linux/net/netfilter/nf_conntrack_netlink.c
<<
>>
Prefs
   1/* Connection tracking via netlink socket. Allows for user space
   2 * protocol helpers and general trouble making from userspace.
   3 *
   4 * (C) 2001 by Jay Schulist <jschlst@samba.org>
   5 * (C) 2002-2006 by Harald Welte <laforge@gnumonks.org>
   6 * (C) 2003 by Patrick Mchardy <kaber@trash.net>
   7 * (C) 2005-2012 by Pablo Neira Ayuso <pablo@netfilter.org>
   8 *
   9 * Initial connection tracking via netlink development funded and
  10 * generally made possible by Network Robots, Inc. (www.networkrobots.com)
  11 *
  12 * Further development of this code funded by Astaro AG (http://www.astaro.com)
  13 *
  14 * This software may be used and distributed according to the terms
  15 * of the GNU General Public License, incorporated herein by reference.
  16 */
  17
  18#include <linux/init.h>
  19#include <linux/module.h>
  20#include <linux/kernel.h>
  21#include <linux/rculist.h>
  22#include <linux/rculist_nulls.h>
  23#include <linux/types.h>
  24#include <linux/timer.h>
  25#include <linux/security.h>
  26#include <linux/skbuff.h>
  27#include <linux/errno.h>
  28#include <linux/netlink.h>
  29#include <linux/spinlock.h>
  30#include <linux/interrupt.h>
  31#include <linux/slab.h>
  32#include <linux/siphash.h>
  33
  34#include <linux/netfilter.h>
  35#include <net/netlink.h>
  36#include <net/sock.h>
  37#include <net/netfilter/nf_conntrack.h>
  38#include <net/netfilter/nf_conntrack_core.h>
  39#include <net/netfilter/nf_conntrack_expect.h>
  40#include <net/netfilter/nf_conntrack_helper.h>
  41#include <net/netfilter/nf_conntrack_seqadj.h>
  42#include <net/netfilter/nf_conntrack_l4proto.h>
  43#include <net/netfilter/nf_conntrack_tuple.h>
  44#include <net/netfilter/nf_conntrack_acct.h>
  45#include <net/netfilter/nf_conntrack_zones.h>
  46#include <net/netfilter/nf_conntrack_timestamp.h>
  47#include <net/netfilter/nf_conntrack_labels.h>
  48#include <net/netfilter/nf_conntrack_synproxy.h>
  49#if IS_ENABLED(CONFIG_NF_NAT)
  50#include <net/netfilter/nf_nat.h>
  51#include <net/netfilter/nf_nat_helper.h>
  52#endif
  53
  54#include <linux/netfilter/nfnetlink.h>
  55#include <linux/netfilter/nfnetlink_conntrack.h>
  56
  57#include "nf_internals.h"
  58
  59MODULE_LICENSE("GPL");
  60
  61static int ctnetlink_dump_tuples_proto(struct sk_buff *skb,
  62                                const struct nf_conntrack_tuple *tuple,
  63                                const struct nf_conntrack_l4proto *l4proto)
  64{
  65        int ret = 0;
  66        struct nlattr *nest_parms;
  67
  68        nest_parms = nla_nest_start(skb, CTA_TUPLE_PROTO);
  69        if (!nest_parms)
  70                goto nla_put_failure;
  71        if (nla_put_u8(skb, CTA_PROTO_NUM, tuple->dst.protonum))
  72                goto nla_put_failure;
  73
  74        if (likely(l4proto->tuple_to_nlattr))
  75                ret = l4proto->tuple_to_nlattr(skb, tuple);
  76
  77        nla_nest_end(skb, nest_parms);
  78
  79        return ret;
  80
  81nla_put_failure:
  82        return -1;
  83}
  84
  85static int ipv4_tuple_to_nlattr(struct sk_buff *skb,
  86                                const struct nf_conntrack_tuple *tuple)
  87{
  88        if (nla_put_in_addr(skb, CTA_IP_V4_SRC, tuple->src.u3.ip) ||
  89            nla_put_in_addr(skb, CTA_IP_V4_DST, tuple->dst.u3.ip))
  90                return -EMSGSIZE;
  91        return 0;
  92}
  93
  94static int ipv6_tuple_to_nlattr(struct sk_buff *skb,
  95                                const struct nf_conntrack_tuple *tuple)
  96{
  97        if (nla_put_in6_addr(skb, CTA_IP_V6_SRC, &tuple->src.u3.in6) ||
  98            nla_put_in6_addr(skb, CTA_IP_V6_DST, &tuple->dst.u3.in6))
  99                return -EMSGSIZE;
 100        return 0;
 101}
 102
 103static int ctnetlink_dump_tuples_ip(struct sk_buff *skb,
 104                                    const struct nf_conntrack_tuple *tuple)
 105{
 106        int ret = 0;
 107        struct nlattr *nest_parms;
 108
 109        nest_parms = nla_nest_start(skb, CTA_TUPLE_IP);
 110        if (!nest_parms)
 111                goto nla_put_failure;
 112
 113        switch (tuple->src.l3num) {
 114        case NFPROTO_IPV4:
 115                ret = ipv4_tuple_to_nlattr(skb, tuple);
 116                break;
 117        case NFPROTO_IPV6:
 118                ret = ipv6_tuple_to_nlattr(skb, tuple);
 119                break;
 120        }
 121
 122        nla_nest_end(skb, nest_parms);
 123
 124        return ret;
 125
 126nla_put_failure:
 127        return -1;
 128}
 129
 130static int ctnetlink_dump_tuples(struct sk_buff *skb,
 131                                 const struct nf_conntrack_tuple *tuple)
 132{
 133        const struct nf_conntrack_l4proto *l4proto;
 134        int ret;
 135
 136        rcu_read_lock();
 137        ret = ctnetlink_dump_tuples_ip(skb, tuple);
 138
 139        if (ret >= 0) {
 140                l4proto = nf_ct_l4proto_find(tuple->dst.protonum);
 141                ret = ctnetlink_dump_tuples_proto(skb, tuple, l4proto);
 142        }
 143        rcu_read_unlock();
 144        return ret;
 145}
 146
 147static int ctnetlink_dump_zone_id(struct sk_buff *skb, int attrtype,
 148                                  const struct nf_conntrack_zone *zone, int dir)
 149{
 150        if (zone->id == NF_CT_DEFAULT_ZONE_ID || zone->dir != dir)
 151                return 0;
 152        if (nla_put_be16(skb, attrtype, htons(zone->id)))
 153                goto nla_put_failure;
 154        return 0;
 155
 156nla_put_failure:
 157        return -1;
 158}
 159
 160static int ctnetlink_dump_status(struct sk_buff *skb, const struct nf_conn *ct)
 161{
 162        if (nla_put_be32(skb, CTA_STATUS, htonl(ct->status)))
 163                goto nla_put_failure;
 164        return 0;
 165
 166nla_put_failure:
 167        return -1;
 168}
 169
 170static int ctnetlink_dump_timeout(struct sk_buff *skb, const struct nf_conn *ct,
 171                                  bool skip_zero)
 172{
 173        long timeout = nf_ct_expires(ct) / HZ;
 174
 175        if (skip_zero && timeout == 0)
 176                return 0;
 177
 178        if (nla_put_be32(skb, CTA_TIMEOUT, htonl(timeout)))
 179                goto nla_put_failure;
 180        return 0;
 181
 182nla_put_failure:
 183        return -1;
 184}
 185
 186static int ctnetlink_dump_protoinfo(struct sk_buff *skb, struct nf_conn *ct,
 187                                    bool destroy)
 188{
 189        const struct nf_conntrack_l4proto *l4proto;
 190        struct nlattr *nest_proto;
 191        int ret;
 192
 193        l4proto = nf_ct_l4proto_find(nf_ct_protonum(ct));
 194        if (!l4proto->to_nlattr)
 195                return 0;
 196
 197        nest_proto = nla_nest_start(skb, CTA_PROTOINFO);
 198        if (!nest_proto)
 199                goto nla_put_failure;
 200
 201        ret = l4proto->to_nlattr(skb, nest_proto, ct, destroy);
 202
 203        nla_nest_end(skb, nest_proto);
 204
 205        return ret;
 206
 207nla_put_failure:
 208        return -1;
 209}
 210
 211static int ctnetlink_dump_helpinfo(struct sk_buff *skb,
 212                                   const struct nf_conn *ct)
 213{
 214        struct nlattr *nest_helper;
 215        const struct nf_conn_help *help = nfct_help(ct);
 216        struct nf_conntrack_helper *helper;
 217
 218        if (!help)
 219                return 0;
 220
 221        rcu_read_lock();
 222        helper = rcu_dereference(help->helper);
 223        if (!helper)
 224                goto out;
 225
 226        nest_helper = nla_nest_start(skb, CTA_HELP);
 227        if (!nest_helper)
 228                goto nla_put_failure;
 229        if (nla_put_string(skb, CTA_HELP_NAME, helper->name))
 230                goto nla_put_failure;
 231
 232        if (helper->to_nlattr)
 233                helper->to_nlattr(skb, ct);
 234
 235        nla_nest_end(skb, nest_helper);
 236out:
 237        rcu_read_unlock();
 238        return 0;
 239
 240nla_put_failure:
 241        rcu_read_unlock();
 242        return -1;
 243}
 244
 245static int
 246dump_counters(struct sk_buff *skb, struct nf_conn_acct *acct,
 247              enum ip_conntrack_dir dir, int type)
 248{
 249        enum ctattr_type attr = dir ? CTA_COUNTERS_REPLY: CTA_COUNTERS_ORIG;
 250        struct nf_conn_counter *counter = acct->counter;
 251        struct nlattr *nest_count;
 252        u64 pkts, bytes;
 253
 254        if (type == IPCTNL_MSG_CT_GET_CTRZERO) {
 255                pkts = atomic64_xchg(&counter[dir].packets, 0);
 256                bytes = atomic64_xchg(&counter[dir].bytes, 0);
 257        } else {
 258                pkts = atomic64_read(&counter[dir].packets);
 259                bytes = atomic64_read(&counter[dir].bytes);
 260        }
 261
 262        nest_count = nla_nest_start(skb, attr);
 263        if (!nest_count)
 264                goto nla_put_failure;
 265
 266        if (nla_put_be64(skb, CTA_COUNTERS_PACKETS, cpu_to_be64(pkts),
 267                         CTA_COUNTERS_PAD) ||
 268            nla_put_be64(skb, CTA_COUNTERS_BYTES, cpu_to_be64(bytes),
 269                         CTA_COUNTERS_PAD))
 270                goto nla_put_failure;
 271
 272        nla_nest_end(skb, nest_count);
 273
 274        return 0;
 275
 276nla_put_failure:
 277        return -1;
 278}
 279
 280static int
 281ctnetlink_dump_acct(struct sk_buff *skb, const struct nf_conn *ct, int type)
 282{
 283        struct nf_conn_acct *acct = nf_conn_acct_find(ct);
 284
 285        if (!acct)
 286                return 0;
 287
 288        if (dump_counters(skb, acct, IP_CT_DIR_ORIGINAL, type) < 0)
 289                return -1;
 290        if (dump_counters(skb, acct, IP_CT_DIR_REPLY, type) < 0)
 291                return -1;
 292
 293        return 0;
 294}
 295
 296static int
 297ctnetlink_dump_timestamp(struct sk_buff *skb, const struct nf_conn *ct)
 298{
 299        struct nlattr *nest_count;
 300        const struct nf_conn_tstamp *tstamp;
 301
 302        tstamp = nf_conn_tstamp_find(ct);
 303        if (!tstamp)
 304                return 0;
 305
 306        nest_count = nla_nest_start(skb, CTA_TIMESTAMP);
 307        if (!nest_count)
 308                goto nla_put_failure;
 309
 310        if (nla_put_be64(skb, CTA_TIMESTAMP_START, cpu_to_be64(tstamp->start),
 311                         CTA_TIMESTAMP_PAD) ||
 312            (tstamp->stop != 0 && nla_put_be64(skb, CTA_TIMESTAMP_STOP,
 313                                               cpu_to_be64(tstamp->stop),
 314                                               CTA_TIMESTAMP_PAD)))
 315                goto nla_put_failure;
 316        nla_nest_end(skb, nest_count);
 317
 318        return 0;
 319
 320nla_put_failure:
 321        return -1;
 322}
 323
 324#ifdef CONFIG_NF_CONNTRACK_MARK
 325static int ctnetlink_dump_mark(struct sk_buff *skb, const struct nf_conn *ct)
 326{
 327        if (nla_put_be32(skb, CTA_MARK, htonl(ct->mark)))
 328                goto nla_put_failure;
 329        return 0;
 330
 331nla_put_failure:
 332        return -1;
 333}
 334#else
 335#define ctnetlink_dump_mark(a, b) (0)
 336#endif
 337
 338#ifdef CONFIG_NF_CONNTRACK_SECMARK
 339static int ctnetlink_dump_secctx(struct sk_buff *skb, const struct nf_conn *ct)
 340{
 341        struct nlattr *nest_secctx;
 342        int len, ret;
 343        char *secctx;
 344
 345        ret = security_secid_to_secctx(ct->secmark, &secctx, &len);
 346        if (ret)
 347                return 0;
 348
 349        ret = -1;
 350        nest_secctx = nla_nest_start(skb, CTA_SECCTX);
 351        if (!nest_secctx)
 352                goto nla_put_failure;
 353
 354        if (nla_put_string(skb, CTA_SECCTX_NAME, secctx))
 355                goto nla_put_failure;
 356        nla_nest_end(skb, nest_secctx);
 357
 358        ret = 0;
 359nla_put_failure:
 360        security_release_secctx(secctx, len);
 361        return ret;
 362}
 363#else
 364#define ctnetlink_dump_secctx(a, b) (0)
 365#endif
 366
 367#ifdef CONFIG_NF_CONNTRACK_LABELS
 368static inline int ctnetlink_label_size(const struct nf_conn *ct)
 369{
 370        struct nf_conn_labels *labels = nf_ct_labels_find(ct);
 371
 372        if (!labels)
 373                return 0;
 374        return nla_total_size(sizeof(labels->bits));
 375}
 376
 377static int
 378ctnetlink_dump_labels(struct sk_buff *skb, const struct nf_conn *ct)
 379{
 380        struct nf_conn_labels *labels = nf_ct_labels_find(ct);
 381        unsigned int i;
 382
 383        if (!labels)
 384                return 0;
 385
 386        i = 0;
 387        do {
 388                if (labels->bits[i] != 0)
 389                        return nla_put(skb, CTA_LABELS, sizeof(labels->bits),
 390                                       labels->bits);
 391                i++;
 392        } while (i < ARRAY_SIZE(labels->bits));
 393
 394        return 0;
 395}
 396#else
 397#define ctnetlink_dump_labels(a, b) (0)
 398#define ctnetlink_label_size(a) (0)
 399#endif
 400
 401#define master_tuple(ct) &(ct->master->tuplehash[IP_CT_DIR_ORIGINAL].tuple)
 402
 403static int ctnetlink_dump_master(struct sk_buff *skb, const struct nf_conn *ct)
 404{
 405        struct nlattr *nest_parms;
 406
 407        if (!(ct->status & IPS_EXPECTED))
 408                return 0;
 409
 410        nest_parms = nla_nest_start(skb, CTA_TUPLE_MASTER);
 411        if (!nest_parms)
 412                goto nla_put_failure;
 413        if (ctnetlink_dump_tuples(skb, master_tuple(ct)) < 0)
 414                goto nla_put_failure;
 415        nla_nest_end(skb, nest_parms);
 416
 417        return 0;
 418
 419nla_put_failure:
 420        return -1;
 421}
 422
 423static int
 424dump_ct_seq_adj(struct sk_buff *skb, const struct nf_ct_seqadj *seq, int type)
 425{
 426        struct nlattr *nest_parms;
 427
 428        nest_parms = nla_nest_start(skb, type);
 429        if (!nest_parms)
 430                goto nla_put_failure;
 431
 432        if (nla_put_be32(skb, CTA_SEQADJ_CORRECTION_POS,
 433                         htonl(seq->correction_pos)) ||
 434            nla_put_be32(skb, CTA_SEQADJ_OFFSET_BEFORE,
 435                         htonl(seq->offset_before)) ||
 436            nla_put_be32(skb, CTA_SEQADJ_OFFSET_AFTER,
 437                         htonl(seq->offset_after)))
 438                goto nla_put_failure;
 439
 440        nla_nest_end(skb, nest_parms);
 441
 442        return 0;
 443
 444nla_put_failure:
 445        return -1;
 446}
 447
 448static int ctnetlink_dump_ct_seq_adj(struct sk_buff *skb, struct nf_conn *ct)
 449{
 450        struct nf_conn_seqadj *seqadj = nfct_seqadj(ct);
 451        struct nf_ct_seqadj *seq;
 452
 453        if (!(ct->status & IPS_SEQ_ADJUST) || !seqadj)
 454                return 0;
 455
 456        spin_lock_bh(&ct->lock);
 457        seq = &seqadj->seq[IP_CT_DIR_ORIGINAL];
 458        if (dump_ct_seq_adj(skb, seq, CTA_SEQ_ADJ_ORIG) == -1)
 459                goto err;
 460
 461        seq = &seqadj->seq[IP_CT_DIR_REPLY];
 462        if (dump_ct_seq_adj(skb, seq, CTA_SEQ_ADJ_REPLY) == -1)
 463                goto err;
 464
 465        spin_unlock_bh(&ct->lock);
 466        return 0;
 467err:
 468        spin_unlock_bh(&ct->lock);
 469        return -1;
 470}
 471
 472static int ctnetlink_dump_ct_synproxy(struct sk_buff *skb, struct nf_conn *ct)
 473{
 474        struct nf_conn_synproxy *synproxy = nfct_synproxy(ct);
 475        struct nlattr *nest_parms;
 476
 477        if (!synproxy)
 478                return 0;
 479
 480        nest_parms = nla_nest_start(skb, CTA_SYNPROXY);
 481        if (!nest_parms)
 482                goto nla_put_failure;
 483
 484        if (nla_put_be32(skb, CTA_SYNPROXY_ISN, htonl(synproxy->isn)) ||
 485            nla_put_be32(skb, CTA_SYNPROXY_ITS, htonl(synproxy->its)) ||
 486            nla_put_be32(skb, CTA_SYNPROXY_TSOFF, htonl(synproxy->tsoff)))
 487                goto nla_put_failure;
 488
 489        nla_nest_end(skb, nest_parms);
 490
 491        return 0;
 492
 493nla_put_failure:
 494        return -1;
 495}
 496
 497static int ctnetlink_dump_id(struct sk_buff *skb, const struct nf_conn *ct)
 498{
 499        __be32 id = (__force __be32)nf_ct_get_id(ct);
 500
 501        if (nla_put_be32(skb, CTA_ID, id))
 502                goto nla_put_failure;
 503        return 0;
 504
 505nla_put_failure:
 506        return -1;
 507}
 508
 509static int ctnetlink_dump_use(struct sk_buff *skb, const struct nf_conn *ct)
 510{
 511        if (nla_put_be32(skb, CTA_USE, htonl(atomic_read(&ct->ct_general.use))))
 512                goto nla_put_failure;
 513        return 0;
 514
 515nla_put_failure:
 516        return -1;
 517}
 518
 519/* all these functions access ct->ext. Caller must either hold a reference
 520 * on ct or prevent its deletion by holding either the bucket spinlock or
 521 * pcpu dying list lock.
