__, __LINE__, __FUNCTION__, \ 42 ## args) 43#else 44#define QDEBUG(x, ...) 45#endif 46 47struct nfqnl_queue_entry { 48 struct list_head list; 49 struct nf_info *info; 50 struct sk_buff *skb; 51 unsigned int id; 52}; 53 54struct nfqnl_instance { 55 struct hlist_node hlist; /* global list of queues */ 56 atomic_t use; 57 58 int peer_pid; 59 unsigned int queue_maxlen; 60 unsigned int copy_range; 61 unsigned int queue_total; 62 unsigned int queue_dropped; 63 unsigned int queue_user_dropped; 64 65 atomic_t id_sequence; /* 'sequence' of pkt ids */ 66 67 u_int16_t queue_num; /* number of this queue */ 68 u_int8_t copy_mode; 69 70 spinlock_t lock; 71 72 struct list_head queue_list; /* packets in queue */ 73}; 74 75typedef int (*nfqnl_cmpfn)(struct nfqnl_queue_entry *, unsigned long); 76 77static DEFINE_RWLOCK(instances_lock); 78 79#define INSTANCE_BUCKETS 16 80static struct hlist_head instance_table[INSTANCE_BUCKETS]; 81 82static inline u_int8_t instance_hashfn(u_int16_t queue_num) 83{ 84 return ((queue_num >> 8) | queue_num) % INSTANCE_BUCKETS; 85} 86 87static struct nfqnl_instance * 88__instance_lookup(u_int16_t queue_num) 89{ 90 struct hlist_head *head; 91 struct hlist_node *pos; 92 struct nfqnl_instance *inst; 93 94 head = &instance_table[instance_hashfn(queue_num)]; 95 hlist_for_each_entry(inst, pos, head, hlist) { 96 if (inst->queue_num == queue_num) 97 return inst; 98 } 99 return NULL; 100} 101 102static struct nfqnl_instance * 103instance_lookup_get(u_int16_t queue_num) 104{ 105 struct nfqnl_instance *inst; 106 107 read_lock_bh(&instances_lock); 108 inst = __instance_lookup(queue_num); 109 if (inst) 110 atomic_inc(&inst->use); 111 read_unlock_bh(&instances_lock); 112 113 return inst; 114} 115 116static void 117instance_put(struct nfqnl_instance *inst) 118{ 119 if (inst && atomic_dec_and_test(&inst->use)) { 120 QDEBUG("kfree(inst=%p)\n", inst); 121 kfree(inst); 122 } 123} 124 125static struct nfqnl_instance * 126instance_create(u_int16_t queue_num, int pid) 127{ 128 struct nfqnl_instance *inst; 129 130 QDEBUG("entering for queue_num=%u, pid=%d\n", queue_num, pid); 131 132 write_lock_bh(&instances_lock); 133 if (__instance_lookup(queue_num)) { 134 inst = NULL; 135 QDEBUG("aborting, instance already exists\n"); 136 goto out_unlock; 137 } 138 139 inst = kzalloc(sizeof(*inst), GFP_ATOMIC); 140 if (!inst) 141 goto out_unlock; 142 143 inst->queue_num = queue_num; 144 inst->peer_pid = pid; 145 inst->queue_maxlen = NFQNL_QMAX_DEFAULT; 146 inst->copy_range = 0xfffff; 147 inst->copy_mode = NFQNL_COPY_NONE; 148 atomic_set(&inst->id_sequence, 0); 149 /* needs to be two, since we _put() after creation */ 150 atomic_set(&inst->use, 2); 151 spin_lock_init(&inst->lock); 152 INIT_LIST_HEAD(&inst->queue_list); 153 154 if (!try_module_get(THIS_MODULE)) 155 goto out_free; 156 157 hlist_add_head(&inst->hlist, 158 &instance_table[instance_hashfn(queue_num)]); 159 160 write_unlock_bh(&instances_lock); 161 162 QDEBUG("successfully created new instance\n"); 163 164 return inst; 165 166out_free: 167 kfree(inst); 168out_unlock: 169 write_unlock_bh(&instances_lock); 170 return NULL; 171} 172 173static void nfqnl_flush(struct nfqnl_instance *queue, int verdict); 174 175static void 176_instance_destroy2(struct nfqnl_instance *inst, int lock) 177{ 178 /* first pull it out of the global list */ 179 if (lock) 180 write_lock_bh(&instances_lock); 181 182 QDEBUG("removing instance %p (queuenum=%u) from hash\n", 183 inst, inst->queue_num); 184 hlist_del(&inst->hlist); 185 