From patchwork Sat Feb 20 09:07:09 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stephane Bryant <stephane.ml.bryant@gmail.com>
X-Patchwork-Id: 585577
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id E2DB414076A
	for <incoming@patchwork.ozlabs.org>;
	Sat, 20 Feb 2016 20:07:43 +1100 (AEDT)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com header.b=M/qAjw4b;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S2992930AbcBTJHm (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Sat, 20 Feb 2016 04:07:42 -0500
Received: from mail-wm0-f41.google.com ([74.125.82.41]:35184 "EHLO
	mail-wm0-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S2992755AbcBTJHf (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Sat, 20 Feb 2016 04:07:35 -0500
Received: by mail-wm0-f41.google.com with SMTP id c200so106854623wme.0
	for <netfilter-devel@vger.kernel.org>;
	Sat, 20 Feb 2016 01:07:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=Sd29d7Vhjv0yKcPISS1aBx2iikI1oBu9uQ1gWYFeltU=;
	b=M/qAjw4banZJA7QKXdKYB/mFx9YIf6FIKnu1Cjd9mZOUc9Bj3L6BEuWeB013ortAWg
	WPQgfGbq84MmjZdeYSVHOb5twpSdRI8h2BcpXZVn8Fbd2l0anvNlx2YCzmqcvaLOUZJJ
	wcP5g39dbpVKXYD0egB983T8AYn861siAAIrTXLHM1SZPrnONGtaZ1jfiVCPlDR4eSK6
	dHRTDoBtbT3QEouu/NCOaN1bTnH5WUN5cufjqgRij56q3xys0lWQCCUdGW05BjE0ZYlJ
	IAU7DDzQXrbrMmYshdU9r/wjMnqx+FlAQ5rVNf19oA+FmvARbZ1XDQQoTWLb1++y1ss+
	128A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=Sd29d7Vhjv0yKcPISS1aBx2iikI1oBu9uQ1gWYFeltU=;
	b=jYisjcJ0WuFjZpGtYZSBFcM2LlB4WtMpnv77DWgjJd1whjoTVYRpjp4rZfZupIJE3a
	adRBx03ZDqiocYYKAqqtWAXEhPkexxwv7XXIhshU9Qhm05HZOQqYe2qtvAWoy8X/9Rdm
	UCOvgr4JhJflyB1JjICXJE7LN70VU4ecNJteAgHVSqjmaJ/DWOuPZhqZeIclJDm5ADtx
	nhpG8aYl+J7whQkmWKe7VtMMAfM5Bp6SNX4XZ1Lhn56Dsk5oqziO7IMvgUnwXF2EUGfs
	T1cV+gMJpjuDQ1Dv3Rn8xtXKmh96w9QG7oDI2n+futLOPiogpiUEny9aI8paLlf5Vs07
	E2pQ==
X-Gm-Message-State: 
 AG10YORXx3ksjRvrp/xO/BO4Tf+UI6wEjyexWcuAe7OT/MYyhm1td0NPJZ7AnePbpZve1A==
X-Received: by 10.194.60.20 with SMTP id d20mr19825883wjr.109.1455959253410;
	Sat, 20 Feb 2016 01:07:33 -0800 (PST)
Received: from localhost.localdomain (gar13-9-83-156-136-174.fbx.proxad.net.
	[83.156.136.174]) by smtp.gmail.com with ESMTPSA id
	x66sm11167834wmb.20.2016.02.20.01.07.32
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Sat, 20 Feb 2016 01:07:32 -0800 (PST)
From: Stephane Bryant <stephane.ml.bryant@gmail.com>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org, stephane <stephane.ml.bryant@gmail.com>
Subject: [PATCH nf-next v3 2/3] netfilter: bridge: pass L2 header and VLAN
	as netlink attributes in queues to userspace
Date: Sat, 20 Feb 2016 10:07:09 +0100
Message-Id: <1455959230-3680-2-git-send-email-stephane.ml.bryant@gmail.com>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1455959230-3680-1-git-send-email-stephane.ml.bryant@gmail.com>
References: <1455959230-3680-1-git-send-email-stephane.ml.bryant@gmail.com>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

From: stephane <stephane.ml.bryant@gmail.com>

-this creates 2 netlink attribute NLQA_VLAN and NLQA_L2HDR
-these are filled up for the PF_BRIDGE family on the way to userspace

