3 |
* |
* |
4 |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
* Copyright (C) 2005-2009 NTT DATA CORPORATION |
5 |
* |
* |
6 |
* Version: 1.7.0-pre 2009/08/24 |
* Version: 1.7.1-pre 2009/10/16 |
7 |
* |
* |
8 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
9 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
169 |
const u32 ip = ntohl(*address); |
const u32 ip = ntohl(*address); |
170 |
int error; |
int error; |
171 |
char buf[64]; |
char buf[64]; |
|
ccs_assert_read_lock(); |
|
172 |
if (ccs_init_request_info(&r, NULL, |
if (ccs_init_request_info(&r, NULL, |
173 |
CCS_MAC_NETWORK_UDP_BIND + operation) |
CCS_MAC_NETWORK_UDP_BIND + operation) |
174 |
== CCS_MAC_MODE_DISABLED) |
== CCS_CONFIG_DISABLED) |
175 |
return 0; |
return 0; |
176 |
memset(buf, 0, sizeof(buf)); |
memset(buf, 0, sizeof(buf)); |
177 |
if (is_ipv6) |
if (is_ipv6) |
225 |
error = ccs_supervisor(&r, CCS_KEYWORD_ALLOW_NETWORK |
error = ccs_supervisor(&r, CCS_KEYWORD_ALLOW_NETWORK |
226 |
"%s %s %u\n", keyword, buf, port); |
"%s %s %u\n", keyword, buf, port); |
227 |
} while (error == 1); |
} while (error == 1); |
228 |
if (r.mode != CCS_MAC_MODE_ENFORCING) |
if (r.mode != CCS_CONFIG_ENFORCING) |
229 |
error = 0; |
error = 0; |
230 |
return error; |
return error; |
231 |
} |
} |
244 |
const u32 *address, const u16 port) |
const u32 *address, const u16 port) |
245 |
{ |
{ |
246 |
const int idx = ccs_read_lock(); |
const int idx = ccs_read_lock(); |
247 |
const int error = ccs_network_entry2(is_ipv6, operation, |
const int error = ccs_network_entry2(is_ipv6, operation, address, |
248 |
address, port); |
port); |
249 |
ccs_read_unlock(idx); |
ccs_read_unlock(idx); |
250 |
return error; |
return error; |
251 |
} |
} |
394 |
* |
* |
395 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
396 |
*/ |
*/ |
397 |
static inline int ccs_network_listen_acl(const bool is_ipv6, |
static inline int ccs_network_listen_acl(const bool is_ipv6, const u8 *address, |
|
const u8 *address, |
|
398 |
const u16 port) |
const u16 port) |
399 |
{ |
{ |
400 |
return ccs_network_entry(is_ipv6, CCS_NETWORK_TCP_LISTEN, |
return ccs_network_entry(is_ipv6, CCS_NETWORK_TCP_LISTEN, |
413 |
*/ |
*/ |
414 |
static inline int ccs_network_connect_acl(const bool is_ipv6, |
static inline int ccs_network_connect_acl(const bool is_ipv6, |
415 |
const int sock_type, |
const int sock_type, |
416 |
const u8 *address, |
const u8 *address, const u16 port) |
|
const u16 port) |
|
417 |
{ |
{ |
418 |
u8 operation; |
u8 operation; |
419 |
switch (sock_type) { |
switch (sock_type) { |
467 |
* |
* |
468 |
* Returns 0 on success, negative value otherwise. |
* Returns 0 on success, negative value otherwise. |
469 |
*/ |
*/ |
470 |
static inline int ccs_network_accept_acl(const bool is_ipv6, |
static inline int ccs_network_accept_acl(const bool is_ipv6, const u8 *address, |
|
const u8 *address, |
|
471 |
const u16 port) |
const u16 port) |
472 |
{ |
{ |
473 |
int retval; |
int retval; |
490 |
*/ |
*/ |
491 |
static inline int ccs_network_sendmsg_acl(const bool is_ipv6, |
static inline int ccs_network_sendmsg_acl(const bool is_ipv6, |
492 |
const int sock_type, |
const int sock_type, |
493 |
const u8 *address, |
const u8 *address, const u16 port) |
|
const u16 port) |
|
494 |
{ |
{ |
495 |
u8 operation; |
u8 operation; |
496 |
if (sock_type == SOCK_DGRAM) |
if (sock_type == SOCK_DGRAM) |
513 |
*/ |
*/ |
514 |
static inline int ccs_network_recvmsg_acl(const bool is_ipv6, |
static inline int ccs_network_recvmsg_acl(const bool is_ipv6, |
515 |
const int sock_type, |
const int sock_type, |
516 |
const u8 *address, |
const u8 *address, const u16 port) |
|
const u16 port) |
|
517 |
{ |
{ |
518 |
int retval; |
int retval; |
519 |
const u8 operation |
const u8 operation |
748 |
} |
} |
749 |
|
|
750 |
/* Check permission for sending a datagram via a UDP or RAW socket. */ |
/* Check permission for sending a datagram via a UDP or RAW socket. */ |
751 |
int ccs_socket_sendmsg_permission(struct socket *sock, struct sockaddr *addr, |
int ccs_socket_sendmsg_permission(struct socket *sock, struct msghdr *msg, |
752 |
int addr_len) |
int size) |
753 |
{ |
{ |
754 |
|
struct sockaddr *addr = (struct sockaddr *) msg->msg_name; |
755 |
|
const int addr_len = msg->msg_namelen; |
756 |
int error = 0; |
int error = 0; |
757 |
const int type = sock->type; |
const int type = sock->type; |
758 |
/* Nothing to do if I am a kernel service. */ |
/* Nothing to do if I am a kernel service. */ |
785 |
else |
else |
786 |
port = htons(sock->sk->sk_protocol); |
port = htons(sock->sk->sk_protocol); |
787 |
error = ccs_network_sendmsg_acl(false, type, |
error = ccs_network_sendmsg_acl(false, type, |
788 |
(u8 *) &addr4->sin_addr, |
(u8 *) &addr4->sin_addr, port); |
|
port); |
|
789 |
break; |
break; |
790 |
} |
} |
791 |
return error; |
return error; |
793 |
|
|
794 |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 22) |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 22) |
795 |
#if !defined(RHEL_MAJOR) || RHEL_MAJOR != 5 |
#if !defined(RHEL_MAJOR) || RHEL_MAJOR != 5 |
796 |
|
#if !defined(AX_MAJOR) || AX_MAJOR != 3 || !defined(AX_MINOR) || AX_MINOR < 2 |
797 |
|
|
798 |
static inline struct iphdr *ip_hdr(const struct sk_buff *skb) |
static inline struct iphdr *ip_hdr(const struct sk_buff *skb) |
799 |
{ |
{ |
812 |
|
|
813 |
#endif |
#endif |
814 |
#endif |
#endif |
815 |
|
#endif |
816 |
|
|
817 |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 12) |
#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 12) |
818 |
static void skb_kill_datagram(struct sock *sk, struct sk_buff *skb, |
static void skb_kill_datagram(struct sock *sk, struct sk_buff *skb, |