Blame view
net/netfilter/nfnetlink.c
6.01 KB
f9e815b37
[NETFITLER]: Add ...
|
1 2 3 4 5 |
/* Netfilter messages via netlink socket. Allows for user space * protocol helpers and general trouble making from userspace. * * (C) 2001 by Jay Schulist <jschlst@samba.org>, * (C) 2002-2005 by Harald Welte <laforge@gnumonks.org> |
67ca39660
[NETFILTER]: nfne...
|
6 |
* (C) 2005,2007 by Pablo Neira Ayuso <pablo@netfilter.org> |
|
f9e815b37
[NETFITLER]: Add ...
|
7 8 9 10 11 12 13 14 15 |
* * Initial netfilter messages via netlink development funded and * generally made possible by Network Robots, Inc. (www.networkrobots.com) * * Further development of this code funded by Astaro AG (http://www.astaro.com) * * This software may be used and distributed according to the terms * of the GNU General Public License, incorporated herein by reference. */ |
|
f9e815b37
[NETFITLER]: Add ...
|
16 17 18 19 |
#include <linux/module.h> #include <linux/types.h> #include <linux/socket.h> #include <linux/kernel.h> |
|
f9e815b37
[NETFITLER]: Add ...
|
20 21 22 |
#include <linux/string.h> #include <linux/sockios.h> #include <linux/net.h> |
|
f9e815b37
[NETFITLER]: Add ...
|
23 24 25 26 |
#include <linux/skbuff.h> #include <asm/uaccess.h> #include <asm/system.h> #include <net/sock.h> |
a3c5029cf
[NETFILTER]: nfne...
|
27 |
#include <net/netlink.h> |
|
f9e815b37
[NETFITLER]: Add ...
|
28 |
#include <linux/init.h> |
|
f9e815b37
[NETFITLER]: Add ...
|
29 |
|
|
f9e815b37
[NETFITLER]: Add ...
|
30 31 32 33 |
#include <linux/netlink.h>
#include <linux/netfilter/nfnetlink.h>
MODULE_LICENSE("GPL");
|
|
4fdb3bb72
[NETLINK]: Add pr...
|
34 35 |
MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NETFILTER);
|
|
f9e815b37
[NETFITLER]: Add ...
|
36 37 |
static char __initdata nfversion[] = "0.30"; |
6b75e3e8d
netfilter: nfnetl...
|
38 |
static const struct nfnetlink_subsystem __rcu *subsys_table[NFNL_SUBSYS_COUNT]; |
|
a3c5029cf
[NETFILTER]: nfne...
|
39 |
static DEFINE_MUTEX(nfnl_mutex); |
|
f9e815b37
[NETFITLER]: Add ...
|
40 |
|
|
e6a7d3c04
netfilter: ctnetl...
|
41 |
void nfnl_lock(void) |
|
f9e815b37
[NETFITLER]: Add ...
|
42 |
{
|
|
a3c5029cf
[NETFILTER]: nfne...
|
43 |
mutex_lock(&nfnl_mutex); |
|
f9e815b37
[NETFITLER]: Add ...
|
44 |
} |
|
e6a7d3c04
netfilter: ctnetl...
|
45 |
EXPORT_SYMBOL_GPL(nfnl_lock); |
|
f9e815b37
[NETFITLER]: Add ...
|
46 |
|
|
e6a7d3c04
netfilter: ctnetl...
|
47 |
void nfnl_unlock(void) |
|
a3c5029cf
[NETFILTER]: nfne...
|
48 49 |
{
mutex_unlock(&nfnl_mutex);
|
|
f9e815b37
[NETFITLER]: Add ...
|
50 |
} |
|
e6a7d3c04
netfilter: ctnetl...
|
51 |
EXPORT_SYMBOL_GPL(nfnl_unlock); |
|
f9e815b37
[NETFITLER]: Add ...
|
52 |
|
|
7c8d4cb41
[NETFILTER]: nfne...
|
53 |
int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n) |
|
f9e815b37
[NETFITLER]: Add ...
|
54 |
{
|
|
f9e815b37
[NETFITLER]: Add ...
|
55 |
nfnl_lock(); |
|
0ab43f849
[NETFILTER]: Core...
|
56 57 58 59 |
if (subsys_table[n->subsys_id]) {
nfnl_unlock();
return -EBUSY;
}
|
|
cf778b00e
net: reintroduce ...
|
60 |
rcu_assign_pointer(subsys_table[n->subsys_id], n); |
|
f9e815b37
[NETFITLER]: Add ...
|
61 62 63 64 |
nfnl_unlock(); return 0; } |
|
f4bc177f0
[NETFILTER]: nfne...
