1
diff -rNuad linux-2.6.29/include/linux/netdevice.h linux-2.6.29-ghost/include/linux/netdevice.h
2
--- linux-2.6.29/include/linux/netdevice.h 2009-03-23 23:12:14.000000000 +0000
3
+++ linux-2.6.29-ghost/include/linux/netdevice.h 2009-11-26 22:38:27.000000000 +0000
5
* Alan Cox, <alan@lxorguk.ukuu.org.uk>
6
* Bjorn Ekwall. <bj0rn@blox.se>
7
* Pekka Riikonen <priikone@poseidon.pspt.fi>
8
+ * Luca Saiu <positron@gnu.org> (trivial changes for
9
+ * ghostification support)
11
* This program is free software; you can redistribute it and/or
12
* modify it under the terms of the GNU General Public License
13
@@ -1896,4 +1898,12 @@
14
extern struct pernet_operations __net_initdata loopback_net_ops;
15
#endif /* __KERNEL__ */
18
+ * (ghost support) Just check whether the given name
19
+ * belongs to the ghost interface
21
+#ifdef CONFIG_GHOSTIFICATION
22
+int is_a_ghost_interface_name(const char *interface_name);
23
+#endif /* CONFIG_GHOSTIFICATION */
25
#endif /* _LINUX_DEV_H */
26
diff -rNuad linux-2.6.29/include/linux/sockios.h linux-2.6.29-ghost/include/linux/sockios.h
27
--- linux-2.6.29/include/linux/sockios.h 2009-03-23 23:12:14.000000000 +0000
28
+++ linux-2.6.29-ghost/include/linux/sockios.h 2009-11-26 22:38:27.000000000 +0000
32
* Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
33
+ * Luca Saiu <positron@gnu.org> (trivial changes for
34
+ * ghostification support)
36
* This program is free software; you can redistribute it and/or
37
* modify it under the terms of the GNU General Public License
40
#define SIOCWANDEV 0x894A /* get/set netdev parameters */
42
+/* (ghost support) ghostification's ioctl */
43
+#ifdef CONFIG_GHOSTIFICATION
44
+#define SIOKLOG 0x894D /* Write a string to the log */
45
+#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */
46
+#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */
47
+#endif /* CONFIG_GHOSTIFICATION */
49
/* ARP cache control calls. */
50
/* 0x8950 - 0x8952 * obsolete calls, don't re-use */
51
#define SIOCDARP 0x8953 /* delete ARP table entry */
52
diff -rNuad linux-2.6.29/include/net/ghostdebug.h linux-2.6.29-ghost/include/net/ghostdebug.h
53
--- linux-2.6.29/include/net/ghostdebug.h 1970-01-01 00:00:00.000000000 +0000
54
+++ linux-2.6.29-ghost/include/net/ghostdebug.h 2009-11-26 22:38:27.000000000 +0000
58
+ * Some trivials macros for display messages, trace ghost ops,
59
+ * debug and devel the ghostification kernel patch.
61
+ * Authors: Roudiere Jonathan, <roudiere@lipn.univ-paris13.fr>
63
+ * This program is free software; you can redistribute it and/or
64
+ * modify it under the terms of the GNU General Public License
65
+ * as published by the Free Software Foundation; either version
66
+ * 2 of the License, or (at your option) any later version.
69
+#ifndef __GHOSTDEBUG__
70
+#define __GHOSTDEBUG__
72
+#ifdef CONFIG_GHOSTIFICATION
75
+ * Ghost macros: there are three type of macros for three kind of
76
+ * information level :
78
+ * - the first one is ghost_ptk, that is a simple printk with the
79
+ * KERN_INFO log level, it is the standard type of display used
80
+ * by the ghostification kernel code to allow user to monitor
81
+ * ghost operations, if GHOSTIFICATION_PRINTK is not defined then
82
+ * user will not any information about the ghostified interfaces
83
+ * and the ghost engine (almost any infos ;-)),
85
+ * - ghost_debug and ghost_debugmsg are respectively used to show a
86
+ * calling card in a part of the code (function, files) and to show
87
+ * in plus informations additional (variable, etc ..), these two macros
88
+ * display messages with the level KERNEL_DEBUG,
90
+ * - ghost_devel and ghost_develmsg are very similar (redundant)
91
+ * in both previous ones, they are mainly used for the development
92
+ * of the patch to follow the stream of execution, activate
93
+ * GHOSTIFICATION_DEVEL has interest only for developers.
98
+ * Macro usable to debug during normal usage of the kernel.
100
+#ifdef CONFIG_GHOSTIFICATION_DEBUG
101
+#define ghost_debug \
102
+ printk(KERN_DEBUG \
103
+ "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \
104
+ __FILE__, __FUNCTION__, __LINE__)
105
+#define ghost_debugmsg(msg,args...) \
106
+ printk(KERN_DEBUG \
107
+ "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \
108
+ __FILE__, __FUNCTION__, __LINE__, ##args)
111
+#define ghost_debugmsg(msg,args...)
115
+ * A little bit redundant with the macro ghost_debug/debugmsg
116
+ * but allows a difference in the use, they are not used for the
117
+ * debugging, but to verify roads borrowed during the development.
118
+ * (note: certainly remove at next release of the patch)
120
+#ifdef CONFIG_GHOSTIFICATION_DEVEL
121
+#define ghost_devel \
122
+ printk(KERN_DEBUG \
123
+ "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \
124
+ __FILE__, __FUNCTION__, __LINE__)
125
+#define ghost_develmsg(msg,args...) \
126
+ printk(KERN_DEBUG \
127
+ "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \
128
+ __FILE__, __FUNCTION__, __LINE__, ##args)
131
+#define ghost_develmsg(msg,args...)
135
+ * Macro to display all message from chunk of code which has
136
+ * ghostification in charge (use macro to add debug level later).
138
+#ifdef CONFIG_GHOSTIFICATION_PRINTK
139
+#define ghost_ptk(msg,args...) \
140
+ printk(KERN_DEBUG \
141
+ "(ghost) " msg "\n", ##args)
143
+#define ghost_ptk(msg,args...)
146
+#endif /* CONFIG_GHOSTIFICATION */
148
+#endif /* __GHOSTDEBUG__ */
149
diff -rNuad linux-2.6.29/kernel/softirq.c linux-2.6.29-ghost/kernel/softirq.c
150
--- linux-2.6.29/kernel/softirq.c 2009-03-23 23:12:14.000000000 +0000
151
+++ linux-2.6.29-ghost/kernel/softirq.c 2009-11-26 22:38:27.000000000 +0000
154
void _local_bh_enable(void)
156
+/* (ghost support) we don't want disturbe user's console */
157
+#ifndef CONFIG_GHOSTIFICATION
158
WARN_ON_ONCE(in_irq());
159
WARN_ON_ONCE(!irqs_disabled());
162
if (softirq_count() == SOFTIRQ_OFFSET)
163
trace_softirqs_on((unsigned long)__builtin_return_address(0));
166
static inline void _local_bh_enable_ip(unsigned long ip)
168
+/* (ghost support) we don't want disturbe user's console */
169
+#ifndef CONFIG_GHOSTIFICATION
170
WARN_ON_ONCE(in_irq() || irqs_disabled());
172
#ifdef CONFIG_TRACE_IRQFLAGS
175
diff -rNuad linux-2.6.29/net/Kconfig linux-2.6.29-ghost/net/Kconfig
176
--- linux-2.6.29/net/Kconfig 2009-03-23 23:12:14.000000000 +0000
177
+++ linux-2.6.29-ghost/net/Kconfig 2009-11-26 22:38:27.000000000 +0000
178
@@ -167,6 +167,105 @@
179
source "net/decnet/netfilter/Kconfig"
180
source "net/bridge/netfilter/Kconfig"
182
+config GHOSTIFICATION_NETFILTER
183
+ bool "Ghostification support to netfilter"
184
+ depends on GHOSTIFICATION && NETFILTER_ADVANCED
187
+ Ghostification support to Netfilter. Allow to bypass all
188
+ Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and
189
+ PREROUTING (when available)) and that for all layer or protocol:
190
+ ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol
192
+ If you choose to activate the Ghostification of Netfilter then
193
+ all the network packets which come from, or go to an ghostified
194
+ interface will not get through the hooks of Netfilter; so rules
195
+ which have been created with Iptables, Ip6tables, Arptables or
196
+ Ebtables will have no effect on these packets.
197
+ Note: This option allows you to have access to the options of
198
+ configuration of the Ghostification of Netfilter but it activates
199
+ no section of code; you will thus need to select one or some
200
+ among those this below.
202
+config GHOSTIFICATION_NETFILTER_ALL
203
+ bool "Ghostification support to netfilter, skip all hooks"
204
+ depends on GHOSTIFICATION_NETFILTER
207
+ Netfiter Ghostification support for all protocols/layers.
208
+ If you activate this option then all network packets which
209
+ come from, or go to a ghostified interface will bypass
210
+ Netfilter's hooks; thus any actions or rules which have been
211
+ created through Iptables, Ip6tables, Arptables or Ebtables
212
+ will not have any effect on this packets.
214
+config GHOSTIFICATION_NETFILTER_ARP
215
+ bool "Ghostification support to netfilter, skip ARP hooks"
216
+ depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES
217
+ depends on !GHOSTIFICATION_NETFILTER_ALL
219
+ Netfiter ghostification support for the ARP protocol/layer.
220
+ If you activate this option then all network packets which
221
+ come from, or go to a ghostified interface will bypass Arp
222
+ hooks of Netfilter; thus the rules which have been created
223
+ with the Arptables tool will not have any effect on them.
224
+ If you activate Netfilter Ghostification for this protocol/layer
225
+ then you will lose the capability that network packets bypass
226
+ Decnet's hooks of Netfilter.
227
+ If you are unsure how to answer this question when you have
228
+ decided to use ghostification then answer N and use instead
229
+ GHOSTIFICATION_NETFILTER_ALL above.
231
+config GHOSTIFICATION_NETFILTER_BRIDGE
232
+ bool "Ghostification support to netfilter, skip Bridge hooks"
233
+ depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES
234
+ depends on !GHOSTIFICATION_NETFILTER_ALL
236
+ Netfiter ghostification support for the Bridge protocol/layer.
237
+ If you activate this option then all network packets which
238
+ come from, or go to a ghostified interface will bypass Bridge
239
+ hooks of Netfilter; thus the rules which have been created
240
+ with the Ebtables tool will not have any effect on them.
241
+ If you activate Netfilter Ghostification for this protocol/layer
242
+ then you will lose the capability that network packets bypass
243
+ Decnet's hooks of Netfilter.
244
+ If you are unsure how to answer this question when you have
245
+ decided to use ghostification then answer N and use instead
246
+ GHOSTIFICATION_NETFILTER_ALL above.
248
+config GHOSTIFICATION_NETFILTER_IPV4
249
+ bool "Ghostification support to netfilter, skip IPv4 hooks"
250
+ depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL
252
+ Netfiter ghostification support for the IPv4 protocol/layer.
253
+ If you activate this option then all network packets which
254
+ come from, or go to a ghostified interface will bypass IPv4
255
+ hooks of Netfilter; thus the rules which have been created
256
+ with the Iptables tool will not have any effect on them.
257
+ If you activate Netfilter Ghostification for this protocol/layer
258
+ then you will lose the capability that network packets bypass
259
+ Decnet's hooks of Netfilter.
260
+ If you are unsure how to answer this question when you have
261
+ decided to use ghostification then answer N and use instead
262
+ GHOSTIFICATION_NETFILTER_ALL above.
264
+config GHOSTIFICATION_NETFILTER_IPV6
265
+ bool "Ghostification support to netfilter, skip IPv6 hooks"
266
+ depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES
267
+ depends on !GHOSTIFICATION_NETFILTER_ALL
269
+ Netfiter ghostification support for the IPv6 protocol/layer.
270
+ If you activate this option then all network packets which
271
+ come from, or go to a ghostified interface will bypass IPv6
272
+ hooks of Netfilter; thus the rules which have been created
273
+ with the Ip6tables tool will not have any effect on them.
274
+ If you activate Netfilter Ghostification for this protocol/layer
275
+ then you will lose the capability that network packets bypass
276
+ Decnet's hooks of Netfilter.
277
+ If you are unsure how to answer this question when you have
278
+ decided to use ghostification then answer N and use instead
279
+ GHOSTIFICATION_NETFILTER_ALL above.
