search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 5.2
[linux-2.6/linux-2.6-arm.git] / net / netfilter / nfnetlink_osf.c
blobf42326b40d6faadd3b5dbeb1997a03f743acc3a8
1 // SPDX-License-Identifier: GPL-2.0-only
2 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
3 #include <linux/module.h>
4 #include <linux/kernel.h>
5
6 #include <linux/capability.h>
7 #include <linux/if.h>
8 #include <linux/inetdevice.h>
9 #include <linux/ip.h>
10 #include <linux/list.h>
11 #include <linux/rculist.h>
12 #include <linux/skbuff.h>
13 #include <linux/slab.h>
14 #include <linux/tcp.h>
15
16 #include <net/ip.h>
17 #include <net/tcp.h>
18
19 #include <linux/netfilter/nfnetlink.h>
20 #include <linux/netfilter/x_tables.h>
21 #include <net/netfilter/nf_log.h>
22 #include <linux/netfilter/nfnetlink_osf.h>
23
24 /*
25 * Indexed by dont-fragment bit.
26 * It is the only constant value in the fingerprint.
27 */
28 struct list_head nf_osf_fingers[2];
29 EXPORT_SYMBOL_GPL(nf_osf_fingers);
30
31 static inline int nf_osf_ttl(const struct sk_buff *skb,
32 int ttl_check, unsigned char f_ttl)
33 {
34 struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
35 const struct iphdr *ip = ip_hdr(skb);
36 int ret = 0;
37
38 if (ttl_check == NF_OSF_TTL_TRUE)
39 return ip->ttl == f_ttl;
40 if (ttl_check == NF_OSF_TTL_NOCHECK)
41 return 1;
42 else if (ip->ttl <= f_ttl)
43 return 1;
44
45 for_ifa(in_dev) {
46 if (inet_ifa_match(ip->saddr, ifa)) {
47 ret = (ip->ttl == f_ttl);
48 break;
49 }
50 }
51
52 endfor_ifa(in_dev);
53
54 return ret;
55 }
56
57 struct nf_osf_hdr_ctx {
58 bool df;
59 u16 window;
60 u16 totlen;
61 const unsigned char *optp;
62 unsigned int optsize;
63 };
64
65 static bool nf_osf_match_one(const struct sk_buff *skb,
66 const struct nf_osf_user_finger *f,
67 int ttl_check,
68 struct nf_osf_hdr_ctx *ctx)
69 {
70 const __u8 *optpinit = ctx->optp;
71 unsigned int check_WSS = 0;
72 int fmatch = FMATCH_WRONG;
73 int foptsize, optnum;
74 u16 mss = 0;
75
76 if (ctx->totlen != f->ss || !nf_osf_ttl(skb, ttl_check, f->ttl))
77 return false;
78
79 /*
80 * Should not happen if userspace parser was written correctly.
81 */
82 if (f->wss.wc >= OSF_WSS_MAX)
83 return false;
84
85 /* Check options */
86
87 foptsize = 0;
88 for (optnum = 0; optnum < f->opt_num; ++optnum)
89 foptsize += f->opt[optnum].length;
90
91 if (foptsize > MAX_IPOPTLEN ||
92 ctx->optsize > MAX_IPOPTLEN ||
93 ctx->optsize != foptsize)
94 return false;
95
96 check_WSS = f->wss.wc;
97
98 for (optnum = 0; optnum < f->opt_num; ++optnum) {
99 if (f->opt[optnum].kind == *ctx->optp) {
100 __u32 len = f->opt[optnum].length;
101 const __u8 *optend = ctx->optp + len;
102
103 fmatch = FMATCH_OK;
104
105 switch (*ctx->optp) {
106 case OSFOPT_MSS:
107 mss = ctx->optp[3];
108 mss <<= 8;
109 mss |= ctx->optp[2];
110
111 mss = ntohs((__force __be16)mss);
112 break;
113 case OSFOPT_TS:
114 break;
115 }
116
117 ctx->optp = optend;
118 } else
119 fmatch = FMATCH_OPT_WRONG;
120
121 if (fmatch != FMATCH_OK)
122 break;
123 }
124
125 if (fmatch != FMATCH_OPT_WRONG) {
126 fmatch = FMATCH_WRONG;
127
128 switch (check_WSS) {
129 case OSF_WSS_PLAIN:
130 if (f->wss.val == 0 || ctx->window == f->wss.val)
131 fmatch = FMATCH_OK;
132 break;
133 case OSF_WSS_MSS:
134 /*
135 * Some smart modems decrease mangle MSS to
136 * SMART_MSS_2, so we check standard, decreased
137 * and the one provided in the fingerprint MSS
138 * values.
