diff options
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/nfnetlink.c | 42 |
1 files changed, 6 insertions, 36 deletions
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index 5be6ac478fd..c8b4f0d29df 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c | |||
@@ -3,7 +3,7 @@ | |||
3 | * | 3 | * |
4 | * (C) 2001 by Jay Schulist <jschlst@samba.org>, | 4 | * (C) 2001 by Jay Schulist <jschlst@samba.org>, |
5 | * (C) 2002-2005 by Harald Welte <laforge@gnumonks.org> | 5 | * (C) 2002-2005 by Harald Welte <laforge@gnumonks.org> |
6 | * (C) 2005 by Pablo Neira Ayuso <pablo@eurodev.net> | 6 | * (C) 2005,2007 by Pablo Neira Ayuso <pablo@netfilter.org> |
7 | * | 7 | * |
8 | * Initial netfilter messages via netlink development funded and | 8 | * Initial netfilter messages via netlink development funded and |
9 | * generally made possible by Network Robots, Inc. (www.networkrobots.com) | 9 | * generally made possible by Network Robots, Inc. (www.networkrobots.com) |
@@ -42,14 +42,6 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NETFILTER); | |||
42 | 42 | ||
43 | static char __initdata nfversion[] = "0.30"; | 43 | static char __initdata nfversion[] = "0.30"; |
44 | 44 | ||
45 | #if 0 | ||
46 | #define DEBUGP(format, args...) \ | ||
47 | printk(KERN_DEBUG "%s(%d):%s(): " format, __FILE__, \ | ||
48 | __LINE__, __FUNCTION__, ## args) | ||
49 | #else | ||
50 | #define DEBUGP(format, args...) | ||
51 | #endif | ||
52 | |||
53 | static struct sock *nfnl = NULL; | 45 | static struct sock *nfnl = NULL; |
54 | static struct nfnetlink_subsystem *subsys_table[NFNL_SUBSYS_COUNT]; | 46 | static struct nfnetlink_subsystem *subsys_table[NFNL_SUBSYS_COUNT]; |
55 | static DEFINE_MUTEX(nfnl_mutex); | 47 | static DEFINE_MUTEX(nfnl_mutex); |
@@ -78,8 +70,6 @@ static void nfnl_unlock(void) | |||
78 | 70 | ||
79 | int nfnetlink_subsys_register(struct nfnetlink_subsystem *n) | 71 | int nfnetlink_subsys_register(struct nfnetlink_subsystem *n) |
80 | { | 72 | { |
81 | DEBUGP("registering subsystem ID %u\n", n->subsys_id); | ||
82 | |||
83 | nfnl_lock(); | 73 | nfnl_lock(); |
84 | if (subsys_table[n->subsys_id]) { | 74 | if (subsys_table[n->subsys_id]) { |
85 | nfnl_unlock(); | 75 | nfnl_unlock(); |
@@ -93,8 +83,6 @@ int nfnetlink_subsys_register(struct nfnetlink_subsystem *n) | |||
93 | 83 | ||
94 | int nfnetlink_subsys_unregister(struct nfnetlink_subsystem *n) | 84 | int nfnetlink_subsys_unregister(struct nfnetlink_subsystem *n) |
95 | { | 85 | { |
96 | DEBUGP("unregistering subsystem ID %u\n", n->subsys_id); | ||
97 | |||
98 | nfnl_lock(); | 86 | nfnl_lock(); |
99 | subsys_table[n->subsys_id] = NULL; | 87 | subsys_table[n->subsys_id] = NULL; |
100 | nfnl_unlock(); | 88 | nfnl_unlock(); |
@@ -118,10 +106,8 @@ nfnetlink_find_client(u_int16_t type, struct nfnetlink_subsystem *ss) | |||
118 | { | 106 | { |
119 | u_int8_t cb_id = NFNL_MSG_TYPE(type); | 107 | u_int8_t cb_id = NFNL_MSG_TYPE(type); |
120 | 108 | ||
121 | if (cb_id >= ss->cb_count) { | 109 | if (cb_id >= ss->cb_count) |
122 | DEBUGP("msgtype %u >= %u, returning\n", type, ss->cb_count); | ||
123 | return NULL; | 110 | return NULL; |
124 | } | ||
125 | 111 | ||
126 | return &ss->cb[cb_id]; | 112 | return &ss->cb[cb_id]; |
127 | } | 113 | } |
@@ -167,11 +153,8 @@ nfnetlink_check_attributes(struct nfnetlink_subsystem *subsys, | |||
