X-Git-Url: http://developer.intra2net.com/git/?p=ipt_ACCOUNT;a=blobdiff_plain;f=linux-2.6%2Fnet%2Fipv4%2Fnetfilter%2Fipt_ACCOUNT.c;h=48073e5e1eb57f521649cef27caa65a953431d63;hp=0431024ba1f0d3f9da6106a10edb77a1b76be527;hb=946762ae354f5a0fb4d4fb20d8cc8880fa42092f;hpb=3fb0d0cca62248ffd0964638a29faf2ab5af1d1e diff --git a/linux-2.6/net/ipv4/netfilter/ipt_ACCOUNT.c b/linux-2.6/net/ipv4/netfilter/ipt_ACCOUNT.c index 0431024..48073e5 100644 --- a/linux-2.6/net/ipv4/netfilter/ipt_ACCOUNT.c +++ b/linux-2.6/net/ipv4/netfilter/ipt_ACCOUNT.c @@ -13,6 +13,7 @@ ***************************************************************************/ #include +#include #include #include #include @@ -48,6 +49,18 @@ static DEFINE_SPINLOCK(ipt_acc_lock); /* Mutex (semaphore) used for manipulating userspace handles/snapshot data */ static struct semaphore ipt_acc_userspace_mutex; +/* Allocates a page and clears it */ +static void *ipt_acc_zalloc_page(void) +{ + // Don't use get_zeroed_page until it's fixed in the kernel. + // get_zeroed_page(GFP_ATOMIC) + void *mem = (void *)__get_free_page(GFP_ATOMIC); + if (mem) { + memset (mem, 0, PAGE_SIZE); + } + + return mem; +} /* Recursive free of all data structures */ static void ipt_acc_data_free(void *data, unsigned char depth) @@ -65,9 +78,9 @@ static void ipt_acc_data_free(void *data, unsigned char depth) /* Free for 16 bit network */ if (depth == 1) { struct ipt_acc_mask_16 *mask_16 = (struct ipt_acc_mask_16 *)data; - u_int32_t b; + unsigned int b; for (b=0; b <= 255; b++) { - if (mask_16->mask_24[b] != 0) { + if (mask_16->mask_24[b]) { free_page((unsigned long)mask_16->mask_24[b]); } } @@ -77,12 +90,12 @@ static void ipt_acc_data_free(void *data, unsigned char depth) /* Free for 24 bit network */ if (depth == 2) { - u_int32_t a, b; + unsigned int a, b; for (a=0; a <= 255; a++) { if (((struct ipt_acc_mask_8 *)data)->mask_16[a]) { struct ipt_acc_mask_16 *mask_16 = (struct ipt_acc_mask_16*) ((struct ipt_acc_mask_8 *)data)->mask_16[a]; - + for (b=0; b <= 255; b++) { if (mask_16->mask_24[b]) { free_page((unsigned long)mask_16->mask_24[b]); @@ -104,7 +117,7 @@ static void ipt_acc_data_free(void *data, unsigned char depth) Return internal ID or -1 on error */ static int ipt_acc_table_insert(char *name, u_int32_t ip, u_int32_t netmask) { - u_int32_t i; + unsigned int i; DEBUGP("ACCOUNT: ipt_acc_table_insert: %s, %u.%u.%u.%u/%u.%u.%u.%u\n", name, NIPQUAD(ip), NIPQUAD(netmask)); @@ -137,9 +150,10 @@ static int ipt_acc_table_insert(char *name, u_int32_t ip, u_int32_t netmask) for (i = 0; i < ACCOUNT_MAX_TABLES; i++) { /* Found free slot */ if (ipt_acc_tables[i].name[0] == 0) { - u_int32_t calc_mask, netsize=0; + unsigned int netsize=0; + u_int32_t calc_mask; int j; /* needs to be signed, otherwise we risk endless loop */ - + DEBUGP("ACCOUNT: Found free slot: %d\n", i); strncpy (ipt_acc_tables[i].name, name, ACCOUNT_TABLE_NAME_LEN-1); @@ -169,7 +183,7 @@ static int ipt_acc_table_insert(char *name, u_int32_t ip, u_int32_t netmask) ipt_acc_tables[i].refcount++; if ((ipt_acc_tables[i].data - = (void *)get_zeroed_page(GFP_ATOMIC)) == NULL) { + = ipt_acc_zalloc_page()) == NULL) { printk("ACCOUNT: out of memory for data of table: %s\n", name); memset(&ipt_acc_tables[i], 0, sizeof(struct ipt_acc_table)); @@ -187,25 +201,36 @@ static int