0% found this document useful (0 votes)

61 views

Code NF - Queue

This document contains code for handling packet queuing and reinjection in the Linux kernel's netfilter subsystem. It defines functions for registering and unregistering a queue handler, allocating and freeing queue entries, holding references to network devices, and reinjecting queued packets back into the netfilter hooks. The core __nf_queue function queues packets, and nf_reinject reinjects them while traversing the remaining netfilter hooks.

Uploaded by

Kipuri Dark

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

61 views

Code NF - Queue

Uploaded by

Kipuri Dark

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 6

#include <linux/kernel.

h>
#include <linux/slab.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/proc_fs.h>
#include <linux/skbuff.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter_bridge.h>
#include <linux/seq_file.h>
#include <linux/rcupdate.h>
#include <net/protocol.h>
#include <net/netfilter/nf_queue.h>
#include <net/dst.h>

#include "nf_internals.h"

static const struct nf_queue_handler __rcu *nf_queue_handler;

/*
* Hook for nfnetlink_queue to register its queue handler.
* We do this so that most of the NFQUEUE code can be modular.
*
* Once the queue is registered it must reinject all packets it
* receives, no matter what.
*/

void nf_register_queue_handler(const struct nf_queue_handler *qh)

{
/* should never happen, we only have one queueing backend in kernel */
WARN_ON(rcu_access_pointer(nf_queue_handler));
rcu_assign_pointer(nf_queue_handler, qh);
}
EXPORT_SYMBOL(nf_register_queue_handler);

/* The caller must flush their queue before this */

void nf_unregister_queue_handler(void)
{
RCU_INIT_POINTER(nf_queue_handler, NULL);
}
EXPORT_SYMBOL(nf_unregister_queue_handler);

static void nf_queue_entry_release_refs(struct nf_queue_entry *entry)

{
struct nf_hook_state *state = &entry->state;

/* Release those devices we held, or Alexey will kill me. */

dev_put(state->in);
dev_put(state->out);
if (state->sk)
sock_put(state->sk);

void nf_queue_entry_free(struct nf_queue_entry *entry)

{
nf_queue_entry_release_refs(entry);
kfree(entry);
}
EXPORT_SYMBOL_GPL(nf_queue_entry_free);

static void __nf_queue_entry_init_physdevs(struct nf_queue_entry *entry)

{
}

/* Bump dev refs so they don't vanish while packet is out */

void nf_queue_entry_get_refs(struct nf_queue_entry *entry)
{
struct nf_hook_state *state = &entry->state;

dev_hold(state->in);
dev_hold(state->out);
if (state->sk)
sock_hold(state->sk);

}
EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs);

void nf_queue_nf_hook_drop(struct net *net)

{
const struct nf_queue_handler *qh;

rcu_read_lock();
qh = rcu_dereference(nf_queue_handler);
if (qh)
qh->nf_hook_drop(net);
rcu_read_unlock();
}
EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop);

static void nf_ip_saveroute(const struct sk_buff *skb,

struct nf_queue_entry *entry)
{
struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);

if (entry->state.hook == NF_INET_LOCAL_OUT) {
const struct iphdr *iph = ip_hdr(skb);

rt_info->tos = iph->tos;
rt_info->daddr = iph->daddr;
rt_info->saddr = iph->saddr;
rt_info->mark = skb->mark;
}
}

static void nf_ip6_saveroute(const struct sk_buff *skb,

struct nf_queue_entry *entry)
{
struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);

if (entry->state.hook == NF_INET_LOCAL_OUT) {
const struct ipv6hdr *iph = ipv6_hdr(skb);

rt_info->daddr = iph->daddr;
rt_info->saddr = iph->saddr;
rt_info->mark = skb->mark;
}
}

static int __nf_queue(struct sk_buff skb, const struct nf_hook_state state,

unsigned int index, unsigned int queuenum)
{
struct nf_queue_entry *entry = NULL;
const struct nf_queue_handler *qh;
unsigned int route_key_size;
int status;

/* QUEUE == DROP if no one is waiting, to be safe. */

qh = rcu_dereference(nf_queue_handler);
if (!qh)
return -ESRCH;

switch (state->pf) {
case AF_INET:
route_key_size = sizeof(struct ip_rt_info);
break;
case AF_INET6:
route_key_size = sizeof(struct ip6_rt_info);
break;
default:
route_key_size = 0;
break;
}

entry = kmalloc(sizeof(*entry) + route_key_size, GFP_ATOMIC);

if (!entry)
return -ENOMEM;

if (skb_dst(skb) && !skb_dst_force(skb)) {

kfree(entry);
return -ENETDOWN;
}

*entry = (struct nf_queue_entry) {

.skb = skb,
.state = *state,
.hook_index = index,
.size = sizeof(*entry) + route_key_size,
};