|
65 |
EXPORT_SYMBOL_GPL(nfnetlink_subsys_register); |
|
f9e815b37
[NETFITLER]: Add ...
|
66 |
|
|
7c8d4cb41
[NETFILTER]: nfne...
|
67 |
int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n) |
|
f9e815b37
[NETFITLER]: Add ...
|
68 |
{
|
|
f9e815b37
[NETFITLER]: Add ...
|
69 70 71 |
nfnl_lock(); subsys_table[n->subsys_id] = NULL; nfnl_unlock(); |
|
6b75e3e8d
netfilter: nfnetl...
|
72 |
synchronize_rcu(); |
|
f9e815b37
[NETFITLER]: Add ...
|
73 74 |
return 0; } |
|
f4bc177f0
[NETFILTER]: nfne...
|
75 |
EXPORT_SYMBOL_GPL(nfnetlink_subsys_unregister); |
|
f9e815b37
[NETFITLER]: Add ...
|
76 |
|
|
7c8d4cb41
[NETFILTER]: nfne...
|
77 |
static inline const struct nfnetlink_subsystem *nfnetlink_get_subsys(u_int16_t type) |
|
f9e815b37
[NETFITLER]: Add ...
|
78 79 |
{
u_int8_t subsys_id = NFNL_SUBSYS_ID(type);
|
|
ac0f1d989
[NETFILTER]: nfne...
|
80 |
if (subsys_id >= NFNL_SUBSYS_COUNT) |
|
f9e815b37
[NETFITLER]: Add ...
|
81 |
return NULL; |
|
6b75e3e8d
netfilter: nfnetl...
|
82 |
return rcu_dereference(subsys_table[subsys_id]); |
|
f9e815b37
[NETFITLER]: Add ...
|
83 |
} |
|
7c8d4cb41
[NETFILTER]: nfne...
|
84 85 |
static inline const struct nfnl_callback * nfnetlink_find_client(u_int16_t type, const struct nfnetlink_subsystem *ss) |
|
f9e815b37
[NETFITLER]: Add ...
|
86 87 |
{
u_int8_t cb_id = NFNL_MSG_TYPE(type);
|
601e68e10
[NETFILTER]: Fix ...
|
88 |
|
|
67ca39660
[NETFILTER]: nfne...
|
89 |
if (cb_id >= ss->cb_count) |
|
f9e815b37
[NETFITLER]: Add ...
|
90 |
return NULL; |
|
f9e815b37
[NETFITLER]: Add ...
|
91 92 93 |
return &ss->cb[cb_id]; } |
cd8c20b65
netfilter: nfnetl...
|
94 |
int nfnetlink_has_listeners(struct net *net, unsigned int group) |
|
a24276924
[NETFILTER]: ctne...
|
95 |
{
|
|
cd8c20b65
netfilter: nfnetl...
|
96 |
return netlink_has_listeners(net->nfnl, group); |
|
a24276924
[NETFILTER]: ctne...
|
97 98 |
} EXPORT_SYMBOL_GPL(nfnetlink_has_listeners); |
|
cd8c20b65
netfilter: nfnetl...
|
99 |
int nfnetlink_send(struct sk_buff *skb, struct net *net, u32 pid, |
|
e34d5c1a4
netfilter: conntr...
|
100 |
unsigned group, int echo, gfp_t flags) |
|
f9e815b37
[NETFITLER]: Add ...
|
101 |
{
|
|
cd8c20b65
netfilter: nfnetl...
|
102 |
return nlmsg_notify(net->nfnl, skb, pid, group, echo, flags); |
|
f9e815b37
[NETFITLER]: Add ...
|
103 |
} |
|
f4bc177f0
[NETFILTER]: nfne...
|
104 |
EXPORT_SYMBOL_GPL(nfnetlink_send); |
|
f9e815b37
[NETFITLER]: Add ...
|
105 |
|
|
37b7ef720
netfilter: ctnetl...
|
106 |
int nfnetlink_set_err(struct net *net, u32 pid, u32 group, int error) |
|
dd5b6ce6f
nefilter: nfnetli...
|
107 |
{
|
|
37b7ef720
netfilter: ctnetl...
|
108 |
return netlink_set_err(net->nfnl, pid, group, error); |
|
dd5b6ce6f
nefilter: nfnetli...
|
109 110 |
} EXPORT_SYMBOL_GPL(nfnetlink_set_err); |
|
cd8c20b65
netfilter: nfnetl...
|
111 |
int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u_int32_t pid, int flags) |
|
f9e815b37
[NETFITLER]: Add ...
