search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 4.19.133
[linux/fpc-iii.git] / net / netfilter / nfnetlink_osf.c
blob131f9f8c0b0925c94d2f11092a57685e45289437
1 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
2 #include <linux/module.h>
3 #include <linux/kernel.h>
4
5 #include <linux/capability.h>
6 #include <linux/if.h>
7 #include <linux/inetdevice.h>
8 #include <linux/ip.h>
9 #include <linux/list.h>
10 #include <linux/rculist.h>
11 #include <linux/skbuff.h>
12 #include <linux/slab.h>
13 #include <linux/tcp.h>
14
15 #include <net/ip.h>
16 #include <net/tcp.h>
17
18 #include <linux/netfilter/nfnetlink.h>
19 #include <linux/netfilter/x_tables.h>
20 #include <net/netfilter/nf_log.h>
21 #include <linux/netfilter/nfnetlink_osf.h>
22
23 /*
24 * Indexed by dont-fragment bit.
25 * It is the only constant value in the fingerprint.
26 */
27 struct list_head nf_osf_fingers[2];
28 EXPORT_SYMBOL_GPL(nf_osf_fingers);
29
30 static inline int nf_osf_ttl(const struct sk_buff *skb,
31 int ttl_check, unsigned char f_ttl)
32 {
33 const struct iphdr *ip = ip_hdr(skb);
34
35 if (ttl_check != -1) {
36 if (ttl_check == NF_OSF_TTL_TRUE)
37 return ip->ttl == f_ttl;
38 if (ttl_check == NF_OSF_TTL_NOCHECK)
39 return 1;
40 else if (ip->ttl <= f_ttl)
41 return 1;
42 else {
43 struct in_device *in_dev = __in_dev_get_rcu(skb->dev);
44 int ret = 0;
45
46 for_ifa(in_dev) {
47 if (inet_ifa_match(ip->saddr, ifa)) {
48 ret = (ip->ttl == f_ttl);
49 break;
50 }
51 }
52 endfor_ifa(in_dev);
53
54 return ret;
55 }
56 }
57
58 return ip->ttl == f_ttl;
59 }
60
61 struct nf_osf_hdr_ctx {
62 bool df;
63 u16 window;
64 u16 totlen;
65 const unsigned char *optp;
66 unsigned int optsize;
67 };
68
69 static bool nf_osf_match_one(const struct sk_buff *skb,
70 const struct nf_osf_user_finger *f,
71 int ttl_check,
72 struct nf_osf_hdr_ctx *ctx)
73 {
74 const __u8 *optpinit = ctx->optp;
75 unsigned int check_WSS = 0;
76 int fmatch = FMATCH_WRONG;
77 int foptsize, optnum;
78 u16 mss = 0;
79
80 if (ctx->totlen != f->ss || !nf_osf_ttl(skb, ttl_check, f->ttl))
81 return false;
82
83 /*
84 * Should not happen if userspace parser was written correctly.
85 */
86 if (f->wss.wc >= OSF_WSS_MAX)
87 return false;
88
89 /* Check options */
90
91 foptsize = 0;
92 for (optnum = 0; optnum < f->opt_num; ++optnum)
93 foptsize += f->opt[optnum].length;
94
95 if (foptsize > MAX_IPOPTLEN ||
96 ctx->optsize > MAX_IPOPTLEN ||
97 ctx->optsize != foptsize)
98 return false;
99
100 check_WSS = f->wss.wc;
101
102 for (optnum = 0; optnum < f->opt_num; ++optnum) {
103 if (f->opt[optnum].kind == *ctx->optp) {
104 __u32 len = f->opt[optnum].length;
105 const __u8 *optend = ctx->optp + len;
106
107 fmatch = FMATCH_OK;
108
109 switch (*ctx->optp) {
110 case OSFOPT_MSS:
111 mss = ctx->optp[3];
112 mss <<= 8;
113 mss |= ctx->optp[2];
114
115 mss = ntohs((__force __be16)mss);
116 break;
117 case OSFOPT_TS:
118 break;
119 }
120
121 ctx->optp = optend;
122 } else
123 fmatch = FMATCH_OPT_WRONG;
124
125 if (fmatch != FMATCH_OK)
126 break;
127 }
128
129 if (fmatch != FMATCH_OPT_WRONG) {
130 fmatch = FMATCH_WRONG;
131
132 switch (check_WSS) {
133 case OSF_WSS_PLAIN:
134 if (f->wss.val == 0 || ctx->window == f->wss.val)
135 fmatch = FMATCH_OK;
136 break;
137 case OSF_WSS_MSS:
138 /*
139 * Some smart modems decrease mangle MSS to
140 * SMART_MSS_2, so we check standard, decreased
141 * and the one provided in the fingerprint MSS
142 * values.
