~ubuntu-branches/ubuntu/wily/marionnet/wily
» Revision
1
: uml/kernel/older-versions/linux-2.6.29-ghost.patch
« back to all changes in this revision
Viewing changes to uml/kernel/older-versions/linux-2.6.29-ghost.patch
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Package Import Robot
- Author(s): Lucas Nussbaum
- Date: 2013-03-29 15:57:12 UTC
- Revision ID: package-import@ubuntu.com-20130329155712-o0b9b96w8av68ktq
Tags: upstream-0.90.6+bzr407
ImportĀ upstreamĀ versionĀ 0.90.6+bzr407
- files added:
- Makefile.d
- RPMS
- RPMS/network-scripts
- chip
- doc
- doc-src
- doc-src/img
- doc-src/img-src
- etc
- gui
- po
- po/obsolete
- scripts
- share
- share/filesystems
- share/images
- share/images/launcher-icons
- share/images/leds
- share/images/leds/hub
- share/images/leds/router
- share/images/leds/switch
- share/images/leds/world_gateway
- share/images/treeview-icons
- share/kernels
- share/palette-icons
- uml
- uml/kernel
- uml/kernel/doc
- uml/kernel/older-versions
- uml/userland
- useful-scripts
added
removed
uml/kernel/older-versions/linux-2.6.29-ghost.patch
1
diff -rNuad linux-2.6.29/include/linux/netdevice.h linux-2.6.29-ghost/include/linux/netdevice.h
2
--- linux-2.6.29/include/linux/netdevice.h 2009-03-23 23:12:14.000000000 +0000
3
+++ linux-2.6.29-ghost/include/linux/netdevice.h 2009-11-26 22:38:27.000000000 +0000
4
@@ -14,6 +14,8 @@
5
* Alan Cox, <alan@lxorguk.ukuu.org.uk>
6
* Bjorn Ekwall. <bj0rn@blox.se>
7
* Pekka Riikonen <priikone@poseidon.pspt.fi>
8
+ * Luca Saiu <positron@gnu.org> (trivial changes for
9
+ * ghostification support)
10
*
11
* This program is free software; you can redistribute it and/or
12
* modify it under the terms of the GNU General Public License
13
@@ -1896,4 +1898,12 @@
14
extern struct pernet_operations __net_initdata loopback_net_ops;
15
#endif /* __KERNEL__ */
16
17
+/*
18
+ * (ghost support) Just check whether the given name
19
+ * belongs to the ghost interface
20
+ */
21
+#ifdef CONFIG_GHOSTIFICATION
22
+int is_a_ghost_interface_name(const char *interface_name);
23
+#endif /* CONFIG_GHOSTIFICATION */
24
+
25
#endif /* _LINUX_DEV_H */
26
diff -rNuad linux-2.6.29/include/linux/sockios.h linux-2.6.29-ghost/include/linux/sockios.h
27
--- linux-2.6.29/include/linux/sockios.h 2009-03-23 23:12:14.000000000 +0000
28
+++ linux-2.6.29-ghost/include/linux/sockios.h 2009-11-26 22:38:27.000000000 +0000
29
@@ -9,6 +9,8 @@
30
*
31
* Authors: Ross Biro
32
* Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
33
+ * Luca Saiu <positron@gnu.org> (trivial changes for
34
+ * ghostification support)
35
*
36
* This program is free software; you can redistribute it and/or
37
* modify it under the terms of the GNU General Public License
38
@@ -83,6 +85,13 @@
39
40
#define SIOCWANDEV 0x894A /* get/set netdev parameters */
41
42
+/* (ghost support) ghostification's ioctl */
43
+#ifdef CONFIG_GHOSTIFICATION
44
+#define SIOKLOG 0x894D /* Write a string to the log */
45
+#define SIOCGIFGHOSTIFY 0x894E /* Make a network device 'ghost' */
46
+#define SIOCGIFUNGHOSTIFY 0x894F /* Make a network device 'ghost' */
47
+#endif /* CONFIG_GHOSTIFICATION */
48
+
49
/* ARP cache control calls. */
50
/* 0x8950 - 0x8952 * obsolete calls, don't re-use */
51
#define SIOCDARP 0x8953 /* delete ARP table entry */
52
diff -rNuad linux-2.6.29/include/net/ghostdebug.h linux-2.6.29-ghost/include/net/ghostdebug.h
53
--- linux-2.6.29/include/net/ghostdebug.h 1970-01-01 00:00:00.000000000 +0000
54
+++ linux-2.6.29-ghost/include/net/ghostdebug.h 2009-11-26 22:38:27.000000000 +0000
55
@@ -0,0 +1,93 @@
56
+/*
57
+ * Ghost support:
58
+ * Some trivials macros for display messages, trace ghost ops,
59
+ * debug and devel the ghostification kernel patch.
60
+ *
61
+ * Authors: Roudiere Jonathan, <roudiere@lipn.univ-paris13.fr>
62
+ *
63
+ * This program is free software; you can redistribute it and/or
64
+ * modify it under the terms of the GNU General Public License
65
+ * as published by the Free Software Foundation; either version
66
+ * 2 of the License, or (at your option) any later version.
67
+ */
68
+
69
+#ifndef __GHOSTDEBUG__
70
+#define __GHOSTDEBUG__
71
+
72
+#ifdef CONFIG_GHOSTIFICATION
73
+
74
+/*
75
+ * Ghost macros: there are three type of macros for three kind of
76
+ * information level :
77
+ *
78
+ * - the first one is ghost_ptk, that is a simple printk with the
79
+ * KERN_INFO log level, it is the standard type of display used
80
+ * by the ghostification kernel code to allow user to monitor
81
+ * ghost operations, if GHOSTIFICATION_PRINTK is not defined then
82
+ * user will not any information about the ghostified interfaces
83
+ * and the ghost engine (almost any infos ;-)),
84
+ *
85
+ * - ghost_debug and ghost_debugmsg are respectively used to show a
86
+ * calling card in a part of the code (function, files) and to show
87
+ * in plus informations additional (variable, etc ..), these two macros
88
+ * display messages with the level KERNEL_DEBUG,
89
+ *
90
+ * - ghost_devel and ghost_develmsg are very similar (redundant)
91
+ * in both previous ones, they are mainly used for the development
92
+ * of the patch to follow the stream of execution, activate
93
+ * GHOSTIFICATION_DEVEL has interest only for developers.
94
+ *
95
+*/
96
+
97
+/*
98
+ * Macro usable to debug during normal usage of the kernel.
99
+*/
100
+#ifdef CONFIG_GHOSTIFICATION_DEBUG
101
+#define ghost_debug \
102
+ printk(KERN_DEBUG \
103
+ "(ghost_debug): file(%s): funct(%s): line(%04d): -- info debug -- \n", \
104
+ __FILE__, __FUNCTION__, __LINE__)
105
+#define ghost_debugmsg(msg,args...) \
106
+ printk(KERN_DEBUG \
107
+ "(ghost_debug): file(%s): funct(%s): line(%04d): " msg "\n", \
108
+ __FILE__, __FUNCTION__, __LINE__, ##args)
109
+#else
110
+#define ghost_debug
111
+#define ghost_debugmsg(msg,args...)
112
+#endif
113
+
114
+/*
115
+ * A little bit redundant with the macro ghost_debug/debugmsg
116
+ * but allows a difference in the use, they are not used for the
117
+ * debugging, but to verify roads borrowed during the development.
118
+ * (note: certainly remove at next release of the patch)
119
+*/
120
+#ifdef CONFIG_GHOSTIFICATION_DEVEL
121
+#define ghost_devel \
122
+ printk(KERN_DEBUG \
123
+ "(ghost_devel): file(%s): funct(%s): line(%04d): -- info devel -- \n", \
124
+ __FILE__, __FUNCTION__, __LINE__)
125
+#define ghost_develmsg(msg,args...) \
126
+ printk(KERN_DEBUG \
127
+ "(ghost_devel): file(%s): funct(%s): line(%04d): " msg "\n", \
128
+ __FILE__, __FUNCTION__, __LINE__, ##args)
129
+#else
130
+#define ghost_devel
131
+#define ghost_develmsg(msg,args...)
132
+#endif
133
+
134
+/*
135
+ * Macro to display all message from chunk of code which has
136
+ * ghostification in charge (use macro to add debug level later).
137
+*/
138
+#ifdef CONFIG_GHOSTIFICATION_PRINTK
139
+#define ghost_ptk(msg,args...) \
140
+ printk(KERN_DEBUG \
141
+ "(ghost) " msg "\n", ##args)
142
+#else
143
+#define ghost_ptk(msg,args...)
144
+#endif
145
+
146
+#endif /* CONFIG_GHOSTIFICATION */
147
+
148
+#endif /* __GHOSTDEBUG__ */
149
diff -rNuad linux-2.6.29/kernel/softirq.c linux-2.6.29-ghost/kernel/softirq.c
150
--- linux-2.6.29/kernel/softirq.c 2009-03-23 23:12:14.000000000 +0000
151
+++ linux-2.6.29-ghost/kernel/softirq.c 2009-11-26 22:38:27.000000000 +0000
152
@@ -109,8 +109,11 @@
153
*/
154
void _local_bh_enable(void)
155
{
156
+/* (ghost support) we don't want disturbe user's console */
157
+#ifndef CONFIG_GHOSTIFICATION
158
WARN_ON_ONCE(in_irq());
159
WARN_ON_ONCE(!irqs_disabled());
160
+#endif
161
162
if (softirq_count() == SOFTIRQ_OFFSET)
163
trace_softirqs_on((unsigned long)__builtin_return_address(0));
164
@@ -121,7 +124,10 @@
165
166
static inline void _local_bh_enable_ip(unsigned long ip)
167
{
168
+/* (ghost support) we don't want disturbe user's console */
169
+#ifndef CONFIG_GHOSTIFICATION
170
WARN_ON_ONCE(in_irq() || irqs_disabled());
171
+#endif
172
#ifdef CONFIG_TRACE_IRQFLAGS
173
local_irq_disable();
174
#endif
175
diff -rNuad linux-2.6.29/net/Kconfig linux-2.6.29-ghost/net/Kconfig
176
--- linux-2.6.29/net/Kconfig 2009-03-23 23:12:14.000000000 +0000
177
+++ linux-2.6.29-ghost/net/Kconfig 2009-11-26 22:38:27.000000000 +0000
178
@@ -167,6 +167,105 @@
179
source "net/decnet/netfilter/Kconfig"
180
source "net/bridge/netfilter/Kconfig"
181
182
+config GHOSTIFICATION_NETFILTER
183
+ bool "Ghostification support to netfilter"
184
+ depends on GHOSTIFICATION && NETFILTER_ADVANCED
185
+ default y
186
+ help
187
+ Ghostification support to Netfilter. Allow to bypass all
188
+ Netfilter's hooks (INPUT, OUTPUT, FORWARD, POSTROUTING and
189
+ PREROUTING (when available)) and that for all layer or protocol:
190
+ ARP, Bridge, IPv4, IPv6 (and Decnet) or just for one protocol
191
+ or layer.
192
+ If you choose to activate the Ghostification of Netfilter then
193
+ all the network packets which come from, or go to an ghostified
194
+ interface will not get through the hooks of Netfilter; so rules
195
+ which have been created with Iptables, Ip6tables, Arptables or
196
+ Ebtables will have no effect on these packets.
197
+ Note: This option allows you to have access to the options of
198
+ configuration of the Ghostification of Netfilter but it activates
199
+ no section of code; you will thus need to select one or some
200
+ among those this below.
201
+
202
+config GHOSTIFICATION_NETFILTER_ALL
203
+ bool "Ghostification support to netfilter, skip all hooks"
204
+ depends on GHOSTIFICATION_NETFILTER
205
+ default y
206
+ help
207
+ Netfiter Ghostification support for all protocols/layers.
208
+ If you activate this option then all network packets which
209
+ come from, or go to a ghostified interface will bypass
210
+ Netfilter's hooks; thus any actions or rules which have been
211
+ created through Iptables, Ip6tables, Arptables or Ebtables
212
+ will not have any effect on this packets.
213
+
214
+config GHOSTIFICATION_NETFILTER_ARP
215
+ bool "Ghostification support to netfilter, skip ARP hooks"
216
+ depends on GHOSTIFICATION_NETFILTER && IP_NF_ARPTABLES
217
+ depends on !GHOSTIFICATION_NETFILTER_ALL
218
+ help
219
+ Netfiter ghostification support for the ARP protocol/layer.
220
+ If you activate this option then all network packets which
221
+ come from, or go to a ghostified interface will bypass Arp
222
+ hooks of Netfilter; thus the rules which have been created
223
+ with the Arptables tool will not have any effect on them.
224
+ If you activate Netfilter Ghostification for this protocol/layer
225
+ then you will lose the capability that network packets bypass
226
+ Decnet's hooks of Netfilter.
227
+ If you are unsure how to answer this question when you have
228
+ decided to use ghostification then answer N and use instead
229
+ GHOSTIFICATION_NETFILTER_ALL above.
230
+
231
+config GHOSTIFICATION_NETFILTER_BRIDGE
232
+ bool "Ghostification support to netfilter, skip Bridge hooks"
233
+ depends on GHOSTIFICATION_NETFILTER && BRIDGE_NF_EBTABLES
234
+ depends on !GHOSTIFICATION_NETFILTER_ALL
235
+ help
236
+ Netfiter ghostification support for the Bridge protocol/layer.
237
+ If you activate this option then all network packets which
238
+ come from, or go to a ghostified interface will bypass Bridge
239
+ hooks of Netfilter; thus the rules which have been created
240
+ with the Ebtables tool will not have any effect on them.
241
+ If you activate Netfilter Ghostification for this protocol/layer
242
+ then you will lose the capability that network packets bypass
243
+ Decnet's hooks of Netfilter.
244
+ If you are unsure how to answer this question when you have
245
+ decided to use ghostification then answer N and use instead
246
+ GHOSTIFICATION_NETFILTER_ALL above.
247
+
248
+config GHOSTIFICATION_NETFILTER_IPV4
249
+ bool "Ghostification support to netfilter, skip IPv4 hooks"
250
+ depends on GHOSTIFICATION_NETFILTER && !GHOSTIFICATION_NETFILTER_ALL
251
+ help
252
+ Netfiter ghostification support for the IPv4 protocol/layer.
253
+ If you activate this option then all network packets which
254
+ come from, or go to a ghostified interface will bypass IPv4
255
+ hooks of Netfilter; thus the rules which have been created
256
+ with the Iptables tool will not have any effect on them.
257
+ If you activate Netfilter Ghostification for this protocol/layer
258
+ then you will lose the capability that network packets bypass
259
+ Decnet's hooks of Netfilter.
260
+ If you are unsure how to answer this question when you have
261
+ decided to use ghostification then answer N and use instead
262
+ GHOSTIFICATION_NETFILTER_ALL above.
263
+
264
+config GHOSTIFICATION_NETFILTER_IPV6
265
+ bool "Ghostification support to netfilter, skip IPv6 hooks"
266
+ depends on GHOSTIFICATION_NETFILTER && IP6_NF_IPTABLES
267
+ depends on !GHOSTIFICATION_NETFILTER_ALL
268
+ help
269
+ Netfiter ghostification support for the IPv6 protocol/layer.
270
+ If you activate this option then all network packets which
271
+ come from, or go to a ghostified interface will bypass IPv6
272
+ hooks of Netfilter; thus the rules which have been created
273
+ with the Ip6tables tool will not have any effect on them.
274
+ If you activate Netfilter Ghostification for this protocol/layer
275
+ then you will lose the capability that network packets bypass
276
+ Decnet's hooks of Netfilter.
277
+ If you are unsure how to answer this question when you have
278
+ decided to use ghostification then answer N and use instead
279
+ GHOSTIFICATION_NETFILTER_ALL above.
280
+
281
endif
282
283
source "net/dccp/Kconfig"
284
@@ -251,4 +350,93 @@
285
source "net/rfkill/Kconfig"
286
source "net/9p/Kconfig"
287
288
+config GHOSTIFICATION
289
+ bool "Ghostification support"
290
+ depends on INET
291
+ default y
292
+ help
293
+ Ghostification support allow you to hide network interfaces
294
+ on your system. Ghostify and Unghostify are the actions which
295
+ make dynamically invisible and visible a network interface/cards
296
+ (eth0, lo, tun, ...) for the userspace.
297
+ When a network interface is ghostified, users of your system
298
+ can not see it with userspace tools like ifconfig, route, iproute,
299
+ netstat and/or have statistics about it. However even if a network
300
+ interface is ghostified it is always possible to open a socket
301
+ using the Ip address of this interface, ping this interface or
302
+ any host connected to the same network remains possible; has the
303
+ opposite, it is not possible to sniff packets on a ghostified
304
+ interface with userspace tools like tcpdump, wireshark, ...
305
+ Informations about a ghostified interface are hidden under /proc
306
+ but they can be find under /sys, it is a limit of the ghostification
307
+ patch.
