Commit 910a7e905f36e51a17d6e8bb4ad6dcd5ac5f1d53

Authored by Eric W. Biederman
Committed by Greg Kroah-Hartman
1 parent d6523ddf23

netlink: Implment netlink_broadcast_filtered

When netlink sockets are used to convey data that is in a namespace
we need a way to select a subset of the listening sockets to deliver
the packet to.  For the network namespace we have been doing this
by only transmitting packets in the correct network namespace.

For data belonging to other namespaces netlink_bradcast_filtered
provides a mechanism that allows us to examine the destination
socket and to decide if we should transmit the specified packet
to it.

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Showing 2 changed files with 23 additions and 2 deletions Side-by-side Diff

include/linux/netlink.h
... ... @@ -188,6 +188,10 @@
188 188 extern int netlink_unicast(struct sock *ssk, struct sk_buff *skb, __u32 pid, int nonblock);
189 189 extern int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, __u32 pid,
190 190 __u32 group, gfp_t allocation);
  191 +extern int netlink_broadcast_filtered(struct sock *ssk, struct sk_buff *skb,
  192 + __u32 pid, __u32 group, gfp_t allocation,
  193 + int (*filter)(struct sock *dsk, struct sk_buff *skb, void *data),
  194 + void *filter_data);
191 195 extern int netlink_set_err(struct sock *ssk, __u32 pid, __u32 group, int code);
192 196 extern int netlink_register_notifier(struct notifier_block *nb);
193 197 extern int netlink_unregister_notifier(struct notifier_block *nb);
net/netlink/af_netlink.c
... ... @@ -978,6 +978,8 @@
978 978 int delivered;
979 979 gfp_t allocation;
980 980 struct sk_buff *skb, *skb2;
  981 + int (*tx_filter)(struct sock *dsk, struct sk_buff *skb, void *data);
  982 + void *tx_data;
981 983 };
982 984  
983 985 static inline int do_one_broadcast(struct sock *sk,
... ... @@ -1020,6 +1022,9 @@
1020 1022 p->failure = 1;
1021 1023 if (nlk->flags & NETLINK_BROADCAST_SEND_ERROR)
1022 1024 p->delivery_failure = 1;
  1025 + } else if (p->tx_filter && p->tx_filter(sk, p->skb2, p->tx_data)) {
  1026 + kfree_skb(p->skb2);
  1027 + p->skb2 = NULL;
1023 1028 } else if (sk_filter(sk, p->skb2)) {
1024 1029 kfree_skb(p->skb2);
1025 1030 p->skb2 = NULL;
... ... @@ -1038,8 +1043,10 @@
1038 1043 return 0;
1039 1044 }
1040 1045  
1041   -int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, u32 pid,
1042   - u32 group, gfp_t allocation)
  1046 +int netlink_broadcast_filtered(struct sock *ssk, struct sk_buff *skb, u32 pid,
  1047 + u32 group, gfp_t allocation,
  1048 + int (*filter)(struct sock *dsk, struct sk_buff *skb, void *data),
  1049 + void *filter_data)
1043 1050 {
1044 1051 struct net *net = sock_net(ssk);
1045 1052 struct netlink_broadcast_data info;
... ... @@ -1059,6 +1066,8 @@
1059 1066 info.allocation = allocation;
1060 1067 info.skb = skb;
1061 1068 info.skb2 = NULL;
  1069 + info.tx_filter = filter;
  1070 + info.tx_data = filter_data;
1062 1071  
1063 1072 /* While we sleep in clone, do not allow to change socket list */
1064 1073  
... ... @@ -1082,6 +1091,14 @@
1082 1091 return 0;
1083 1092 }
1084 1093 return -ESRCH;
  1094 +}
  1095 +EXPORT_SYMBOL(netlink_broadcast_filtered);
  1096 +
  1097 +int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, u32 pid,
  1098 + u32 group, gfp_t allocation)
  1099 +{
  1100 + return netlink_broadcast_filtered(ssk, skb, pid, group, allocation,
  1101 + NULL, NULL);
1085 1102 }
1086 1103 EXPORT_SYMBOL(netlink_broadcast);
1087 1104