linux/net/netfilter/nfnetlink_queue.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * This is a module which is used for queueing packets and communicating with
 * userspace via nfnetlink.
 *
 * (C) 2005 by Harald Welte <[email protected]>
 * (C) 2007 by Patrick McHardy <[email protected]>
 *
 * Based on the old ipv4-only ip_queue.c:
 * (C) 2000-2002 James Morris <[email protected]>
 * (C) 2003-2005 Netfilter Core Team <[email protected]>
 */

#define pr_fmt(fmt)

#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/init.h>
#include <linux/spinlock.h>
#include <linux/slab.h>
#include <linux/notifier.h>
#include <linux/netdevice.h>
#include <linux/netfilter.h>
#include <linux/proc_fs.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter_bridge.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nfnetlink_queue.h>
#include <linux/netfilter/nf_conntrack_common.h>
#include <linux/list.h>
#include <linux/cgroup-defs.h>
#include <net/gso.h>
#include <net/sock.h>
#include <net/tcp_states.h>
#include <net/netfilter/nf_queue.h>
#include <net/netns/generic.h>

#include <linux/atomic.h>

#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
#include "../bridge/br_private.h"
#endif

#if IS_ENABLED(CONFIG_NF_CONNTRACK)
#include <net/netfilter/nf_conntrack.h>
#endif

#define NFQNL_QMAX_DEFAULT

/* We're using struct nlattr which has 16bit nla_len. Note that nla_len
 * includes the header length. Thus, the maximum packet length that we
 * support is 65531 bytes. We send truncated packets if the specified length
 * is larger than that.  Userspace can check for presence of NFQA_CAP_LEN
 * attribute to detect truncation.
 */
#define NFQNL_MAX_COPY_RANGE

struct nfqnl_instance {};

nfqnl_cmpfn;

static unsigned int nfnl_queue_net_id __read_mostly;

#define INSTANCE_BUCKETS
struct nfnl_queue_net {};

static struct nfnl_queue_net *nfnl_queue_pernet(struct net *net)
{}

static inline u_int8_t instance_hashfn(u_int16_t queue_num)
{}

static struct nfqnl_instance *
instance_lookup(struct nfnl_queue_net *q, u_int16_t queue_num)
{}

static struct nfqnl_instance *
instance_create(struct nfnl_queue_net *q, u_int16_t queue_num, u32 portid)
{}

static void nfqnl_flush(struct nfqnl_instance *queue, nfqnl_cmpfn cmpfn,
			unsigned long data);

static void
instance_destroy_rcu(struct rcu_head *head)
{}

static void
__instance_destroy(struct nfqnl_instance *inst)
{}

static void
instance_destroy(struct nfnl_queue_net *q, struct nfqnl_instance *inst)
{}

static inline void
__enqueue_entry(struct nfqnl_instance *queue, struct nf_queue_entry *entry)
{}

static void
__dequeue_entry(struct nfqnl_instance *queue, struct nf_queue_entry *entry)
{}

static struct nf_queue_entry *
find_dequeue_entry(struct nfqnl_instance *queue, unsigned int id)
{}

static unsigned int nf_iterate(struct sk_buff *skb,
			       struct nf_hook_state *state,
			       const struct nf_hook_entries *hooks,
			       unsigned int *index)
{}

static struct nf_hook_entries *nf_hook_entries_head(const struct net *net, u8 pf, u8 hooknum)
{}

static int nf_ip_reroute(struct sk_buff *skb, const struct nf_queue_entry *entry)
{}

static int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry)
{}

/* caller must hold rcu read-side lock */
static void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
{}

static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict)
{}

static void
nfqnl_flush(struct nfqnl_instance *queue, nfqnl_cmpfn cmpfn, unsigned long data)
{}

static int
nfqnl_put_packet_info(struct sk_buff *nlskb, struct sk_buff *packet,
		      bool csum_verify)
{}

static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk)
{}

static int nfqnl_put_sk_classid(struct sk_buff *skb, struct sock *sk)
{}

static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
{}

static u32 nfqnl_get_bridge_size(struct nf_queue_entry *entry)
{}

static int nfqnl_put_bridge(struct nf_queue_entry *entry, struct sk_buff *skb)
{}

static int nf_queue_checksum_help(struct sk_buff *entskb)
{}

static struct sk_buff *
nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
			   struct nf_queue_entry *entry,
			   __be32 **packet_id_ptr)
{}

static bool nf_ct_drop_unconfirmed(const struct nf_queue_entry *entry)
{}

static int
__nfqnl_enqueue_packet(struct net *net, struct nfqnl_instance *queue,
			struct nf_queue_entry *entry)
{}

