diff options
author | Patrick McHardy <kaber@trash.net> | 2006-02-27 16:03:24 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-02-27 16:03:24 -0500 |
commit | 7a11b9848ae27e571f219fab5541bd84700f0d68 (patch) | |
tree | cd108f9df88ac218c8d9dab3fbda389df92f8d44 | |
parent | f92f871989c97a24d284ac60b0f880222ddf87ac (diff) |
[NETFILTER]: nf_queue: fix rerouting after packet mangling
Packets should be rerouted when they come back from userspace, not before.
Also move the queue_rerouters to RCU to avoid taking the queue_handler_lock
for each reinjected packet.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/nf_queue.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index 1fc7152fba8f..c61f7237237f 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
@@ -6,6 +6,7 @@ | |||
6 | #include <linux/skbuff.h> | 6 | #include <linux/skbuff.h> |
7 | #include <linux/netfilter.h> | 7 | #include <linux/netfilter.h> |
8 | #include <linux/seq_file.h> | 8 | #include <linux/seq_file.h> |
9 | #include <linux/rcupdate.h> | ||
9 | #include <net/protocol.h> | 10 | #include <net/protocol.h> |
10 | 11 | ||
11 | #include "nf_internals.h" | 12 | #include "nf_internals.h" |
@@ -64,7 +65,7 @@ int nf_register_queue_rerouter(int pf, struct nf_queue_rerouter *rer) | |||
64 | return -EINVAL; | 65 | return -EINVAL; |
65 | 66 | ||
66 | write_lock_bh(&queue_handler_lock); | 67 | write_lock_bh(&queue_handler_lock); |
67 | queue_rerouter[pf] = rer; | 68 | rcu_assign_pointer(queue_rerouter[pf], rer); |
68 | write_unlock_bh(&queue_handler_lock); | 69 | write_unlock_bh(&queue_handler_lock); |
69 | 70 | ||
70 | return 0; | 71 | return 0; |
@@ -77,8 +78,9 @@ int nf_unregister_queue_rerouter(int pf) | |||
77 | return -EINVAL; | 78 | return -EINVAL; |
78 | 79 | ||
79 | write_lock_bh(&queue_handler_lock); | 80 | write_lock_bh(&queue_handler_lock); |
80 | queue_rerouter[pf] = NULL; | 81 | rcu_assign_pointer(queue_rerouter[pf], NULL); |
81 | write_unlock_bh(&queue_handler_lock); | 82 | write_unlock_bh(&queue_handler_lock); |
83 | synchronize_rcu(); | ||
82 | return 0; | 84 | return 0; |
83 | } | 85 | } |
84 | EXPORT_SYMBOL_GPL(nf_unregister_queue_rerouter); | 86 | EXPORT_SYMBOL_GPL(nf_unregister_queue_rerouter); |
@@ -114,6 +116,7 @@ int nf_queue(struct sk_buff **skb, | |||
114 | struct net_device *physindev = NULL; | 116 | struct net_device *physindev = NULL; |
115 | struct net_device *physoutdev = NULL; | 117 | struct net_device *physoutdev = NULL; |
116 | #endif | 118 | #endif |
119 | struct nf_queue_rerouter *rerouter; | ||
117 | 120 | ||
118 | /* QUEUE == DROP if noone is waiting, to be safe. */ | 121 | /* QUEUE == DROP if noone is waiting, to be safe. */ |
119 | read_lock(&queue_handler_lock); | 122 | read_lock(&queue_handler_lock); |
@@ -155,15 +158,13 @@ int nf_queue(struct sk_buff **skb, | |||
155 | if (physoutdev) dev_hold(physoutdev); | 158 | if (physoutdev) dev_hold(physoutdev); |
156 | } | 159 | } |
157 | #endif | 160 | #endif |
158 | if (queue_rerouter[pf]) | 161 | rerouter = rcu_dereference(queue_rerouter[pf]); |
159 | queue_rerouter[pf]->save(*skb, info); | 162 | if (rerouter) |
163 | rerouter->save(*skb, info); | ||
160 | 164 | ||
161 | status = queue_handler[pf]->outfn(*skb, info, queuenum, | 165 | status = queue_handler[pf]->outfn(*skb, info, queuenum, |
162 | queue_handler[pf]->data); | 166 | queue_handler[pf]->data); |
163 | 167 | ||
164 | if (status >= 0 && queue_rerouter[pf]) | ||
165 | status = queue_rerouter[pf]->reroute(skb, info); | ||
166 | |||
167 | read_unlock(&queue_handler_lock); | 168 | read_unlock(&queue_handler_lock); |
168 | 169 | ||
169 | if (status < 0) { | 170 | if (status < 0) { |
@@ -189,6 +190,7 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
189 | { | 190 | { |
190 | struct list_head *elem = &info->elem->list; | 191 | struct list_head *elem = &info->elem->list; |
191 | struct list_head *i; | 192 | struct list_head *i; |
193 | struct nf_queue_rerouter *rerouter; | ||
192 | 194 | ||
193 | rcu_read_lock(); | 195 | rcu_read_lock(); |
194 | 196 | ||
@@ -226,6 +228,12 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
226 | } | 228 | } |
227 | 229 | ||
228 | if (verdict == NF_ACCEPT) { | 230 | if (verdict == NF_ACCEPT) { |
231 | rerouter = rcu_dereference(queue_rerouter[info->pf]); | ||
232 | if (rerouter && rerouter->reroute(&skb, info) < 0) | ||
233 | verdict = NF_DROP; | ||
234 | } | ||
235 | |||
236 | if (verdict == NF_ACCEPT) { | ||
229 | next_hook: | 237 | next_hook: |
230 | verdict = nf_iterate(&nf_hooks[info->pf][info->hook], | 238 | verdict = nf_iterate(&nf_hooks[info->pf][info->hook], |
231 | &skb, info->hook, | 239 | &skb, info->hook, |