ipt_acc_table_insert(char *name, u_int32_t ip, u_int32_t netmask) } static int ipt_acc_checkentry(const char *tablename, - const struct ipt_entry *e, - void *targinfo, - unsigned int targinfosize, - unsigned int hook_mask) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16) + const void *e, +#else + const struct ipt_entry *e, +#endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_target *target, +#endif + void *targinfo, +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19) + unsigned int targinfosize, +#endif + unsigned int hook_mask) { struct ipt_acc_info *info = targinfo; int table_nr; +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (targinfosize != IPT_ALIGN(sizeof(struct ipt_acc_info))) { DEBUGP("ACCOUNT: targinfosize %u != %u\n", targinfosize, IPT_ALIGN(sizeof(struct ipt_acc_info))); return 0; } +#endif spin_lock_bh(&ipt_acc_lock); table_nr = ipt_acc_table_insert(info->table_name, info->net_ip, info->net_mask); spin_unlock_bh(&ipt_acc_lock); - + if (table_nr == -1) { printk("ACCOUNT: Table insert problem. Aborting\n"); return 0; @@ -217,15 +242,26 @@ static int ipt_acc_checkentry(const char *tablename, return 1; } -static void ipt_acc_deleteentry(void *targinfo, unsigned int targinfosize) +static void ipt_acc_destroy( +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_target *target, +#endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) + void *targinfo) +#else + void *targinfo, + unsigned int targinfosize) +#endif { - u_int32_t i; + unsigned int i; struct ipt_acc_info *info = targinfo; +#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17) if (targinfosize != IPT_ALIGN(sizeof(struct ipt_acc_info))) { DEBUGP("ACCOUNT: targinfosize %u != %u\n", targinfosize, IPT_ALIGN(sizeof(struct ipt_acc_info))); } +#endif spin_lock_bh(&ipt_acc_lock); @@ -349,7 +385,7 @@ static void ipt_acc_depth1_insert(struct ipt_acc_mask_16 *mask_16, /* Do we need to create a new mask_24 bucket? */ if (!mask_16->mask_24[slot] && (mask_16->mask_24[slot] = - (void *)get_zeroed_page(GFP_ATOMIC)) == NULL) { + ipt_acc_zalloc_page()) == NULL) { printk("ACCOUNT: Can't process packet because out of memory!\n"); return; } @@ -365,7 +401,7 @@ static void ipt_acc_depth1_insert(struct ipt_acc_mask_16 *mask_16, /* Do we need to create a new mask_24 bucket? */ if (!mask_16->mask_24[slot] && (mask_16->mask_24[slot] - = (void *)get_zeroed_page(GFP_ATOMIC)) == NULL) { + = ipt_acc_zalloc_page()) == NULL) { printk("ACCOUT: Can't process packet because out of memory!\n"); return; } @@ -387,7 +423,7 @@ static void ipt_acc_depth2_insert(struct ipt_acc_mask_8 *mask_8, /* Do we need to create a new mask_24 bucket? */ if (!mask_8->mask_16[slot] && (mask_8->mask_16[slot] - = (void *)get_zeroed_page(GFP_ATOMIC)) == NULL) { + = ipt_acc_zalloc_page()) == NULL) { printk("ACCOUNT: Can't process packet because out of memory!\n"); return; } @@ -403,7 +439,7 @@ static void ipt_acc_depth2_insert(struct ipt_acc_mask_8 *mask_8, /* Do we need to create a new mask_24 bucket? */ if (!mask_8->mask_16[slot] && (mask_8->mask_16[slot] - = (void *)get_zeroed_page(GFP_ATOMIC)) == NULL) { + = ipt_acc_zalloc_page()) == NULL) { printk("ACCOUNT: Can't process packet because out of memory!