2 * This is a module which is used for queueing IPv6 packets and
3 * communicating with userspace via netlink.
5 * (C) 2001 Fernando Anton, this code is GPL.
6 * IPv64 Project - Work based in IPv64 draft by Arturo Azcorra.
7 * Universidad Carlos III de Madrid - Leganes (Madrid) - Spain
8 * Universidad Politecnica de Alcala de Henares - Alcala de H. (Madrid) - Spain
9 * email: fanton@it.uc3m.es
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
15 * 2001-11-06: First try. Working with ip_queue.c for IPv4 and trying
17 * HEAVILY based in ipqueue.c by James Morris. It's just
18 * a little modified version of it, so he's nearly the
20 * Few changes needed, mainly the hard_routing code and
21 * the netlink socket protocol (we're NETLINK_IP6_FW).
22 * 2002-06-25: Code cleanup. [JM: ported cleanup over from ip_queue.c]
24 #include <linux/module.h>
25 #include <linux/skbuff.h>
26 #include <linux/init.h>
27 #include <linux/ipv6.h>
28 #include <linux/notifier.h>
29 #include <linux/netdevice.h>
30 #include <linux/netfilter.h>
31 #include <linux/netlink.h>
32 #include <linux/spinlock.h>
33 #include <linux/sysctl.h>
34 #include <linux/proc_fs.h>
37 #include <net/ip6_route.h>
38 #include <linux/netfilter_ipv4/ip_queue.h>
39 #include <linux/netfilter_ipv4/ip_tables.h>
40 #include <linux/netfilter_ipv6/ip6_tables.h>
42 #define IPQ_QMAX_DEFAULT 1024
43 #define IPQ_PROC_FS_NAME "ip6_queue"
44 #define NET_IPQ_QMAX 2088
45 #define NET_IPQ_QMAX_NAME "ip6_queue_maxlen"
48 struct in6_addr daddr;
49 struct in6_addr saddr;
52 struct ipq_queue_entry {
53 struct list_head list;
56 struct ipq_rt_info rt_info;
59 typedef int (*ipq_cmpfn)(struct ipq_queue_entry *, unsigned long);
61 static unsigned char copy_mode = IPQ_COPY_NONE;
62 static unsigned int queue_maxlen = IPQ_QMAX_DEFAULT;
63 static DEFINE_RWLOCK(queue_lock);
65 static unsigned int copy_range;
66 static unsigned int queue_total;
67 static struct sock *ipqnl;
68 static LIST_HEAD(queue_list);
69 static DECLARE_MUTEX(ipqnl_sem);
72 ipq_issue_verdict(struct ipq_queue_entry *entry, int verdict)
74 nf_reinject(entry->skb, entry->info, verdict);
79 __ipq_enqueue_entry(struct ipq_queue_entry *entry)
81 if (queue_total >= queue_maxlen) {
83 printk(KERN_WARNING "ip6_queue: full at %d entries, "
84 "dropping packet(s).\n", queue_total);
87 list_add(&entry->list, &queue_list);
93 * Find and return a queued entry matched by cmpfn, or return the last
94 * entry if cmpfn is NULL.