283
source "net/dccp/Kconfig"
285
source "net/rfkill/Kconfig"
286
source "net/9p/Kconfig"
288
+config GHOSTIFICATION
289
+ bool "Ghostification support"
293
+ Ghostification support allow you to hide network interfaces
294
+ on your system. Ghostify and Unghostify are the actions which
295
+ make dynamically invisible and visible a network interface/cards
296
+ (eth0, lo, tun, ...) for the userspace.
297
+ When a network interface is ghostified, users of your system
298
+ can not see it with userspace tools like ifconfig, route, iproute,
299
+ netstat and/or have statistics about it. However even if a network
300
+ interface is ghostified it is always possible to open a socket
301
+ using the Ip address of this interface, ping this interface or
302
+ any host connected to the same network remains possible; has the
303
+ opposite, it is not possible to sniff packets on a ghostified
304
+ interface with userspace tools like tcpdump, wireshark, ...
305
+ Informations about a ghostified interface are hidden under /proc
306
+ but they can be find under /sys, it is a limit of the ghostification
308
+ For more informations about Ghostification patch and engine see
309
+ the README of the tarball that you have used or go to website of
310
+ the Marionnet project at <http://www.marionnet.org>.
313
+config GHOSTIFICATION_NUM
314
+ int "Ghostification support : max number of possible ghostified interface"
315
+ depends on GHOSTIFICATION
319
+ Here you can choose the number of network interfaces that
320
+ you will be allowed to ghostify. This number must be between
323
+config GHOSTIFICATION_MESG
324
+ bool "Ghostification messages, display, debug and devel"
325
+ depends on GHOSTIFICATION
328
+ Ghostification messages configuration. This option allow
329
+ you to have acces to the options which configure and control
330
+ the type of messages that you want the ghostification engine
331
+ diplay (visible through syslogd).
332
+ There are three options which make more or less verbose the
333
+ ghostification engine. You can choose to not select any
334
+ options below if you want to try to hide the ghostification
335
+ operations for the users of your system.
336
+ Note: This option allows you to have access to the options
337
+ which control the number of messages and the verbosity of
338
+ the Ghostification engine but it activates no section of
339
+ code; you will thus need to select one or some among those
342
+config GHOSTIFICATION_PRINTK
343
+ bool "Ghostification, messages to monitor ghost operations"
344
+ depends on GHOSTIFICATION_MESG
347
+ This option allow you to activate normal messsages from the
348
+ ghostification engine, those messages are display through a
349
+ simple printk (visible through syslogd), this messages allow
350
+ to have informations about the ghost operations (like "the
351
+ interface ethX has been ghostified", "unghostified", "is already
352
+ ghostified", etc ...). If you really wish to hide ghostified
353
+ interfaces and ghost operations for the users of your system
354
+ don't select this option.
356
+config GHOSTIFICATION_DEBUG
357
+ bool "Ghostification, debugging messages to monitor ghost operations"
358
+ depends on GHOSTIFICATION_MESG
360
+ This option increase the verbosity of the ghostification engine,
361
+ allow to get more informations in order to debug the ghost ops.
362
+ This option is in general used to verify the result of a test or
363
+ to display the datas (interface name, pid of a calling process, ...)
364
+ which are treated by the ghost engine.
366
+config GHOSTIFICATION_DEVEL
367
+ bool "Ghostification, helping messages to trace ghost operations (devel)"
368
+ depends on GHOSTIFICATION_MESG
370
+ This option give more informations that the option above, it is use
371
+ by developer of the ghostification patch in order to control some
372
+ paths used in the kernel code and the datas which are manipulated.
373
+ This option is a little redundant with the debug option but allow
374
+ to have a better granularity, maybe it will be remove for the next
375
+ release of the ghostification patch.
378
diff -rNuad linux-2.6.29/net/core/dev.c linux-2.6.29-ghost/net/core/dev.c
379
--- linux-2.6.29/net/core/dev.c 2009-03-23 23:12:14.000000000 +0000
380
+++ linux-2.6.29-ghost/net/core/dev.c 2009-11-26 22:38:27.000000000 +0000
382
* Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
383
* Adam Sulmicki <adam@cfar.umd.edu>
384
* Pekka Riikonen <priikone@poesidon.pspt.fi>
385
+ * Luca Saiu <positron@gnu.org> (ghostification support)
388
* D.J. Barrow : Fixed bug where dev->refcnt gets set
390
* indefinitely on dev->refcnt
391
* J Hadi Salim : - Backlog queue sampling
392
* - netif_rx() feedback
393
+ * Roudiere Jonathan : make some buxfix in ghostification engine
394
+ * verify CAP_NET_ADMIN before (un)ghost iface
397
#include <asm/uaccess.h>
398
@@ -136,6 +139,230 @@
399
#define GRO_MAX_HEAD (MAX_HEADER + 128)
402
+ * (ghost support) Chunk of code which has in charge
403
+ * the ghostification of network interfaces.
405
+#ifdef CONFIG_GHOSTIFICATION
406
+#include <net/ghostdebug.h>
408
+/* The maximum number of ghost interfaces allowed at any given time: */
409
+#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM
412
+ * A crude unsorted array of unique names, where "" stands for an
413
+ * empty slot. Elements are so few that an hash table would be overkill,
414
+ * and possibly also less efficient than this solution:
416
+static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ];
418
+/* A lock protecting the ghost interfaces' support structure: */
419
+/* static DEFINE_SPINLOCK(ghostification_spin_lock); */
420
+static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED;
422
+/* Lock disabling local interrupts and saving flags. This is for
423
+ readers/writers, which should be prevented from interfering with
424
+ other readers/writers and with readers: */
425
+#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \
426
+ unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags)
428
+/* Unlock re-enabling interrupts and restoring flags. This is for
429
+ readers/writers, which should be prevented from interfering with
430
+ other readers/writers and with readers: */
431
+#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \
432
+ write_unlock_irqrestore(&ghostification_spin_lock, flags)
434
+/* Lock disabling local interrupts and saving flags. This is for
435
+ readers, which are allowed to execute concurrently: */
436
+#define LOCK_GHOSTIFICATION_FOR_READING \
437
+ unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags)
439
+/* Lock re-enabling interrupts and restoring flags. This is for
440
+ readers, which are allowed to execute concurrently: */
441
+#define UNLOCK_GHOSTIFICATION_FOR_READING \
442
+ read_unlock_irqrestore(&ghostification_spin_lock, flags)
445
+/* Defined in net/ipv6/addrconf.c: */
446
+int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name);
447
+int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name);
448
+#endif /* CONFIG_IPV6 */
450
+/* Return the index of the given element (which may be "") within
451
+ ghost_interface_names, or -1 on failure. Note that this must be
452
+ executed in a critical section: */
453
+static int __lookup_ghost_interface_names(const char *interface_name)
456
+ for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++)
457
+ if(!strcmp(interface_name, ghost_interface_names[i]))
458
+ return i; /* we found the given name in the i-th element */
459
+ return -1; /* we didn't find the given name in the array */
462
+/* This is useful for debugging. It must be called in a critical section. */
463
+static void __dump_ghost_interfaces(void)
466
+ int number_of_ghost_interfaces = 0;
468
+ ghost_ptk("Ghost interfaces are now: ");
469
+ for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++)
470
+ if(strcmp(ghost_interface_names[i], "")) {
471
+ number_of_ghost_interfaces++;
472
+ ghost_ptk("%i. %s", number_of_ghost_interfaces,
473
+ ghost_interface_names[i]);
476
+ ghost_ptk("There are now %i ghost interfaces. "
477
+ "A maximum of %i can exist at any given time.",
478
+ number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO);
481
+/* Just check whether the given name belongs to a ghost interface.
482
+ This must be called in a critical section: */
483
+int __is_a_ghost_interface_name(const char *interface_name)
485
+ /* Particular case: "" is *not* a ghost interface name, even
486
+ if it's in the ghost interfaces array (we use it just to mark
488
+ if(interface_name[0] == '\0')
490
+ /* Just check whether interface_name is an element of the array: */
491
+ return __lookup_ghost_interface_names(interface_name) >= 0;
494
+/* Just check whether the given name belongs to a ghost interface: */
495
+int is_a_ghost_interface_name(const char *interface_name)
498
+ LOCK_GHOSTIFICATION_FOR_READING;
499
+ /* Just check whether interface_name is an element of the array: */
500
+ result = __is_a_ghost_interface_name(interface_name);
501
+ UNLOCK_GHOSTIFICATION_FOR_READING;
505
+/* Make the given interface ghost. Return 0 on success, nonzero on
506
+ failure. Failure occours when the interface is already ghost or
508
+static int ghostify_interface(char *interface_name)
510
+ int a_free_element_index;
511
+ const size_t name_length = strlen(interface_name);
512
+ LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
514
+ /* Let's avoid buffer overflows... This could possibly be exploited: */
515
+ if((name_length >= IFNAMSIZ) || (name_length == 0))
517
+ ghost_ptk("The user asked to ghostify the interface %s, "
518
+ "which has a name of length %i. Failing.",
519
+ interface_name, name_length);
520
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
524
+ /* Fail if the interface is already ghostified. In particular we
525
+ want *no* duplicates in the array. Note that we're already in
526
+ a critical section here, so there's no need for locking: */
527
+ if(__is_a_ghost_interface_name(interface_name))
529
+ ghost_ptk("Could not ghostify the interface %s, "
530
+ "because it\'s already ghost.", interface_name);
531
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
532
+ return -EEXIST; /* File exists, seems to be more appropriate */
533
+ /* return -EINVAL; */
536
+ /* Fail if the interface is not found. We don't want add a
537
+ no-existing interface in our array */
538
+ struct net_device *device;
539
+ device = dev_get_by_name(&init_net, interface_name);
540
+ if (device == NULL) {
541
+ ghost_ptk("Could not ghostify the interface %s which "
542
+ "doesn't exist. Try again.", interface_name);
543
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
547
+ /* Look for a free spot: */
548
+ a_free_element_index = __lookup_ghost_interface_names("");
549
+ if(a_free_element_index < 0)
551
+ ghost_ptk("Could not ghostify the interface %s, "
552
+ "because %i interfaces are already ghostified. Sorry.",
553
+ interface_name, MAX_GHOST_INTERFACES_NO);
554
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
558
+ /* Ok, we found a free spot; just copy the interface name: */
559
+ strcpy(ghost_interface_names[a_free_element_index], interface_name);
562
+ /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */
563
+ hide_proc_net_dev_snmp6_DEVICE_if_needed(
564
+ ghost_interface_names[a_free_element_index]);
565
+#endif /* CONFIG_IPV6 */
567
+ __dump_ghost_interfaces();
568
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
572
+/* Make the given interface, which should be ghost, non-ghost.
573
+ Return 0 on success, nonzero on failure. Failure occours when
574
+ the given interface is non-ghost or does not exist: */
575
+static int unghostify_interface(char *ghost_interface_name)
577
+ int the_interface_index;
578
+ struct net_device *device;
579
+ LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
581
+ /* Fail if the interface is not found. It is not necessary
582
+ to search in the array a no-existing interface and allow
583
+ to return a more appropriate error code to the userspace. */
584
+ device = dev_get_by_name(&init_net, ghost_interface_name);
585
+ if (device == NULL) {
586
+ ghost_ptk("Could not unghostify the interface %s "
587
+ "which doesn't exist. Try again.\n", ghost_interface_name);
588
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
592
+ /* Look for the given interface: */
593
+ the_interface_index =
594
+ __lookup_ghost_interface_names(ghost_interface_name);
595
+ if(the_interface_index < 0)
597
+ ghost_ptk("Could not unghostify the interface %s, \
598
+ because it's non-ghost or not existing.\n",
599
+ ghost_interface_name);
600
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
601
+ return -ESRCH; /* No such device or address, seems to be more appropriate */
602
+ /* return -EINVAL; */
605
+ /* Ok, we found the interface: just "remove" its name from the array: */
606
+ ghost_interface_names[the_interface_index][0] = '\0';
609
+ /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */
610
+ show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name);
611
+#endif /* CONFIG_IPV6 */
613
+ __dump_ghost_interfaces();
614
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
617
+EXPORT_SYMBOL(is_a_ghost_interface_name);
618
+#endif /* CONFIG_GHOSTIFICATION */
621
+ * (ghost support) End of ghostification support
626
* The list of packet types we will receive (as opposed to discard)
627
* and the routines to invoke.
