projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'v3.10.91' into update
[GitHub/mt8127/android_kernel_alcatel_ttab.git] / net / netfilter / xt_quota2.c
1 /*
2 * xt_quota2 - enhanced xt_quota that can count upwards and in packets
3 * as a minimal accounting match.
4 * by Jan Engelhardt <jengelh@medozas.de>, 2008
5 *
6 * Originally based on xt_quota.c:
7 * netfilter module to enforce network quotas
8 * Sam Johnston <samj@samj.net>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License; either
12 * version 2 of the License, as published by the Free Software Foundation.
13 */
14 #include <linux/list.h>
15 #include <linux/module.h>
16 #include <linux/proc_fs.h>
17 #include <linux/skbuff.h>
18 #include <linux/spinlock.h>
19 #include <asm/atomic.h>
20 #include <net/netlink.h>
21
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter/xt_quota2.h>
24 #ifdef CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG
25 #include <linux/netfilter_ipv4/ipt_ULOG.h>
26 #endif
27
28 /**
29 * @lock: lock to protect quota writers from each other
30 */
31 struct xt_quota_counter {
32 u_int64_t quota;
33 spinlock_t lock;
34 struct list_head list;
35 atomic_t ref;
36 char name[sizeof(((struct xt_quota_mtinfo2 *)NULL)->name)];
37 struct proc_dir_entry *procfs_entry;
38 };
39
40 #ifdef CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG
41 /* Harald's favorite number +1 :D From ipt_ULOG.C */
42 static int qlog_nl_event = 112;
43 module_param_named(event_num, qlog_nl_event, uint, S_IRUGO | S_IWUSR);
44 MODULE_PARM_DESC(event_num,
45 "Event number for NETLINK_NFLOG message. 0 disables log."
46 "111 is what ipt_ULOG uses.");
47 static struct sock *nflognl;
48 #endif
49
50 static LIST_HEAD(counter_list);
51 static DEFINE_SPINLOCK(counter_list_lock);
52
53 static struct proc_dir_entry *proc_xt_quota;
54 static unsigned int quota_list_perms = S_IRUGO | S_IWUSR;
55 static unsigned int quota_list_uid = 0;
56 static unsigned int quota_list_gid = 0;
57 module_param_named(perms, quota_list_perms, uint, S_IRUGO | S_IWUSR);
58 module_param_named(uid, quota_list_uid, uint, S_IRUGO | S_IWUSR);
59 module_param_named(gid, quota_list_gid, uint, S_IRUGO | S_IWUSR);
60
61
62 #ifdef CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG
63 static void quota2_log(unsigned int hooknum,
64 const struct sk_buff *skb,
65 const struct net_device *in,
66 const struct net_device *out,
67 const char *prefix)
68 {
69 ulog_packet_msg_t *pm;
70 struct sk_buff *log_skb;
71 size_t size;
72 struct nlmsghdr *nlh;
73
74 if (!qlog_nl_event)
75 return;
76
77 size = NLMSG_SPACE(sizeof(*pm));
78 size = max(size, (size_t)NLMSG_GOODSIZE);
79 log_skb = alloc_skb(size, GFP_ATOMIC);
80 if (!log_skb) {
81 pr_err("xt_quota2: cannot alloc skb for logging\n");
82 return;
83 }
84
85 nlh = nlmsg_put(log_skb, /*pid*/0, /*seq*/0, qlog_nl_event,
86 sizeof(*pm), 0);
87 if (!nlh) {
88 pr_err("xt_quota2: nlmsg_put failed\n");
89 kfree_skb(log_skb);
90 return;
91 }
92 pm = nlmsg_data(nlh);
93 if (skb->tstamp.tv64 == 0)
94 __net_timestamp((struct sk_buff *)skb);
95 pm->data_len = 0;
96 pm->hook = hooknum;
97 if (prefix != NULL)
98 strlcpy(pm->prefix, prefix, sizeof(pm->prefix));
99 else
100 *(pm->prefix) = '\0';
101 if (in)
102 strlcpy(pm->indev_name, in->name, sizeof(pm->indev_name));
103 else
104 pm->indev_name[0] = '\0';
105
106 if (out)
107 strlcpy(pm->outdev_name, out->name, sizeof(pm->outdev_name));
108 else