186 if (lock) 187 write_unlock_bh(&instances_lock); 188 189 /* then flush all pending skbs from the queue */ 190 nfqnl_flush(inst, NF_DROP); 191 192 /* and finally put the refcount */ 193 instance_put(inst); 194 195 module_put(THIS_MODULE); 196} 197 198static inline void 199__instance_destroy(struct nfqnl_instance *inst) 200{ 201 _instance_destroy2(inst, 0); 202} 203 204static inline void 205instance_destroy(struct nfqnl_instance *inst) 206{ 207 _instance_destroy2(inst, 1); 208} 209 210 211 212static void 213issue_verdict(struct nfqnl_queue_entry *entry, int verdict) 214{ 215 QDEBUG("entering for entry %p, verdict %u\n", entry, verdict); 216 217 /* TCP input path (and probably other bits) assume to be called 218 * from softirq context, not from syscall, like issue_verdict is 219 * called. TCP input path deadlocks with locks taken from timer 220 * softirq, e.g. We therefore emulate this by local_bh_disable() */ 221 222 local_bh_disable(); 223 nf_reinject(entry->skb, entry->info, verdict); 224 local_bh_enable(); 225 226 kfree(entry); 227} 228 229static inline void 230__enqueue_entry(struct nfqnl_instance *queue, 231 struct nfqnl_queue_entry *entry) 232{ 233 list_add(&entry->list, &queue->queue_list); 234 queue->queue_total++; 235} 236 237/* 238 * Find and return a queued entry matched by cmpfn, or return the last 239 * entry if cmpfn is NULL. 240 */ 241static inline struct nfqnl_queue_entry * 242__find_entry(struct nfqnl_instance *queue, nfqnl_cmpfn cmpfn, 243 unsigned long data) 244{ 245 struct list_head *p; 246 247 list_for_each_prev(p, &queue->queue_list) { 248 struct nfqnl_queue_entry *entry = (struct nfqnl_queue_entry *)p; 249 250 if (!cmpfn || cmpfn(entry, data)) 251 return entry; 252 } 253 return NULL; 254} 255 256static inline void 257__dequeue_entry(struct nfqnl_instance *q, struct nfqnl_queue_entry *entry) 258{ 259 list_del(&entry->list); 260 q->queue_total--; 261} 262 263static inline struct nfqnl_queue_entry * 264__find_dequeue_entry(struct nfqnl_instance *queue, 265 nfqnl_cmpfn cmpfn, unsigned long data) 266{ 267 struct nfqnl_queue_entry *entry; 268 269 entry = __find_entry(queue, cmpfn, data); 270 if (entry == NULL) 271 return NULL; 272 273 __dequeue_entry(queue, entry); 274 return entry; 275} 276 277 278static inline void 279__nfqnl_flush(struct nfqnl_instance *queue, int verdict) 280{ 281 struct nfqnl_queue_entry *entry; 282 283 while ((entry = __find_dequeue_entry(queue, NULL, 0))) 284 issue_verdict(entry, verdict); 285} 286 287static inline int 288__nfqnl_set_mode(struct nfqnl_instance *queue, 289 unsigned char mode, unsigned int range) 290{ 291 int status = 0; 292 293 switch (mode) { 294 case NFQNL_COPY_NONE: 295 case NFQNL_COPY_META: 296 queue->copy_mode = mode; 297 queue->copy_range = 0; 298 break; 299 300 case NFQNL_COPY_PACKET: 301 queue->copy_mode = mode; 302 /* we're using struct nlattr which has 16bit nla_len */ 303 if (range > 0xffff) 304 queue->copy_range = 0xffff; 305 else 306 queue->copy_range = range; 307 break; 308 309 default: 310 status = -EINVAL; 311 312 } 313 return status; 314} 315 316static struct nfqnl_queue_entry * 317find_dequeue_entry(struct nfqnl_instance *queue, 318 nfqnl_cmpfn cmpfn, unsigned long data) 319{ 320 struct nfqnl_queue_entry *entry; 321 322 spin_lock_bh(&queue->lock); 323 entry = __find_dequeue_entry(queue, cmpfn, data); 324 spin_unlock_bh(&queue->lock); 325 326 return entry; 327} 328 329static void 330nfqnl_flush(struct nfqnl_instance *queue, int verdict) 331{ 332 spin_lock_bh(&queue->lock); 