633
+ /* (ghost support) There are no ghost interfaces by default */
634
+#ifdef CONFIG_GHOSTIFICATION
637
+ for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++)
638
+ ghost_interface_names[i][0] = '\0';
639
+#endif /* CONFIG_GHOSTIFICATION */
641
str = get_options(str, ARRAY_SIZE(ints), ints);
643
@@ -2851,11 +3085,20 @@
647
- * Loop over the interfaces, and write an info block for each.
648
+ * Loop over the interfaces, and write an info block for each,
649
+ * (ghost support) unless they are ghostified.
653
for_each_netdev(net, dev) {
654
+#ifdef CONFIG_GHOSTIFICATION
655
+ /* Don't tell the user about ghost interfaces: just skip them */
656
+ if(is_a_ghost_interface_name(dev->name)) {
657
+ ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF",
661
+#endif /* CONFIG_GHOSTIFICATION */
662
for (i = 0; i < NPROTO; i++) {
663
if (gifconf_list[i]) {
665
@@ -2924,6 +3167,10 @@
667
const struct net_device_stats *stats = dev_get_stats(dev);
669
+#ifdef CONFIG_GHOSTIFICATION
670
+ /* (ghost support) don't show anything in /proc if iface is ghostified */
671
+ if(! is_a_ghost_interface_name(dev->name))
672
+#endif /* CONFIG_GHOSTIFICATION */
673
seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu "
674
"%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n",
675
dev->name, stats->rx_bytes, stats->rx_packets,
676
@@ -3803,6 +4050,16 @@
680
+#ifdef CONFIG_GHOSTIFICATION
681
+ /* (ghost support) skip if it is a ghostified interface */
682
+ if(is_a_ghost_interface_name(dev->name)) {
683
+ ghost_ptk("The user is performing a SIOCxIFxxx ioctl() "
684
+ "on the ghost interface %s, Failing.", dev->name);
685
+ ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV");
688
+#endif /* CONFIG_GHOSTIFICATION */
691
case SIOCGIFFLAGS: /* Get interface flags */
692
ifr->ifr_flags = dev_get_flags(dev);
693
@@ -3873,6 +4130,17 @@
695
ops = dev->netdev_ops;
697
+#ifdef CONFIG_GHOSTIFICATION
698
+ /* (ghost support) skip if it is a ghostified interface */
699
+ if(is_a_ghost_interface_name(dev->name)) {
700
+ ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on "
701
+ "the ghost interface %s, Failing.", dev->name);
702
+ ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail "
706
+#endif /* CONFIG_GHOSTIFICATION */
709
case SIOCSIFFLAGS: /* Set interface flags */
710
return dev_change_flags(dev, ifr->ifr_flags);
711
@@ -4015,6 +4283,57 @@
715
+#ifdef CONFIG_GHOSTIFICATION
716
+ /* (ghost support) catch ghostification's ioctl */
719
+ if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1))
721
+ text[IFNAMSIZ] = '\0';
722
+ printk(KERN_DEBUG "%s\n", text);
725
+ /* (un)ghostification ops require superuser power */
726
+ case SIOCGIFGHOSTIFY: {
727
+ if (!capable(CAP_NET_ADMIN))
729
+ char interface_name[1000];
731
+ if(copy_from_user(interface_name,
732
+ (char __user *)arg, IFNAMSIZ + 1))
734
+ interface_name[IFNAMSIZ] = '\0';
735
+ ghost_ptk("The user asked to ghostify the interface %s.",
737
+ if((failure = ghostify_interface(interface_name)) == 0)
738
+ ghost_ptk("Ok, %s was ghostified.",
741
+ ghost_ptk("Failure in ghostification of %s.",
745
+ case SIOCGIFUNGHOSTIFY: {
746
+ if (!capable(CAP_NET_ADMIN))
748
+ char interface_name[1000];
750
+ if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1))
752
+ interface_name[IFNAMSIZ] = '\0';
753
+ ghost_ptk("The user asked to unghostify the interface %s.",
755
+ if((failure = unghostify_interface(interface_name)) == 0)
756
+ ghost_ptk("Ok, %s was unghostified.",
759
+ ghost_ptk("Failure in unghostification of %s.",
763
+ /* end of ghostficiation ioctl */
764
+#endif /* CONFIG_GHOSTIFICATION */
768
* - can be done by all.
769
diff -rNuad linux-2.6.29/net/core/dev_mcast.c linux-2.6.29-ghost/net/core/dev_mcast.c
770
--- linux-2.6.29/net/core/dev_mcast.c 2009-03-23 23:12:14.000000000 +0000
771
+++ linux-2.6.29-ghost/net/core/dev_mcast.c 2009-11-26 22:38:27.000000000 +0000
773
* Alan Cox : IFF_ALLMULTI support.
774
* Alan Cox : New format set_multicast_list() calls.
775
* Gleb Natapov : Remove dev_mc_lock.
776
+ * Luca Saiu <positron@gnu.org>: trivial changes for
777
+ * ghostification support.
779
* This program is free software; you can redistribute it and/or
780
* modify it under the terms of the GNU General Public License
782
#include <net/sock.h>
785
+#ifdef CONFIG_GHOSTIFICATION
786
+#include <net/ghostdebug.h>
787
+#endif /* CONFIG_GHOSTIFICATION */
790
* Device multicast list maintenance.
792
netif_addr_lock_bh(dev);
793
for (m = dev->mc_list; m; m = m->next) {
796
+#ifdef CONFIG_GHOSTIFICATION
797
+ /* (ghost support) Don't show information
798
+ in /proc about ghost interfaces */
799
+ if (is_a_ghost_interface_name(dev->name)) {
800
+ ghost_ptk("Don't show any information in /proc "
801
+ "about ghostified interface");
804
+#endif /* CONFIG_GHOSTIFICATION */
805
seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex,
806
dev->name, m->dmi_users, m->dmi_gusers);
808
diff -rNuad linux-2.6.29/net/core/rtnetlink.c linux-2.6.29-ghost/net/core/rtnetlink.c
809
--- linux-2.6.29/net/core/rtnetlink.c 2009-03-23 23:12:14.000000000 +0000
810
+++ linux-2.6.29-ghost/net/core/rtnetlink.c 2009-11-26 22:38:27.000000000 +0000
812
* as published by the Free Software Foundation; either version
813
* 2 of the License, or (at your option) any later version.
817
* Vitaly E. Lavrov RTA_OK arithmetics was wrong.
820
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> Some changes
821
+ * to ghost support, to allow to hide ghost net interfaces
824
#include <linux/errno.h>
826
#include <net/fib_rules.h>
827
#include <net/rtnetlink.h>
829
+/* (ghost support) */
830
+#ifdef CONFIG_GHOSTIFICATION
831
+#include <net/ghostdebug.h>
838
static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex)
840
struct rtnl_link *tab;
842
+#ifdef CONFIG_GHOSTIFICATION
843
+ /* (ghost support) add information to devel patch */
844
+ ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex);
846
tab = rtnl_msg_handlers[protocol];
847
if (tab == NULL || tab[msgindex].doit == NULL)
848
tab = rtnl_msg_handlers[PF_UNSPEC];
850
static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex)
852
struct rtnl_link *tab;
854
+#ifdef CONFIG_GHOSTIFICATION
855
+ /* (ghost support) add information to devel patch */
856
+ ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex);
858
tab = rtnl_msg_handlers[protocol];
859
if (tab == NULL || tab[msgindex].dumpit == NULL)
860
tab = rtnl_msg_handlers[PF_UNSPEC];
863
struct sock *rtnl = net->rtnl;
865
+#ifdef CONFIG_GHOSTIFICATION
866
+ /* (ghost support) add inforation to devel patch */
867
+ ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i "
868
+ "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid,
869
+ nlh->nlmsg_type, nlh->nlmsg_seq);
873
report = nlmsg_report(nlh);
878
+#ifdef CONFIG_GHOSTIFICATION
879
+ /* (ghost support) add information to devel patch */
880
+ ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type "
881
+ "= %i, seq = %i and nlh->nlmsg_seq = %i",
882
+ pid, nlh->nlmsg_pid, nlh->nlmsg_type,
883
+ seq, nlh->nlmsg_seq);
884
+ ghost_develmsg("dev->name = %s and dev->ifindex = %i",
887
+ /* function whose call rtnl_fill_ifinfo has been modified, except
888
+ rtmsg_ifinfo so if it will be necessary to skip ghost iface here then
889
+ keep in your mind to test pid because if it is eq. to 0 then it is a
890
+ kernel request (else user request) and we don't want disturbe its work. */
892
ifm = nlmsg_data(nlh);
893
ifm->ifi_family = AF_UNSPEC;
898
for_each_netdev(net, dev) {
899
+#ifdef CONFIG_GHOSTIFICATION
901
+ * (ghost support) function which encapsulates calls to
902
+ * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit,
903
+ * use to dump list of network interfaces (as used by "ip link")
905
+ ghost_develmsg("for_each_netdev, current net_device is %s",
907
+ ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, "
908
+ "cb familly/proto = %i, cb nlh->nlmsg_pid %i",
909
+ NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type,
910
+ cb->family, cb->nlh->nlmsg_pid);
911
+ if (is_a_ghost_interface_name(dev->name)) {
912
+ ghost_ptk("Hide ghotified interface (%s) in the dump",
916
+#endif /* CONFIG_GHOSTIFICATION */
919
if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
924
+#ifdef CONFIG_GHOSTIFICATION
925
+ /* (ghost support) Normally we should never go through it
926
+ with user-space tools (like iproute) which scan all iface first */
927
+ ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s",
928
+ nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name);
929
+ if (is_a_ghost_interface_name(dev->name)) {
930
+ ghost_ptk("Try to change state/parameters of a ghotified "
931
+ "interface (%s), skip", dev->name);
935
+#endif /* CONFIG_GHOSTIFICATION */
937
if ((err = validate_linkmsg(dev, tb)) < 0)
939
@@ -979,6 +1044,17 @@
943
+#ifdef CONFIG_GHOSTIFICATION
944
+ /* (ghost support) Normally we should never go through it
945
+ with user-space tools (like iproute) which scan all iface first */
946
+ ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s",
947
+ nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name);
948
+ if (is_a_ghost_interface_name(dev->name)) {
949
+ ghost_ptk("Try to change dell a ghotified interface (%s), skip",
953
+#endif /* CONFIG_GHOSTIFICATION */
955
ops = dev->rtnl_link_ops;
957
@@ -1181,6 +1257,17 @@
958
dev = dev_get_by_index(net, ifm->ifi_index);
961
+#ifdef CONFIG_GHOSTIFICATION
962
+ /* (ghost support) Normally we should never go through it with
963
+ user-space tools (like iproute) which scan all iface first */
964
+ ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s",
965
+ nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name);
966
+ if (is_a_ghost_interface_name(dev->name)) {
967
+ ghost_ptk("Try to get infos about a ghotified interface (%s), skip",
971
+#endif /* CONFIG_GHOSTIFICATION */
975
@@ -1235,6 +1322,8 @@
979
+ /* (ghost support) call rtnl_fill_ifinfo so maybe it
980
+ is need here to modify, in order to skip ghost iface */
981
skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL);
984
@@ -1269,6 +1358,11 @@
987
type = nlh->nlmsg_type;
988
+#ifdef CONFIG_GHOSTIFICATION
989
+ ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ",
990
+ nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq);
991
+#endif /* CONFIG_GHOSTIFICATION */
996
@@ -1288,14 +1382,21 @@
997
if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN))
1000
+ /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */
1001
if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
1003
rtnl_dumpit_func dumpit;
1005
+ /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate
1006
+ function for this family and this type take in rtnl_msg_handler[] */
1007
dumpit = rtnl_get_dumpit(family, type);
1011
+#ifdef CONFIG_GHOSTIFICATION
1012
+ ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) "
1013
+ "is used before call to netlink_dump_start",
1015
+#endif /* CONFIG_GHOSTIFICATION */
1018
err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL);
1019
@@ -1327,6 +1428,11 @@
1020
doit = rtnl_get_doit(family, type);
1023
+#ifdef CONFIG_GHOSTIFICATION
1024
+ /* (ghost support) rtnl_get_doit return pointer to the appropriate
1025
+ function for this family and this type take in rtnl_msg_handler[] */
1026
+ ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type);
1027
+#endif /* CONFIG_GHOSTIFICATION */
1029
return doit(skb, nlh, (void *)&rta_buf[0]);
1031
@@ -1342,6 +1448,10 @@
1033
struct net_device *dev = ptr;
1035
+ /* (ghost support) if we want provide a ghost's way to modify
1036
+ the state of a ghost iface, it will be necessary to skip event
1037
+ reports involing ghost iface (actually any changes are possible
1038
+ if the iface is ghostified so there is nothing to report) */
1040
case NETDEV_UNREGISTER:
1041
rtmsg_ifinfo(RTM_DELLINK, dev, ~0U);
1042
diff -rNuad linux-2.6.29/net/ipv4/arp.c linux-2.6.29-ghost/net/ipv4/arp.c
1043
--- linux-2.6.29/net/ipv4/arp.c 2009-03-23 23:12:14.000000000 +0000
1044
+++ linux-2.6.29-ghost/net/ipv4/arp.c 2009-11-26 22:38:27.000000000 +0000
1046
* bonding can change the skb before
1047
* sending (e.g. insert 8021q tag).