139 */
140 #define SMART_MSS_1 1460
141 #define SMART_MSS_2 1448
142 if (ctx->window == f->wss.val * mss ||
143 ctx->window == f->wss.val * SMART_MSS_1 ||
144 ctx->window == f->wss.val * SMART_MSS_2)
145 fmatch = FMATCH_OK;
146 break;
147 case OSF_WSS_MTU:
148 if (ctx->window == f->wss.val * (mss + 40) ||
149 ctx->window == f->wss.val * (SMART_MSS_1 + 40) ||
150 ctx->window == f->wss.val * (SMART_MSS_2 + 40))
151 fmatch = FMATCH_OK;
152 break;
153 case OSF_WSS_MODULO:
154 if ((ctx->window % f->wss.val) == 0)
155 fmatch = FMATCH_OK;
156 break;
157 }
158 }
159
160 if (fmatch != FMATCH_OK)
161 ctx->optp = optpinit;
162
163 return fmatch == FMATCH_OK;
164 }
165
166 static const struct tcphdr *nf_osf_hdr_ctx_init(struct nf_osf_hdr_ctx *ctx,
167 const struct sk_buff *skb,
168 const struct iphdr *ip,
169 unsigned char *opts)
170 {
171 const struct tcphdr *tcp;
172 struct tcphdr _tcph;
173
174 tcp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(struct tcphdr), &_tcph);
175 if (!tcp)
176 return NULL;
177
178 if (!tcp->syn)
179 return NULL;
180
181 ctx->totlen = ntohs(ip->tot_len);
182 ctx->df = ntohs(ip->frag_off) & IP_DF;
183 ctx->window = ntohs(tcp->window);
184
185 if (tcp->doff * 4 > sizeof(struct tcphdr)) {
186 ctx->optsize = tcp->doff * 4 - sizeof(struct tcphdr);
187
188 ctx->optp = skb_header_pointer(skb, ip_hdrlen(skb) +
189 sizeof(struct tcphdr), ctx->optsize, opts);
190 }
191
192 return tcp;
193 }
194
195 bool
196 nf_osf_match(const struct sk_buff *skb, u_int8_t family,
197 int hooknum, struct net_device *in, struct net_device *out,
198 const struct nf_osf_info *info, struct net *net,
199 const struct list_head *nf_osf_fingers)
200 {
201 const struct iphdr *ip = ip_hdr(skb);
202 const struct nf_osf_user_finger *f;
203 unsigned char opts[MAX_IPOPTLEN];
204 const struct nf_osf_finger *kf;
205 int fcount = 0, ttl_check;
206 int fmatch = FMATCH_WRONG;
207 struct nf_osf_hdr_ctx ctx;
208 const struct tcphdr *tcp;
209
210 memset(&ctx, 0, sizeof(ctx));
211
212 tcp = nf_osf_hdr_ctx_init(&ctx, skb, ip, opts);
213 if (!tcp)
214 return false;
215
216 ttl_check = (info->flags & NF_OSF_TTL) ? info->ttl : 0;
217
218 list_for_each_entry_rcu(kf, &nf_osf_fingers[ctx.df], finger_entry) {
219
220 f = &kf->finger;
221
222 if (!(info->flags & NF_OSF_LOG) && strcmp(info->genre, f->genre))
223 continue;
224
225 if (!nf_osf_match_one(skb, f, ttl_check, &ctx))
226 continue;
227
228 fmatch = FMATCH_OK;
229
230 fcount++;
231
232 if (info->flags & NF_OSF_LOG)
233 nf_log_packet(net, family, hooknum, skb,
234 in, out, NULL,
235 "%s [%s:%s] : %pI4:%d -> %pI4:%d hops=%d\n",