333 __nfqnl_flush(queue, verdict); 334 spin_unlock_bh(&queue->lock); 335} 336 337static struct sk_buff * 338nfqnl_build_packet_message(struct nfqnl_instance *queue, 339 struct nfqnl_queue_entry *entry, int *errp) 340{ 341 sk_buff_data_t old_tail; 342 size_t size; 343 size_t data_len = 0; 344 struct sk_buff *skb; 345 struct nfqnl_msg_packet_hdr pmsg; 346 struct nlmsghdr *nlh; 347 struct nfgenmsg *nfmsg; 348 struct nf_info *entinf = entry->info; 349 struct sk_buff *entskb = entry->skb; 350 struct net_device *indev; 351 struct net_device *outdev; 352 __be32 tmp_uint; 353 354 QDEBUG("entered\n"); 355 356 size = NLMSG_ALIGN(sizeof(struct nfgenmsg)) 357 + nla_total_size(sizeof(struct nfqnl_msg_packet_hdr)) 358 + nla_total_size(sizeof(u_int32_t)) /* ifindex */ 359 + nla_total_size(sizeof(u_int32_t)) /* ifindex */ 360#ifdef CONFIG_BRIDGE_NETFILTER 361 + nla_total_size(sizeof(u_int32_t)) /* ifindex */ 362 + nla_total_size(sizeof(u_int32_t)) /* ifindex */ 363#endif 364 + nla_total_size(sizeof(u_int32_t)) /* mark */ 365 + nla_total_size(sizeof(struct nfqnl_msg_packet_hw)) 366 + nla_total_size(sizeof(struct nfqnl_msg_packet_timestamp)); 367 368 outdev = entinf->outdev; 369 370 spin_lock_bh(&queue->lock); 371 372 switch (queue->copy_mode) { 373 case NFQNL_COPY_META: 374 case NFQNL_COPY_NONE: 375 data_len = 0; 376 break; 377 378 case NFQNL_COPY_PACKET: 379 if ((entskb->ip_summed == CHECKSUM_PARTIAL || 380 entskb->ip_summed == CHECKSUM_COMPLETE) && 381 (*errp = skb_checksum_help(entskb))) { 382 spin_unlock_bh(&queue->lock); 383 return NULL; 384 } 385 if (queue->copy_range == 0 386 || queue->copy_range > entskb->len) 387 data_len = entskb->len; 388 else 389 data_len = queue->copy_range; 390 391 size += nla_total_size(data_len); 392 break; 393 394 default: 395 *errp = -EINVAL; 396 spin_unlock_bh(&queue->lock); 397 return NULL; 398 } 399 400 spin_unlock_bh(&queue->lock); 401 402 skb = alloc_skb(size, GFP_ATOMIC); 403 if (!skb) 404 goto nlmsg_failure; 405 406 old_tail = skb->tail; 407 nlh = NLMSG_PUT(skb, 0, 0, 408 NFNL_SUBSYS_QUEUE << 8 | NFQNL_MSG_PACKET, 409 sizeof(struct nfgenmsg)); 410 nfmsg = NLMSG_DATA(nlh); 411 nfmsg->nfgen_family = entinf->pf; 412 nfmsg->version = NFNETLINK_V0; 413 nfmsg->res_id = htons(queue->queue_num); 414 415 pmsg.packet_id = htonl(entry->id); 416 pmsg.hw_protocol = entskb->protocol; 417 pmsg.hook = entinf->hook; 418 419 NLA_PUT(skb, NFQA_PACKET_HDR, sizeof(pmsg), &pmsg); 420 421 indev = entinf->indev; 422 if (indev) { 423 tmp_uint = htonl(indev->ifindex); 424#ifndef CONFIG_BRIDGE_NETFILTER 425 NLA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); 426#else 427 if (entinf->pf == PF_BRIDGE) { 428 /* Case 1: indev is physical input device, we need to 429 * look for bridge group (when called from 430 * netfilter_bridge) */ 431 NLA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint), 432 &tmp_uint); 433 /* this is the bridge group "brX" */ 434 tmp_uint = htonl(indev->br_port->br->dev->ifindex); 435 NLA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), 436 &tmp_uint); 437 } else { 438 /* Case 2: indev is bridge group, we need to look for 439 * physical device (when called from ipv4) */ 440 NLA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), 441 &tmp_uint); 442 if (entskb->nf_bridge 443 && entskb->nf_bridge->physindev) { 444 tmp_uint = htonl(entskb->nf_bridge->physindev->ifindex); 445 NLA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, 446 sizeof(tmp_uint), &tmp_uint); 447 } 448 } 449#endif 