308
+ For more informations about Ghostification patch and engine see
309
+ the README of the tarball that you have used or go to website of
310
+ the Marionnet project at <http://www.marionnet.org>.
311
+
312
+
313
+config GHOSTIFICATION_NUM
314
+ int "Ghostification support : max number of possible ghostified interface"
315
+ depends on GHOSTIFICATION
316
+ range 4 32
317
+ default 8
318
+ help
319
+ Here you can choose the number of network interfaces that
320
+ you will be allowed to ghostify. This number must be between
321
+ 4 and 32.
322
+
323
+config GHOSTIFICATION_MESG
324
+ bool "Ghostification messages, display, debug and devel"
325
+ depends on GHOSTIFICATION
326
+ default y
327
+ help
328
+ Ghostification messages configuration. This option allow
329
+ you to have acces to the options which configure and control
330
+ the type of messages that you want the ghostification engine
331
+ diplay (visible through syslogd).
332
+ There are three options which make more or less verbose the
333
+ ghostification engine. You can choose to not select any
334
+ options below if you want to try to hide the ghostification
335
+ operations for the users of your system.
336
+ Note: This option allows you to have access to the options
337
+ which control the number of messages and the verbosity of
338
+ the Ghostification engine but it activates no section of
339
+ code; you will thus need to select one or some among those
340
+ this below.
341
+
342
+config GHOSTIFICATION_PRINTK
343
+ bool "Ghostification, messages to monitor ghost operations"
344
+ depends on GHOSTIFICATION_MESG
345
+ default y
346
+ help
347
+ This option allow you to activate normal messsages from the
348
+ ghostification engine, those messages are display through a
349
+ simple printk (visible through syslogd), this messages allow
350
+ to have informations about the ghost operations (like "the
351
+ interface ethX has been ghostified", "unghostified", "is already
352
+ ghostified", etc ...). If you really wish to hide ghostified
353
+ interfaces and ghost operations for the users of your system
354
+ don't select this option.
355
+
356
+config GHOSTIFICATION_DEBUG
357
+ bool "Ghostification, debugging messages to monitor ghost operations"
358
+ depends on GHOSTIFICATION_MESG
359
+ help
360
+ This option increase the verbosity of the ghostification engine,
361
+ allow to get more informations in order to debug the ghost ops.
362
+ This option is in general used to verify the result of a test or
363
+ to display the datas (interface name, pid of a calling process, ...)
364
+ which are treated by the ghost engine.
365
+
366
+config GHOSTIFICATION_DEVEL
367
+ bool "Ghostification, helping messages to trace ghost operations (devel)"
368
+ depends on GHOSTIFICATION_MESG
369
+ help
370
+ This option give more informations that the option above, it is use
371
+ by developer of the ghostification patch in order to control some
372
+ paths used in the kernel code and the datas which are manipulated.
373
+ This option is a little redundant with the debug option but allow
374
+ to have a better granularity, maybe it will be remove for the next
375
+ release of the ghostification patch.
376
+
377
endif # if NET
378
diff -rNuad linux-2.6.29/net/core/dev.c linux-2.6.29-ghost/net/core/dev.c
379
--- linux-2.6.29/net/core/dev.c 2009-03-23 23:12:14.000000000 +0000
380
+++ linux-2.6.29-ghost/net/core/dev.c 2009-11-26 22:38:27.000000000 +0000
381
@@ -18,6 +18,7 @@
382
* Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
383
* Adam Sulmicki <adam@cfar.umd.edu>
384
* Pekka Riikonen <priikone@poesidon.pspt.fi>
385
+ * Luca Saiu <positron@gnu.org> (ghostification support)
386
*
387
* Changes:
388
* D.J. Barrow : Fixed bug where dev->refcnt gets set
389
@@ -70,6 +71,8 @@
390
* indefinitely on dev->refcnt
391
* J Hadi Salim : - Backlog queue sampling
392
* - netif_rx() feedback
393
+ * Roudiere Jonathan : make some buxfix in ghostification engine
394
+ * verify CAP_NET_ADMIN before (un)ghost iface
395
*/
396
397
#include <asm/uaccess.h>
398
@@ -136,6 +139,230 @@
399
#define GRO_MAX_HEAD (MAX_HEADER + 128)
400
401
/*
402
+ * (ghost support) Chunk of code which has in charge
403
+ * the ghostification of network interfaces.
404
+ */
405
+#ifdef CONFIG_GHOSTIFICATION
406
+#include <net/ghostdebug.h>
407
+
408
+/* The maximum number of ghost interfaces allowed at any given time: */
409
+#define MAX_GHOST_INTERFACES_NO CONFIG_GHOSTIFICATION_NUM
410
+
411
+/*
412
+ * A crude unsorted array of unique names, where "" stands for an
413
+ * empty slot. Elements are so few that an hash table would be overkill,
414
+ * and possibly also less efficient than this solution:
415
+ */
416
+static char ghost_interface_names[MAX_GHOST_INTERFACES_NO][IFNAMSIZ];
417
+
418
+/* A lock protecting the ghost interfaces' support structure: */
419
+/* static DEFINE_SPINLOCK(ghostification_spin_lock); */
420
+static rwlock_t ghostification_spin_lock = RW_LOCK_UNLOCKED;
421
+
422
+/* Lock disabling local interrupts and saving flags. This is for
423
+ readers/writers, which should be prevented from interfering with
424
+ other readers/writers and with readers: */
425
+#define LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \
426
+ unsigned long flags; write_lock_irqsave(&ghostification_spin_lock, flags)
427
+
428
+/* Unlock re-enabling interrupts and restoring flags. This is for
429
+ readers/writers, which should be prevented from interfering with
430
+ other readers/writers and with readers: */
431
+#define UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING \
432
+ write_unlock_irqrestore(&ghostification_spin_lock, flags)
433
+
434
+/* Lock disabling local interrupts and saving flags. This is for
435
+ readers, which are allowed to execute concurrently: */
436
+#define LOCK_GHOSTIFICATION_FOR_READING \
437
+ unsigned long flags; read_lock_irqsave(&ghostification_spin_lock, flags)
438
+
439
+/* Lock re-enabling interrupts and restoring flags. This is for
440
+ readers, which are allowed to execute concurrently: */
441
+#define UNLOCK_GHOSTIFICATION_FOR_READING \
442
+ read_unlock_irqrestore(&ghostification_spin_lock, flags)
443
+
444
+#ifdef CONFIG_IPV6
445
+/* Defined in net/ipv6/addrconf.c: */
446
+int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name);
447
+int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name);
448
+#endif /* CONFIG_IPV6 */
449
+
450
+/* Return the index of the given element (which may be "") within
451
+ ghost_interface_names, or -1 on failure. Note that this must be
452
+ executed in a critical section: */
453
+static int __lookup_ghost_interface_names(const char *interface_name)
454
+{
455
+ int i;
456
+ for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++)
457
+ if(!strcmp(interface_name, ghost_interface_names[i]))
458
+ return i; /* we found the given name in the i-th element */
459
+ return -1; /* we didn't find the given name in the array */
460
+}
461
+
462
+/* This is useful for debugging. It must be called in a critical section. */
463
+static void __dump_ghost_interfaces(void)
464
+{
465
+ int i;
466
+ int number_of_ghost_interfaces = 0;
467
+
468
+ ghost_ptk("Ghost interfaces are now: ");
469
+ for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++)
470
+ if(strcmp(ghost_interface_names[i], "")) {
471
+ number_of_ghost_interfaces++;
472
+ ghost_ptk("%i. %s", number_of_ghost_interfaces,
473
+ ghost_interface_names[i]);
474
+ }
475
+
476
+ ghost_ptk("There are now %i ghost interfaces. "
477
+ "A maximum of %i can exist at any given time.",
478
+ number_of_ghost_interfaces, MAX_GHOST_INTERFACES_NO);
479
+}
480
+
481
+/* Just check whether the given name belongs to a ghost interface.
482
+ This must be called in a critical section: */
483
+int __is_a_ghost_interface_name(const char *interface_name)
484
+{
485
+ /* Particular case: "" is *not* a ghost interface name, even
486
+ if it's in the ghost interfaces array (we use it just to mark
487
+ an empty slot): */
488
+ if(interface_name[0] == '\0')
489
+ return 0;
490
+ /* Just check whether interface_name is an element of the array: */
491
+ return __lookup_ghost_interface_names(interface_name) >= 0;
492
+}
493
+
494
+/* Just check whether the given name belongs to a ghost interface: */
495
+int is_a_ghost_interface_name(const char *interface_name)
496
+{
497
+ int result;
498
+ LOCK_GHOSTIFICATION_FOR_READING;
499
+ /* Just check whether interface_name is an element of the array: */
500
+ result = __is_a_ghost_interface_name(interface_name);
501
+ UNLOCK_GHOSTIFICATION_FOR_READING;
502
+ return result;
503
+}
504
+
505
+/* Make the given interface ghost. Return 0 on success, nonzero on
506
+ failure. Failure occours when the interface is already ghost or
507
+ does not exist: */
508
+static int ghostify_interface(char *interface_name)
509
+{
510
+ int a_free_element_index;
511
+ const size_t name_length = strlen(interface_name);
512
+ LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
513
+
514
+ /* Let's avoid buffer overflows... This could possibly be exploited: */
515
+ if((name_length >= IFNAMSIZ) || (name_length == 0))
516
+ {
517
+ ghost_ptk("The user asked to ghostify the interface %s, "
518
+ "which has a name of length %i. Failing.",
519
+ interface_name, name_length);
520
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
521
+ return -EINVAL;
522
+ }
523
+
524
+ /* Fail if the interface is already ghostified. In particular we
525
+ want *no* duplicates in the array. Note that we're already in
526
+ a critical section here, so there's no need for locking: */
527
+ if(__is_a_ghost_interface_name(interface_name))
528
+ {
529
+ ghost_ptk("Could not ghostify the interface %s, "
530
+ "because it\'s already ghost.", interface_name);
531
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
532
+ return -EEXIST; /* File exists, seems to be more appropriate */
533
+ /* return -EINVAL; */
534
+ }
535
+
536
+ /* Fail if the interface is not found. We don't want add a
537
+ no-existing interface in our array */
538
+ struct net_device *device;
539
+ device = dev_get_by_name(&init_net, interface_name);
540
+ if (device == NULL) {
541
+ ghost_ptk("Could not ghostify the interface %s which "
542
+ "doesn't exist. Try again.", interface_name);
543
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
544
+ return -ENODEV;
545
+ }
546
+
547
+ /* Look for a free spot: */
548
+ a_free_element_index = __lookup_ghost_interface_names("");
549
+ if(a_free_element_index < 0)
550
+ {
551
+ ghost_ptk("Could not ghostify the interface %s, "
552
+ "because %i interfaces are already ghostified. Sorry.",
553
+ interface_name, MAX_GHOST_INTERFACES_NO);
554
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
555
+ return -ENOMEM;
556
+ }
557
+
558
+ /* Ok, we found a free spot; just copy the interface name: */
559
+ strcpy(ghost_interface_names[a_free_element_index], interface_name);
560
+
561
+#ifdef CONFIG_IPV6
562
+ /* Hide /proc/net/dev_snmp6/DEVICE for the new ghost DEVICE: */
563
+ hide_proc_net_dev_snmp6_DEVICE_if_needed(
564
+ ghost_interface_names[a_free_element_index]);
565
+#endif /* CONFIG_IPV6 */
566
+
567
+ __dump_ghost_interfaces();
568
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
569
+ return 0;
570
+}
571
+
572
+/* Make the given interface, which should be ghost, non-ghost.
573
+ Return 0 on success, nonzero on failure. Failure occours when
574
+ the given interface is non-ghost or does not exist: */
575
+static int unghostify_interface(char *ghost_interface_name)
576
+{
577
+ int the_interface_index;
578
+ struct net_device *device;
579
+ LOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
580
+
581
+ /* Fail if the interface is not found. It is not necessary
582
+ to search in the array a no-existing interface and allow
583
+ to return a more appropriate error code to the userspace. */
584
+ device = dev_get_by_name(&init_net, ghost_interface_name);
585
+ if (device == NULL) {
586
+ ghost_ptk("Could not unghostify the interface %s "
587
+ "which doesn't exist. Try again.\n", ghost_interface_name);
588
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
589
+ return -ENODEV;
590
+ }
591
+
592
+ /* Look for the given interface: */
593
+ the_interface_index =
594
+ __lookup_ghost_interface_names(ghost_interface_name);
595
+ if(the_interface_index < 0)
596
+ {
597
+ ghost_ptk("Could not unghostify the interface %s, \
598
+ because it's non-ghost or not existing.\n",
599
+ ghost_interface_name);
600
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
601
+ return -ESRCH; /* No such device or address, seems to be more appropriate */
602
+ /* return -EINVAL; */
603
+ }
604
+
605
+ /* Ok, we found the interface: just "remove" its name from the array: */
606
+ ghost_interface_names[the_interface_index][0] = '\0';
607
+
608
+#ifdef CONFIG_IPV6
609
+ /* Show again /proc/net/dev_snmp6/DEVICE for the now non-ghost DEVICE: */
610
+ show_proc_net_dev_snmp6_DEVICE_if_needed(ghost_interface_name);
611
+#endif /* CONFIG_IPV6 */
612
+
613
+ __dump_ghost_interfaces();
614
+ UNLOCK_GHOSTIFICATION_FOR_READING_AND_WRITING;
615
+ return 0;
616
+}
617
+EXPORT_SYMBOL(is_a_ghost_interface_name);
618
+#endif /* CONFIG_GHOSTIFICATION */
619
+
620
+/*
621
+ * (ghost support) End of ghostification support
622
+ */
623
+
624
+
625
+/*
626
* The list of packet types we will receive (as opposed to discard)
627
* and the routines to invoke.
628
*
629
@@ -536,6 +763,13 @@
630
{
631
int ints[5];
632
struct ifmap map;
633
+ /* (ghost support) There are no ghost interfaces by default */
634
+#ifdef CONFIG_GHOSTIFICATION
635
+ int i;
636
+
637
+ for(i = 0; i < MAX_GHOST_INTERFACES_NO; i++)
638
+ ghost_interface_names[i][0] = '\0';
639
+#endif /* CONFIG_GHOSTIFICATION */
640
641
str = get_options(str, ARRAY_SIZE(ints), ints);
642
if (!str || !*str)
643
@@ -2851,11 +3085,20 @@
644
len = ifc.ifc_len;
645
646
/*
647
- * Loop over the interfaces, and write an info block for each.
648
+ * Loop over the interfaces, and write an info block for each,
649
+ * (ghost support) unless they are ghostified.