1048
* Harald Welte : convert to make use of jenkins hash
1049
+ * Luca Saiu <positron@gnu.org: trivial changes for ghostification
1053
#include <linux/module.h>
1054
@@ -116,6 +118,11 @@
1055
struct neigh_table *clip_tbl_hook;
1058
+/* (ghost support) */
1059
+#ifdef CONFIG_GHOSTIFICATION
1060
+#include <net/ghostdebug.h>
1063
#include <asm/system.h>
1064
#include <asm/uaccess.h>
1066
@@ -1309,9 +1316,21 @@
1069
sprintf(tbuf, "%pI4", n->primary_key);
1070
+#ifdef CONFIG_GHOSTIFICATION
1071
+/* (ghost support) Don't show anything in /proc if it involves
1072
+ghost interfaces: */
1073
+ if (! is_a_ghost_interface_name(dev->name)) {
1074
+ ghost_debugmsg("Don't show any arp information in /proc "
1075
+ "about ghostified interfaces (1).");
1076
+ seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
1077
+ tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name);
1078
+ read_unlock(&n->lock);
1081
seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
1082
- tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name);
1083
+ tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name);
1084
read_unlock(&n->lock);
1085
+#endif /* CONFIG_GHOSTIFICATION */
1088
static void arp_format_pneigh_entry(struct seq_file *seq,
1089
@@ -1322,9 +1341,21 @@
1092
sprintf(tbuf, "%pI4", n->key);
1093
+#ifdef CONFIG_GHOSTIFICATION
1094
+/* (ghost support) Don't show anything in /proc if it involves
1095
+ ghost interfaces */
1096
+ if (! is_a_ghost_interface_name(dev->name)) {
1097
+ ghost_debugmsg("Don't show any arp information in /proc "
1098
+ "about ghostified interfaces (2).");
1099
+ seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
1100
+ tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00",
1101
+ dev ? dev->name : "*");
1104
seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
1105
- tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00",
1106
- dev ? dev->name : "*");
1107
+ tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00",
1108
+ dev ? dev->name : "*");
1109
+#endif /* CONFIG_GHOSTIFICATION */
1112
static int arp_seq_show(struct seq_file *seq, void *v)
1113
diff -rNuad linux-2.6.29/net/ipv4/devinet.c linux-2.6.29-ghost/net/ipv4/devinet.c
1114
--- linux-2.6.29/net/ipv4/devinet.c 2009-03-23 23:12:14.000000000 +0000
1115
+++ linux-2.6.29-ghost/net/ipv4/devinet.c 2009-11-26 22:38:27.000000000 +0000
1117
* address (4.4BSD alias style support),
1118
* fall back to comparing just the label
1119
* if no match found.
1120
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr>:
1121
+ * some changes to ghost support, skip
1122
+ * request involving a ghostified iface.
1127
#include <net/rtnetlink.h>
1128
#include <net/net_namespace.h>
1130
+/* (ghost support) */
1131
+#ifdef CONFIG_GHOSTIFICATION
1132
+#include <net/ghostdebug.h>
1135
static struct ipv4_devconf ipv4_devconf = {
1137
[NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1,
1138
@@ -448,6 +456,16 @@
1142
+#ifdef CONFIG_GHOSTIFICATION
1143
+ /* (ghost support) If it is a ghostified interface then skip */
1144
+ ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name);
1145
+ if (is_a_ghost_interface_name(in_dev->dev->name)) {
1146
+ ghost_ptk("Try to delete address on a ghostified interface (%s), skip",
1147
+ (in_dev->dev->name));
1151
+#endif /* CONFIG_GHOSTIFICATION */
1153
__in_dev_put(in_dev);
1155
@@ -497,6 +515,17 @@
1159
+#ifdef CONFIG_GHOSTIFICATION
1160
+ /* (ghost support) If it is a ghostified interface then skip */
1161
+ ghost_debugmsg("(dev->name) = %s ", (dev->name));
1162
+ if (is_a_ghost_interface_name(dev->name)) {
1163
+ ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip",
1168
+#endif /* CONFIG_GHOSTIFICATION */
1170
in_dev = __in_dev_get_rtnl(dev);
1173
@@ -546,6 +575,12 @@
1177
+ /* (ghost support) don't modify this funct but directly
1178
+ rtm_to_ifaddr, as for others funct, with user-levels tools
1179
+ (as iproute) we normaly never arrive here (because a dump
1180
+ all ifaces is perform before and func which make the dump
1181
+ has been modified (but we want prevent user tool request
1182
+ the ghost iface directly */
1183
ifa = rtm_to_ifaddr(net, nlh);
1185
return PTR_ERR(ifa);
1186
@@ -1161,6 +1196,15 @@
1187
s_ip_idx = ip_idx = cb->args[1];
1189
for_each_netdev(net, dev) {
1190
+#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */
1191
+ /* (ghost support) If it is a ghostified interface then skip */
1192
+ ghost_debugmsg("dev->name = %s", dev->name);
1193
+ if (is_a_ghost_interface_name(dev->name)) {
1194
+ ghost_ptk("Try to get address on a ghostified interface (%s), skip",
1198
+#endif /* CONFIG_GHOSTIFICATION */
1202
diff -rNuad linux-2.6.29/net/ipv4/fib_frontend.c linux-2.6.29-ghost/net/ipv4/fib_frontend.c
1203
--- linux-2.6.29/net/ipv4/fib_frontend.c 2009-03-23 23:12:14.000000000 +0000
1204
+++ linux-2.6.29-ghost/net/ipv4/fib_frontend.c 2009-11-26 22:38:27.000000000 +0000
1206
* IPv4 Forwarding Information Base: FIB frontend.
1208
* Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
1209
+ * Luca Saiu <positron@gnu.org> (simple changes for ghostification
1211
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> (some display
1212
+ * and comment for ghostification in rtnetlink functions).
1214
* This program is free software; you can redistribute it and/or
1215
* modify it under the terms of the GNU General Public License
1217
#include <net/ip_fib.h>
1218
#include <net/rtnetlink.h>
1220
+/* (ghost support) */
1221
+#ifdef CONFIG_GHOSTIFICATION
1222
+#include <net/ghostdebug.h>
1225
#ifndef CONFIG_IP_MULTIPLE_TABLES
1227
static int __net_init fib4_rules_init(struct net *net)
1228
@@ -451,6 +460,11 @@
1229
* Handle IP routing ioctl calls. These are used to manipulate the routing tables
1232
+#ifdef CONFIG_GHOSTIFICATION
1233
+/* (ghost support) A function implemented in net/core/dev.c */
1234
+int is_a_ghost_interface_name(const char *interface_name);
1235
+#endif /* CONFIG_GHOSTIFICATION */
1237
int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg)
1239
struct fib_config cfg;
1240
@@ -465,6 +479,22 @@
1242
if (copy_from_user(&rt, arg, sizeof(rt)))
1244
+#ifdef CONFIG_GHOSTIFICATION
1245
+ /* (ghost support) Forbid any action involving a ghost interface */
1246
+ if (rt.rt_dev != (char __user*)NULL) {
1247
+ /* We need to have this name in kernel space to check
1248
+ for ghostification: */
1249
+ char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */
1250
+ if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1))
1252
+ if(is_a_ghost_interface_name(interface_name)) {
1253
+ ghost_ptk("The user aked to add a route involving the "
1254
+ "ghost interface %s. We make this operation fail",
1259
+#endif /* CONFIG_GHOSTIFICATION */
1262
err = rtentry_to_fib_config(net, cmd, &rt, &cfg);
1263
@@ -473,12 +503,18 @@
1265
if (cmd == SIOCDELRT) {
1266
tb = fib_get_table(net, cfg.fc_table);
1267
+ /* (ghost support) The function pointed by tb->tb_delete was
1268
+ also modified to deal with ghost interfaces. Such function
1269
+ may be either fn_hash_delete() or fn_trie_delete() */
1271
err = tb->tb_delete(tb, &cfg);
1275
tb = fib_new_table(net, cfg.fc_table);
1276
+ /* (ghost support) The function pointed by tb->tb_insert was
1277
+ also modified to deal with ghost interfaces. Such function
1278
+ may be either fn_hash_insert() or fn_trie_insert() */
1280
err = tb->tb_insert(tb, &cfg);
1282
@@ -585,6 +621,16 @@
1283
struct fib_table *tb;
1287
+ * (ghost support) add infos for patch devel, we don't modify
1288
+ * inet_rtm_newroute but instead functions pointed by tb->tb_delete,
1289
+ * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete()
1292
+ ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i "
1293
+ "and nlh->nlmsg_type = %i", nlh->nlmsg_pid,
1294
+ nlh->nlmsg_seq, nlh->nlmsg_type);
1296
err = rtm_to_fib_config(net, skb, nlh, &cfg);
1299
@@ -607,6 +653,16 @@
1300
struct fib_table *tb;
1304
+ * (ghost support) add infos for patch devel, we don't modify
1305
+ * inet_rtm_newroute but instead function pointed by tb->tb_insert,
1306
+ * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert()
1309
+ ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i "
1310
+ "and nlh->nlmsg_type = %i", nlh->nlmsg_pid,
1311
+ nlh->nlmsg_seq, nlh->nlmsg_type);
1313
err = rtm_to_fib_config(net, skb, nlh, &cfg);
1316
@@ -622,6 +678,12 @@
1321
+ * (ghost support) Fonction called through rtnetlink to dump
1322
+ * all routes, we don't change anythings here, changes have
1323
+ * been made in fib_semantics.c (in fib_dump_info which is
1324
+ * called by fib_trie and fib_hash).
1326
static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
1328
struct net *net = sock_net(skb->sk);
1331
if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) &&
1332
((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED)
1333
- return ip_rt_dump(skb, cb);
1334
+ return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */
1342
+ /* (ghost support) Length returned can be changed by
1343
+ fib_dump_info when a route of a ghositifed iface is
1344
+ lookup (skb length may be abnormal, diff of mod(240)) */
1348
diff -rNuad linux-2.6.29/net/ipv4/fib_hash.c linux-2.6.29-ghost/net/ipv4/fib_hash.c
1349
--- linux-2.6.29/net/ipv4/fib_hash.c 2009-03-23 23:12:14.000000000 +0000
1350
+++ linux-2.6.29-ghost/net/ipv4/fib_hash.c 2009-11-26 22:38:27.000000000 +0000
1352
* IPv4 FIB: lookup engine and maintenance routines.
1354
* Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
1355
+ * Luca Saiu <positron@gnu.org> (simple changes for ghostification
1357
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> (bugfixes,
1358
+ * forgetting ghost support in the function fn_hash_insert, bad
1359
+ * field check in fib_seq_show).