450 } 451 452 if (outdev) { 453 tmp_uint = htonl(outdev->ifindex); 454#ifndef CONFIG_BRIDGE_NETFILTER 455 NLA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); 456#else 457 if (entinf->pf == PF_BRIDGE) { 458 /* Case 1: outdev is physical output device, we need to 459 * look for bridge group (when called from 460 * netfilter_bridge) */ 461 NLA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint), 462 &tmp_uint); 463 /* this is the bridge group "brX" */ 464 tmp_uint = htonl(outdev->br_port->br->dev->ifindex); 465 NLA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), 466 &tmp_uint); 467 } else { 468 /* Case 2: outdev is bridge group, we need to look for 469 * physical output device (when called from ipv4) */ 470 NLA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), 471 &tmp_uint); 472 if (entskb->nf_bridge 473 && entskb->nf_bridge->physoutdev) { 474 tmp_uint = htonl(entskb->nf_bridge->physoutdev->ifindex); 475 NLA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, 476 sizeof(tmp_uint), &tmp_uint); 477 } 478 } 479#endif 480 } 481 482 if (entskb->mark) { 483 tmp_uint = htonl(entskb->mark); 484 NLA_PUT(skb, NFQA_MARK, sizeof(u_int32_t), &tmp_uint); 485 } 486 487 if (indev && entskb->dev) { 488 struct nfqnl_msg_packet_hw phw; 489 int len = dev_parse_header(entskb, phw.hw_addr); 490 if (len) { 491 phw.hw_addrlen = htons(len); 492 NLA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw); 493 } 494 } 495 496 if (entskb->tstamp.tv64) { 497 struct nfqnl_msg_packet_timestamp ts; 498 struct timeval tv = ktime_to_timeval(entskb->tstamp); 499 ts.sec = cpu_to_be64(tv.tv_sec); 500 ts.usec = cpu_to_be64(tv.tv_usec); 501 502 NLA_PUT(skb, NFQA_TIMESTAMP, sizeof(ts), &ts); 503 } 504 505 if (data_len) { 506 struct nlattr *nla; 507 int size = nla_attr_size(data_len); 508 509 if (skb_tailroom(skb) < nla_total_size(data_len)) { 510 printk(KERN_WARNING "nf_queue: no tailroom!\n"); 511 goto nlmsg_failure; 512 } 513 514 nla = (struct nlattr *)skb_put(skb, nla_total_size(data_len)); 515 nla->nla_type = NFQA_PAYLOAD; 516 nla->nla_len = size; 517 518 if (skb_copy_bits(entskb, 0, nla_data(nla), data_len)) 519 BUG(); 520 } 521 522 nlh->nlmsg_len = skb->tail - old_tail; 523 return skb; 524 525nlmsg_failure: 526nla_put_failure: 527 if (skb) 528 kfree_skb(skb); 529 *errp = -EINVAL; 530 if (net_ratelimit()) 531 printk(KERN_ERR "nf_queue: error creating packet message\n"); 532 return NULL; 533} 534 535static int 536nfqnl_enqueue_packet(struct sk_buff *skb, struct nf_info *info, 537 unsigned int queuenum, void *data) 538{ 539 int status = -EINVAL; 540 struct sk_buff *nskb; 541 struct nfqnl_instance *queue; 542 struct nfqnl_queue_entry *entry; 543 544 QDEBUG("entered\n"); 545 546 queue = instance_lookup_get(queuenum); 547 if (!queue) { 548 QDEBUG("no queue instance matching\n"); 549 return -EINVAL; 550 } 551 552 if (queue->copy_mode == NFQNL_COPY_NONE) { 553 QDEBUG("mode COPY_NONE, aborting\n"); 554 status = -EAGAIN; 555 goto err_out_put; 556 } 557 558 entry = kmalloc(sizeof(*entry), GFP_ATOMIC); 559 if (entry == NULL) { 560 if (net_ratelimit()) 561 printk(KERN_ERR 562 "nf_queue: OOM in nfqnl_enqueue_packet()\n"); 563 status = -ENOMEM; 564 goto err_out_put; 565 } 566 567 entry->info = info; 568 entry->skb = skb; 569 entry->id = atomic_inc_return(&queue->id_sequence); 570 571 nskb = nfqnl_build_packet_message(queue, entry, &status); 572 if (nskb == NULL) 573 goto err_out_free; 574 575 spin_lock_bh(&queue->lock); 576 577 if (!queue->peer_pid) 578 goto