650
*/
651
652
total = 0;
653
for_each_netdev(net, dev) {
654
+#ifdef CONFIG_GHOSTIFICATION
655
+ /* Don't tell the user about ghost interfaces: just skip them */
656
+ if(is_a_ghost_interface_name(dev->name)) {
657
+ ghost_ptk("Skipping the ghost interface %s in SIOCGIFCONF",
658
+ dev->name);
659
+ continue;
660
+ }
661
+#endif /* CONFIG_GHOSTIFICATION */
662
for (i = 0; i < NPROTO; i++) {
663
if (gifconf_list[i]) {
664
int done;
665
@@ -2924,6 +3167,10 @@
666
{
667
const struct net_device_stats *stats = dev_get_stats(dev);
668
669
+#ifdef CONFIG_GHOSTIFICATION
670
+ /* (ghost support) don't show anything in /proc if iface is ghostified */
671
+ if(! is_a_ghost_interface_name(dev->name))
672
+#endif /* CONFIG_GHOSTIFICATION */
673
seq_printf(seq, "%6s:%8lu %7lu %4lu %4lu %4lu %5lu %10lu %9lu "
674
"%8lu %7lu %4lu %4lu %4lu %5lu %7lu %10lu\n",
675
dev->name, stats->rx_bytes, stats->rx_packets,
676
@@ -3803,6 +4050,16 @@
677
if (!dev)
678
return -ENODEV;
679
680
+#ifdef CONFIG_GHOSTIFICATION
681
+ /* (ghost support) skip if it is a ghostified interface */
682
+ if(is_a_ghost_interface_name(dev->name)) {
683
+ ghost_ptk("The user is performing a SIOCxIFxxx ioctl() "
684
+ "on the ghost interface %s, Failing.", dev->name);
685
+ ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail with -ENODEV");
686
+ return -ENODEV;
687
+ }
688
+#endif /* CONFIG_GHOSTIFICATION */
689
+
690
switch (cmd) {
691
case SIOCGIFFLAGS: /* Get interface flags */
692
ifr->ifr_flags = dev_get_flags(dev);
693
@@ -3873,6 +4130,17 @@
694
695
ops = dev->netdev_ops;
696
697
+#ifdef CONFIG_GHOSTIFICATION
698
+ /* (ghost support) skip if it is a ghostified interface */
699
+ if(is_a_ghost_interface_name(dev->name)) {
700
+ ghost_ptk("The user is performing a SIOCxIFxxx ioctl() on "
701
+ "the ghost interface %s, Failing.", dev->name);
702
+ ghost_debugmsg("we make the SIOCxIFxxx ioctl's call fail "
703
+ "with -ENODEV");
704
+ return -ENODEV;
705
+ }
706
+#endif /* CONFIG_GHOSTIFICATION */
707
+
708
switch (cmd) {
709
case SIOCSIFFLAGS: /* Set interface flags */
710
return dev_change_flags(dev, ifr->ifr_flags);
711
@@ -4015,6 +4283,57 @@
712
*/
713
714
switch (cmd) {
715
+#ifdef CONFIG_GHOSTIFICATION
716
+ /* (ghost support) catch ghostification's ioctl */
717
+ case SIOKLOG: {
718
+ char text[1000];
719
+ if(copy_from_user(text, (char __user *)arg, IFNAMSIZ + 1))
720
+ return -EFAULT;
721
+ text[IFNAMSIZ] = '\0';
722
+ printk(KERN_DEBUG "%s\n", text);
723
+ return 0;
724
+ }
725
+ /* (un)ghostification ops require superuser power */
726
+ case SIOCGIFGHOSTIFY: {
727
+ if (!capable(CAP_NET_ADMIN))
728
+ return -EPERM;
729
+ char interface_name[1000];
730
+ int failure;
731
+ if(copy_from_user(interface_name,
732
+ (char __user *)arg, IFNAMSIZ + 1))
733
+ return -EFAULT;
734
+ interface_name[IFNAMSIZ] = '\0';
735
+ ghost_ptk("The user asked to ghostify the interface %s.",
736
+ interface_name);
737
+ if((failure = ghostify_interface(interface_name)) == 0)
738
+ ghost_ptk("Ok, %s was ghostified.",
739
+ interface_name);
740
+ else
741
+ ghost_ptk("Failure in ghostification of %s.",
742
+ interface_name);
743
+ return failure;
744
+ }
745
+ case SIOCGIFUNGHOSTIFY: {
746
+ if (!capable(CAP_NET_ADMIN))
747
+ return -EPERM;
748
+ char interface_name[1000];
749
+ int failure;
750
+ if(copy_from_user(interface_name, (char __user *)arg, IFNAMSIZ + 1))
751
+ return -EFAULT;
752
+ interface_name[IFNAMSIZ] = '\0';
753
+ ghost_ptk("The user asked to unghostify the interface %s.",
754
+ interface_name);
755
+ if((failure = unghostify_interface(interface_name)) == 0)
756
+ ghost_ptk("Ok, %s was unghostified.",
757
+ interface_name);
758
+ else
759
+ ghost_ptk("Failure in unghostification of %s.",
760
+ interface_name);
761
+ return failure;
762
+ }
763
+ /* end of ghostficiation ioctl */
764
+#endif /* CONFIG_GHOSTIFICATION */
765
+
766
/*
767
* These ioctl calls:
768
* - can be done by all.
769
diff -rNuad linux-2.6.29/net/core/dev_mcast.c linux-2.6.29-ghost/net/core/dev_mcast.c
770
--- linux-2.6.29/net/core/dev_mcast.c 2009-03-23 23:12:14.000000000 +0000
771
+++ linux-2.6.29-ghost/net/core/dev_mcast.c 2009-11-26 22:38:27.000000000 +0000
772
@@ -14,6 +14,8 @@
773
* Alan Cox : IFF_ALLMULTI support.
774
* Alan Cox : New format set_multicast_list() calls.
775
* Gleb Natapov : Remove dev_mc_lock.
776
+ * Luca Saiu <positron@gnu.org>: trivial changes for
777
+ * ghostification support.
778
*
779
* This program is free software; you can redistribute it and/or
780
* modify it under the terms of the GNU General Public License
781
@@ -48,6 +50,9 @@
782
#include <net/sock.h>
783
#include <net/arp.h>
784
785
+#ifdef CONFIG_GHOSTIFICATION
786
+#include <net/ghostdebug.h>
787
+#endif /* CONFIG_GHOSTIFICATION */
788
789
/*
790
* Device multicast list maintenance.
791
@@ -167,7 +172,15 @@
792
netif_addr_lock_bh(dev);
793
for (m = dev->mc_list; m; m = m->next) {
794
int i;
795
-
796
+#ifdef CONFIG_GHOSTIFICATION
797
+ /* (ghost support) Don't show information
798
+ in /proc about ghost interfaces */
799
+ if (is_a_ghost_interface_name(dev->name)) {
800
+ ghost_ptk("Don't show any information in /proc "
801
+ "about ghostified interface");
802
+ continue;
803
+ }
804
+#endif /* CONFIG_GHOSTIFICATION */
805
seq_printf(seq, "%-4d %-15s %-5d %-5d ", dev->ifindex,
806
dev->name, m->dmi_users, m->dmi_gusers);
807
808
diff -rNuad linux-2.6.29/net/core/rtnetlink.c linux-2.6.29-ghost/net/core/rtnetlink.c
809
--- linux-2.6.29/net/core/rtnetlink.c 2009-03-23 23:12:14.000000000 +0000
810
+++ linux-2.6.29-ghost/net/core/rtnetlink.c 2009-11-26 22:38:27.000000000 +0000
811
@@ -12,8 +12,12 @@
812
* as published by the Free Software Foundation; either version
813
* 2 of the License, or (at your option) any later version.
814
*
815
- * Fixes:
816
+ * Fixes:
817
* Vitaly E. Lavrov RTA_OK arithmetics was wrong.
818
+ *
819
+ * Changes:
820
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> Some changes
821
+ * to ghost support, to allow to hide ghost net interfaces
822
*/
823
824
#include <linux/errno.h>
825
@@ -53,6 +57,11 @@
826
#include <net/fib_rules.h>
827
#include <net/rtnetlink.h>
828
829
+/* (ghost support) */
830
+#ifdef CONFIG_GHOSTIFICATION
831
+#include <net/ghostdebug.h>
832
+#endif
833
+
834
struct rtnl_link
835
{
836
rtnl_doit_func doit;
837
@@ -106,7 +115,10 @@
838
static rtnl_doit_func rtnl_get_doit(int protocol, int msgindex)
839
{
840
struct rtnl_link *tab;
841
-
842
+#ifdef CONFIG_GHOSTIFICATION
843
+ /* (ghost support) add information to devel patch */
844
+ ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex);
845
+#endif
846
tab = rtnl_msg_handlers[protocol];
847
if (tab == NULL || tab[msgindex].doit == NULL)
848
tab = rtnl_msg_handlers[PF_UNSPEC];
849
@@ -117,7 +129,10 @@
850
static rtnl_dumpit_func rtnl_get_dumpit(int protocol, int msgindex)
851
{
852
struct rtnl_link *tab;
853
-
854
+#ifdef CONFIG_GHOSTIFICATION
855
+ /* (ghost support) add information to devel patch */
856
+ ghost_develmsg("protocol = %i and msgindex %i ",protocol, msgindex);
857
+#endif
858
tab = rtnl_msg_handlers[protocol];
859
if (tab == NULL || tab[msgindex].dumpit == NULL)
860
tab = rtnl_msg_handlers[PF_UNSPEC];
861
@@ -460,6 +475,12 @@
862
{
863
struct sock *rtnl = net->rtnl;
864
int report = 0;
865
+#ifdef CONFIG_GHOSTIFICATION
866
+ /* (ghost support) add inforation to devel patch */
867
+ ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type %i "
868
+ "and nlh->nlmsg_seq = %i", pid, nlh->nlmsg_pid,
869
+ nlh->nlmsg_type, nlh->nlmsg_seq);
870
+#endif
871
872
if (nlh)
873
report = nlmsg_report(nlh);
874
@@ -616,6 +637,20 @@
875
if (nlh == NULL)
876
return -EMSGSIZE;
877
878
+#ifdef CONFIG_GHOSTIFICATION
879
+ /* (ghost support) add information to devel patch */
880
+ ghost_develmsg("pid = %i, nlh->nlmsg_pid = %i, nlh->nlmsg_type "
881
+ "= %i, seq = %i and nlh->nlmsg_seq = %i",
882
+ pid, nlh->nlmsg_pid, nlh->nlmsg_type,
883
+ seq, nlh->nlmsg_seq);
884
+ ghost_develmsg("dev->name = %s and dev->ifindex = %i",
885
+ dev->name,
886
+ dev->ifindex);
887
+ /* function whose call rtnl_fill_ifinfo has been modified, except
888
+ rtmsg_ifinfo so if it will be necessary to skip ghost iface here then
889
+ keep in your mind to test pid because if it is eq. to 0 then it is a
890
+ kernel request (else user request) and we don't want disturbe its work. */
891
+#endif
892
ifm = nlmsg_data(nlh);
893
ifm->ifi_family = AF_UNSPEC;
894
ifm->__ifi_pad = 0;
895
@@ -690,6 +725,24 @@
896
897
idx = 0;
898
for_each_netdev(net, dev) {
899
+#ifdef CONFIG_GHOSTIFICATION
900
+ /*
901
+ * (ghost support) function which encapsulates calls to
902
+ * rtnl_fill_ifinfo and which is call after rtnl_get_doit/dumpit,
903
+ * use to dump list of network interfaces (as used by "ip link")
904
+ */
905
+ ghost_develmsg("for_each_netdev, current net_device is %s",
906
+ dev->name);
907
+ ghost_develmsg("netlink cb pid = %i, cb nlh->nlmsg_type = %i, "
908
+ "cb familly/proto = %i, cb nlh->nlmsg_pid %i",
909
+ NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_type,
910
+ cb->family, cb->nlh->nlmsg_pid);
911
+ if (is_a_ghost_interface_name(dev->name)) {
912
+ ghost_ptk("Hide ghotified interface (%s) in the dump",
913
+ dev->name);
914
+ goto cont;
915
+ }
916
+#endif /* CONFIG_GHOSTIFICATION */
917
if (idx < s_idx)
918
goto cont;
919
if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
920
@@ -941,6 +994,18 @@
921
err = -ENODEV;
922
goto errout;
923
}
924
+#ifdef CONFIG_GHOSTIFICATION
925
+ /* (ghost support) Normally we should never go through it
926
+ with user-space tools (like iproute) which scan all iface first */
927
+ ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s",
928
+ nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name);
929
+ if (is_a_ghost_interface_name(dev->name)) {
930
+ ghost_ptk("Try to change state/parameters of a ghotified "
931
+ "interface (%s), skip", dev->name);
932
+ err = -ENODEV;
933
+ goto errout;
934
+ }
935
+#endif /* CONFIG_GHOSTIFICATION */
936
937
if ((err = validate_linkmsg(dev, tb)) < 0)
938
goto errout_dev;
939
@@ -979,6 +1044,17 @@
940
941
if (!dev)
942
return -ENODEV;
943
+#ifdef CONFIG_GHOSTIFICATION
944
+ /* (ghost support) Normally we should never go through it
945
+ with user-space tools (like iproute) which scan all iface first */
946
+ ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s",
947
+ nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name);
948
+ if (is_a_ghost_interface_name(dev->name)) {
949
+ ghost_ptk("Try to change dell a ghotified interface (%s), skip",
950
+ dev->name);
951
+ return -ENODEV;
952
+ }
953
+#endif /* CONFIG_GHOSTIFICATION */
954
955
ops = dev->rtnl_link_ops;
956
if (!ops)
957
@@ -1181,6 +1257,17 @@
958
dev = dev_get_by_index(net, ifm->ifi_index);
959
if (dev == NULL)
960
return -ENODEV;
961
+#ifdef CONFIG_GHOSTIFICATION
962
+ /* (ghost support) Normally we should never go through it with
963
+ user-space tools (like iproute) which scan all iface first */
964
+ ghost_develmsg("nlh->nlmsg_type = %i, nlmsg_seq = %i, nlmsg_pid = %i and dev->name = %s",
965
+ nlh->nlmsg_type, nlh->nlmsg_seq, nlh->nlmsg_pid, dev->name);
966
+ if (is_a_ghost_interface_name(dev->name)) {
967
+ ghost_ptk("Try to get infos about a ghotified interface (%s), skip",
968
+ dev->name);
969
+ return -ENODEV;
970
+ }
971
+#endif /* CONFIG_GHOSTIFICATION */
972
} else
973
return -EINVAL;
974
975
@@ -1235,6 +1322,8 @@
976
struct sk_buff *skb;
977
int err = -ENOBUFS;
978
979
+ /* (ghost support) call rtnl_fill_ifinfo so maybe it
980
+ is need here to modify, in order to skip ghost iface */
981
skb = nlmsg_new(if_nlmsg_size(dev), GFP_KERNEL);
982
if (skb == NULL)
983
goto errout;
984
@@ -1269,6 +1358,11 @@
985
int err;
986
987
type = nlh->nlmsg_type;
988
+#ifdef CONFIG_GHOSTIFICATION
989
+ ghost_develmsg("Enter, nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i and nlh->nlmsg_seq = %i ",
990
+ nlh->nlmsg_pid, nlh->nlmsg_seq, nlh->nlmsg_seq);
991
+#endif /* CONFIG_GHOSTIFICATION */
992
+
993
if (type > RTM_MAX)
994
return -EOPNOTSUPP;
995
996
@@ -1288,14 +1382,21 @@
997
if (kind != 2 && security_netlink_recv(skb, CAP_NET_ADMIN))
998
return -EPERM;
999
1000
+ /* (ghost support) kind = 2 then imply RTM_GETLINK has been used */
1001
if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
1002
struct sock *rtnl;
1003
rtnl_dumpit_func dumpit;
1004
1005
+ /* (ghost support) then rtnl_get_dumpit return pointer to the appropriate
1006
+ function for this family and this type take in rtnl_msg_handler[] */
1007
dumpit = rtnl_get_dumpit(family, type);
1008
if (dumpit == NULL)
1009
return -EOPNOTSUPP;
1010
-
1011
+#ifdef CONFIG_GHOSTIFICATION
1012
+ ghost_develmsg("Part 1: rtnl_get_dumpit(family %i, type %i) "
1013
+ "is used before call to netlink_dump_start",
1014
+ family,type);
1015
+#endif /* CONFIG_GHOSTIFICATION */
1016
__rtnl_unlock();
1017
rtnl = net->rtnl;
1018
err = netlink_dump_start(rtnl, skb, nlh, dumpit, NULL);
1019
@@ -1327,6 +1428,11 @@
1020
doit = rtnl_get_doit(family, type);
1021
if (doit == NULL)
1022
return -EOPNOTSUPP;
1023
+#ifdef CONFIG_GHOSTIFICATION
1024
+ /* (ghost support) rtnl_get_doit return pointer to the appropriate
1025
+ function for this family and this type take in rtnl_msg_handler[] */
1026
+ ghost_develmsg("Part 2: rtnl_get_doit(family %i, type %i)", family, type);
1027
+#endif /* CONFIG_GHOSTIFICATION */
1028
1029
return doit(skb, nlh, (void *)&rta_buf[0]);
1030
}
1031
@@ -1342,6 +1448,10 @@
1032
{
1033
struct net_device *dev = ptr;
1034
1035
+ /* (ghost support) if we want provide a ghost's way to modify
1036
+ the state of a ghost iface, it will be necessary to skip event
1037
+ reports involing ghost iface (actually any changes are possible
1038
+ if the iface is ghostified so there is nothing to report) */
1039
switch (event) {
1040
case NETDEV_UNREGISTER:
1041
rtmsg_ifinfo(RTM_DELLINK, dev, ~0U);
1042
diff -rNuad linux-2.6.29/net/ipv4/arp.c linux-2.6.29-ghost/net/ipv4/arp.c
1043
--- linux-2.6.29/net/ipv4/arp.c 2009-03-23 23:12:14.000000000 +0000
1044
+++ linux-2.6.29-ghost/net/ipv4/arp.c 2009-11-26 22:38:27.000000000 +0000
1045
@@ -70,6 +70,8 @@
1046
* bonding can change the skb before
1047
* sending (e.g. insert 8021q tag).