Signed-off-by: Stephane Bryant <stephane.ml.bryant@gmail.com>
---
 include/uapi/linux/netfilter/nfnetlink_queue.h |  7 ++++
 net/netfilter/nfnetlink_queue.c                | 53 ++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)

diff --git a/include/uapi/linux/netfilter/nfnetlink_queue.h b/include/uapi/linux/netfilter/nfnetlink_queue.h
index b67a853..211fcdc 100644
--- a/include/uapi/linux/netfilter/nfnetlink_queue.h
+++ b/include/uapi/linux/netfilter/nfnetlink_queue.h
@@ -30,6 +30,11 @@ struct nfqnl_msg_packet_timestamp {
 	__aligned_be64	usec;
 };
 
+struct nfqnl_msg_vlan {
+	__be16                  proto;
+	__u16                   tci;
+} __attribute__ ((packed));
+
 enum nfqnl_attr_type {
 	NFQA_UNSPEC,
 	NFQA_PACKET_HDR,
@@ -50,6 +55,8 @@ enum nfqnl_attr_type {
 	NFQA_UID,			/* __u32 sk uid */
 	NFQA_GID,			/* __u32 sk gid */
 	NFQA_SECCTX,			/* security context string */
+	NFQA_VLAN,                      /* packet vlan info */
+	NFQA_L2HDR,                     /* full L2 header */
 
 	__NFQA_MAX
 };
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 1d39365..b40cdb4 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -295,6 +295,54 @@ static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, char **secdata)
 	return seclen;
 }
 
+static u32 nfqnl_get_bridge_nla_len(struct nf_queue_entry *entry)
+{
+	u32 nlalen = 0;
+	struct sk_buff *entskb = entry->skb;
+
+	if ((entry->state.pf != PF_BRIDGE) || (!skb_mac_header_was_set(entskb)))
+		return 0;
+
+	if (skb_vlan_tag_present(entskb))
+		nlalen += nla_total_size(sizeof(struct nfqnl_msg_vlan));
+
+	if (entskb->network_header > entskb->mac_header)
+		nlalen += nla_total_size((entskb->network_header -
+					  entskb->mac_header));
+
+	return nlalen;
+}
+
+static int nfqnl_put_bridge_nla(struct nf_queue_entry *entry,
+				struct sk_buff *skb)
+{
+	struct sk_buff *entskb = entry->skb;
+
+	if ((entry->state.pf != PF_BRIDGE) || (!skb_mac_header_was_set(entskb)))
+		return 0;
+
+	if (skb_vlan_tag_present(entskb)) {
+		struct nfqnl_msg_vlan pvlan;
+
+		pvlan.tci = entskb->vlan_tci;
+		pvlan.proto = entskb->vlan_proto;
+		if (nla_put(skb, NFQA_VLAN, sizeof(pvlan), &pvlan))
+			goto nla_put_failure;
+	}
+
+	if (entskb->mac_header < entskb->network_header) {
+		int len = (int)(entskb->network_header - entskb->mac_header);
+
+		if (nla_put(skb, NFQA_L2HDR, len, skb_mac_header(entskb)))
+			goto nla_put_failure;
+	}
+
+	return 0;
+
+nla_put_failure:
+	return -1;
+}
+
 static struct sk_buff *
 nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 			   struct nf_queue_entry *entry,
@@ -334,6 +382,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 	if (entskb->tstamp.tv64)
 		size += nla_total_size(sizeof(struct nfqnl_msg_packet_timestamp));
 
+	size += nfqnl_get_bridge_nla_len(entry);
+
 	if (entry->state.hook <= NF_INET_FORWARD ||
 	   (entry->state.hook == NF_INET_POST_ROUTING && entskb->sk == NULL))
 		csum_verify = !skb_csum_unnecessary(entskb);
@@ -499,6 +549,9 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue,
 		}
 	}
 
+	if (nfqnl_put_bridge_nla(entry, skb))
+		goto nla_put_failure;
+
 	if (entskb->tstamp.tv64) {
 		struct nfqnl_msg_packet_timestamp ts;
 		struct timespec64 kts = ktime_to_timespec64(skb->tstamp);