96 static inline struct ipq_queue_entry *
97 __ipq_find_entry(ipq_cmpfn cmpfn, unsigned long data)
101 list_for_each_prev(p, &queue_list) {
102 struct ipq_queue_entry *entry = (struct ipq_queue_entry *)p;
104 if (!cmpfn || cmpfn(entry, data))
111 __ipq_dequeue_entry(struct ipq_queue_entry *entry)
113 list_del(&entry->list);
117 static inline struct ipq_queue_entry *
118 __ipq_find_dequeue_entry(ipq_cmpfn cmpfn, unsigned long data)
120 struct ipq_queue_entry *entry;
122 entry = __ipq_find_entry(cmpfn, data);
126 __ipq_dequeue_entry(entry);
132 __ipq_flush(int verdict)
134 struct ipq_queue_entry *entry;
136 while ((entry = __ipq_find_dequeue_entry(NULL, 0)))
137 ipq_issue_verdict(entry, verdict);
141 __ipq_set_mode(unsigned char mode, unsigned int range)
152 case IPQ_COPY_PACKET:
155 if (copy_range > 0xFFFF)
170 net_disable_timestamp();
171 __ipq_set_mode(IPQ_COPY_NONE, 0);
172 __ipq_flush(NF_DROP);
175 static struct ipq_queue_entry *
176 ipq_find_dequeue_entry(ipq_cmpfn cmpfn, unsigned long data)
178 struct ipq_queue_entry *entry;
180 write_lock_bh(&queue_lock);
181 entry = __ipq_find_dequeue_entry(cmpfn, data);
182 write_unlock_bh(&queue_lock);
187 ipq_flush(int verdict)
189 write_lock_bh(&queue_lock);
190 __ipq_flush(verdict);
191 write_unlock_bh(&queue_lock);
194 static struct sk_buff *
195 ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
197 unsigned char *old_tail;
201 struct ipq_packet_msg *pmsg;
202 struct nlmsghdr *nlh;
204 read_lock_bh(&queue_lock);
209 size = NLMSG_SPACE(sizeof(*pmsg));
213 case IPQ_COPY_PACKET:
214 if (copy_range == 0 || copy_range > entry->skb->len)
215 data_len = entry->skb->len;
217 data_len = copy_range;
219 size = NLMSG_SPACE(sizeof(*pmsg) + data_len);
224 read_unlock_bh(&queue_lock);
228 read_unlock_bh(&queue_lock);
230 skb = alloc_skb(size, GFP_ATOMIC);
235 nlh = NLMSG_PUT(skb, 0, 0, IPQM_PACKET, size - sizeof(*nlh));
236 pmsg = NLMSG_DATA(nlh);
237 memset(pmsg, 0, sizeof(*pmsg));
239 pmsg->packet_id = (unsigned long )entry;
240 pmsg->data_len = data_len;
241 pmsg->timestamp_sec = entry->skb->stamp.tv_sec;
242 pmsg->timestamp_usec = entry->skb->stamp.tv_usec;
243 pmsg->mark = entry->skb->nfmark;
244 pmsg->hook = entry->info->hook;
245 pmsg->hw_protocol = entry->skb->protocol;
247 if (entry->info->indev)
248 strcpy(pmsg->indev_name, entry->info->indev->name);
250 pmsg->indev_name[0] = '\0';
252 if (entry->info->outdev)
253 strcpy(pmsg->outdev_name, entry->info->outdev->name);
255 pmsg->outdev_name[0] = '\0';
257 if (entry->info->indev && entry->skb->dev) {
258 pmsg->hw_type = entry->skb->dev->type;
259 if (entry->skb->dev->hard_header_parse)
261 entry->skb->dev->hard_header_parse(entry->skb,
266 if (skb_copy_bits(entry->skb, 0, pmsg->payload, data_len))
269 nlh->nlmsg_len = skb->tail - old_tail;
276 printk(KERN_ERR "ip6_queue: error creating packet message\n");
281 ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info, void *data)
283 int status = -EINVAL;
284 struct sk_buff *nskb;
285 struct ipq_queue_entry *entry;
287 if (copy_mode == IPQ_COPY_NONE)
290 entry = kmalloc(sizeof(*entry), GFP_ATOMIC);
292 printk(KERN_ERR "ip6_queue: OOM in ipq_enqueue_packet()\n");
299 if (entry->info->hook == NF_IP_LOCAL_OUT) {
300 struct ipv6hdr *iph = skb->nh.ipv6h;
302 entry->rt_info.daddr = iph->daddr;
303 entry->rt_info.saddr = iph->saddr;
306 nskb = ipq_build_packet_message(entry, &status);
310 write_lock_bh(&queue_lock);
313 goto err_out_free_nskb;
315 /* netlink_unicast will either free the nskb or attach it to a socket */
316 status = netlink_unicast(ipqnl, nskb, peer_pid, MSG_DONTWAIT);
320 status = __ipq_enqueue_entry(entry);
324 write_unlock_bh(&queue_lock);
331 write_unlock_bh(&queue_lock);
339 ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
342 struct ipv6hdr *user_iph = (struct ipv6hdr *)v->payload;
344 if (v->data_len < sizeof(*user_iph))
346 diff = v->data_len - e->skb->len;
348 skb_trim(e->skb, v->data_len);
350 if (v->data_len > 0xFFFF)
352 if (diff > skb_tailroom(e->skb)) {
353 struct sk_buff *newskb;
355 newskb = skb_copy_expand(e->skb,
356 skb_headroom(e->skb),
359 if (newskb == NULL) {
360 printk(KERN_WARNING "ip6_queue: OOM "
361 "in mangle, dropping packet\n");
365 skb_set_owner_w(newskb, e->skb->sk);
369 skb_put(e->skb, diff);
371 if (!skb_ip_make_writable(&e->skb, v->data_len))
373 memcpy(e->skb->data, v->payload, v->data_len);
374 e->skb->nfcache |= NFC_ALTERED;
377 * Extra routing may needed on local out, as the QUEUE target never
378 * returns control to the table.