\n"); return; } @@ -414,17 +450,30 @@ static void ipt_acc_depth2_insert(struct ipt_acc_mask_8 *mask_8, } static unsigned int ipt_acc_target(struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - unsigned int hooknum, - const void *targinfo, - void *userinfo) + const struct net_device *in, + const struct net_device *out, + unsigned int hooknum, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + const struct xt_target *target, +#endif +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19) + const void *targinfo) +#else + const void *targinfo, + void *userinfo) +#endif { const struct ipt_acc_info *info = (const struct ipt_acc_info *)targinfo; +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22) + u_int32_t src_ip = ip_hdr(*pskb)->saddr; + u_int32_t dst_ip = ip_hdr(*pskb)->daddr; + u_int32_t size = ntohs(ip_hdr(*pskb)->tot_len); +#else u_int32_t src_ip = (*pskb)->nh.iph->saddr; u_int32_t dst_ip = (*pskb)->nh.iph->daddr; u_int32_t size = ntohs((*pskb)->nh.iph->tot_len); +#endif spin_lock_bh(&ipt_acc_lock); @@ -497,7 +546,7 @@ static unsigned int ipt_acc_target(struct sk_buff **pskb, */ static int ipt_acc_handle_find_slot(void) { - u_int32_t i; + unsigned int i; /* Insert new table */ for (i = 0; i < ACCOUNT_MAX_HANDLES; i++) { /* Found free slot */ @@ -515,7 +564,7 @@ static int ipt_acc_handle_find_slot(void) return -1; } -static int ipt_acc_handle_free(u_int32_t handle) +static int ipt_acc_handle_free(unsigned int handle) { if (handle >= ACCOUNT_MAX_HANDLES) { printk("ACCOUNT: Invalid handle for ipt_acc_handle_free() specified:" @@ -554,7 +603,7 @@ static int ipt_acc_handle_prepare_read(char *tablename, dest->itemcount = ipt_acc_tables[table_nr].itemcount; /* allocate "root" table */ - if ((dest->data = (void*)get_zeroed_page(GFP_ATOMIC)) == NULL) { + if ((dest->data = ipt_acc_zalloc_page()) == NULL) { printk("ACCOUNT: out of memory for root table " "in ipt_acc_handle_prepare_read()\n"); return -1; @@ -571,12 +620,12 @@ static int ipt_acc_handle_prepare_read(char *tablename, (struct ipt_acc_mask_16 *)ipt_acc_tables[table_nr].data; struct ipt_acc_mask_16 *network_16 = (struct ipt_acc_mask_16 *)dest->data; - u_int32_t b; + unsigned int b; for (b = 0; b <= 255; b++) { if (src_16->mask_24[b]) { if ((network_16->mask_24[b] = - (void*)get_zeroed_page(GFP_ATOMIC)) == NULL) { + ipt_acc_zalloc_page()) == NULL) { printk("ACCOUNT: out of memory during copy of 16 bit " "network in ipt_acc_handle_prepare_read()\n"); ipt_acc_data_free(dest->data, depth); @@ -593,12 +642,12 @@ static int ipt_acc_handle_prepare_read(char *tablename, struct ipt_acc_mask_8 *network_8 = (struct ipt_acc_mask_8 *)dest->data; struct ipt_acc_mask_16 *src_16, *network_16; - u_int32_t a, b; + unsigned int a, b; for (a = 0; a <= 255; a++) { if (src_8->mask_16[a]) { if ((network_8->mask_16[a] = - (void*)get_zeroed_page(GFP_ATOMIC)) == NULL) { + ipt_acc_zalloc_page()) == NULL) { printk("ACCOUNT: out of memory during copy of 24 bit network" " in ipt_acc_handle_prepare_read()\n"); ipt_acc_data_free(dest->data, depth); @@ -614,7 +663,7 @@ static int ipt_acc_handle_prepare_read(char *tablename, for (b = 0; b <= 255; b++) { if (src_16->mask_24[b]) { if ((network_16->mask_24[b] = - (void*)get_zeroed_page(GFP_ATOMIC)) == NULL) { + ipt_acc_zalloc_page()) == NULL) { printk("ACCOUNT: out of memory during copy of 16 bit" " network in ipt_acc_handle_prepare_read()\n"); ipt_acc_data_free(dest->data, depth); @@ -653,7 +702,7 @@ static int ipt_acc_handle_prepare_read_flush(char *tablename, } /* Try to allocate memory */ - if (!