1361
* This program is free software; you can redistribute it and/or
1362
* modify it under the terms of the GNU General Public License
1364
#include <net/sock.h>
1365
#include <net/ip_fib.h>
1367
+/* (ghost support) */
1368
+#ifdef CONFIG_GHOSTIFICATION
1369
+#include <net/ghostdebug.h>
1372
#include "fib_lookup.h"
1374
static struct kmem_cache *fn_hash_kmem __read_mostly;
1375
@@ -397,6 +407,18 @@
1379
+#ifdef CONFIG_GHOSTIFICATION
1380
+ /* (ghost support) don't make any change for route involving
1381
+ ghostified interface, current funct is pointed by tb->tb_insert */
1382
+ ghost_debugmsg("interface is %s", fi->fib_dev->name);
1383
+ if(is_a_ghost_interface_name(fi->fib_dev->name)) {
1384
+ ghost_ptk("Trying to delete a route involving the "
1385
+ "ghost device %s: we make this operation fail.",
1386
+ fi->fib_dev->name);
1389
+#endif /* CONFIG_GHOSTIFICATION */
1391
if (fz->fz_nent > (fz->fz_divisor<<1) &&
1392
fz->fz_divisor < FZ_MAX_DIVISOR &&
1393
(cfg->fc_dst_len == 32 ||
1394
@@ -580,7 +602,17 @@
1395
fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list);
1396
list_for_each_entry_continue(fa, &f->fn_alias, fa_list) {
1397
struct fib_info *fi = fa->fa_info;
1399
+#ifdef CONFIG_GHOSTIFICATION
1400
+ /* (ghost support) don't make any change for route involving
1401
+ ghostified interface, current funct is pointed by tb->tb_delete */
1402
+ ghost_debugmsg("interface is %s", fi->fib_dev->name);
1403
+ if(is_a_ghost_interface_name(fi->fib_dev->name)) {
1404
+ ghost_ptk("Trying to delete a route involving the "
1405
+ "ghost device %s: we make this operation fail.",
1406
+ fi->fib_dev->name);
1409
+#endif /* CONFIG_GHOSTIFICATION */
1410
if (fa->fa_tos != cfg->fc_tos)
1413
@@ -1022,19 +1054,39 @@
1415
mask = FZ_MASK(iter->zone);
1416
flags = fib_flag_trans(fa->fa_type, mask, fi);
1420
+#ifdef CONFIG_GHOSTIFICATION
1421
+ /* (ghost support) Don't display any informations about
1422
+ ghostified interfaces under /proc/net/route, bf */
1423
+ if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name))
1425
+ ghost_ptk("Don't display routes for a ghostified "
1426
+ "interface (%s) /proc/net/route",
1427
+ (const char*)fi->fib_dev->name);
1429
+ "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
1430
+ fi->fib_dev ? fi->fib_dev->name : "*", prefix,
1431
+ fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority,
1432
+ mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0),
1434
+ fi->fib_rtt >> 3, &len);
1438
- "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
1439
- fi->fib_dev ? fi->fib_dev->name : "*", prefix,
1440
- fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority,
1441
- mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0),
1443
- fi->fib_rtt >> 3, &len);
1445
+ "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
1446
+ fi->fib_dev ? fi->fib_dev->name : "*", prefix,
1447
+ fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority,
1448
+ mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0),
1450
+ fi->fib_rtt >> 3, &len);
1451
+#endif /* CONFIG_GHOSTIFICATION */
1455
- "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
1456
- prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len);
1458
+ "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
1459
+ prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len);
1461
seq_printf(seq, "%*s\n", 127 - len, "");
1464
diff -rNuad linux-2.6.29/net/ipv4/fib_semantics.c linux-2.6.29-ghost/net/ipv4/fib_semantics.c
1465
--- linux-2.6.29/net/ipv4/fib_semantics.c 2009-03-23 23:12:14.000000000 +0000
1466
+++ linux-2.6.29-ghost/net/ipv4/fib_semantics.c 2009-11-26 22:38:27.000000000 +0000
1468
* modify it under the terms of the GNU General Public License
1469
* as published by the Free Software Foundation; either version
1470
* 2 of the License, or (at your option) any later version.
1472
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> trivial
1473
+ * change for ghostification.
1476
#include <asm/uaccess.h>
1478
#include <net/netlink.h>
1479
#include <net/nexthop.h>
1481
+/* (ghost support) */
1482
+#ifdef CONFIG_GHOSTIFICATION
1483
+#include <net/ghostdebug.h>
1486
#include "fib_lookup.h"
1488
static DEFINE_SPINLOCK(fib_info_lock);
1489
@@ -953,6 +961,23 @@
1493
+#ifdef CONFIG_GHOSTIFICATION
1495
+ * (ghost support) function call by fib_trie and fib_hash to dump route,
1496
+ * in most case we won't arrive here with usertools (like iproute), because
1497
+ * modification in rtnl_dump_ifinfo hide iface and modif here may be not really
1498
+ * proper because put abnormal length in the skb->len return by inet_dump_fib
1499
+ * (used without error..) if pid != 0 then user talks else that is the kernel;
1502
+ if (is_a_ghost_interface_name(fi->fib_dev->name)) {
1503
+ ghost_ptk("Try to get route about ghost iface (%s), skip",
1504
+ fi->fib_dev->name);
1505
+ /* return -EMSGSIZE; don't use this because that stops evaluation */
1506
+ return nlmsg_end(skb, nlh);
1508
+#endif /* CONFIG_GHOSTIFICATION */
1510
rtm = nlmsg_data(nlh);
1511
rtm->rtm_family = AF_INET;
1512
rtm->rtm_dst_len = dst_len;
1513
diff -rNuad linux-2.6.29/net/ipv4/fib_trie.c linux-2.6.29-ghost/net/ipv4/fib_trie.c
1514
--- linux-2.6.29/net/ipv4/fib_trie.c 2009-03-23 23:12:14.000000000 +0000
1515
+++ linux-2.6.29-ghost/net/ipv4/fib_trie.c 2009-11-26 22:38:27.000000000 +0000
1518
* Hans Liss <hans.liss@its.uu.se> Uppsala Universitet
1520
+ * Luca Saiu <positron@gnu.org> (simple changes for ghostification
1522
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> (bugfixes,
1523
+ * forgetting ghost support in the function fn_trie_insert, bad
1524
+ * field check in fib_route_seq_show).
1526
* This work is based on the LPC-trie which is originally descibed in:
1528
* An experimental study of compression methods for dynamic tries
1530
#include <net/ip_fib.h>
1531
#include "fib_lookup.h"
1533
+/* (ghost support) */
1534
+#ifdef CONFIG_GHOSTIFICATION
1535
+#include <net/ghostdebug.h>
1538
#define MAX_STAT_DEPTH 32
1540
#define KEYLENGTH (8*sizeof(t_key))
1541
@@ -1195,6 +1206,18 @@
1545
+#ifdef CONFIG_GHOSTIFICATION
1546
+ /* (ghost support) don't make any change for
1547
+ route involving ghostified interface */
1548
+ ghost_debugmsg("interface is %s", fi->fib_dev->name);
1549
+ if(is_a_ghost_interface_name(fi->fib_dev->name)) {
1550
+ ghost_ptk("Trying to delete a route involving the "
1551
+ "ghost device %s: we make this operation fail.",
1552
+ fi->fib_dev->name);
1555
+#endif /* CONFIG_GHOSTIFICATION */
1557
l = fib_find_node(t, key);
1560
@@ -1623,7 +1646,17 @@
1561
fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list);
1562
list_for_each_entry_continue(fa, fa_head, fa_list) {
1563
struct fib_info *fi = fa->fa_info;
1565
+#ifdef CONFIG_GHOSTIFICATION
1566
+ /* (ghost support) don't make any change for
1567
+ route involving ghostified interface */
1568
+ ghost_debugmsg("interface is %s", fi->fib_dev->name);
1569
+ if(is_a_ghost_interface_name(fi->fib_dev->name)) {
1570
+ ghost_ptk("Trying to delete a route involving the "
1571
+ "ghost device %s: we make this operation fail.",
1572
+ fi->fib_dev->name);
1575
+#endif /* CONFIG_GHOSTIFICATION */
1576
if (fa->fa_tos != tos)
1579
@@ -2583,7 +2616,28 @@
1580
|| fa->fa_type == RTN_MULTICAST)
1585
+#ifdef CONFIG_GHOSTIFICATION
1586
+ /* (ghost support) Don't display any informations about
1587
+ ghostified interfaces under /proc/net/route, bf */
1588
+ if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) {
1589
+ ghost_ptk("Don't display routes for a ghostified "
1590
+ "interface (%s) in /proc/net/route",
1591
+ (const char*)fi->fib_dev->name);
1593
+ "%s\t%08X\t%08X\t%04X\t%d\t%u\t"
1594
+ "%d\t%08X\t%d\t%u\t%u%n",
1595
+ fi->fib_dev ? fi->fib_dev->name : "*",
1597
+ fi->fib_nh->nh_gw, flags, 0, 0,
1601
+ fi->fib_advmss + 40 : 0),
1603
+ fi->fib_rtt >> 3, &len);
1607
"%s\t%08X\t%08X\t%04X\t%d\t%u\t"
1608
"%d\t%08X\t%d\t%u\t%u%n",
1609
@@ -2596,13 +2650,14 @@
1610
fi->fib_advmss + 40 : 0),
1612
fi->fib_rtt >> 3, &len);
1614
+#endif /* CONFIG_GHOSTIFICATION */
1617
"*\t%08X\t%08X\t%04X\t%d\t%u\t"
1618
"%d\t%08X\t%d\t%u\t%u%n",
1619
prefix, 0, flags, 0, 0, 0,
1620
mask, 0, 0, 0, &len);
1623
seq_printf(seq, "%*s\n", 127 - len, "");
1626
diff -rNuad linux-2.6.29/net/ipv4/igmp.c linux-2.6.29-ghost/net/ipv4/igmp.c
1627
--- linux-2.6.29/net/ipv4/igmp.c 2009-03-23 23:12:14.000000000 +0000
1628
+++ linux-2.6.29-ghost/net/ipv4/igmp.c 2009-11-26 22:38:27.000000000 +0000
1630
* Alexey Kuznetsov: Accordance to igmp-v2-06 draft.
1631
* David L Stevens: IGMPv3 support, with help from
1633
+ * Luca Saiu <positron@gnu.org>: trivial changes for ghostification
1637
#include <linux/module.h>
1638
@@ -105,6 +107,11 @@
1639
#include <linux/seq_file.h>
1642
+/* (ghost support) */
1643
+#ifdef CONFIG_GHOSTIFICATION
1644
+#include <net/ghostdebug.h>
1647
#define IP_MAX_MEMBERSHIPS 20
1648
#define IP_MAX_MSF 10
1650
@@ -2387,8 +2394,18 @@
1653
if (state->in_dev->mc_list == im) {
1654
+#ifdef CONFIG_GHOSTIFICATION
1655
+ /* (ghost support) Don't show any info about ghost interfaces */
1656
+ if(! is_a_ghost_interface_name(state->dev->name)) {
1657
+ ghost_debugmsg("Don't show any igmp information in /proc "
1658
+ "about ghostified interfaces (1).");
1659
+ seq_printf(seq, "%d\t%-10s: %5d %7s\n",
1660
+ state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier);
1663
seq_printf(seq, "%d\t%-10s: %5d %7s\n",
1664
state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier);
1665
+#endif /* CONFIG_GHOSTIFICATION */
1669
@@ -2550,14 +2567,30 @@
1671
"SRC", "INC", "EXC");
1674
- "%3d %6.6s 0x%08x "
1675
- "0x%08x %6lu %6lu\n",
1676
- state->dev->ifindex, state->dev->name,
1677
- ntohl(state->im->multiaddr),
1678
- ntohl(psf->sf_inaddr),
1679
- psf->sf_count[MCAST_INCLUDE],
1680
- psf->sf_count[MCAST_EXCLUDE]);
1681
+#ifdef CONFIG_GHOSTIFICATION
1682
+ /* (ghost support) Don't show any info about ghost interfaces */
1683
+ if (! is_a_ghost_interface_name(state->dev->name)) {
1684
+ ghost_debugmsg("Don't show any igmp information in /proc "
1685
+ "about ghostified interfaces (2).");
1687
+ "%3d %6.6s 0x%08x "
1688
+ "0x%08x %6lu %6lu\n",
1689
+ state->dev->ifindex, state->dev->name,
1690
+ ntohl(state->im->multiaddr),
1691
+ ntohl(psf->sf_inaddr),
1692
+ psf->sf_count[MCAST_INCLUDE],
1693
+ psf->sf_count[MCAST_EXCLUDE]);
1697
+ "%3d %6.6s 0x%08x "
1698
+ "0x%08x %6lu %6lu\n",
1699
+ state->dev->ifindex, state->dev->name,
1700
+ ntohl(state->im->multiaddr),
1701
+ ntohl(psf->sf_inaddr),
1702
+ psf->sf_count[MCAST_INCLUDE],
1703
+ psf->sf_count[MCAST_EXCLUDE]);
1704
+#endif /* CONFIG_GHOSTIFICATION */
1708
diff -rNuad linux-2.6.29/net/ipv4/route.c linux-2.6.29-ghost/net/ipv4/route.c
1709
--- linux-2.6.29/net/ipv4/route.c 2009-03-23 23:12:14.000000000 +0000
1710
+++ linux-2.6.29-ghost/net/ipv4/route.c 2009-11-26 22:38:27.000000000 +0000
1712
* Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
1713
* Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
1714
* Ilia Sotnikov : Removed TOS from hash calculations
1715
+ * Luca Saiu <positron@gnu.org> : trivial changes for ghostification support
1716
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> : ghost support to rtnetlink
1717
+ * function, ghost bugfix (field) in rt_cache_seq_show
1719
* This program is free software; you can redistribute it and/or
1720
* modify it under the terms of the GNU General Public License
1721
@@ -108,6 +111,11 @@
1722
#include <linux/sysctl.h>
1725
+/* (ghost support) */
1726
+#ifdef CONFIG_GHOSTIFICATION
1727
+#include <net/ghostdebug.h>
1730
#define RT_FL_TOS(oldflp) \
1731
((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK)))
1733
@@ -375,6 +383,14 @@
1734
"Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
1735
"HHUptod\tSpecDst");
1737
+#ifdef CONFIG_GHOSTIFICATION
1738
+ /* (ghost support) Dont't display informations about ghost ifaces, bf */
1739
+ if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) {
1740
+ ghost_ptk("Don't display routing informations about ghost interface (%s)",
1741
+ ((const char*)((struct rtable*)v)->u.dst.dev->name));
1744
+#endif /* CONFIG_GHOSTIFICATION */
1745
struct rtable *r = v;
1748
@@ -392,11 +408,11 @@
1750
r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1,
1751
r->u.dst.hh ? (r->u.dst.hh->hh_output ==
1752
- dev_queue_xmit) : 0,
1753
+ dev_queue_xmit) : 0,
1754
r->rt_spec_dst, &len);
1756
seq_printf(seq, "%*s\n", 127 - len, "");
1762
@@ -2812,8 +2828,13 @@
1763
r->rtm_src_len = 32;
1764
NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src);
1766
- if (rt->u.dst.dev)
1767
+ if (rt->u.dst.dev) {
1768
+#ifdef CONFIG_GHOSTIFICATION
1769
+ /* (ghost support) */
1770
+ ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name);
1772
NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex);
1774
#ifdef CONFIG_NET_CLS_ROUTE
1775
if (rt->u.dst.tclassid)
1776
NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid);
1777
@@ -2896,7 +2917,7 @@
1783
/* Reserve room for dummy headers, this skb can pass
1784
through good chunk of routing engine.
