[linux.git] / net / netfilter / nf_sockopt.c

#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/netfilter.h>
#include <linux/mutex.h>
#include <net/sock.h>

#include "nf_internals.h"

/* Sockopts only registered and called from user context, so
   net locking would be overkill.  Also, [gs]etsockopt calls may
   sleep. */
static DEFINE_MUTEX(nf_sockopt_mutex);
static LIST_HEAD(nf_sockopts);

/* Do exclusive ranges overlap? */
static inline int overlap(int min1, int max1, int min2, int max2)
{
	return max1 > min2 && min1 < max2;
}

/* Functions to register sockopt ranges (exclusive). */
int nf_register_sockopt(struct nf_sockopt_ops *reg)
{
	struct nf_sockopt_ops *ops;
	int ret = 0;

	mutex_lock(&nf_sockopt_mutex);
	list_for_each_entry(ops, &nf_sockopts, list) {
		if (ops->pf == reg->pf
		    && (overlap(ops->set_optmin, ops->set_optmax,
				reg->set_optmin, reg->set_optmax)
			|| overlap(ops->get_optmin, ops->get_optmax,
				   reg->get_optmin, reg->get_optmax))) {
			NFDEBUG("nf_sock overlap: %u-%u/%u-%u v %u-%u/%u-%u\n",
				ops->set_optmin, ops->set_optmax,
				ops->get_optmin, ops->get_optmax,
				reg->set_optmin, reg->set_optmax,
				reg->get_optmin, reg->get_optmax);
			ret = -EBUSY;
			goto out;
		}
	}

	list_add(&reg->list, &nf_sockopts);
out:
	mutex_unlock(&nf_sockopt_mutex);
	return ret;
}
EXPORT_SYMBOL(nf_register_sockopt);

void nf_unregister_sockopt(struct nf_sockopt_ops *reg)
{
	mutex_lock(&nf_sockopt_mutex);
	list_del(&reg->list);
	mutex_unlock(&nf_sockopt_mutex);
}
EXPORT_SYMBOL(nf_unregister_sockopt);

static struct nf_sockopt_ops *nf_sockopt_find(struct sock *sk, u_int8_t pf,
		int val, int get)
{
	struct nf_sockopt_ops *ops;

	mutex_lock(&nf_sockopt_mutex);
	list_for_each_entry(ops, &nf_sockopts, list) {
		if (ops->pf == pf) {
			if (!try_module_get(ops->owner))
				goto out_nosup;

			if (get) {
				if (val >= ops->get_optmin &&
						val < ops->get_optmax)
					goto out;
			} else {
				if (val >= ops->set_optmin &&
						val < ops->set_optmax)
					goto out;
			}
			module_put(ops->owner);
		}
	}
out_nosup:
	ops = ERR_PTR(-ENOPROTOOPT);
out:
	mutex_unlock(&nf_sockopt_mutex);
	return ops;
}

/* Call get/setsockopt() */
static int nf_sockopt(struct sock *sk, u_int8_t pf, int val,
		      char __user *opt, int *len, int get)
{
	struct nf_sockopt_ops *ops;
	int ret;

	ops = nf_sockopt_find(sk, pf, val, get);
	if (IS_ERR(ops))
		return PTR_ERR(ops);

	if (get)
		ret = ops->get(sk, val, opt, len);
	else
		ret = ops->set(sk, val, opt, *len);

	module_put(ops->owner);
	return ret;
}

int nf_setsockopt(struct sock *sk, u_int8_t pf, int val, char __user *opt,
		  unsigned int len)
{
	return nf_sockopt(sk, pf, val, opt, &len, 0);
}
EXPORT_SYMBOL(nf_setsockopt);

int nf_getsockopt(struct sock *sk, u_int8_t pf, int val, char __user *opt,
		  int *len)
{
	return nf_sockopt(sk, pf, val, opt, len, 1);
}
EXPORT_SYMBOL(nf_getsockopt);