167 | u_int16_t attr_count; | 153 | u_int16_t attr_count; |
168 | u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type); | 154 | u_int8_t cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type); |
169 | 155 | ||
170 | if (unlikely(cb_id >= subsys->cb_count)) { | 156 | if (unlikely(cb_id >= subsys->cb_count)) |
171 | DEBUGP("msgtype %u >= %u, returning\n", | ||
172 | cb_id, subsys->cb_count); | ||
173 | return -EINVAL; | 157 | return -EINVAL; |
174 | } | ||
175 | 158 | ||
176 | min_len = NLMSG_SPACE(sizeof(struct nfgenmsg)); | 159 | min_len = NLMSG_SPACE(sizeof(struct nfgenmsg)); |
177 | if (unlikely(nlh->nlmsg_len < min_len)) | 160 | if (unlikely(nlh->nlmsg_len < min_len)) |
@@ -235,27 +218,18 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, | |||
235 | struct nfnetlink_subsystem *ss; | 218 | struct nfnetlink_subsystem *ss; |
236 | int type, err = 0; | 219 | int type, err = 0; |
237 | 220 | ||
238 | DEBUGP("entered; subsys=%u, msgtype=%u\n", | ||
239 | NFNL_SUBSYS_ID(nlh->nlmsg_type), | ||
240 | NFNL_MSG_TYPE(nlh->nlmsg_type)); | ||
241 | |||
242 | if (security_netlink_recv(skb, CAP_NET_ADMIN)) { | 221 | if (security_netlink_recv(skb, CAP_NET_ADMIN)) { |
243 | DEBUGP("missing CAP_NET_ADMIN\n"); | ||
244 | *errp = -EPERM; | 222 | *errp = -EPERM; |
245 | return -1; | 223 | return -1; |
246 | } | 224 | } |
247 | 225 | ||
248 | /* Only requests are handled by kernel now. */ | 226 | /* Only requests are handled by kernel now. */ |
249 | if (!(nlh->nlmsg_flags & NLM_F_REQUEST)) { | 227 | if (!(nlh->nlmsg_flags & NLM_F_REQUEST)) |
250 | DEBUGP("received non-request message\n"); | ||
251 | return 0; | 228 | return 0; |
252 | } | ||
253 | 229 | ||
254 | /* All the messages must at least contain nfgenmsg */ | 230 | /* All the messages must at least contain nfgenmsg */ |
255 | if (nlh->nlmsg_len < NLMSG_SPACE(sizeof(struct nfgenmsg))) { | 231 | if (nlh->nlmsg_len < NLMSG_SPACE(sizeof(struct nfgenmsg))) |
256 | DEBUGP("received message was too short\n"); | ||
257 | return 0; | 232 | return 0; |
258 | } | ||
259 | 233 | ||
260 | type = nlh->nlmsg_type; | 234 | type = nlh->nlmsg_type; |
261 | ss = nfnetlink_get_subsys(type); | 235 | ss = nfnetlink_get_subsys(type); |
@@ -273,10 +247,8 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, | |||
273 | } | 247 | } |
274 | 248 | ||
275 | nc = nfnetlink_find_client(type, ss); | 249 | nc = nfnetlink_find_client(type, ss); |
276 | if (!nc) { | 250 | if (!nc) |
277 | DEBUGP("unable to find client for type %d\n", type); | ||
278 | goto err_inval; | 251 | goto err_inval; |
279 | } | ||
280 | 252 | ||
281 | { | 253 | { |
282 | u_int16_t attr_count = | 254 | u_int16_t attr_count = |
@@ -289,14 +261,12 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, | |||
289 | if (err < 0) | 261 | if (err < 0) |
290 | goto err_inval; | 262 | goto err_inval; |
291 | 263 | ||
292 | DEBUGP("calling handler\n"); | ||
293 | err = nc->call(nfnl, skb, nlh, cda, errp); | 264 | err = nc->call(nfnl, skb, nlh, cda, errp); |
294 | *errp = err; | 265 | *errp = err; |
295 | return err; | 266 | return err; |
296 | } | 267 | } |
297 | 268 | ||
298 | err_inval: | 269 | err_inval: |
299 | DEBUGP("returning -EINVAL\n"); | ||
300 | *errp = -EINVAL; | 270 | *errp = -EINVAL; |
301 | return -1; | 271 | return -1; |
302 | } | 272 | } |