err_out_free_nskb; 579 580 if (queue->queue_total >= queue->queue_maxlen) { 581 queue->queue_dropped++; 582 status = -ENOSPC; 583 if (net_ratelimit()) 584 printk(KERN_WARNING "nf_queue: full at %d entries, " 585 "dropping packets(s). Dropped: %d\n", 586 queue->queue_total, queue->queue_dropped); 587 goto err_out_free_nskb; 588 } 589 590 /* nfnetlink_unicast will either free the nskb or add it to a socket */ 591 status = nfnetlink_unicast(nskb, queue->peer_pid, MSG_DONTWAIT); 592 if (status < 0) { 593 queue->queue_user_dropped++; 594 goto err_out_unlock; 595 } 596 597 __enqueue_entry(queue, entry); 598 599 spin_unlock_bh(&queue->lock); 600 instance_put(queue); 601 return status; 602 603err_out_free_nskb: 604 kfree_skb(nskb); 605 606err_out_unlock: 607 spin_unlock_bh(&queue->lock); 608 609err_out_free: 610 kfree(entry); 611err_out_put: 612 instance_put(queue); 613 return status; 614} 615 616static int 617nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) 618{ 619 int diff; 620 int err; 621 622 diff = data_len - e->skb->len; 623 if (diff < 0) { 624 if (pskb_trim(e->skb, data_len)) 625 return -ENOMEM; 626 } else if (diff > 0) { 627 if (data_len > 0xFFFF) 628 return -EINVAL; 629 if (diff > skb_tailroom(e->skb)) { 630 err = pskb_expand_head(e->skb, 0, 631 diff - skb_tailroom(e->skb), 632 GFP_ATOMIC); 633 if (err) { 634 printk(KERN_WARNING "nf_queue: OOM " 635 "in mangle, dropping packet\n"); 636 return err; 637 } 638 } 639 skb_put(e->skb, diff); 640 } 641 if (!skb_make_writable(e->skb, data_len)) 642 return -ENOMEM; 643 skb_copy_to_linear_data(e->skb, data, data_len); 644 e->skb->ip_summed = CHECKSUM_NONE; 645 return 0; 646} 647 648static inline int 649id_cmp(struct nfqnl_queue_entry *e, unsigned long id) 650{ 651 return (id == e->id); 652} 653 654static int 655nfqnl_set_mode(struct nfqnl_instance *queue, 656 unsigned char mode, unsigned int range) 657{ 658 int status; 659 660 spin_lock_bh(&queue->lock); 661 status = __nfqnl_set_mode(queue, mode, range); 662 spin_unlock_bh(&queue->lock); 663 664 return status; 665} 666 667static int 668dev_cmp(struct nfqnl_queue_entry *entry, unsigned long ifindex) 669{ 670 struct nf_info *entinf = entry->info; 671 672 if (entinf->indev) 673 if (entinf->indev->ifindex == ifindex) 674 return 1; 675 if (entinf->outdev) 676 if (entinf->outdev->ifindex == ifindex) 677 return 1; 678#ifdef CONFIG_BRIDGE_NETFILTER 679 if (entry->skb->nf_bridge) { 680 if (entry->skb->nf_bridge->physindev && 681 entry->skb->nf_bridge->physindev->ifindex == ifindex) 682 return 1; 683 if (entry->skb->nf_bridge->physoutdev && 684 entry->skb->nf_bridge->physoutdev->ifindex == ifindex) 685 return 1; 686 } 687#endif 688 return 0; 689} 690 691/* drop all packets with either indev or outdev == ifindex from all queue 692 * instances */ 693static void 694nfqnl_dev_drop(int ifindex) 695{ 696 int i; 697 698 QDEBUG("entering for ifindex %u\n", ifindex); 699 700 /* this only looks like we have to hold the readlock for a way too long 701 * time, issue_verdict(), nf_reinject(), ... - but we always only 702 * issue NF_DROP, which is processed directly in nf_reinject() */ 703 read_lock_bh(&instances_lock); 704 705 for (i = 0; i < INSTANCE_BUCKETS; i++) { 706 struct hlist_node *tmp; 707 struct nfqnl_instance *inst; 708 struct hlist_head *head = &instance_table[i]; 709 710 hlist_for_each_entry(inst, tmp, head, hlist) { 711 struct nfqnl_queue_entry *entry; 712 while ((entry = find_dequeue_entry(inst, dev_cmp, 713 ifindex)) != NULL) 714 