379 * Not a nice way to cmp, but works
381 if (e->info->hook == NF_IP_LOCAL_OUT) {
382 struct ipv6hdr *iph = e->skb->nh.ipv6h;
383 if (!ipv6_addr_equal(&iph->daddr, &e->rt_info.daddr) ||
384 !ipv6_addr_equal(&iph->saddr, &e->rt_info.saddr))
385 return ip6_route_me_harder(e->skb);
391 id_cmp(struct ipq_queue_entry *e, unsigned long id)
393 return (id == (unsigned long )e);
397 ipq_set_verdict(struct ipq_verdict_msg *vmsg, unsigned int len)
399 struct ipq_queue_entry *entry;
401 if (vmsg->value > NF_MAX_VERDICT)
404 entry = ipq_find_dequeue_entry(id_cmp, vmsg->id);
408 int verdict = vmsg->value;
410 if (vmsg->data_len && vmsg->data_len == len)
411 if (ipq_mangle_ipv6(vmsg, entry) < 0)
414 ipq_issue_verdict(entry, verdict);
420 ipq_set_mode(unsigned char mode, unsigned int range)
424 write_lock_bh(&queue_lock);
425 status = __ipq_set_mode(mode, range);
426 write_unlock_bh(&queue_lock);
431 ipq_receive_peer(struct ipq_peer_msg *pmsg,
432 unsigned char type, unsigned int len)
436 if (len < sizeof(*pmsg))
441 status = ipq_set_mode(pmsg->msg.mode.value,
442 pmsg->msg.mode.range);
446 if (pmsg->msg.verdict.value > NF_MAX_VERDICT)
449 status = ipq_set_verdict(&pmsg->msg.verdict,
450 len - sizeof(*pmsg));
459 dev_cmp(struct ipq_queue_entry *entry, unsigned long ifindex)
461 if (entry->info->indev)
462 if (entry->info->indev->ifindex == ifindex)
465 if (entry->info->outdev)
466 if (entry->info->outdev->ifindex == ifindex)
473 ipq_dev_drop(int ifindex)
475 struct ipq_queue_entry *entry;
477 while ((entry = ipq_find_dequeue_entry(dev_cmp, ifindex)) != NULL)
478 ipq_issue_verdict(entry, NF_DROP);
481 #define RCV_SKB_FAIL(err) do { netlink_ack(skb, nlh, (err)); return; } while (0)
484 ipq_rcv_skb(struct sk_buff *skb)
486 int status, type, pid, flags, nlmsglen, skblen;
487 struct nlmsghdr *nlh;
490 if (skblen < sizeof(*nlh))
493 nlh = (struct nlmsghdr *)skb->data;
494 nlmsglen = nlh->nlmsg_len;
495 if (nlmsglen < sizeof(*nlh) || skblen < nlmsglen)
498 pid = nlh->nlmsg_pid;
499 flags = nlh->nlmsg_flags;
501 if(pid <= 0 || !(flags & NLM_F_REQUEST) || flags & NLM_F_MULTI)
502 RCV_SKB_FAIL(-EINVAL);
504 if (flags & MSG_TRUNC)
505 RCV_SKB_FAIL(-ECOMM);
507 type = nlh->nlmsg_type;
508 if (type < NLMSG_NOOP || type >= IPQM_MAX)
509 RCV_SKB_FAIL(-EINVAL);
511 if (type <= IPQM_BASE)
514 if (security_netlink_recv(skb))
515 RCV_SKB_FAIL(-EPERM);
517 write_lock_bh(&queue_lock);
520 if (peer_pid != pid) {
521 write_unlock_bh(&queue_lock);
522 RCV_SKB_FAIL(-EBUSY);
525 net_enable_timestamp();
529 write_unlock_bh(&queue_lock);
531 status = ipq_receive_peer(NLMSG_DATA(nlh), type,
532 skblen - NLMSG_LENGTH(0));
534 RCV_SKB_FAIL(status);
536 if (flags & NLM_F_ACK)
537 netlink_ack(skb, nlh, 0);
542 ipq_rcv_sk(struct sock *sk, int len)
