Avoid reading past buffer when calling GETACL
[zen-stable.git] / net / decnet / netfilter / dn_rtmsg.c
blob1531135130db0eb096b074e828cae8aab10b13c4
1 /*
2 * DECnet An implementation of the DECnet protocol suite for the LINUX
3 * operating system. DECnet is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * DECnet Routing Message Grabulator
8 * (C) 2000 ChyGwyn Limited - http://www.chygwyn.com/
9 * This code may be copied under the GPL v.2 or at your option
10 * any later version.
12 * Author: Steven Whitehouse <steve@chygwyn.com>
15 #include <linux/module.h>
16 #include <linux/skbuff.h>
17 #include <linux/slab.h>
18 #include <linux/init.h>
19 #include <linux/netdevice.h>
20 #include <linux/netfilter.h>
21 #include <linux/spinlock.h>
22 #include <linux/netlink.h>
23 #include <linux/netfilter_decnet.h>
25 #include <net/sock.h>
26 #include <net/flow.h>
27 #include <net/dn.h>
28 #include <net/dn_route.h>
30 static struct sock *dnrmg = NULL;
33 static struct sk_buff *dnrmg_build_message(struct sk_buff *rt_skb, int *errp)
35 struct sk_buff *skb = NULL;
36 size_t size;
37 sk_buff_data_t old_tail;
38 struct nlmsghdr *nlh;
39 unsigned char *ptr;
40 struct nf_dn_rtmsg *rtm;
42 size = NLMSG_SPACE(rt_skb->len);
43 size += NLMSG_ALIGN(sizeof(struct nf_dn_rtmsg));
44 skb = alloc_skb(size, GFP_ATOMIC);
45 if (!skb)
46 goto nlmsg_failure;
47 old_tail = skb->tail;
48 nlh = NLMSG_PUT(skb, 0, 0, 0, size - sizeof(*nlh));
49 rtm = (struct nf_dn_rtmsg *)NLMSG_DATA(nlh);
50 rtm->nfdn_ifindex = rt_skb->dev->ifindex;
51 ptr = NFDN_RTMSG(rtm);
52 skb_copy_from_linear_data(rt_skb, ptr, rt_skb->len);
53 nlh->nlmsg_len = skb->tail - old_tail;
54 return skb;
56 nlmsg_failure:
57 if (skb)
58 kfree_skb(skb);
59 *errp = -ENOMEM;
60 if (net_ratelimit())
61 printk(KERN_ERR "dn_rtmsg: error creating netlink message\n");
62 return NULL;
65 static void dnrmg_send_peer(struct sk_buff *skb)
67 struct sk_buff *skb2;
68 int status = 0;
69 int group = 0;
70 unsigned char flags = *skb->data;
72 switch (flags & DN_RT_CNTL_MSK) {
73 case DN_RT_PKT_L1RT:
74 group = DNRNG_NLGRP_L1;
75 break;
76 case DN_RT_PKT_L2RT:
77 group = DNRNG_NLGRP_L2;
78 break;
79 default:
80 return;
83 skb2 = dnrmg_build_message(skb, &status);
84 if (skb2 == NULL)
85 return;
86 NETLINK_CB(skb2).dst_group = group;
87 netlink_broadcast(dnrmg, skb2, 0, group, GFP_ATOMIC);
91 static unsigned int dnrmg_hook(unsigned int hook,
92 struct sk_buff *skb,
93 const struct net_device *in,
94 const struct net_device *out,
95 int (*okfn)(struct sk_buff *))
97 dnrmg_send_peer(skb);
98 return NF_ACCEPT;
102 #define RCV_SKB_FAIL(err) do { netlink_ack(skb, nlh, (err)); return; } while (0)
104 static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
106 struct nlmsghdr *nlh = nlmsg_hdr(skb);
108 if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
109 return;
111 if (!capable(CAP_NET_ADMIN))
112 RCV_SKB_FAIL(-EPERM);
114 /* Eventually we might send routing messages too */
116 RCV_SKB_FAIL(-EINVAL);
119 static struct nf_hook_ops dnrmg_ops __read_mostly = {
120 .hook = dnrmg_hook,
121 .pf = PF_DECnet,
122 .hooknum = NF_DN_ROUTE,
123 .priority = NF_DN_PRI_DNRTMSG,
126 static int __init dn_rtmsg_init(void)
128 int rv = 0;
130 dnrmg = netlink_kernel_create(&init_net,
131 NETLINK_DNRTMSG, DNRNG_NLGRP_MAX,
132 dnrmg_receive_user_skb,
133 NULL, THIS_MODULE);
134 if (dnrmg == NULL) {
135 printk(KERN_ERR "dn_rtmsg: Cannot create netlink socket");
136 return -ENOMEM;
139 rv = nf_register_hook(&dnrmg_ops);
140 if (rv) {
141 netlink_kernel_release(dnrmg);
144 return rv;
147 static void __exit dn_rtmsg_fini(void)
149 nf_unregister_hook(&dnrmg_ops);
150 netlink_kernel_release(dnrmg);
154 MODULE_DESCRIPTION("DECnet Routing Message Grabulator");
155 MODULE_AUTHOR("Steven Whitehouse <steve@chygwyn.com>");
156 MODULE_LICENSE("GPL");
157 MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_DNRTMSG);
159 module_init(dn_rtmsg_init);
160 module_exit(dn_rtmsg_fini);