|
112 |
{
|
|
cd8c20b65
netfilter: nfnetl...
|
113 |
return netlink_unicast(net->nfnl, skb, pid, flags); |
|
f9e815b37
[NETFITLER]: Add ...
|
114 |
} |
|
f4bc177f0
[NETFILTER]: nfne...
|
115 |
EXPORT_SYMBOL_GPL(nfnetlink_unicast); |
|
f9e815b37
[NETFITLER]: Add ...
|
116 117 |
/* Process one complete nfnetlink message. */ |
1d00a4eb4
[NETLINK]: Remove...
|
118 |
static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) |
|
f9e815b37
[NETFITLER]: Add ...
|
119 |
{
|
|
cd8c20b65
netfilter: nfnetl...
|
120 |
struct net *net = sock_net(skb->sk); |
|
7c8d4cb41
[NETFILTER]: nfne...
|
121 122 |
const struct nfnl_callback *nc; const struct nfnetlink_subsystem *ss; |
|
1d00a4eb4
[NETLINK]: Remove...
|
123 |
int type, err; |
|
f9e815b37
[NETFITLER]: Add ...
|
124 |
|
fd7784615
security: remove ...
|
125 |
if (!capable(CAP_NET_ADMIN)) |
|
1d00a4eb4
[NETLINK]: Remove...
|
126 |
return -EPERM; |
|
37d2e7a20
[NETFILTER] nfnet...
|
127 |
|
|
f9e815b37
[NETFITLER]: Add ...
|
128 |
/* All the messages must at least contain nfgenmsg */ |
|
f49c857ff
netfilter: nfnetl...
|
129 |
if (nlh->nlmsg_len < NLMSG_LENGTH(sizeof(struct nfgenmsg))) |
|
f9e815b37
[NETFITLER]: Add ...
|
130 |
return 0; |
|
f9e815b37
[NETFITLER]: Add ...
|
131 132 |
type = nlh->nlmsg_type; |
|
e6a7d3c04
netfilter: ctnetl...
|
133 |
replay: |
|
6b75e3e8d
netfilter: nfnetl...
|
134 |
rcu_read_lock(); |
|
f9e815b37
[NETFITLER]: Add ...
|
135 |
ss = nfnetlink_get_subsys(type); |
|
0ab43f849
[NETFILTER]: Core...
|
136 |
if (!ss) {
|
95a5afca4
net: Remove CONFI...
|
137 |
#ifdef CONFIG_MODULES |
|
6b75e3e8d
netfilter: nfnetl...
|
138 |
rcu_read_unlock(); |
|
37d2e7a20
[NETFILTER] nfnet...
|
139 |
request_module("nfnetlink-subsys-%d", NFNL_SUBSYS_ID(type));
|
|
6b75e3e8d
netfilter: nfnetl...
|
140 |
rcu_read_lock(); |
|
37d2e7a20
[NETFILTER] nfnet...
|
141 |
ss = nfnetlink_get_subsys(type); |
|
0ab43f849
[NETFILTER]: Core...
|
142 143 |
if (!ss) #endif |
|
6b75e3e8d
netfilter: nfnetl...
|
144 145 |
{
rcu_read_unlock();
|
|
1d00a4eb4
[NETLINK]: Remove...
|
146 |
return -EINVAL; |
|
6b75e3e8d
netfilter: nfnetl...
|
147 |
} |
|
0ab43f849
[NETFILTER]: Core...
|
148 |
} |
|
f9e815b37
[NETFITLER]: Add ...
|
149 150 |
nc = nfnetlink_find_client(type, ss); |
|
6b75e3e8d
netfilter: nfnetl...
|
151 152 |
if (!nc) {
rcu_read_unlock();
|
|
1d00a4eb4
[NETLINK]: Remove...
|
153 |
return -EINVAL; |
|
6b75e3e8d
netfilter: nfnetl...
|
154 |
} |
|
f9e815b37
[NETFITLER]: Add ...
|
155 |
|
|
f9e815b37
[NETFITLER]: Add ...
|
156 |
{
|
|
e37305782
[NETFILTER]: nfne...
|
157 158 |
int min_len = NLMSG_SPACE(sizeof(struct nfgenmsg)); u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type); |
|
f49c857ff
netfilter: nfnetl...
|
159 160 161 162 163 164 165 166 |
struct nlattr *cda[ss->cb[cb_id].attr_count + 1]; struct nlattr *attr = (void *)nlh + min_len; int attrlen = nlh->nlmsg_len - min_len; err = nla_parse(cda, ss->cb[cb_id].attr_count, attr, attrlen, ss->cb[cb_id].policy); if (err < 0) return err; |
|
601e68e10
[NETFILTER]: Fix ...