issue_verdict(entry, NF_DROP); 715 } 716 } 717 718 read_unlock_bh(&instances_lock); 719} 720 721#define RCV_SKB_FAIL(err) do { netlink_ack(skb, nlh, (err)); return; } while (0) 722 723static int 724nfqnl_rcv_dev_event(struct notifier_block *this, 725 unsigned long event, void *ptr) 726{ 727 struct net_device *dev = ptr; 728 729 if (dev->nd_net != &init_net) 730 return NOTIFY_DONE; 731 732 /* Drop any packets associated with the downed device */ 733 if (event == NETDEV_DOWN) 734 nfqnl_dev_drop(dev->ifindex); 735 return NOTIFY_DONE; 736} 737 738static struct notifier_block nfqnl_dev_notifier = { 739 .notifier_call = nfqnl_rcv_dev_event, 740}; 741 742static int 743nfqnl_rcv_nl_event(struct notifier_block *this, 744 unsigned long event, void *ptr) 745{ 746 struct netlink_notify *n = ptr; 747 748 if (event == NETLINK_URELEASE && 749 n->protocol == NETLINK_NETFILTER && n->pid) { 750 int i; 751 752 /* destroy all instances for this pid */ 753 write_lock_bh(&instances_lock); 754 for (i = 0; i < INSTANCE_BUCKETS; i++) { 755 struct hlist_node *tmp, *t2; 756 struct nfqnl_instance *inst; 757 struct hlist_head *head = &instance_table[i]; 758 759 hlist_for_each_entry_safe(inst, tmp, t2, head, hlist) { 760 if ((n->net == &init_net) && 761 (n->pid == inst->peer_pid)) 762 __instance_destroy(inst); 763 } 764 } 765 write_unlock_bh(&instances_lock); 766 } 767 return NOTIFY_DONE; 768} 769 770static struct notifier_block nfqnl_rtnl_notifier = { 771 .notifier_call = nfqnl_rcv_nl_event, 772}; 773 774static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = { 775 [NFQA_VERDICT_HDR] = { .len = sizeof(struct nfqnl_msg_verdict_hdr) }, 776 [NFQA_MARK] = { .type = NLA_U32 }, 777 [NFQA_PAYLOAD] = { .type = NLA_UNSPEC }, 778}; 779 780static int 781nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb, 782 struct nlmsghdr *nlh, struct nlattr *nfqa[]) 783{ 784 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); 785 u_int16_t queue_num = ntohs(nfmsg->res_id); 786 787 struct nfqnl_msg_verdict_hdr *vhdr; 788 struct nfqnl_instance *queue; 789 unsigned int verdict; 790 struct nfqnl_queue_entry *entry; 791 int err; 792 793 queue = instance_lookup_get(queue_num); 794 if (!queue) 795 return -ENODEV; 796 797 if (queue->peer_pid != NETLINK_CB(skb).pid) { 798 err = -EPERM; 799 goto err_out_put; 800 } 801 802 if (!nfqa[NFQA_VERDICT_HDR]) { 803 err = -EINVAL; 804 goto err_out_put; 805 } 806 807 vhdr = nla_data(nfqa[NFQA_VERDICT_HDR]); 808 verdict = ntohl(vhdr->verdict); 809 810 if ((verdict & NF_VERDICT_MASK) > NF_MAX_VERDICT) { 811 err = -EINVAL; 812 goto err_out_put; 813 } 814 815 entry = find_dequeue_entry(queue, id_cmp, ntohl(vhdr->id)); 816 if (entry == NULL) { 817 err = -ENOENT; 818 goto err_out_put; 819 } 820 821 if (nfqa[NFQA_PAYLOAD]) { 822 if (nfqnl_mangle(nla_data(nfqa[NFQA_PAYLOAD]), 823 nla_len(nfqa[NFQA_PAYLOAD]), entry) < 0) 824 verdict = NF_DROP; 825 } 826 827 if (nfqa[NFQA_MARK]) 828 entry->skb->mark = ntohl(*(__be32 *) 829 nla_data(nfqa[NFQA_MARK])); 830 831 issue_verdict(entry, verdict); 832 instance_put(queue); 833 return 0; 834 835err_out_put: 836 instance_put(queue); 837 return err; 838} 839 840static int 841nfqnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb, 842 struct nlmsghdr *nlh, struct nlattr *nfqa[]) 843{ 844 return -ENOTSUPP; 845} 846 847static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] = { 848 [NFQA_CFG_CMD] = { .len = sizeof(struct nfqnl_msg_config_cmd) }, 849 [NFQA_CFG_PARAMS] = { .len = sizeof(struct nfqnl_msg_config_params) }, 850}; 