1786
@@ -2918,6 +2939,17 @@
1791
+#ifdef CONFIG_GHOSTIFICATION
1792
+ ghost_debugmsg("Net device is %s ", dev->name);
1793
+ /* (ghost support) If it is a ghostified interface then exit */
1794
+ if (is_a_ghost_interface_name(dev->name)) {
1795
+ ghost_ptk("Try to get a route involving a ghostified "
1796
+ "interface (%s), skip", dev->name);
1800
+#endif /* CONFIG_GHOSTIFICATION */
1803
skb->protocol = htons(ETH_P_IP);
1804
@@ -2943,13 +2975,31 @@
1805
err = ip_route_output_key(net, &rt, &fl);
1814
if (rtm->rtm_flags & RTM_F_NOTIFY)
1815
rt->rt_flags |= RTCF_NOTIFY;
1817
+#ifdef CONFIG_GHOSTIFICATION
1818
+ /* (ghost support) Don't allow get ops for route
1819
+ involving a ghostified interface, unnecessary test ..(rt) */
1821
+ if (rt->u.dst.dev) {
1822
+ ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name);
1823
+ if (is_a_ghost_interface_name(rt->u.dst.dev->name)) {
1824
+ ghost_ptk("Try to get a route involving a ghostified "
1825
+ "interface (%s), skip",
1826
+ rt->u.dst.dev->name);
1827
+ err = -ENETUNREACH;
1832
+#endif /* CONFIG_GHOSTIFICATION */
1834
err = rt_fill_info(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq,
1835
RTM_NEWROUTE, 0, 0);
1837
@@ -2964,6 +3014,8 @@
1841
+/* (ghost support) maybe it will be necessary to modify
1842
+this func which is call in fib_frontend.c */
1843
int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
1846
diff -rNuad linux-2.6.29/net/ipv6/Kconfig linux-2.6.29-ghost/net/ipv6/Kconfig
1847
--- linux-2.6.29/net/ipv6/Kconfig 2009-03-23 23:12:14.000000000 +0000
1848
+++ linux-2.6.29-ghost/net/ipv6/Kconfig 2009-11-26 22:38:27.000000000 +0000
1851
# IPv6 as module will cause a CRASH if you try to unload it
1853
- tristate "The IPv6 protocol"
1855
+ bool "The IPv6 protocol"
1858
This is complemental support for the IP version 6.
1859
You will still be able to do traditional IPv4 networking as well.
1861
For specific information about IPv6 under Linux, read the HOWTO at
1862
<http://www.bieringer.de/linux/IPv6/>.
1864
+ Ghostification notes:
1865
+ =====================
1866
+ IPV6 can not be built in module with ghost support.
1868
To compile this protocol support as a module, choose M here: the
1869
module will be called ipv6.
1875
- tristate "IPv6: AH transformation"
1876
+ bool "IPv6: AH transformation"
1884
- tristate "IPv6: ESP transformation"
1885
+ bool "IPv6: ESP transformation"
1888
select CRYPTO_AUTHENC
1893
- tristate "IPv6: IPComp transformation"
1894
+ bool "IPv6: IPComp transformation"
1895
select INET6_XFRM_TUNNEL
1902
- tristate "IPv6: Mobility (EXPERIMENTAL)"
1903
+ bool "IPv6: Mobility (EXPERIMENTAL)"
1904
depends on EXPERIMENTAL
1907
@@ -114,16 +118,16 @@
1910
config INET6_XFRM_TUNNEL
1921
config INET6_XFRM_MODE_TRANSPORT
1922
- tristate "IPv6: IPsec transport mode"
1923
+ bool "IPv6: IPsec transport mode"
1930
config INET6_XFRM_MODE_TUNNEL
1931
- tristate "IPv6: IPsec tunnel mode"
1932
+ bool "IPv6: IPsec tunnel mode"
1939
config INET6_XFRM_MODE_BEET
1940
- tristate "IPv6: IPsec BEET mode"
1941
+ bool "IPv6: IPsec BEET mode"
1945
@@ -150,14 +154,14 @@
1948
config INET6_XFRM_MODE_ROUTEOPTIMIZATION
1949
- tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)"
1950
+ bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)"
1951
depends on EXPERIMENTAL
1954
Support for MIPv6 route optimization mode.
1957
- tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
1958
+ bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
1960
select IPV6_NDISC_NODETYPE
1966
- tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
1967
+ bool "IPv6: IP-in-IPv6 tunnel (RFC2473)"
1970
Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
1971
diff -rNuad linux-2.6.29/net/ipv6/addrconf.c linux-2.6.29-ghost/net/ipv6/addrconf.c
1972
--- linux-2.6.29/net/ipv6/addrconf.c 2009-03-23 23:12:14.000000000 +0000
1973
+++ linux-2.6.29-ghost/net/ipv6/addrconf.c 2009-11-26 22:38:27.000000000 +0000
1975
* YOSHIFUJI Hideaki @USAGI : improved source address
1976
* selection; consider scope,
1978
+ * Luca Saiu <positron@gnu.org> : ghostification support
1979
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.frfr> : ghost
1980
+ * modify functions using (rt)netlink
1983
#include <linux/errno.h>
1985
#include <linux/random.h>
1988
+/* (ghost support) */
1989
+#ifdef CONFIG_GHOSTIFICATION
1990
+#include <net/ghostdebug.h>
1993
#include <asm/uaccess.h>
1994
#include <asm/unaligned.h>
1996
@@ -445,6 +453,86 @@
2001
+ * (ghost support) Support to hide snmp6 proc infos.
2003
+#ifdef CONFIG_GHOSTIFICATION
2004
+/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed().
2005
+ Return a pointer to a valid inet6_dev structure on success, NULL on failure: */
2006
+static struct inet6_dev* lookup_snmp6_device(const char *interface_name)
2008
+ struct net_device *device;
2009
+ struct inet6_dev *idev;
2011
+ /* Lookup the device by name, obtaining an inet6_dev structure: */
2012
+ device = dev_get_by_name(&init_net, interface_name);
2013
+ if(device == NULL)
2016
+ idev = ipv6_find_idev(device);
2021
+/* These are defined in net/ipv6/proc.c: */
2022
+extern struct proc_dir_entry *proc_net_devsnmp6;
2023
+extern struct file_operations snmp6_seq_fops;
2025
+/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless
2026
+ it's already hidden. Return 0 on success, nonzero on error: */
2027
+int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name)
2029
+ struct inet6_dev *idev = lookup_snmp6_device(interface_name);
2030
+ ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name);
2031
+ if(idev == NULL) /* lookup failed */
2034
+ /* Remove the proc/ entry, if any. If there was no entry
2035
+ then remove_proc_entry() will fail, but it's ok for us: */
2036
+#ifdef CONFIG_PROC_FS
2037
+ if (!proc_net_devsnmp6)
2039
+ if (idev->stats.proc_dir_entry == NULL)
2041
+ remove_proc_entry(interface_name, proc_net_devsnmp6);
2042
+#endif /* CONFIG_PROC_FS */
2044
+ //return snmp6_unregister_dev(idev);
2047
+/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless
2048
+ it's already shown. Return 0 on success, nonzero on error: */
2049
+int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name)
2051
+ struct inet6_dev *idev = lookup_snmp6_device(interface_name);
2052
+ struct proc_dir_entry *proc_directory_entry;
2053
+ ghost_ptk("Showing /proc/net/dev_snmp6/%s...",
2055
+ if(idev == NULL) /* lookup failed */
2057
+ if(idev->dev == NULL) /* I doubt this may happen... */
2059
+#ifdef CONFIG_PROC_FS
2060
+ if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */
2062
+ if((proc_directory_entry = create_proc_entry(interface_name,
2063
+ S_IRUGO, proc_net_devsnmp6)) == NULL)
2065
+ proc_directory_entry->data = idev;
2066
+ proc_directory_entry->proc_fops = &snmp6_seq_fops;
2067
+ idev->stats.proc_dir_entry = proc_directory_entry;
2068
+#endif /* CONFIG_PROC_FS */
2070
+ /* return snmp6_register_dev(idev); */
2072
+EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed);
2073
+EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed);
2074
+#endif /* CONFIG_GHOSTIFICATION */
2077
+ * End of ghostification support
2080
#ifdef CONFIG_SYSCTL
2081
static void dev_forward_change(struct inet6_dev *idev)
2083
@@ -2151,6 +2239,10 @@
2084
return PTR_ERR(ifp);
2088
+ * (ghost support) We don't want that an address which is linked
2089
+ * to an ghostified interface can be show/add/del/modify/etc
2091
static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx,
2094
@@ -2165,6 +2257,15 @@
2098
+#ifdef CONFIG_GHOSTIFICATION
2099
+ /* (ghost support) If it is a ghostified interface then exit */
2100
+ if (is_a_ghost_interface_name(dev->name)) {
2101
+ ghost_ptk("Try to delete address on a ghostified interface (%s), skip",
2105
+#endif /* CONFIG_GHOSTIFICATION */
2107
if ((idev = __in6_dev_get(dev)) == NULL)
2110
@@ -2993,6 +3094,22 @@
2111
static int if6_seq_show(struct seq_file *seq, void *v)
2113
struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v;
2114
+#ifdef CONFIG_GHOSTIFICATION
2115
+ /* (ghost support) Don't show information about ghost interfaces */
2116
+ if (is_a_ghost_interface_name(ifp->idev->dev->name)) {
2117
+ ghost_ptk("Don't show informations about a ghostified "
2118
+ "interface (%s) under /proc.",
2119
+ ifp->idev->dev->name);
2121
+ seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n",
2123
+ ifp->idev->dev->ifindex,
2127
+ ifp->idev->dev->name);
2130
seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n",
2132
ifp->idev->dev->ifindex,
2133
@@ -3000,6 +3117,8 @@
2136
ifp->idev->dev->name);
2137
+#endif /* CONFIG_GHOSTIFICATION */
2142
@@ -3207,6 +3326,10 @@
2143
[IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
2147
+ * (ghost support) We don't want that an address which is linked
2148
+ * to an ghostified interface can be show/add/del/modify/etc
2151
inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2153
@@ -3224,7 +3347,9 @@
2154
pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]);
2158
+ /* (ghost support) we could/should stop here a request involving a
2159
+ ghostified interface but inet6_addr_del already do a part of our work
2160
+ (get dev etc ..) so instead we modify inet6_addr_del */
2161
return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen);
2164
@@ -3273,6 +3398,10 @@
2169
+ * (ghost support) We don't want that an address which is linked
2170
+ * to an ghostified interface can be show/add/del/modify/etc
2173
inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2175
@@ -3310,6 +3439,15 @@
2179
+#ifdef CONFIG_GHOSTIFICATION
2180
+ /* (ghost support) If it is a ghostified interface then exit */
2181
+ if (is_a_ghost_interface_name(dev->name)) {
2182
+ ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.",
2186
+#endif /* CONFIG_GHOSTIFICATION */
2188
/* We ignore other flags so far. */
2189
ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS);
2191
@@ -3475,6 +3613,12 @@
2196
+ * (ghost support) We don't want that an address which is linked
2197
+ * to an ghostified interface can be show/add/del/modify/etc;
2198
+ * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr}
2199
+ * and call the appropriate inet6_fill_* function.