 522 */
 523static int ctnetlink_dump_extinfo(struct sk_buff *skb,
 524                                  struct nf_conn *ct, u32 type)
 525{
 526        if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
 527            ctnetlink_dump_timestamp(skb, ct) < 0 ||
 528            ctnetlink_dump_helpinfo(skb, ct) < 0 ||
 529            ctnetlink_dump_labels(skb, ct) < 0 ||
 530            ctnetlink_dump_ct_seq_adj(skb, ct) < 0 ||
 531            ctnetlink_dump_ct_synproxy(skb, ct) < 0)
 532                return -1;
 533
 534        return 0;
 535}
 536
 537static int ctnetlink_dump_info(struct sk_buff *skb, struct nf_conn *ct)
 538{
 539        if (ctnetlink_dump_status(skb, ct) < 0 ||
 540            ctnetlink_dump_mark(skb, ct) < 0 ||
 541            ctnetlink_dump_secctx(skb, ct) < 0 ||
 542            ctnetlink_dump_id(skb, ct) < 0 ||
 543            ctnetlink_dump_use(skb, ct) < 0 ||
 544            ctnetlink_dump_master(skb, ct) < 0)
 545                return -1;
 546
 547        if (!test_bit(IPS_OFFLOAD_BIT, &ct->status) &&
 548            (ctnetlink_dump_timeout(skb, ct, false) < 0 ||
 549             ctnetlink_dump_protoinfo(skb, ct, false) < 0))
 550                return -1;
 551
 552        return 0;
 553}
 554
 555static int
 556ctnetlink_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
 557                    struct nf_conn *ct, bool extinfo, unsigned int flags)
 558{
 559        const struct nf_conntrack_zone *zone;
 560        struct nlmsghdr *nlh;
 561        struct nlattr *nest_parms;
 562        unsigned int event;
 563
 564        if (portid)
 565                flags |= NLM_F_MULTI;
 566        event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_NEW);
 567        nlh = nfnl_msg_put(skb, portid, seq, event, flags, nf_ct_l3num(ct),
 568                           NFNETLINK_V0, 0);
 569        if (!nlh)
 570                goto nlmsg_failure;
 571
 572        zone = nf_ct_zone(ct);
 573
 574        nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG);
 575        if (!nest_parms)
 576                goto nla_put_failure;
 577        if (ctnetlink_dump_tuples(skb, nf_ct_tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
 578                goto nla_put_failure;
 579        if (ctnetlink_dump_zone_id(skb, CTA_TUPLE_ZONE, zone,
 580                                   NF_CT_ZONE_DIR_ORIG) < 0)
 581                goto nla_put_failure;
 582        nla_nest_end(skb, nest_parms);
 583
 584        nest_parms = nla_nest_start(skb, CTA_TUPLE_REPLY);
 585        if (!nest_parms)
 586                goto nla_put_failure;
 587        if (ctnetlink_dump_tuples(skb, nf_ct_tuple(ct, IP_CT_DIR_REPLY)) < 0)
 588                goto nla_put_failure;
 589        if (ctnetlink_dump_zone_id(skb, CTA_TUPLE_ZONE, zone,
 590                                   NF_CT_ZONE_DIR_REPL) < 0)
 591                goto nla_put_failure;
 592        nla_nest_end(skb, nest_parms);
 593
 594        if (ctnetlink_dump_zone_id(skb, CTA_ZONE, zone,
 595                                   NF_CT_DEFAULT_ZONE_DIR) < 0)
 596                goto nla_put_failure;
 597
 598        if (ctnetlink_dump_info(skb, ct) < 0)
 599                goto nla_put_failure;
 600        if (extinfo && ctnetlink_dump_extinfo(skb, ct, type) < 0)
 601                goto nla_put_failure;
 602
 603        nlmsg_end(skb, nlh);
 604        return skb->len;
 605
 606nlmsg_failure:
 607nla_put_failure:
 608        nlmsg_cancel(skb, nlh);
 609        return -1;
 610}
 611
 612static const struct nla_policy cta_ip_nla_policy[CTA_IP_MAX + 1] = {
 613        [CTA_IP_V4_SRC] = { .type = NLA_U32 },
 614        [CTA_IP_V4_DST] = { .type = NLA_U32 },
 615        [CTA_IP_V6_SRC] = { .len = sizeof(__be32) * 4 },
 616        [CTA_IP_V6_DST] = { .len = sizeof(__be32) * 4 },
 617};
 618
 619#if defined(CONFIG_NETFILTER_NETLINK_GLUE_CT) || defined(CONFIG_NF_CONNTRACK_EVENTS)
 620static size_t ctnetlink_proto_size(const struct nf_conn *ct)
 621{
 622        const struct nf_conntrack_l4proto *l4proto;
 623        size_t len, len4 = 0;
 624
 625        len = nla_policy_len(cta_ip_nla_policy, CTA_IP_MAX + 1);
 626        len *= 3u; /* ORIG, REPLY, MASTER */
 627
 628        l4proto = nf_ct_l4proto_find(nf_ct_protonum(ct));
 629        len += l4proto->nlattr_size;
 630        if (l4proto->nlattr_tuple_size) {
 631                len4 = l4proto->nlattr_tuple_size();
 632                len4 *= 3u; /* ORIG, REPLY, MASTER */
 633        }
 634
 635        return len + len4;
 636}
 637#endif
 638
 639static inline size_t ctnetlink_acct_size(const struct nf_conn *ct)
 640{
 641        if (!nf_ct_ext_exist(ct, NF_CT_EXT_ACCT))
 642                return 0;
 643        return 2 * nla_total_size(0) /* CTA_COUNTERS_ORIG|REPL */
 644               + 2 * nla_total_size_64bit(sizeof(uint64_t)) /* CTA_COUNTERS_PACKETS */
 645               + 2 * nla_total_size_64bit(sizeof(uint64_t)) /* CTA_COUNTERS_BYTES */
 646               ;
 647}
 648
 649static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
 650{
 651#ifdef CONFIG_NF_CONNTRACK_SECMARK
 652        int len, ret;
 653
 654        ret = security_secid_to_secctx(ct->secmark, NULL, &len);
 655        if (ret)
 656                return 0;
 657
 658        return nla_total_size(0) /* CTA_SECCTX */
 659               + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */
 660#else
 661        return 0;
 662#endif
 663}
 664
 665static inline size_t ctnetlink_timestamp_size(const struct nf_conn *ct)
 666{
 667#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
 668        if (!nf_ct_ext_exist(ct, NF_CT_EXT_TSTAMP))
 669                return 0;
 670        return nla_total_size(0) + 2 * nla_total_size_64bit(sizeof(uint64_t));
 671#else
 672        return 0;
 673#endif
 674}
 675
 676#ifdef CONFIG_NF_CONNTRACK_EVENTS
 677static size_t ctnetlink_nlmsg_size(const struct nf_conn *ct)
 678{
 679        return NLMSG_ALIGN(sizeof(struct nfgenmsg))
 680               + 3 * nla_total_size(0) /* CTA_TUPLE_ORIG|REPL|MASTER */
 681               + 3 * nla_total_size(0) /* CTA_TUPLE_IP */
 682               + 3 * nla_total_size(0) /* CTA_TUPLE_PROTO */
 683               + 3 * nla_total_size(sizeof(u_int8_t)) /* CTA_PROTO_NUM */
 684               + nla_total_size(sizeof(u_int32_t)) /* CTA_ID */
 685               + nla_total_size(sizeof(u_int32_t)) /* CTA_STATUS */
 686               + ctnetlink_acct_size(ct)
 687               + ctnetlink_timestamp_size(ct)
 688               + nla_total_size(sizeof(u_int32_t)) /* CTA_TIMEOUT */
 689               + nla_total_size(0) /* CTA_PROTOINFO */
 690               + nla_total_size(0) /* CTA_HELP */
 691               + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */
 692               + ctnetlink_secctx_size(ct)
 693#if IS_ENABLED(CONFIG_NF_NAT)
 694               + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */
 695               + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */
 696#endif
 697#ifdef CONFIG_NF_CONNTRACK_MARK
 698               + nla_total_size(sizeof(u_int32_t)) /* CTA_MARK */
 699#endif
 700#ifdef CONFIG_NF_CONNTRACK_ZONES
 701               + nla_total_size(sizeof(u_int16_t)) /* CTA_ZONE|CTA_TUPLE_ZONE */
 702#endif
 703               + ctnetlink_proto_size(ct)
 704               + ctnetlink_label_size(ct)
 705               ;
 706}
 707
 708static int
 709ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item)
 710{
 711        const struct nf_conntrack_zone *zone;
 712        struct net *net;
 713        struct nlmsghdr *nlh;
 714        struct nlattr *nest_parms;
 715        struct nf_conn *ct = item->ct;
 716        struct sk_buff *skb;
 717        unsigned int type;
 718        unsigned int flags = 0, group;
 719        int err;
 720
 721        if (events & (1 << IPCT_DESTROY)) {
 722                type = IPCTNL_MSG_CT_DELETE;
 723                group = NFNLGRP_CONNTRACK_DESTROY;
 724        } else if (events & ((1 << IPCT_NEW) | (1 << IPCT_RELATED))) {
 725                type = IPCTNL_MSG_CT_NEW;
 726                flags = NLM_F_CREATE|NLM_F_EXCL;
 727                group = NFNLGRP_CONNTRACK_NEW;
 728        } else if (events) {
 729                type = IPCTNL_MSG_CT_NEW;
 730                group = NFNLGRP_CONNTRACK_UPDATE;
 731        } else
 732                return 0;
 733
 734        net = nf_ct_net(ct);
 735        if (!item->report && !nfnetlink_has_listeners(net, group))
 736                return 0;
 737
 738        skb = nlmsg_new(ctnetlink_nlmsg_size(ct), GFP_ATOMIC);
 739        if (skb == NULL)
 740                goto errout;
 741
 742        type = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK, type);
 743        nlh = nfnl_msg_put(skb, item->portid, 0, type, flags, nf_ct_l3num(ct),
 744                           NFNETLINK_V0, 0);
 745        if (!nlh)
 746                goto nlmsg_failure;
 747
 748        zone = nf_ct_zone(ct);
 749
 750        nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG);
 751        if (!nest_parms)
 752                goto nla_put_failure;
 753        if (ctnetlink_dump_tuples(skb, nf_ct_tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
 754                goto nla_put_failure;
 755        if (ctnetlink_dump_zone_id(skb, CTA_TUPLE_ZONE, zone,
 756                                   NF_CT_ZONE_DIR_ORIG) < 0)
 757                goto nla_put_failure;
 758        nla_nest_end(skb, nest_parms);
 759
 760        nest_parms = nla_nest_start(skb, CTA_TUPLE_REPLY);
 761        if (!nest_parms)
 762                goto nla_put_failure;
 763        if (ctnetlink_dump_tuples(skb, nf_ct_tuple(ct, IP_CT_DIR_REPLY)) < 0)
 764                goto nla_put_failure;
 765        if (ctnetlink_dump_zone_id(skb, CTA_TUPLE_ZONE, zone,
 766                                   NF_CT_ZONE_DIR_REPL) < 0)
 767                goto nla_put_failure;
 768        nla_nest_end(skb, nest_parms);
 769
 770        if (ctnetlink_dump_zone_id(skb, CTA_ZONE, zone,
 771                                   NF_CT_DEFAULT_ZONE_DIR) < 0)
 772                goto nla_put_failure;
 773
 774        if (ctnetlink_dump_id(skb, ct) < 0)
 775                goto nla_put_failure;
 776
 777        if (ctnetlink_dump_status(skb, ct) < 0)
 778                goto nla_put_failure;
 779
 780        if (events & (1 << IPCT_DESTROY)) {
 781                if (ctnetlink_dump_timeout(skb, ct, true) < 0)
 782                        goto nla_put_failure;
 783
 784                if (ctnetlink_dump_acct(skb, ct, type) < 0 ||
 785                    ctnetlink_dump_timestamp(skb, ct) < 0 ||
 786                    ctnetlink_dump_protoinfo(skb, ct, true) < 0)
 787                        goto nla_put_failure;
 788        } else {
 789                if (ctnetlink_dump_timeout(skb, ct, false) < 0)
 790                        goto nla_put_failure;
 791
 792                if (events & (1 << IPCT_PROTOINFO) &&
 793                    ctnetlink_dump_protoinfo(skb, ct, false) < 0)
 794                        goto nla_put_failure;
 795
 796                if ((events & (1 << IPCT_HELPER) || nfct_help(ct))
 797                    && ctnetlink_dump_helpinfo(skb, ct) < 0)
 798                        goto nla_put_failure;
 799
 800#ifdef CONFIG_NF_CONNTRACK_SECMARK
 801                if ((events & (1 << IPCT_SECMARK) || ct->secmark)
 802                    && ctnetlink_dump_secctx(skb, ct) < 0)
 803                        goto nla_put_failure;
 804#endif
 805                if (events & (1 << IPCT_LABEL) &&
 806                     ctnetlink_dump_labels(skb, ct) < 0)
 807                        goto nla_put_failure;
 808
 809                if (events & (1 << IPCT_RELATED) &&
 810                    ctnetlink_dump_master(skb, ct) < 0)
 811                        goto nla_put_failure;
 812
 813                if (events & (1 << IPCT_SEQADJ) &&
 814                    ctnetlink_dump_ct_seq_adj(skb, ct) < 0)
 815                        goto nla_put_failure;
 816
 817                if (events & (1 << IPCT_SYNPROXY) &&
 818                    ctnetlink_dump_ct_synproxy(skb, ct) < 0)
 819                        goto nla_put_failure;
 820        }
 821
 822#ifdef CONFIG_NF_CONNTRACK_MARK
 823        if ((events & (1 << IPCT_MARK) || ct->mark)
 824            && ctnetlink_dump_mark(skb, ct) < 0)
 825                goto nla_put_failure;
 826#endif
 827        nlmsg_end(skb, nlh);
 828        err = nfnetlink_send(skb, net, item->portid, group, item->report,
 829                             GFP_ATOMIC);
 830        if (err == -ENOBUFS || err == -EAGAIN)
 831                return -ENOBUFS;
 832
 833        return 0;
 834
 835nla_put_failure:
 836        nlmsg_cancel(skb, nlh);
 837nlmsg_failure:
 838        kfree_skb(skb);
 839errout:
 840        if (nfnetlink_set_err(net, 0, group, -ENOBUFS) > 0)
 841                return -ENOBUFS;
 842
 843        return 0;
 844}
 845#endif /* CONFIG_NF_CONNTRACK_EVENTS */
 846
 847static int ctnetlink_done(struct netlink_callback *cb)
 848{
 849        if (cb->args[1])
 850                nf_ct_put((struct nf_conn *)cb->args[1]);
 851        kfree(cb->data);
 852        return 0;
 853}
 854
 855struct ctnetlink_filter {
 856        u8 family;
 857
 858        u_int32_t orig_flags;
 859        u_int32_t reply_flags;
 860
 861        struct nf_conntrack_tuple orig;
 862        struct nf_conntrack_tuple reply;
 863        struct nf_conntrack_zone zone;
 864
 865        struct {
 866                u_int32_t val;
 867                u_int32_t mask;
 868        } mark;
 869};
 870
 871static const struct nla_policy cta_filter_nla_policy[CTA_FILTER_MAX + 1] = {
 872        [CTA_FILTER_ORIG_FLAGS]         = { .type = NLA_U32 },
 873        [CTA_FILTER_REPLY_FLAGS]        = { .type = NLA_U32 },
 874};
 875
 876static int ctnetlink_parse_filter(const struct nlattr *attr,
 877                                  struct ctnetlink_filter *filter)
 878{
 879        struct nlattr *tb[CTA_FILTER_MAX + 1];
 880        int ret = 0;
 881
 882        ret = nla_parse_nested(tb, CTA_FILTER_MAX, attr, cta_filter_nla_policy,
 883                               NULL);
 884        if (ret)
 885                return ret;
 886
 887        if (tb[CTA_FILTER_ORIG_FLAGS]) {
 888                filter->orig_flags = nla_get_u32(tb[CTA_FILTER_ORIG_FLAGS]);
 889                if (filter->orig_flags & ~CTA_FILTER_F_ALL)
 890                        return -EOPNOTSUPP;
 891        }
 892
 893        if (tb[CTA_FILTER_REPLY_FLAGS]) {
 894                filter->reply_flags = nla_get_u32(tb[CTA_FILTER_REPLY_FLAGS]);
 895                if (filter->reply_flags & ~CTA_FILTER_F_ALL)
 896                        return -EOPNOTSUPP;
 897        }
 898
 899        return 0;
 900}
 901
 902static int ctnetlink_parse_zone(const struct nlattr *attr,
 903                                struct nf_conntrack_zone *zone);
 904static int ctnetlink_parse_tuple_filter(const struct nlattr * const cda[],
 905                                         struct nf_conntrack_tuple *tuple,
 906                                         u32 type, u_int8_t l3num,
 907                                         struct nf_conntrack_zone *zone,
 908                                         u_int32_t flags);
 909
 910static struct ctnetlink_filter *
 911ctnetlink_alloc_filter(const struct nlattr * const cda[], u8 family)
 912{
 913        struct ctnetlink_filter *filter;
 914        int err;
 915
 916#ifndef CONFIG_NF_CONNTRACK_MARK
 917        if (cda[CTA_MARK] || cda[CTA_MARK_MASK])
 918                return ERR_PTR(-EOPNOTSUPP);
 919#endif
 920
 921        filter = kzalloc(sizeof(*filter), GFP_KERNEL);
 922        if (filter == NULL)
 923                return ERR_PTR(-ENOMEM);
 924
 925        filter->family = family;
 926
 927#ifdef CONFIG_NF_CONNTRACK_MARK
 928        if (cda[CTA_MARK]) {
 929                filter->mark.val = ntohl(nla_get_be32(cda[CTA_MARK]));
 930                if (cda[CTA_MARK_MASK])
 931                        filter->mark.mask = ntohl(nla_get_be32(cda[CTA_MARK_MASK]));
 932                else
 933                        filter->mark.mask = 0xffffffff;
 934        } else if (cda[CTA_MARK_MASK]) {
 935                err = -EINVAL;
 936                goto err_filter;
 937        }
 938#endif
 939        if (!cda[CTA_FILTER])
 940                return filter;
 941
 942        err = ctnetlink_parse_zone(cda[CTA_ZONE], &filter->zone);
 943        if (err < 0)
 944                goto err_filter;
 945
 946        err = ctnetlink_parse_filter(cda[CTA_FILTER], filter);
 947        if (err < 0)
 948                goto err_filter;
 949
 950        if (filter->orig_flags) {
 951                if (!cda[CTA_TUPLE_ORIG]) {
 952                        err = -EINVAL;
 953                        goto err_filter;
 954                }
 955
 956                err = ctnetlink_parse_tuple_filter(cda, &filter->orig,
 957                                                   CTA_TUPLE_ORIG,
 958                                                   filter->family,
 959                                                   &filter->zone,
 960                                                   filter->orig_flags);
 961                if (err < 0)
 962                        goto err_filter;
 963        }
 964
 965        if (filter->reply_flags) {
 966                if (!cda[CTA_TUPLE_REPLY]) {
 967                        err = -EINVAL;
 968                        goto err_filter;
 969                }
 970
 971                err = ctnetlink_parse_tuple_filter(cda, &filter->reply,
 972                                                   CTA_TUPLE_REPLY,
 973                                                   filter->family,
 974                                                   &filter->zone,
 975                                                   filter->orig_flags);
 976                if (err < 0) {
 977                        err = -EINVAL;
 978                        goto err_filter;
 979                }
 980        }
 981
 982        return filter;
 983
 984err_filter:
 985        kfree(filter);
 986
 987        return ERR_PTR(err);
 988}
 989
 990static bool ctnetlink_needs_filter(u8 family, const struct nlattr * const *cda)
 991{
 992        return family || cda[CTA_MARK] || cda[CTA_FILTER];
 993}
 994
 995static int ctnetlink_start(struct netlink_callback *cb)
 996{
 997        const struct nlattr * const *cda = cb->data;
 998        struct ctnetlink_filter *filter = NULL;
 999        struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
1000        u8 family = nfmsg->nfgen_family;
1001
1002        if (ctnetlink_needs_filter(family, cda)) {
1003                filter = ctnetlink_alloc_filter(cda, family);
1004                if (IS_ERR(filter))
1005                        return PTR_ERR(filter);
1006        }
1007
1008        cb->data = filter;
1009        return 0;
1010}
1011
1012static int ctnetlink_filter_match_tuple(struct nf_conntrack_tuple *filter_tuple,
1013                                        struct nf_conntrack_tuple *ct_tuple,
1014                                        u_int32_t flags, int family)
1015{
1016        switch (family) {
1017        case NFPROTO_IPV4:
1018                if ((flags & CTA_FILTER_FLAG(CTA_IP_SRC)) &&
1019                    filter_tuple->src.u3.ip != ct_tuple->src.u3.ip)
1020                        return  0;
1021
1022                if ((flags & CTA_FILTER_FLAG(CTA_IP_DST)) &&
1023                    filter_tuple->dst.u3.ip != ct_tuple->dst.u3.ip)
1024                        return  0;
1025                break;
1026        case NFPROTO_IPV6:
1027                if ((flags & CTA_FILTER_FLAG(CTA_IP_SRC)) &&
1028                    !ipv6_addr_cmp(&filter_tuple->src.u3.in6,
1029                                   &ct_tuple->src.u3.in6))
1030                        return 0;
1031
1032                if ((flags & CTA_FILTER_FLAG(CTA_IP_DST)) &&
1033                    !ipv6_addr_cmp(&filter_tuple->dst.u3.in6,
1034                                   &ct_tuple->dst.u3.in6))
1035                        return 0;
1036                break;
1037        }
1038
1039        if ((flags & CTA_FILTER_FLAG(CTA_PROTO_NUM)) &&
1040            filter_tuple->dst.protonum != ct_tuple->dst.protonum)
1041                return 0;
1042
1043        switch (ct_tuple->dst.protonum) {
1044        case IPPROTO_TCP:
1045        case IPPROTO_UDP:
1046                if ((flags & CTA_FILTER_FLAG(CTA_PROTO_SRC_PORT)) &&
1047                    filter_tuple->src.u.tcp.port != ct_tuple->src.u.tcp.port)
1048                        return 0;
1049
1050                if ((flags & CTA_FILTER_FLAG(CTA_PROTO_DST_PORT)) &&
1051                    filter_tuple->dst.u.tcp.port != ct_tuple->dst.u.tcp.port)
1052                        return 0;
1053                break;
1054        case IPPROTO_ICMP:
1055                if ((flags & CTA_FILTER_FLAG(CTA_PROTO_ICMP_TYPE)) &&
1056                    filter_tuple->dst.u.icmp.type != ct_tuple->dst.u.icmp.type)
1057                        return 0;
1058                if ((flags & CTA_FILTER_FLAG(CTA_PROTO_ICMP_CODE)) &&
1059                    filter_tuple->dst.u.icmp.code != ct_tuple->dst.u.icmp.code)
1060                        return 0;
1061                if ((flags & CTA_FILTER_FLAG(CTA_PROTO_ICMP_ID)) &&
1062                    filter_tuple->src.u.icmp.id != ct_tuple->src.u.icmp.id)
1063                        return 0;
1064                break;
1065        case IPPROTO_ICMPV6:
1066                if ((flags & CTA_FILTER_FLAG(CTA_PROTO_ICMPV6_TYPE)) &&
1067                    filter_tuple->dst.u.icmp.type != ct_tuple->dst.u.icmp.type)
1068                        return 0;
1069                if ((flags & CTA_FILTER_FLAG(CTA_PROTO_ICMPV6_CODE)) &&
1070                    filter_tuple->dst.u.icmp.code != ct_tuple->dst.u.icmp.code)
1071                        return 0;
1072                if ((flags & CTA_FILTER_FLAG(CTA_PROTO_ICMPV6_ID)) &&
1073                    filter_tuple->src.u.icmp.id != ct_tuple->src.u.icmp.id)
1074                        return 0;
1075                break;
1076        }
1077
1078        return 1;
1079}
1080
1081static int ctnetlink_filter_match(struct nf_conn *ct, void *data)
1082{
1083        struct ctnetlink_filter *filter = data;
1084        struct nf_conntrack_tuple *tuple;
1085
1086        if (filter == NULL)
1087                goto out;
1088
1089        /* Match entries of a given L3 protocol number.