(new_data_page = (void*)get_zeroed_page(GFP_ATOMIC))) { + if (!(new_data_page = ipt_acc_zalloc_page())) { printk("ACCOUNT: ipt_acc_handle_prepare_read_flush(): " "Out of memory!\n"); return -1; @@ -676,14 +725,14 @@ static int ipt_acc_handle_prepare_read_flush(char *tablename, /* Copy 8 bit network data into a prepared buffer. We only copy entries != 0 to increase performance. */ -static int ipt_acc_handle_copy_data(void *to_user, u_int32_t *to_user_pos, - u_int32_t *tmpbuf_pos, +static int ipt_acc_handle_copy_data(void *to_user, unsigned long *to_user_pos, + unsigned long *tmpbuf_pos, struct ipt_acc_mask_24 *data, u_int32_t net_ip, u_int32_t net_OR_mask) { struct ipt_acc_handle_ip handle_ip; - u_int32_t handle_ip_size = sizeof (struct ipt_acc_handle_ip); - u_int32_t i; + size_t handle_ip_size = sizeof (struct ipt_acc_handle_ip); + unsigned int i; for (i = 0; i <= 255; i++) { if (data->ip[i].src_packets || data->ip[i].dst_packets) { @@ -716,7 +765,8 @@ static int ipt_acc_handle_copy_data(void *to_user, u_int32_t *to_user_pos, */ static int ipt_acc_handle_get_data(u_int32_t handle, void *to_user) { - u_int32_t to_user_pos=0, tmpbuf_pos=0, net_ip; + unsigned long to_user_pos=0, tmpbuf_pos=0; + u_int32_t net_ip; unsigned char depth; if (handle >= ACCOUNT_MAX_HANDLES) { @@ -753,7 +803,7 @@ static int ipt_acc_handle_get_data(u_int32_t handle, void *to_user) if (depth == 1) { struct ipt_acc_mask_16 *network_16 = (struct ipt_acc_mask_16*)ipt_acc_handles[handle].data; - u_int32_t b; + unsigned int b; for (b = 0; b <= 255; b++) { if (network_16->mask_24[b]) { struct ipt_acc_mask_24 *network = @@ -776,7 +826,7 @@ static int ipt_acc_handle_get_data(u_int32_t handle, void *to_user) if (depth == 2) { struct ipt_acc_mask_8 *network_8 = (struct ipt_acc_mask_8*)ipt_acc_handles[handle].data; - u_int32_t a, b; + unsigned int a, b; for (a = 0; a <= 255; a++) { if (network_8->mask_16[a]) { struct ipt_acc_mask_16 *network_16 = @@ -806,7 +856,7 @@ static int ipt_acc_handle_get_data(u_int32_t handle, void *to_user) } static int ipt_acc_set_ctl(struct sock *sk, int cmd, - void *user, u_int32_t len) + void *user, unsigned int len) { struct ipt_acc_handle_sockopt handle; int ret = -EINVAL; @@ -834,7 +884,7 @@ static int ipt_acc_set_ctl(struct sock *sk, int cmd, up(&ipt_acc_userspace_mutex); break; case IPT_SO_SET_ACCOUNT_HANDLE_FREE_ALL: { - u_int32_t i; + unsigned int i; down(&ipt_acc_userspace_mutex); for (i = 0; i < ACCOUNT_MAX_HANDLES; i++) ipt_acc_handle_free(i); @@ -861,20 +911,20 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len) case IPT_SO_GET_ACCOUNT_PREPARE_READ_FLUSH: case IPT_SO_GET_ACCOUNT_PREPARE_READ: { struct ipt_acc_handle dest; - + if (*len < sizeof(struct ipt_acc_handle_sockopt)) { printk("ACCOUNT: ipt_acc_get_ctl: wrong data size (%u != %u) " "for IPT_SO_GET_ACCOUNT_PREPARE_READ/READ_FLUSH\n", *len, sizeof(struct ipt_acc_handle_sockopt)); break; } - + if (copy_from_user (&handle, user, sizeof(struct ipt_acc_handle_sockopt))) { return -EFAULT; break; } - + spin_lock_bh(&ipt_acc_lock); if (cmd == IPT_SO_GET_ACCOUNT_PREPARE_READ_FLUSH) ret = ipt_acc_handle_prepare_read_flush( @@ -886,7 +936,7 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len) // Error occured during prepare_read? if (ret == -1) return -EINVAL; - + /* Allocate a userspace handle */ down(&ipt_acc_userspace_mutex); if ((handle.handle_nr = ipt_acc_handle_find_slot()) == -1) { @@ -897,7 +947,7 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len) memcpy(&ipt_acc_handles[handle.handle_nr], &dest, sizeof(struct ipt_acc_handle)); up(&ipt_acc_userspace_mutex); - + if (copy_to_user(user, &handle, sizeof(struct ipt_acc_handle_sockopt))) { return -EFAULT; @@ -947,7 +997,7 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len) ret = 0; break; case IPT_SO_GET_ACCOUNT_GET_HANDLE_USAGE: { - u_int32_t i; + unsigned int i; if (*len < sizeof(struct ipt_acc_handle_sockopt)) { printk("ACCOUNT: ipt_acc_get_ctl: wrong data size (%u != %u)" " for IPT_SO_GET_ACCOUNT_GET_HANDLE_USAGE\n", @@ -1001,14 +1051,14 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len) } } spin_unlock_bh(&ipt_acc_lock); - + /* Terminating NULL character */ *tnames = 0; - - /* Transfer to userspace */ + + /* Transfer to userspace */ if (copy_to_user(user, ipt_acc_tmpbuf, size)) return -EFAULT; - + ret = 0; break; } @@ -1019,11 +1069,21 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len) return ret; } +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) +static struct xt_target xt_acc_reg = { +#else static struct ipt_target ipt_acc_reg = { +#endif .name = "ACCOUNT", +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) + .family = AF_INET, +#endif .target = ipt_acc_target, +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17) + .targetsize = sizeof(struct ipt_acc_info), +#endif .checkentry = ipt_acc_checkentry, - .destroy = ipt_acc_deleteentry, + .destroy = ipt_acc_destroy, .me = THIS_MODULE }; @@ -1039,7 +1099,7 @@ static struct nf_sockopt_ops ipt_acc_sockopts = { static int __init init(void) { - init_MUTEX(&ipt_acc_userspace_mutex); + init_MUTEX(&ipt_acc_userspace_mutex); if ((ipt_acc_tables = kmalloc(ACCOUNT_MAX_TABLES * @@ -1047,7 +1107,7 @@ static int __init init(void) printk("ACCOUNT: Out of memory allocating account_tables structure"); goto error_cleanup; } - memset(ipt_acc_tables, 0, + memset(ipt_acc_tables, 0, ACCOUNT_MAX_TABLES * sizeof(struct ipt_acc_table)); if ((ipt_acc_handles = @@ -1056,7 +1116,7 @@ static int __init init(void) printk("ACCOUNT: Out of memory allocating account_handles structure"); goto error_cleanup; } - memset(ipt_acc_handles, 0, + memset(ipt_acc_handles, 0, ACCOUNT_MAX_HANDLES * sizeof(struct ipt_acc_handle)); /* Allocate one page as temporary storage */ @@ -1071,11 +1131,15 @@ static int __init init(void) goto error_cleanup; } +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) + if (xt_register_target(&xt_acc_reg)) +#else if (ipt_register_target(&ipt_acc_reg)) +#endif goto error_cleanup; - + return 0; - + error_cleanup: if(ipt_acc_tables) kfree(ipt_acc_tables); @@ -1083,13 +1147,17 @@ error_cleanup: kfree(ipt_acc_handles); if (ipt_acc_tmpbuf) free_page((unsigned long)ipt_acc_tmpbuf); - + return -EINVAL; } static void __exit fini(void) { +#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21) + xt_unregister_target(&xt_acc_reg); +#else ipt_unregister_target(&ipt_acc_reg); +#endif nf_unregister_sockopt(&ipt_acc_sockopts);