2201
static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
2202
enum addr_type_t type)
2204
@@ -3500,6 +3644,17 @@
2206
if ((idev = in6_dev_get(dev)) == NULL)
2209
+#ifdef CONFIG_GHOSTIFICATION
2210
+ /* (ghost support) If it is a ghostified interface then exit */
2211
+ if (is_a_ghost_interface_name(dev->name)) {
2212
+ ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.",
2215
+ /* return -ENODEV; don't use it */
2217
+#endif /* CONFIG_GHOSTIFICATION */
2219
read_lock_bh(&idev->lock);
2222
@@ -3571,7 +3726,6 @@
2223
return inet6_dump_addr(skb, cb, type);
2227
static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb)
2229
enum addr_type_t type = ANYCAST_ADDR;
2230
@@ -3579,6 +3733,10 @@
2231
return inet6_dump_addr(skb, cb, type);
2235
+ * (ghost support) We don't want that an address which is linked
2236
+ * to an ghostified interface can be show/add/del/modify/etc
2238
static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh,
2241
@@ -3605,6 +3763,17 @@
2243
dev = __dev_get_by_index(net, ifm->ifa_index);
2245
+#ifdef CONFIG_GHOSTIFICATION
2246
+ /* (ghost support) If it is a ghostified interface then exit */
2248
+ if (is_a_ghost_interface_name(dev->name)) {
2249
+ ghost_ptk("Try to get address of a ghostified interface (%s), skip.",
2254
+#endif /* CONFIG_GHOSTIFICATION */
2256
if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) {
2257
err = -EADDRNOTAVAIL;
2259
@@ -3812,6 +3981,10 @@
2264
+ * (ghost support) We don't want that an address which is linked
2265
+ * to an ghostified interface can be show/add/del/modify/etc
2267
static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
2269
struct net *net = sock_net(skb->sk);
2270
@@ -3823,6 +3996,14 @@
2271
read_lock(&dev_base_lock);
2273
for_each_netdev(net, dev) {
2274
+#ifdef CONFIG_GHOSTIFICATION
2275
+ /* (ghost support) If it is a ghostified interface then exit */
2276
+ if (is_a_ghost_interface_name(dev->name)) {
2277
+ ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.",
2281
+#endif /* CONFIG_GHOSTIFICATION */
2284
if ((idev = in6_dev_get(dev)) == NULL)
2285
@@ -3850,7 +4031,6 @@
2286
skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC);
2290
err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0);
2292
/* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */
2293
diff -rNuad linux-2.6.29/net/ipv6/ip6_fib.c linux-2.6.29-ghost/net/ipv6/ip6_fib.c
2294
--- linux-2.6.29/net/ipv6/ip6_fib.c 2009-03-23 23:12:14.000000000 +0000
2295
+++ linux-2.6.29-ghost/net/ipv6/ip6_fib.c 2009-11-26 22:38:27.000000000 +0000
2300
+/* (ghost support) iterate on net device, don't modify this function,
2301
+we can return ENODEV here, user-space tools (as ip) dump iface list before */
2302
static int fib6_dump_node(struct fib6_walker_t *w)
2307
struct fib6_walker_t *w;
2310
w = (void *)cb->args[2];
2311
w->root = &table->tb6_root;
2313
diff -rNuad linux-2.6.29/net/ipv6/mcast.c linux-2.6.29-ghost/net/ipv6/mcast.c
2314
--- linux-2.6.29/net/ipv6/mcast.c 2009-11-26 20:48:39.000000000 +0000
2315
+++ linux-2.6.29-ghost/net/ipv6/mcast.c 2009-11-26 22:42:51.000000000 +0000
2317
* - MLD for link-local addresses.
2318
* David L Stevens <dlstevens@us.ibm.com>:
2320
+ * Luca Saiu <positron@gnu.org>:
2321
+ * - trivial changes for ghostification support
2322
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr>
2323
+ * - trivial changes to correct an forgetting
2326
#include <linux/module.h>
2329
#include <net/ip6_checksum.h>
2331
+/* (ghost support) */
2332
+#ifdef CONFIG_GHOSTIFICATION
2333
+#include <net/ghostdebug.h>
2336
/* Set to 3 to get tracing... */
2337
#define MCAST_DEBUG 2
2339
@@ -2432,6 +2441,20 @@
2340
struct ifmcaddr6 *im = (struct ifmcaddr6 *)v;
2341
struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq);
2343
+#ifdef CONFIG_GHOSTIFICATION
2344
+ /* (ghost support) Don't show information about ghost interfaces */
2345
+ if(! is_a_ghost_interface_name(state->dev->name)) {
2346
+ ghost_debugmsg("Don't show any igmp6 information in /proc "
2347
+ "about ghostified interfaces (1).");
2349
+ "%-4d %-15s %pi6 %5d %08X %ld\n",
2350
+ state->dev->ifindex, state->dev->name,
2352
+ im->mca_users, im->mca_flags,
2353
+ (im->mca_flags&MAF_TIMER_RUNNING) ?
2354
+ jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0);
2358
"%-4d %-15s %pi6 %5d %08X %ld\n",
2359
state->dev->ifindex, state->dev->name,
2360
@@ -2439,6 +2462,7 @@
2361
im->mca_users, im->mca_flags,
2362
(im->mca_flags&MAF_TIMER_RUNNING) ?
2363
jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0);
2364
+#endif /* CONFIG_GHOSTIFICATION */
2368
@@ -2593,6 +2617,20 @@
2369
"Device", "Multicast Address",
2370
"Source Address", "INC", "EXC");
2372
+#ifdef CONFIG_GHOSTIFICATION
2373
+ /* (ghost support) Don't show any info about ghost interfaces */
2374
+ if (! is_a_ghost_interface_name(state->dev->name)) {
2375
+ ghost_debugmsg("Don't show any igmp6 information in /proc"
2376
+ " about ghostified interfaces (2).");
2378
+ "%3d %6.6s %pi6 %pi6 %6lu %6lu\n",
2379
+ state->dev->ifindex, state->dev->name,
2380
+ &state->im->mca_addr,
2382
+ psf->sf_count[MCAST_INCLUDE],
2383
+ psf->sf_count[MCAST_EXCLUDE]);
2387
"%3d %6.6s %pi6 %pi6 %6lu %6lu\n",
2388
state->dev->ifindex, state->dev->name,
2389
@@ -2600,6 +2638,7 @@
2391
psf->sf_count[MCAST_INCLUDE],
2392
psf->sf_count[MCAST_EXCLUDE]);
2393
+#endif /* CONFIG_GHOSTIFICATION */
2397
diff -rNuad linux-2.6.29/net/ipv6/proc.c linux-2.6.29-ghost/net/ipv6/proc.c
2398
--- linux-2.6.29/net/ipv6/proc.c 2009-03-23 23:12:14.000000000 +0000
2399
+++ linux-2.6.29-ghost/net/ipv6/proc.c 2009-11-26 22:41:05.000000000 +0000
2402
* Authors: David S. Miller (davem@caip.rutgers.edu)
2403
* YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
2404
+ * Luca Saiu <positron@gnu.org> (trivial changes for
2405
+ * ghostification support)
2407
* This program is free software; you can redistribute it and/or
2408
* modify it under the terms of the GNU General Public License
2410
#include <net/transp_v6.h>
2411
#include <net/ipv6.h>
2413
+/* (ghost support) */
2414
+#ifdef CONFIG_GHOSTIFICATION
2415
+#include <net/ghostdebug.h>
2417
+/* (ghost support) We don't want this to be static, as it has to
2418
+ be read at ghostifying and unghostifying time */
2419
+struct proc_dir_entry *proc_net_devsnmp6;
2420
+EXPORT_SYMBOL(proc_net_devsnmp6);
2421
+#endif /* CONFIG_GHOSTIFICATION */
2423
static int sockstat6_seq_show(struct seq_file *seq, void *v)
2425
struct net *net = seq->private;
2426
@@ -194,6 +206,18 @@
2427
return single_open_net(inode, file, snmp6_seq_show);
2430
+/* (ghost support) This was originally static,
2431
+but we need to make it visible */
2432
+#ifdef CONFIG_GHOSTIFICATION
2433
+struct file_operations snmp6_seq_fops = {
2434
+ .owner = THIS_MODULE,
2435
+ .open = snmp6_seq_open,
2437
+ .llseek = seq_lseek,
2438
+ .release = single_release,
2440
+EXPORT_SYMBOL(snmp6_seq_fops);
2442
static const struct file_operations snmp6_seq_fops = {
2443
.owner = THIS_MODULE,
2444
.open = snmp6_seq_open,
2446
.llseek = seq_lseek,
2447
.release = single_release_net,
2449
+#endif /* CONFIG_GHOSTIFICATION */
2451
static int snmp6_dev_seq_show(struct seq_file *seq, void *v)
2453
diff -rNuad linux-2.6.29/net/ipv6/route.c linux-2.6.29-ghost/net/ipv6/route.c
2454
--- linux-2.6.29/net/ipv6/route.c 2009-03-23 23:12:14.000000000 +0000
2455
+++ linux-2.6.29-ghost/net/ipv6/route.c 2009-11-26 22:38:27.000000000 +0000
2457
* reachable. otherwise, round-robin the list.
2459
* Fixed routing subtrees.
2460
+ * Luca Saiu <positron@gnu.org>
2461
+ * trivial changes for ghostification support
2462
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr>
2463
+ * ghostification support update, modify functions using netlink
2466
#include <linux/capability.h>
2468
#include <linux/sysctl.h>
2471
+/* (ghost support) */
2472
+#ifdef CONFIG_GHOSTIFICATION
2473
+#include <net/ghostdebug.h>
2476
/* Set to 3 to get tracing. */
2479
@@ -1112,10 +1121,6 @@
2487
int ip6_route_add(struct fib6_config *cfg)
2490
@@ -1827,6 +1832,8 @@
2491
struct in6_rtmsg rtmsg;
2494
+ /* (ghost support) don't make any change, changes
2495
+ have been made later for ioctl request */
2497
case SIOCADDRT: /* Add a route */
2498
case SIOCDELRT: /* Delete a route */
2499
@@ -2130,26 +2137,84 @@
2504
+ * (ghost support) We don't want a route which involed a
2505
+ * ghostified interface can be show/add/del/modify/etc.
2507
static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
2509
struct fib6_config cfg;
2512
- err = rtm_to_fib6_config(skb, nlh, &cfg);
2515
+#ifdef CONFIG_GHOSTIFICATION
2516
+ struct net *net = NULL;
2517
+ struct net_device *dev = NULL;
2519
+ err = rtm_to_fib6_config(skb, nlh, &cfg);
2523
+ /* (ghost support) get the net struct through sock struct */
2524
+ net = sock_net(skb->sk);
2526
+ return ip6_route_del(&cfg); /* do that or exit on error ... */
2527
+ /* (ghost support) get the net_device struct through fib6_config */
2528
+ dev = dev_get_by_index(net, cfg.fc_ifindex);
2530
+ return ip6_route_del(&cfg); /* do that or exit on error ... */
2531
+ /* (ghost support) ok we know the device name so if it
2532
+ is a ghostified interface, return device not exist */
2533
+ if(is_a_ghost_interface_name(dev->name)) {
2534
+ ghost_ptk("Try to del route involving a ghostified interface (%s). Failing",
2539
+ err = rtm_to_fib6_config(skb, nlh, &cfg);
2542
+#endif /* CONFIG_GHOSTIFICATION */
2544
return ip6_route_del(&cfg);
2548
+ * (ghost support) We don't want a route which involed a
2549
+ * ghostified interface can be show/add/del/modify/etc.
