git://ftp.safe.ca
/
safe
/
jmp
/
linux-2.6
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
[NETFILTER]: Fix whitespace errors
[safe/jmp/linux-2.6]
/
net
/
netfilter
/
nfnetlink.c
diff --git
a/net/netfilter/nfnetlink.c
b/net/netfilter/nfnetlink.c
index
f8bd7c7
..
f42bb13
100644
(file)
--- a/
net/netfilter/nfnetlink.c
+++ b/
net/netfilter/nfnetlink.c
@@
-14,7
+14,6
@@
* of the GNU General Public License, incorporated herein by reference.
*/
* of the GNU General Public License, incorporated herein by reference.
*/
-#include <linux/config.h>
#include <linux/module.h>
#include <linux/types.h>
#include <linux/socket.h>
#include <linux/module.h>
#include <linux/types.h>
#include <linux/socket.h>
@@
-106,7
+105,7
@@
static inline struct nfnl_callback *
nfnetlink_find_client(u_int16_t type, struct nfnetlink_subsystem *ss)
{
u_int8_t cb_id = NFNL_MSG_TYPE(type);
nfnetlink_find_client(u_int16_t type, struct nfnetlink_subsystem *ss)
{
u_int8_t cb_id = NFNL_MSG_TYPE(type);
-
+
if (cb_id >= ss->cb_count) {
DEBUGP("msgtype %u >= %u, returning\n", type, ss->cb_count);
return NULL;
if (cb_id >= ss->cb_count) {
DEBUGP("msgtype %u >= %u, returning\n", type, ss->cb_count);
return NULL;
@@
-162,7
+161,7
@@
nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys,
return -EINVAL;
}
return -EINVAL;
}
- min_len = NLMSG_
ALIGN
(sizeof(struct nfgenmsg));
+ min_len = NLMSG_
SPACE
(sizeof(struct nfgenmsg));
if (unlikely(nlh->nlmsg_len < min_len))
return -EINVAL;
if (unlikely(nlh->nlmsg_len < min_len))
return -EINVAL;
@@
-188,8
+187,14
@@
nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys,
/* implicit: if nlmsg_len == min_len, we return 0, and an empty
* (zeroed) cda[] array. The message is valid, but empty. */
/* implicit: if nlmsg_len == min_len, we return 0, and an empty
* (zeroed) cda[] array. The message is valid, but empty. */
- return 0;
+ return 0;
+}
+
+int nfnetlink_has_listeners(unsigned int group)
+{
+ return netlink_has_listeners(nfnl, group);
}
}
+EXPORT_SYMBOL_GPL(nfnetlink_has_listeners);
int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, int echo)
{
int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, int echo)
{
@@
-212,7
+217,7
@@
int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags)
}
/* Process one complete nfnetlink message. */
}
/* Process one complete nfnetlink message. */
-static in
line in
t nfnetlink_rcv_msg(struct sk_buff *skb,
+static int nfnetlink_rcv_msg(struct sk_buff *skb,
struct nlmsghdr *nlh, int *errp)
{
struct nfnl_callback *nc;
struct nlmsghdr *nlh, int *errp)
{
struct nfnl_callback *nc;
@@
-223,6
+228,12
@@
static inline int nfnetlink_rcv_msg(struct sk_buff *skb,
NFNL_SUBSYS_ID(nlh->nlmsg_type),
NFNL_MSG_TYPE(nlh->nlmsg_type));
NFNL_SUBSYS_ID(nlh->nlmsg_type),
NFNL_MSG_TYPE(nlh->nlmsg_type));
+ if (security_netlink_recv(skb, CAP_NET_ADMIN)) {
+ DEBUGP("missing CAP_NET_ADMIN\n");
+ *errp = -EPERM;
+ return -1;
+ }
+
/* Only requests are handled by kernel now. */
if (!(nlh->nlmsg_flags & NLM_F_REQUEST)) {
DEBUGP("received non-request message\n");
/* Only requests are handled by kernel now. */
if (!(nlh->nlmsg_flags & NLM_F_REQUEST)) {
DEBUGP("received non-request message\n");
@@
-230,8
+241,7
@@
static inline int nfnetlink_rcv_msg(struct sk_buff *skb,
}
/* All the messages must at least contain nfgenmsg */
}
/* All the messages must at least contain nfgenmsg */
- if (nlh->nlmsg_len <
- NLMSG_LENGTH(NLMSG_ALIGN(sizeof(struct nfgenmsg)))) {
+ if (nlh->nlmsg_len < NLMSG_SPACE(sizeof(struct nfgenmsg))) {
DEBUGP("received message was too short\n");
return 0;
}
DEBUGP("received message was too short\n");
return 0;
}
@@
-248,7
+258,7
@@
static inline int nfnetlink_rcv_msg(struct sk_buff *skb,
ss = nfnetlink_get_subsys(type);
if (!ss)
#endif
ss = nfnetlink_get_subsys(type);
if (!ss)
#endif
- goto err_inval;
+
goto err_inval;
}
nc = nfnetlink_find_client(type, ss);
}
nc = nfnetlink_find_client(type, ss);
@@
-257,20
+267,13
@@
static inline int nfnetlink_rcv_msg(struct sk_buff *skb,
goto err_inval;
}
goto err_inval;
}
- if (nc->cap_required &&
- !cap_raised(NETLINK_CB(skb).eff_cap, nc->cap_required)) {
- DEBUGP("permission denied for type %d\n", type);
- *errp = -EPERM;
- return -1;
- }
-
{
{
- u_int16_t attr_count =
+ u_int16_t attr_count =
ss->cb[NFNL_MSG_TYPE(nlh->nlmsg_type)].attr_count;
struct nfattr *cda[attr_count];
memset(cda, 0, sizeof(struct nfattr *) * attr_count);
ss->cb[NFNL_MSG_TYPE(nlh->nlmsg_type)].attr_count;
struct nfattr *cda[attr_count];
memset(cda, 0, sizeof(struct nfattr *) * attr_count);
-
+
err = nfnetlink_check_attributes(ss, nlh, cda);
if (err < 0)
goto err_inval;
err = nfnetlink_check_attributes(ss, nlh, cda);
if (err < 0)
goto err_inval;
@@
-354,7
+357,7
@@
static int __init nfnetlink_init(void)
printk("Netfilter messages via NETLINK v%s.\n", nfversion);
nfnl = netlink_kernel_create(NETLINK_NETFILTER, NFNLGRP_MAX,
printk("Netfilter messages via NETLINK v%s.\n", nfversion);
nfnl = netlink_kernel_create(NETLINK_NETFILTER, NFNLGRP_MAX,
- nfnetlink_rcv, THIS_MODULE);
+ nfnetlink_rcv, THIS_MODULE);
if (!nfnl) {
printk(KERN_ERR "cannot initialize nfnetlink!\n");
return -1;
if (!nfnl) {
printk(KERN_ERR "cannot initialize nfnetlink!\n");
return -1;