cregit-Linux how code gets into the kernel

Release 4.11 net/netfilter/nft_exthdr.c

Directory: net/netfilter
/*
 * Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * Development of this code funded by Astaro AG (http://www.astaro.com/)
 */

#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/netlink.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nf_tables.h>
#include <net/netfilter/nf_tables.h>
#include <net/tcp.h>


struct nft_exthdr {
	
u8			type;
	
u8			offset;
	
u8			len;
	
u8			op;
	
enum nft_registers	dreg:8;
	
u8			flags;
};


static unsigned int optlen(const u8 *opt, unsigned int offset) { /* Beware zero-length options: make finite progress */ if (opt[offset] <= TCPOPT_NOP || opt[offset + 1] == 0) return 1; else return opt[offset + 1]; }

Contributors

PersonTokensPropCommitsCommitProp
Manuel Messner47100.00%1100.00%
Total47100.00%1100.00%


static void nft_exthdr_ipv6_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) { struct nft_exthdr *priv = nft_expr_priv(expr); u32 *dest = &regs->data[priv->dreg]; unsigned int offset = 0; int err; err = ipv6_find_hdr(pkt->skb, &offset, priv->type, NULL, NULL); if (priv->flags & NFT_EXTHDR_F_PRESENT) { *dest = (err >= 0); return; } else if (err < 0) { goto err; } offset += priv->offset; dest[priv->len / NFT_REG32_SIZE] = 0; if (skb_copy_bits(pkt->skb, offset, dest, priv->len) < 0) goto err; return; err: regs->verdict.code = NFT_BREAK; }

Contributors

PersonTokensPropCommitsCommitProp
Patrick McHardy13283.54%457.14%
Phil Sutter2314.56%114.29%
Daniel Borkmann21.27%114.29%
Manuel Messner10.63%114.29%
Total158100.00%7100.00%


static void nft_exthdr_tcp_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) { u8 buff[sizeof(struct tcphdr) + MAX_TCP_OPTION_SPACE]; struct nft_exthdr *priv = nft_expr_priv(expr); unsigned int i, optl, tcphdr_len, offset; u32 *dest = &regs->data[priv->dreg]; struct tcphdr *tcph; u8 *opt; if (!pkt->tprot_set || pkt->tprot != IPPROTO_TCP) goto err; tcph = skb_header_pointer(pkt->skb, pkt->xt.thoff, sizeof(*tcph), buff); if (!tcph) goto err; tcphdr_len = __tcp_hdrlen(tcph); if (tcphdr_len < sizeof(*tcph)) goto err; tcph = skb_header_pointer(pkt->skb, pkt->xt.thoff, tcphdr_len, buff); if (!tcph) goto err; opt = (u8 *)tcph; for (i = sizeof(*tcph); i < tcphdr_len - 1; i += optl) { optl = optlen(opt, i); if (priv->type != opt[i]) continue; if (i + optl > tcphdr_len || priv->len + priv->offset > optl) goto err; offset = i + priv->offset; dest[priv->len / NFT_REG32_SIZE] = 0; memcpy(dest, opt + offset, priv->len); return; } err: regs->verdict.code = NFT_BREAK; }

Contributors

PersonTokensPropCommitsCommitProp
Manuel Messner287100.00%1100.00%
Total287100.00%1100.00%

static const struct nla_policy nft_exthdr_policy[NFTA_EXTHDR_MAX + 1] = { [NFTA_EXTHDR_DREG] = { .type = NLA_U32 }, [NFTA_EXTHDR_TYPE] = { .type = NLA_U8 }, [NFTA_EXTHDR_OFFSET] = { .type = NLA_U32 }, [NFTA_EXTHDR_LEN] = { .type = NLA_U32 }, [NFTA_EXTHDR_FLAGS] = { .type = NLA_U32 }, };
static int nft_exthdr_init(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nlattr * const tb[]) { struct nft_exthdr *priv = nft_expr_priv(expr); u32 offset, len, flags = 0, op = NFT_EXTHDR_OP_IPV6; int err; if (!tb[NFTA_EXTHDR_DREG] || !tb[NFTA_EXTHDR_TYPE] || !tb[NFTA_EXTHDR_OFFSET] || !tb[NFTA_EXTHDR_LEN]) return -EINVAL; err = nft_parse_u32_check(tb[NFTA_EXTHDR_OFFSET], U8_MAX, &offset); if (err < 0) return err; err = nft_parse_u32_check(tb[NFTA_EXTHDR_LEN], U8_MAX, &len); if (err < 0) return err; if (tb[NFTA_EXTHDR_FLAGS]) { err = nft_parse_u32_check(tb[NFTA_EXTHDR_FLAGS], U8_MAX, &flags); if (err < 0) return err; if (flags & ~NFT_EXTHDR_F_PRESENT) return -EINVAL; } if (tb[NFTA_EXTHDR_OP]) { err = nft_parse_u32_check(tb[NFTA_EXTHDR_OP], U8_MAX, &op); if (err < 0) return err; } priv->type = nla_get_u8(tb[NFTA_EXTHDR_TYPE]); priv->offset = offset; priv->len = len; priv->dreg = nft_parse_register(tb[NFTA_EXTHDR_DREG]); priv->flags = flags; priv->op = op; return nft_validate_register_store(ctx, priv->dreg, NULL, NFT_DATA_VALUE, priv->len); }