2551
static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
2553
struct fib6_config cfg;
2556
+#ifdef CONFIG_GHOSTIFICATION
2557
+ struct net *net = NULL;
2558
+ struct net_device *dev = NULL;
2560
err = rtm_to_fib6_config(skb, nlh, &cfg);
2564
+ /* (ghost support) get the net struct through sock struct */
2565
+ net = sock_net(skb->sk);
2567
+ return ip6_route_add(&cfg); /* do that or exit on error ... */
2568
+ /* (ghost support) get the net_device struct through fib6_config */
2569
+ dev = dev_get_by_index(net, cfg.fc_ifindex);
2571
+ return ip6_route_add(&cfg); /* do that or exit on error ... */
2572
+ /* (ghost support) ok we know the device name so if it is
2573
+ a ghostified interface, return device not exist */
2574
+ if(is_a_ghost_interface_name(dev->name)) {
2575
+ ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.",
2580
+ err = rtm_to_fib6_config(skb, nlh, &cfg);
2583
+#endif /* CONFIG_GHOSTIFICATION */
2585
return ip6_route_add(&cfg);
2587
@@ -2169,6 +2234,10 @@
2588
+ nla_total_size(sizeof(struct rta_cacheinfo));
2592
+ * (ghost support) We don't want a route which involed a
2593
+ * ghostified interface can be show/add/del/modify/etc
2595
static int rt6_fill_node(struct net *net,
2596
struct sk_buff *skb, struct rt6_info *rt,
2597
struct in6_addr *dst, struct in6_addr *src,
2598
@@ -2180,6 +2249,19 @@
2602
+#ifdef CONFIG_GHOSTIFICATION
2603
+ ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i",
2605
+ /* (ghost support) this function is called by by rt6_dump_route, and
2606
+ inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/
2607
+ if (rt->rt6i_dev->name)
2608
+ if(is_a_ghost_interface_name(rt->rt6i_dev->name)) {
2609
+ ghost_ptk("Try to get/notify route infos about a "
2610
+ "ghostified interface (%s), skip.",
2611
+ rt->rt6i_dev->name);
2614
+#endif /* CONFIG_GHOSTIFICATION */
2615
if (prefix) { /* user wants prefix routes only */
2616
if (!(rt->rt6i_flags & RTF_PREFIX_RT)) {
2617
/* success since this is not a prefix route */
2618
@@ -2287,10 +2369,26 @@
2623
+ * (ghost support) We don't want a route which involed a
2624
+ * ghostified interface can be show/add/del/modify/etc,
2626
int rt6_dump_route(struct rt6_info *rt, void *p_arg)
2628
struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg;
2631
+#ifdef CONFIG_GHOSTIFICATION
2632
+ ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i",
2633
+ arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq);
2634
+ /* if (rt->rt6i_dev)
2635
+ if(is_a_ghost_interface_name(rt->rt6i_dev->name)) {
2636
+ ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip",
2637
+ rt->rt6i_dev->name);
2638
+ return -ENODEV; errro maybe come from here, modify instead
2639
+ rt6_fill_node which has multiple callers
2641
+#endif /* CONFIG_GHOSTIFICATION */
2643
if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) {
2644
struct rtmsg *rtm = nlmsg_data(arg->cb->nlh);
2645
@@ -2304,6 +2402,8 @@
2646
prefix, 0, NLM_F_MULTI);
2649
+/* (ghost support) Don't make changes here, function
2650
+rt6_fill_node has been modified instead */
2651
static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg)
2653
struct net *net = sock_net(in_skb->sk);
2654
@@ -2448,6 +2548,17 @@
2656
struct seq_file *m = p_arg;
2658
+#ifdef CONFIG_GHOSTIFICATION
2659
+ /* (ghost support) Do nothing if this route involves a
2660
+ ghostified interface */
2661
+ if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */
2662
+ if(is_a_ghost_interface_name(rt->rt6i_dev->name)) {
2663
+ ghost_ptk("Don't show any informations under /proc/net"
2664
+ "involving a ghostified interface (%s)",
2665
+ rt->rt6i_dev->name);
2668
+#endif /* CONFIG_GHOSTIFICATION */
2669
seq_printf(m, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen);
2671
#ifdef CONFIG_IPV6_SUBTREES
2672
diff -rNuad linux-2.6.29/net/netfilter/core.c linux-2.6.29-ghost/net/netfilter/core.c
2673
--- linux-2.6.29/net/netfilter/core.c 2009-03-23 23:12:14.000000000 +0000
2674
+++ linux-2.6.29-ghost/net/netfilter/core.c 2009-11-26 22:38:27.000000000 +0000
2678
* Rusty Russell (C)2000 -- This code is GPL.
2679
+ * Little change by Jonathan Roudiere <roudiere@lipn.fr> to add
2680
+ * Ghostification support (bypass netfilter for ghost interface).
2682
#include <linux/kernel.h>
2683
#include <linux/netfilter.h>
2685
#include <net/net_namespace.h>
2686
#include <net/sock.h>
2688
+/* (ghost support) */
2689
+#ifdef CONFIG_GHOSTIFICATION
2690
+#include <net/ghostdebug.h>
2693
#include "nf_internals.h"
2695
static DEFINE_MUTEX(afinfo_mutex);
2698
struct nf_hook_ops *elem;
2701
err = mutex_lock_interruptible(&nf_hook_mutex);
2704
@@ -169,7 +175,158 @@
2707
elem = &nf_hooks[pf][hook];
2711
+ * (ghost support) Netfilter ghostification support.
2712
+ * Perform too much tests here is not a good idea because all
2713
+ * network packets pass through this section but we have
2714
+ * not other choice to skip netfilter hooks (per hook).
2716
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER
2718
+ * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any
2719
+ * ghostified interface (eq. to return NF_ACCEPT for each packet which
2720
+ * go through an interface which is ghostified (do that at hook level
2721
+ * in order to skip all chains's rules hang on the hooks))
2724
+ /* don't use ghost_debugmsg macro in this section
2725
+ because it may introduce too much delay */
2726
+ ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = "
2727
+ "%s to outdev->name = %s", pf, hook, indev->name, outdev->name);
2729
+/* If we wish to skip all netfilter hooks for all PF */
2730
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL
2732
+ * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks,
2733
+ * if it is a ghostified interface then we must bypass netfilter hooks
2734
+ * (and all rules chains), we start here (with outdev) to bypass netfilter's
2735
+ * hooks in the case where we are in FORWARD.
2737
+ if ((outdev->name) != NULL) {
2738
+ if (!is_a_ghost_interface_name(outdev->name)) {
2739
+ ghost_develmsg("(outdev->name) = %s is not a ghostfied interface",
2743
+ ghost_develmsg("(outdev->name) = %s is a ghostfied interface",
2750
+ * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks,
2751
+ * if it is a ghostified interface then we must bypass netfilter hooks
2752
+ * (and all rules chains), if we are in FORWARD hook and outdev/indev->name
2753
+ * is not a ghostified interface then we can go towards hooks.
2755
+ if ((indev->name) != NULL) {
2756
+ if (!is_a_ghost_interface_name(indev->name)) {
2757
+ ghost_develmsg("(indev->name) = %s is not a ghostfied interface",
2761
+ ghost_develmsg("(indev->name) = %s is a ghostfied interface",
2769
+ * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any
2770
+ * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk.
2771
+ * (about performance, choose to skip netfilter just for certains PF
2772
+ * is the most bad things we can do, but ...)
2774
+#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \
2775
+ defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE))
2776
+ /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL)
2777
+ but with the ability to choose what are the PFs that we want to skip */
2778
+ if ((outdev->name) != NULL) {
2779
+ if (!is_a_ghost_interface_name(outdev->name)) {
2780
+ ghost_develmsg("(outdev->name) = %s is not a ghostfied interface",
2784
+ ghost_develmsg("(outdev->name) = %s is a ghostfied interface",
2786
+ /* start with IPv4, IPv6 because they are the most current PF */
2787
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4
2788
+ if (pf == PF_INET) {
2792
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */
2793
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6
2794
+ if (pf == PF_INET6) {
2798
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */
2799
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP
2800
+ if (pf == NF_ARP) {
2804
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */
2805
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE
2806
+ if (pf == PF_BRIDGE) {
2810
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */
2811
+ /* We arrive here that is because we are not in a PF
2812
+ that we wish skip so we apply rules chain (for decnet) */
2816
+ if ((indev->name) != NULL) {
2817
+ if (!is_a_ghost_interface_name(indev->name)) {
2818
+ ghost_develmsg("(indev->name) = %s is not a ghostfied interface",
2822
+ ghost_develmsg("(indev->name) = %s is a ghostfied interface",
2824
+ /* start with IPv4, IPv6 because they are the most current PF */
2825
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4
2826
+ if (pf == PF_INET) {
2830
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */
2831
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6
2832
+ if (pf == PF_INET6) {
2836
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */
2837
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP
2838
+ if (pf == NF_ARP) {
2842
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */
2843
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE
2844
+ if (pf == PF_BRIDGE) {
2848
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */
2849
+ /* We arrive here that is because we are not in a PF
2850
+ that we wish skip so we apply rules chain (for decnet) */
2855
+#endif /* CONFIG_GHOSTIFICATION_ALL */
2857
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER */
2858
+/* (ghost support) End of ghostification support */
2860
verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev,
2861
outdev, &elem, okfn, hook_thresh);
2862
if (verdict == NF_ACCEPT || verdict == NF_STOP) {
2863
diff -rNuad linux-2.6.29/net/packet/af_packet.c linux-2.6.29-ghost/net/packet/af_packet.c
2864
--- linux-2.6.29/net/packet/af_packet.c 2009-03-23 23:12:14.000000000 +0000
2865
+++ linux-2.6.29-ghost/net/packet/af_packet.c 2009-11-26 22:38:27.000000000 +0000
2867
* will simply extend the hardware address
2868
* byte arrays at the end of sockaddr_ll
2870
+ * Luca Saiu <positron@gnu.org> : Trivial changes for ghostification
2872
* This program is free software; you can redistribute it and/or
2873
* modify it under the terms of the GNU General Public License
2875
#include <net/inet_common.h>
2878
+/* (ghost support) */
2879
+#ifdef CONFIG_GHOSTIFICATION
2880
+#include <net/ghostdebug.h>
2885
- if device has no dev->hard_header routine, it adds and removes ll header
2886
@@ -489,6 +495,18 @@
2887
if (skb->pkt_type == PACKET_LOOPBACK)
2890
+#ifdef CONFIG_GHOSTIFICATION
2892
+ * (ghost support) Drop packets involving ghost interfaces:
2893
+ * we don't want the user to be able to sniff them
2895
+ if(is_a_ghost_interface_name(orig_dev->name) ||
2896
+ is_a_ghost_interface_name(dev->name)) {
2897
+ ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)");
2900
+#endif /* CONFIG_GHOSTIFICATION */
2902
sk = pt->af_packet_priv;
2905
@@ -611,6 +629,18 @@
2906
if (skb->pkt_type == PACKET_LOOPBACK)
2909
+#ifdef CONFIG_GHOSTIFICATION
2911
+ * (ghost support) Drop packets involving ghost interfaces:
2912
+ * we don't want the user to be able to sniff them.
2914
+ if(is_a_ghost_interface_name(orig_dev->name) ||
2915
+ is_a_ghost_interface_name(dev->name)) {
2916
+ ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)");
2919
+#endif /* CONFIG_GHOSTIFICATION */
2921
sk = pt->af_packet_priv;
2924
@@ -2049,17 +2079,38 @@
2926
const struct packet_sock *po = pkt_sk(s);
2928
+#ifdef CONFIG_GHOSTIFICATION
2930
+ * (ghost support) Don't show packets involving ghost devices
2932
+ struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex);
2933
+ if(! is_a_ghost_interface_name(net_device->name)) {
2934
+ ghost_debugmsg("Don't show packets involving ghostified interface");
2936
+ "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
2938
+ atomic_read(&s->sk_refcnt),
2943
+ atomic_read(&s->sk_rmem_alloc),
2949
- "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
2951
- atomic_read(&s->sk_refcnt),
2956
- atomic_read(&s->sk_rmem_alloc),
2959
+ "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
2961
+ atomic_read(&s->sk_refcnt),
2966
+ atomic_read(&s->sk_rmem_alloc),
2969
+#endif /* CONFIG_GHOSTIFICATION */