547 if (down_trylock(&ipqnl_sem))
550 while ((skb = skb_dequeue(&sk->sk_receive_queue)) != NULL) {
557 } while (ipqnl && ipqnl->sk_receive_queue.qlen);
561 ipq_rcv_dev_event(struct notifier_block *this,
562 unsigned long event, void *ptr)
564 struct net_device *dev = ptr;
566 /* Drop any packets associated with the downed device */
567 if (event == NETDEV_DOWN)
568 ipq_dev_drop(dev->ifindex);
572 static struct notifier_block ipq_dev_notifier = {
573 .notifier_call = ipq_rcv_dev_event,
577 ipq_rcv_nl_event(struct notifier_block *this,
578 unsigned long event, void *ptr)
580 struct netlink_notify *n = ptr;
582 if (event == NETLINK_URELEASE &&
583 n->protocol == NETLINK_IP6_FW && n->pid) {
584 write_lock_bh(&queue_lock);
585 if (n->pid == peer_pid)
587 write_unlock_bh(&queue_lock);
592 static struct notifier_block ipq_nl_notifier = {
593 .notifier_call = ipq_rcv_nl_event,
596 static struct ctl_table_header *ipq_sysctl_header;
598 static ctl_table ipq_table[] = {
600 .ctl_name = NET_IPQ_QMAX,
601 .procname = NET_IPQ_QMAX_NAME,
602 .data = &queue_maxlen,
603 .maxlen = sizeof(queue_maxlen),
605 .proc_handler = proc_dointvec
610 static ctl_table ipq_dir_table[] = {
612 .ctl_name = NET_IPV6,
620 static ctl_table ipq_root_table[] = {
625 .child = ipq_dir_table
631 ipq_get_info(char *buffer, char **start, off_t offset, int length)
635 read_lock_bh(&queue_lock);
637 len = sprintf(buffer,
641 "Queue length : %u\n"
642 "Queue max. length : %u\n",
649 read_unlock_bh(&queue_lock);
651 *start = buffer + offset;
661 init_or_cleanup(int init)
663 int status = -ENOMEM;
664 struct proc_dir_entry *proc;
669 netlink_register_notifier(&ipq_nl_notifier);
670 ipqnl = netlink_kernel_create(NETLINK_IP6_FW, ipq_rcv_sk);
672 printk(KERN_ERR "ip6_queue: failed to create netlink socket\n");
673 goto cleanup_netlink_notifier;
676 proc = proc_net_create(IPQ_PROC_FS_NAME, 0, ipq_get_info);
678 proc->owner = THIS_MODULE;
680 printk(KERN_ERR "ip6_queue: failed to create proc entry\n");
684 register_netdevice_notifier(&ipq_dev_notifier);
685 ipq_sysctl_header = register_sysctl_table(ipq_root_table, 0);
687 status = nf_register_queue_handler(PF_INET6, ipq_enqueue_packet, NULL);
689 printk(KERN_ERR "ip6_queue: failed to register queue handler\n");
695 nf_unregister_queue_handler(PF_INET6);
700 unregister_sysctl_table(ipq_sysctl_header);
701 unregister_netdevice_notifier(&ipq_dev_notifier);
702 proc_net_remove(IPQ_PROC_FS_NAME);
705 sock_release(ipqnl->sk_socket);
709 cleanup_netlink_notifier:
710 netlink_unregister_notifier(&ipq_nl_notifier);
714 static int __init init(void)
717 return init_or_cleanup(1);
720 static void __exit fini(void)
725 MODULE_DESCRIPTION("IPv6 packet queue handler");
726 MODULE_LICENSE("GPL");
git://git.onelab.eu / linux-2.6.git / blob