#ifdef CONFIG_COMPAT
static int compat_nf_sockopt(struct sock *sk, u_int8_t pf, int val,
			     char __user *opt, int *len, int get)
{
	struct nf_sockopt_ops *ops;
	int ret;

	ops = nf_sockopt_find(sk, pf, val, get);
	if (IS_ERR(ops))
		return PTR_ERR(ops);

	if (get) {
		if (ops->compat_get)
			ret = ops->compat_get(sk, val, opt, len);
		else
			ret = ops->get(sk, val, opt, len);
	} else {
		if (ops->compat_set)
			ret = ops->compat_set(sk, val, opt, *len);
		else
			ret = ops->set(sk, val, opt, *len);
	}

	module_put(ops->owner);
	return ret;
}

int compat_nf_setsockopt(struct sock *sk, u_int8_t pf,
		int val, char __user *opt, unsigned int len)
{
	return compat_nf_sockopt(sk, pf, val, opt, &len, 0);
}
EXPORT_SYMBOL(compat_nf_setsockopt);

int compat_nf_getsockopt(struct sock *sk, u_int8_t pf,
		int val, char __user *opt, int *len)
{
	return compat_nf_sockopt(sk, pf, val, opt, len, 1);
}
EXPORT_SYMBOL(compat_nf_getsockopt);
#endif
Commit	Line	Data
f6ebe77f HW	1	#include <linux/kernel.h>
	2	#include <linux/init.h>
	3	#include <linux/module.h>
	4	#include <linux/skbuff.h>
	5	#include <linux/netfilter.h>
4a3e2f71	6	#include <linux/mutex.h>
f6ebe77f HW	7	#include <net/sock.h>
	8
	9	#include "nf_internals.h"
	10
	11	/* Sockopts only registered and called from user context, so
	12	net locking would be overkill. Also, [gs]etsockopt calls may
	13	sleep. */
4a3e2f71	14	static DEFINE_MUTEX(nf_sockopt_mutex);
f6ebe77f HW	15	static LIST_HEAD(nf_sockopts);
	16
	17	/* Do exclusive ranges overlap? */
	18	static inline int overlap(int min1, int max1, int min2, int max2)
	19	{
	20	return max1 > min2 && min1 < max2;
	21	}
	22
	23	/* Functions to register sockopt ranges (exclusive). */
	24	int nf_register_sockopt(struct nf_sockopt_ops *reg)
	25	{
55d84acd	26	struct nf_sockopt_ops *ops;
f6ebe77f HW	27	int ret = 0;
f6ebe77f HW	28
7926dbfa	29	mutex_lock(&nf_sockopt_mutex);
55d84acd	30	list_for_each_entry(ops, &nf_sockopts, list) {
f6ebe77f	31	if (ops->pf == reg->pf
601e68e1	32	&& (overlap(ops->set_optmin, ops->set_optmax,
f6ebe77f	33	reg->set_optmin, reg->set_optmax)
601e68e1	34	\|\| overlap(ops->get_optmin, ops->get_optmax,
f6ebe77f HW	35	reg->get_optmin, reg->get_optmax))) {
f6ebe77f HW	36	NFDEBUG("nf_sock overlap: %u-%u/%u-%u v %u-%u/%u-%u\n",
601e68e1 YH	37	ops->set_optmin, ops->set_optmax,
601e68e1 YH	38	ops->get_optmin, ops->get_optmax,
f6ebe77f HW	39	reg->set_optmin, reg->set_optmax,
	40	reg->get_optmin, reg->get_optmax);
	41	ret = -EBUSY;
	42	goto out;
	43	}
	44	}
	45
	46	list_add(&reg->list, &nf_sockopts);
	47	out:
4a3e2f71	48	mutex_unlock(&nf_sockopt_mutex);
f6ebe77f HW	49	return ret;
	50	}
	51	EXPORT_SYMBOL(nf_register_sockopt);
	52
	53	void nf_unregister_sockopt(struct nf_sockopt_ops *reg)
	54	{
4a3e2f71	55	mutex_lock(&nf_sockopt_mutex);
f6ebe77f	56	list_del(&reg->list);
4a3e2f71	57	mutex_unlock(&nf_sockopt_mutex);
f6ebe77f HW	58	}
	59	EXPORT_SYMBOL(nf_unregister_sockopt);
	60
76108cea	61	static struct nf_sockopt_ops nf_sockopt_find(struct sock sk, u_int8_t pf,
4ce5ba6a	62	int val, int get)