static struct nf_queue_entry *
nf_queue_entry_dup(struct nf_queue_entry *e)
{}

#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
/* When called from bridge netfilter, skb->data must point to MAC header
 * before calling skb_gso_segment(). Else, original MAC header is lost
 * and segmented skbs will be sent to wrong destination.
 */
static void nf_bridge_adjust_skb_data(struct sk_buff *skb)
{}

static void nf_bridge_adjust_segmented_data(struct sk_buff *skb)
{}
#else
#define nf_bridge_adjust_skb_data
#define nf_bridge_adjust_segmented_data
#endif

static int
__nfqnl_enqueue_packet_gso(struct net *net, struct nfqnl_instance *queue,
			   struct sk_buff *skb, struct nf_queue_entry *entry)
{}

static int
nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
{}

static int
nfqnl_mangle(void *data, unsigned int data_len, struct nf_queue_entry *e, int diff)
{}

static int
nfqnl_set_mode(struct nfqnl_instance *queue,
	       unsigned char mode, unsigned int range)
{}

static int
dev_cmp(struct nf_queue_entry *entry, unsigned long ifindex)
{}

/* drop all packets with either indev or outdev == ifindex from all queue
 * instances */
static void
nfqnl_dev_drop(struct net *net, int ifindex)
{}

static int
nfqnl_rcv_dev_event(struct notifier_block *this,
		    unsigned long event, void *ptr)
{}

static struct notifier_block nfqnl_dev_notifier =;

static void nfqnl_nf_hook_drop(struct net *net)
{}

static int
nfqnl_rcv_nl_event(struct notifier_block *this,
		   unsigned long event, void *ptr)
{}

static struct notifier_block nfqnl_rtnl_notifier =;

static const struct nla_policy nfqa_vlan_policy[NFQA_VLAN_MAX + 1] =;

static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] =;

static const struct nla_policy nfqa_verdict_batch_policy[NFQA_MAX+1] =;

static struct nfqnl_instance *
verdict_instance_lookup(struct nfnl_queue_net *q, u16 queue_num, u32 nlportid)
{}

static struct nfqnl_msg_verdict_hdr*
verdicthdr_get(const struct nlattr * const nfqa[])
{}

static int nfq_id_after(unsigned int id, unsigned int max)
{}

static int nfqnl_recv_verdict_batch(struct sk_buff *skb,
				    const struct nfnl_info *info,
				    const struct nlattr * const nfqa[])
{}

static struct nf_conn *nfqnl_ct_parse(const struct nfnl_ct_hook *nfnl_ct,
				      const struct nlmsghdr *nlh,
				      const struct nlattr * const nfqa[],
				      struct nf_queue_entry *entry,
				      enum ip_conntrack_info *ctinfo)
{}

static int nfqa_parse_bridge(struct nf_queue_entry *entry,
			     const struct nlattr * const nfqa[])
{}

static int nfqnl_recv_verdict(struct sk_buff *skb, const struct nfnl_info *info,
			      const struct nlattr * const nfqa[])
{}

static int nfqnl_recv_unsupp(struct sk_buff *skb, const struct nfnl_info *info,
			     const struct nlattr * const cda[])
{}

static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] =;

static const struct nf_queue_handler nfqh =;

static int nfqnl_recv_config(struct sk_buff *skb, const struct nfnl_info *info,
			     const struct nlattr * const nfqa[])
{}

static const struct nfnl_callback nfqnl_cb[NFQNL_MSG_MAX] =;

static const struct nfnetlink_subsystem nfqnl_subsys =;

#ifdef CONFIG_PROC_FS
struct iter_state {};

static struct hlist_node *get_first(struct seq_file *seq)
{}

static struct hlist_node *get_next(struct seq_file *seq, struct hlist_node *h)
{}

static struct hlist_node *get_idx(struct seq_file *seq, loff_t pos)
{}

static void *seq_start(struct seq_file *s, loff_t *pos)
	__acquires(nfnl_queue_pernet(seq_file_net(s))->instances_lock)
{}

static void *seq_next(struct seq_file *s, void *v, loff_t *pos)
{}

static void seq_stop(struct seq_file *s, void *v)
	__releases(nfnl_queue_pernet(seq_file_net(s))->instances_lock)
{}

static int seq_show(struct seq_file *s, void *v)
{}

static const struct seq_operations nfqnl_seq_ops =;
#endif /* PROC_FS */

static int __net_init nfnl_queue_net_init(struct net *net)
{}

static void __net_exit nfnl_queue_net_exit(struct net *net)
{}

static struct pernet_operations nfnl_queue_net_ops =;

static int __init nfnetlink_queue_init(void)
{}

static void __exit nfnetlink_queue_fini(void)
{}

MODULE_DESCRIPTION();
MODULE_AUTHOR();
MODULE_LICENSE();
MODULE_ALIAS_NFNL_SUBSYS();

module_init();
module_exit(nfnetlink_queue_fini);