1090         * If it is not specified, ie. l3proto == 0,
1091         * then match everything.
1092         */
1093        if (filter->family && nf_ct_l3num(ct) != filter->family)
1094                goto ignore_entry;
1095
1096        if (filter->orig_flags) {
1097                tuple = nf_ct_tuple(ct, IP_CT_DIR_ORIGINAL);
1098                if (!ctnetlink_filter_match_tuple(&filter->orig, tuple,
1099                                                  filter->orig_flags,
1100                                                  filter->family))
1101                        goto ignore_entry;
1102        }
1103
1104        if (filter->reply_flags) {
1105                tuple = nf_ct_tuple(ct, IP_CT_DIR_REPLY);
1106                if (!ctnetlink_filter_match_tuple(&filter->reply, tuple,
1107                                                  filter->reply_flags,
1108                                                  filter->family))
1109                        goto ignore_entry;
1110        }
1111
1112#ifdef CONFIG_NF_CONNTRACK_MARK
1113        if ((ct->mark & filter->mark.mask) != filter->mark.val)
1114                goto ignore_entry;
1115#endif
1116
1117out:
1118        return 1;
1119
1120ignore_entry:
1121        return 0;
1122}
1123
1124static int
1125ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
1126{
1127        unsigned int flags = cb->data ? NLM_F_DUMP_FILTERED : 0;
1128        struct net *net = sock_net(skb->sk);
1129        struct nf_conn *ct, *last;
1130        struct nf_conntrack_tuple_hash *h;
1131        struct hlist_nulls_node *n;
1132        struct nf_conn *nf_ct_evict[8];
1133        int res, i;
1134        spinlock_t *lockp;
1135
1136        last = (struct nf_conn *)cb->args[1];
1137        i = 0;
1138
1139        local_bh_disable();
1140        for (; cb->args[0] < nf_conntrack_htable_size; cb->args[0]++) {
1141restart:
1142                while (i) {
1143                        i--;
1144                        if (nf_ct_should_gc(nf_ct_evict[i]))
1145                                nf_ct_kill(nf_ct_evict[i]);
1146                        nf_ct_put(nf_ct_evict[i]);
1147                }
1148
1149                lockp = &nf_conntrack_locks[cb->args[0] % CONNTRACK_LOCKS];
1150                nf_conntrack_lock(lockp);
1151                if (cb->args[0] >= nf_conntrack_htable_size) {
1152                        spin_unlock(lockp);
1153                        goto out;
1154                }
1155                hlist_nulls_for_each_entry(h, n, &nf_conntrack_hash[cb->args[0]],
1156                                           hnnode) {
1157                        if (NF_CT_DIRECTION(h) != IP_CT_DIR_ORIGINAL)
1158                                continue;
1159                        ct = nf_ct_tuplehash_to_ctrack(h);
1160                        if (nf_ct_is_expired(ct)) {
1161                                if (i < ARRAY_SIZE(nf_ct_evict) &&
1162                                    atomic_inc_not_zero(&ct->ct_general.use))
1163                                        nf_ct_evict[i++] = ct;
1164                                continue;
1165                        }
1166
1167                        if (!net_eq(net, nf_ct_net(ct)))
1168                                continue;
1169
1170                        if (cb->args[1]) {
1171                                if (ct != last)
1172                                        continue;
1173                                cb->args[1] = 0;
1174                        }
1175                        if (!ctnetlink_filter_match(ct, cb->data))
1176                                continue;
1177
1178                        res =
1179                        ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).portid,
1180                                            cb->nlh->nlmsg_seq,
1181                                            NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
1182                                            ct, true, flags);
1183                        if (res < 0) {
1184                                nf_conntrack_get(&ct->ct_general);
1185                                cb->args[1] = (unsigned long)ct;
1186                                spin_unlock(lockp);
1187                                goto out;
1188                        }
1189                }
1190                spin_unlock(lockp);
1191                if (cb->args[1]) {
1192                        cb->args[1] = 0;
1193                        goto restart;
1194                }
1195        }
1196out:
1197        local_bh_enable();
1198        if (last) {
1199                /* nf ct hash resize happened, now clear the leftover. */
1200                if ((struct nf_conn *)cb->args[1] == last)
1201                        cb->args[1] = 0;
1202
1203                nf_ct_put(last);
1204        }
1205
1206        while (i) {
1207                i--;
1208                if (nf_ct_should_gc(nf_ct_evict[i]))
1209                        nf_ct_kill(nf_ct_evict[i]);
1210                nf_ct_put(nf_ct_evict[i]);
1211        }
1212
1213        return skb->len;
1214}
1215
1216static int ipv4_nlattr_to_tuple(struct nlattr *tb[],
1217                                struct nf_conntrack_tuple *t,
1218                                u_int32_t flags)
1219{
1220        if (flags & CTA_FILTER_FLAG(CTA_IP_SRC)) {
1221                if (!tb[CTA_IP_V4_SRC])
1222                        return -EINVAL;
1223
1224                t->src.u3.ip = nla_get_in_addr(tb[CTA_IP_V4_SRC]);
1225        }
1226
1227        if (flags & CTA_FILTER_FLAG(CTA_IP_DST)) {
1228                if (!tb[CTA_IP_V4_DST])
1229                        return -EINVAL;
1230
1231                t->dst.u3.ip = nla_get_in_addr(tb[CTA_IP_V4_DST]);
1232        }
1233
1234        return 0;
1235}
1236
1237static int ipv6_nlattr_to_tuple(struct nlattr *tb[],
1238                                struct nf_conntrack_tuple *t,
1239                                u_int32_t flags)
1240{
1241        if (flags & CTA_FILTER_FLAG(CTA_IP_SRC)) {
1242                if (!tb[CTA_IP_V6_SRC])
1243                        return -EINVAL;
1244
1245                t->src.u3.in6 = nla_get_in6_addr(tb[CTA_IP_V6_SRC]);
1246        }
1247
1248        if (flags & CTA_FILTER_FLAG(CTA_IP_DST)) {
1249                if (!tb[CTA_IP_V6_DST])
1250                        return -EINVAL;
1251
1252                t->dst.u3.in6 = nla_get_in6_addr(tb[CTA_IP_V6_DST]);
1253        }
1254
1255        return 0;
1256}
1257
1258static int ctnetlink_parse_tuple_ip(struct nlattr *attr,
1259                                    struct nf_conntrack_tuple *tuple,
1260                                    u_int32_t flags)
1261{
1262        struct nlattr *tb[CTA_IP_MAX+1];
1263        int ret = 0;
1264
1265        ret = nla_parse_nested_deprecated(tb, CTA_IP_MAX, attr, NULL, NULL);
1266        if (ret < 0)
1267                return ret;
1268
1269        ret = nla_validate_nested_deprecated(attr, CTA_IP_MAX,
1270                                             cta_ip_nla_policy, NULL);
1271        if (ret)
1272                return ret;
1273
1274        switch (tuple->src.l3num) {
1275        case NFPROTO_IPV4:
1276                ret = ipv4_nlattr_to_tuple(tb, tuple, flags);
1277                break;
1278        case NFPROTO_IPV6:
1279                ret = ipv6_nlattr_to_tuple(tb, tuple, flags);
1280                break;
1281        }
1282
1283        return ret;
1284}
1285
1286static const struct nla_policy proto_nla_policy[CTA_PROTO_MAX+1] = {
1287        [CTA_PROTO_NUM] = { .type = NLA_U8 },
1288};
1289
1290static int ctnetlink_parse_tuple_proto(struct nlattr *attr,
1291                                       struct nf_conntrack_tuple *tuple,
1292                                       u_int32_t flags)
1293{
1294        const struct nf_conntrack_l4proto *l4proto;
1295        struct nlattr *tb[CTA_PROTO_MAX+1];
1296        int ret = 0;
1297
1298        ret = nla_parse_nested_deprecated(tb, CTA_PROTO_MAX, attr,
1299                                          proto_nla_policy, NULL);
1300        if (ret < 0)
1301                return ret;
1302
1303        if (!(flags & CTA_FILTER_FLAG(CTA_PROTO_NUM)))
1304                return 0;
1305
1306        if (!tb[CTA_PROTO_NUM])
1307                return -EINVAL;
1308
1309        tuple->dst.protonum = nla_get_u8(tb[CTA_PROTO_NUM]);
1310
1311        rcu_read_lock();
1312        l4proto = nf_ct_l4proto_find(tuple->dst.protonum);
1313
1314        if (likely(l4proto->nlattr_to_tuple)) {
1315                ret = nla_validate_nested_deprecated(attr, CTA_PROTO_MAX,
1316                                                     l4proto->nla_policy,
1317                                                     NULL);
1318                if (ret == 0)
1319                        ret = l4proto->nlattr_to_tuple(tb, tuple, flags);
1320        }
1321
1322        rcu_read_unlock();
1323
1324        return ret;
1325}
1326
1327static int
1328ctnetlink_parse_zone(const struct nlattr *attr,
1329                     struct nf_conntrack_zone *zone)
1330{
1331        nf_ct_zone_init(zone, NF_CT_DEFAULT_ZONE_ID,
1332                        NF_CT_DEFAULT_ZONE_DIR, 0);
1333#ifdef CONFIG_NF_CONNTRACK_ZONES
1334        if (attr)
1335                zone->id = ntohs(nla_get_be16(attr));
1336#else
1337        if (attr)
1338                return -EOPNOTSUPP;
1339#endif
1340        return 0;
1341}
1342
1343static int
1344ctnetlink_parse_tuple_zone(struct nlattr *attr, enum ctattr_type type,
1345                           struct nf_conntrack_zone *zone)
1346{
1347        int ret;
1348
1349        if (zone->id != NF_CT_DEFAULT_ZONE_ID)
1350                return -EINVAL;
1351
1352        ret = ctnetlink_parse_zone(attr, zone);
1353        if (ret < 0)
1354                return ret;
1355
1356        if (type == CTA_TUPLE_REPLY)
1357                zone->dir = NF_CT_ZONE_DIR_REPL;
1358        else
1359                zone->dir = NF_CT_ZONE_DIR_ORIG;
1360
1361        return 0;
1362}
1363
1364static const struct nla_policy tuple_nla_policy[CTA_TUPLE_MAX+1] = {
1365        [CTA_TUPLE_IP]          = { .type = NLA_NESTED },
1366        [CTA_TUPLE_PROTO]       = { .type = NLA_NESTED },
1367        [CTA_TUPLE_ZONE]        = { .type = NLA_U16 },
1368};
1369
1370#define CTA_FILTER_F_ALL_CTA_PROTO \
1371  (CTA_FILTER_F_CTA_PROTO_SRC_PORT | \
1372   CTA_FILTER_F_CTA_PROTO_DST_PORT | \
1373   CTA_FILTER_F_CTA_PROTO_ICMP_TYPE | \
1374   CTA_FILTER_F_CTA_PROTO_ICMP_CODE | \
1375   CTA_FILTER_F_CTA_PROTO_ICMP_ID | \
1376   CTA_FILTER_F_CTA_PROTO_ICMPV6_TYPE | \
1377   CTA_FILTER_F_CTA_PROTO_ICMPV6_CODE | \
1378   CTA_FILTER_F_CTA_PROTO_ICMPV6_ID)
1379
1380static int
1381ctnetlink_parse_tuple_filter(const struct nlattr * const cda[],
1382                              struct nf_conntrack_tuple *tuple, u32 type,
1383                              u_int8_t l3num, struct nf_conntrack_zone *zone,
1384                              u_int32_t flags)
1385{
1386        struct nlattr *tb[CTA_TUPLE_MAX+1];
1387        int err;
1388
1389        memset(tuple, 0, sizeof(*tuple));
1390
1391        err = nla_parse_nested_deprecated(tb, CTA_TUPLE_MAX, cda[type],
1392                                          tuple_nla_policy, NULL);
1393        if (err < 0)
1394                return err;
1395
1396        if (l3num != NFPROTO_IPV4 && l3num != NFPROTO_IPV6)
1397                return -EOPNOTSUPP;
1398        tuple->src.l3num = l3num;
1399
1400        if (flags & CTA_FILTER_FLAG(CTA_IP_DST) ||
1401            flags & CTA_FILTER_FLAG(CTA_IP_SRC)) {
1402                if (!tb[CTA_TUPLE_IP])
1403                        return -EINVAL;
1404
1405                err = ctnetlink_parse_tuple_ip(tb[CTA_TUPLE_IP], tuple, flags);
1406                if (err < 0)
1407                        return err;
1408        }
1409
1410        if (flags & CTA_FILTER_FLAG(CTA_PROTO_NUM)) {
1411                if (!tb[CTA_TUPLE_PROTO])
1412                        return -EINVAL;
1413
1414                err = ctnetlink_parse_tuple_proto(tb[CTA_TUPLE_PROTO], tuple, flags);
1415                if (err < 0)
1416                        return err;
1417        } else if (flags & CTA_FILTER_FLAG(ALL_CTA_PROTO)) {
1418                /* Can't manage proto flags without a protonum  */
1419                return -EINVAL;
1420        }
1421
1422        if ((flags & CTA_FILTER_FLAG(CTA_TUPLE_ZONE)) && tb[CTA_TUPLE_ZONE]) {
1423                if (!zone)
1424                        return -EINVAL;
1425
1426                err = ctnetlink_parse_tuple_zone(tb[CTA_TUPLE_ZONE],
1427                                                 type, zone);
1428                if (err < 0)
1429                        return err;
1430        }
1431
1432        /* orig and expect tuples get DIR_ORIGINAL */
1433        if (type == CTA_TUPLE_REPLY)
1434                tuple->dst.dir = IP_CT_DIR_REPLY;
1435        else
1436                tuple->dst.dir = IP_CT_DIR_ORIGINAL;
1437
1438        return 0;
1439}
1440
1441static int
1442ctnetlink_parse_tuple(const struct nlattr * const cda[],
1443                      struct nf_conntrack_tuple *tuple, u32 type,
1444                      u_int8_t l3num, struct nf_conntrack_zone *zone)
1445{
1446        return ctnetlink_parse_tuple_filter(cda, tuple, type, l3num, zone,
1447                                            CTA_FILTER_FLAG(ALL));
1448}
1449
1450static const struct nla_policy help_nla_policy[CTA_HELP_MAX+1] = {
1451        [CTA_HELP_NAME]         = { .type = NLA_NUL_STRING,
1452                                    .len = NF_CT_HELPER_NAME_LEN - 1 },
1453};
1454
1455static int ctnetlink_parse_help(const struct nlattr *attr, char **helper_name,
1456                                struct nlattr **helpinfo)
1457{
1458        int err;
1459        struct nlattr *tb[CTA_HELP_MAX+1];
1460
1461        err = nla_parse_nested_deprecated(tb, CTA_HELP_MAX, attr,
1462                                          help_nla_policy, NULL);
1463        if (err < 0)
1464                return err;
1465
1466        if (!tb[CTA_HELP_NAME])
1467                return -EINVAL;
1468
1469        *helper_name = nla_data(tb[CTA_HELP_NAME]);
1470
1471        if (tb[CTA_HELP_INFO])
1472                *helpinfo = tb[CTA_HELP_INFO];
1473
1474        return 0;
1475}
1476
1477static const struct nla_policy ct_nla_policy[CTA_MAX+1] = {
1478        [CTA_TUPLE_ORIG]        = { .type = NLA_NESTED },
1479        [CTA_TUPLE_REPLY]       = { .type = NLA_NESTED },
1480        [CTA_STATUS]            = { .type = NLA_U32 },
1481        [CTA_PROTOINFO]         = { .type = NLA_NESTED },
1482        [CTA_HELP]              = { .type = NLA_NESTED },
1483        [CTA_NAT_SRC]           = { .type = NLA_NESTED },
1484        [CTA_TIMEOUT]           = { .type = NLA_U32 },
1485        [CTA_MARK]              = { .type = NLA_U32 },
1486        [CTA_ID]                = { .type = NLA_U32 },
1487        [CTA_NAT_DST]           = { .type = NLA_NESTED },
1488        [CTA_TUPLE_MASTER]      = { .type = NLA_NESTED },
1489        [CTA_NAT_SEQ_ADJ_ORIG]  = { .type = NLA_NESTED },
1490        [CTA_NAT_SEQ_ADJ_REPLY] = { .type = NLA_NESTED },
1491        [CTA_ZONE]              = { .type = NLA_U16 },
1492        [CTA_MARK_MASK]         = { .type = NLA_U32 },
1493        [CTA_LABELS]            = { .type = NLA_BINARY,