143 */
144 #define SMART_MSS_1 1460
145 #define SMART_MSS_2 1448
146 if (ctx->window == f->wss.val * mss ||
147 ctx->window == f->wss.val * SMART_MSS_1 ||
148 ctx->window == f->wss.val * SMART_MSS_2)
149 fmatch = FMATCH_OK;
150 break;
151 case OSF_WSS_MTU:
152 if (ctx->window == f->wss.val * (mss + 40) ||
153 ctx->window == f->wss.val * (SMART_MSS_1 + 40) ||
154 ctx->window == f->wss.val * (SMART_MSS_2 + 40))
155 fmatch = FMATCH_OK;
156 break;
157 case OSF_WSS_MODULO:
158 if ((ctx->window % f->wss.val) == 0)
159 fmatch = FMATCH_OK;
160 break;
161 }
162 }
163
164 if (fmatch != FMATCH_OK)
165 ctx->optp = optpinit;
166
167 return fmatch == FMATCH_OK;
168 }
169
170 static const struct tcphdr *nf_osf_hdr_ctx_init(struct nf_osf_hdr_ctx *ctx,
171 const struct sk_buff *skb,
172 const struct iphdr *ip,
173 unsigned char *opts,
174 struct tcphdr *_tcph)
175 {
176 const struct tcphdr *tcp;
177
178 tcp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(struct tcphdr), _tcph);
179 if (!tcp)
180 return NULL;
181
182 if (!tcp->syn)
183 return NULL;
184
185 ctx->totlen = ntohs(ip->tot_len);
186 ctx->df = ntohs(ip->frag_off) & IP_DF;
187 ctx->window = ntohs(tcp->window);
188
189 if (tcp->doff * 4 > sizeof(struct tcphdr)) {
190 ctx->optsize = tcp->doff * 4 - sizeof(struct tcphdr);
191
192 ctx->optp = skb_header_pointer(skb, ip_hdrlen(skb) +
193 sizeof(struct tcphdr), ctx->optsize, opts);
194 }
195
196 return tcp;
197 }
198
199 bool
200 nf_osf_match(const struct sk_buff *skb, u_int8_t family,
201 int hooknum, struct net_device *in, struct net_device *out,
202 const struct nf_osf_info *info, struct net *net,
203 const struct list_head *nf_osf_fingers)
204 {
205 const struct iphdr *ip = ip_hdr(skb);
206 const struct nf_osf_user_finger *f;
207 unsigned char opts[MAX_IPOPTLEN];
208 const struct nf_osf_finger *kf;
209 int fcount = 0, ttl_check;
210 int fmatch = FMATCH_WRONG;
211 struct nf_osf_hdr_ctx ctx;
212 const struct tcphdr *tcp;
213 struct tcphdr _tcph;
214
215 memset(&ctx, 0, sizeof(ctx));
216
217 tcp = nf_osf_hdr_ctx_init(&ctx, skb, ip, opts, &_tcph);
218 if (!tcp)
219 return false;
220
221 ttl_check = (info->flags & NF_OSF_TTL) ? info->ttl : -1;
222
223 list_for_each_entry_rcu(kf, &nf_osf_fingers[ctx.df], finger_entry) {
224
225 f = &kf->finger;
226
227 if (!(info->flags & NF_OSF_LOG) && strcmp(info->genre, f->genre))
228 continue;
229
230 if (!nf_osf_match_one(skb, f, ttl_check, &ctx))
231 continue;
232
233 fmatch = FMATCH_OK;
234
235 fcount++;
236
237 if (info->flags & NF_OSF_LOG)
238 nf_log_packet(net, family, hooknum, skb,
239 in, out, NULL,