236 f->genre, f->version, f->subtype,
237 &ip->saddr, ntohs(tcp->source),
238 &ip->daddr, ntohs(tcp->dest),
239 f->ttl - ip->ttl);
240
241 if ((info->flags & NF_OSF_LOG) &&
242 info->loglevel == NF_OSF_LOGLEVEL_FIRST)
243 break;
244 }
245
246 if (!fcount && (info->flags & NF_OSF_LOG))
247 nf_log_packet(net, family, hooknum, skb, in, out, NULL,
248 "Remote OS is not known: %pI4:%u -> %pI4:%u\n",
249 &ip->saddr, ntohs(tcp->source),
250 &ip->daddr, ntohs(tcp->dest));
251
252 if (fcount)
253 fmatch = FMATCH_OK;
254
255 return fmatch == FMATCH_OK;
256 }
257 EXPORT_SYMBOL_GPL(nf_osf_match);
258
259 bool nf_osf_find(const struct sk_buff *skb,
260 const struct list_head *nf_osf_fingers,
261 const int ttl_check, struct nf_osf_data *data)
262 {
263 const struct iphdr *ip = ip_hdr(skb);
264 const struct nf_osf_user_finger *f;
265 unsigned char opts[MAX_IPOPTLEN];
266 const struct nf_osf_finger *kf;
267 struct nf_osf_hdr_ctx ctx;
268 const struct tcphdr *tcp;
269
270 memset(&ctx, 0, sizeof(ctx));
271
272 tcp = nf_osf_hdr_ctx_init(&ctx, skb, ip, opts);
273 if (!tcp)
274 return false;
275
276 list_for_each_entry_rcu(kf, &nf_osf_fingers[ctx.df], finger_entry) {
277 f = &kf->finger;
278 if (!nf_osf_match_one(skb, f, ttl_check, &ctx))
279 continue;
280
281 data->genre = f->genre;
282 data->version = f->version;
283 break;
284 }
285
286 return true;
287 }
288 EXPORT_SYMBOL_GPL(nf_osf_find);
289
290 static const struct nla_policy nfnl_osf_policy[OSF_ATTR_MAX + 1] = {
291 [OSF_ATTR_FINGER] = { .len = sizeof(struct nf_osf_user_finger) },
292 };
293
294 static int nfnl_osf_add_callback(struct net *net, struct sock *ctnl,
295 struct sk_buff *skb, const struct nlmsghdr *nlh,
296 const struct nlattr * const osf_attrs[],
297 struct netlink_ext_ack *extack)
298 {
299 struct nf_osf_user_finger *f;
300 struct nf_osf_finger *kf = NULL, *sf;
301 int err = 0;
302
303 if (!capable(CAP_NET_ADMIN))
304 return -EPERM;
305
306 if (!osf_attrs[OSF_ATTR_FINGER])
307 return -EINVAL;
308
309 if (!(nlh->nlmsg_flags & NLM_F_CREATE))
310 return -EINVAL;
311
312 f = nla_data(osf_attrs[OSF_ATTR_FINGER]);
313
314 kf = kmalloc(sizeof(struct nf_osf_finger), GFP_KERNEL);
315 if (!kf)
316 return -ENOMEM;
317
318 memcpy(&kf->finger, f, sizeof(struct nf_osf_user_finger));
319
320 list_for_each_entry(sf, &nf_osf_fingers[!!f->df], finger_entry) {
321 if (memcmp(&sf->finger, f, sizeof(struct nf_osf_user_finger)))
322 continue;
323
324 kfree(kf);
325 kf = NULL;
326
327 if (nlh->nlmsg_flags & NLM_F_EXCL)
328 err = -EEXIST;
329 break;
330 }
331
332 /*
333 * We are protected by nfnl mutex.