1494                                    .len = NF_CT_LABELS_MAX_SIZE },
1495        [CTA_LABELS_MASK]       = { .type = NLA_BINARY,
1496                                    .len = NF_CT_LABELS_MAX_SIZE },
1497        [CTA_FILTER]            = { .type = NLA_NESTED },
1498};
1499
1500static int ctnetlink_flush_iterate(struct nf_conn *ct, void *data)
1501{
1502        if (test_bit(IPS_OFFLOAD_BIT, &ct->status))
1503                return 0;
1504
1505        return ctnetlink_filter_match(ct, data);
1506}
1507
1508static int ctnetlink_flush_conntrack(struct net *net,
1509                                     const struct nlattr * const cda[],
1510                                     u32 portid, int report, u8 family)
1511{
1512        struct ctnetlink_filter *filter = NULL;
1513
1514        if (ctnetlink_needs_filter(family, cda)) {
1515                if (cda[CTA_FILTER])
1516                        return -EOPNOTSUPP;
1517
1518                filter = ctnetlink_alloc_filter(cda, family);
1519                if (IS_ERR(filter))
1520                        return PTR_ERR(filter);
1521        }
1522
1523        nf_ct_iterate_cleanup_net(net, ctnetlink_flush_iterate, filter,
1524                                  portid, report);
1525        kfree(filter);
1526
1527        return 0;
1528}
1529
1530static int ctnetlink_del_conntrack(struct sk_buff *skb,
1531                                   const struct nfnl_info *info,
1532                                   const struct nlattr * const cda[])
1533{
1534        u8 family = info->nfmsg->nfgen_family;
1535        struct nf_conntrack_tuple_hash *h;
1536        struct nf_conntrack_tuple tuple;
1537        struct nf_conntrack_zone zone;
1538        struct nf_conn *ct;
1539        int err;
1540
1541        err = ctnetlink_parse_zone(cda[CTA_ZONE], &zone);
1542        if (err < 0)
1543                return err;
1544
1545        if (cda[CTA_TUPLE_ORIG])
1546                err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG,
1547                                            family, &zone);
1548        else if (cda[CTA_TUPLE_REPLY])
1549                err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY,
1550                                            family, &zone);
1551        else {
1552                u_int8_t u3 = info->nfmsg->version ? family : AF_UNSPEC;
1553
1554                return ctnetlink_flush_conntrack(info->net, cda,
1555                                                 NETLINK_CB(skb).portid,
1556                                                 nlmsg_report(info->nlh), u3);
1557        }
1558
1559        if (err < 0)
1560                return err;
1561
1562        h = nf_conntrack_find_get(info->net, &zone, &tuple);
1563        if (!h)
1564                return -ENOENT;
1565
1566        ct = nf_ct_tuplehash_to_ctrack(h);
1567
1568        if (test_bit(IPS_OFFLOAD_BIT, &ct->status)) {
1569                nf_ct_put(ct);
1570                return -EBUSY;
1571        }
1572
1573        if (cda[CTA_ID]) {
1574                __be32 id = nla_get_be32(cda[CTA_ID]);
1575
1576                if (id != (__force __be32)nf_ct_get_id(ct)) {
1577                        nf_ct_put(ct);
1578                        return -ENOENT;
1579                }
1580        }
1581
1582        nf_ct_delete(ct, NETLINK_CB(skb).portid, nlmsg_report(info->nlh));
1583        nf_ct_put(ct);
1584
1585        return 0;
1586}
1587
1588static int ctnetlink_get_conntrack(struct sk_buff *skb,
1589                                   const struct nfnl_info *info,
1590                                   const struct nlattr * const cda[])
1591{
1592        u_int8_t u3 = info->nfmsg->nfgen_family;
1593        struct nf_conntrack_tuple_hash *h;
1594        struct nf_conntrack_tuple tuple;
1595        struct nf_conntrack_zone zone;
1596        struct sk_buff *skb2;
1597        struct nf_conn *ct;
1598        int err;
1599
1600        if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
1601                struct netlink_dump_control c = {
1602                        .start = ctnetlink_start,
1603                        .dump = ctnetlink_dump_table,
1604                        .done = ctnetlink_done,
1605                        .data = (void *)cda,
1606                };
1607
1608                return netlink_dump_start(info->sk, skb, info->nlh, &c);
1609        }
1610
1611        err = ctnetlink_parse_zone(cda[CTA_ZONE], &zone);
1612        if (err < 0)
1613                return err;
1614
1615        if (cda[CTA_TUPLE_ORIG])
1616                err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG,
1617                                            u3, &zone);
1618        else if (cda[CTA_TUPLE_REPLY])
1619                err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY,
1620                                            u3, &zone);
1621        else
1622                return -EINVAL;
1623
1624        if (err < 0)
1625                return err;
1626
1627        h = nf_conntrack_find_get(info->net, &zone, &tuple);
1628        if (!h)
1629                return -ENOENT;
1630
1631        ct = nf_ct_tuplehash_to_ctrack(h);
1632
1633        skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1634        if (!skb2) {
1635                nf_ct_put(ct);
1636                return -ENOMEM;
1637        }
1638
1639        err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).portid,
1640                                  info->nlh->nlmsg_seq,
1641                                  NFNL_MSG_TYPE(info->nlh->nlmsg_type), ct,
1642                                  true, 0);
1643        nf_ct_put(ct);
1644        if (err <= 0) {
1645                kfree_skb(skb2);
1646                return -ENOMEM;
1647        }
1648
1649        return nfnetlink_unicast(skb2, info->net, NETLINK_CB(skb).portid);
1650}
1651
1652static int ctnetlink_done_list(struct netlink_callback *cb)
1653{
1654        if (cb->args[1])
1655                nf_ct_put((struct nf_conn *)cb->args[1]);
1656        return 0;
1657}
1658
1659static int
1660ctnetlink_dump_list(struct sk_buff *skb, struct netlink_callback *cb, bool dying)
1661{
1662        struct nf_conn *ct, *last;
1663        struct nf_conntrack_tuple_hash *h;
1664        struct hlist_nulls_node *n;
1665        struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
1666        u_int8_t l3proto = nfmsg->nfgen_family;
1667        int res;
1668        int cpu;
1669        struct hlist_nulls_head *list;
1670        struct net *net = sock_net(skb->sk);
1671
1672        if (cb->args[2])
1673                return 0;
1674
1675        last = (struct nf_conn *)cb->args[1];
1676
1677        for (cpu = cb->args[0]; cpu < nr_cpu_ids; cpu++) {
1678                struct ct_pcpu *pcpu;
1679
1680                if (!cpu_possible(cpu))
1681                        continue;
1682
1683                pcpu = per_cpu_ptr(net->ct.pcpu_lists, cpu);
1684                spin_lock_bh(&pcpu->lock);
1685                list = dying ? &pcpu->dying : &pcpu->unconfirmed;
1686restart:
1687                hlist_nulls_for_each_entry(h, n, list, hnnode) {
1688                        ct = nf_ct_tuplehash_to_ctrack(h);
1689                        if (l3proto && nf_ct_l3num(ct) != l3proto)
1690                                continue;
1691                        if (cb->args[1]) {
1692                                if (ct != last)
1693                                        continue;
1694                                cb->args[1] = 0;
1695                        }
1696
1697                        /* We can't dump extension info for the unconfirmed
1698                         * list because unconfirmed conntracks can have
1699                         * ct->ext reallocated (and thus freed).
1700                         *
1701                         * In the dying list case ct->ext can't be free'd
1702                         * until after we drop pcpu->lock.
1703                         */
1704                        res = ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).portid,
1705                                                  cb->nlh->nlmsg_seq,
1706                                                  NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
1707                                                  ct, dying ? true : false, 0);
1708                        if (res < 0) {
1709                                if (!atomic_inc_not_zero(&ct->ct_general.use))
1710                                        continue;
1711                                cb->args[0] = cpu;
1712                                cb->args[1] = (unsigned long)ct;
1713                                spin_unlock_bh(&pcpu->lock);
1714                                goto out;
1715                        }
1716                }
1717                if (cb->args[1]) {
1718                        cb->args[1] = 0;
1719                        goto restart;
1720                }
1721                spin_unlock_bh(&pcpu->lock);
1722        }
1723        cb->args[2] = 1;
1724out:
1725        if (last)
1726                nf_ct_put(last);
1727
1728        return skb->len;
1729}
1730
1731static int
1732ctnetlink_dump_dying(struct sk_buff *skb, struct netlink_callback *cb)
1733{
1734        return ctnetlink_dump_list(skb, cb, true);
1735}
1736
1737static int ctnetlink_get_ct_dying(struct sk_buff *skb,
1738                                  const struct nfnl_info *info,
1739                                  const struct nlattr * const cda[])
1740{
1741        if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
1742                struct netlink_dump_control c = {
1743                        .dump = ctnetlink_dump_dying,
1744                        .done = ctnetlink_done_list,
1745                };
1746                return netlink_dump_start(info->sk, skb, info->nlh, &c);
1747        }
1748
1749        return -EOPNOTSUPP;
1750}
1751
1752static int
1753ctnetlink_dump_unconfirmed(struct sk_buff *skb, struct netlink_callback *cb)
1754{
1755        return ctnetlink_dump_list(skb, cb, false);
1756}
1757
1758static int ctnetlink_get_ct_unconfirmed(struct sk_buff *skb,
1759                                        const struct nfnl_info *info,
1760                                        const struct nlattr * const cda[])
1761{
1762        if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
1763                struct netlink_dump_control c = {
1764                        .dump = ctnetlink_dump_unconfirmed,
1765                        .done = ctnetlink_done_list,
1766                };
1767                return netlink_dump_start(info->sk, skb, info->nlh, &c);
1768        }
1769
1770        return -EOPNOTSUPP;
1771}
1772
1773#if IS_ENABLED(CONFIG_NF_NAT)
1774static int
1775ctnetlink_parse_nat_setup(struct nf_conn *ct,
1776                          enum nf_nat_manip_type manip,
1777                          const struct nlattr *attr)
1778        __must_hold(RCU)
1779{
1780        struct nf_nat_hook *nat_hook;
1781        int err;
1782
1783        nat_hook = rcu_dereference(nf_nat_hook);
1784        if (!nat_hook) {
1785#ifdef CONFIG_MODULES
1786                rcu_read_unlock();
1787                nfnl_unlock(NFNL_SUBSYS_CTNETLINK);
1788                if (request_module("nf-nat") < 0) {
1789                        nfnl_lock(NFNL_SUBSYS_CTNETLINK);
1790                        rcu_read_lock();
1791                        return -EOPNOTSUPP;
1792                }
1793                nfnl_lock(NFNL_SUBSYS_CTNETLINK);
1794                rcu_read_lock();
1795                nat_hook = rcu_dereference(nf_nat_hook);
1796                if (nat_hook)
1797                        return -EAGAIN;
1798#endif
1799                return -EOPNOTSUPP;
1800        }
1801
1802        err = nat_hook->parse_nat_setup(ct, manip, attr);
1803        if (err == -EAGAIN) {
1804#ifdef CONFIG_MODULES
1805                rcu_read_unlock();
1806                nfnl_unlock(NFNL_SUBSYS_CTNETLINK);
1807                if (request_module("nf-nat-%u", nf_ct_l3num(ct)) < 0) {
1808                        nfnl_lock(NFNL_SUBSYS_CTNETLINK);
1809                        rcu_read_lock();
1810                        return -EOPNOTSUPP;
1811                }
1812                nfnl_lock(NFNL_SUBSYS_CTNETLINK);
1813                rcu_read_lock();
1814#else
1815                err = -EOPNOTSUPP;
1816#endif
1817        }
1818        return err;
1819}
1820#endif
1821
1822static void
1823__ctnetlink_change_status(struct nf_conn *ct, unsigned long on,
1824                          unsigned long off)
1825{
1826        unsigned int bit;
1827
1828        /* Ignore these unchangable bits */
1829        on &= ~IPS_UNCHANGEABLE_MASK;
1830        off &= ~IPS_UNCHANGEABLE_MASK;
1831
1832        for (bit = 0; bit < __IPS_MAX_BIT; bit++) {
1833                if (on & (1 << bit))
1834                        set_bit(bit, &ct->status);
1835                else if (off & (1 << bit))
1836                        clear_bit(bit, &ct->status);
1837        }
1838}
1839
1840static int
1841ctnetlink_change_status(struct nf_conn *ct, const struct nlattr * const cda[])
1842{
1843        unsigned long d;
1844        unsigned int status = ntohl(nla_get_be32(cda[CTA_STATUS]));
1845        d = ct->status ^ status;
1846
1847        if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING))
1848                /* unchangeable */
1849                return -EBUSY;
1850
1851        if (d & IPS_SEEN_REPLY && !(status & IPS_SEEN_REPLY))
1852                /* SEEN_REPLY bit can only be set */
1853                return -EBUSY;
1854
1855        if (d & IPS_ASSURED && !(status & IPS_ASSURED))
1856                /* ASSURED bit can only be set */
1857                return -EBUSY;
1858
1859        __ctnetlink_change_status(ct, status, 0);
1860        return 0;
1861}
1862
1863static int
1864ctnetlink_setup_nat(struct nf_conn *ct, const struct nlattr * const cda[])
1865{
1866#if IS_ENABLED(CONFIG_NF_NAT)
1867        int ret;
1868
1869        if (!cda[CTA_NAT_DST] && !cda[CTA_NAT_SRC])
1870                return 0;
1871
1872        ret = ctnetlink_parse_nat_setup(ct, NF_NAT_MANIP_DST,
1873                                        cda[CTA_NAT_DST]);
1874        if (ret < 0)
1875                return ret;
1876
1877        return ctnetlink_parse_nat_setup(ct, NF_NAT_MANIP_SRC,
1878                                         cda[CTA_NAT_SRC]);
1879#else
1880        if (!cda[CTA_NAT_DST] && !cda[CTA_NAT_SRC])
1881                return 0;
1882        return -EOPNOTSUPP;
1883#endif
1884}
1885
1886static int ctnetlink_change_helper(struct nf_conn *ct,
1887                                   const struct nlattr * const cda[])
1888{
1889        struct nf_conntrack_helper *helper;
1890        struct nf_conn_help *help = nfct_help(ct);
1891        char *helpname = NULL;
1892        struct nlattr *helpinfo = NULL;
1893        int err;
1894
1895        err = ctnetlink_parse_help(cda[CTA_HELP], &helpname, &helpinfo);
1896        if (err < 0)
1897                return err;
1898
1899        /* don't change helper of sibling connections */
1900        if (ct->master) {
1901                /* If we try to change the helper to the same thing twice,
1902                 * treat the second attempt as a no-op instead of returning
1903                 * an error.