Contributors

PersonTokensPropCommitsCommitProp
Patrick McHardy11441.76%444.44%
Laura Garcia Liebana5620.51%222.22%
Phil Sutter5419.78%111.11%
Manuel Messner4717.22%111.11%
Dan Carpenter20.73%111.11%
Total273100.00%9100.00%


static int nft_exthdr_dump(struct sk_buff *skb, const struct nft_expr *expr) { const struct nft_exthdr *priv = nft_expr_priv(expr); if (nft_dump_register(skb, NFTA_EXTHDR_DREG, priv->dreg)) goto nla_put_failure; if (nla_put_u8(skb, NFTA_EXTHDR_TYPE, priv->type)) goto nla_put_failure; if (nla_put_be32(skb, NFTA_EXTHDR_OFFSET, htonl(priv->offset))) goto nla_put_failure; if (nla_put_be32(skb, NFTA_EXTHDR_LEN, htonl(priv->len))) goto nla_put_failure; if (nla_put_be32(skb, NFTA_EXTHDR_FLAGS, htonl(priv->flags))) goto nla_put_failure; if (nla_put_be32(skb, NFTA_EXTHDR_OP, htonl(priv->op))) goto nla_put_failure; return 0; nla_put_failure: return -1; }

Contributors

PersonTokensPropCommitsCommitProp
Patrick McHardy10773.79%250.00%
Phil Sutter1913.10%125.00%
Manuel Messner1913.10%125.00%
Total145100.00%4100.00%

static struct nft_expr_type nft_exthdr_type; static const struct nft_expr_ops nft_exthdr_ipv6_ops = { .type = &nft_exthdr_type, .size = NFT_EXPR_SIZE(sizeof(struct nft_exthdr)), .eval = nft_exthdr_ipv6_eval, .init = nft_exthdr_init, .dump = nft_exthdr_dump, }; static const struct nft_expr_ops nft_exthdr_tcp_ops = { .type = &nft_exthdr_type, .size = NFT_EXPR_SIZE(sizeof(struct nft_exthdr)), .eval = nft_exthdr_tcp_eval, .init = nft_exthdr_init, .dump = nft_exthdr_dump, };
static const struct nft_expr_ops * nft_exthdr_select_ops(const struct nft_ctx *ctx, const struct nlattr * const tb[]) { u32 op; if (!tb[NFTA_EXTHDR_OP]) return &nft_exthdr_ipv6_ops; op = ntohl(nla_get_u32(tb[NFTA_EXTHDR_OP])); switch (op) { case NFT_EXTHDR_OP_TCPOPT: return &nft_exthdr_tcp_ops; case NFT_EXTHDR_OP_IPV6: return &nft_exthdr_ipv6_ops; } return ERR_PTR(-EOPNOTSUPP); }

Contributors

PersonTokensPropCommitsCommitProp
Manuel Messner78100.00%1100.00%
Total78100.00%1100.00%

static struct nft_expr_type nft_exthdr_type __read_mostly = { .name = "exthdr", .select_ops = &nft_exthdr_select_ops, .policy = nft_exthdr_policy, .maxattr = NFTA_EXTHDR_MAX, .owner = THIS_MODULE, };
static int __init nft_exthdr_module_init(void) { return nft_register_expr(&nft_exthdr_type); }

Contributors

PersonTokensPropCommitsCommitProp
Patrick McHardy16100.00%2100.00%
Total16100.00%2100.00%


static void __exit nft_exthdr_module_exit(void) { nft_unregister_expr(&nft_exthdr_type); }

Contributors

PersonTokensPropCommitsCommitProp
Patrick McHardy15100.00%2100.00%
Total15100.00%2100.00%

module_init(nft_exthdr_module_init); module_exit(nft_exthdr_module_exit); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); MODULE_ALIAS_NFT_EXPR("exthdr");

Overall Contributors

PersonTokensPropCommitsCommitProp
Patrick McHardy58645.64%857.14%
Manuel Messner52841.12%17.14%
Phil Sutter1108.57%17.14%
Laura Garcia Liebana564.36%214.29%
Daniel Borkmann20.16%17.14%
Dan Carpenter20.16%17.14%
Total1284100.00%14100.00%
Directory: net/netfilter
Information contained on this website is for historical information purposes only and does not indicate or represent copyright ownership.
Created with cregit.