Skip to content
Navigation Menu
Toggle navigation
Sign in
In this repository
All GitHub Enterprise
↵
Jump to
↵
No suggested jump to results
In this repository
All GitHub Enterprise
↵
Jump to
↵
In this organization
All GitHub Enterprise
↵
Jump to
↵
In this repository
All GitHub Enterprise
↵
Jump to
↵
Sign in
Reseting focus
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
You switched accounts on another tab or window.
Reload
to refresh your session.
Dismiss alert
{{ message }}
mariux64
/
linux
Public
Notifications
You must be signed in to change notification settings
Fork
0
Star
0
Code
Issues
2
Pull requests
0
Actions
Projects
0
Wiki
Security
Insights
Additional navigation options
Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights
Files
af65bdf
Documentation
arch
block
crypto
drivers
fs
include
init
ipc
kernel
lib
mm
net
802
8021q
appletalk
atm
ax25
bluetooth
bridge
core
dccp
decnet
econet
ethernet
ieee80211
ipv4
ipv6
ipx
irda
iucv
key
lapb
llc
netfilter
Kconfig
Makefile
core.c
nf_conntrack_amanda.c
nf_conntrack_core.c
nf_conntrack_ecache.c
nf_conntrack_expect.c
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c
nf_conntrack_irc.c
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c
nf_conntrack_pptp.c
nf_conntrack_proto.c
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c
nf_conntrack_proto_sctp.c
nf_conntrack_proto_tcp.c
nf_conntrack_proto_udp.c
nf_conntrack_sane.c
nf_conntrack_sip.c
nf_conntrack_standalone.c
nf_conntrack_tftp.c
nf_internals.h
nf_log.c
nf_queue.c
nf_sockopt.c
nf_sysctl.c
nfnetlink.c
nfnetlink_log.c
nfnetlink_queue.c
x_tables.c
xt_CLASSIFY.c
xt_CONNMARK.c
xt_CONNSECMARK.c
xt_DSCP.c
xt_MARK.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_NOTRACK.c
xt_SECMARK.c
xt_TCPMSS.c
xt_comment.c
xt_connbytes.c
xt_connmark.c
xt_conntrack.c
xt_dccp.c
xt_dscp.c
xt_esp.c
xt_hashlimit.c
xt_helper.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_realm.c
xt_sctp.c
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
netlabel
netlink
netrom
packet
rose
rxrpc
sched
sctp
sunrpc
tipc
unix
wanrouter
x25
xfrm
Kconfig
Makefile
TUNABLE
compat.c
nonet.c
socket.c
sysctl_net.c
scripts
security
sound
usr
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
MAINTAINERS
Makefile
README
REPORTING-BUGS
Breadcrumbs
linux
/
net
/
netfilter
/
nfnetlink.c
Copy path
Blame
Blame
Latest commit
History
History
278 lines (231 loc) · 6.6 KB
Breadcrumbs
linux
/
net
/
netfilter
/
nfnetlink.c
Top
File metadata and controls
Code
Blame
278 lines (231 loc) · 6.6 KB
Raw
/* Netfilter messages via netlink socket. Allows for user space * protocol helpers and general trouble making from userspace. * * (C) 2001 by Jay Schulist <jschlst@samba.org>, * (C) 2002-2005 by Harald Welte <laforge@gnumonks.org> * (C) 2005,2007 by Pablo Neira Ayuso <pablo@netfilter.org> * * Initial netfilter messages via netlink development funded and * generally made possible by Network Robots, Inc. (www.networkrobots.com) * * Further development of this code funded by Astaro AG (http://www.astaro.com) * * This software may be used and distributed according to the terms * of the GNU General Public License, incorporated herein by reference. */ #include <linux/module.h> #include <linux/types.h> #include <linux/socket.h> #include <linux/kernel.h> #include <linux/major.h> #include <linux/timer.h> #include <linux/string.h> #include <linux/sockios.h> #include <linux/net.h> #include <linux/fcntl.h> #include <linux/skbuff.h> #include <asm/uaccess.h> #include <asm/system.h> #include <net/sock.h> #include <net/netlink.h> #include <linux/init.h> #include <linux/netlink.h> #include <linux/netfilter/nfnetlink.h> MODULE_LICENSE("GPL"); MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NETFILTER); static char __initdata nfversion[] = "0.30"; static struct sock *nfnl = NULL; static struct nfnetlink_subsystem *subsys_table[NFNL_SUBSYS_COUNT]; static DEFINE_MUTEX(nfnl_mutex); static void nfnl_lock(void) { mutex_lock(&nfnl_mutex); } static int nfnl_trylock(void) { return !mutex_trylock(&nfnl_mutex); } static void __nfnl_unlock(void) { mutex_unlock(&nfnl_mutex); } static void nfnl_unlock(void) { mutex_unlock(&nfnl_mutex); if (nfnl->sk_receive_queue.qlen) nfnl->sk_data_ready(nfnl, 0); } int nfnetlink_subsys_register(struct nfnetlink_subsystem *n) { nfnl_lock(); if (subsys_table[n->subsys_id]) { nfnl_unlock(); return -EBUSY; } subsys_table[n->subsys_id] = n; nfnl_unlock(); return 0; } EXPORT_SYMBOL_GPL(nfnetlink_subsys_register); int nfnetlink_subsys_unregister(struct nfnetlink_subsystem *n) { nfnl_lock(); subsys_table[n->subsys_id] = NULL; nfnl_unlock(); return 0; } EXPORT_SYMBOL_GPL(nfnetlink_subsys_unregister); static inline struct nfnetlink_subsystem *nfnetlink_get_subsys(u_int16_t type) { u_int8_t subsys_id = NFNL_SUBSYS_ID(type); if (subsys_id >= NFNL_SUBSYS_COUNT) return NULL; return subsys_table[subsys_id]; } static inline struct nfnl_callback * nfnetlink_find_client(u_int16_t type, struct nfnetlink_subsystem *ss) { u_int8_t cb_id = NFNL_MSG_TYPE(type); if (cb_id >= ss->cb_count) return NULL; return &ss->cb[cb_id]; } void __nfa_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data) { struct nfattr *nfa; int size = NFA_LENGTH(attrlen); nfa = (struct nfattr *)skb_put(skb, NFA_ALIGN(size)); nfa->nfa_type = attrtype; nfa->nfa_len = size; memcpy(NFA_DATA(nfa), data, attrlen); memset(NFA_DATA(nfa) + attrlen, 0, NFA_ALIGN(size) - size); } EXPORT_SYMBOL_GPL(__nfa_fill); void nfattr_parse(struct nfattr *tb[], int maxattr, struct nfattr *nfa, int len) { memset(tb, 0, sizeof(struct nfattr *) * maxattr); while (NFA_OK(nfa, len)) { unsigned flavor = NFA_TYPE(nfa); if (flavor && flavor <= maxattr) tb[flavor-1] = nfa; nfa = NFA_NEXT(nfa, len); } } EXPORT_SYMBOL_GPL(nfattr_parse); /** * nfnetlink_check_attributes - check and parse nfnetlink attributes * * subsys: nfnl subsystem for which this message is to be parsed * nlmsghdr: netlink message to be checked/parsed * cda: array of pointers, needs to be at least subsys->attr_count big * */ static int nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys, struct nlmsghdr *nlh, struct nfattr *cda[]) { int min_len = NLMSG_SPACE(sizeof(struct nfgenmsg)); u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type); u_int16_t attr_count = subsys->cb[cb_id].attr_count; /* check attribute lengths. */ if (likely(nlh->nlmsg_len > min_len)) { struct nfattr *attr = NFM_NFA(NLMSG_DATA(nlh)); int attrlen = nlh->nlmsg_len - NLMSG_ALIGN(min_len); nfattr_parse(cda, attr_count, attr, attrlen); } /* implicit: if nlmsg_len == min_len, we return 0, and an empty * (zeroed) cda[] array. The message is valid, but empty. */ return 0; } int nfnetlink_has_listeners(unsigned int group) { return netlink_has_listeners(nfnl, group); } EXPORT_SYMBOL_GPL(nfnetlink_has_listeners); int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, int echo) { int err = 0; NETLINK_CB(skb).dst_group = group; if (echo) atomic_inc(&skb->users); netlink_broadcast(nfnl, skb, pid, group, gfp_any()); if (echo) err = netlink_unicast(nfnl, skb, pid, MSG_DONTWAIT); return err; } EXPORT_SYMBOL_GPL(nfnetlink_send); int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags) { return netlink_unicast(nfnl, skb, pid, flags); } EXPORT_SYMBOL_GPL(nfnetlink_unicast); /* Process one complete nfnetlink message. */ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) { struct nfnl_callback *nc; struct nfnetlink_subsystem *ss; int type, err; if (security_netlink_recv(skb, CAP_NET_ADMIN)) return -EPERM; /* All the messages must at least contain nfgenmsg */ if (nlh->nlmsg_len < NLMSG_SPACE(sizeof(struct nfgenmsg))) return 0; type = nlh->nlmsg_type; ss = nfnetlink_get_subsys(type); if (!ss) { #ifdef CONFIG_KMOD /* don't call nfnl_unlock, since it would reenter * with further packet processing */ __nfnl_unlock(); request_module("nfnetlink-subsys-%d", NFNL_SUBSYS_ID(type)); nfnl_lock(); ss = nfnetlink_get_subsys(type); if (!ss) #endif return -EINVAL; } nc = nfnetlink_find_client(type, ss); if (!nc) return -EINVAL; { u_int16_t attr_count = ss->cb[NFNL_MSG_TYPE(nlh->nlmsg_type)].attr_count; struct nfattr *cda[attr_count]; memset(cda, 0, sizeof(struct nfattr *) * attr_count); err = nfnetlink_check_attributes(ss, nlh, cda); if (err < 0) return err; return nc->call(nfnl, skb, nlh, cda); } } static void nfnetlink_rcv(struct sock *sk, int len) { unsigned int qlen = 0; do { if (nfnl_trylock()) return; netlink_run_queue(sk, &qlen, nfnetlink_rcv_msg); __nfnl_unlock(); } while (qlen); } static void __exit nfnetlink_exit(void) { printk("Removing netfilter NETLINK layer.\n"); sock_release(nfnl->sk_socket); return; } static int __init nfnetlink_init(void) { printk("Netfilter messages via NETLINK v%s.\n", nfversion); nfnl = netlink_kernel_create(NETLINK_NETFILTER, NFNLGRP_MAX, nfnetlink_rcv, NULL, THIS_MODULE); if (!nfnl) { printk(KERN_ERR "cannot initialize nfnetlink!\n"); return -1; } return 0; } module_init(nfnetlink_init); module_exit(nfnetlink_exit);
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
You can’t perform that action at this time.