1904                 */
1905                err = -EBUSY;
1906                if (help) {
1907                        rcu_read_lock();
1908                        helper = rcu_dereference(help->helper);
1909                        if (helper && !strcmp(helper->name, helpname))
1910                                err = 0;
1911                        rcu_read_unlock();
1912                }
1913
1914                return err;
1915        }
1916
1917        if (!strcmp(helpname, "")) {
1918                if (help && help->helper) {
1919                        /* we had a helper before ... */
1920                        nf_ct_remove_expectations(ct);
1921                        RCU_INIT_POINTER(help->helper, NULL);
1922                }
1923
1924                return 0;
1925        }
1926
1927        rcu_read_lock();
1928        helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
1929                                            nf_ct_protonum(ct));
1930        if (helper == NULL) {
1931                rcu_read_unlock();
1932                return -EOPNOTSUPP;
1933        }
1934
1935        if (help) {
1936                if (help->helper == helper) {
1937                        /* update private helper data if allowed. */
1938                        if (helper->from_nlattr)
1939                                helper->from_nlattr(helpinfo, ct);
1940                        err = 0;
1941                } else
1942                        err = -EBUSY;
1943        } else {
1944                /* we cannot set a helper for an existing conntrack */
1945                err = -EOPNOTSUPP;
1946        }
1947
1948        rcu_read_unlock();
1949        return err;
1950}
1951
1952static int ctnetlink_change_timeout(struct nf_conn *ct,
1953                                    const struct nlattr * const cda[])
1954{
1955        u64 timeout = (u64)ntohl(nla_get_be32(cda[CTA_TIMEOUT])) * HZ;
1956
1957        if (timeout > INT_MAX)
1958                timeout = INT_MAX;
1959        ct->timeout = nfct_time_stamp + (u32)timeout;
1960
1961        if (test_bit(IPS_DYING_BIT, &ct->status))
1962                return -ETIME;
1963
1964        return 0;
1965}
1966
1967#if defined(CONFIG_NF_CONNTRACK_MARK)
1968static void ctnetlink_change_mark(struct nf_conn *ct,
1969                                    const struct nlattr * const cda[])
1970{
1971        u32 mark, newmark, mask = 0;
1972
1973        if (cda[CTA_MARK_MASK])
1974                mask = ~ntohl(nla_get_be32(cda[CTA_MARK_MASK]));
1975
1976        mark = ntohl(nla_get_be32(cda[CTA_MARK]));
1977        newmark = (ct->mark & mask) ^ mark;
1978        if (newmark != ct->mark)
1979                ct->mark = newmark;
1980}
1981#endif
1982
1983static const struct nla_policy protoinfo_policy[CTA_PROTOINFO_MAX+1] = {
1984        [CTA_PROTOINFO_TCP]     = { .type = NLA_NESTED },
1985        [CTA_PROTOINFO_DCCP]    = { .type = NLA_NESTED },
1986        [CTA_PROTOINFO_SCTP]    = { .type = NLA_NESTED },
1987};
1988
1989static int ctnetlink_change_protoinfo(struct nf_conn *ct,
1990                                      const struct nlattr * const cda[])
1991{
1992        const struct nlattr *attr = cda[CTA_PROTOINFO];
1993        const struct nf_conntrack_l4proto *l4proto;
1994        struct nlattr *tb[CTA_PROTOINFO_MAX+1];
1995        int err = 0;
1996
1997        err = nla_parse_nested_deprecated(tb, CTA_PROTOINFO_MAX, attr,
1998                                          protoinfo_policy, NULL);
1999        if (err < 0)
2000                return err;
2001
2002        l4proto = nf_ct_l4proto_find(nf_ct_protonum(ct));
2003        if (l4proto->from_nlattr)
2004                err = l4proto->from_nlattr(tb, ct);
2005
2006        return err;
2007}
2008
2009static const struct nla_policy seqadj_policy[CTA_SEQADJ_MAX+1] = {
2010        [CTA_SEQADJ_CORRECTION_POS]     = { .type = NLA_U32 },
2011        [CTA_SEQADJ_OFFSET_BEFORE]      = { .type = NLA_U32 },
2012        [CTA_SEQADJ_OFFSET_AFTER]       = { .type = NLA_U32 },
2013};
2014
2015static int change_seq_adj(struct nf_ct_seqadj *seq,
2016                          const struct nlattr * const attr)
2017{
2018        int err;
2019        struct nlattr *cda[CTA_SEQADJ_MAX+1];
2020
2021        err = nla_parse_nested_deprecated(cda, CTA_SEQADJ_MAX, attr,
2022                                          seqadj_policy, NULL);
2023        if (err < 0)
2024                return err;
2025
2026        if (!cda[CTA_SEQADJ_CORRECTION_POS])
2027                return -EINVAL;
2028
2029        seq->correction_pos =
2030                ntohl(nla_get_be32(cda[CTA_SEQADJ_CORRECTION_POS]));
2031
2032        if (!cda[CTA_SEQADJ_OFFSET_BEFORE])
2033                return -EINVAL;
2034
2035        seq->offset_before =
2036                ntohl(nla_get_be32(cda[CTA_SEQADJ_OFFSET_BEFORE]));
2037
2038        if (!cda[CTA_SEQADJ_OFFSET_AFTER])
2039                return -EINVAL;
2040
2041        seq->offset_after =
2042                ntohl(nla_get_be32(cda[CTA_SEQADJ_OFFSET_AFTER]));
2043
2044        return 0;
2045}
2046
2047static int
2048ctnetlink_change_seq_adj(struct nf_conn *ct,
2049                         const struct nlattr * const cda[])
2050{
2051        struct nf_conn_seqadj *seqadj = nfct_seqadj(ct);
2052        int ret = 0;
2053
2054        if (!seqadj)
2055                return 0;
2056
2057        spin_lock_bh(&ct->lock);
2058        if (cda[CTA_SEQ_ADJ_ORIG]) {
2059                ret = change_seq_adj(&seqadj->seq[IP_CT_DIR_ORIGINAL],
2060                                     cda[CTA_SEQ_ADJ_ORIG]);
2061                if (ret < 0)
2062                        goto err;
2063
2064                set_bit(IPS_SEQ_ADJUST_BIT, &ct->status);
2065        }
2066
2067        if (cda[CTA_SEQ_ADJ_REPLY]) {
2068                ret = change_seq_adj(&seqadj->seq[IP_CT_DIR_REPLY],
2069                                     cda[CTA_SEQ_ADJ_REPLY]);
2070                if (ret < 0)
2071                        goto err;
2072
2073                set_bit(IPS_SEQ_ADJUST_BIT, &ct->status);
2074        }
2075
2076        spin_unlock_bh(&ct->lock);
2077        return 0;
2078err:
2079        spin_unlock_bh(&ct->lock);
2080        return ret;
2081}
2082
2083static const struct nla_policy synproxy_policy[CTA_SYNPROXY_MAX + 1] = {
2084        [CTA_SYNPROXY_ISN]      = { .type = NLA_U32 },
2085        [CTA_SYNPROXY_ITS]      = { .type = NLA_U32 },
2086        [CTA_SYNPROXY_TSOFF]    = { .type = NLA_U32 },
2087};
2088
2089static int ctnetlink_change_synproxy(struct nf_conn *ct,
2090                                     const struct nlattr * const cda[])
2091{
2092        struct nf_conn_synproxy *synproxy = nfct_synproxy(ct);
2093        struct nlattr *tb[CTA_SYNPROXY_MAX + 1];
2094        int err;
2095
2096        if (!synproxy)
2097                return 0;
2098
2099        err = nla_parse_nested_deprecated(tb, CTA_SYNPROXY_MAX,
2100                                          cda[CTA_SYNPROXY], synproxy_policy,
2101                                          NULL);
2102        if (err < 0)
2103                return err;
2104
2105        if (!tb[CTA_SYNPROXY_ISN] ||
2106            !tb[CTA_SYNPROXY_ITS] ||
2107            !tb[CTA_SYNPROXY_TSOFF])
2108                return -EINVAL;
2109
2110        synproxy->isn = ntohl(nla_get_be32(tb[CTA_SYNPROXY_ISN]));
2111        synproxy->its = ntohl(nla_get_be32(tb[CTA_SYNPROXY_ITS]));
2112        synproxy->tsoff = ntohl(nla_get_be32(tb[CTA_SYNPROXY_TSOFF]));
2113
2114        return 0;
2115}
2116
2117static int
2118ctnetlink_attach_labels(struct nf_conn *ct, const struct nlattr * const cda[])
2119{
2120#ifdef CONFIG_NF_CONNTRACK_LABELS
2121        size_t len = nla_len(cda[CTA_LABELS]);
2122        const void *mask = cda[CTA_LABELS_MASK];
2123
2124        if (len & (sizeof(u32)-1)) /* must be multiple of u32 */
2125                return -EINVAL;
2126
2127        if (mask) {
2128                if (nla_len(cda[CTA_LABELS_MASK]) == 0 ||
2129                    nla_len(cda[CTA_LABELS_MASK]) != len)
2130                        return -EINVAL;
2131                mask = nla_data(cda[CTA_LABELS_MASK]);
2132        }
2133
2134        len /= sizeof(u32);
2135
2136        return nf_connlabels_replace(ct, nla_data(cda[CTA_LABELS]), mask, len);
2137#else
2138        return -EOPNOTSUPP;
2139#endif
2140}
2141
2142static int
2143ctnetlink_change_conntrack(struct nf_conn *ct,
2144                           const struct nlattr * const cda[])
2145{
2146        int err;
2147
2148        /* only allow NAT changes and master assignation for new conntracks */
2149        if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST] || cda[CTA_TUPLE_MASTER])
2150                return -EOPNOTSUPP;
2151
2152        if (cda[CTA_HELP]) {
2153                err = ctnetlink_change_helper(ct, cda);
2154                if (err < 0)
2155                        return err;
2156        }
2157
2158        if (cda[CTA_TIMEOUT]) {
2159                err = ctnetlink_change_timeout(ct, cda);
2160                if (err < 0)
2161                        return err;
2162        }
2163
2164        if (cda[CTA_STATUS]) {
2165                err = ctnetlink_change_status(ct, cda);
2166                if (err < 0)
2167                        return err;
2168        }
2169
2170        if (cda[CTA_PROTOINFO]) {
2171                err = ctnetlink_change_protoinfo(ct, cda);
2172                if (err < 0)
2173                        return err;
2174        }
2175
2176#if defined(CONFIG_NF_CONNTRACK_MARK)
2177        if (cda[CTA_MARK])
2178                ctnetlink_change_mark(ct, cda);
2179#endif
2180
2181        if (cda[CTA_SEQ_ADJ_ORIG] || cda[CTA_SEQ_ADJ_REPLY]) {
2182                err = ctnetlink_change_seq_adj(ct, cda);
2183                if (err < 0)
2184                        return err;
2185        }
2186
2187        if (cda[CTA_SYNPROXY]) {
2188                err = ctnetlink_change_synproxy(ct, cda);
2189                if (err < 0)
2190                        return err;
2191        }
2192
2193        if (cda[CTA_LABELS]) {
2194                err = ctnetlink_attach_labels(ct, cda);
2195                if (err < 0)
2196                        return err;
2197        }
2198
2199        return 0;
2200}
2201
2202static struct nf_conn *
2203ctnetlink_create_conntrack(struct net *net,
2204                           const struct nf_conntrack_zone *zone,
2205                           const struct nlattr * const cda[],
2206                           struct nf_conntrack_tuple *otuple,
2207                           struct nf_conntrack_tuple *rtuple,
2208                           u8 u3)
2209{
2210        struct nf_conn *ct;
2211        int err = -EINVAL;
2212        struct nf_conntrack_helper *helper;
2213        struct nf_conn_tstamp *tstamp;
2214        u64 timeout;
2215
2216        ct = nf_conntrack_alloc(net, zone, otuple, rtuple, GFP_ATOMIC);
2217        if (IS_ERR(ct))
2218                return ERR_PTR(-ENOMEM);
2219
2220        if (!cda[CTA_TIMEOUT])
2221                goto err1;
2222
2223        timeout = (u64)ntohl(nla_get_be32(cda[CTA_TIMEOUT])) * HZ;
2224        if (timeout > INT_MAX)
2225                timeout = INT_MAX;
2226        ct->timeout = (u32)timeout + nfct_time_stamp;
2227
2228        rcu_read_lock();
2229        if (cda[CTA_HELP]) {
2230                char *helpname = NULL;
2231                struct nlattr *helpinfo = NULL;
2232
2233                err = ctnetlink_parse_help(cda[CTA_HELP], &helpname, &helpinfo);
2234                if (err < 0)
2235                        goto err2;
2236
2237                helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
2238                                                    nf_ct_protonum(ct));
2239                if (helper == NULL) {
2240                        rcu_read_unlock();
2241#ifdef CONFIG_MODULES
2242                        if (request_module("nfct-helper-%s", helpname) < 0) {
2243                                err = -EOPNOTSUPP;
2244                                goto err1;
2245                        }
2246
2247                        rcu_read_lock();
2248                        helper = __nf_conntrack_helper_find(helpname,
2249                                                            nf_ct_l3num(ct),
2250                                                            nf_ct_protonum(ct));
2251                        if (helper) {
2252                                err = -EAGAIN;
2253                                goto err2;
2254                        }
2255                        rcu_read_unlock();
2256#endif
2257                        err = -EOPNOTSUPP;
2258                        goto err1;
2259                } else {
2260                        struct nf_conn_help *help;
2261
2262                        help = nf_ct_helper_ext_add(ct, GFP_ATOMIC);
2263                        if (help == NULL) {
2264                                err = -ENOMEM;
2265                                goto err2;
2266                        }
2267                        /* set private helper data if allowed. */
2268                        if (helper->from_nlattr)
2269                                helper->from_nlattr(helpinfo, ct);
2270
2271                        /* not in hash table yet so not strictly necessary */
2272                        RCU_INIT_POINTER(help->helper, helper);
2273                }
2274        } else {
2275                /* try an implicit helper assignation */
2276                err = __nf_ct_try_assign_helper(ct, NULL, GFP_ATOMIC);
2277                if (err < 0)
2278                        goto err2;
2279        }
2280
2281        err = ctnetlink_setup_nat(ct, cda);
2282        if (err < 0)
2283                goto err2;
2284
2285        nf_ct_acct_ext_add(ct, GFP_ATOMIC);
2286        nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);
2287        nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC);
2288        nf_ct_labels_ext_add(ct);
2289        nfct_seqadj_ext_add(ct);
2290        nfct_synproxy_ext_add(ct);
2291
2292        /* we must add conntrack extensions before confirmation. */
2293        ct->status |= IPS_CONFIRMED;
2294
2295        if (cda[CTA_STATUS]) {
2296                err = ctnetlink_change_status(ct, cda);
2297                if (err < 0)
2298                        goto err2;
2299        }
2300
2301        if (cda[CTA_SEQ_ADJ_ORIG] || cda[CTA_SEQ_ADJ_REPLY]) {
2302                err = ctnetlink_change_seq_adj(ct, cda);
2303                if (err < 0)
2304                        goto err2;
2305        }
2306
2307        memset(&ct->proto, 0, sizeof(ct->proto));
2308        if (cda[CTA_PROTOINFO]) {
2309                err = ctnetlink_change_protoinfo(ct, cda);
2310                if (err < 0)
2311                        goto err2;
2312        }
2313
2314        if (cda[CTA_SYNPROXY]) {
2315                err = ctnetlink_change_synproxy(ct, cda);
2316                if (err < 0)
2317                        goto err2;
2318        }
2319
2320#if defined(CONFIG_NF_CONNTRACK_MARK)
2321        if (cda[CTA_MARK])
2322                ctnetlink_change_mark(ct, cda);
2323#endif
2324
2325        /* setup master conntrack: this is a confirmed expectation */
2326        if (cda[CTA_TUPLE_MASTER]) {
2327                struct nf_conntrack_tuple master;
2328                struct nf_conntrack_tuple_hash *master_h;
2329                struct nf_conn *master_ct;
2330
2331                err = ctnetlink_parse_tuple(cda, &master, CTA_TUPLE_MASTER,
2332                                            u3, NULL);
2333                if (err < 0)
2334                        goto err2;
2335
2336                master_h = nf_conntrack_find_get(net, zone, &master);
2337                if (master_h == NULL) {
2338                        err = -ENOENT;
2339                        goto err2;
2340                }
2341                master_ct = nf_ct_tuplehash_to_ctrack(master_h);
2342                __set_bit(IPS_EXPECTED_BIT, &ct->status);
2343                ct->master = master_ct;
2344        }
2345        tstamp = nf_conn_tstamp_find(ct);
2346        if (tstamp)
2347                tstamp->start = ktime_get_real_ns();
2348
2349        err = nf_conntrack_hash_check_insert(ct);
2350        if (err < 0)
2351                goto err2;
2352
2353        rcu_read_unlock();
2354
2355        return ct;
2356
2357err2:
2358        rcu_read_unlock();
2359err1:
2360        nf_conntrack_free(ct);
2361        return ERR_PTR(err);
2362}
2363
2364static int ctnetlink_new_conntrack(struct sk_buff *skb,
2365                                   const struct nfnl_info *info,
2366                                   const struct nlattr * const cda[])
2367{
2368        struct nf_conntrack_tuple otuple, rtuple;
2369        struct nf_conntrack_tuple_hash *h = NULL;
2370        u_int8_t u3 = info->nfmsg->nfgen_family;
2371        struct nf_conntrack_zone zone;
2372        struct nf_conn *ct;
2373        int err;
2374
2375        err = ctnetlink_parse_zone(cda[CTA_ZONE], &zone);
2376        if (err < 0)
2377                return err;
2378
2379        if (cda[CTA_TUPLE_ORIG]) {
2380                err = ctnetlink_parse_tuple(cda, &otuple, CTA_TUPLE_ORIG,
2381                                            u3, &zone);
2382                if (err < 0)
2383                        return err;
2384        }
2385
2386        if (cda[CTA_TUPLE_REPLY]) {
2387                err = ctnetlink_parse_tuple(cda, &rtuple, CTA_TUPLE_REPLY,
2388                                            u3, &zone);
2389                if (err < 0)
2390                        return err;
2391        }
2392
2393        if (cda[CTA_TUPLE_ORIG])
2394                h = nf_conntrack_find_get(info->net, &zone, &otuple);
2395        else if (cda[CTA_TUPLE_REPLY])
2396                h = nf_conntrack_find_get(info->net, &zone, &rtuple);
2397
2398        if (h == NULL) {
2399                err = -ENOENT;
2400                if (info->nlh->nlmsg_flags & NLM_F_CREATE) {
2401                        enum ip_conntrack_events events;
2402
2403                        if (!cda[CTA_TUPLE_ORIG] || !cda[CTA_TUPLE_REPLY])
2404                                return -EINVAL;
2405                        if (otuple.dst.protonum != rtuple.dst.protonum)
2406                                return -EINVAL;
2407
2408                        ct = ctnetlink_create_conntrack(info->net, &zone, cda,
2409                                                        &otuple, &rtuple, u3);
2410                        if (IS_ERR(ct))
2411                                return PTR_ERR(ct);
2412
2413                        err = 0;
2414                        if (test_bit(IPS_EXPECTED_BIT, &ct->status))
2415                                events = 1 << IPCT_RELATED;
2416                        else
2417                                events = 1 << IPCT_NEW;
2418
2419                        if (cda[CTA_LABELS] &&
2420                            ctnetlink_attach_labels(ct, cda) == 0)
2421                                events |= (1 << IPCT_LABEL);