109 pm->outdev_name[0] = '\0';
110
111 NETLINK_CB(log_skb).dst_group = 1;
112 pr_debug("throwing 1 packets to netlink group 1\n");
113 netlink_broadcast(nflognl, log_skb, 0, 1, GFP_ATOMIC);
114 }
115 #else
116 static void quota2_log(unsigned int hooknum,
117 const struct sk_buff *skb,
118 const struct net_device *in,
119 const struct net_device *out,
120 const char *prefix)
121 {
122 }
123 #endif /* if+else CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG */
124
125 static ssize_t quota_proc_read(struct file *file, char __user *buf,
126 size_t size, loff_t *ppos)
127 {
128 struct xt_quota_counter *e = PDE_DATA(file_inode(file));
129 char tmp[24];
130 size_t tmp_size;
131
132 spin_lock_bh(&e->lock);
133 tmp_size = scnprintf(tmp, sizeof(tmp), "%llu\n", e->quota);
134 spin_unlock_bh(&e->lock);
135 return simple_read_from_buffer(buf, size, ppos, tmp, tmp_size);
136 }
137
138 static ssize_t quota_proc_write(struct file *file, const char __user *input,
139 size_t size, loff_t *ppos)
140 {
141 struct xt_quota_counter *e = PDE_DATA(file_inode(file));
142 char buf[sizeof("18446744073709551616")];
143
144 if (size > sizeof(buf))
145 size = sizeof(buf);
146 if (copy_from_user(buf, input, size) != 0)
147 return -EFAULT;
148 buf[sizeof(buf)-1] = '\0';
149
150 spin_lock_bh(&e->lock);
151 e->quota = simple_strtoull(buf, NULL, 0);
152 spin_unlock_bh(&e->lock);
153 return size;
154 }
155
156 static const struct file_operations q2_counter_fops = {
157 .read = quota_proc_read,
158 .write = quota_proc_write,
159 .llseek = default_llseek,
160 };
161
162 static struct xt_quota_counter *
163 q2_new_counter(const struct xt_quota_mtinfo2 *q, bool anon)
164 {
165 struct xt_quota_counter *e;
166 unsigned int size;
167
168 /* Do not need all the procfs things for anonymous counters. */
169 size = anon ? offsetof(typeof(*e), list) : sizeof(*e);
170 e = kmalloc(size, GFP_KERNEL);
171 if (e == NULL)
172 return NULL;
173
174 e->quota = q->quota;
175 spin_lock_init(&e->lock);
176 if (!anon) {
177 INIT_LIST_HEAD(&e->list);
178 atomic_set(&e->ref, 1);
179 strlcpy(e->name, q->name, sizeof(e->name));
180 }
181 return e;
182 }
183
184 /**
185 * q2_get_counter - get ref to counter or create new
186 * @name: name of counter
187 */
188 static struct xt_quota_counter *
189 q2_get_counter(const struct xt_quota_mtinfo2 *q)
190 {
191 struct proc_dir_entry *p;
192 struct xt_quota_counter *e = NULL;
193 struct xt_quota_counter *new_e;
194
195 if (*q->name == '\0')
196 return q2_new_counter(q, true);
197
198 /* No need to hold a lock while getting a new counter */
199 new_e = q2_new_counter(q, false);
200 if (new_e == NULL)
201 goto out;
202
203 spin_lock_bh(&counter_list_lock);
204 list_for_each_entry(e, &counter_list, list)
205 if (strcmp(e->name, q->name) == 0) {
206 atomic_inc(&e->ref);
207 spin_unlock_bh(&counter_list_lock);
208 kfree(new_e);
209 pr_debug("xt_quota2: old counter name=%s", e->name);
210 return e;
211 }
212 e = new_e;
213 pr_debug("xt_quota2: new_counter name=%s", e->name);
214 list_add_tail(&e->list, &counter_list);
215 /* The entry having a refcount of 1 is not directly destructible.
216 * This func has not yet returned the new entry, thus iptables
217 * has not references for destroying this entry.
218 * For another rule to try to destroy it, it would 1st need for this
219 * func* to be re-invoked, acquire a new ref for the same named quota.
220 * Nobody will access the e->procfs_entry either.