851 852static struct nf_queue_handler nfqh = { 853 .name = "nf_queue", 854 .outfn = &nfqnl_enqueue_packet, 855}; 856 857static int 858nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb, 859 struct nlmsghdr *nlh, struct nlattr *nfqa[]) 860{ 861 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh); 862 u_int16_t queue_num = ntohs(nfmsg->res_id); 863 struct nfqnl_instance *queue; 864 int ret = 0; 865 866 QDEBUG("entering for msg %u\n", NFNL_MSG_TYPE(nlh->nlmsg_type)); 867 868 queue = instance_lookup_get(queue_num); 869 if (nfqa[NFQA_CFG_CMD]) { 870 struct nfqnl_msg_config_cmd *cmd; 871 cmd = nla_data(nfqa[NFQA_CFG_CMD]); 872 QDEBUG("found CFG_CMD\n"); 873 874 switch (cmd->command) { 875 case NFQNL_CFG_CMD_BIND: 876 if (queue) 877 return -EBUSY; 878 879 queue = instance_create(queue_num, NETLINK_CB(skb).pid); 880 if (!queue) 881 return -EINVAL; 882 break; 883 case NFQNL_CFG_CMD_UNBIND: 884 if (!queue) 885 return -ENODEV; 886 887 if (queue->peer_pid != NETLINK_CB(skb).pid) { 888 ret = -EPERM; 889 goto out_put; 890 } 891 892 instance_destroy(queue); 893 break; 894 case NFQNL_CFG_CMD_PF_BIND: 895 QDEBUG("registering queue handler for pf=%u\n", 896 ntohs(cmd->pf)); 897 ret = nf_register_queue_handler(ntohs(cmd->pf), &nfqh); 898 break; 899 case NFQNL_CFG_CMD_PF_UNBIND: 900 QDEBUG("unregistering queue handler for pf=%u\n", 901 ntohs(cmd->pf)); 902 ret = nf_unregister_queue_handler(ntohs(cmd->pf), &nfqh); 903 break; 904 default: 905 ret = -EINVAL; 906 break; 907 } 908 } else { 909 if (!queue) { 910 QDEBUG("no config command, and no instance ENOENT\n"); 911 ret = -ENOENT; 912 goto out_put; 913 } 914 915 if (queue->peer_pid != NETLINK_CB(skb).pid) { 916 QDEBUG("no config command, and wrong pid\n"); 917 ret = -EPERM; 918 goto out_put; 919 } 920 } 921 922 if (nfqa[NFQA_CFG_PARAMS]) { 923 struct nfqnl_msg_config_params *params; 924 925 if (!queue) { 926 ret = -ENOENT; 927 goto out_put; 928 } 929 params = nla_data(nfqa[NFQA_CFG_PARAMS]); 930 nfqnl_set_mode(queue, params->copy_mode, 931 ntohl(params->copy_range)); 932 } 933 934 if (nfqa[NFQA_CFG_QUEUE_MAXLEN]) { 935 __be32 *queue_maxlen; 936 queue_maxlen = nla_data(nfqa[NFQA_CFG_QUEUE_MAXLEN]); 937 spin_lock_bh(&queue->lock); 938 queue->queue_maxlen = ntohl(*queue_maxlen); 939 spin_unlock_bh(&queue->lock); 940 } 941 942out_put: 943 instance_put(queue); 944 return ret; 945} 946 947static const struct nfnl_callback nfqnl_cb[NFQNL_MSG_MAX] = { 948 [NFQNL_MSG_PACKET] = { .call = nfqnl_recv_unsupp, 949 .attr_count = NFQA_MAX, }, 950 [NFQNL_MSG_VERDICT] = { .call = nfqnl_recv_verdict, 951 .attr_count = NFQA_MAX, 952 .policy = nfqa_verdict_policy }, 953 [NFQNL_MSG_CONFIG] = { .call = nfqnl_recv_config, 954 .attr_count = NFQA_CFG_MAX, 955 .policy = nfqa_cfg_policy }, 956}; 957 958static const struct nfnetlink_subsystem nfqnl_subsys = { 959 .name = "nf_queue", 960 .subsys_id = NFNL_SUBSYS_QUEUE, 961 .cb_count = NFQNL_MSG_MAX, 962 .cb = nfqnl_cb, 963}; 964 965#ifdef CONFIG_PROC_FS 966struct iter_state { 967 unsigned int bucket; 968}; 969 970static struct hlist_node *get_first(struct seq_file *seq) 971{ 972 struct iter_state *st = seq->private; 973 974 if (!st) 975 return NULL; 976 977 for (st->bucket = 0; st->bucket < INSTANCE_BUCKETS; st->bucket++) { 978 if (!hlist_empty(&instance_table[st->bucket])) 979 return instance_table[st->bucket].first; 980 } 981 return NULL; 982} 983 984static struct hlist_node *get_next(struct seq_file *seq, struct hlist_node *h) 985{ 986 struct iter_state *st = seq->private; 