|
167 |
|
|
6b75e3e8d
netfilter: nfnetl...
|
168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 |
if (nc->call_rcu) {
err = nc->call_rcu(net->nfnl, skb, nlh,
(const struct nlattr **)cda);
rcu_read_unlock();
} else {
rcu_read_unlock();
nfnl_lock();
if (rcu_dereference_protected(
subsys_table[NFNL_SUBSYS_ID(type)],
lockdep_is_held(&nfnl_mutex)) != ss ||
nfnetlink_find_client(type, ss) != nc)
err = -EAGAIN;
else
err = nc->call(net->nfnl, skb, nlh,
(const struct nlattr **)cda);
nfnl_unlock();
}
|
|
e6a7d3c04
netfilter: ctnetl...
|
185 186 187 |
if (err == -EAGAIN) goto replay; return err; |
|
f9e815b37
[NETFITLER]: Add ...
|
188 |
} |
|
f9e815b37
[NETFITLER]: Add ...
|
189 |
} |
cd40b7d39
[NET]: make netli...
|
190 |
static void nfnetlink_rcv(struct sk_buff *skb) |
|
f9e815b37
[NETFITLER]: Add ...
|
191 |
{
|
|
cd40b7d39
[NET]: make netli...
|
192 |
netlink_rcv_skb(skb, &nfnetlink_rcv_msg); |
|
f9e815b37
[NETFITLER]: Add ...
|
193 |
} |
|
cd8c20b65
netfilter: nfnetl...
|
194 |
static int __net_init nfnetlink_net_init(struct net *net) |
|
f9e815b37
[NETFITLER]: Add ...
|
195 |
{
|
|
cd8c20b65
netfilter: nfnetl...
|
196 197 198 199 200 201 202 |
struct sock *nfnl; nfnl = netlink_kernel_create(net, NETLINK_NETFILTER, NFNLGRP_MAX, nfnetlink_rcv, NULL, THIS_MODULE); if (!nfnl) return -ENOMEM; net->nfnl_stash = nfnl; |
|
cf778b00e
net: reintroduce ...
|
203 |
rcu_assign_pointer(net->nfnl, nfnl); |
|
cd8c20b65
netfilter: nfnetl...
|
204 |
return 0; |
|
f9e815b37
[NETFITLER]: Add ...
|
205 |
} |
|
cd8c20b65
netfilter: nfnetl...
|
206 |
static void __net_exit nfnetlink_net_exit_batch(struct list_head *net_exit_list) |
|
f9e815b37
[NETFITLER]: Add ...
|
207 |
{
|
|
cd8c20b65
netfilter: nfnetl...
|
208 |
struct net *net; |
|
f9e815b37
[NETFITLER]: Add ...
|
209 |
|
|
cd8c20b65
netfilter: nfnetl...
|
210 |
list_for_each_entry(net, net_exit_list, exit_list) |
a9b3cd7f3
rcu: convert uses...
|
211 |
RCU_INIT_POINTER(net->nfnl, NULL); |
|
cd8c20b65
netfilter: nfnetl...
|
212 213 214 215 |
synchronize_net(); list_for_each_entry(net, net_exit_list, exit_list) netlink_kernel_release(net->nfnl_stash); } |
|
f9e815b37
[NETFITLER]: Add ...
|
216 |
|
|
cd8c20b65
netfilter: nfnetl...
|
217 218 219 220 221 222 223 |
static struct pernet_operations nfnetlink_net_ops = {
.init = nfnetlink_net_init,
.exit_batch = nfnetlink_net_exit_batch,
};
static int __init nfnetlink_init(void)
{
|
|
654d0fbdc
netfilter: cleanu...
|
224 225 |
pr_info("Netfilter messages via NETLINK v%s.
", nfversion);
|
|
cd8c20b65
netfilter: nfnetl...
|
226 |
return register_pernet_subsys(&nfnetlink_net_ops); |
|
f9e815b37
[NETFITLER]: Add ...
|
227 |
} |
|
cd8c20b65
netfilter: nfnetl...
|
228 229 |
static void __exit nfnetlink_exit(void)
{
|
|
654d0fbdc
netfilter: cleanu...
|
230 231 |
pr_info("Removing netfilter NETLINK layer.
");
|
|
cd8c20b65
netfilter: nfnetl...
|
232 233 |
unregister_pernet_subsys(&nfnetlink_net_ops); } |
|
f9e815b37
[NETFITLER]: Add ...
|
234 235 |
module_init(nfnetlink_init); module_exit(nfnetlink_exit); |