__nf_queue_entry_init_physdevs(entry);

nf_queue_entry_get_refs(entry);

switch (entry->state.pf) {
case AF_INET:
nf_ip_saveroute(skb, entry);
break;
case AF_INET6:
nf_ip6_saveroute(skb, entry);
break;
}

status = qh->outfn(entry, queuenum);

if (status < 0) {
nf_queue_entry_free(entry);
return status;
}

return 0;
}

/* Packets leaving via this function must come back through nf_reinject(). */
int nf_queue(struct sk_buff *skb, struct nf_hook_state *state,
unsigned int index, unsigned int verdict)
{
int ret;

ret = __nf_queue(skb, state, index, verdict >> NF_VERDICT_QBITS);

if (ret < 0) {
if (ret == -ESRCH &&
(verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
return 1;
kfree_skb(skb);
}

return 0;
}
EXPORT_SYMBOL_GPL(nf_queue);

static unsigned int nf_iterate(struct sk_buff *skb,

struct nf_hook_state *state,
const struct nf_hook_entries *hooks,
unsigned int *index)
{
const struct nf_hook_entry *hook;
unsigned int verdict, i = *index;

while (i < hooks->num_hook_entries) {

hook = &hooks->hooks[i];
repeat:
verdict = nf_hook_entry_hookfn(hook, skb, state);
if (verdict != NF_ACCEPT) {
*index = i;
if (verdict != NF_REPEAT)
return verdict;
goto repeat;
}
i++;
}

*index = i;
return NF_ACCEPT;
}

static struct nf_hook_entries nf_hook_entries_head(const struct net net, u8 pf,

u8 hooknum)
{
switch (pf) {
#ifdef CONFIG_NETFILTER_FAMILY_BRIDGE
case NFPROTO_BRIDGE:
return rcu_dereference(net->nf.hooks_bridge[hooknum]);
#endif
case NFPROTO_IPV4:
return rcu_dereference(net->nf.hooks_ipv4[hooknum]);
case NFPROTO_IPV6:
return rcu_dereference(net->nf.hooks_ipv6[hooknum]);
default:
WARN_ON_ONCE(1);
return NULL;
}

return NULL;
}

/* Caller must hold rcu read-side lock */

void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
{
const struct nf_hook_entry *hook_entry;
const struct nf_hook_entries *hooks;
struct sk_buff *skb = entry->skb;
const struct net *net;
unsigned int i;
int err;
u8 pf;

net = entry->state.net;
pf = entry->state.pf;

hooks = nf_hook_entries_head(net, pf, entry->state.hook);

i = entry->hook_index;
if (WARN_ON_ONCE(!hooks || i >= hooks->num_hook_entries)) {
kfree_skb(skb);
nf_queue_entry_free(entry);
return;
}

hook_entry = &hooks->hooks[i];

/* Continue traversal iff userspace said ok... */

if (verdict == NF_REPEAT)
verdict = nf_hook_entry_hookfn(hook_entry, skb, &entry->state);

if (verdict == NF_ACCEPT) {
if (nf_reroute(skb, entry) < 0)
verdict = NF_DROP;
}

if (verdict == NF_ACCEPT) {
next_hook:
++i;
verdict = nf_iterate(skb, &entry->state, hooks, &i);
}

switch (verdict & NF_VERDICT_MASK) {

case NF_ACCEPT:
case NF_STOP:
local_bh_disable();
entry->state.okfn(entry->state.net, entry->state.sk, skb);
local_bh_enable();
break;
case NF_QUEUE:
err = nf_queue(skb, &entry->state, i, verdict);
if (err == 1)
goto next_hook;
break;
case NF_STOLEN:
break;
default:
kfree_skb(skb);
}

nf_queue_entry_free(entry);
}
EXPORT_SYMBOL(nf_reinject);