987 988 h = h->next; 989 while (!h) { 990 if (++st->bucket >= INSTANCE_BUCKETS) 991 return NULL; 992 993 h = instance_table[st->bucket].first; 994 } 995 return h; 996} 997 998static struct hlist_node *get_idx(struct seq_file *seq, loff_t pos) 999{ 1000 struct hlist_node *head; 1001 head = get_first(seq); 1002 1003 if (head) 1004 while (pos && (head = get_next(seq, head))) 1005 pos--; 1006 return pos ? NULL : head; 1007} 1008 1009static void *seq_start(struct seq_file *seq, loff_t *pos) 1010{ 1011 read_lock_bh(&instances_lock); 1012 return get_idx(seq, *pos); 1013} 1014 1015static void *seq_next(struct seq_file *s, void *v, loff_t *pos) 1016{ 1017 (*pos)++; 1018 return get_next(s, v); 1019} 1020 1021static void seq_stop(struct seq_file *s, void *v) 1022{ 1023 read_unlock_bh(&instances_lock); 1024} 1025 1026static int seq_show(struct seq_file *s, void *v) 1027{ 1028 const struct nfqnl_instance *inst = v; 1029 1030 return seq_printf(s, "%5d %6d %5d %1d %5d %5d %5d %8d %2d\n", 1031 inst->queue_num, 1032 inst->peer_pid, inst->queue_total, 1033 inst->copy_mode, inst->copy_range, 1034 inst->queue_dropped, inst->queue_user_dropped, 1035 atomic_read(&inst->id_sequence), 1036 atomic_read(&inst->use)); 1037} 1038 1039static const struct seq_operations nfqnl_seq_ops = { 1040 .start = seq_start, 1041 .next = seq_next, 1042 .stop = seq_stop, 1043 .show = seq_show, 1044}; 1045 1046static int nfqnl_open(struct inode *inode, struct file *file) 1047{ 1048 return seq_open_private(file, &nfqnl_seq_ops, 1049 sizeof(struct iter_state)); 1050} 1051 1052static const struct file_operations nfqnl_file_ops = { 1053 .owner = THIS_MODULE, 1054 .open = nfqnl_open, 1055 .read = seq_read, 1056 .llseek = seq_lseek, 1057 .release = seq_release_private, 1058}; 1059 1060#endif /* PROC_FS */ 1061 1062static int __init nfnetlink_queue_init(void) 1063{ 1064 int i, status = -ENOMEM; 1065#ifdef CONFIG_PROC_FS 1066 struct proc_dir_entry *proc_nfqueue; 1067#endif 1068 1069 for (i = 0; i < INSTANCE_BUCKETS; i++) 1070 INIT_HLIST_HEAD(&instance_table[i]); 1071 1072 netlink_register_notifier(&nfqnl_rtnl_notifier); 1073 status = nfnetlink_subsys_register(&nfqnl_subsys); 1074 if (status < 0) { 1075 printk(KERN_ERR "nf_queue: failed to create netlink socket\n"); 1076 goto cleanup_netlink_notifier; 1077 } 1078 1079#ifdef CONFIG_PROC_FS 1080 proc_nfqueue = create_proc_entry("nfnetlink_queue", 0440, 1081 proc_net_netfilter); 1082 if (!proc_nfqueue) 1083 goto cleanup_subsys; 1084 proc_nfqueue->proc_fops = &nfqnl_file_ops; 1085#endif 1086 1087 register_netdevice_notifier(&nfqnl_dev_notifier); 1088 return status; 1089 1090#ifdef CONFIG_PROC_FS 1091cleanup_subsys: 1092 nfnetlink_subsys_unregister(&nfqnl_subsys); 1093#endif 1094cleanup_netlink_notifier: 1095 netlink_unregister_notifier(&nfqnl_rtnl_notifier); 1096 return status; 1097} 1098 1099static void __exit nfnetlink_queue_fini(void) 1100{ 1101 nf_unregister_queue_handlers(&nfqh); 1102 unregister_netdevice_notifier(&nfqnl_dev_notifier); 1103#ifdef CONFIG_PROC_FS 1104 remove_proc_entry("nfnetlink_queue", proc_net_netfilter); 1105#endif 1106 nfnetlink_subsys_unregister(&nfqnl_subsys); 1107 netlink_unregister_notifier(&nfqnl_rtnl_notifier); 1108} 1109 1110MODULE_DESCRIPTION("netfilter packet queue handler"); 1111MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 1112MODULE_LICENSE("GPL"); 1113MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_QUEUE); 1114 1115module_init(nfnetlink_queue_init); 1116module_exit(nfnetlink_queue_fini);