1048
* Harald Welte : convert to make use of jenkins hash
1049
+ * Luca Saiu <positron@gnu.org: trivial changes for ghostification
1050
+ * support
1051
*/
1052
1053
#include <linux/module.h>
1054
@@ -116,6 +118,11 @@
1055
struct neigh_table *clip_tbl_hook;
1056
#endif
1057
1058
+/* (ghost support) */
1059
+#ifdef CONFIG_GHOSTIFICATION
1060
+#include <net/ghostdebug.h>
1061
+#endif
1062
+
1063
#include <asm/system.h>
1064
#include <asm/uaccess.h>
1065
1066
@@ -1309,9 +1316,21 @@
1067
}
1068
#endif
1069
sprintf(tbuf, "%pI4", n->primary_key);
1070
+#ifdef CONFIG_GHOSTIFICATION
1071
+/* (ghost support) Don't show anything in /proc if it involves
1072
+ghost interfaces: */
1073
+ if (! is_a_ghost_interface_name(dev->name)) {
1074
+ ghost_debugmsg("Don't show any arp information in /proc "
1075
+ "about ghostified interfaces (1).");
1076
+ seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
1077
+ tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name);
1078
+ read_unlock(&n->lock);
1079
+ }
1080
+#else
1081
seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
1082
- tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name);
1083
+ tbuf, hatype, arp_state_to_flags(n), hbuffer, dev->name);
1084
read_unlock(&n->lock);
1085
+#endif /* CONFIG_GHOSTIFICATION */
1086
}
1087
1088
static void arp_format_pneigh_entry(struct seq_file *seq,
1089
@@ -1322,9 +1341,21 @@
1090
char tbuf[16];
1091
1092
sprintf(tbuf, "%pI4", n->key);
1093
+#ifdef CONFIG_GHOSTIFICATION
1094
+/* (ghost support) Don't show anything in /proc if it involves
1095
+ ghost interfaces */
1096
+ if (! is_a_ghost_interface_name(dev->name)) {
1097
+ ghost_debugmsg("Don't show any arp information in /proc "
1098
+ "about ghostified interfaces (2).");
1099
+ seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
1100
+ tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00",
1101
+ dev ? dev->name : "*");
1102
+ }
1103
+#else
1104
seq_printf(seq, "%-16s 0x%-10x0x%-10x%s * %s\n",
1105
- tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00",
1106
- dev ? dev->name : "*");
1107
+ tbuf, hatype, ATF_PUBL | ATF_PERM, "00:00:00:00:00:00",
1108
+ dev ? dev->name : "*");
1109
+#endif /* CONFIG_GHOSTIFICATION */
1110
}
1111
1112
static int arp_seq_show(struct seq_file *seq, void *v)
1113
diff -rNuad linux-2.6.29/net/ipv4/devinet.c linux-2.6.29-ghost/net/ipv4/devinet.c
1114
--- linux-2.6.29/net/ipv4/devinet.c 2009-03-23 23:12:14.000000000 +0000
1115
+++ linux-2.6.29-ghost/net/ipv4/devinet.c 2009-11-26 22:38:27.000000000 +0000
1116
@@ -23,6 +23,9 @@
1117
* address (4.4BSD alias style support),
1118
* fall back to comparing just the label
1119
* if no match found.
1120
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr>:
1121
+ * some changes to ghost support, skip
1122
+ * request involving a ghostified iface.
1123
*/
1124
1125
1126
@@ -62,6 +65,11 @@
1127
#include <net/rtnetlink.h>
1128
#include <net/net_namespace.h>
1129
1130
+/* (ghost support) */
1131
+#ifdef CONFIG_GHOSTIFICATION
1132
+#include <net/ghostdebug.h>
1133
+#endif
1134
+
1135
static struct ipv4_devconf ipv4_devconf = {
1136
.data = {
1137
[NET_IPV4_CONF_ACCEPT_REDIRECTS - 1] = 1,
1138
@@ -448,6 +456,16 @@
1139
err = -ENODEV;
1140
goto errout;
1141
}
1142
+#ifdef CONFIG_GHOSTIFICATION
1143
+ /* (ghost support) If it is a ghostified interface then skip */
1144
+ ghost_debugmsg("in_dev->dev->name = %s", in_dev->dev->name);
1145
+ if (is_a_ghost_interface_name(in_dev->dev->name)) {
1146
+ ghost_ptk("Try to delete address on a ghostified interface (%s), skip",
1147
+ (in_dev->dev->name));
1148
+ err = -ENODEV;
1149
+ goto errout;
1150
+ }
1151
+#endif /* CONFIG_GHOSTIFICATION */
1152
1153
__in_dev_put(in_dev);
1154
1155
@@ -497,6 +515,17 @@
1156
if (dev == NULL)
1157
goto errout;
1158
1159
+#ifdef CONFIG_GHOSTIFICATION
1160
+ /* (ghost support) If it is a ghostified interface then skip */
1161
+ ghost_debugmsg("(dev->name) = %s ", (dev->name));
1162
+ if (is_a_ghost_interface_name(dev->name)) {
1163
+ ghost_ptk("Try to change/modfy address on a ghostified interface (%s), skip",
1164
+ (dev->name));
1165
+ err = -ENODEV;
1166
+ goto errout;
1167
+ }
1168
+#endif /* CONFIG_GHOSTIFICATION */
1169
+
1170
in_dev = __in_dev_get_rtnl(dev);
1171
err = -ENOBUFS;
1172
if (in_dev == NULL)
1173
@@ -546,6 +575,12 @@
1174
1175
ASSERT_RTNL();
1176
1177
+ /* (ghost support) don't modify this funct but directly
1178
+ rtm_to_ifaddr, as for others funct, with user-levels tools
1179
+ (as iproute) we normaly never arrive here (because a dump
1180
+ all ifaces is perform before and func which make the dump
1181
+ has been modified (but we want prevent user tool request
1182
+ the ghost iface directly */
1183
ifa = rtm_to_ifaddr(net, nlh);
1184
if (IS_ERR(ifa))
1185
return PTR_ERR(ifa);
1186
@@ -1161,6 +1196,15 @@
1187
s_ip_idx = ip_idx = cb->args[1];
1188
idx = 0;
1189
for_each_netdev(net, dev) {
1190
+#ifdef CONFIG_GHOSTIFICATION /* _VERIFICATION_NEED_ */
1191
+ /* (ghost support) If it is a ghostified interface then skip */
1192
+ ghost_debugmsg("dev->name = %s", dev->name);
1193
+ if (is_a_ghost_interface_name(dev->name)) {
1194
+ ghost_ptk("Try to get address on a ghostified interface (%s), skip",
1195
+ (dev->name));
1196
+ goto cont;
1197
+ }
1198
+#endif /* CONFIG_GHOSTIFICATION */
1199
if (idx < s_idx)
1200
goto cont;
1201
if (idx > s_idx)
1202
diff -rNuad linux-2.6.29/net/ipv4/fib_frontend.c linux-2.6.29-ghost/net/ipv4/fib_frontend.c
1203
--- linux-2.6.29/net/ipv4/fib_frontend.c 2009-03-23 23:12:14.000000000 +0000
1204
+++ linux-2.6.29-ghost/net/ipv4/fib_frontend.c 2009-11-26 22:38:27.000000000 +0000
1205
@@ -6,6 +6,10 @@
1206
* IPv4 Forwarding Information Base: FIB frontend.
1207
*
1208
* Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
1209
+ * Luca Saiu <positron@gnu.org> (simple changes for ghostification
1210
+ * support).
1211
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> (some display
1212
+ * and comment for ghostification in rtnetlink functions).
1213
*
1214
* This program is free software; you can redistribute it and/or
1215
* modify it under the terms of the GNU General Public License
1216
@@ -45,6 +49,11 @@
1217
#include <net/ip_fib.h>
1218
#include <net/rtnetlink.h>
1219
1220
+/* (ghost support) */
1221
+#ifdef CONFIG_GHOSTIFICATION
1222
+#include <net/ghostdebug.h>
1223
+#endif
1224
+
1225
#ifndef CONFIG_IP_MULTIPLE_TABLES
1226
1227
static int __net_init fib4_rules_init(struct net *net)
1228
@@ -451,6 +460,11 @@
1229
* Handle IP routing ioctl calls. These are used to manipulate the routing tables
1230
*/
1231
1232
+#ifdef CONFIG_GHOSTIFICATION
1233
+/* (ghost support) A function implemented in net/core/dev.c */
1234
+int is_a_ghost_interface_name(const char *interface_name);
1235
+#endif /* CONFIG_GHOSTIFICATION */
1236
+
1237
int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg)
1238
{
1239
struct fib_config cfg;
1240
@@ -465,6 +479,22 @@
1241
1242
if (copy_from_user(&rt, arg, sizeof(rt)))
1243
return -EFAULT;
1244
+#ifdef CONFIG_GHOSTIFICATION
1245
+ /* (ghost support) Forbid any action involving a ghost interface */
1246
+ if (rt.rt_dev != (char __user*)NULL) {
1247
+ /* We need to have this name in kernel space to check
1248
+ for ghostification: */
1249
+ char interface_name[1000]; /* [IFNAMSIZ+1] is certainly sufficient */
1250
+ if(copy_from_user(interface_name, rt.rt_dev, IFNAMSIZ + 1))
1251
+ return -EFAULT;
1252
+ if(is_a_ghost_interface_name(interface_name)) {
1253
+ ghost_ptk("The user aked to add a route involving the "
1254
+ "ghost interface %s. We make this operation fail",
1255
+ interface_name);
1256
+ return -ENODEV;
1257
+ }
1258
+ }
1259
+#endif /* CONFIG_GHOSTIFICATION */
1260
1261
rtnl_lock();
1262
err = rtentry_to_fib_config(net, cmd, &rt, &cfg);
1263
@@ -473,12 +503,18 @@
1264
1265
if (cmd == SIOCDELRT) {
1266
tb = fib_get_table(net, cfg.fc_table);
1267
+ /* (ghost support) The function pointed by tb->tb_delete was
1268
+ also modified to deal with ghost interfaces. Such function
1269
+ may be either fn_hash_delete() or fn_trie_delete() */
1270
if (tb)
1271
err = tb->tb_delete(tb, &cfg);
1272
else
1273
err = -ESRCH;
1274
} else {
1275
tb = fib_new_table(net, cfg.fc_table);
1276
+ /* (ghost support) The function pointed by tb->tb_insert was
1277
+ also modified to deal with ghost interfaces. Such function
1278
+ may be either fn_hash_insert() or fn_trie_insert() */
1279
if (tb)
1280
err = tb->tb_insert(tb, &cfg);
1281
else
1282
@@ -585,6 +621,16 @@
1283
struct fib_table *tb;
1284
int err;
1285
1286
+ /*
1287
+ * (ghost support) add infos for patch devel, we don't modify
1288
+ * inet_rtm_newroute but instead functions pointed by tb->tb_delete,
1289
+ * either fn_hash_delete() (in fib_hash.c) or fn_trie_delete()
1290
+ * (in fib_trie.c)
1291
+ */
1292
+ ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i "
1293
+ "and nlh->nlmsg_type = %i", nlh->nlmsg_pid,
1294
+ nlh->nlmsg_seq, nlh->nlmsg_type);
1295
+
1296
err = rtm_to_fib_config(net, skb, nlh, &cfg);
1297
if (err < 0)
1298
goto errout;
1299
@@ -607,6 +653,16 @@
1300
struct fib_table *tb;
1301
int err;
1302
1303
+ /*
1304
+ * (ghost support) add infos for patch devel, we don't modify
1305
+ * inet_rtm_newroute but instead function pointed by tb->tb_insert,
1306
+ * either fn_hash_insert() (in fib_hash.c) or fn_trie_insert()
1307
+ * (in fib_trie.c)
1308
+ */
1309
+ ghost_develmsg(" nlh->nlmsg_pid = %i, nlh->nlmsg_seq = %i "
1310
+ "and nlh->nlmsg_type = %i", nlh->nlmsg_pid,
1311
+ nlh->nlmsg_seq, nlh->nlmsg_type);
1312
+
1313
err = rtm_to_fib_config(net, skb, nlh, &cfg);
1314
if (err < 0)
1315
goto errout;
1316
@@ -622,6 +678,12 @@
1317
return err;
1318
}
1319
1320
+/*
1321
+ * (ghost support) Fonction called through rtnetlink to dump
1322
+ * all routes, we don't change anythings here, changes have
1323
+ * been made in fib_semantics.c (in fib_dump_info which is
1324
+ * called by fib_trie and fib_hash).
1325
+ */
1326
static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
1327
{
1328
struct net *net = sock_net(skb->sk);
1329
@@ -634,7 +696,7 @@
1330
1331
if (nlmsg_len(cb->nlh) >= sizeof(struct rtmsg) &&
1332
((struct rtmsg *) nlmsg_data(cb->nlh))->rtm_flags & RTM_F_CLONED)
1333
- return ip_rt_dump(skb, cb);
1334
+ return ip_rt_dump(skb, cb); /* (ghost support) need modify this func */
1335
1336
s_h = cb->args[0];
1337
s_e = cb->args[1];
1338
@@ -659,6 +721,9 @@
1339
cb->args[1] = e;
1340
cb->args[0] = h;
1341
1342
+ /* (ghost support) Length returned can be changed by
1343
+ fib_dump_info when a route of a ghositifed iface is
1344
+ lookup (skb length may be abnormal, diff of mod(240)) */
1345
return skb->len;
1346
}
1347
1348
diff -rNuad linux-2.6.29/net/ipv4/fib_hash.c linux-2.6.29-ghost/net/ipv4/fib_hash.c
1349
--- linux-2.6.29/net/ipv4/fib_hash.c 2009-03-23 23:12:14.000000000 +0000
1350
+++ linux-2.6.29-ghost/net/ipv4/fib_hash.c 2009-11-26 22:38:27.000000000 +0000
1351
@@ -6,6 +6,11 @@
1352
* IPv4 FIB: lookup engine and maintenance routines.
1353
*
1354
* Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
1355
+ * Luca Saiu <positron@gnu.org> (simple changes for ghostification
1356
+ * support).
1357
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> (bugfixes,
1358
+ * forgetting ghost support in the function fn_hash_insert, bad
1359
+ * field check in fib_seq_show).
1360
*
1361
* This program is free software; you can redistribute it and/or
1362
* modify it under the terms of the GNU General Public License
1363
@@ -41,6 +46,11 @@
1364
#include <net/sock.h>
1365
#include <net/ip_fib.h>
1366
1367
+/* (ghost support) */
1368
+#ifdef CONFIG_GHOSTIFICATION
1369
+#include <net/ghostdebug.h>
1370
+#endif
1371
+
1372
#include "fib_lookup.h"
1373
1374
static struct kmem_cache *fn_hash_kmem __read_mostly;
1375
@@ -397,6 +407,18 @@
1376
if (IS_ERR(fi))
1377
return PTR_ERR(fi);
1378
1379
+#ifdef CONFIG_GHOSTIFICATION
1380
+ /* (ghost support) don't make any change for route involving
1381
+ ghostified interface, current funct is pointed by tb->tb_insert */
1382
+ ghost_debugmsg("interface is %s", fi->fib_dev->name);
1383
+ if(is_a_ghost_interface_name(fi->fib_dev->name)) {
1384
+ ghost_ptk("Trying to delete a route involving the "
1385
+ "ghost device %s: we make this operation fail.",
1386
+ fi->fib_dev->name);
1387
+ return -ENODEV;
1388
+ }
1389
+#endif /* CONFIG_GHOSTIFICATION */
1390
+
1391
if (fz->fz_nent > (fz->fz_divisor<<1) &&
1392
fz->fz_divisor < FZ_MAX_DIVISOR &&
1393
(cfg->fc_dst_len == 32 ||
1394
@@ -580,7 +602,17 @@
1395
fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list);
1396
list_for_each_entry_continue(fa, &f->fn_alias, fa_list) {
1397
struct fib_info *fi = fa->fa_info;
1398
-
1399
+#ifdef CONFIG_GHOSTIFICATION
1400
+ /* (ghost support) don't make any change for route involving
1401
+ ghostified interface, current funct is pointed by tb->tb_delete */
1402
+ ghost_debugmsg("interface is %s", fi->fib_dev->name);
1403
+ if(is_a_ghost_interface_name(fi->fib_dev->name)) {
1404
+ ghost_ptk("Trying to delete a route involving the "
1405
+ "ghost device %s: we make this operation fail.",
1406
+ fi->fib_dev->name);
1407
+ return -ENODEV;
1408
+ }
1409
+#endif /* CONFIG_GHOSTIFICATION */
1410
if (fa->fa_tos != cfg->fc_tos)
1411
break;
1412
1413
@@ -1022,19 +1054,39 @@
1414
prefix = f->fn_key;
1415
mask = FZ_MASK(iter->zone);
1416
flags = fib_flag_trans(fa->fa_type, mask, fi);
1417
- if (fi)
1418
+ if (fi)
1419
+ {
1420
+#ifdef CONFIG_GHOSTIFICATION
1421
+ /* (ghost support) Don't display any informations about
1422
+ ghostified interfaces under /proc/net/route, bf */
1423
+ if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name))
1424
+ {
1425
+ ghost_ptk("Don't display routes for a ghostified "
1426
+ "interface (%s) /proc/net/route",
1427
+ (const char*)fi->fib_dev->name);
1428
+ seq_printf(seq,
1429
+ "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
1430
+ fi->fib_dev ? fi->fib_dev->name : "*", prefix,
1431
+ fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority,
1432
+ mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0),
1433
+ fi->fib_window,
1434
+ fi->fib_rtt >> 3, &len);
1435
+ }
1436
+#else
1437
seq_printf(seq,
1438
- "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
1439
- fi->fib_dev ? fi->fib_dev->name : "*", prefix,
1440
- fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority,
1441
- mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0),
1442
- fi->fib_window,
1443
- fi->fib_rtt >> 3, &len);
1444
- else
1445
+ "%s\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
1446
+ fi->fib_dev ? fi->fib_dev->name : "*", prefix,
1447
+ fi->fib_nh->nh_gw, flags, 0, 0, fi->fib_priority,
1448
+ mask, (fi->fib_advmss ? fi->fib_advmss + 40 : 0),
1449
+ fi->fib_window,
1450
+ fi->fib_rtt >> 3, &len);
1451
+#endif /* CONFIG_GHOSTIFICATION */
1452
+ }
1453
+ else {
1454
seq_printf(seq,
1455
- "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
1456
- prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len);
1457
-
1458
+ "*\t%08X\t%08X\t%04X\t%d\t%u\t%d\t%08X\t%d\t%u\t%u%n",
1459
+ prefix, 0, flags, 0, 0, 0, mask, 0, 0, 0, &len);
1460
+ }
1461
seq_printf(seq, "%*s\n", 127 - len, "");
1462
out:
1463
return 0;
1464
diff -rNuad linux-2.6.29/net/ipv4/fib_semantics.c linux-2.6.29-ghost/net/ipv4/fib_semantics.c
1465
--- linux-2.6.29/net/ipv4/fib_semantics.c 2009-03-23 23:12:14.000000000 +0000
1466
+++ linux-2.6.29-ghost/net/ipv4/fib_semantics.c 2009-11-26 22:38:27.000000000 +0000
1467
@@ -11,6 +11,9 @@
1468
* modify it under the terms of the GNU General Public License
1469
* as published by the Free Software Foundation; either version
1470
* 2 of the License, or (at your option) any later version.
