From patchwork Sat Sep 22 02:10:50 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: John Stultz <john.stultz@linaro.org>
X-Patchwork-Id: 11629
Return-Path: <patch+caf_=linaro-patchwork=canonical.com@linaro.org>
X-Original-To: patchwork@peony.canonical.com
Delivered-To: patchwork@peony.canonical.com
Received: from fiordland.canonical.com (fiordland.canonical.com
 [91.189.94.145])
 by peony.canonical.com (Postfix) with ESMTP id 5680523EFC
 for <patchwork@peony.canonical.com>;
 Sat, 22 Sep 2012 02:11:11 +0000 (UTC)
Received: from mail-ie0-f180.google.com (mail-ie0-f180.google.com
 [209.85.223.180])
 by fiordland.canonical.com (Postfix) with ESMTP id F2E68A182E4
 for <linaro-patchwork@canonical.com>;
 Sat, 22 Sep 2012 02:11:10 +0000 (UTC)
Received: by mail-ie0-f180.google.com with SMTP id e10so6323403iej.11
 for <linaro-patchwork@canonical.com>;
 Fri, 21 Sep 2012 19:11:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=x-forwarded-to:x-forwarded-for:delivered-to:received-spf:from:to:cc
 :subject:date:message-id:x-mailer:in-reply-to:references
 :x-content-scanned:x-cbid:x-gm-message-state;
 bh=cRpfA0wwIGa8UTm6F5uWz8uk5u/Scdmp8qDX6VgX/1Y=;
 b=ioPSddZZKQlBpRtCdFLgsRieK09QtM8bdmvD/EVyJSWMoryYbp/U6jK2E+y51vPivf
 QZ/sL7lNZzXe2xpR8czj+ifL0QYj44ai1uUZY04F8AIpgVbTQf2JhkISsrxJlmWcxE7V
 E4YLS1L8oBDxDjsGLE2q97ssNaIUUsX8AnA0ID3fVQUJsUWdXsrNwX/HKkIpiQa0BJmt
 WYSBF4V5VNBACFbnSZnD0bOoLQadXGXWoa8udRwhvRfVmjPkACXUdRBmNFhFbVWQB9Ev
 Jh+MoPId59VURLxaawqtsx9UjF+iqB7gAWSJ2rYtdFs523U53QOwSMDNDtN1BhcSw+Zr
 w9OQ==
Received: by 10.50.7.212 with SMTP id l20mr120296iga.43.1348279870549;
 Fri, 21 Sep 2012 19:11:10 -0700 (PDT)
X-Forwarded-To: linaro-patchwork@canonical.com
X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com
Delivered-To: patches@linaro.org
Received: by 10.50.184.232 with SMTP id ex8csp157904igc;
 Fri, 21 Sep 2012 19:11:10 -0700 (PDT)
Received: by 10.60.13.37 with SMTP id e5mr5174370oec.98.1348279870019;
 Fri, 21 Sep 2012 19:11:10 -0700 (PDT)
Received: from e32.co.us.ibm.com (e32.co.us.ibm.com. [32.97.110.150])
 by mx.google.com with ESMTPS id g3si9202944obb.48.2012.09.21.19.11.09
 (version=TLSv1/SSLv3 cipher=OTHER);
 Fri, 21 Sep 2012 19:11:09 -0700 (PDT)
Received-SPF: neutral (google.com: 32.97.110.150 is neither permitted nor
 denied by best guess record for domain of
 john.stultz@linaro.org) client-ip=32.97.110.150; 
Authentication-Results: mx.google.com;
 spf=neutral (google.com: 32.97.110.150 is neither
 permitted nor denied by best guess record for domain of
 john.stultz@linaro.org) smtp.mail=john.stultz@linaro.org
Received: from /spool/local
 by e32.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
 Only! Violators will be prosecuted
 for <patches@linaro.org> from <john.stultz@linaro.org>;
 Fri, 21 Sep 2012 20:11:09 -0600
Received: from d03dlp01.boulder.ibm.com (9.17.202.177)
 by e32.co.us.ibm.com (192.168.1.132) with IBM ESMTP SMTP Gateway:
 Authorized Use Only! Violators will be prosecuted; 
 Fri, 21 Sep 2012 20:11:06 -0600
Received: from d03relay05.boulder.ibm.com (d03relay05.boulder.ibm.com
 [9.17.195.107])
 by d03dlp01.boulder.ibm.com (Postfix) with ESMTP id ADD461FF0039;
 Fri, 21 Sep 2012 20:11:02 -0600 (MDT)
Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170])
 by d03relay05.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
 q8M2B6Tj229264; Fri, 21 Sep 2012 20:11:06 -0600
Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1])
 by d03av04.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP
 id q8M2B5Zm001436; Fri, 21 Sep 2012 20:11:06 -0600
Received: from kernel-pok.stglabs.ibm.com (kernel.stglabs.ibm.com
 [9.114.214.19])
 by d03av04.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP
 id q8M2B1P8001183; Fri, 21 Sep 2012 20:11:05 -0600
From: John Stultz <john.stultz@linaro.org>
To: LKML <linux-kernel@vger.kernel.org>
Cc: JP Abgrall <jpa@google.com>, netdev@vger.kernel.org,
 Ashish Sharma <ashishsharma@google.com>,
 Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>,
 John Stultz <john.stultz@linaro.org>
Subject: [PATCH 4/7][RFC] netfilter: xt_qtaguid: fix ipv6 protocol lookup
Date: Fri, 21 Sep 2012 22:10:50 -0400
Message-Id: <1348279853-44499-5-git-send-email-john.stultz@linaro.org>
X-Mailer: git-send-email 1.7.9.5
In-Reply-To: <1348279853-44499-1-git-send-email-john.stultz@linaro.org>
References: <1348279853-44499-1-git-send-email-john.stultz@linaro.org>
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 12092202-5406-0000-0000-0000007DA3FE
X-Gm-Message-State: ALoCoQktsdIEBwFXMrl/SS4cD0UsZtFaWdLjiJh9XuqP3LumiE3oTQqy/8QWHiInt7kSgUWrZY1P

