X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=net%2Fnetfilter%2Fnfnetlink_queue.c;h=86a4ac33de3495791e5e465a5352afe79690c3cf;hb=6b2652936b9e61df47664a8dde46872a74d7dba2;hp=f81fe8c52e99ba2d3d90762cecc9ac4194fbf956;hpb=e7dfb09a3624a32df2dd00683875d0e56406a603;p=safe%2Fjmp%2Flinux-2.6 diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index f81fe8c..86a4ac3 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -136,11 +136,10 @@ instance_create(u_int16_t queue_num, int pid) goto out_unlock; } - inst = kmalloc(sizeof(*inst), GFP_ATOMIC); + inst = kzalloc(sizeof(*inst), GFP_ATOMIC); if (!inst) goto out_unlock; - memset(inst, 0, sizeof(*inst)); inst->queue_num = queue_num; inst->peer_pid = pid; inst->queue_maxlen = NFQNL_QMAX_DEFAULT; @@ -149,7 +148,7 @@ instance_create(u_int16_t queue_num, int pid) atomic_set(&inst->id_sequence, 0); /* needs to be two, since we _put() after creation */ atomic_set(&inst->use, 2); - inst->lock = SPIN_LOCK_UNLOCKED; + spin_lock_init(&inst->lock); INIT_LIST_HEAD(&inst->queue_list); if (!try_module_get(THIS_MODULE)) @@ -346,21 +345,28 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, struct nfqnl_msg_packet_hdr pmsg; struct nlmsghdr *nlh; struct nfgenmsg *nfmsg; + struct nf_info *entinf = entry->info; + struct sk_buff *entskb = entry->skb; + struct net_device *indev; + struct net_device *outdev; unsigned int tmp_uint; QDEBUG("entered\n"); /* all macros expand to constant values at compile time */ - size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) - + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ - + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ + size = NLMSG_SPACE(sizeof(struct nfgenmsg)) + + + NFA_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) + + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ + + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ #ifdef CONFIG_BRIDGE_NETFILTER - + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ - + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ + + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ + + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ #endif - + NLMSG_SPACE(sizeof(u_int32_t)) /* mark */ - + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw)) - + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); + + NFA_SPACE(sizeof(u_int32_t)) /* mark */ + + NFA_SPACE(sizeof(struct nfqnl_msg_packet_hw)) + + NFA_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); + + outdev = entinf->outdev; spin_lock_bh(&queue->lock); @@ -371,19 +377,19 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, break; case NFQNL_COPY_PACKET: - if (entry->skb->ip_summed == CHECKSUM_HW && - (*errp = skb_checksum_help(entry->skb, - entry->info->outdev == NULL))) { + if (entskb->ip_summed == CHECKSUM_HW && + (*errp = skb_checksum_help(entskb, + outdev == NULL))) { spin_unlock_bh(&queue->lock); return NULL; } if (queue->copy_range == 0 - || queue->copy_range > entry->skb->len) - data_len = entry->skb->len; + || queue->copy_range > entskb->len) + data_len = entskb->len; else data_len = queue->copy_range; - size += NLMSG_SPACE(data_len); + size += NFA_SPACE(data_len); break; default: @@ -403,29 +409,30 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, NFNL_SUBSYS_QUEUE << 8 | NFQNL_MSG_PACKET, sizeof(struct nfgenmsg)); nfmsg = NLMSG_DATA(nlh); - nfmsg->nfgen_family = entry->info->pf; + nfmsg->nfgen_family = entinf->pf; nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(queue->queue_num); pmsg.packet_id = htonl(entry->id); - pmsg.hw_protocol = htons(entry->skb->protocol); - pmsg.hook = entry->info->hook; + pmsg.hw_protocol = htons(entskb->protocol); + pmsg.hook = entinf->hook; NFA_PUT(skb, NFQA_PACKET_HDR, sizeof(pmsg), &pmsg); - if (entry->info->indev) { - tmp_uint = htonl(entry->info->indev->ifindex); + indev = entinf->indev; + if (indev) { + tmp_uint = htonl(indev->ifindex); #ifndef CONFIG_BRIDGE_NETFILTER NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); #else - if (entry->info->pf == PF_BRIDGE) { + if (entinf->pf == PF_BRIDGE) { /* Case 1: indev is physical input device, we need to * look for bridge group (when called from * netfilter_bridge) */ NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint), &tmp_uint); /* this is the bridge group "brX" */ - tmp_uint = htonl(entry->info->indev->br_port->br->dev->ifindex); + tmp_uint = htonl(indev->br_port->br->dev->ifindex); NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); } else { @@ -433,9 +440,9 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, * physical device (when called from ipv4) */ NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); - if (entry->skb->nf_bridge - && entry->skb->nf_bridge->physindev) { - tmp_uint = htonl(entry->skb->nf_bridge->physindev->ifindex); + if (entskb->nf_bridge + && entskb->nf_bridge->physindev) { + tmp_uint = htonl(entskb->nf_bridge->physindev->ifindex); NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint), &tmp_uint); } @@ -443,19 +450,19 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, #endif } - if (entry->info->outdev) { - tmp_uint = htonl(entry->info->outdev->ifindex); + if (outdev) { + tmp_uint = htonl(outdev->ifindex); #ifndef CONFIG_BRIDGE_NETFILTER NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); #else - if (entry->info->pf == PF_BRIDGE) { + if (entinf->pf == PF_BRIDGE) { /* Case 1: outdev is physical output device, we need to * look for bridge group (when called from * netfilter_bridge) */ NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint), &tmp_uint); /* this is the bridge group "brX" */ - tmp_uint = htonl(entry->info->outdev->br_port->br->dev->ifindex); + tmp_uint = htonl(outdev->br_port->br->dev->ifindex); NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); } else { @@ -463,9 +470,9 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, * physical output device (when called from ipv4) */ NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); - if (entry->skb->nf_bridge - && entry->skb->nf_bridge->physoutdev) { - tmp_uint = htonl(entry->skb->nf_bridge->physoutdev->ifindex); + if (entskb->nf_bridge + && entskb->nf_bridge->physoutdev) { + tmp_uint = htonl(entskb->nf_bridge->physoutdev->ifindex); NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint), &tmp_uint); } @@ -473,27 +480,27 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, #endif } - if (entry->skb->nfmark) { - tmp_uint = htonl(entry->skb->nfmark); + if (entskb->nfmark) { + tmp_uint = htonl(entskb->nfmark); NFA_PUT(skb, NFQA_MARK, sizeof(u_int32_t), &tmp_uint); } - if (entry->info->indev && entry->skb->dev - && entry->skb->dev->hard_header_parse) { + if (indev && entskb->dev + && entskb->dev->hard_header_parse) { struct nfqnl_msg_packet_hw phw; phw.hw_addrlen = - entry->skb->dev->hard_header_parse(entry->skb, + entskb->dev->hard_header_parse(entskb, phw.hw_addr); phw.hw_addrlen = htons(phw.hw_addrlen); NFA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw); } - if (entry->skb->tstamp.off_sec) { + if (entskb->tstamp.off_sec) { struct nfqnl_msg_packet_timestamp ts; - ts.sec = cpu_to_be64(skb_tv_base.tv_sec + entry->skb->tstamp.off_sec); - ts.usec = cpu_to_be64(skb_tv_base.tv_usec + entry->skb->tstamp.off_usec); + ts.sec = cpu_to_be64(entskb->tstamp.off_sec); + ts.usec = cpu_to_be64(entskb->tstamp.off_usec); NFA_PUT(skb, NFQA_TIMESTAMP, sizeof(ts), &ts); } @@ -511,7 +518,7 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, nfa->nfa_type = NFQA_PAYLOAD; nfa->nfa_len = size; - if (skb_copy_bits(entry->skb, 0, NFA_DATA(nfa), data_len)) + if (skb_copy_bits(entskb, 0, NFA_DATA(nfa), data_len)) BUG(); } @@ -668,12 +675,14 @@ nfqnl_set_mode(struct nfqnl_instance *queue, static int dev_cmp(struct nfqnl_queue_entry *entry, unsigned long ifindex) { - if (entry->info->indev) - if (entry->info->indev->ifindex == ifindex) + struct nf_info *entinf = entry->info; + + if (entinf->indev) + if (entinf->indev->ifindex == ifindex) return 1; - if (entry->info->outdev) - if (entry->info->outdev->ifindex == ifindex) + if (entinf->outdev) + if (entinf->outdev->ifindex == ifindex) return 1; return 0; @@ -817,7 +826,8 @@ nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb, } if (nfqa[NFQA_MARK-1]) - skb->nfmark = ntohl(*(u_int32_t *)NFA_DATA(nfqa[NFQA_MARK-1])); + entry->skb->nfmark = ntohl(*(u_int32_t *) + NFA_DATA(nfqa[NFQA_MARK-1])); issue_verdict(entry, verdict); instance_put(queue); @@ -919,8 +929,12 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb, if (nfqa[NFQA_CFG_PARAMS-1]) { struct nfqnl_msg_config_params *params; - params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]); + if (!queue) { + ret = -ENOENT; + goto out_put; + } + params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]); nfqnl_set_mode(queue, params->copy_mode, ntohl(params->copy_range)); } @@ -932,14 +946,11 @@ out_put: static struct nfnl_callback nfqnl_cb[NFQNL_MSG_MAX] = { [NFQNL_MSG_PACKET] = { .call = nfqnl_recv_unsupp, - .attr_count = NFQA_MAX, - .cap_required = CAP_NET_ADMIN }, + .attr_count = NFQA_MAX, }, [NFQNL_MSG_VERDICT] = { .call = nfqnl_recv_verdict, - .attr_count = NFQA_MAX, - .cap_required = CAP_NET_ADMIN }, + .attr_count = NFQA_MAX, }, [NFQNL_MSG_CONFIG] = { .call = nfqnl_recv_config, - .attr_count = NFQA_CFG_MAX, - .cap_required = CAP_NET_ADMIN }, + .attr_count = NFQA_CFG_MAX, }, }; static struct nfnetlink_subsystem nfqnl_subsys = { @@ -1036,10 +1047,9 @@ static int nfqnl_open(struct inode *inode, struct file *file) struct iter_state *is; int ret; - is = kmalloc(sizeof(*is), GFP_KERNEL); + is = kzalloc(sizeof(*is), GFP_KERNEL); if (!is) return -ENOMEM; - memset(is, 0, sizeof(*is)); ret = seq_open(file, &nfqnl_seq_ops); if (ret < 0) goto out_free; @@ -1061,17 +1071,13 @@ static struct file_operations nfqnl_file_ops = { #endif /* PROC_FS */ -static int -init_or_cleanup(int init) +static int __init nfnetlink_queue_init(void) { int i, status = -ENOMEM; #ifdef CONFIG_PROC_FS struct proc_dir_entry *proc_nfqueue; #endif - if (!init) - goto cleanup; - for (i = 0; i < INSTANCE_BUCKETS; i++) INIT_HLIST_HEAD(&instance_table[i]); @@ -1091,31 +1097,26 @@ init_or_cleanup(int init) #endif register_netdevice_notifier(&nfqnl_dev_notifier); - return status; -cleanup: - nf_unregister_queue_handlers(&nfqh); - unregister_netdevice_notifier(&nfqnl_dev_notifier); #ifdef CONFIG_PROC_FS - remove_proc_entry("nfnetlink_queue", proc_net_netfilter); cleanup_subsys: -#endif nfnetlink_subsys_unregister(&nfqnl_subsys); +#endif cleanup_netlink_notifier: netlink_unregister_notifier(&nfqnl_rtnl_notifier); return status; } -static int __init init(void) +static void __exit nfnetlink_queue_fini(void) { - - return init_or_cleanup(1); -} - -static void __exit fini(void) -{ - init_or_cleanup(0); + nf_unregister_queue_handlers(&nfqh); + unregister_netdevice_notifier(&nfqnl_dev_notifier); +#ifdef CONFIG_PROC_FS + remove_proc_entry("nfnetlink_queue", proc_net_netfilter); +#endif + nfnetlink_subsys_unregister(&nfqnl_subsys); + netlink_unregister_notifier(&nfqnl_rtnl_notifier); } MODULE_DESCRIPTION("netfilter packet queue handler"); @@ -1123,5 +1124,5 @@ MODULE_AUTHOR("Harald Welte "); MODULE_LICENSE("GPL"); MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_QUEUE); -module_init(init); -module_exit(fini); +module_init(nfnetlink_queue_init); +module_exit(nfnetlink_queue_fini);