1471
+ * Changes:
1472
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> trivial
1473
+ * change for ghostification.
1474
*/
1475
1476
#include <asm/uaccess.h>
1477
@@ -43,6 +46,11 @@
1478
#include <net/netlink.h>
1479
#include <net/nexthop.h>
1480
1481
+/* (ghost support) */
1482
+#ifdef CONFIG_GHOSTIFICATION
1483
+#include <net/ghostdebug.h>
1484
+#endif
1485
+
1486
#include "fib_lookup.h"
1487
1488
static DEFINE_SPINLOCK(fib_info_lock);
1489
@@ -953,6 +961,23 @@
1490
if (nlh == NULL)
1491
return -EMSGSIZE;
1492
1493
+#ifdef CONFIG_GHOSTIFICATION
1494
+ /*
1495
+ * (ghost support) function call by fib_trie and fib_hash to dump route,
1496
+ * in most case we won't arrive here with usertools (like iproute), because
1497
+ * modification in rtnl_dump_ifinfo hide iface and modif here may be not really
1498
+ * proper because put abnormal length in the skb->len return by inet_dump_fib
1499
+ * (used without error..) if pid != 0 then user talks else that is the kernel;
1500
+ */
1501
+ if (pid != 0)
1502
+ if (is_a_ghost_interface_name(fi->fib_dev->name)) {
1503
+ ghost_ptk("Try to get route about ghost iface (%s), skip",
1504
+ fi->fib_dev->name);
1505
+ /* return -EMSGSIZE; don't use this because that stops evaluation */
1506
+ return nlmsg_end(skb, nlh);
1507
+ }
1508
+#endif /* CONFIG_GHOSTIFICATION */
1509
+
1510
rtm = nlmsg_data(nlh);
1511
rtm->rtm_family = AF_INET;
1512
rtm->rtm_dst_len = dst_len;
1513
diff -rNuad linux-2.6.29/net/ipv4/fib_trie.c linux-2.6.29-ghost/net/ipv4/fib_trie.c
1514
--- linux-2.6.29/net/ipv4/fib_trie.c 2009-03-23 23:12:14.000000000 +0000
1515
+++ linux-2.6.29-ghost/net/ipv4/fib_trie.c 2009-11-26 22:38:27.000000000 +0000
1516
@@ -12,6 +12,12 @@
1517
*
1518
* Hans Liss <hans.liss@its.uu.se> Uppsala Universitet
1519
*
1520
+ * Luca Saiu <positron@gnu.org> (simple changes for ghostification
1521
+ * support)
1522
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> (bugfixes,
1523
+ * forgetting ghost support in the function fn_trie_insert, bad
1524
+ * field check in fib_route_seq_show).
1525
+ *
1526
* This work is based on the LPC-trie which is originally descibed in:
1527
*
1528
* An experimental study of compression methods for dynamic tries
1529
@@ -80,6 +86,11 @@
1530
#include <net/ip_fib.h>
1531
#include "fib_lookup.h"
1532
1533
+/* (ghost support) */
1534
+#ifdef CONFIG_GHOSTIFICATION
1535
+#include <net/ghostdebug.h>
1536
+#endif
1537
+
1538
#define MAX_STAT_DEPTH 32
1539
1540
#define KEYLENGTH (8*sizeof(t_key))
1541
@@ -1195,6 +1206,18 @@
1542
goto err;
1543
}
1544
1545
+#ifdef CONFIG_GHOSTIFICATION
1546
+ /* (ghost support) don't make any change for
1547
+ route involving ghostified interface */
1548
+ ghost_debugmsg("interface is %s", fi->fib_dev->name);
1549
+ if(is_a_ghost_interface_name(fi->fib_dev->name)) {
1550
+ ghost_ptk("Trying to delete a route involving the "
1551
+ "ghost device %s: we make this operation fail.",
1552
+ fi->fib_dev->name);
1553
+ return -ENODEV;
1554
+ }
1555
+#endif /* CONFIG_GHOSTIFICATION */
1556
+
1557
l = fib_find_node(t, key);
1558
fa = NULL;
1559
1560
@@ -1623,7 +1646,17 @@
1561
fa = list_entry(fa->fa_list.prev, struct fib_alias, fa_list);
1562
list_for_each_entry_continue(fa, fa_head, fa_list) {
1563
struct fib_info *fi = fa->fa_info;
1564
-
1565
+#ifdef CONFIG_GHOSTIFICATION
1566
+ /* (ghost support) don't make any change for
1567
+ route involving ghostified interface */
1568
+ ghost_debugmsg("interface is %s", fi->fib_dev->name);
1569
+ if(is_a_ghost_interface_name(fi->fib_dev->name)) {
1570
+ ghost_ptk("Trying to delete a route involving the "
1571
+ "ghost device %s: we make this operation fail.",
1572
+ fi->fib_dev->name);
1573
+ return -ENODEV;
1574
+ }
1575
+#endif /* CONFIG_GHOSTIFICATION */
1576
if (fa->fa_tos != tos)
1577
break;
1578
1579
@@ -2583,7 +2616,28 @@
1580
|| fa->fa_type == RTN_MULTICAST)
1581
continue;
1582
1583
- if (fi)
1584
+ if (fi) {
1585
+#ifdef CONFIG_GHOSTIFICATION
1586
+ /* (ghost support) Don't display any informations about
1587
+ ghostified interfaces under /proc/net/route, bf */
1588
+ if (! is_a_ghost_interface_name((const char*)fi->fib_dev->name)) {
1589
+ ghost_ptk("Don't display routes for a ghostified "
1590
+ "interface (%s) in /proc/net/route",
1591
+ (const char*)fi->fib_dev->name);
1592
+ seq_printf(seq,
1593
+ "%s\t%08X\t%08X\t%04X\t%d\t%u\t"
1594
+ "%d\t%08X\t%d\t%u\t%u%n",
1595
+ fi->fib_dev ? fi->fib_dev->name : "*",
1596
+ prefix,
1597
+ fi->fib_nh->nh_gw, flags, 0, 0,
1598
+ fi->fib_priority,
1599
+ mask,
1600
+ (fi->fib_advmss ?
1601
+ fi->fib_advmss + 40 : 0),
1602
+ fi->fib_window,
1603
+ fi->fib_rtt >> 3, &len);
1604
+ }
1605
+#else
1606
seq_printf(seq,
1607
"%s\t%08X\t%08X\t%04X\t%d\t%u\t"
1608
"%d\t%08X\t%d\t%u\t%u%n",
1609
@@ -2596,13 +2650,14 @@
1610
fi->fib_advmss + 40 : 0),
1611
fi->fib_window,
1612
fi->fib_rtt >> 3, &len);
1613
- else
1614
+#endif /* CONFIG_GHOSTIFICATION */
1615
+ } else {
1616
seq_printf(seq,
1617
"*\t%08X\t%08X\t%04X\t%d\t%u\t"
1618
"%d\t%08X\t%d\t%u\t%u%n",
1619
prefix, 0, flags, 0, 0, 0,
1620
mask, 0, 0, 0, &len);
1621
-
1622
+ }
1623
seq_printf(seq, "%*s\n", 127 - len, "");
1624
}
1625
}
1626
diff -rNuad linux-2.6.29/net/ipv4/igmp.c linux-2.6.29-ghost/net/ipv4/igmp.c
1627
--- linux-2.6.29/net/ipv4/igmp.c 2009-03-23 23:12:14.000000000 +0000
1628
+++ linux-2.6.29-ghost/net/ipv4/igmp.c 2009-11-26 22:38:27.000000000 +0000
1629
@@ -68,6 +68,8 @@
1630
* Alexey Kuznetsov: Accordance to igmp-v2-06 draft.
1631
* David L Stevens: IGMPv3 support, with help from
1632
* Vinay Kulkarni
1633
+ * Luca Saiu <positron@gnu.org>: trivial changes for ghostification
1634
+ * support
1635
*/
1636
1637
#include <linux/module.h>
1638
@@ -105,6 +107,11 @@
1639
#include <linux/seq_file.h>
1640
#endif
1641
1642
+/* (ghost support) */
1643
+#ifdef CONFIG_GHOSTIFICATION
1644
+#include <net/ghostdebug.h>
1645
+#endif
1646
+
1647
#define IP_MAX_MEMBERSHIPS 20
1648
#define IP_MAX_MSF 10
1649
1650
@@ -2387,8 +2394,18 @@
1651
#endif
1652
1653
if (state->in_dev->mc_list == im) {
1654
+#ifdef CONFIG_GHOSTIFICATION
1655
+ /* (ghost support) Don't show any info about ghost interfaces */
1656
+ if(! is_a_ghost_interface_name(state->dev->name)) {
1657
+ ghost_debugmsg("Don't show any igmp information in /proc "
1658
+ "about ghostified interfaces (1).");
1659
+ seq_printf(seq, "%d\t%-10s: %5d %7s\n",
1660
+ state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier);
1661
+ }
1662
+#else
1663
seq_printf(seq, "%d\t%-10s: %5d %7s\n",
1664
state->dev->ifindex, state->dev->name, state->in_dev->mc_count, querier);
1665
+#endif /* CONFIG_GHOSTIFICATION */
1666
}
1667
1668
seq_printf(seq,
1669
@@ -2550,14 +2567,30 @@
1670
"Device", "MCA",
1671
"SRC", "INC", "EXC");
1672
} else {
1673
- seq_printf(seq,
1674
- "%3d %6.6s 0x%08x "
1675
- "0x%08x %6lu %6lu\n",
1676
- state->dev->ifindex, state->dev->name,
1677
- ntohl(state->im->multiaddr),
1678
- ntohl(psf->sf_inaddr),
1679
- psf->sf_count[MCAST_INCLUDE],
1680
- psf->sf_count[MCAST_EXCLUDE]);
1681
+#ifdef CONFIG_GHOSTIFICATION
1682
+ /* (ghost support) Don't show any info about ghost interfaces */
1683
+ if (! is_a_ghost_interface_name(state->dev->name)) {
1684
+ ghost_debugmsg("Don't show any igmp information in /proc "
1685
+ "about ghostified interfaces (2).");
1686
+ seq_printf(seq,
1687
+ "%3d %6.6s 0x%08x "
1688
+ "0x%08x %6lu %6lu\n",
1689
+ state->dev->ifindex, state->dev->name,
1690
+ ntohl(state->im->multiaddr),
1691
+ ntohl(psf->sf_inaddr),
1692
+ psf->sf_count[MCAST_INCLUDE],
1693
+ psf->sf_count[MCAST_EXCLUDE]);
1694
+ }
1695
+#else
1696
+ seq_printf(seq,
1697
+ "%3d %6.6s 0x%08x "
1698
+ "0x%08x %6lu %6lu\n",
1699
+ state->dev->ifindex, state->dev->name,
1700
+ ntohl(state->im->multiaddr),
1701
+ ntohl(psf->sf_inaddr),
1702
+ psf->sf_count[MCAST_INCLUDE],
1703
+ psf->sf_count[MCAST_EXCLUDE]);
1704
+#endif /* CONFIG_GHOSTIFICATION */
1705
}
1706
return 0;
1707
}
1708
diff -rNuad linux-2.6.29/net/ipv4/route.c linux-2.6.29-ghost/net/ipv4/route.c
1709
--- linux-2.6.29/net/ipv4/route.c 2009-03-23 23:12:14.000000000 +0000
1710
+++ linux-2.6.29-ghost/net/ipv4/route.c 2009-11-26 22:38:27.000000000 +0000
1711
@@ -55,6 +55,9 @@
1712
* Eric Dumazet : hashed spinlocks and rt_check_expire() fixes.
1713
* Ilia Sotnikov : Ignore TOS on PMTUD and Redirect
1714
* Ilia Sotnikov : Removed TOS from hash calculations
1715
+ * Luca Saiu <positron@gnu.org> : trivial changes for ghostification support
1716
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr> : ghost support to rtnetlink
1717
+ * function, ghost bugfix (field) in rt_cache_seq_show
1718
*
1719
* This program is free software; you can redistribute it and/or
1720
* modify it under the terms of the GNU General Public License
1721
@@ -108,6 +111,11 @@
1722
#include <linux/sysctl.h>
1723
#endif
1724
1725
+/* (ghost support) */
1726
+#ifdef CONFIG_GHOSTIFICATION
1727
+#include <net/ghostdebug.h>
1728
+#endif
1729
+
1730
#define RT_FL_TOS(oldflp) \
1731
((u32)(oldflp->fl4_tos & (IPTOS_RT_MASK | RTO_ONLINK)))
1732
1733
@@ -375,6 +383,14 @@
1734
"Metric\tSource\t\tMTU\tWindow\tIRTT\tTOS\tHHRef\t"
1735
"HHUptod\tSpecDst");
1736
else {
1737
+#ifdef CONFIG_GHOSTIFICATION
1738
+ /* (ghost support) Dont't display informations about ghost ifaces, bf */
1739
+ if(is_a_ghost_interface_name((const char*)((struct rtable*)v)->u.dst.dev->name)) {
1740
+ ghost_ptk("Don't display routing informations about ghost interface (%s)",
1741
+ ((const char*)((struct rtable*)v)->u.dst.dev->name));
1742
+ return 0;
1743
+ }
1744
+#endif /* CONFIG_GHOSTIFICATION */
1745
struct rtable *r = v;
1746
int len;
1747
1748
@@ -392,11 +408,11 @@
1749
r->fl.fl4_tos,
1750
r->u.dst.hh ? atomic_read(&r->u.dst.hh->hh_refcnt) : -1,
1751
r->u.dst.hh ? (r->u.dst.hh->hh_output ==
1752
- dev_queue_xmit) : 0,
1753
+ dev_queue_xmit) : 0,
1754
r->rt_spec_dst, &len);
1755
1756
seq_printf(seq, "%*s\n", 127 - len, "");
1757
- }
1758
+ }
1759
return 0;
1760
}
1761
1762
@@ -2812,8 +2828,13 @@
1763
r->rtm_src_len = 32;
1764
NLA_PUT_BE32(skb, RTA_SRC, rt->fl.fl4_src);
1765
}
1766
- if (rt->u.dst.dev)
1767
+ if (rt->u.dst.dev) {
1768
+#ifdef CONFIG_GHOSTIFICATION
1769
+ /* (ghost support) */
1770
+ ghost_develmsg("Net device is = %s ",rt->u.dst.dev->name);
1771
+#endif
1772
NLA_PUT_U32(skb, RTA_OIF, rt->u.dst.dev->ifindex);
1773
+ }
1774
#ifdef CONFIG_NET_CLS_ROUTE
1775
if (rt->u.dst.tclassid)
1776
NLA_PUT_U32(skb, RTA_FLOW, rt->u.dst.tclassid);
1777
@@ -2896,7 +2917,7 @@
1778
err = -ENOBUFS;
1779
goto errout;
1780
}
1781
-
1782
+
1783
/* Reserve room for dummy headers, this skb can pass
1784
through good chunk of routing engine.