f6ebe77f	63	{
f6ebe77f	64	struct nf_sockopt_ops *ops;
f6ebe77f	65
7926dbfa	66	mutex_lock(&nf_sockopt_mutex);
55d84acd	67	list_for_each_entry(ops, &nf_sockopts, list) {
f6ebe77f	68	if (ops->pf == pf) {
16fcec35 NH	69	if (!try_module_get(ops->owner))
16fcec35 NH	70	goto out_nosup;
4ce5ba6a	71
f6ebe77f	72	if (get) {
4ce5ba6a PE	73	if (val >= ops->get_optmin &&
4ce5ba6a PE	74	val < ops->get_optmax)
f6ebe77f	75	goto out;
f6ebe77f	76	} else {
4ce5ba6a PE	77	if (val >= ops->set_optmin &&
4ce5ba6a PE	78	val < ops->set_optmax)
f6ebe77f	79	goto out;
f6ebe77f	80	}
16fcec35	81	module_put(ops->owner);
f6ebe77f HW	82	}
f6ebe77f HW	83	}
4ce5ba6a PE	84	out_nosup:
	85	ops = ERR_PTR(-ENOPROTOOPT);
	86	out:
4a3e2f71	87	mutex_unlock(&nf_sockopt_mutex);
4ce5ba6a PE	88	return ops;
	89	}
	90
	91	/* Call get/setsockopt() */
76108cea	92	static int nf_sockopt(struct sock *sk, u_int8_t pf, int val,
4ce5ba6a PE	93	char __user opt, int len, int get)
	94	{
	95	struct nf_sockopt_ops *ops;
	96	int ret;
	97
	98	ops = nf_sockopt_find(sk, pf, val, get);
	99	if (IS_ERR(ops))
	100	return PTR_ERR(ops);
	101
	102	if (get)
	103	ret = ops->get(sk, val, opt, len);
	104	else
	105	ret = ops->set(sk, val, opt, *len);
601e68e1	106
16fcec35	107	module_put(ops->owner);
f6ebe77f HW	108	return ret;
	109	}
	110
76108cea	111	int nf_setsockopt(struct sock sk, u_int8_t pf, int val, char __user opt,
b7058842	112	unsigned int len)
f6ebe77f HW	113	{
	114	return nf_sockopt(sk, pf, val, opt, &len, 0);
	115	}
	116	EXPORT_SYMBOL(nf_setsockopt);
	117
76108cea JE	118	int nf_getsockopt(struct sock sk, u_int8_t pf, int val, char __user opt,
76108cea JE	119	int *len)
f6ebe77f HW	120	{
	121	return nf_sockopt(sk, pf, val, opt, len, 1);
	122	}
	123	EXPORT_SYMBOL(nf_getsockopt);
	124
3fdadf7d	125	#ifdef CONFIG_COMPAT
76108cea	126	static int compat_nf_sockopt(struct sock *sk, u_int8_t pf, int val,
543d9cfe	127	char __user opt, int len, int get)
3fdadf7d	128	{
3fdadf7d DM	129	struct nf_sockopt_ops *ops;
	130	int ret;
	131
4ce5ba6a PE	132	ops = nf_sockopt_find(sk, pf, val, get);
	133	if (IS_ERR(ops))
	134	return PTR_ERR(ops);
	135
	136	if (get) {
	137	if (ops->compat_get)
	138	ret = ops->compat_get(sk, val, opt, len);
	139	else
6452a5fd	140	ret = ops->get(sk, val, opt, len);
4ce5ba6a PE	141	} else {
4ce5ba6a PE	142	if (ops->compat_set)
6452a5fd	143	ret = ops->compat_set(sk, val, opt, *len);
4ce5ba6a	144	else
6452a5fd	145	ret = ops->set(sk, val, opt, *len);
3fdadf7d	146	}
3fdadf7d	147
16fcec35	148	module_put(ops->owner);
3fdadf7d DM	149	return ret;
	150	}
	151
76108cea	152	int compat_nf_setsockopt(struct sock *sk, u_int8_t pf,
b7058842	153	int val, char __user *opt, unsigned int len)
3fdadf7d DM	154	{
	155	return compat_nf_sockopt(sk, pf, val, opt, &len, 0);
	156	}
	157	EXPORT_SYMBOL(compat_nf_setsockopt);
	158
76108cea	159	int compat_nf_getsockopt(struct sock *sk, u_int8_t pf,
3fdadf7d DM	160	int val, char __user opt, int len)
	161	{
	162	return compat_nf_sockopt(sk, pf, val, opt, len, 1);
	163	}
	164	EXPORT_SYMBOL(compat_nf_getsockopt);
	165	#endif