2005-08-09 19:30:24 -07:00
/* Netfilter messages via netlink socket. Allows for user space
* protocol helpers and general trouble making from userspace .
*
* ( C ) 2001 by Jay Schulist < jschlst @ samba . org > ,
* ( C ) 2002 - 2005 by Harald Welte < laforge @ gnumonks . org >
2007-03-14 16:40:38 -07:00
* ( C ) 2005 , 2007 by Pablo Neira Ayuso < pablo @ netfilter . org >
2005-08-09 19:30:24 -07:00
*
* Initial netfilter messages via netlink development funded and
* generally made possible by Network Robots , Inc . ( www . networkrobots . com )
*
* Further development of this code funded by Astaro AG ( http : //www.astaro.com)
*
* This software may be used and distributed according to the terms
* of the GNU General Public License , incorporated herein by reference .
*/
# include <linux/module.h>
# include <linux/types.h>
# include <linux/socket.h>
# include <linux/kernel.h>
# include <linux/string.h>
# include <linux/sockios.h>
# include <linux/net.h>
# include <linux/skbuff.h>
# include <asm/uaccess.h>
# include <asm/system.h>
# include <net/sock.h>
2007-03-14 16:39:25 -07:00
# include <net/netlink.h>
2005-08-09 19:30:24 -07:00
# include <linux/init.h>
# include <linux/netlink.h>
# include <linux/netfilter/nfnetlink.h>
MODULE_LICENSE ( " GPL " ) ;
2005-08-09 19:40:55 -07:00
MODULE_AUTHOR ( " Harald Welte <laforge@netfilter.org> " ) ;
MODULE_ALIAS_NET_PF_PROTO ( PF_NETLINK , NETLINK_NETFILTER ) ;
2005-08-09 19:30:24 -07:00
static char __initdata nfversion [ ] = " 0.30 " ;
2007-09-28 14:15:45 -07:00
static const struct nfnetlink_subsystem * subsys_table [ NFNL_SUBSYS_COUNT ] ;
2007-03-14 16:39:25 -07:00
static DEFINE_MUTEX ( nfnl_mutex ) ;
2005-08-09 19:30:24 -07:00
2008-10-14 11:58:31 -07:00
void nfnl_lock ( void )
2005-08-09 19:30:24 -07:00
{
2007-03-14 16:39:25 -07:00
mutex_lock ( & nfnl_mutex ) ;
2005-08-09 19:30:24 -07:00
}
2008-10-14 11:58:31 -07:00
EXPORT_SYMBOL_GPL ( nfnl_lock ) ;
2005-08-09 19:30:24 -07:00
2008-10-14 11:58:31 -07:00
void nfnl_unlock ( void )
2007-03-14 16:39:25 -07:00
{
mutex_unlock ( & nfnl_mutex ) ;
2005-08-09 19:30:24 -07:00
}
2008-10-14 11:58:31 -07:00
EXPORT_SYMBOL_GPL ( nfnl_unlock ) ;
2005-08-09 19:30:24 -07:00
2007-09-28 14:15:45 -07:00
int nfnetlink_subsys_register ( const struct nfnetlink_subsystem * n )
2005-08-09 19:30:24 -07:00
{
nfnl_lock ( ) ;
2005-08-09 19:43:44 -07:00
if ( subsys_table [ n - > subsys_id ] ) {
nfnl_unlock ( ) ;
return - EBUSY ;
}
2005-08-09 19:30:24 -07:00
subsys_table [ n - > subsys_id ] = n ;
nfnl_unlock ( ) ;
return 0 ;
}
2007-03-14 16:42:11 -07:00
EXPORT_SYMBOL_GPL ( nfnetlink_subsys_register ) ;
2005-08-09 19:30:24 -07:00
2007-09-28 14:15:45 -07:00
int nfnetlink_subsys_unregister ( const struct nfnetlink_subsystem * n )
2005-08-09 19:30:24 -07:00
{
nfnl_lock ( ) ;
subsys_table [ n - > subsys_id ] = NULL ;
nfnl_unlock ( ) ;
return 0 ;
}
2007-03-14 16:42:11 -07:00
EXPORT_SYMBOL_GPL ( nfnetlink_subsys_unregister ) ;
2005-08-09 19:30:24 -07:00
2007-09-28 14:15:45 -07:00
static inline const struct nfnetlink_subsystem * nfnetlink_get_subsys ( u_int16_t type )