1785
*/
1786
@@ -2918,6 +2939,17 @@
1787
if (dev == NULL) {
1788
err = -ENODEV;
1789
goto errout_free;
1790
+
1791
+#ifdef CONFIG_GHOSTIFICATION
1792
+ ghost_debugmsg("Net device is %s ", dev->name);
1793
+ /* (ghost support) If it is a ghostified interface then exit */
1794
+ if (is_a_ghost_interface_name(dev->name)) {
1795
+ ghost_ptk("Try to get a route involving a ghostified "
1796
+ "interface (%s), skip", dev->name);
1797
+ err = -ENODEV;
1798
+ goto errout_free;
1799
+ }
1800
+#endif /* CONFIG_GHOSTIFICATION */
1801
}
1802
1803
skb->protocol = htons(ETH_P_IP);
1804
@@ -2943,13 +2975,31 @@
1805
err = ip_route_output_key(net, &rt, &fl);
1806
}
1807
1808
- if (err)
1809
+ if (err) {
1810
goto errout_free;
1811
+ }
1812
1813
skb->rtable = rt;
1814
if (rtm->rtm_flags & RTM_F_NOTIFY)
1815
rt->rt_flags |= RTCF_NOTIFY;
1816
1817
+#ifdef CONFIG_GHOSTIFICATION
1818
+ /* (ghost support) Don't allow get ops for route
1819
+ involving a ghostified interface, unnecessary test ..(rt) */
1820
+ if (rt) {
1821
+ if (rt->u.dst.dev) {
1822
+ ghost_debugmsg("Net device is %s ",rt->u.dst.dev->name);
1823
+ if (is_a_ghost_interface_name(rt->u.dst.dev->name)) {
1824
+ ghost_ptk("Try to get a route involving a ghostified "
1825
+ "interface (%s), skip",
1826
+ rt->u.dst.dev->name);
1827
+ err = -ENETUNREACH;
1828
+ goto errout_free;
1829
+ }
1830
+ }
1831
+ }
1832
+#endif /* CONFIG_GHOSTIFICATION */
1833
+
1834
err = rt_fill_info(skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq,
1835
RTM_NEWROUTE, 0, 0);
1836
if (err <= 0)
1837
@@ -2964,6 +3014,8 @@
1838
goto errout;
1839
}
1840
1841
+/* (ghost support) maybe it will be necessary to modify
1842
+this func which is call in fib_frontend.c */
1843
int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
1844
{
1845
struct rtable *rt;
1846
diff -rNuad linux-2.6.29/net/ipv6/Kconfig linux-2.6.29-ghost/net/ipv6/Kconfig
1847
--- linux-2.6.29/net/ipv6/Kconfig 2009-03-23 23:12:14.000000000 +0000
1848
+++ linux-2.6.29-ghost/net/ipv6/Kconfig 2009-11-26 22:38:27.000000000 +0000
1849
@@ -4,8 +4,8 @@
1850
1851
# IPv6 as module will cause a CRASH if you try to unload it
1852
menuconfig IPV6
1853
- tristate "The IPv6 protocol"
1854
- default m
1855
+ bool "The IPv6 protocol"
1856
+ default y
1857
---help---
1858
This is complemental support for the IP version 6.
1859
You will still be able to do traditional IPv4 networking as well.
1860
@@ -16,6 +16,10 @@
1861
For specific information about IPv6 under Linux, read the HOWTO at
1862
<http://www.bieringer.de/linux/IPv6/>.
1863
1864
+ Ghostification notes:
1865
+ =====================
1866
+ IPV6 can not be built in module with ghost support.
1867
+
1868
To compile this protocol support as a module, choose M here: the
1869
module will be called ipv6.
1870
1871
@@ -68,7 +72,7 @@
1872
If unsure, say N.
1873
1874
config INET6_AH
1875
- tristate "IPv6: AH transformation"
1876
+ bool "IPv6: AH transformation"
1877
select XFRM
1878
select CRYPTO
1879
select CRYPTO_HMAC
1880
@@ -80,7 +84,7 @@
1881
If unsure, say Y.
1882
1883
config INET6_ESP
1884
- tristate "IPv6: ESP transformation"
1885
+ bool "IPv6: ESP transformation"
1886
select XFRM
1887
select CRYPTO
1888
select CRYPTO_AUTHENC
1889
@@ -95,7 +99,7 @@
1890
If unsure, say Y.
1891
1892
config INET6_IPCOMP
1893
- tristate "IPv6: IPComp transformation"
1894
+ bool "IPv6: IPComp transformation"
1895
select INET6_XFRM_TUNNEL
1896
select XFRM_IPCOMP
1897
---help---
1898
@@ -105,7 +109,7 @@
1899
If unsure, say Y.
1900
1901
config IPV6_MIP6
1902
- tristate "IPv6: Mobility (EXPERIMENTAL)"
1903
+ bool "IPv6: Mobility (EXPERIMENTAL)"
1904
depends on EXPERIMENTAL
1905
select XFRM
1906
---help---
1907
@@ -114,16 +118,16 @@
1908
If unsure, say N.
1909
1910
config INET6_XFRM_TUNNEL
1911
- tristate
1912
+ bool
1913
select INET6_TUNNEL
1914
default n
1915
1916
config INET6_TUNNEL
1917
- tristate
1918
+ bool
1919
default n
1920
1921
config INET6_XFRM_MODE_TRANSPORT
1922
- tristate "IPv6: IPsec transport mode"
1923
+ bool "IPv6: IPsec transport mode"
1924
default IPV6
1925
select XFRM
1926
---help---
1927
@@ -132,7 +136,7 @@
1928
If unsure, say Y.
1929
1930
config INET6_XFRM_MODE_TUNNEL
1931
- tristate "IPv6: IPsec tunnel mode"
1932
+ bool "IPv6: IPsec tunnel mode"
1933
default IPV6
1934
select XFRM
1935
---help---
1936
@@ -141,7 +145,7 @@
1937
If unsure, say Y.
1938
1939
config INET6_XFRM_MODE_BEET
1940
- tristate "IPv6: IPsec BEET mode"
1941
+ bool "IPv6: IPsec BEET mode"
1942
default IPV6
1943
select XFRM
1944
---help---
1945
@@ -150,14 +154,14 @@
1946
If unsure, say Y.
1947
1948
config INET6_XFRM_MODE_ROUTEOPTIMIZATION
1949
- tristate "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)"
1950
+ bool "IPv6: MIPv6 route optimization mode (EXPERIMENTAL)"
1951
depends on EXPERIMENTAL
1952
select XFRM
1953
---help---
1954
Support for MIPv6 route optimization mode.
1955
1956
config IPV6_SIT
1957
- tristate "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
1958
+ bool "IPv6: IPv6-in-IPv4 tunnel (SIT driver)"
1959
select INET_TUNNEL
1960
select IPV6_NDISC_NODETYPE
1961
default y
1962
@@ -174,7 +178,7 @@
1963
bool
1964
1965
config IPV6_TUNNEL
1966
- tristate "IPv6: IP-in-IPv6 tunnel (RFC2473)"
1967
+ bool "IPv6: IP-in-IPv6 tunnel (RFC2473)"
1968
select INET6_TUNNEL
1969
---help---
1970
Support for IPv6-in-IPv6 and IPv4-in-IPv6 tunnels described in
1971
diff -rNuad linux-2.6.29/net/ipv6/addrconf.c linux-2.6.29-ghost/net/ipv6/addrconf.c
1972
--- linux-2.6.29/net/ipv6/addrconf.c 2009-03-23 23:12:14.000000000 +0000
1973
+++ linux-2.6.29-ghost/net/ipv6/addrconf.c 2009-11-26 22:38:27.000000000 +0000
1974
@@ -36,6 +36,9 @@
1975
* YOSHIFUJI Hideaki @USAGI : improved source address
1976
* selection; consider scope,
1977
* status etc.
1978
+ * Luca Saiu <positron@gnu.org> : ghostification support
1979
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.frfr> : ghost
1980
+ * modify functions using (rt)netlink
1981
*/
1982
1983
#include <linux/errno.h>
1984
@@ -80,6 +83,11 @@
1985
#include <linux/random.h>
1986
#endif
1987
1988
+/* (ghost support) */
1989
+#ifdef CONFIG_GHOSTIFICATION
1990
+#include <net/ghostdebug.h>
1991
+#endif
1992
+
1993
#include <asm/uaccess.h>
1994
#include <asm/unaligned.h>
1995
1996
@@ -445,6 +453,86 @@
1997
return idev;
1998
}
1999
2000
+/*
2001
+ * (ghost support) Support to hide snmp6 proc infos.
2002
+ */
2003
+#ifdef CONFIG_GHOSTIFICATION
2004
+/* Utility procedure, needed for {show,hide}_proc_net_dev_snmp6_DEVICE_if_needed().
2005
+ Return a pointer to a valid inet6_dev structure on success, NULL on failure: */
2006
+static struct inet6_dev* lookup_snmp6_device(const char *interface_name)
2007
+{
2008
+ struct net_device *device;
2009
+ struct inet6_dev *idev;
2010
+
2011
+ /* Lookup the device by name, obtaining an inet6_dev structure: */
2012
+ device = dev_get_by_name(&init_net, interface_name);
2013
+ if(device == NULL)
2014
+ return NULL;
2015
+ rtnl_lock();
2016
+ idev = ipv6_find_idev(device);
2017
+ rtnl_unlock();
2018
+ return idev;
2019
+}
2020
+
2021
+/* These are defined in net/ipv6/proc.c: */
2022
+extern struct proc_dir_entry *proc_net_devsnmp6;
2023
+extern struct file_operations snmp6_seq_fops;
2024
+
2025
+/* Remove the virtual file /proc/net/dev_snmp6/DEVICE, unless
2026
+ it's already hidden. Return 0 on success, nonzero on error: */
2027
+int hide_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name)
2028
+{
2029
+ struct inet6_dev *idev = lookup_snmp6_device(interface_name);
2030
+ ghost_ptk("Hiding /proc/net/dev_snmp6/%s...", interface_name);
2031
+ if(idev == NULL) /* lookup failed */
2032
+ return -EINVAL;
2033
+
2034
+ /* Remove the proc/ entry, if any. If there was no entry
2035
+ then remove_proc_entry() will fail, but it's ok for us: */
2036
+#ifdef CONFIG_PROC_FS
2037
+ if (!proc_net_devsnmp6)
2038
+ return -ENOENT;
2039
+ if (idev->stats.proc_dir_entry == NULL)
2040
+ return -EINVAL;
2041
+ remove_proc_entry(interface_name, proc_net_devsnmp6);
2042
+#endif /* CONFIG_PROC_FS */
2043
+ return 0;
2044
+ //return snmp6_unregister_dev(idev);
2045
+}
2046
+
2047
+/* Create the virtual file /proc/net/dev_snmp6/DEVICE, unless
2048
+ it's already shown. Return 0 on success, nonzero on error: */
2049
+int show_proc_net_dev_snmp6_DEVICE_if_needed(const char *interface_name)
2050
+{
2051
+ struct inet6_dev *idev = lookup_snmp6_device(interface_name);
2052
+ struct proc_dir_entry *proc_directory_entry;
2053
+ ghost_ptk("Showing /proc/net/dev_snmp6/%s...",
2054
+ interface_name);
2055
+ if(idev == NULL) /* lookup failed */
2056
+ return -EINVAL;
2057
+ if(idev->dev == NULL) /* I doubt this may happen... */
2058
+ return -EINVAL;
2059
+#ifdef CONFIG_PROC_FS
2060
+ if(!proc_net_devsnmp6) /* there isn't any /proc/net/dev_snmp6 */
2061
+ return -ENOENT;
2062
+ if((proc_directory_entry = create_proc_entry(interface_name,
2063
+ S_IRUGO, proc_net_devsnmp6)) == NULL)
2064
+ return -ENOMEM;
2065
+ proc_directory_entry->data = idev;
2066
+ proc_directory_entry->proc_fops = &snmp6_seq_fops;
2067
+ idev->stats.proc_dir_entry = proc_directory_entry;
2068
+#endif /* CONFIG_PROC_FS */
2069
+ return 0;
2070
+ /* return snmp6_register_dev(idev); */
2071
+}
2072
+EXPORT_SYMBOL(show_proc_net_dev_snmp6_DEVICE_if_needed);
2073
+EXPORT_SYMBOL(hide_proc_net_dev_snmp6_DEVICE_if_needed);
2074
+#endif /* CONFIG_GHOSTIFICATION */
2075
+
2076
+/*
2077
+ * End of ghostification support
2078
+ */
2079
+
2080
#ifdef CONFIG_SYSCTL
2081
static void dev_forward_change(struct inet6_dev *idev)
2082
{
2083
@@ -2151,6 +2239,10 @@
2084
return PTR_ERR(ifp);
2085
}
2086
2087
+/*
2088
+ * (ghost support) We don't want that an address which is linked
2089
+ * to an ghostified interface can be show/add/del/modify/etc
2090
+ */
2091
static int inet6_addr_del(struct net *net, int ifindex, struct in6_addr *pfx,
2092
unsigned int plen)
2093
{
2094
@@ -2165,6 +2257,15 @@
2095
if (!dev)
2096
return -ENODEV;
2097
2098
+#ifdef CONFIG_GHOSTIFICATION
2099
+ /* (ghost support) If it is a ghostified interface then exit */
2100
+ if (is_a_ghost_interface_name(dev->name)) {
2101
+ ghost_ptk("Try to delete address on a ghostified interface (%s), skip",
2102
+ dev->name);
2103
+ return -ENODEV;
2104
+ }
2105
+#endif /* CONFIG_GHOSTIFICATION */
2106
+
2107
if ((idev = __in6_dev_get(dev)) == NULL)
2108
return -ENXIO;
2109
2110
@@ -2993,6 +3094,22 @@
2111
static int if6_seq_show(struct seq_file *seq, void *v)
2112
{
2113
struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)v;
2114
+#ifdef CONFIG_GHOSTIFICATION
2115
+ /* (ghost support) Don't show information about ghost interfaces */
2116
+ if (is_a_ghost_interface_name(ifp->idev->dev->name)) {
2117
+ ghost_ptk("Don't show informations about a ghostified "
2118
+ "interface (%s) under /proc.",
2119
+ ifp->idev->dev->name);
2120
+ } else {
2121
+ seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n",
2122
+ &ifp->addr,
2123
+ ifp->idev->dev->ifindex,
2124
+ ifp->prefix_len,
2125
+ ifp->scope,
2126
+ ifp->flags,
2127
+ ifp->idev->dev->name);
2128
+ }
2129
+#else
2130
seq_printf(seq, "%pi6 %02x %02x %02x %02x %8s\n",
2131
&ifp->addr,
2132
ifp->idev->dev->ifindex,
2133
@@ -3000,6 +3117,8 @@
2134
ifp->scope,
2135
ifp->flags,
2136
ifp->idev->dev->name);
2137
+#endif /* CONFIG_GHOSTIFICATION */
2138
+
2139
return 0;
2140
}
2141
2142
@@ -3207,6 +3326,10 @@
2143
[IFA_CACHEINFO] = { .len = sizeof(struct ifa_cacheinfo) },
2144
};
2145
2146
+/*
2147
+ * (ghost support) We don't want that an address which is linked
2148
+ * to an ghostified interface can be show/add/del/modify/etc
2149
+ */
2150
static int
2151
inet6_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2152
{
2153
@@ -3224,7 +3347,9 @@
2154
pfx = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL]);
2155
if (pfx == NULL)
2156
return -EINVAL;
2157
-
2158
+ /* (ghost support) we could/should stop here a request involving a
2159
+ ghostified interface but inet6_addr_del already do a part of our work
2160
+ (get dev etc ..) so instead we modify inet6_addr_del */
2161
return inet6_addr_del(net, ifm->ifa_index, pfx, ifm->ifa_prefixlen);
2162
}
2163
2164
@@ -3273,6 +3398,10 @@
2165
return 0;
2166
}
2167
2168
+/*
2169
+ * (ghost support) We don't want that an address which is linked
2170
+ * to an ghostified interface can be show/add/del/modify/etc
2171
+ */
2172
static int
2173
inet6_rtm_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
2174
{
2175
@@ -3310,6 +3439,15 @@
2176
if (dev == NULL)
2177
return -ENODEV;
2178
2179
+#ifdef CONFIG_GHOSTIFICATION
2180
+ /* (ghost support) If it is a ghostified interface then exit */
2181
+ if (is_a_ghost_interface_name(dev->name)) {
2182
+ ghost_ptk("Try to add a address to a ghostified interface (%s). Failing.",
2183
+ dev->name);
2184
+ return -ENODEV;
2185
+ }
2186
+#endif /* CONFIG_GHOSTIFICATION */
2187
+
2188
/* We ignore other flags so far. */
2189
ifa_flags = ifm->ifa_flags & (IFA_F_NODAD | IFA_F_HOMEADDRESS);
2190
2191
@@ -3475,6 +3613,12 @@
2192
ANYCAST_ADDR,
2193
};
2194
2195
+/*
2196
+ * (ghost support) We don't want that an address which is linked
2197
+ * to an ghostified interface can be show/add/del/modify/etc;
2198
+ * inet6_dump_addr is called by inet6_dump_{ifaddr,ifmcaddr,ifacaddr}
2199
+ * and call the appropriate inet6_fill_* function.