2422
2423                        nf_conntrack_eventmask_report((1 << IPCT_REPLY) |
2424                                                      (1 << IPCT_ASSURED) |
2425                                                      (1 << IPCT_HELPER) |
2426                                                      (1 << IPCT_PROTOINFO) |
2427                                                      (1 << IPCT_SEQADJ) |
2428                                                      (1 << IPCT_MARK) |
2429                                                      (1 << IPCT_SYNPROXY) |
2430                                                      events,
2431                                                      ct, NETLINK_CB(skb).portid,
2432                                                      nlmsg_report(info->nlh));
2433                        nf_ct_put(ct);
2434                }
2435
2436                return err;
2437        }
2438        /* implicit 'else' */
2439
2440        err = -EEXIST;
2441        ct = nf_ct_tuplehash_to_ctrack(h);
2442        if (!(info->nlh->nlmsg_flags & NLM_F_EXCL)) {
2443                err = ctnetlink_change_conntrack(ct, cda);
2444                if (err == 0) {
2445                        nf_conntrack_eventmask_report((1 << IPCT_REPLY) |
2446                                                      (1 << IPCT_ASSURED) |
2447                                                      (1 << IPCT_HELPER) |
2448                                                      (1 << IPCT_LABEL) |
2449                                                      (1 << IPCT_PROTOINFO) |
2450                                                      (1 << IPCT_SEQADJ) |
2451                                                      (1 << IPCT_MARK) |
2452                                                      (1 << IPCT_SYNPROXY),
2453                                                      ct, NETLINK_CB(skb).portid,
2454                                                      nlmsg_report(info->nlh));
2455                }
2456        }
2457
2458        nf_ct_put(ct);
2459        return err;
2460}
2461
2462static int
2463ctnetlink_ct_stat_cpu_fill_info(struct sk_buff *skb, u32 portid, u32 seq,
2464                                __u16 cpu, const struct ip_conntrack_stat *st)
2465{
2466        struct nlmsghdr *nlh;
2467        unsigned int flags = portid ? NLM_F_MULTI : 0, event;
2468
2469        event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK,
2470                              IPCTNL_MSG_CT_GET_STATS_CPU);
2471        nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
2472                           NFNETLINK_V0, htons(cpu));
2473        if (!nlh)
2474                goto nlmsg_failure;
2475
2476        if (nla_put_be32(skb, CTA_STATS_FOUND, htonl(st->found)) ||
2477            nla_put_be32(skb, CTA_STATS_INVALID, htonl(st->invalid)) ||
2478            nla_put_be32(skb, CTA_STATS_INSERT, htonl(st->insert)) ||
2479            nla_put_be32(skb, CTA_STATS_INSERT_FAILED,
2480                                htonl(st->insert_failed)) ||
2481            nla_put_be32(skb, CTA_STATS_DROP, htonl(st->drop)) ||
2482            nla_put_be32(skb, CTA_STATS_EARLY_DROP, htonl(st->early_drop)) ||
2483            nla_put_be32(skb, CTA_STATS_ERROR, htonl(st->error)) ||
2484            nla_put_be32(skb, CTA_STATS_SEARCH_RESTART,
2485                                htonl(st->search_restart)) ||
2486            nla_put_be32(skb, CTA_STATS_CLASH_RESOLVE,
2487                                htonl(st->clash_resolve)))
2488                goto nla_put_failure;
2489
2490        nlmsg_end(skb, nlh);
2491        return skb->len;
2492
2493nla_put_failure:
2494nlmsg_failure:
2495        nlmsg_cancel(skb, nlh);
2496        return -1;
2497}
2498
2499static int
2500ctnetlink_ct_stat_cpu_dump(struct sk_buff *skb, struct netlink_callback *cb)
2501{
2502        int cpu;
2503        struct net *net = sock_net(skb->sk);
2504
2505        if (cb->args[0] == nr_cpu_ids)
2506                return 0;
2507
2508        for (cpu = cb->args[0]; cpu < nr_cpu_ids; cpu++) {
2509                const struct ip_conntrack_stat *st;
2510
2511                if (!cpu_possible(cpu))
2512                        continue;
2513
2514                st = per_cpu_ptr(net->ct.stat, cpu);
2515                if (ctnetlink_ct_stat_cpu_fill_info(skb,
2516                                                    NETLINK_CB(cb->skb).portid,
2517                                                    cb->nlh->nlmsg_seq,
2518                                                    cpu, st) < 0)
2519                                break;
2520        }
2521        cb->args[0] = cpu;
2522
2523        return skb->len;
2524}
2525
2526static int ctnetlink_stat_ct_cpu(struct sk_buff *skb,
2527                                 const struct nfnl_info *info,
2528                                 const struct nlattr * const cda[])
2529{
2530        if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
2531                struct netlink_dump_control c = {
2532                        .dump = ctnetlink_ct_stat_cpu_dump,
2533                };
2534                return netlink_dump_start(info->sk, skb, info->nlh, &c);
2535        }
2536
2537        return 0;
2538}
2539
2540static int
2541ctnetlink_stat_ct_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
2542                            struct net *net)
2543{
2544        unsigned int flags = portid ? NLM_F_MULTI : 0, event;
2545        unsigned int nr_conntracks;
2546        struct nlmsghdr *nlh;
2547
2548        event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK, IPCTNL_MSG_CT_GET_STATS);
2549        nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
2550                           NFNETLINK_V0, 0);
2551        if (!nlh)
2552                goto nlmsg_failure;
2553
2554        nr_conntracks = nf_conntrack_count(net);
2555        if (nla_put_be32(skb, CTA_STATS_GLOBAL_ENTRIES, htonl(nr_conntracks)))
2556                goto nla_put_failure;
2557
2558        if (nla_put_be32(skb, CTA_STATS_GLOBAL_MAX_ENTRIES, htonl(nf_conntrack_max)))
2559                goto nla_put_failure;
2560
2561        nlmsg_end(skb, nlh);
2562        return skb->len;
2563
2564nla_put_failure:
2565nlmsg_failure:
2566        nlmsg_cancel(skb, nlh);
2567        return -1;
2568}
2569
2570static int ctnetlink_stat_ct(struct sk_buff *skb, const struct nfnl_info *info,
2571                             const struct nlattr * const cda[])
2572{
2573        struct sk_buff *skb2;
2574        int err;
2575
2576        skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2577        if (skb2 == NULL)
2578                return -ENOMEM;
2579
2580        err = ctnetlink_stat_ct_fill_info(skb2, NETLINK_CB(skb).portid,
2581                                          info->nlh->nlmsg_seq,
2582                                          NFNL_MSG_TYPE(info->nlh->nlmsg_type),
2583                                          sock_net(skb->sk));
2584        if (err <= 0) {
2585                kfree_skb(skb2);
2586                return -ENOMEM;
2587        }
2588
2589        return nfnetlink_unicast(skb2, info->net, NETLINK_CB(skb).portid);
2590}
2591
2592static const struct nla_policy exp_nla_policy[CTA_EXPECT_MAX+1] = {
2593        [CTA_EXPECT_MASTER]     = { .type = NLA_NESTED },
2594        [CTA_EXPECT_TUPLE]      = { .type = NLA_NESTED },
2595        [CTA_EXPECT_MASK]       = { .type = NLA_NESTED },
2596        [CTA_EXPECT_TIMEOUT]    = { .type = NLA_U32 },
2597        [CTA_EXPECT_ID]         = { .type = NLA_U32 },
2598        [CTA_EXPECT_HELP_NAME]  = { .type = NLA_NUL_STRING,
2599                                    .len = NF_CT_HELPER_NAME_LEN - 1 },
2600        [CTA_EXPECT_ZONE]       = { .type = NLA_U16 },
2601        [CTA_EXPECT_FLAGS]      = { .type = NLA_U32 },
2602        [CTA_EXPECT_CLASS]      = { .type = NLA_U32 },
2603        [CTA_EXPECT_NAT]        = { .type = NLA_NESTED },
2604        [CTA_EXPECT_FN]         = { .type = NLA_NUL_STRING },
2605};
2606
2607static struct nf_conntrack_expect *
2608ctnetlink_alloc_expect(const struct nlattr *const cda[], struct nf_conn *ct,
2609                       struct nf_conntrack_helper *helper,
2610                       struct nf_conntrack_tuple *tuple,
2611                       struct nf_conntrack_tuple *mask);
2612
2613#ifdef CONFIG_NETFILTER_NETLINK_GLUE_CT
2614static size_t
2615ctnetlink_glue_build_size(const struct nf_conn *ct)
2616{
2617        return 3 * nla_total_size(0) /* CTA_TUPLE_ORIG|REPL|MASTER */
2618               + 3 * nla_total_size(0) /* CTA_TUPLE_IP */
2619               + 3 * nla_total_size(0) /* CTA_TUPLE_PROTO */
2620               + 3 * nla_total_size(sizeof(u_int8_t)) /* CTA_PROTO_NUM */
2621               + nla_total_size(sizeof(u_int32_t)) /* CTA_ID */
2622               + nla_total_size(sizeof(u_int32_t)) /* CTA_STATUS */
2623               + nla_total_size(sizeof(u_int32_t)) /* CTA_TIMEOUT */
2624               + nla_total_size(0) /* CTA_PROTOINFO */
2625               + nla_total_size(0) /* CTA_HELP */
2626               + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */
2627               + ctnetlink_secctx_size(ct)
2628#if IS_ENABLED(CONFIG_NF_NAT)
2629               + 2 * nla_total_size(0) /* CTA_NAT_SEQ_ADJ_ORIG|REPL */
2630               + 6 * nla_total_size(sizeof(u_int32_t)) /* CTA_NAT_SEQ_OFFSET */
2631#endif
2632#ifdef CONFIG_NF_CONNTRACK_MARK
2633               + nla_total_size(sizeof(u_int32_t)) /* CTA_MARK */
2634#endif
2635#ifdef CONFIG_NF_CONNTRACK_ZONES
2636               + nla_total_size(sizeof(u_int16_t)) /* CTA_ZONE|CTA_TUPLE_ZONE */
2637#endif
2638               + ctnetlink_proto_size(ct)
2639               ;
2640}
2641
2642static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
2643{
2644        const struct nf_conntrack_zone *zone;
2645        struct nlattr *nest_parms;
2646
2647        zone = nf_ct_zone(ct);
2648
2649        nest_parms = nla_nest_start(skb, CTA_TUPLE_ORIG);
2650        if (!nest_parms)
2651                goto nla_put_failure;
2652        if (ctnetlink_dump_tuples(skb, nf_ct_tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
2653                goto nla_put_failure;
2654        if (ctnetlink_dump_zone_id(skb, CTA_TUPLE_ZONE, zone,
2655                                   NF_CT_ZONE_DIR_ORIG) < 0)
2656                goto nla_put_failure;
2657        nla_nest_end(skb, nest_parms);
2658
2659        nest_parms = nla_nest_start(skb, CTA_TUPLE_REPLY);
2660        if (!nest_parms)
2661                goto nla_put_failure;
2662        if (ctnetlink_dump_tuples(skb, nf_ct_tuple(ct, IP_CT_DIR_REPLY)) < 0)
2663                goto nla_put_failure;
2664        if (ctnetlink_dump_zone_id(skb, CTA_TUPLE_ZONE, zone,
2665                                   NF_CT_ZONE_DIR_REPL) < 0)
2666                goto nla_put_failure;
2667        nla_nest_end(skb, nest_parms);
2668
2669        if (ctnetlink_dump_zone_id(skb, CTA_ZONE, zone,
2670                                   NF_CT_DEFAULT_ZONE_DIR) < 0)
2671                goto nla_put_failure;
2672
2673        if (ctnetlink_dump_id(skb, ct) < 0)
2674                goto nla_put_failure;
2675
2676        if (ctnetlink_dump_status(skb, ct) < 0)
2677                goto nla_put_failure;
2678
2679        if (ctnetlink_dump_timeout(skb, ct, false) < 0)
2680                goto nla_put_failure;
2681
2682        if (ctnetlink_dump_protoinfo(skb, ct, false) < 0)
2683                goto nla_put_failure;
2684
2685        if (ctnetlink_dump_helpinfo(skb, ct) < 0)
2686                goto nla_put_failure;
2687
2688#ifdef CONFIG_NF_CONNTRACK_SECMARK
2689        if (ct->secmark && ctnetlink_dump_secctx(skb, ct) < 0)
2690                goto nla_put_failure;
2691#endif
2692        if (ct->master && ctnetlink_dump_master(skb, ct) < 0)
2693                goto nla_put_failure;
2694
2695        if ((ct->status & IPS_SEQ_ADJUST) &&
2696            ctnetlink_dump_ct_seq_adj(skb, ct) < 0)
2697                goto nla_put_failure;
2698
2699        if (ctnetlink_dump_ct_synproxy(skb, ct) < 0)
2700                goto nla_put_failure;
2701
2702#ifdef CONFIG_NF_CONNTRACK_MARK
2703        if (ct->mark && ctnetlink_dump_mark(skb, ct) < 0)
2704                goto nla_put_failure;
2705#endif
2706        if (ctnetlink_dump_labels(skb, ct) < 0)
2707                goto nla_put_failure;
2708        return 0;
2709
2710nla_put_failure:
2711        return -ENOSPC;
2712}
2713
2714static int
2715ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct,
2716                     enum ip_conntrack_info ctinfo,
2717                     u_int16_t ct_attr, u_int16_t ct_info_attr)
2718{
2719        struct nlattr *nest_parms;
2720
2721        nest_parms = nla_nest_start(skb, ct_attr);
2722        if (!nest_parms)
2723                goto nla_put_failure;
2724
2725        if (__ctnetlink_glue_build(skb, ct) < 0)
2726                goto nla_put_failure;
2727
2728        nla_nest_end(skb, nest_parms);
2729
2730        if (nla_put_be32(skb, ct_info_attr, htonl(ctinfo)))
2731                goto nla_put_failure;
2732
2733        return 0;
2734
2735nla_put_failure:
2736        return -ENOSPC;
2737}
2738
2739static int
2740ctnetlink_update_status(struct nf_conn *ct, const struct nlattr * const cda[])
2741{
2742        unsigned int status = ntohl(nla_get_be32(cda[CTA_STATUS]));
2743        unsigned long d = ct->status ^ status;
2744
2745        if (d & IPS_SEEN_REPLY && !(status & IPS_SEEN_REPLY))
2746                /* SEEN_REPLY bit can only be set */
2747                return -EBUSY;
2748
2749        if (d & IPS_ASSURED && !(status & IPS_ASSURED))
2750                /* ASSURED bit can only be set */
2751                return -EBUSY;
2752
2753        /* This check is less strict than ctnetlink_change_status()
2754         * because callers often flip IPS_EXPECTED bits when sending
2755         * an NFQA_CT attribute to the kernel.  So ignore the
2756         * unchangeable bits but do not error out. Also user programs
2757         * are allowed to clear the bits that they are allowed to change.
2758         */
2759        __ctnetlink_change_status(ct, status, ~status);
2760        return 0;
2761}
2762
2763static int
2764ctnetlink_glue_parse_ct(const struct nlattr *cda[], struct nf_conn *ct)
2765{
2766        int err;
2767
2768        if (cda[CTA_TIMEOUT]) {
2769                err = ctnetlink_change_timeout(ct, cda);
2770                if (err < 0)
2771                        return err;
2772        }
2773        if (cda[CTA_STATUS]) {
2774                err = ctnetlink_update_status(ct, cda);
2775                if (err < 0)
2776                        return err;
2777        }
2778        if (cda[CTA_HELP]) {
2779                err = ctnetlink_change_helper(ct, cda);
2780                if (err < 0)
2781                        return err;
2782        }
2783        if (cda[CTA_LABELS]) {
2784                err = ctnetlink_attach_labels(ct, cda);
2785                if (err < 0)
2786                        return err;
2787        }
2788#if defined(CONFIG_NF_CONNTRACK_MARK)
2789        if (cda[CTA_MARK]) {
2790                ctnetlink_change_mark(ct, cda);
2791        }
2792#endif
2793        return 0;
2794}
2795
2796static int
2797ctnetlink_glue_parse(const struct nlattr *attr, struct nf_conn *ct)
2798{
2799        struct nlattr *cda[CTA_MAX+1];
2800        int ret;
2801
2802        ret = nla_parse_nested_deprecated(cda, CTA_MAX, attr, ct_nla_policy,
2803                                          NULL);
2804        if (ret < 0)
2805                return ret;
2806
2807        return ctnetlink_glue_parse_ct((const struct nlattr **)cda, ct);
2808}
2809
2810static int ctnetlink_glue_exp_parse(const struct nlattr * const *cda,
2811                                    const struct nf_conn *ct,
2812                                    struct nf_conntrack_tuple *tuple,
2813                                    struct nf_conntrack_tuple *mask)
2814{
2815        int err;
2816
2817        err = ctnetlink_parse_tuple(cda, tuple, CTA_EXPECT_TUPLE,
2818                                    nf_ct_l3num(ct), NULL);
2819        if (err < 0)
2820                return err;
2821
2822        return ctnetlink_parse_tuple(cda, mask, CTA_EXPECT_MASK,
2823                                     nf_ct_l3num(ct), NULL);
2824}
2825
2826static int
2827ctnetlink_glue_attach_expect(const struct nlattr *attr, struct nf_conn *ct,
2828                             u32 portid, u32 report)
2829{
2830        struct nlattr *cda[CTA_EXPECT_MAX+1];
2831        struct nf_conntrack_tuple tuple, mask;
2832        struct nf_conntrack_helper *helper = NULL;
2833        struct nf_conntrack_expect *exp;
2834        int err;
2835
2836        err = nla_parse_nested_deprecated(cda, CTA_EXPECT_MAX, attr,
2837                                          exp_nla_policy, NULL);
2838        if (err < 0)
2839                return err;
2840
2841        err = ctnetlink_glue_exp_parse((const struct nlattr * const *)cda,
2842                                       ct, &tuple, &mask);
2843        if (err < 0)
2844                return err;
2845
2846        if (cda[CTA_EXPECT_HELP_NAME]) {
2847                const char *helpname = nla_data(cda[CTA_EXPECT_HELP_NAME]);
2848
2849                helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
2850                                                    nf_ct_protonum(ct));
2851                if (helper == NULL)
2852                        return -EOPNOTSUPP;
2853        }
2854
2855        exp = ctnetlink_alloc_expect((const struct nlattr * const *)cda, ct,
2856                                     helper, &tuple, &mask);
2857        if (IS_ERR(exp))
2858                return PTR_ERR(exp);
2859
2860        err = nf_ct_expect_related_report(exp, portid, report, 0);
2861        nf_ct_expect_put(exp);
2862        return err;
2863}
2864
2865static void ctnetlink_glue_seqadj(struct sk_buff *skb, struct nf_conn *ct,
2866                                  enum ip_conntrack_info ctinfo, int diff)
2867{
2868        if (!(ct->status & IPS_NAT_MASK))
2869                return;
2870
2871        nf_ct_tcp_seqadj_set(skb, ct, ctinfo, diff);
2872}
2873
2874static struct nfnl_ct_hook ctnetlink_glue_hook = {
2875        .build_size     = ctnetlink_glue_build_size,
2876        .build          = ctnetlink_glue_build,
2877        .parse          = ctnetlink_glue_parse,
2878        .attach_expect  = ctnetlink_glue_attach_expect,
2879        .seq_adjust     = ctnetlink_glue_seqadj,
2880};
2881#endif /* CONFIG_NETFILTER_NETLINK_GLUE_CT */
2882
2883/***********************************************************************
2884 * EXPECT
2885 ***********************************************************************/
2886
2887static int ctnetlink_exp_dump_tuple(struct sk_buff *skb,
2888                                    const struct nf_conntrack_tuple *tuple,
2889                                    u32 type)
2890{
2891        struct nlattr *nest_parms;
2892
