1 #include <linux/kernel.h>
2 #include <linux/init.h>
3 #include <linux/module.h>
4 #include <linux/skbuff.h>
5 #include <linux/netfilter.h>
6 #include <linux/mutex.h>
7 #include <net/sock.h>
8
9 #include "nf_internals.h"
10
11 /* Sockopts only registered and called from user context, so
12 net locking would be overkill. Also, [gs]etsockopt calls may
13 sleep. */
14 static DEFINE_MUTEX(nf_sockopt_mutex);
15 static LIST_HEAD(nf_sockopts);
16
17 /* Do exclusive ranges overlap? */
overlap(int min1,int max1,int min2,int max2)18 static inline int overlap(int min1, int max1, int min2, int max2)
19 {
20 return max1 > min2 && min1 < max2;
21 }
22
23 /* Functions to register sockopt ranges (exclusive). */
nf_register_sockopt(struct nf_sockopt_ops * reg)24 int nf_register_sockopt(struct nf_sockopt_ops *reg)
25 {
26 struct nf_sockopt_ops *ops;
27 int ret = 0;
28
29 mutex_lock(&nf_sockopt_mutex);
30 list_for_each_entry(ops, &nf_sockopts, list) {
31 if (ops->pf == reg->pf
32 && (overlap(ops->set_optmin, ops->set_optmax,
33 reg->set_optmin, reg->set_optmax)
34 || overlap(ops->get_optmin, ops->get_optmax,
35 reg->get_optmin, reg->get_optmax))) {
36 NFDEBUG("nf_sock overlap: %u-%u/%u-%u v %u-%u/%u-%u\n",
37 ops->set_optmin, ops->set_optmax,
38 ops->get_optmin, ops->get_optmax,
39 reg->set_optmin, reg->set_optmax,
40 reg->get_optmin, reg->get_optmax);
41 ret = -EBUSY;
42 goto out;
43 }
44 }
45
46 list_add(®->list, &nf_sockopts);
47 out:
48 mutex_unlock(&nf_sockopt_mutex);
49 return ret;
50 }
51 EXPORT_SYMBOL(nf_register_sockopt);
52
nf_unregister_sockopt(struct nf_sockopt_ops * reg)53 void nf_unregister_sockopt(struct nf_sockopt_ops *reg)
54 {
55 mutex_lock(&nf_sockopt_mutex);
56 list_del(®->list);
57 mutex_unlock(&nf_sockopt_mutex);
58 }
59 EXPORT_SYMBOL(nf_unregister_sockopt);
60
nf_sockopt_find(struct sock * sk,u_int8_t pf,int val,int get)61 static struct nf_sockopt_ops *nf_sockopt_find(struct sock *sk, u_int8_t pf,
62 int val, int get)
63 {
64 struct nf_sockopt_ops *ops;
65
66 mutex_lock(&nf_sockopt_mutex);
67 list_for_each_entry(ops, &nf_sockopts, list) {
68 if (ops->pf == pf) {
69 if (!try_module_get(ops->owner))
70 goto out_nosup;
71
72 if (get) {
73 if (val >= ops->get_optmin &&
74 val < ops->get_optmax)
75 goto out;
76 } else {
77 if (val >= ops->set_optmin &&
78 val < ops->set_optmax)
79 goto out;
80 }
81 module_put(ops->owner);
82 }
83 }
84 out_nosup:
85 ops = ERR_PTR(-ENOPROTOOPT);
86 out:
87 mutex_unlock(&nf_sockopt_mutex);
88 return ops;
89 }
90
91 /* Call get/setsockopt() */
nf_sockopt(struct sock * sk,u_int8_t pf,int val,char __user * opt,int * len,int get)92 static int nf_sockopt(struct sock *sk, u_int8_t pf, int val,
93 char __user *opt, int *len, int get)
94 {
95 struct nf_sockopt_ops *ops;
96 int ret;
97
98 ops = nf_sockopt_find(sk, pf, val, get);
99 if (IS_ERR(ops))
100 return PTR_ERR(ops);
101
102 if (get)
103 ret = ops->get(sk, val, opt, len);
104 else
105 ret = ops->set(sk, val, opt, *len);
106
107 module_put(ops->owner);
108 return ret;
109 }
110
nf_setsockopt(struct sock * sk,u_int8_t pf,int val,char __user * opt,unsigned int len)111 int nf_setsockopt(struct sock *sk, u_int8_t pf, int val, char __user *opt,
112 unsigned int len)
113 {
114 return nf_sockopt(sk, pf, val, opt, &len, 0);
115 }
116 EXPORT_SYMBOL(nf_setsockopt);
117
nf_getsockopt(struct sock * sk,u_int8_t pf,int val,char __user * opt,int * len)118 int nf_getsockopt(struct sock *sk, u_int8_t pf, int val, char __user *opt,
119 int *len)
120 {
121 return nf_sockopt(sk, pf, val, opt, len, 1);
122 }
123 EXPORT_SYMBOL(nf_getsockopt);
124
125 #ifdef CONFIG_COMPAT
compat_nf_sockopt(struct sock * sk,u_int8_t pf,int val,char __user * opt,int * len,int get)126 static int compat_nf_sockopt(struct sock *sk, u_int8_t pf, int val,
127 char __user *opt, int *len, int get)
128 {
129 struct nf_sockopt_ops *ops;
130 int ret;
131
132 ops = nf_sockopt_find(sk, pf, val, get);
133 if (IS_ERR(ops))
134 return PTR_ERR(ops);
135
136 if (get) {
137 if (ops->compat_get)
138 ret = ops->compat_get(sk, val, opt, len);
139 else
140 ret = ops->get(sk, val, opt, len);
141 } else {
142 if (ops->compat_set)
143 ret = ops->compat_set(sk, val, opt, *len);
144 else
145 ret = ops->set(sk, val, opt, *len);
146 }
147
148 module_put(ops->owner);
149 return ret;
150 }
151
compat_nf_setsockopt(struct sock * sk,u_int8_t pf,int val,char __user * opt,unsigned int len)152 int compat_nf_setsockopt(struct sock *sk, u_int8_t pf,
153 int val, char __user *opt, unsigned int len)
154 {
155 return compat_nf_sockopt(sk, pf, val, opt, &len, 0);
156 }
157 EXPORT_SYMBOL(compat_nf_setsockopt);
158
compat_nf_getsockopt(struct sock * sk,u_int8_t pf,int val,char __user * opt,int * len)159 int compat_nf_getsockopt(struct sock *sk, u_int8_t pf,
160 int val, char __user *opt, int *len)
161 {
162 return compat_nf_sockopt(sk, pf, val, opt, len, 1);
163 }
164 EXPORT_SYMBOL(compat_nf_getsockopt);
165 #endif
166