240 "%s [%s:%s] : %pI4:%d -> %pI4:%d hops=%d\n",
241 f->genre, f->version, f->subtype,
242 &ip->saddr, ntohs(tcp->source),
243 &ip->daddr, ntohs(tcp->dest),
244 f->ttl - ip->ttl);
245
246 if ((info->flags & NF_OSF_LOG) &&
247 info->loglevel == NF_OSF_LOGLEVEL_FIRST)
248 break;
249 }
250
251 if (!fcount && (info->flags & NF_OSF_LOG))
252 nf_log_packet(net, family, hooknum, skb, in, out, NULL,
253 "Remote OS is not known: %pI4:%u -> %pI4:%u\n",
254 &ip->saddr, ntohs(tcp->source),
255 &ip->daddr, ntohs(tcp->dest));
256
257 if (fcount)
258 fmatch = FMATCH_OK;
259
260 return fmatch == FMATCH_OK;
261 }
262 EXPORT_SYMBOL_GPL(nf_osf_match);
263
264 const char *nf_osf_find(const struct sk_buff *skb,
265 const struct list_head *nf_osf_fingers)
266 {
267 const struct iphdr *ip = ip_hdr(skb);
268 const struct nf_osf_user_finger *f;
269 unsigned char opts[MAX_IPOPTLEN];
270 const struct nf_osf_finger *kf;
271 struct nf_osf_hdr_ctx ctx;
272 const struct tcphdr *tcp;
273 const char *genre = NULL;
274 struct tcphdr _tcph;
275
276 memset(&ctx, 0, sizeof(ctx));
277
278 tcp = nf_osf_hdr_ctx_init(&ctx, skb, ip, opts, &_tcph);
279 if (!tcp)
280 return NULL;
281
282 list_for_each_entry_rcu(kf, &nf_osf_fingers[ctx.df], finger_entry) {
283 f = &kf->finger;
284 if (!nf_osf_match_one(skb, f, -1, &ctx))
285 continue;
286
287 genre = f->genre;
288 break;
289 }
290
291 return genre;
292 }
293 EXPORT_SYMBOL_GPL(nf_osf_find);
294
295 static const struct nla_policy nfnl_osf_policy[OSF_ATTR_MAX + 1] = {
296 [OSF_ATTR_FINGER] = { .len = sizeof(struct nf_osf_user_finger) },
297 };
298
299 static int nfnl_osf_add_callback(struct net *net, struct sock *ctnl,
300 struct sk_buff *skb, const struct nlmsghdr *nlh,
301 const struct nlattr * const osf_attrs[],
302 struct netlink_ext_ack *extack)
303 {
304 struct nf_osf_user_finger *f;
305 struct nf_osf_finger *kf = NULL, *sf;
306 int err = 0;
307
308 if (!capable(CAP_NET_ADMIN))
309 return -EPERM;
310
311 if (!osf_attrs[OSF_ATTR_FINGER])
312 return -EINVAL;
313
314 if (!(nlh->nlmsg_flags & NLM_F_CREATE))
315 return -EINVAL;
316
317 f = nla_data(osf_attrs[OSF_ATTR_FINGER]);
318
319 kf = kmalloc(sizeof(struct nf_osf_finger), GFP_KERNEL);
320 if (!kf)
321 return -ENOMEM;
322
323 memcpy(&kf->finger, f, sizeof(struct nf_osf_user_finger));
324
325 list_for_each_entry(sf, &nf_osf_fingers[!!f->df], finger_entry) {
326 if (memcmp(&sf->finger, f, sizeof(struct nf_osf_user_finger)))
327 continue;
328
329 kfree(kf);
330 kf = NULL;
331
332 if (nlh->nlmsg_flags & NLM_F_EXCL)
333 err = -EEXIST;
334 break;
335 }
336
337 /*
338 * We are protected by nfnl mutex.
