Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bcbde0d4 authored by Daniel Borkmann's avatar Daniel Borkmann Committed by David S. Miller
Browse files

net: netlink: virtual tap device management 



Similarly to the networking receive path with ptype_all taps, we add
the possibility to register netdevices that are for ARPHRD_NETLINK to
the netlink subsystem, so that those can be used for netlink analyzers
resp. debuggers. We do not offer a direct callback function as out-of-tree
modules could do crap with it. Instead, a netdevice must be registered
properly and only receives a clone, managed by the netlink layer. Symbols
are exported as GPL-only.

Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 77e2af03

include/linux/netlink.h

+10 −0
Original line number Diff line number Diff line
@@ -145,4 +145,14 @@ static inline int netlink_dump_start(struct sock *ssk, struct sk_buff *skb, 
	return __netlink_dump_start(ssk, skb, nlh, control);

}



struct netlink_tap {

	struct net_device *dev;

	struct module *module;

	struct list_head list;

};



extern int netlink_add_tap(struct netlink_tap *nt);

extern int __netlink_remove_tap(struct netlink_tap *nt);

extern int netlink_remove_tap(struct netlink_tap *nt);



#endif	/* __LINUX_NETLINK_H */

net/netlink/af_netlink.c

+107 −0
Original line number Diff line number Diff line
@@ -57,6 +57,7 @@ 
#include <linux/audit.h>

#include <linux/mutex.h>

#include <linux/vmalloc.h>

#include <linux/if_arp.h>

#include <asm/cacheflush.h>



#include <net/net_namespace.h>
@@ -101,6 +102,9 @@ static atomic_t nl_table_users = ATOMIC_INIT(0); 


static ATOMIC_NOTIFIER_HEAD(netlink_chain);



static DEFINE_SPINLOCK(netlink_tap_lock);

static struct list_head netlink_tap_all __read_mostly;



static inline u32 netlink_group_mask(u32 group)

{

	return group ? 1 << (group - 1) : 0;
@@ -111,6 +115,100 @@ static inline struct hlist_head *nl_portid_hashfn(struct nl_portid_hash *hash, u 
	return &hash->table[jhash_1word(portid, hash->rnd) & hash->mask];

}



int netlink_add_tap(struct netlink_tap *nt)

{

	if (unlikely(nt->dev->type != ARPHRD_NETLINK))

		return -EINVAL;



	spin_lock(&netlink_tap_lock);

	list_add_rcu(&nt->list, &netlink_tap_all);

	spin_unlock(&netlink_tap_lock);



	if (nt->module)

		__module_get(nt->module);



	return 0;

}

EXPORT_SYMBOL_GPL(netlink_add_tap);



int __netlink_remove_tap(struct netlink_tap *nt)

{

	bool found = false;

	struct netlink_tap *tmp;



	spin_lock(&netlink_tap_lock);



	list_for_each_entry(tmp, &netlink_tap_all, list) {

		if (nt == tmp) {

			list_del_rcu(&nt->list);

			found = true;

			goto out;

		}

	}



	pr_warn("__netlink_remove_tap: %p not found\n", nt);

out:

	spin_unlock(&netlink_tap_lock);



	if (found && nt->module)

		module_put(nt->module);



	return found ? 0 : -ENODEV;

}

EXPORT_SYMBOL_GPL(__netlink_remove_tap);



int netlink_remove_tap(struct netlink_tap *nt)

{

	int ret;



	ret = __netlink_remove_tap(nt);

	synchronize_net();



	return ret;

}

EXPORT_SYMBOL_GPL(netlink_remove_tap);



static int __netlink_deliver_tap_skb(struct sk_buff *skb,

				     struct net_device *dev)

{

	struct sk_buff *nskb;

	int ret = -ENOMEM;



	dev_hold(dev);

	nskb = skb_clone(skb, GFP_ATOMIC);

	if (nskb) {

		nskb->dev = dev;

		ret = dev_queue_xmit(nskb);

		if (unlikely(ret > 0))

			ret = net_xmit_errno(ret);

	}



	dev_put(dev);

	return ret;

}



static void __netlink_deliver_tap(struct sk_buff *skb)

{

	int ret;

	struct netlink_tap *tmp;



	list_for_each_entry_rcu(tmp, &netlink_tap_all, list) {

		ret = __netlink_deliver_tap_skb(skb, tmp->dev);

		if (unlikely(ret))

			break;

	}

}



static void netlink_deliver_tap(struct sk_buff *skb)

{

	rcu_read_lock();



	if (unlikely(!list_empty(&netlink_tap_all)))

		__netlink_deliver_tap(skb);



	rcu_read_unlock();

}



static void netlink_overrun(struct sock *sk)

{

	struct netlink_sock *nlk = nlk_sk(sk);
@@ -1518,6 +1616,8 @@ static int __netlink_sendskb(struct sock *sk, struct sk_buff *skb) 
{

	int len = skb->len;



	netlink_deliver_tap(skb);



#ifdef CONFIG_NETLINK_MMAP

	if (netlink_skb_is_mmaped(skb))

		netlink_queue_mmaped_skb(sk, skb);
@@ -1578,6 +1678,11 @@ static int netlink_unicast_kernel(struct sock *sk, struct sk_buff *skb, 


	ret = -ECONNREFUSED;

	if (nlk->netlink_rcv != NULL) {

		/* We could do a netlink_deliver_tap(skb) here as well

		 * but since this is intended for the kernel only, we

		 * should rather let it stay under the hood.

		 */



		ret = skb->len;

		netlink_skb_set_owner_r(skb, sk);

		NETLINK_CB(skb).sk = ssk;
@@ -2975,6 +3080,8 @@ static int __init netlink_proto_init(void) 
		nl_table[i].compare = netlink_compare;

	}



	INIT_LIST_HEAD(&netlink_tap_all);



	netlink_add_usersock_entry();



	sock_register(&netlink_family_ops);