Skip to content

Commit a258860

Browse files
ummakynesdavem330
ummakynes
authored and
davem330
committed
netfilter: ctnetlink: add full support for SCTP to ctnetlink
This patch adds full support for SCTP to ctnetlink. This includes three new attributes: state, original vtag and reply vtag. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 0adf9d6 commit a258860

File tree

2 files changed

+90
-0
lines changed

2 files changed

+90
-0
lines changed

include/linux/netfilter/nfnetlink_conntrack.h

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,7 @@ enum ctattr_protoinfo {
8181
CTA_PROTOINFO_UNSPEC,
8282
CTA_PROTOINFO_TCP,
8383
CTA_PROTOINFO_DCCP,
84+
CTA_PROTOINFO_SCTP,
8485
__CTA_PROTOINFO_MAX
8586
};
8687
#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
@@ -103,6 +104,15 @@ enum ctattr_protoinfo_dccp {
103104
};
104105
#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
105106

107+
enum ctattr_protoinfo_sctp {
108+
CTA_PROTOINFO_SCTP_UNSPEC,
109+
CTA_PROTOINFO_SCTP_STATE,
110+
CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
111+
CTA_PROTOINFO_SCTP_VTAG_REPLY,
112+
__CTA_PROTOINFO_SCTP_MAX
113+
};
114+
#define CTA_PROTOINFO_SCTP_MAX (__CTA_PROTOINFO_SCTP_MAX - 1)
115+
106116
enum ctattr_counters {
107117
CTA_COUNTERS_UNSPEC,
108118
CTA_COUNTERS_PACKETS, /* old 64bit counters */

net/netfilter/nf_conntrack_proto_sctp.c

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -463,6 +463,82 @@ static bool sctp_new(struct nf_conn *ct, const struct sk_buff *skb,
463463
return true;
464464
}
465465

466+
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
467+
468+
#include <linux/netfilter/nfnetlink.h>
469+
#include <linux/netfilter/nfnetlink_conntrack.h>
470+
471+
static int sctp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
472+
const struct nf_conn *ct)
473+
{
474+
struct nlattr *nest_parms;
475+
476+
read_lock_bh(&sctp_lock);
477+
nest_parms = nla_nest_start(skb, CTA_PROTOINFO_SCTP | NLA_F_NESTED);
478+
if (!nest_parms)
479+
goto nla_put_failure;
480+
481+
NLA_PUT_U8(skb, CTA_PROTOINFO_SCTP_STATE, ct->proto.sctp.state);
482+
483+
NLA_PUT_BE32(skb,
484+
CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
485+
htonl(ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL]));
486+
487+
NLA_PUT_BE32(skb,
488+
CTA_PROTOINFO_SCTP_VTAG_REPLY,
489+
htonl(ct->proto.sctp.vtag[IP_CT_DIR_REPLY]));
490+
491+
read_unlock_bh(&sctp_lock);
492+
493+
nla_nest_end(skb, nest_parms);
494+
495+
return 0;
496+
497+
nla_put_failure:
498+
read_unlock_bh(&sctp_lock);
499+
return -1;
500+
}
501+
502+
static const struct nla_policy sctp_nla_policy[CTA_PROTOINFO_SCTP_MAX+1] = {
503+
[CTA_PROTOINFO_SCTP_STATE] = { .type = NLA_U8 },
504+
[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL] = { .type = NLA_U32 },
505+
[CTA_PROTOINFO_SCTP_VTAG_REPLY] = { .type = NLA_U32 },
506+
};
507+
508+
static int nlattr_to_sctp(struct nlattr *cda[], struct nf_conn *ct)
509+
{
510+
struct nlattr *attr = cda[CTA_PROTOINFO_SCTP];
511+
struct nlattr *tb[CTA_PROTOINFO_SCTP_MAX+1];
512+
int err;
513+
514+
/* updates may not contain the internal protocol info, skip parsing */
515+
if (!attr)
516+
return 0;
517+
518+
err = nla_parse_nested(tb,
519+
CTA_PROTOINFO_SCTP_MAX,
520+
attr,
521+
sctp_nla_policy);
522+
if (err < 0)
523+
return err;
524+
525+
if (!tb[CTA_PROTOINFO_SCTP_STATE] ||
526+
!tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL] ||
527+
!tb[CTA_PROTOINFO_SCTP_VTAG_REPLY])
528+
return -EINVAL;
529+
530+
write_lock_bh(&sctp_lock);
531+
ct->proto.sctp.state = nla_get_u8(tb[CTA_PROTOINFO_SCTP_STATE]);
532+
ct->proto.sctp.vtag[IP_CT_DIR_ORIGINAL] =
533+
ntohl(nla_get_be32(tb[CTA_PROTOINFO_SCTP_VTAG_ORIGINAL]));
534+
ct->proto.sctp.vtag[IP_CT_DIR_REPLY] =
535+
ntohl(nla_get_be32(tb[CTA_PROTOINFO_SCTP_VTAG_REPLY]));
536+
write_unlock_bh(&sctp_lock);
537+
538+
return 0;
539+
}
540+
#endif
541+
466542
#ifdef CONFIG_SYSCTL
467543
static unsigned int sctp_sysctl_table_users;
468544
static struct ctl_table_header *sctp_sysctl_header;
@@ -591,6 +667,8 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 __read_mostly = {
591667
.new = sctp_new,
592668
.me = THIS_MODULE,
593669
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
670+
.to_nlattr = sctp_to_nlattr,
671+
.from_nlattr = nlattr_to_sctp,
594672
.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
595673
.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
596674
.nla_policy = nf_ct_port_nla_policy,
@@ -617,6 +695,8 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 __read_mostly = {
617695
.new = sctp_new,
618696
.me = THIS_MODULE,
619697
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
698+
.to_nlattr = sctp_to_nlattr,
699+
.from_nlattr = nlattr_to_sctp,
620700
.tuple_to_nlattr = nf_ct_port_tuple_to_nlattr,
621701
.nlattr_to_tuple = nf_ct_port_nlattr_to_tuple,
622702
.nla_policy = nf_ct_port_nla_policy,

0 commit comments

Comments
 (0)