aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
diff options
context:
space:
mode:
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/nfnetlink.c42
1 files changed, 6 insertions, 36 deletions
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 5be6ac478fd..c8b4f0d29df 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -3,7 +3,7 @@
3 * 3 *
4 * (C) 2001 by Jay Schulist <jschlst@samba.org>, 4 * (C) 2001 by Jay Schulist <jschlst@samba.org>,
5 * (C) 2002-2005 by Harald Welte <laforge@gnumonks.org> 5 * (C) 2002-2005 by Harald Welte <laforge@gnumonks.org>
6 * (C) 2005 by Pablo Neira Ayuso <pablo@eurodev.net> 6 * (C) 2005,2007 by Pablo Neira Ayuso <pablo@netfilter.org>
7 * 7 *
8 * Initial netfilter messages via netlink development funded and 8 * Initial netfilter messages via netlink development funded and
9 * generally made possible by Network Robots, Inc. (www.networkrobots.com) 9 * generally made possible by Network Robots, Inc. (www.networkrobots.com)
@@ -42,14 +42,6 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NETFILTER);
42 42
43static char __initdata nfversion[] = "0.30"; 43static char __initdata nfversion[] = "0.30";
44 44
45#if 0
46#define DEBUGP(format, args...) \
47 printk(KERN_DEBUG "%s(%d):%s(): " format, __FILE__, \
48 __LINE__, __FUNCTION__, ## args)
49#else
50#define DEBUGP(format, args...)
51#endif
52
53static struct sock *nfnl = NULL; 45static struct sock *nfnl = NULL;
54static struct nfnetlink_subsystem *subsys_table[NFNL_SUBSYS_COUNT]; 46static struct nfnetlink_subsystem *subsys_table[NFNL_SUBSYS_COUNT];
55static DEFINE_MUTEX(nfnl_mutex); 47static DEFINE_MUTEX(nfnl_mutex);
@@ -78,8 +70,6 @@ static void nfnl_unlock(void)
78 70
79int nfnetlink_subsys_register(struct nfnetlink_subsystem *n) 71int nfnetlink_subsys_register(struct nfnetlink_subsystem *n)
80{ 72{
81 DEBUGP("registering subsystem ID %u\n", n->subsys_id);
82
83 nfnl_lock(); 73 nfnl_lock();
84 if (subsys_table[n->subsys_id]) { 74 if (subsys_table[n->subsys_id]) {
85 nfnl_unlock(); 75 nfnl_unlock();
@@ -93,8 +83,6 @@ int nfnetlink_subsys_register(struct nfnetlink_subsystem *n)
93 83
94int nfnetlink_subsys_unregister(struct nfnetlink_subsystem *n) 84int nfnetlink_subsys_unregister(struct nfnetlink_subsystem *n)
95{ 85{
96 DEBUGP("unregistering subsystem ID %u\n", n->subsys_id);
97
98 nfnl_lock(); 86 nfnl_lock();
99 subsys_table[n->subsys_id] = NULL; 87 subsys_table[n->subsys_id] = NULL;
100 nfnl_unlock(); 88 nfnl_unlock();
@@ -118,10 +106,8 @@ nfnetlink_find_client(u_int16_t type, struct nfnetlink_subsystem *ss)
118{ 106{
119 u_int8_t cb_id = NFNL_MSG_TYPE(type); 107 u_int8_t cb_id = NFNL_MSG_TYPE(type);
120 108
121 if (cb_id >= ss->cb_count) { 109 if (cb_id >= ss->cb_count)
122 DEBUGP("msgtype %u >= %u, returning\n", type, ss->cb_count);
123 return NULL; 110 return NULL;
124 }
125 111
126 return &ss->cb[cb_id]; 112 return &ss->cb[cb_id];
127} 113}
@@ -167,11 +153,8 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys,
167 u_int16_t attr_count; 153 u_int16_t attr_count;
168 u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type); 154 u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type);
169 155
170 if (unlikely(cb_id >= subsys->cb_count)) { 156 if (unlikely(cb_id >= subsys->cb_count))
171 DEBUGP("msgtype %u >= %u, returning\n",
172 cb_id, subsys->cb_count);
173 return -EINVAL; 157 return -EINVAL;
174 }
175 158
176 min_len = NLMSG_SPACE(sizeof(struct nfgenmsg)); 159 min_len = NLMSG_SPACE(sizeof(struct nfgenmsg));
177 if (unlikely(nlh->nlmsg_len < min_len)) 160 if (unlikely(nlh->nlmsg_len < min_len))
@@ -235,27 +218,18 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb,
235 struct nfnetlink_subsystem *ss; 218 struct nfnetlink_subsystem *ss;
236 int type, err = 0; 219 int type, err = 0;
237 220
238 DEBUGP("entered; subsys=%u, msgtype=%u\n",
239 NFNL_SUBSYS_ID(nlh->nlmsg_type),
240 NFNL_MSG_TYPE(nlh->nlmsg_type));
241
242 if (security_netlink_recv(skb, CAP_NET_ADMIN)) { 221 if (security_netlink_recv(skb, CAP_NET_ADMIN)) {
243 DEBUGP("missing CAP_NET_ADMIN\n");
244 *errp = -EPERM; 222 *errp = -EPERM;
245 return -1; 223 return -1;
246 } 224 }
247 225
248 /* Only requests are handled by kernel now. */ 226 /* Only requests are handled by kernel now. */
249 if (!(nlh->nlmsg_flags & NLM_F_REQUEST)) { 227 if (!(nlh->nlmsg_flags & NLM_F_REQUEST))
250 DEBUGP("received non-request message\n");
251 return 0; 228 return 0;
252 }
253 229
254 /* All the messages must at least contain nfgenmsg */ 230 /* All the messages must at least contain nfgenmsg */
255 if (nlh->nlmsg_len < NLMSG_SPACE(sizeof(struct nfgenmsg))) { 231 if (nlh->nlmsg_len < NLMSG_SPACE(sizeof(struct nfgenmsg)))
256 DEBUGP("received message was too short\n");
257 return 0; 232 return 0;
258 }
259 233
260 type = nlh->nlmsg_type; 234 type = nlh->nlmsg_type;
261 ss = nfnetlink_get_subsys(type); 235 ss = nfnetlink_get_subsys(type);
@@ -273,10 +247,8 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb,
273 } 247 }
274 248
275 nc = nfnetlink_find_client(type, ss); 249 nc = nfnetlink_find_client(type, ss);
276 if (!nc) { 250 if (!nc)
277 DEBUGP("unable to find client for type %d\n", type);
278 goto err_inval; 251 goto err_inval;
279 }
280 252
281 { 253 {
282 u_int16_t attr_count = 254 u_int16_t attr_count =
@@ -289,14 +261,12 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb,
289 if (err < 0) 261 if (err < 0)
290 goto err_inval; 262 goto err_inval;
291 263
292 DEBUGP("calling handler\n");
293 err = nc->call(nfnl, skb, nlh, cda, errp); 264 err = nc->call(nfnl, skb, nlh, cda, errp);
294 *errp = err; 265 *errp = err;
295 return err; 266 return err;
296 } 267 }
297 268
298err_inval: 269err_inval:
299 DEBUGP("returning -EINVAL\n");
300 *errp = -EINVAL; 270 *errp = -EINVAL;
301 return -1; 271 return -1;
302} 272}