From: JP Abgrall <jpa@google.com>

When updating the stats for a given uid it would incorrectly assume
IPV4 and pick up the wrong protocol when IPV6.

Cc: netdev@vger.kernel.org
Cc: JP Abgrall <jpa@google.com>
Cc: Ashish Sharma <ashishsharma@google.com>
Cc: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>
Signed-off-by: JP Abgrall <jpa@google.com>
[Small compile fix for ipv6_find_hdr() -jstultz]
Signed-off-by: John Stultz <john.stultz@linaro.org>
---
 net/netfilter/xt_qtaguid.c |   39 ++++++++++++++++++++++++++++++++-------
 1 file changed, 32 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c
index 214a990..47dfb9e 100644
--- a/net/netfilter/xt_qtaguid.c
+++ b/net/netfilter/xt_qtaguid.c
@@ -26,6 +26,10 @@
 #include <net/tcp.h>
 #include <net/udp.h>
 
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#endif
+
 #include <linux/netfilter/xt_socket.h>
 #include "xt_qtaguid_internal.h"
 #include "xt_qtaguid_print.h"
@@ -1536,6 +1540,27 @@ static struct sock *qtaguid_find_sk(const struct sk_buff *skb,
 	return sk;
 }
 
+static int ipx_proto(const struct sk_buff *skb,
+		     struct xt_action_param *par)
+{
+	int thoff, tproto;
+
+	switch (par->family) {
+	case NFPROTO_IPV6:
+		tproto = ipv6_find_hdr(skb, &thoff, -1, NULL, NULL);
+		if (tproto < 0)
+			MT_DEBUG("%s(): transport header not found in ipv6"
+				 " skb=%p\n", __func__, skb);
+		break;
+	case NFPROTO_IPV4:
+		tproto = ip_hdr(skb)->protocol;
+		break;
+	default:
+		tproto = IPPROTO_RAW;
+	}
+	return tproto;
+}
+
 static void account_for_uid(const struct sk_buff *skb,
 			    const struct sock *alternate_sk, uid_t uid,
 			    struct xt_action_param *par)
@@ -1562,15 +1587,15 @@ static void account_for_uid(const struct sk_buff *skb,
 	} else if (unlikely(!el_dev->name)) {
 		pr_info("qtaguid[%d]: no dev->name?!!\n", par->hooknum);
 	} else {
-		MT_DEBUG("qtaguid[%d]: dev name=%s type=%d\n",
-			 par->hooknum,
-			 el_dev->name,
-			 el_dev->type);
+		int proto = ipx_proto(skb, par);
+		MT_DEBUG("qtaguid[%d]: dev name=%s type=%d fam=%d proto=%d\n",
+			 par->hooknum, el_dev->name, el_dev->type,
+			 par->family, proto);
 
 		if_tag_stat_update(el_dev->name, uid,
 				skb->sk ? skb->sk : alternate_sk,
 				par->in ? IFS_RX : IFS_TX,
-				ip_hdr(skb)->protocol, skb->len);
+				proto, skb->len);
 	}
 }
 
@@ -1615,8 +1640,8 @@ static bool qtaguid_mt(const struct sk_buff *skb, struct xt_action_param *par)
 	} else {
 		atomic64_inc(&qtu_events.match_found_sk);
 	}
-	MT_DEBUG("qtaguid[%d]: sk=%p got_sock=%d proto=%d\n",
-		par->hooknum, sk, got_sock, ip_hdr(skb)->protocol);
+	MT_DEBUG("qtaguid[%d]: sk=%p got_sock=%d fam=%d proto=%d\n",
+		 par->hooknum, sk, got_sock, par->family, ipx_proto(skb, par));
 	if (sk != NULL) {
 		MT_DEBUG("qtaguid[%d]: sk=%p->sk_socket=%p->file=%p\n",
 			par->hooknum, sk, sk->sk_socket,