2893        nest_parms = nla_nest_start(skb, type);
2894        if (!nest_parms)
2895                goto nla_put_failure;
2896        if (ctnetlink_dump_tuples(skb, tuple) < 0)
2897                goto nla_put_failure;
2898        nla_nest_end(skb, nest_parms);
2899
2900        return 0;
2901
2902nla_put_failure:
2903        return -1;
2904}
2905
2906static int ctnetlink_exp_dump_mask(struct sk_buff *skb,
2907                                   const struct nf_conntrack_tuple *tuple,
2908                                   const struct nf_conntrack_tuple_mask *mask)
2909{
2910        const struct nf_conntrack_l4proto *l4proto;
2911        struct nf_conntrack_tuple m;
2912        struct nlattr *nest_parms;
2913        int ret;
2914
2915        memset(&m, 0xFF, sizeof(m));
2916        memcpy(&m.src.u3, &mask->src.u3, sizeof(m.src.u3));
2917        m.src.u.all = mask->src.u.all;
2918        m.src.l3num = tuple->src.l3num;
2919        m.dst.protonum = tuple->dst.protonum;
2920
2921        nest_parms = nla_nest_start(skb, CTA_EXPECT_MASK);
2922        if (!nest_parms)
2923                goto nla_put_failure;
2924
2925        rcu_read_lock();
2926        ret = ctnetlink_dump_tuples_ip(skb, &m);
2927        if (ret >= 0) {
2928                l4proto = nf_ct_l4proto_find(tuple->dst.protonum);
2929                ret = ctnetlink_dump_tuples_proto(skb, &m, l4proto);
2930        }
2931        rcu_read_unlock();
2932
2933        if (unlikely(ret < 0))
2934                goto nla_put_failure;
2935
2936        nla_nest_end(skb, nest_parms);
2937
2938        return 0;
2939
2940nla_put_failure:
2941        return -1;
2942}
2943
2944static const union nf_inet_addr any_addr;
2945
2946static __be32 nf_expect_get_id(const struct nf_conntrack_expect *exp)
2947{
2948        static __read_mostly siphash_key_t exp_id_seed;
2949        unsigned long a, b, c, d;
2950
2951        net_get_random_once(&exp_id_seed, sizeof(exp_id_seed));
2952
2953        a = (unsigned long)exp;
2954        b = (unsigned long)exp->helper;
2955        c = (unsigned long)exp->master;
2956        d = (unsigned long)siphash(&exp->tuple, sizeof(exp->tuple), &exp_id_seed);
2957
2958#ifdef CONFIG_64BIT
2959        return (__force __be32)siphash_4u64((u64)a, (u64)b, (u64)c, (u64)d, &exp_id_seed);
2960#else
2961        return (__force __be32)siphash_4u32((u32)a, (u32)b, (u32)c, (u32)d, &exp_id_seed);
2962#endif
2963}
2964
2965static int
2966ctnetlink_exp_dump_expect(struct sk_buff *skb,
2967                          const struct nf_conntrack_expect *exp)
2968{
2969        struct nf_conn *master = exp->master;
2970        long timeout = ((long)exp->timeout.expires - (long)jiffies) / HZ;
2971        struct nf_conn_help *help;
2972#if IS_ENABLED(CONFIG_NF_NAT)
2973        struct nlattr *nest_parms;
2974        struct nf_conntrack_tuple nat_tuple = {};
2975#endif
2976        struct nf_ct_helper_expectfn *expfn;
2977
2978        if (timeout < 0)
2979                timeout = 0;
2980
2981        if (ctnetlink_exp_dump_tuple(skb, &exp->tuple, CTA_EXPECT_TUPLE) < 0)
2982                goto nla_put_failure;
2983        if (ctnetlink_exp_dump_mask(skb, &exp->tuple, &exp->mask) < 0)
2984                goto nla_put_failure;
2985        if (ctnetlink_exp_dump_tuple(skb,
2986                                 &master->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
2987                                 CTA_EXPECT_MASTER) < 0)
2988                goto nla_put_failure;
2989
2990#if IS_ENABLED(CONFIG_NF_NAT)
2991        if (!nf_inet_addr_cmp(&exp->saved_addr, &any_addr) ||
2992            exp->saved_proto.all) {
2993                nest_parms = nla_nest_start(skb, CTA_EXPECT_NAT);
2994                if (!nest_parms)
2995                        goto nla_put_failure;
2996
2997                if (nla_put_be32(skb, CTA_EXPECT_NAT_DIR, htonl(exp->dir)))
2998                        goto nla_put_failure;
2999
3000                nat_tuple.src.l3num = nf_ct_l3num(master);
3001                nat_tuple.src.u3 = exp->saved_addr;
3002                nat_tuple.dst.protonum = nf_ct_protonum(master);
3003                nat_tuple.src.u = exp->saved_proto;
3004
3005                if (ctnetlink_exp_dump_tuple(skb, &nat_tuple,
3006                                                CTA_EXPECT_NAT_TUPLE) < 0)
3007                        goto nla_put_failure;
3008                nla_nest_end(skb, nest_parms);
3009        }
3010#endif
3011        if (nla_put_be32(skb, CTA_EXPECT_TIMEOUT, htonl(timeout)) ||
3012            nla_put_be32(skb, CTA_EXPECT_ID, nf_expect_get_id(exp)) ||
3013            nla_put_be32(skb, CTA_EXPECT_FLAGS, htonl(exp->flags)) ||
3014            nla_put_be32(skb, CTA_EXPECT_CLASS, htonl(exp->class)))
3015                goto nla_put_failure;
3016        help = nfct_help(master);
3017        if (help) {
3018                struct nf_conntrack_helper *helper;
3019
3020                helper = rcu_dereference(help->helper);
3021                if (helper &&
3022                    nla_put_string(skb, CTA_EXPECT_HELP_NAME, helper->name))
3023                        goto nla_put_failure;
3024        }
3025        expfn = nf_ct_helper_expectfn_find_by_symbol(exp->expectfn);
3026        if (expfn != NULL &&
3027            nla_put_string(skb, CTA_EXPECT_FN, expfn->name))
3028                goto nla_put_failure;
3029
3030        return 0;
3031
3032nla_put_failure:
3033        return -1;
3034}
3035
3036static int
3037ctnetlink_exp_fill_info(struct sk_buff *skb, u32 portid, u32 seq,
3038                        int event, const struct nf_conntrack_expect *exp)
3039{
3040        struct nlmsghdr *nlh;
3041        unsigned int flags = portid ? NLM_F_MULTI : 0;
3042
3043        event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_EXP, event);
3044        nlh = nfnl_msg_put(skb, portid, seq, event, flags,
3045                           exp->tuple.src.l3num, NFNETLINK_V0, 0);
3046        if (!nlh)
3047                goto nlmsg_failure;
3048
3049        if (ctnetlink_exp_dump_expect(skb, exp) < 0)
3050                goto nla_put_failure;
3051
3052        nlmsg_end(skb, nlh);
3053        return skb->len;
3054
3055nlmsg_failure:
3056nla_put_failure:
3057        nlmsg_cancel(skb, nlh);
3058        return -1;
3059}
3060
3061#ifdef CONFIG_NF_CONNTRACK_EVENTS
3062static int
3063ctnetlink_expect_event(unsigned int events, struct nf_exp_event *item)
3064{
3065        struct nf_conntrack_expect *exp = item->exp;
3066        struct net *net = nf_ct_exp_net(exp);
3067        struct nlmsghdr *nlh;
3068        struct sk_buff *skb;
3069        unsigned int type, group;
3070        int flags = 0;
3071
3072        if (events & (1 << IPEXP_DESTROY)) {
3073                type = IPCTNL_MSG_EXP_DELETE;
3074                group = NFNLGRP_CONNTRACK_EXP_DESTROY;
3075        } else if (events & (1 << IPEXP_NEW)) {
3076                type = IPCTNL_MSG_EXP_NEW;
3077                flags = NLM_F_CREATE|NLM_F_EXCL;
3078                group = NFNLGRP_CONNTRACK_EXP_NEW;
3079        } else
3080                return 0;
3081
3082        if (!item->report && !nfnetlink_has_listeners(net, group))
3083                return 0;
3084
3085        skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
3086        if (skb == NULL)
3087                goto errout;
3088
3089        type = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_EXP, type);
3090        nlh = nfnl_msg_put(skb, item->portid, 0, type, flags,
3091                           exp->tuple.src.l3num, NFNETLINK_V0, 0);
3092        if (!nlh)
3093                goto nlmsg_failure;
3094
3095        if (ctnetlink_exp_dump_expect(skb, exp) < 0)
3096                goto nla_put_failure;
3097
3098        nlmsg_end(skb, nlh);
3099        nfnetlink_send(skb, net, item->portid, group, item->report, GFP_ATOMIC);
3100        return 0;
3101
3102nla_put_failure:
3103        nlmsg_cancel(skb, nlh);
3104nlmsg_failure:
3105        kfree_skb(skb);
3106errout:
3107        nfnetlink_set_err(net, 0, 0, -ENOBUFS);
3108        return 0;
3109}
3110#endif
3111static int ctnetlink_exp_done(struct netlink_callback *cb)
3112{
3113        if (cb->args[1])
3114                nf_ct_expect_put((struct nf_conntrack_expect *)cb->args[1]);
3115        return 0;
3116}
3117
3118static int
3119ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
3120{
3121        struct net *net = sock_net(skb->sk);
3122        struct nf_conntrack_expect *exp, *last;
3123        struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
3124        u_int8_t l3proto = nfmsg->nfgen_family;
3125
3126        rcu_read_lock();
3127        last = (struct nf_conntrack_expect *)cb->args[1];
3128        for (; cb->args[0] < nf_ct_expect_hsize; cb->args[0]++) {
3129restart:
3130                hlist_for_each_entry_rcu(exp, &nf_ct_expect_hash[cb->args[0]],
3131                                         hnode) {
3132                        if (l3proto && exp->tuple.src.l3num != l3proto)
3133                                continue;
3134
3135                        if (!net_eq(nf_ct_net(exp->master), net))
3136                                continue;
3137
3138                        if (cb->args[1]) {
3139                                if (exp != last)
3140                                        continue;
3141                                cb->args[1] = 0;
3142                        }
3143                        if (ctnetlink_exp_fill_info(skb,
3144                                                    NETLINK_CB(cb->skb).portid,
3145                                                    cb->nlh->nlmsg_seq,
3146                                                    IPCTNL_MSG_EXP_NEW,
3147                                                    exp) < 0) {
3148                                if (!refcount_inc_not_zero(&exp->use))
3149                                        continue;
3150                                cb->args[1] = (unsigned long)exp;
3151                                goto out;
3152                        }
3153                }
3154                if (cb->args[1]) {
3155                        cb->args[1] = 0;
3156                        goto restart;
3157                }
3158        }
3159out:
3160        rcu_read_unlock();
3161        if (last)
3162                nf_ct_expect_put(last);
3163
3164        return skb->len;
3165}
3166
3167static int
3168ctnetlink_exp_ct_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
3169{
3170        struct nf_conntrack_expect *exp, *last;
3171        struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
3172        struct nf_conn *ct = cb->data;
3173        struct nf_conn_help *help = nfct_help(ct);
3174        u_int8_t l3proto = nfmsg->nfgen_family;
3175
3176        if (cb->args[0])
3177                return 0;
3178
3179        rcu_read_lock();
3180        last = (struct nf_conntrack_expect *)cb->args[1];
3181restart:
3182        hlist_for_each_entry_rcu(exp, &help->expectations, lnode) {
3183                if (l3proto && exp->tuple.src.l3num != l3proto)
3184                        continue;
3185                if (cb->args[1]) {
3186                        if (exp != last)
3187                                continue;
3188                        cb->args[1] = 0;
3189                }
3190                if (ctnetlink_exp_fill_info(skb, NETLINK_CB(cb->skb).portid,
3191                                            cb->nlh->nlmsg_seq,
3192                                            IPCTNL_MSG_EXP_NEW,
3193                                            exp) < 0) {
3194                        if (!refcount_inc_not_zero(&exp->use))
3195                                continue;
3196                        cb->args[1] = (unsigned long)exp;
3197                        goto out;
3198                }
3199        }
3200        if (cb->args[1]) {
3201                cb->args[1] = 0;
3202                goto restart;
3203        }
3204        cb->args[0] = 1;
3205out:
3206        rcu_read_unlock();
3207        if (last)
3208                nf_ct_expect_put(last);
3209
3210        return skb->len;
3211}
3212
3213static int ctnetlink_dump_exp_ct(struct net *net, struct sock *ctnl,
3214                                 struct sk_buff *skb,
3215                                 const struct nlmsghdr *nlh,
3216                                 const struct nlattr * const cda[],
3217                                 struct netlink_ext_ack *extack)
3218{
3219        int err;
3220        struct nfgenmsg *nfmsg = nlmsg_data(nlh);
3221        u_int8_t u3 = nfmsg->nfgen_family;
3222        struct nf_conntrack_tuple tuple;
3223        struct nf_conntrack_tuple_hash *h;
3224        struct nf_conn *ct;
3225        struct nf_conntrack_zone zone;
3226        struct netlink_dump_control c = {
3227                .dump = ctnetlink_exp_ct_dump_table,
3228                .done = ctnetlink_exp_done,
3229        };
3230
3231        err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_MASTER,
3232                                    u3, NULL);
3233        if (err < 0)
3234                return err;
3235
3236        err = ctnetlink_parse_zone(cda[CTA_EXPECT_ZONE], &zone);
3237        if (err < 0)
3238                return err;
3239
3240        h = nf_conntrack_find_get(net, &zone, &tuple);
3241        if (!h)
3242                return -ENOENT;
3243
3244        ct = nf_ct_tuplehash_to_ctrack(h);
3245        /* No expectation linked to this connection tracking. */
3246        if (!nfct_help(ct)) {
3247                nf_ct_put(ct);
3248                return 0;
3249        }
3250
3251        c.data = ct;
3252
3253        err = netlink_dump_start(ctnl, skb, nlh, &c);
3254        nf_ct_put(ct);
3255
3256        return err;
3257}
3258
3259static int ctnetlink_get_expect(struct sk_buff *skb,
3260                                const struct nfnl_info *info,
3261                                const struct nlattr * const cda[])
3262{
3263        u_int8_t u3 = info->nfmsg->nfgen_family;
3264        struct nf_conntrack_tuple tuple;
3265        struct nf_conntrack_expect *exp;
3266        struct nf_conntrack_zone zone;
3267        struct sk_buff *skb2;
3268        int err;
3269
3270        if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
3271                if (cda[CTA_EXPECT_MASTER])
3272                        return ctnetlink_dump_exp_ct(info->net, info->sk, skb,
3273                                                     info->nlh, cda,
3274                                                     info->extack);
3275                else {
3276                        struct netlink_dump_control c = {
3277                                .dump = ctnetlink_exp_dump_table,
3278                                .done = ctnetlink_exp_done,
3279                        };
3280                        return netlink_dump_start(info->sk, skb, info->nlh, &c);
3281                }
3282        }
3283
3284        err = ctnetlink_parse_zone(cda[CTA_EXPECT_ZONE], &zone);
3285        if (err < 0)
3286                return err;
3287
3288        if (cda[CTA_EXPECT_TUPLE])
3289                err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE,
3290                                            u3, NULL);
3291        else if (cda[CTA_EXPECT_MASTER])
3292                err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_MASTER,
3293                                            u3, NULL);
3294        else
3295                return -EINVAL;
3296
3297        if (err < 0)
3298                return err;
3299
3300        exp = nf_ct_expect_find_get(info->net, &zone, &tuple);
3301        if (!exp)
3302                return -ENOENT;
3303
3304        if (cda[CTA_EXPECT_ID]) {
3305                __be32 id = nla_get_be32(cda[CTA_EXPECT_ID]);
3306
3307                if (id != nf_expect_get_id(exp)) {
3308                        nf_ct_expect_put(exp);
3309                        return -ENOENT;
3310                }
3311        }
3312
3313        skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3314        if (!skb2) {
3315                nf_ct_expect_put(exp);
3316                return -ENOMEM;
3317        }
3318
3319        rcu_read_lock();
3320        err = ctnetlink_exp_fill_info(skb2, NETLINK_CB(skb).portid,
3321                                      info->nlh->nlmsg_seq, IPCTNL_MSG_EXP_NEW,
3322                                      exp);
3323        rcu_read_unlock();
3324        nf_ct_expect_put(exp);
3325        if (err <= 0) {
3326                kfree_skb(skb2);
3327                return -ENOMEM;
3328        }
3329
3330        return nfnetlink_unicast(skb2, info->net, NETLINK_CB(skb).portid);
3331}
3332
3333static bool expect_iter_name(struct nf_conntrack_expect *exp, void *data)
3334{
3335        const struct nf_conn_help *m_help;
3336        const char *name = data;
3337
3338        m_help = nfct_help(exp->master);
3339
3340        return strcmp(m_help->helper->name, name) == 0;
3341}
3342
3343static bool expect_iter_all(struct nf_conntrack_expect *exp, void *data)
3344{
3345        return true;
3346}
3347
3348static int ctnetlink_del_expect(struct sk_buff *skb,
3349                                const struct nfnl_info *info,
3350                                const struct nlattr * const cda[])
3351{
3352        u_int8_t u3 = info->nfmsg->nfgen_family;
3353        struct nf_conntrack_expect *exp;
3354        struct nf_conntrack_tuple tuple;
3355        struct nf_conntrack_zone zone;
3356        int err;
3357
3358        if (cda[CTA_EXPECT_TUPLE]) {
3359                /* delete a single expect by tuple */
3360                err = ctnetlink_parse_zone(cda[CTA_EXPECT_ZONE], &zone);
3361                if (err < 0)
3362                        return err;
3363
3364                err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE,
3365                                            u3, NULL);
3366                if (err < 0)
3367                        return err;
3368
3369                /* bump usage count to 2 */
3370                exp = nf_ct_expect_find_get(info->net, &zone, &tuple);
3371                if (!exp)
3372                        return -ENOENT;
3373
3374                if (cda[CTA_EXPECT_ID]) {
3375                        __be32 id = nla_get_be32(cda[CTA_EXPECT_ID]);
3376                        if (ntohl(id) != (u32)(unsigned long)exp) {
3377                                nf_ct_expect_put(exp);
3378                                return -ENOENT;
3379                        }
3380                }
3381
3382                /* after list removal, usage count == 1 */
3383                spin_lock_bh(&nf_conntrack_expect_lock);
3384                if (del_timer(&exp->timeout)) {
3385                        nf_ct_unlink_expect_report(exp, NETLINK_CB(skb).portid,
3386                                                   nlmsg_report(info->nlh));
3387                        nf_ct_expect_put(exp);
3388                }
3389                spin_unlock_bh(&nf_conntrack_expect_lock);
3390                /* have to put what we 'get' above.