2005-08-09 19:30:24 -07:00
{
u_int8_t subsys_id = NFNL_SUBSYS_ID ( type ) ;
2007-03-14 16:41:28 -07:00
if ( subsys_id > = NFNL_SUBSYS_COUNT )
2005-08-09 19:30:24 -07:00
return NULL ;
return subsys_table [ subsys_id ] ;
}
2007-09-28 14:15:45 -07:00
static inline const struct nfnl_callback *
nfnetlink_find_client ( u_int16_t type , const struct nfnetlink_subsystem * ss )
2005-08-09 19:30:24 -07:00
{
u_int8_t cb_id = NFNL_MSG_TYPE ( type ) ;
2007-02-12 11:15:49 -08:00
2007-03-14 16:40:38 -07:00
if ( cb_id > = ss - > cb_count )
2005-08-09 19:30:24 -07:00
return NULL ;
return & ss - > cb [ cb_id ] ;
}
2010-01-13 16:02:14 +01:00
int nfnetlink_has_listeners ( struct net * net , unsigned int group )
2006-03-20 18:03:59 -08:00
{
2010-01-13 16:02:14 +01:00
return netlink_has_listeners ( net - > nfnl , group ) ;
2006-03-20 18:03:59 -08:00
}
EXPORT_SYMBOL_GPL ( nfnetlink_has_listeners ) ;
2010-01-13 16:02:14 +01:00
int nfnetlink_send ( struct sk_buff * skb , struct net * net , u32 pid ,
2009-06-03 10:32:06 +02:00
unsigned group , int echo , gfp_t flags )
2005-08-09 19:30:24 -07:00
{
2010-01-13 16:02:14 +01:00
return nlmsg_notify ( net - > nfnl , skb , pid , group , echo , flags ) ;
2005-08-09 19:30:24 -07:00
}
2007-03-14 16:42:11 -07:00
EXPORT_SYMBOL_GPL ( nfnetlink_send ) ;
2005-08-09 19:30:24 -07:00
2010-03-16 13:30:21 +00:00
int nfnetlink_set_err ( struct net * net , u32 pid , u32 group , int error )
2009-03-23 13:21:06 +01:00
{
2010-03-16 13:30:21 +00:00
return netlink_set_err ( net - > nfnl , pid , group , error ) ;
2009-03-23 13:21:06 +01:00
}
EXPORT_SYMBOL_GPL ( nfnetlink_set_err ) ;
2010-01-13 16:02:14 +01:00
int nfnetlink_unicast ( struct sk_buff * skb , struct net * net , u_int32_t pid , int flags )
2005-08-09 19:30:24 -07:00
{
2010-01-13 16:02:14 +01:00
return netlink_unicast ( net - > nfnl , skb , pid , flags ) ;
2005-08-09 19:30:24 -07:00
}
2007-03-14 16:42:11 -07:00
EXPORT_SYMBOL_GPL ( nfnetlink_unicast ) ;
2005-08-09 19:30:24 -07:00
/* Process one complete nfnetlink message. */
2007-03-22 23:30:12 -07:00
static int nfnetlink_rcv_msg ( struct sk_buff * skb , struct nlmsghdr * nlh )
2005-08-09 19:30:24 -07:00
{
2010-01-13 16:02:14 +01:00
struct net * net = sock_net ( skb - > sk ) ;
2007-09-28 14:15:45 -07:00
const struct nfnl_callback * nc ;
const struct nfnetlink_subsystem * ss ;
2007-03-22 23:30:12 -07:00
int type , err ;
2005-08-09 19:30:24 -07:00
2007-03-22 23:30:12 -07:00
if ( security_netlink_recv ( skb , CAP_NET_ADMIN ) )
return - EPERM ;
2005-11-14 15:24:59 -08:00
2005-08-09 19:30:24 -07:00
/* All the messages must at least contain nfgenmsg */
2009-06-02 20:03:33 +02:00
if ( nlh - > nlmsg_len < NLMSG_LENGTH ( sizeof ( struct nfgenmsg ) ) )
2005-08-09 19:30:24 -07:00
return 0 ;
type = nlh - > nlmsg_type ;
2008-10-14 11:58:31 -07:00
replay :
2005-08-09 19:30:24 -07:00
ss = nfnetlink_get_subsys ( type ) ;
2005-08-09 19:43:44 -07:00
if ( ! ss ) {
2008-10-16 15:24:51 -07:00
# ifdef CONFIG_MODULES
2007-10-10 21:13:32 -07:00
nfnl_unlock ( ) ;
2005-11-14 15:24:59 -08:00