334 */
335 if (kf)
336 list_add_tail_rcu(&kf->finger_entry, &nf_osf_fingers[!!f->df]);
337
338 return err;
339 }
340
341 static int nfnl_osf_remove_callback(struct net *net, struct sock *ctnl,
342 struct sk_buff *skb,
343 const struct nlmsghdr *nlh,
344 const struct nlattr * const osf_attrs[],
345 struct netlink_ext_ack *extack)
346 {
347 struct nf_osf_user_finger *f;
348 struct nf_osf_finger *sf;
349 int err = -ENOENT;
350
351 if (!capable(CAP_NET_ADMIN))
352 return -EPERM;
353
354 if (!osf_attrs[OSF_ATTR_FINGER])
355 return -EINVAL;
356
357 f = nla_data(osf_attrs[OSF_ATTR_FINGER]);
358
359 list_for_each_entry(sf, &nf_osf_fingers[!!f->df], finger_entry) {
360 if (memcmp(&sf->finger, f, sizeof(struct nf_osf_user_finger)))
361 continue;
362
363 /*
364 * We are protected by nfnl mutex.
365 */
366 list_del_rcu(&sf->finger_entry);
367 kfree_rcu(sf, rcu_head);
368
369 err = 0;
370 break;
371 }
372
373 return err;
374 }
375
376 static const struct nfnl_callback nfnl_osf_callbacks[OSF_MSG_MAX] = {
377 [OSF_MSG_ADD] = {
378 .call = nfnl_osf_add_callback,
379 .attr_count = OSF_ATTR_MAX,
380 .policy = nfnl_osf_policy,
381 },
382 [OSF_MSG_REMOVE] = {
383 .call = nfnl_osf_remove_callback,
384 .attr_count = OSF_ATTR_MAX,
385 .policy = nfnl_osf_policy,
386 },
387 };
388
389 static const struct nfnetlink_subsystem nfnl_osf_subsys = {
390 .name = "osf",
391 .subsys_id = NFNL_SUBSYS_OSF,
392 .cb_count = OSF_MSG_MAX,
393 .cb = nfnl_osf_callbacks,
394 };
395
396 static int __init nfnl_osf_init(void)
397 {
398 int err = -EINVAL;
399 int i;
400
401 for (i = 0; i < ARRAY_SIZE(nf_osf_fingers); ++i)
402 INIT_LIST_HEAD(&nf_osf_fingers[i]);
403
404 err = nfnetlink_subsys_register(&nfnl_osf_subsys);
405 if (err < 0) {
406 pr_err("Failed to register OSF nsfnetlink helper (%d)\n", err);
407 goto err_out_exit;
408 }
409 return 0;
410
411 err_out_exit:
412 return err;
413 }
414
415 static void __exit nfnl_osf_fini(void)
416 {
417 struct nf_osf_finger *f;
418 int i;
419
420 nfnetlink_subsys_unregister(&nfnl_osf_subsys);
421
422 rcu_read_lock();
423 for (i = 0; i < ARRAY_SIZE(nf_osf_fingers); ++i) {
424 list_for_each_entry_rcu(f, &nf_osf_fingers[i], finger_entry) {
425 list_del_rcu(&f->finger_entry);
426 kfree_rcu(f, rcu_head);
427 }
428 }
429 rcu_read_unlock();
430
431 rcu_barrier();
432 }
433
434 module_init(nfnl_osf_init);
435 module_exit(nfnl_osf_fini);
436
437 MODULE_LICENSE("GPL");
Mirror of linux-2.6-arm at arm.linux.org.uk