Sexting Username - Snapchat Usernames
100% (1)
Sexting Username - Snapchat Usernames
1 page
ITIL - A Guide To Event Management PDF
No ratings yet
ITIL - A Guide To Event Management PDF
5 pages
PL 900
100% (2)
PL 900
30 pages
Dump-Networking-2021 0817 142123 Stop
No ratings yet
Dump-Networking-2021 0817 142123 Stop
524 pages
Balanceo de Carga NTH
100% (1)
Balanceo de Carga NTH
3 pages
Vulnerability Assessment Report
No ratings yet
Vulnerability Assessment Report
23 pages
Publishing BusinessObjects Reports To SharePoint
No ratings yet
Publishing BusinessObjects Reports To SharePoint
19 pages
Customer Master Idoc Load BODS
No ratings yet
Customer Master Idoc Load BODS
7 pages
Netfilter
No ratings yet
Netfilter
10 pages
Packet Filter LKM
No ratings yet
Packet Filter LKM
2 pages
p61 - 0x0d - Hacking The Linux Kernel Network Stack - by - Bioforge
No ratings yet
p61 - 0x0d - Hacking The Linux Kernel Network Stack - by - Bioforge
35 pages
Libnf Man
No ratings yet
Libnf Man
5 pages
Balanceonuevo
No ratings yet
Balanceonuevo
1 page
RFC - Netfilter - NF - Conntrack - Add Support For - Conntrack Zones - (LWN
No ratings yet
RFC - Netfilter - NF - Conntrack - Add Support For - Conntrack Zones - (LWN
20 pages
Netfilter in Linux: Bing Qi
No ratings yet
Netfilter in Linux: Bing Qi
23 pages
46477
No ratings yet
46477
9 pages
Satyam Kumar - Lab Activity2 (2021btech106)
No ratings yet
Satyam Kumar - Lab Activity2 (2021btech106)
10 pages
QoS - Linux - NSM - PACKET - FLOW
No ratings yet
QoS - Linux - NSM - PACKET - FLOW
35 pages
Lab On TCP Spoofing
No ratings yet
Lab On TCP Spoofing
2 pages
projectreport
No ratings yet
projectreport
9 pages
Stopandwait
No ratings yet
Stopandwait
8 pages
CN LAB
No ratings yet
CN LAB
19 pages
Packet Sniffer Code in C Using Linux Sockets
100% (2)
Packet Sniffer Code in C Using Linux Sockets
134 pages
Linux Kernel
No ratings yet
Linux Kernel
2 pages
Nftables Firewall Setup Linux
No ratings yet
Nftables Firewall Setup Linux
10 pages
Selective Repeat
No ratings yet
Selective Repeat
4 pages
Dump-Networking-2023 0418 224134 Stop
No ratings yet
Dump-Networking-2023 0418 224134 Stop
473 pages
04_Firewall
No ratings yet
04_Firewall
57 pages
Balanceo PCC
No ratings yet
Balanceo PCC
3 pages
Lecture 09 Netfilter
No ratings yet
Lecture 09 Netfilter
44 pages
TCP - TX Process Model
No ratings yet
TCP - TX Process Model
10 pages
Contoh Mikrotik: Load Balancing Multi Over Gateway Untuk LAN Dan Hotspot Plus Bandwith Management
No ratings yet
Contoh Mikrotik: Load Balancing Multi Over Gateway Untuk LAN Dan Hotspot Plus Bandwith Management
4 pages
Cisco Lab OSPF Encapsulation
No ratings yet
Cisco Lab OSPF Encapsulation
23 pages
Building A Home Firewall-Router Using Openbsd-Sparc
No ratings yet
Building A Home Firewall-Router Using Openbsd-Sparc
28 pages
Linux Firewall: For The Office and Home
No ratings yet
Linux Firewall: For The Office and Home
53 pages
Lecture 2
No ratings yet
Lecture 2
8 pages
CN Codes
No ratings yet
CN Codes
39 pages
Belajar Mengkonfigurasi MPLS-VPN (PE-CE OSPF) Di Junos
No ratings yet
Belajar Mengkonfigurasi MPLS-VPN (PE-CE OSPF) Di Junos
21 pages
mySDN Lab6
No ratings yet
mySDN Lab6
15 pages
cn
No ratings yet
cn
16 pages
CN Lab Manual
No ratings yet
CN Lab Manual
16 pages
3
No ratings yet
3
2 pages
10 1 1 115 5203 PDF
No ratings yet
10 1 1 115 5203 PDF
79 pages
CAT-1_Assignment(3122247001066)
No ratings yet
CAT-1_Assignment(3122247001066)
13 pages
6PE Zero To Hero
No ratings yet
6PE Zero To Hero
10 pages
Raw Sockets
No ratings yet
Raw Sockets
9 pages
Balanceo
No ratings yet
Balanceo
1 page
1.set R4 As Advanced Pagent Advanced Configuration For TGN Router I.E. Router R4
No ratings yet
1.set R4 As Advanced Pagent Advanced Configuration For TGN Router I.E. Router R4
5 pages