request_module ( " nfnetlink-subsys-%d " , NFNL_SUBSYS_ID ( type ) ) ;
2007-03-14 16:39:25 -07:00
nfnl_lock ( ) ;
2005-11-14 15:24:59 -08:00
ss = nfnetlink_get_subsys ( type ) ;
2005-08-09 19:43:44 -07:00
if ( ! ss )
# endif
2007-03-22 23:30:12 -07:00
return - EINVAL ;
2005-08-09 19:43:44 -07:00
}
2005-08-09 19:30:24 -07:00
nc = nfnetlink_find_client ( type , ss ) ;
2007-03-14 16:40:38 -07:00
if ( ! nc )
2007-03-22 23:30:12 -07:00
return - EINVAL ;
2005-08-09 19:30:24 -07:00
{
2007-09-28 14:38:52 -07:00
int min_len = NLMSG_SPACE ( sizeof ( struct nfgenmsg ) ) ;
u_int8_t cb_id = NFNL_MSG_TYPE ( nlh - > nlmsg_type ) ;
2009-06-02 20:03:33 +02:00
struct nlattr * cda [ ss - > cb [ cb_id ] . attr_count + 1 ] ;
struct nlattr * attr = ( void * ) nlh + min_len ;
int attrlen = nlh - > nlmsg_len - min_len ;
err = nla_parse ( cda , ss - > cb [ cb_id ] . attr_count ,
attr , attrlen , ss - > cb [ cb_id ] . policy ) ;
if ( err < 0 )
return err ;
2007-02-12 11:15:49 -08:00
2010-01-13 16:02:14 +01:00
err = nc - > call ( net - > nfnl , skb , nlh , ( const struct nlattr * * ) cda ) ;
2008-10-14 11:58:31 -07:00
if ( err = = - EAGAIN )
goto replay ;
return err ;
2005-08-09 19:30:24 -07:00
}
}
2007-10-10 21:15:29 -07:00
static void nfnetlink_rcv ( struct sk_buff * skb )
2005-08-09 19:30:24 -07:00
{
2007-10-10 21:15:29 -07:00
nfnl_lock ( ) ;
netlink_rcv_skb ( skb , & nfnetlink_rcv_msg ) ;
nfnl_unlock ( ) ;
2005-08-09 19:30:24 -07:00
}
2010-01-13 16:02:14 +01:00
static int __net_init nfnetlink_net_init ( struct net * net )
2005-08-09 19:30:24 -07:00
{
2010-01-13 16:02:14 +01:00
struct sock * nfnl ;
nfnl = netlink_kernel_create ( net , NETLINK_NETFILTER , NFNLGRP_MAX ,
nfnetlink_rcv , NULL , THIS_MODULE ) ;
if ( ! nfnl )
return - ENOMEM ;
net - > nfnl_stash = nfnl ;
rcu_assign_pointer ( net - > nfnl , nfnl ) ;
return 0 ;
2005-08-09 19:30:24 -07:00
}
2010-01-13 16:02:14 +01:00
static void __net_exit nfnetlink_net_exit_batch ( struct list_head * net_exit_list )
2005-08-09 19:30:24 -07:00
{
2010-01-13 16:02:14 +01:00
struct net * net ;
2005-08-09 19:30:24 -07:00
2010-01-13 16:02:14 +01:00
list_for_each_entry ( net , net_exit_list , exit_list )
rcu_assign_pointer ( net - > nfnl , NULL ) ;
synchronize_net ( ) ;
list_for_each_entry ( net , net_exit_list , exit_list )
netlink_kernel_release ( net - > nfnl_stash ) ;
}
2005-08-09 19:30:24 -07:00
2010-01-13 16:02:14 +01:00
static struct pernet_operations nfnetlink_net_ops = {
. init = nfnetlink_net_init ,
. exit_batch = nfnetlink_net_exit_batch ,
} ;
static int __init nfnetlink_init ( void )
{
2010-05-13 15:02:08 +02:00
pr_info ( " Netfilter messages via NETLINK v%s. \n " , nfversion ) ;
2010-01-13 16:02:14 +01:00
return register_pernet_subsys ( & nfnetlink_net_ops ) ;
2005-08-09 19:30:24 -07:00
}
2010-01-13 16:02:14 +01:00
static void __exit nfnetlink_exit ( void )
{
2010-05-13 15:02:08 +02:00
pr_info ( " Removing netfilter NETLINK layer. \n " ) ;
2010-01-13 16:02:14 +01:00
unregister_pernet_subsys ( & nfnetlink_net_ops ) ;
}
2005-08-09 19:30:24 -07:00
module_init ( nfnetlink_init ) ;
module_exit ( nfnetlink_exit ) ;