2200
+ */
2201
static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
2202
enum addr_type_t type)
2203
{
2204
@@ -3500,6 +3644,17 @@
2205
ip_idx = 0;
2206
if ((idev = in6_dev_get(dev)) == NULL)
2207
goto cont;
2208
+
2209
+#ifdef CONFIG_GHOSTIFICATION
2210
+ /* (ghost support) If it is a ghostified interface then exit */
2211
+ if (is_a_ghost_interface_name(dev->name)) {
2212
+ ghost_ptk("Try to get infos about addresses of a ghostified interface (%s), skip.",
2213
+ dev->name);
2214
+ goto cont;
2215
+ /* return -ENODEV; don't use it */
2216
+ }
2217
+#endif /* CONFIG_GHOSTIFICATION */
2218
+
2219
read_lock_bh(&idev->lock);
2220
switch (type) {
2221
case UNICAST_ADDR:
2222
@@ -3571,7 +3726,6 @@
2223
return inet6_dump_addr(skb, cb, type);
2224
}
2225
2226
-
2227
static int inet6_dump_ifacaddr(struct sk_buff *skb, struct netlink_callback *cb)
2228
{
2229
enum addr_type_t type = ANYCAST_ADDR;
2230
@@ -3579,6 +3733,10 @@
2231
return inet6_dump_addr(skb, cb, type);
2232
}
2233
2234
+/*
2235
+ * (ghost support) We don't want that an address which is linked
2236
+ * to an ghostified interface can be show/add/del/modify/etc
2237
+ */
2238
static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh,
2239
void *arg)
2240
{
2241
@@ -3605,6 +3763,17 @@
2242
if (ifm->ifa_index)
2243
dev = __dev_get_by_index(net, ifm->ifa_index);
2244
2245
+#ifdef CONFIG_GHOSTIFICATION
2246
+ /* (ghost support) If it is a ghostified interface then exit */
2247
+ if (dev) {
2248
+ if (is_a_ghost_interface_name(dev->name)) {
2249
+ ghost_ptk("Try to get address of a ghostified interface (%s), skip.",
2250
+ dev->name);
2251
+ return -ENODEV;
2252
+ }
2253
+ }
2254
+#endif /* CONFIG_GHOSTIFICATION */
2255
+
2256
if ((ifa = ipv6_get_ifaddr(net, addr, dev, 1)) == NULL) {
2257
err = -EADDRNOTAVAIL;
2258
goto errout;
2259
@@ -3812,6 +3981,10 @@
2260
return -EMSGSIZE;
2261
}
2262
2263
+/*
2264
+ * (ghost support) We don't want that an address which is linked
2265
+ * to an ghostified interface can be show/add/del/modify/etc
2266
+ */
2267
static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
2268
{
2269
struct net *net = sock_net(skb->sk);
2270
@@ -3823,6 +3996,14 @@
2271
read_lock(&dev_base_lock);
2272
idx = 0;
2273
for_each_netdev(net, dev) {
2274
+#ifdef CONFIG_GHOSTIFICATION
2275
+ /* (ghost support) If it is a ghostified interface then exit */
2276
+ if (is_a_ghost_interface_name(dev->name)) {
2277
+ ghost_ptk("Try to dump address infos about a ghostified interface (%s), skip.",
2278
+ dev->name);
2279
+ goto cont;
2280
+ }
2281
+#endif /* CONFIG_GHOSTIFICATION */
2282
if (idx < s_idx)
2283
goto cont;
2284
if ((idev = in6_dev_get(dev)) == NULL)
2285
@@ -3850,7 +4031,6 @@
2286
skb = nlmsg_new(inet6_if_nlmsg_size(), GFP_ATOMIC);
2287
if (skb == NULL)
2288
goto errout;
2289
-
2290
err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0);
2291
if (err < 0) {
2292
/* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */
2293
diff -rNuad linux-2.6.29/net/ipv6/ip6_fib.c linux-2.6.29-ghost/net/ipv6/ip6_fib.c
2294
--- linux-2.6.29/net/ipv6/ip6_fib.c 2009-03-23 23:12:14.000000000 +0000
2295
+++ linux-2.6.29-ghost/net/ipv6/ip6_fib.c 2009-11-26 22:38:27.000000000 +0000
2296
@@ -275,6 +275,8 @@
2297
2298
#endif
2299
2300
+/* (ghost support) iterate on net device, don't modify this function,
2301
+we can return ENODEV here, user-space tools (as ip) dump iface list before */
2302
static int fib6_dump_node(struct fib6_walker_t *w)
2303
{
2304
int res;
2305
@@ -320,7 +322,6 @@
2306
{
2307
struct fib6_walker_t *w;
2308
int res;
2309
-
2310
w = (void *)cb->args[2];
2311
w->root = &table->tb6_root;
2312
2313
diff -rNuad linux-2.6.29/net/ipv6/mcast.c linux-2.6.29-ghost/net/ipv6/mcast.c
2314
--- linux-2.6.29/net/ipv6/mcast.c 2009-11-26 20:48:39.000000000 +0000
2315
+++ linux-2.6.29-ghost/net/ipv6/mcast.c 2009-11-26 22:42:51.000000000 +0000
2316
@@ -24,6 +24,10 @@
2317
* - MLD for link-local addresses.
2318
* David L Stevens <dlstevens@us.ibm.com>:
2319
* - MLDv2 support
2320
+ * Luca Saiu <positron@gnu.org>:
2321
+ * - trivial changes for ghostification support
2322
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr>
2323
+ * - trivial changes to correct an forgetting
2324
*/
2325
2326
#include <linux/module.h>
2327
@@ -61,6 +65,11 @@
2328
2329
#include <net/ip6_checksum.h>
2330
2331
+/* (ghost support) */
2332
+#ifdef CONFIG_GHOSTIFICATION
2333
+#include <net/ghostdebug.h>
2334
+#endif
2335
+
2336
/* Set to 3 to get tracing... */
2337
#define MCAST_DEBUG 2
2338
2339
@@ -2432,6 +2441,20 @@
2340
struct ifmcaddr6 *im = (struct ifmcaddr6 *)v;
2341
struct igmp6_mc_iter_state *state = igmp6_mc_seq_private(seq);
2342
2343
+#ifdef CONFIG_GHOSTIFICATION
2344
+ /* (ghost support) Don't show information about ghost interfaces */
2345
+ if(! is_a_ghost_interface_name(state->dev->name)) {
2346
+ ghost_debugmsg("Don't show any igmp6 information in /proc "
2347
+ "about ghostified interfaces (1).");
2348
+ seq_printf(seq,
2349
+ "%-4d %-15s %pi6 %5d %08X %ld\n",
2350
+ state->dev->ifindex, state->dev->name,
2351
+ &im->mca_addr,
2352
+ im->mca_users, im->mca_flags,
2353
+ (im->mca_flags&MAF_TIMER_RUNNING) ?
2354
+ jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0);
2355
+ }
2356
+#else
2357
seq_printf(seq,
2358
"%-4d %-15s %pi6 %5d %08X %ld\n",
2359
state->dev->ifindex, state->dev->name,
2360
@@ -2439,6 +2462,7 @@
2361
im->mca_users, im->mca_flags,
2362
(im->mca_flags&MAF_TIMER_RUNNING) ?
2363
jiffies_to_clock_t(im->mca_timer.expires-jiffies) : 0);
2364
+#endif /* CONFIG_GHOSTIFICATION */
2365
return 0;
2366
}
2367
2368
@@ -2593,6 +2617,20 @@
2369
"Device", "Multicast Address",
2370
"Source Address", "INC", "EXC");
2371
} else {
2372
+#ifdef CONFIG_GHOSTIFICATION
2373
+ /* (ghost support) Don't show any info about ghost interfaces */
2374
+ if (! is_a_ghost_interface_name(state->dev->name)) {
2375
+ ghost_debugmsg("Don't show any igmp6 information in /proc"
2376
+ " about ghostified interfaces (2).");
2377
+ seq_printf(seq,
2378
+ "%3d %6.6s %pi6 %pi6 %6lu %6lu\n",
2379
+ state->dev->ifindex, state->dev->name,
2380
+ &state->im->mca_addr,
2381
+ &psf->sf_addr,
2382
+ psf->sf_count[MCAST_INCLUDE],
2383
+ psf->sf_count[MCAST_EXCLUDE]);
2384
+ }
2385
+#else
2386
seq_printf(seq,
2387
"%3d %6.6s %pi6 %pi6 %6lu %6lu\n",
2388
state->dev->ifindex, state->dev->name,
2389
@@ -2600,6 +2638,7 @@
2390
&psf->sf_addr,
2391
psf->sf_count[MCAST_INCLUDE],
2392
psf->sf_count[MCAST_EXCLUDE]);
2393
+#endif /* CONFIG_GHOSTIFICATION */
2394
}
2395
return 0;
2396
}
2397
diff -rNuad linux-2.6.29/net/ipv6/proc.c linux-2.6.29-ghost/net/ipv6/proc.c
2398
--- linux-2.6.29/net/ipv6/proc.c 2009-03-23 23:12:14.000000000 +0000
2399
+++ linux-2.6.29-ghost/net/ipv6/proc.c 2009-11-26 22:41:05.000000000 +0000
2400
@@ -9,6 +9,8 @@
2401
*
2402
* Authors: David S. Miller (davem@caip.rutgers.edu)
2403
* YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
2404
+ * Luca Saiu <positron@gnu.org> (trivial changes for
2405
+ * ghostification support)
2406
*
2407
* This program is free software; you can redistribute it and/or
2408
* modify it under the terms of the GNU General Public License
2409
@@ -29,6 +31,16 @@
2410
#include <net/transp_v6.h>
2411
#include <net/ipv6.h>
2412
2413
+/* (ghost support) */
2414
+#ifdef CONFIG_GHOSTIFICATION
2415
+#include <net/ghostdebug.h>
2416
+
2417
+/* (ghost support) We don't want this to be static, as it has to
2418
+ be read at ghostifying and unghostifying time */
2419
+struct proc_dir_entry *proc_net_devsnmp6;
2420
+EXPORT_SYMBOL(proc_net_devsnmp6);
2421
+#endif /* CONFIG_GHOSTIFICATION */
2422
+
2423
static int sockstat6_seq_show(struct seq_file *seq, void *v)
2424
{
2425
struct net *net = seq->private;
2426
@@ -194,6 +206,18 @@
2427
return single_open_net(inode, file, snmp6_seq_show);
2428
}
2429
2430
+/* (ghost support) This was originally static,
2431
+but we need to make it visible */
2432
+#ifdef CONFIG_GHOSTIFICATION
2433
+struct file_operations snmp6_seq_fops = {
2434
+ .owner = THIS_MODULE,
2435
+ .open = snmp6_seq_open,
2436
+ .read = seq_read,
2437
+ .llseek = seq_lseek,
2438
+ .release = single_release,
2439
+};
2440
+EXPORT_SYMBOL(snmp6_seq_fops);
2441
+#else
2442
static const struct file_operations snmp6_seq_fops = {
2443
.owner = THIS_MODULE,
2444
.open = snmp6_seq_open,
2445
@@ -201,6 +225,7 @@
2446
.llseek = seq_lseek,
2447
.release = single_release_net,
2448
};
2449
+#endif /* CONFIG_GHOSTIFICATION */
2450
2451
static int snmp6_dev_seq_show(struct seq_file *seq, void *v)
2452
{
2453
diff -rNuad linux-2.6.29/net/ipv6/route.c linux-2.6.29-ghost/net/ipv6/route.c
2454
--- linux-2.6.29/net/ipv6/route.c 2009-03-23 23:12:14.000000000 +0000
2455
+++ linux-2.6.29-ghost/net/ipv6/route.c 2009-11-26 22:38:27.000000000 +0000
2456
@@ -22,6 +22,10 @@
2457
* reachable. otherwise, round-robin the list.
2458
* Ville Nuorvala
2459
* Fixed routing subtrees.
2460
+ * Luca Saiu <positron@gnu.org>
2461
+ * trivial changes for ghostification support
2462
+ * Roudiere Jonathan <roudiere@lipn.univ-paris13.fr>
2463
+ * ghostification support update, modify functions using netlink
2464
*/
2465
2466
#include <linux/capability.h>
2467
@@ -60,6 +64,11 @@
2468
#include <linux/sysctl.h>
2469
#endif
2470
2471
+/* (ghost support) */
2472
+#ifdef CONFIG_GHOSTIFICATION
2473
+#include <net/ghostdebug.h>
2474
+#endif
2475
+
2476
/* Set to 3 to get tracing. */
2477
#define RT6_DEBUG 2
2478
2479
@@ -1112,10 +1121,6 @@
2480
return hoplimit;
2481
}
2482
2483
-/*
2484
- *
2485
- */
2486
-
2487
int ip6_route_add(struct fib6_config *cfg)
2488
{
2489
int err;
2490
@@ -1827,6 +1832,8 @@
2491
struct in6_rtmsg rtmsg;
2492
int err;
2493
2494
+ /* (ghost support) don't make any change, changes
2495
+ have been made later for ioctl request */
2496
switch(cmd) {
2497
case SIOCADDRT: /* Add a route */
2498
case SIOCDELRT: /* Delete a route */
2499
@@ -2130,26 +2137,84 @@
2500
return err;
2501
}
2502
2503
+/*
2504
+ * (ghost support) We don't want a route which involed a
2505
+ * ghostified interface can be show/add/del/modify/etc.
2506
+ */
2507
static int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
2508
{
2509
struct fib6_config cfg;
2510
int err;
2511
2512
- err = rtm_to_fib6_config(skb, nlh, &cfg);
2513
- if (err < 0)
2514
- return err;
2515
+#ifdef CONFIG_GHOSTIFICATION
2516
+ struct net *net = NULL;
2517
+ struct net_device *dev = NULL;
2518
+
2519
+ err = rtm_to_fib6_config(skb, nlh, &cfg);
2520
+ if (err < 0)
2521
+ return err;
2522
+
2523
+ /* (ghost support) get the net struct through sock struct */
2524
+ net = sock_net(skb->sk);
2525
+ if(!net)
2526
+ return ip6_route_del(&cfg); /* do that or exit on error ... */
2527
+ /* (ghost support) get the net_device struct through fib6_config */
2528
+ dev = dev_get_by_index(net, cfg.fc_ifindex);
2529
+ if(!dev)
2530
+ return ip6_route_del(&cfg); /* do that or exit on error ... */
2531
+ /* (ghost support) ok we know the device name so if it
2532
+ is a ghostified interface, return device not exist */
2533
+ if(is_a_ghost_interface_name(dev->name)) {
2534
+ ghost_ptk("Try to del route involving a ghostified interface (%s). Failing",
2535
+ dev->name);
2536
+ return -ENODEV;
2537
+ }
2538
+#else
2539
+ err = rtm_to_fib6_config(skb, nlh, &cfg);
2540
+ if (err < 0)
2541
+ return err;
2542
+#endif /* CONFIG_GHOSTIFICATION */
2543
2544
return ip6_route_del(&cfg);
2545
}
2546
2547
+/*
2548
+ * (ghost support) We don't want a route which involed a
2549
+ * ghostified interface can be show/add/del/modify/etc.