TCP Concurent Server
No ratings yet
TCP Concurent Server
13 pages
d
No ratings yet
d
3 pages
PCQ
No ratings yet
PCQ
2 pages
(FTPTCPS.C) : Output: Server
No ratings yet
(FTPTCPS.C) : Output: Server
2 pages
Draft 3 (ver 1.1) - Network Automation for VxLAN EVPN Fabric & ACI Fabric
No ratings yet
Draft 3 (ver 1.1) - Network Automation for VxLAN EVPN Fabric & ACI Fabric
26 pages
CN MANUAL
No ratings yet
CN MANUAL
29 pages
Computer Network Lab
No ratings yet
Computer Network Lab
27 pages
RLDNS
No ratings yet
RLDNS
48 pages
Syn-Flood C
No ratings yet
Syn-Flood C
3 pages
The LNM Institute of Information Technology, Jaipur: Computer Networks Lab Lab Assignment 1 Solution
No ratings yet
The LNM Institute of Information Technology, Jaipur: Computer Networks Lab Lab Assignment 1 Solution
181 pages
Dnsproxy
No ratings yet
Dnsproxy
61 pages
NS2 Tutorial: Aga Zhang Dependable Computing Lab
No ratings yet
NS2 Tutorial: Aga Zhang Dependable Computing Lab
32 pages
Firewall Drop 1
No ratings yet
Firewall Drop 1
33 pages
Understanding Software Engineering Vol 3: Programming Basic Software Functionalities.
From Everand
Understanding Software Engineering Vol 3: Programming Basic Software Functionalities.
Gabriel Clemente
No ratings yet
Computer Engineering Laboratory Solution Primer
From Everand
Computer Engineering Laboratory Solution Primer
Karan Bhandari
No ratings yet
Introduction to PHP, Part 5, Second Edition
From Everand
Introduction to PHP, Part 5, Second Edition
Adam Majczak
No ratings yet
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet
WS 4
No ratings yet
WS 4
1 page
SMG Administration Guide
No ratings yet
SMG Administration Guide
913 pages
Anglais Sujet 1
No ratings yet
Anglais Sujet 1
4 pages
Sales Force Ide Localization
No ratings yet
Sales Force Ide Localization
15 pages
Tutorial 4: NVH: Modal Correlation (MAC)
No ratings yet
Tutorial 4: NVH: Modal Correlation (MAC)
9 pages
Module-1 iGCSE Notes
No ratings yet
Module-1 iGCSE Notes
31 pages
AStudio 61 SP 2 Readme
No ratings yet
AStudio 61 SP 2 Readme
32 pages
Hadoop-Yahoo - Tutorial Course 1
No ratings yet
Hadoop-Yahoo - Tutorial Course 1
149 pages
Koda Code
No ratings yet
Koda Code
5 pages
Format Kertas Kerja
No ratings yet
Format Kertas Kerja
5 pages
SQL Stored Procedures: Winter 2006-2007
No ratings yet
SQL Stored Procedures: Winter 2006-2007
33 pages
Challenges: High Price Paper Handling Individual Customer Poor Service Team or Leadership
No ratings yet
Challenges: High Price Paper Handling Individual Customer Poor Service Team or Leadership
5 pages
Linux Installation Guide
100% (2)
Linux Installation Guide
29 pages
O2007pia Readme
No ratings yet
O2007pia Readme
3 pages
BacLink 5.LIS Meditech Magic
No ratings yet
BacLink 5.LIS Meditech Magic
11 pages
Printer Driver Configuration Files
No ratings yet
Printer Driver Configuration Files
1 page
Unit - 4 (Cross Platform App development using React Native) (2)
No ratings yet
Unit - 4 (Cross Platform App development using React Native) (2)
24 pages
ss7 Installation CP
No ratings yet
ss7 Installation CP
3 pages
How Java and Android Work Together
No ratings yet
How Java and Android Work Together
7 pages
Semester 1 - Final PDF
No ratings yet
Semester 1 - Final PDF
12 pages
SAP Funds Management - BCS Planning
No ratings yet
SAP Funds Management - BCS Planning
27 pages
Ibm FW Bios Bce148b-1.21 Linux I386
No ratings yet
Ibm FW Bios Bce148b-1.21 Linux I386
3 pages
Ip Camera Manual by WatchMeIp
100% (1)
Ip Camera Manual by WatchMeIp
46 pages
Fiori: Technical Installation and Configuration of One App From A - Z
No ratings yet
Fiori: Technical Installation and Configuration of One App From A - Z
40 pages
Microservices: Dot Net Micro Services
No ratings yet
Microservices: Dot Net Micro Services
12 pages