221 * So release the lock. */
222 spin_unlock_bh(&counter_list_lock);
223
224 /* create_proc_entry() is not spin_lock happy */
225 p = e->procfs_entry = proc_create_data(e->name, quota_list_perms,
226 proc_xt_quota, &q2_counter_fops, e);
227
228 if (IS_ERR_OR_NULL(p)) {
229 spin_lock_bh(&counter_list_lock);
230 list_del(&e->list);
231 spin_unlock_bh(&counter_list_lock);
232 goto out;
233 }
234 proc_set_user(p, quota_list_uid, quota_list_gid);
235 return e;
236
237 out:
238 kfree(e);
239 return NULL;
240 }
241
242 static int quota_mt2_check(const struct xt_mtchk_param *par)
243 {
244 struct xt_quota_mtinfo2 *q = par->matchinfo;
245
246 pr_debug("xt_quota2: check() flags=0x%04x", q->flags);
247
248 if (q->flags & ~XT_QUOTA_MASK)
249 return -EINVAL;
250
251 q->name[sizeof(q->name)-1] = '\0';
252 if (*q->name == '.' || strchr(q->name, '/') != NULL) {
253 printk(KERN_ERR "xt_quota.3: illegal name\n");
254 return -EINVAL;
255 }
256
257 q->master = q2_get_counter(q);
258 if (q->master == NULL) {
259 printk(KERN_ERR "xt_quota.3: memory alloc failure\n");
260 return -ENOMEM;
261 }
262
263 return 0;
264 }
265
266 static void quota_mt2_destroy(const struct xt_mtdtor_param *par)
267 {
268 struct xt_quota_mtinfo2 *q = par->matchinfo;
269 struct xt_quota_counter *e = q->master;
270
271 if (*q->name == '\0') {
272 kfree(e);
273 return;
274 }
275
276 spin_lock_bh(&counter_list_lock);
277 if (!atomic_dec_and_test(&e->ref)) {
278 spin_unlock_bh(&counter_list_lock);
279 return;
280 }
281
282 list_del(&e->list);
283 remove_proc_entry(e->name, proc_xt_quota);
284 spin_unlock_bh(&counter_list_lock);
285 kfree(e);
286 }
287
288 static bool
289 quota_mt2(const struct sk_buff *skb, struct xt_action_param *par)
290 {
291 struct xt_quota_mtinfo2 *q = (void *)par->matchinfo;
292 struct xt_quota_counter *e = q->master;
293 bool ret = q->flags & XT_QUOTA_INVERT;
294
295 spin_lock_bh(&e->lock);
296 if (q->flags & XT_QUOTA_GROW) {
297 /*
298 * While no_change is pointless in "grow" mode, we will
299 * implement it here simply to have a consistent behavior.
300 */
301 if (!(q->flags & XT_QUOTA_NO_CHANGE)) {
302 e->quota += (q->flags & XT_QUOTA_PACKET) ? 1 : skb->len;
303 }
304 ret = true;
305 } else {
306 if (e->quota >= skb->len) {
307 if (!(q->flags & XT_QUOTA_NO_CHANGE))
308 e->quota -= (q->flags & XT_QUOTA_PACKET) ? 1 : skb->len;
309 ret = !ret;
310 } else {
311 /* We are transitioning, log that fact. */
312 if (e->quota) {
313 quota2_log(par->hooknum,
314 skb,
315 par->in,
316 par->out,
317 q->name);
318 }
319 /* we do not allow even small packets from now on */
320 e->quota = 0;
321 }
322 }
323 spin_unlock_bh(&e->lock);
324 return ret;
325 }
326
327 static struct xt_match quota_mt2_reg[] __read_mostly = {
328 {
329 .name = "quota2",
330 .revision = 3,
331 .family = NFPROTO_IPV4,
332 .checkentry = quota_mt2_check,
333 .match = quota_mt2,
334 .destroy = quota_mt2_destroy,
335 .matchsize = sizeof(struct xt_quota_mtinfo2),
336 .me = THIS_MODULE,
337 },
338 {
339 .name = "quota2",
340 .revision = 3,
341 .family = NFPROTO_IPV6,
342 .checkentry = quota_mt2_check,
343 .match = quota_mt2,
344 .destroy = quota_mt2_destroy,
345 .matchsize = sizeof(struct xt_quota_mtinfo2),
346 .me = THIS_MODULE,
347 },
348 };
349
350 static int __init quota_mt2_init(void)
351 {
352 int ret;
353 pr_debug("xt_quota2: init()");
354
355 #ifdef CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG
356 nflognl = netlink_kernel_create(&init_net, NETLINK_NFLOG, NULL);
357 if (!nflognl)
358 return -ENOMEM;
359 #endif
360
361 proc_xt_quota = proc_mkdir("xt_quota", init_net.proc_net);
362 if (proc_xt_quota == NULL)
363 return -EACCES;
364
365 ret = xt_register_matches(quota_mt2_reg, ARRAY_SIZE(quota_mt2_reg));
366 if (ret < 0)
367 remove_proc_entry("xt_quota", init_net.proc_net);
368 pr_debug("xt_quota2: init() %d", ret);
369 return ret;
370 }
371
372 static void __exit quota_mt2_exit(void)
373 {
374 xt_unregister_matches(quota_mt2_reg, ARRAY_SIZE(quota_mt2_reg));
375 remove_proc_entry("xt_quota", init_net.proc_net);
376 }
377
378 module_init(quota_mt2_init);
379 module_exit(quota_mt2_exit);
380 MODULE_DESCRIPTION("Xtables: countdown quota match; up counter");
381 MODULE_AUTHOR("Sam Johnston <samj@samj.net>");
382 MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
383 MODULE_LICENSE("GPL");
384 MODULE_ALIAS("ipt_quota2");
385 MODULE_ALIAS("ip6t_quota2");
kernel source for telekom puls (alcatel/mediatek)