3391                 * after this line usage count == 0 */
3392                nf_ct_expect_put(exp);
3393        } else if (cda[CTA_EXPECT_HELP_NAME]) {
3394                char *name = nla_data(cda[CTA_EXPECT_HELP_NAME]);
3395
3396                nf_ct_expect_iterate_net(info->net, expect_iter_name, name,
3397                                         NETLINK_CB(skb).portid,
3398                                         nlmsg_report(info->nlh));
3399        } else {
3400                /* This basically means we have to flush everything*/
3401                nf_ct_expect_iterate_net(info->net, expect_iter_all, NULL,
3402                                         NETLINK_CB(skb).portid,
3403                                         nlmsg_report(info->nlh));
3404        }
3405
3406        return 0;
3407}
3408static int
3409ctnetlink_change_expect(struct nf_conntrack_expect *x,
3410                        const struct nlattr * const cda[])
3411{
3412        if (cda[CTA_EXPECT_TIMEOUT]) {
3413                if (!del_timer(&x->timeout))
3414                        return -ETIME;
3415
3416                x->timeout.expires = jiffies +
3417                        ntohl(nla_get_be32(cda[CTA_EXPECT_TIMEOUT])) * HZ;
3418                add_timer(&x->timeout);
3419        }
3420        return 0;
3421}
3422
3423static const struct nla_policy exp_nat_nla_policy[CTA_EXPECT_NAT_MAX+1] = {
3424        [CTA_EXPECT_NAT_DIR]    = { .type = NLA_U32 },
3425        [CTA_EXPECT_NAT_TUPLE]  = { .type = NLA_NESTED },
3426};
3427
3428static int
3429ctnetlink_parse_expect_nat(const struct nlattr *attr,
3430                           struct nf_conntrack_expect *exp,
3431                           u_int8_t u3)
3432{
3433#if IS_ENABLED(CONFIG_NF_NAT)
3434        struct nlattr *tb[CTA_EXPECT_NAT_MAX+1];
3435        struct nf_conntrack_tuple nat_tuple = {};
3436        int err;
3437
3438        err = nla_parse_nested_deprecated(tb, CTA_EXPECT_NAT_MAX, attr,
3439                                          exp_nat_nla_policy, NULL);
3440        if (err < 0)
3441                return err;
3442
3443        if (!tb[CTA_EXPECT_NAT_DIR] || !tb[CTA_EXPECT_NAT_TUPLE])
3444                return -EINVAL;
3445
3446        err = ctnetlink_parse_tuple((const struct nlattr * const *)tb,
3447                                    &nat_tuple, CTA_EXPECT_NAT_TUPLE,
3448                                    u3, NULL);
3449        if (err < 0)
3450                return err;
3451
3452        exp->saved_addr = nat_tuple.src.u3;
3453        exp->saved_proto = nat_tuple.src.u;
3454        exp->dir = ntohl(nla_get_be32(tb[CTA_EXPECT_NAT_DIR]));
3455
3456        return 0;
3457#else
3458        return -EOPNOTSUPP;
3459#endif
3460}
3461
3462static struct nf_conntrack_expect *
3463ctnetlink_alloc_expect(const struct nlattr * const cda[], struct nf_conn *ct,
3464                       struct nf_conntrack_helper *helper,
3465                       struct nf_conntrack_tuple *tuple,
3466                       struct nf_conntrack_tuple *mask)
3467{
3468        u_int32_t class = 0;
3469        struct nf_conntrack_expect *exp;
3470        struct nf_conn_help *help;
3471        int err;
3472
3473        help = nfct_help(ct);
3474        if (!help)
3475                return ERR_PTR(-EOPNOTSUPP);
3476
3477        if (cda[CTA_EXPECT_CLASS] && helper) {
3478                class = ntohl(nla_get_be32(cda[CTA_EXPECT_CLASS]));
3479                if (class > helper->expect_class_max)
3480                        return ERR_PTR(-EINVAL);
3481        }
3482        exp = nf_ct_expect_alloc(ct);
3483        if (!exp)
3484                return ERR_PTR(-ENOMEM);
3485
3486        if (cda[CTA_EXPECT_FLAGS]) {
3487                exp->flags = ntohl(nla_get_be32(cda[CTA_EXPECT_FLAGS]));
3488                exp->flags &= ~NF_CT_EXPECT_USERSPACE;
3489        } else {
3490                exp->flags = 0;
3491        }
3492        if (cda[CTA_EXPECT_FN]) {
3493                const char *name = nla_data(cda[CTA_EXPECT_FN]);
3494                struct nf_ct_helper_expectfn *expfn;
3495
3496                expfn = nf_ct_helper_expectfn_find_by_name(name);
3497                if (expfn == NULL) {
3498                        err = -EINVAL;
3499                        goto err_out;
3500                }
3501                exp->expectfn = expfn->expectfn;
3502        } else
3503                exp->expectfn = NULL;
3504
3505        exp->class = class;
3506        exp->master = ct;
3507        exp->helper = helper;
3508        exp->tuple = *tuple;
3509        exp->mask.src.u3 = mask->src.u3;
3510        exp->mask.src.u.all = mask->src.u.all;
3511
3512        if (cda[CTA_EXPECT_NAT]) {
3513                err = ctnetlink_parse_expect_nat(cda[CTA_EXPECT_NAT],
3514                                                 exp, nf_ct_l3num(ct));
3515                if (err < 0)
3516                        goto err_out;
3517        }
3518        return exp;
3519err_out:
3520        nf_ct_expect_put(exp);
3521        return ERR_PTR(err);
3522}
3523
3524static int
3525ctnetlink_create_expect(struct net *net,
3526                        const struct nf_conntrack_zone *zone,
3527                        const struct nlattr * const cda[],
3528                        u_int8_t u3, u32 portid, int report)
3529{
3530        struct nf_conntrack_tuple tuple, mask, master_tuple;
3531        struct nf_conntrack_tuple_hash *h = NULL;
3532        struct nf_conntrack_helper *helper = NULL;
3533        struct nf_conntrack_expect *exp;
3534        struct nf_conn *ct;
3535        int err;
3536
3537        /* caller guarantees that those three CTA_EXPECT_* exist */
3538        err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE,
3539                                    u3, NULL);
3540        if (err < 0)
3541                return err;
3542        err = ctnetlink_parse_tuple(cda, &mask, CTA_EXPECT_MASK,
3543                                    u3, NULL);
3544        if (err < 0)
3545                return err;
3546        err = ctnetlink_parse_tuple(cda, &master_tuple, CTA_EXPECT_MASTER,
3547                                    u3, NULL);
3548        if (err < 0)
3549                return err;
3550
3551        /* Look for master conntrack of this expectation */
3552        h = nf_conntrack_find_get(net, zone, &master_tuple);
3553        if (!h)
3554                return -ENOENT;
3555        ct = nf_ct_tuplehash_to_ctrack(h);
3556
3557        rcu_read_lock();
3558        if (cda[CTA_EXPECT_HELP_NAME]) {
3559                const char *helpname = nla_data(cda[CTA_EXPECT_HELP_NAME]);
3560
3561                helper = __nf_conntrack_helper_find(helpname, u3,
3562                                                    nf_ct_protonum(ct));
3563                if (helper == NULL) {
3564                        rcu_read_unlock();
3565#ifdef CONFIG_MODULES
3566                        if (request_module("nfct-helper-%s", helpname) < 0) {
3567                                err = -EOPNOTSUPP;
3568                                goto err_ct;
3569                        }
3570                        rcu_read_lock();
3571                        helper = __nf_conntrack_helper_find(helpname, u3,
3572                                                            nf_ct_protonum(ct));
3573                        if (helper) {
3574                                err = -EAGAIN;
3575                                goto err_rcu;
3576                        }
3577                        rcu_read_unlock();
3578#endif
3579                        err = -EOPNOTSUPP;
3580                        goto err_ct;
3581                }
3582        }
3583
3584        exp = ctnetlink_alloc_expect(cda, ct, helper, &tuple, &mask);
3585        if (IS_ERR(exp)) {
3586                err = PTR_ERR(exp);
3587                goto err_rcu;
3588        }
3589
3590        err = nf_ct_expect_related_report(exp, portid, report, 0);
3591        nf_ct_expect_put(exp);
3592err_rcu:
3593        rcu_read_unlock();
3594err_ct:
3595        nf_ct_put(ct);
3596        return err;
3597}
3598
3599static int ctnetlink_new_expect(struct sk_buff *skb,
3600                                const struct nfnl_info *info,
3601                                const struct nlattr * const cda[])
3602{
3603        u_int8_t u3 = info->nfmsg->nfgen_family;
3604        struct nf_conntrack_tuple tuple;
3605        struct nf_conntrack_expect *exp;
3606        struct nf_conntrack_zone zone;
3607        int err;
3608
3609        if (!cda[CTA_EXPECT_TUPLE]
3610            || !cda[CTA_EXPECT_MASK]
3611            || !cda[CTA_EXPECT_MASTER])
3612                return -EINVAL;
3613
3614        err = ctnetlink_parse_zone(cda[CTA_EXPECT_ZONE], &zone);
3615        if (err < 0)
3616                return err;
3617
3618        err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE,
3619                                    u3, NULL);
3620        if (err < 0)
3621                return err;
3622
3623        spin_lock_bh(&nf_conntrack_expect_lock);
3624        exp = __nf_ct_expect_find(info->net, &zone, &tuple);
3625        if (!exp) {
3626                spin_unlock_bh(&nf_conntrack_expect_lock);
3627                err = -ENOENT;
3628                if (info->nlh->nlmsg_flags & NLM_F_CREATE) {
3629                        err = ctnetlink_create_expect(info->net, &zone, cda, u3,
3630                                                      NETLINK_CB(skb).portid,
3631                                                      nlmsg_report(info->nlh));
3632                }
3633                return err;
3634        }
3635
3636        err = -EEXIST;
3637        if (!(info->nlh->nlmsg_flags & NLM_F_EXCL))
3638                err = ctnetlink_change_expect(exp, cda);
3639        spin_unlock_bh(&nf_conntrack_expect_lock);
3640
3641        return err;
3642}
3643
3644static int
3645ctnetlink_exp_stat_fill_info(struct sk_buff *skb, u32 portid, u32 seq, int cpu,
3646                             const struct ip_conntrack_stat *st)
3647{
3648        struct nlmsghdr *nlh;
3649        unsigned int flags = portid ? NLM_F_MULTI : 0, event;
3650
3651        event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK,
3652                              IPCTNL_MSG_EXP_GET_STATS_CPU);
3653        nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
3654                           NFNETLINK_V0, htons(cpu));
3655        if (!nlh)
3656                goto nlmsg_failure;
3657
3658        if (nla_put_be32(skb, CTA_STATS_EXP_NEW, htonl(st->expect_new)) ||
3659            nla_put_be32(skb, CTA_STATS_EXP_CREATE, htonl(st->expect_create)) ||
3660            nla_put_be32(skb, CTA_STATS_EXP_DELETE, htonl(st->expect_delete)))
3661                goto nla_put_failure;
3662
3663        nlmsg_end(skb, nlh);
3664        return skb->len;
3665
3666nla_put_failure:
3667nlmsg_failure:
3668        nlmsg_cancel(skb, nlh);
3669        return -1;
3670}
3671
3672static int
3673ctnetlink_exp_stat_cpu_dump(struct sk_buff *skb, struct netlink_callback *cb)
3674{
3675        int cpu;
3676        struct net *net = sock_net(skb->sk);
3677
3678        if (cb->args[0] == nr_cpu_ids)
3679                return 0;
3680
3681        for (cpu = cb->args[0]; cpu < nr_cpu_ids; cpu++) {
3682                const struct ip_conntrack_stat *st;
3683
3684                if (!cpu_possible(cpu))
3685                        continue;
3686
3687                st = per_cpu_ptr(net->ct.stat, cpu);
3688                if (ctnetlink_exp_stat_fill_info(skb, NETLINK_CB(cb->skb).portid,
3689                                                 cb->nlh->nlmsg_seq,
3690                                                 cpu, st) < 0)
3691                        break;
3692        }
3693        cb->args[0] = cpu;
3694
3695        return skb->len;
3696}
3697
3698static int ctnetlink_stat_exp_cpu(struct sk_buff *skb,
3699                                  const struct nfnl_info *info,
3700                                  const struct nlattr * const cda[])
3701{
3702        if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
3703                struct netlink_dump_control c = {
3704                        .dump = ctnetlink_exp_stat_cpu_dump,
3705                };
3706                return netlink_dump_start(info->sk, skb, info->nlh, &c);
3707        }
3708
3709        return 0;
3710}
3711
3712#ifdef CONFIG_NF_CONNTRACK_EVENTS
3713static struct nf_ct_event_notifier ctnl_notifier = {
3714        .fcn = ctnetlink_conntrack_event,
3715};
3716
3717static struct nf_exp_event_notifier ctnl_notifier_exp = {
3718        .fcn = ctnetlink_expect_event,
3719};
3720#endif
3721
3722static const struct nfnl_callback ctnl_cb[IPCTNL_MSG_MAX] = {
3723        [IPCTNL_MSG_CT_NEW]     = {
3724                .call           = ctnetlink_new_conntrack,
3725                .type           = NFNL_CB_MUTEX,
3726                .attr_count     = CTA_MAX,
3727                .policy         = ct_nla_policy
3728        },
3729        [IPCTNL_MSG_CT_GET]     = {
3730                .call           = ctnetlink_get_conntrack,
3731                .type           = NFNL_CB_MUTEX,
3732                .attr_count     = CTA_MAX,
3733                .policy         = ct_nla_policy
3734        },
3735        [IPCTNL_MSG_CT_DELETE]  = {
3736                .call           = ctnetlink_del_conntrack,
3737                .type           = NFNL_CB_MUTEX,
3738                .attr_count     = CTA_MAX,
3739                .policy         = ct_nla_policy
3740        },
3741        [IPCTNL_MSG_CT_GET_CTRZERO] = {
3742                .call           = ctnetlink_get_conntrack,
3743                .type           = NFNL_CB_MUTEX,
3744                .attr_count     = CTA_MAX,
3745                .policy         = ct_nla_policy
3746        },
3747        [IPCTNL_MSG_CT_GET_STATS_CPU] = {
3748                .call           = ctnetlink_stat_ct_cpu,
3749                .type           = NFNL_CB_MUTEX,
3750        },
3751        [IPCTNL_MSG_CT_GET_STATS] = {
3752                .call           = ctnetlink_stat_ct,
3753                .type           = NFNL_CB_MUTEX,
3754        },
3755        [IPCTNL_MSG_CT_GET_DYING] = {
3756                .call           = ctnetlink_get_ct_dying,
3757                .type           = NFNL_CB_MUTEX,
3758        },
3759        [IPCTNL_MSG_CT_GET_UNCONFIRMED] = {
3760                .call           = ctnetlink_get_ct_unconfirmed,
3761                .type           = NFNL_CB_MUTEX,
3762        },
3763};
3764
3765static const struct nfnl_callback ctnl_exp_cb[IPCTNL_MSG_EXP_MAX] = {
3766        [IPCTNL_MSG_EXP_GET] = {
3767                .call           = ctnetlink_get_expect,
3768                .type           = NFNL_CB_MUTEX,
3769                .attr_count     = CTA_EXPECT_MAX,
3770                .policy         = exp_nla_policy
3771        },
3772        [IPCTNL_MSG_EXP_NEW] = {
3773                .call           = ctnetlink_new_expect,
3774                .type           = NFNL_CB_MUTEX,
3775                .attr_count     = CTA_EXPECT_MAX,
3776                .policy         = exp_nla_policy
3777        },
3778        [IPCTNL_MSG_EXP_DELETE] = {
3779                .call           = ctnetlink_del_expect,
3780                .type           = NFNL_CB_MUTEX,
3781                .attr_count     = CTA_EXPECT_MAX,
3782                .policy         = exp_nla_policy
3783        },
3784        [IPCTNL_MSG_EXP_GET_STATS_CPU] = {
3785                .call           = ctnetlink_stat_exp_cpu,
3786                .type           = NFNL_CB_MUTEX,
3787        },
3788};
3789
3790static const struct nfnetlink_subsystem ctnl_subsys = {
3791        .name                           = "conntrack",
3792        .subsys_id                      = NFNL_SUBSYS_CTNETLINK,
3793        .cb_count                       = IPCTNL_MSG_MAX,
3794        .cb                             = ctnl_cb,
3795};
3796
3797static const struct nfnetlink_subsystem ctnl_exp_subsys = {
3798        .name                           = "conntrack_expect",
3799        .subsys_id                      = NFNL_SUBSYS_CTNETLINK_EXP,
3800        .cb_count                       = IPCTNL_MSG_EXP_MAX,
3801        .cb                             = ctnl_exp_cb,
3802};
3803
3804MODULE_ALIAS("ip_conntrack_netlink");
3805MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK);
3806MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK_EXP);
3807
3808static int __net_init ctnetlink_net_init(struct net *net)
3809{
3810#ifdef CONFIG_NF_CONNTRACK_EVENTS
3811        int ret;
3812
3813        ret = nf_conntrack_register_notifier(net, &ctnl_notifier);
3814        if (ret < 0) {
3815                pr_err("ctnetlink_init: cannot register notifier.\n");
3816                goto err_out;
3817        }
3818
3819        ret = nf_ct_expect_register_notifier(net, &ctnl_notifier_exp);
3820        if (ret < 0) {
3821                pr_err("ctnetlink_init: cannot expect register notifier.\n");
3822                goto err_unreg_notifier;
3823        }
3824#endif
3825        return 0;
3826
3827#ifdef CONFIG_NF_CONNTRACK_EVENTS
3828err_unreg_notifier:
3829        nf_conntrack_unregister_notifier(net, &ctnl_notifier);
3830err_out:
3831        return ret;
3832#endif
3833}
3834
3835static void ctnetlink_net_exit(struct net *net)
3836{
3837#ifdef CONFIG_NF_CONNTRACK_EVENTS
3838        nf_ct_expect_unregister_notifier(net, &ctnl_notifier_exp);
3839        nf_conntrack_unregister_notifier(net, &ctnl_notifier);
3840#endif
3841}
3842
3843static void __net_exit ctnetlink_net_exit_batch(struct list_head *net_exit_list)
3844{
3845        struct net *net;
3846
3847        list_for_each_entry(net, net_exit_list, exit_list)
3848                ctnetlink_net_exit(net);
3849
3850        /* wait for other cpus until they are done with ctnl_notifiers */
3851        synchronize_rcu();
3852}
3853
3854static struct pernet_operations ctnetlink_net_ops = {
3855        .init           = ctnetlink_net_init,
3856        .exit_batch     = ctnetlink_net_exit_batch,
3857};
3858
3859static int __init ctnetlink_init(void)
3860{
3861        int ret;
3862
3863        ret = nfnetlink_subsys_register(&ctnl_subsys);
3864        if (ret < 0) {
3865                pr_err("ctnetlink_init: cannot register with nfnetlink.\n");
3866                goto err_out;
3867        }
3868
3869        ret = nfnetlink_subsys_register(&ctnl_exp_subsys);
3870        if (ret < 0) {
3871                pr_err("ctnetlink_init: cannot register exp with nfnetlink.\n");
3872                goto err_unreg_subsys;
3873        }
3874
3875        ret = register_pernet_subsys(&ctnetlink_net_ops);
3876        if (ret < 0) {
3877                pr_err("ctnetlink_init: cannot register pernet operations\n");
3878                goto err_unreg_exp_subsys;
3879        }
3880#ifdef CONFIG_NETFILTER_NETLINK_GLUE_CT
3881        /* setup interaction between nf_queue and nf_conntrack_netlink. */
3882        RCU_INIT_POINTER(nfnl_ct_hook, &ctnetlink_glue_hook);
3883#endif
3884        return 0;
3885
3886err_unreg_exp_subsys:
3887        nfnetlink_subsys_unregister(&ctnl_exp_subsys);
3888err_unreg_subsys:
3889        nfnetlink_subsys_unregister(&ctnl_subsys);
3890err_out:
3891        return ret;
3892}
3893
3894static void __exit ctnetlink_exit(void)
3895{
3896        unregister_pernet_subsys(&ctnetlink_net_ops);
3897        nfnetlink_subsys_unregister(&ctnl_exp_subsys);
3898        nfnetlink_subsys_unregister(&ctnl_subsys);
3899#ifdef CONFIG_NETFILTER_NETLINK_GLUE_CT
3900        RCU_INIT_POINTER(nfnl_ct_hook, NULL);
3901#endif
3902        synchronize_rcu();
3903}
3904
3905module_init(ctnetlink_init);
3906module_exit(ctnetlink_exit);
3907