X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=net%2Fnetfilter%2Fnfnetlink_queue.c;h=8eb2473d83e1d8cf919b3ed92785f4d824e712b0;hb=4cb50dc2eaeddb0bc20bc4cd108c4fec99f5045a;hp=55afdda3d9407af4f1d7bfd4a0bdd7db77c5a8cf;hpb=181a46a56e9f852060c54247209e93740329b6eb;p=safe%2Fjmp%2Flinux-2.6 diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 55afdda..8eb2473 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -345,21 +345,28 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, struct nfqnl_msg_packet_hdr pmsg; struct nlmsghdr *nlh; struct nfgenmsg *nfmsg; + struct nf_info *entinf = entry->info; + struct sk_buff *entskb = entry->skb; + struct net_device *indev; + struct net_device *outdev; unsigned int tmp_uint; QDEBUG("entered\n"); /* all macros expand to constant values at compile time */ - size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) - + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ - + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ + size = NLMSG_SPACE(sizeof(struct nfgenmsg)) + + + NFA_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) + + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ + + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ #ifdef CONFIG_BRIDGE_NETFILTER - + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ - + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ + + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ + + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ #endif - + NLMSG_SPACE(sizeof(u_int32_t)) /* mark */ - + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw)) - + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); + + NFA_SPACE(sizeof(u_int32_t)) /* mark */ + + NFA_SPACE(sizeof(struct nfqnl_msg_packet_hw)) + + NFA_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); + + outdev = entinf->outdev; spin_lock_bh(&queue->lock); @@ -370,19 +377,19 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, break; case NFQNL_COPY_PACKET: - if (entry->skb->ip_summed == CHECKSUM_HW && - (*errp = skb_checksum_help(entry->skb, - entry->info->outdev == NULL))) { + if ((entskb->ip_summed == CHECKSUM_PARTIAL || + entskb->ip_summed == CHECKSUM_COMPLETE) && + (*errp = skb_checksum_help(entskb))) { spin_unlock_bh(&queue->lock); return NULL; } if (queue->copy_range == 0 - || queue->copy_range > entry->skb->len) - data_len = entry->skb->len; + || queue->copy_range > entskb->len) + data_len = entskb->len; else data_len = queue->copy_range; - size += NLMSG_SPACE(data_len); + size += NFA_SPACE(data_len); break; default: @@ -402,29 +409,30 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, NFNL_SUBSYS_QUEUE << 8 | NFQNL_MSG_PACKET, sizeof(struct nfgenmsg)); nfmsg = NLMSG_DATA(nlh); - nfmsg->nfgen_family = entry->info->pf; + nfmsg->nfgen_family = entinf->pf; nfmsg->version = NFNETLINK_V0; nfmsg->res_id = htons(queue->queue_num); pmsg.packet_id = htonl(entry->id); - pmsg.hw_protocol = htons(entry->skb->protocol); - pmsg.hook = entry->info->hook; + pmsg.hw_protocol = htons(entskb->protocol); + pmsg.hook = entinf->hook; NFA_PUT(skb, NFQA_PACKET_HDR, sizeof(pmsg), &pmsg); - if (entry->info->indev) { - tmp_uint = htonl(entry->info->indev->ifindex); + indev = entinf->indev; + if (indev) { + tmp_uint = htonl(indev->ifindex); #ifndef CONFIG_BRIDGE_NETFILTER NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); #else - if (entry->info->pf == PF_BRIDGE) { + if (entinf->pf == PF_BRIDGE) { /* Case 1: indev is physical input device, we need to * look for bridge group (when called from * netfilter_bridge) */ NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint), &tmp_uint); /* this is the bridge group "brX" */ - tmp_uint = htonl(entry->info->indev->br_port->br->dev->ifindex); + tmp_uint = htonl(indev->br_port->br->dev->ifindex); NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); } else { @@ -432,9 +440,9 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, * physical device (when called from ipv4) */ NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); - if (entry->skb->nf_bridge - && entry->skb->nf_bridge->physindev) { - tmp_uint = htonl(entry->skb->nf_bridge->physindev->ifindex); + if (entskb->nf_bridge + && entskb->nf_bridge->physindev) { + tmp_uint = htonl(entskb->nf_bridge->physindev->ifindex); NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint), &tmp_uint); } @@ -442,19 +450,19 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, #endif } - if (entry->info->outdev) { - tmp_uint = htonl(entry->info->outdev->ifindex); + if (outdev) { + tmp_uint = htonl(outdev->ifindex); #ifndef CONFIG_BRIDGE_NETFILTER NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); #else - if (entry->info->pf == PF_BRIDGE) { + if (entinf->pf == PF_BRIDGE) { /* Case 1: outdev is physical output device, we need to * look for bridge group (when called from * netfilter_bridge) */ NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint), &tmp_uint); /* this is the bridge group "brX" */ - tmp_uint = htonl(entry->info->outdev->br_port->br->dev->ifindex); + tmp_uint = htonl(outdev->br_port->br->dev->ifindex); NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); } else { @@ -462,9 +470,9 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, * physical output device (when called from ipv4) */ NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); - if (entry->skb->nf_bridge - && entry->skb->nf_bridge->physoutdev) { - tmp_uint = htonl(entry->skb->nf_bridge->physoutdev->ifindex); + if (entskb->nf_bridge + && entskb->nf_bridge->physoutdev) { + tmp_uint = htonl(entskb->nf_bridge->physoutdev->ifindex); NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint), &tmp_uint); } @@ -472,27 +480,27 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, #endif } - if (entry->skb->nfmark) { - tmp_uint = htonl(entry->skb->nfmark); + if (entskb->nfmark) { + tmp_uint = htonl(entskb->nfmark); NFA_PUT(skb, NFQA_MARK, sizeof(u_int32_t), &tmp_uint); } - if (entry->info->indev && entry->skb->dev - && entry->skb->dev->hard_header_parse) { + if (indev && entskb->dev + && entskb->dev->hard_header_parse) { struct nfqnl_msg_packet_hw phw; phw.hw_addrlen = - entry->skb->dev->hard_header_parse(entry->skb, + entskb->dev->hard_header_parse(entskb, phw.hw_addr); phw.hw_addrlen = htons(phw.hw_addrlen); NFA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw); } - if (entry->skb->tstamp.off_sec) { + if (entskb->tstamp.off_sec) { struct nfqnl_msg_packet_timestamp ts; - ts.sec = cpu_to_be64(entry->skb->tstamp.off_sec); - ts.usec = cpu_to_be64(entry->skb->tstamp.off_usec); + ts.sec = cpu_to_be64(entskb->tstamp.off_sec); + ts.usec = cpu_to_be64(entskb->tstamp.off_usec); NFA_PUT(skb, NFQA_TIMESTAMP, sizeof(ts), &ts); } @@ -510,7 +518,7 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, nfa->nfa_type = NFQA_PAYLOAD; nfa->nfa_len = size; - if (skb_copy_bits(entry->skb, 0, NFA_DATA(nfa), data_len)) + if (skb_copy_bits(entskb, 0, NFA_DATA(nfa), data_len)) BUG(); } @@ -576,7 +584,7 @@ nfqnl_enqueue_packet(struct sk_buff *skb, struct nf_info *info, queue->queue_dropped++; status = -ENOSPC; if (net_ratelimit()) - printk(KERN_WARNING "ip_queue: full at %d entries, " + printk(KERN_WARNING "nf_queue: full at %d entries, " "dropping packets(s). Dropped: %d\n", queue->queue_total, queue->queue_dropped); goto err_out_free_nskb; @@ -627,7 +635,7 @@ nfqnl_mangle(void *data, int data_len, struct nfqnl_queue_entry *e) diff, GFP_ATOMIC); if (newskb == NULL) { - printk(KERN_WARNING "ip_queue: OOM " + printk(KERN_WARNING "nf_queue: OOM " "in mangle, dropping packet\n"); return -ENOMEM; } @@ -667,14 +675,24 @@ nfqnl_set_mode(struct nfqnl_instance *queue, static int dev_cmp(struct nfqnl_queue_entry *entry, unsigned long ifindex) { - if (entry->info->indev) - if (entry->info->indev->ifindex == ifindex) + struct nf_info *entinf = entry->info; + + if (entinf->indev) + if (entinf->indev->ifindex == ifindex) return 1; - - if (entry->info->outdev) - if (entry->info->outdev->ifindex == ifindex) + if (entinf->outdev) + if (entinf->outdev->ifindex == ifindex) return 1; - +#ifdef CONFIG_BRIDGE_NETFILTER + if (entry->skb->nf_bridge) { + if (entry->skb->nf_bridge->physindev && + entry->skb->nf_bridge->physindev->ifindex == ifindex) + return 1; + if (entry->skb->nf_bridge->physoutdev && + entry->skb->nf_bridge->physoutdev->ifindex == ifindex) + return 1; + } +#endif return 0; } @@ -816,7 +834,8 @@ nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb, } if (nfqa[NFQA_MARK-1]) - skb->nfmark = ntohl(*(u_int32_t *)NFA_DATA(nfqa[NFQA_MARK-1])); + entry->skb->nfmark = ntohl(*(u_int32_t *) + NFA_DATA(nfqa[NFQA_MARK-1])); issue_verdict(entry, verdict); instance_put(queue); @@ -918,8 +937,12 @@ nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb, if (nfqa[NFQA_CFG_PARAMS-1]) { struct nfqnl_msg_config_params *params; - params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]); + if (!queue) { + ret = -ENOENT; + goto out_put; + } + params = NFA_DATA(nfqa[NFQA_CFG_PARAMS-1]); nfqnl_set_mode(queue, params->copy_mode, ntohl(params->copy_range)); } @@ -1056,17 +1079,13 @@ static struct file_operations nfqnl_file_ops = { #endif /* PROC_FS */ -static int -init_or_cleanup(int init) +static int __init nfnetlink_queue_init(void) { int i, status = -ENOMEM; #ifdef CONFIG_PROC_FS struct proc_dir_entry *proc_nfqueue; #endif - if (!init) - goto cleanup; - for (i = 0; i < INSTANCE_BUCKETS; i++) INIT_HLIST_HEAD(&instance_table[i]); @@ -1086,31 +1105,26 @@ init_or_cleanup(int init) #endif register_netdevice_notifier(&nfqnl_dev_notifier); - return status; -cleanup: - nf_unregister_queue_handlers(&nfqh); - unregister_netdevice_notifier(&nfqnl_dev_notifier); #ifdef CONFIG_PROC_FS - remove_proc_entry("nfnetlink_queue", proc_net_netfilter); cleanup_subsys: -#endif nfnetlink_subsys_unregister(&nfqnl_subsys); +#endif cleanup_netlink_notifier: netlink_unregister_notifier(&nfqnl_rtnl_notifier); return status; } -static int __init init(void) -{ - - return init_or_cleanup(1); -} - -static void __exit fini(void) +static void __exit nfnetlink_queue_fini(void) { - init_or_cleanup(0); + nf_unregister_queue_handlers(&nfqh); + unregister_netdevice_notifier(&nfqnl_dev_notifier); +#ifdef CONFIG_PROC_FS + remove_proc_entry("nfnetlink_queue", proc_net_netfilter); +#endif + nfnetlink_subsys_unregister(&nfqnl_subsys); + netlink_unregister_notifier(&nfqnl_rtnl_notifier); } MODULE_DESCRIPTION("netfilter packet queue handler"); @@ -1118,5 +1132,5 @@ MODULE_AUTHOR("Harald Welte "); MODULE_LICENSE("GPL"); MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_QUEUE); -module_init(init); -module_exit(fini); +module_init(nfnetlink_queue_init); +module_exit(nfnetlink_queue_fini);