userns: don't leak root user
[wrt350n-kernel.git] / net / netfilter / xt_MARK.c
blobf30fe0baf7deba176509e36a58bdfc95e6345dda
1 /* This is a module which is used for setting the NFMARK field of an skb. */
3 /* (C) 1999-2001 Marc Boucher <marc@mbsi.ca>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
8 */
10 #include <linux/module.h>
11 #include <linux/skbuff.h>
12 #include <linux/ip.h>
13 #include <net/checksum.h>
15 #include <linux/netfilter/x_tables.h>
16 #include <linux/netfilter/xt_MARK.h>
18 MODULE_LICENSE("GPL");
19 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
20 MODULE_DESCRIPTION("ip[6]tables MARK modification module");
21 MODULE_ALIAS("ipt_MARK");
22 MODULE_ALIAS("ip6t_MARK");
24 static unsigned int
25 target_v0(struct sk_buff **pskb,
26 const struct net_device *in,
27 const struct net_device *out,
28 unsigned int hooknum,
29 const struct xt_target *target,
30 const void *targinfo)
32 const struct xt_mark_target_info *markinfo = targinfo;
34 (*pskb)->mark = markinfo->mark;
35 return XT_CONTINUE;
38 static unsigned int
39 target_v1(struct sk_buff **pskb,
40 const struct net_device *in,
41 const struct net_device *out,
42 unsigned int hooknum,
43 const struct xt_target *target,
44 const void *targinfo)
46 const struct xt_mark_target_info_v1 *markinfo = targinfo;
47 int mark = 0;
49 switch (markinfo->mode) {
50 case XT_MARK_SET:
51 mark = markinfo->mark;
52 break;
54 case XT_MARK_AND:
55 mark = (*pskb)->mark & markinfo->mark;
56 break;
58 case XT_MARK_OR:
59 mark = (*pskb)->mark | markinfo->mark;
60 break;
63 (*pskb)->mark = mark;
64 return XT_CONTINUE;
68 static bool
69 checkentry_v0(const char *tablename,
70 const void *entry,
71 const struct xt_target *target,
72 void *targinfo,
73 unsigned int hook_mask)
75 const struct xt_mark_target_info *markinfo = targinfo;
77 if (markinfo->mark > 0xffffffff) {
78 printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
79 return false;
81 return true;
84 static bool
85 checkentry_v1(const char *tablename,
86 const void *entry,
87 const struct xt_target *target,
88 void *targinfo,
89 unsigned int hook_mask)
91 const struct xt_mark_target_info_v1 *markinfo = targinfo;
93 if (markinfo->mode != XT_MARK_SET
94 && markinfo->mode != XT_MARK_AND
95 && markinfo->mode != XT_MARK_OR) {
96 printk(KERN_WARNING "MARK: unknown mode %u\n",
97 markinfo->mode);
98 return false;
100 if (markinfo->mark > 0xffffffff) {
101 printk(KERN_WARNING "MARK: Only supports 32bit wide mark\n");
102 return false;
104 return true;
107 #ifdef CONFIG_COMPAT
108 struct compat_xt_mark_target_info_v1 {
109 compat_ulong_t mark;
110 u_int8_t mode;
111 u_int8_t __pad1;
112 u_int16_t __pad2;
115 static void compat_from_user_v1(void *dst, void *src)
117 const struct compat_xt_mark_target_info_v1 *cm = src;
118 struct xt_mark_target_info_v1 m = {
119 .mark = cm->mark,
120 .mode = cm->mode,
122 memcpy(dst, &m, sizeof(m));
125 static int compat_to_user_v1(void __user *dst, void *src)
127 const struct xt_mark_target_info_v1 *m = src;
128 struct compat_xt_mark_target_info_v1 cm = {
129 .mark = m->mark,
130 .mode = m->mode,
132 return copy_to_user(dst, &cm, sizeof(cm)) ? -EFAULT : 0;
134 #endif /* CONFIG_COMPAT */
136 static struct xt_target xt_mark_target[] __read_mostly = {
138 .name = "MARK",
139 .family = AF_INET,
140 .revision = 0,
141 .checkentry = checkentry_v0,
142 .target = target_v0,
143 .targetsize = sizeof(struct xt_mark_target_info),
144 .table = "mangle",
145 .me = THIS_MODULE,
148 .name = "MARK",
149 .family = AF_INET,
150 .revision = 1,
151 .checkentry = checkentry_v1,
152 .target = target_v1,
153 .targetsize = sizeof(struct xt_mark_target_info_v1),
154 #ifdef CONFIG_COMPAT
155 .compatsize = sizeof(struct compat_xt_mark_target_info_v1),
156 .compat_from_user = compat_from_user_v1,
157 .compat_to_user = compat_to_user_v1,
158 #endif
159 .table = "mangle",
160 .me = THIS_MODULE,
163 .name = "MARK",
164 .family = AF_INET6,
165 .revision = 0,
166 .checkentry = checkentry_v0,
167 .target = target_v0,
168 .targetsize = sizeof(struct xt_mark_target_info),
169 .table = "mangle",
170 .me = THIS_MODULE,
174 static int __init xt_mark_init(void)
176 return xt_register_targets(xt_mark_target, ARRAY_SIZE(xt_mark_target));
179 static void __exit xt_mark_fini(void)
181 xt_unregister_targets(xt_mark_target, ARRAY_SIZE(xt_mark_target));
184 module_init(xt_mark_init);
185 module_exit(xt_mark_fini);