339 */
340 if (kf)
341 list_add_tail_rcu(&kf->finger_entry, &nf_osf_fingers[!!f->df]);
342
343 return err;
344 }
345
346 static int nfnl_osf_remove_callback(struct net *net, struct sock *ctnl,
347 struct sk_buff *skb,
348 const struct nlmsghdr *nlh,
349 const struct nlattr * const osf_attrs[],
350 struct netlink_ext_ack *extack)
351 {
352 struct nf_osf_user_finger *f;
353 struct nf_osf_finger *sf;
354 int err = -ENOENT;
355
356 if (!capable(CAP_NET_ADMIN))
357 return -EPERM;
358
359 if (!osf_attrs[OSF_ATTR_FINGER])
360 return -EINVAL;
361
362 f = nla_data(osf_attrs[OSF_ATTR_FINGER]);
363
364 list_for_each_entry(sf, &nf_osf_fingers[!!f->df], finger_entry) {
365 if (memcmp(&sf->finger, f, sizeof(struct nf_osf_user_finger)))
366 continue;
367
368 /*
369 * We are protected by nfnl mutex.
370 */
371 list_del_rcu(&sf->finger_entry);
372 kfree_rcu(sf, rcu_head);
373
374 err = 0;
375 break;
376 }
377
378 return err;
379 }
380
381 static const struct nfnl_callback nfnl_osf_callbacks[OSF_MSG_MAX] = {
382 [OSF_MSG_ADD] = {
383 .call = nfnl_osf_add_callback,
384 .attr_count = OSF_ATTR_MAX,
385 .policy = nfnl_osf_policy,
386 },
387 [OSF_MSG_REMOVE] = {
388 .call = nfnl_osf_remove_callback,
389 .attr_count = OSF_ATTR_MAX,
390 .policy = nfnl_osf_policy,
391 },
392 };
393
394 static const struct nfnetlink_subsystem nfnl_osf_subsys = {
395 .name = "osf",
396 .subsys_id = NFNL_SUBSYS_OSF,
397 .cb_count = OSF_MSG_MAX,
398 .cb = nfnl_osf_callbacks,
399 };
400
401 static int __init nfnl_osf_init(void)
402 {
403 int err = -EINVAL;
404 int i;
405
406 for (i = 0; i < ARRAY_SIZE(nf_osf_fingers); ++i)
407 INIT_LIST_HEAD(&nf_osf_fingers[i]);
408
409 err = nfnetlink_subsys_register(&nfnl_osf_subsys);
410 if (err < 0) {
411 pr_err("Failed to register OSF nsfnetlink helper (%d)\n", err);
412 goto err_out_exit;
413 }
414 return 0;
415
416 err_out_exit:
417 return err;
418 }
419
420 static void __exit nfnl_osf_fini(void)
421 {
422 struct nf_osf_finger *f;
423 int i;
424
425 nfnetlink_subsys_unregister(&nfnl_osf_subsys);
426
427 rcu_read_lock();
428 for (i = 0; i < ARRAY_SIZE(nf_osf_fingers); ++i) {
429 list_for_each_entry_rcu(f, &nf_osf_fingers[i], finger_entry) {
430 list_del_rcu(&f->finger_entry);
431 kfree_rcu(f, rcu_head);
432 }
433 }
434 rcu_read_unlock();
435
436 rcu_barrier();
437 }
438
439 module_init(nfnl_osf_init);
440 module_exit(nfnl_osf_fini);
441
442 MODULE_LICENSE("GPL");
Linux with added FPC-III support