2550
+ */
2551
static int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
2552
{
2553
struct fib6_config cfg;
2554
int err;
2555
2556
+#ifdef CONFIG_GHOSTIFICATION
2557
+ struct net *net = NULL;
2558
+ struct net_device *dev = NULL;
2559
+
2560
err = rtm_to_fib6_config(skb, nlh, &cfg);
2561
if (err < 0)
2562
return err;
2563
+
2564
+ /* (ghost support) get the net struct through sock struct */
2565
+ net = sock_net(skb->sk);
2566
+ if(!net)
2567
+ return ip6_route_add(&cfg); /* do that or exit on error ... */
2568
+ /* (ghost support) get the net_device struct through fib6_config */
2569
+ dev = dev_get_by_index(net, cfg.fc_ifindex);
2570
+ if(!dev)
2571
+ return ip6_route_add(&cfg); /* do that or exit on error ... */
2572
+ /* (ghost support) ok we know the device name so if it is
2573
+ a ghostified interface, return device not exist */
2574
+ if(is_a_ghost_interface_name(dev->name)) {
2575
+ ghost_ptk("Try to add route involving a ghostified interface (%s). Failing.",
2576
+ dev->name);
2577
+ return -ENODEV;
2578
+ }
2579
+#else
2580
+ err = rtm_to_fib6_config(skb, nlh, &cfg);
2581
+ if (err < 0)
2582
+ return err;
2583
+#endif /* CONFIG_GHOSTIFICATION */
2584
2585
return ip6_route_add(&cfg);
2586
}
2587
@@ -2169,6 +2234,10 @@
2588
+ nla_total_size(sizeof(struct rta_cacheinfo));
2589
}
2590
2591
+/*
2592
+ * (ghost support) We don't want a route which involed a
2593
+ * ghostified interface can be show/add/del/modify/etc
2594
+ */
2595
static int rt6_fill_node(struct net *net,
2596
struct sk_buff *skb, struct rt6_info *rt,
2597
struct in6_addr *dst, struct in6_addr *src,
2598
@@ -2180,6 +2249,19 @@
2599
long expires;
2600
u32 table;
2601
2602
+#ifdef CONFIG_GHOSTIFICATION
2603
+ ghost_develmsg("rtnetlink msg type %i, pid %i and seq %i",
2604
+ type, pid, seq);
2605
+ /* (ghost support) this function is called by by rt6_dump_route, and
2606
+ inet6_rtm_get_route and inet6_rt_notify, test if it is a kernel request*/
2607
+ if (rt->rt6i_dev->name)
2608
+ if(is_a_ghost_interface_name(rt->rt6i_dev->name)) {
2609
+ ghost_ptk("Try to get/notify route infos about a "
2610
+ "ghostified interface (%s), skip.",
2611
+ rt->rt6i_dev->name);
2612
+ return 1;
2613
+ }
2614
+#endif /* CONFIG_GHOSTIFICATION */
2615
if (prefix) { /* user wants prefix routes only */
2616
if (!(rt->rt6i_flags & RTF_PREFIX_RT)) {
2617
/* success since this is not a prefix route */
2618
@@ -2287,10 +2369,26 @@
2619
return -EMSGSIZE;
2620
}
2621
2622
+/*
2623
+ * (ghost support) We don't want a route which involed a
2624
+ * ghostified interface can be show/add/del/modify/etc,
2625
+ */
2626
int rt6_dump_route(struct rt6_info *rt, void *p_arg)
2627
{
2628
struct rt6_rtnl_dump_arg *arg = (struct rt6_rtnl_dump_arg *) p_arg;
2629
int prefix;
2630
+
2631
+#ifdef CONFIG_GHOSTIFICATION
2632
+ ghost_develmsg(" rtnetlink mesg %i, pid %i and seq %i",
2633
+ arg->cb->nlh->nlmsg_type, arg->cb->nlh->nlmsg_pid, arg->cb->nlh->nlmsg_seq);
2634
+ /* if (rt->rt6i_dev)
2635
+ if(is_a_ghost_interface_name(rt->rt6i_dev->name)) {
2636
+ ghost_ptk("Try to dump route infos about a ghostified interface (%s), skip",
2637
+ rt->rt6i_dev->name);
2638
+ return -ENODEV; errro maybe come from here, modify instead
2639
+ rt6_fill_node which has multiple callers
2640
+ } */
2641
+#endif /* CONFIG_GHOSTIFICATION */
2642
2643
if (nlmsg_len(arg->cb->nlh) >= sizeof(struct rtmsg)) {
2644
struct rtmsg *rtm = nlmsg_data(arg->cb->nlh);
2645
@@ -2304,6 +2402,8 @@
2646
prefix, 0, NLM_F_MULTI);
2647
}
2648
2649
+/* (ghost support) Don't make changes here, function
2650
+rt6_fill_node has been modified instead */
2651
static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg)
2652
{
2653
struct net *net = sock_net(in_skb->sk);
2654
@@ -2448,6 +2548,17 @@
2655
{
2656
struct seq_file *m = p_arg;
2657
2658
+#ifdef CONFIG_GHOSTIFICATION
2659
+ /* (ghost support) Do nothing if this route involves a
2660
+ ghostified interface */
2661
+ if(rt->rt6i_dev != NULL) /* can't use &&: evaluation order is undefined */
2662
+ if(is_a_ghost_interface_name(rt->rt6i_dev->name)) {
2663
+ ghost_ptk("Don't show any informations under /proc/net"
2664
+ "involving a ghostified interface (%s)",
2665
+ rt->rt6i_dev->name);
2666
+ return 0;
2667
+ }
2668
+#endif /* CONFIG_GHOSTIFICATION */
2669
seq_printf(m, "%pi6 %02x ", &rt->rt6i_dst.addr, rt->rt6i_dst.plen);
2670
2671
#ifdef CONFIG_IPV6_SUBTREES
2672
diff -rNuad linux-2.6.29/net/netfilter/core.c linux-2.6.29-ghost/net/netfilter/core.c
2673
--- linux-2.6.29/net/netfilter/core.c 2009-03-23 23:12:14.000000000 +0000
2674
+++ linux-2.6.29-ghost/net/netfilter/core.c 2009-11-26 22:38:27.000000000 +0000
2675
@@ -5,6 +5,8 @@
2676
* way.
2677
*
2678
* Rusty Russell (C)2000 -- This code is GPL.
2679
+ * Little change by Jonathan Roudiere <roudiere@lipn.fr> to add
2680
+ * Ghostification support (bypass netfilter for ghost interface).
2681
*/
2682
#include <linux/kernel.h>
2683
#include <linux/netfilter.h>
2684
@@ -22,6 +24,11 @@
2685
#include <net/net_namespace.h>
2686
#include <net/sock.h>
2687
2688
+/* (ghost support) */
2689
+#ifdef CONFIG_GHOSTIFICATION
2690
+#include <net/ghostdebug.h>
2691
+#endif
2692
+
2693
#include "nf_internals.h"
2694
2695
static DEFINE_MUTEX(afinfo_mutex);
2696
@@ -59,7 +66,6 @@
2697
{
2698
struct nf_hook_ops *elem;
2699
int err;
2700
-
2701
err = mutex_lock_interruptible(&nf_hook_mutex);
2702
if (err < 0)
2703
return err;
2704
@@ -169,7 +175,158 @@
2705
rcu_read_lock();
2706
2707
elem = &nf_hooks[pf][hook];
2708
+
2709
next_hook:
2710
+ /*
2711
+ * (ghost support) Netfilter ghostification support.
2712
+ * Perform too much tests here is not a good idea because all
2713
+ * network packets pass through this section but we have
2714
+ * not other choice to skip netfilter hooks (per hook).
2715
+ */
2716
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER
2717
+ /*
2718
+ * Bypass all Netfilter hooks (for ipv4/6, arp, bridge) for any
2719
+ * ghostified interface (eq. to return NF_ACCEPT for each packet which
2720
+ * go through an interface which is ghostified (do that at hook level
2721
+ * in order to skip all chains's rules hang on the hooks))
2722
+ */
2723
+
2724
+ /* don't use ghost_debugmsg macro in this section
2725
+ because it may introduce too much delay */
2726
+ ghost_develmsg("Enter in hook (pf=%i) (hook=%i) from indev->name = "
2727
+ "%s to outdev->name = %s", pf, hook, indev->name, outdev->name);
2728
+
2729
+/* If we wish to skip all netfilter hooks for all PF */
2730
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ALL
2731
+ /*
2732
+ * outdev->name field is defined in OUTPUT, FORWARD and POSTROUTING hooks,
2733
+ * if it is a ghostified interface then we must bypass netfilter hooks
2734
+ * (and all rules chains), we start here (with outdev) to bypass netfilter's
2735
+ * hooks in the case where we are in FORWARD.
2736
+ */
2737
+ if ((outdev->name) != NULL) {
2738
+ if (!is_a_ghost_interface_name(outdev->name)) {
2739
+ ghost_develmsg("(outdev->name) = %s is not a ghostfied interface",
2740
+ (outdev->name));
2741
+ goto apply_hook;
2742
+ } else {
2743
+ ghost_develmsg("(outdev->name) = %s is a ghostfied interface",
2744
+ (outdev->name));
2745
+ ret = 1;
2746
+ goto unlock;
2747
+ }
2748
+ }
2749
+ /*
2750
+ * indev->name field is defined in PREROUTING, FORWARD and INPUT hooks,
2751
+ * if it is a ghostified interface then we must bypass netfilter hooks
2752
+ * (and all rules chains), if we are in FORWARD hook and outdev/indev->name
2753
+ * is not a ghostified interface then we can go towards hooks.
2754
+ */
2755
+ if ((indev->name) != NULL) {
2756
+ if (!is_a_ghost_interface_name(indev->name)) {
2757
+ ghost_develmsg("(indev->name) = %s is not a ghostfied interface",
2758
+ (indev->name));
2759
+ goto apply_hook;
2760
+ } else {
2761
+ ghost_develmsg("(indev->name) = %s is a ghostfied interface",
2762
+ (indev->name));
2763
+ ret = 1;
2764
+ goto unlock;
2765
+ }
2766
+ }
2767
+
2768
+/*
2769
+ * If GHOSTIFICATION_NETFILTER_ALL is not defined neither any
2770
+ * GHOSTIFICATION_NETFILTER_PF then we 'll skip all this code chunk.
2771
+ * (about performance, choose to skip netfilter just for certains PF
2772
+ * is the most bad things we can do, but ...)
2773
+ */
2774
+#elif (defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV4) || defined(CONFIG_GHOSTIFICATION_NETFILTER_IPV6) || \
2775
+ defined(CONFIG_GHOSTIFICATION_NETFILTER_ARP) || defined(CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE))
2776
+ /* Here we have the same logic as previously (in GHOSTIFICATION_NETFILTER_ALL)
2777
+ but with the ability to choose what are the PFs that we want to skip */
2778
+ if ((outdev->name) != NULL) {
2779
+ if (!is_a_ghost_interface_name(outdev->name)) {
2780
+ ghost_develmsg("(outdev->name) = %s is not a ghostfied interface",
2781
+ (outdev->name));
2782
+ goto apply_hook;
2783
+ } else {
2784
+ ghost_develmsg("(outdev->name) = %s is a ghostfied interface",
2785
+ (outdev->name));
2786
+ /* start with IPv4, IPv6 because they are the most current PF */
2787
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4
2788
+ if (pf == PF_INET) {
2789
+ ret = 1;
2790
+ goto unlock;
2791
+ }
2792
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */
2793
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6
2794
+ if (pf == PF_INET6) {
2795
+ ret = 1;
2796
+ goto unlock;
2797
+ }
2798
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */
2799
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP
2800
+ if (pf == NF_ARP) {
2801
+ ret = 1;
2802
+ goto unlock;
2803
+ }
2804
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */
2805
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE
2806
+ if (pf == PF_BRIDGE) {
2807
+ ret = 1;
2808
+ goto unlock;
2809
+ }
2810
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */
2811
+ /* We arrive here that is because we are not in a PF
2812
+ that we wish skip so we apply rules chain (for decnet) */
2813
+ goto apply_hook;
2814
+ }
2815
+ }
2816
+ if ((indev->name) != NULL) {
2817
+ if (!is_a_ghost_interface_name(indev->name)) {
2818
+ ghost_develmsg("(indev->name) = %s is not a ghostfied interface",
2819
+ (indev->name));
2820
+ goto apply_hook;
2821
+ } else {
2822
+ ghost_develmsg("(indev->name) = %s is a ghostfied interface",
2823
+ (indev->name));
2824
+ /* start with IPv4, IPv6 because they are the most current PF */
2825
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV4
2826
+ if (pf == PF_INET) {
2827
+ ret = 1;
2828
+ goto unlock;
2829
+ }
2830
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV4 */
2831
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_IPV6
2832
+ if (pf == PF_INET6) {
2833
+ ret = 1;
2834
+ goto unlock;
2835
+ }
2836
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_IPV6 */
2837
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_ARP
2838
+ if (pf == NF_ARP) {
2839
+ ret = 1;
2840
+ goto unlock;
2841
+ }
2842
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_ARP */
2843
+#ifdef CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE
2844
+ if (pf == PF_BRIDGE) {
2845
+ ret = 1;
2846
+ goto unlock;
2847
+ }
2848
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER_BRIDGE */
2849
+ /* We arrive here that is because we are not in a PF
2850
+ that we wish skip so we apply rules chain (for decnet) */
2851
+ goto apply_hook;
2852
+ }
2853
+ }
2854
+
2855
+#endif /* CONFIG_GHOSTIFICATION_ALL */
2856
+apply_hook:
2857
+#endif /* CONFIG_GHOSTIFICATION_NETFILTER */
2858
+/* (ghost support) End of ghostification support */
2859
+
2860
verdict = nf_iterate(&nf_hooks[pf][hook], skb, hook, indev,
2861
outdev, &elem, okfn, hook_thresh);
2862
if (verdict == NF_ACCEPT || verdict == NF_STOP) {
2863
diff -rNuad linux-2.6.29/net/packet/af_packet.c linux-2.6.29-ghost/net/packet/af_packet.c
2864
--- linux-2.6.29/net/packet/af_packet.c 2009-03-23 23:12:14.000000000 +0000
2865
+++ linux-2.6.29-ghost/net/packet/af_packet.c 2009-11-26 22:38:27.000000000 +0000
2866
@@ -39,6 +39,7 @@
2867
* will simply extend the hardware address
2868
* byte arrays at the end of sockaddr_ll
2869
* and packet_mreq.
2870
+ * Luca Saiu <positron@gnu.org> : Trivial changes for ghostification
2871
*
2872
* This program is free software; you can redistribute it and/or
2873
* modify it under the terms of the GNU General Public License
2874
@@ -83,6 +84,11 @@
2875
#include <net/inet_common.h>
2876
#endif
2877
2878
+/* (ghost support) */
2879
+#ifdef CONFIG_GHOSTIFICATION
2880
+#include <net/ghostdebug.h>
2881
+#endif
2882
+
2883
/*
2884
Assumptions:
2885
- if device has no dev->hard_header routine, it adds and removes ll header
2886
@@ -489,6 +495,18 @@
2887
if (skb->pkt_type == PACKET_LOOPBACK)
2888
goto drop;
2889
2890
+#ifdef CONFIG_GHOSTIFICATION
2891
+ /*
2892
+ * (ghost support) Drop packets involving ghost interfaces:
2893
+ * we don't want the user to be able to sniff them
2894
+ */
2895
+ if(is_a_ghost_interface_name(orig_dev->name) ||
2896
+ is_a_ghost_interface_name(dev->name)) {
2897
+ ghost_debugmsg("Drop a packet which is going through a ghostified interface (rcv)");
2898
+ goto drop;
2899
+ }
2900
+#endif /* CONFIG_GHOSTIFICATION */
2901
+
2902
sk = pt->af_packet_priv;
2903
po = pkt_sk(sk);
2904
2905
@@ -611,6 +629,18 @@
2906
if (skb->pkt_type == PACKET_LOOPBACK)
2907
goto drop;
2908
2909
+#ifdef CONFIG_GHOSTIFICATION
2910
+ /*
2911
+ * (ghost support) Drop packets involving ghost interfaces:
2912
+ * we don't want the user to be able to sniff them.
2913
+ */
2914
+ if(is_a_ghost_interface_name(orig_dev->name) ||
2915
+ is_a_ghost_interface_name(dev->name)) {
2916
+ ghost_debugmsg("Drop a packet which is going through a ghostified interface (trcv)");
2917
+ goto drop;
2918
+ }
2919
+#endif /* CONFIG_GHOSTIFICATION */
2920
+
2921
sk = pt->af_packet_priv;
2922
po = pkt_sk(sk);
2923
2924
@@ -2049,17 +2079,38 @@
2925
struct sock *s = v;
2926
const struct packet_sock *po = pkt_sk(s);
2927
2928
+#ifdef CONFIG_GHOSTIFICATION
2929
+ /*
2930
+ * (ghost support) Don't show packets involving ghost devices
2931
+ */
2932
+ struct net_device *net_device = dev_get_by_index(sock_net(s), po->ifindex);
2933
+ if(! is_a_ghost_interface_name(net_device->name)) {
2934
+ ghost_debugmsg("Don't show packets involving ghostified interface");
2935
+ seq_printf(seq,
2936
+ "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
2937
+ s,
2938
+ atomic_read(&s->sk_refcnt),
2939
+ s->sk_type,
2940
+ ntohs(po->num),
2941
+ po->ifindex,
2942
+ po->running,
2943
+ atomic_read(&s->sk_rmem_alloc),
2944
+ sock_i_uid(s),
2945
+ sock_i_ino(s) );
2946
+ }
2947
+#else
2948
seq_printf(seq,
2949
- "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
2950
- s,
2951
- atomic_read(&s->sk_refcnt),
2952
- s->sk_type,
2953
- ntohs(po->num),
2954
- po->ifindex,
2955
- po->running,
2956
- atomic_read(&s->sk_rmem_alloc),
2957
- sock_i_uid(s),
2958
- sock_i_ino(s) );
2959
+ "%p %-6d %-4d %04x %-5d %1d %-6u %-6u %-6lu\n",
2960
+ s,
2961
+ atomic_read(&s->sk_refcnt),
2962
+ s->sk_type,
2963
+ ntohs(po->num),
2964
+ po->ifindex,
2965
+ po->running,
2966
+ atomic_read(&s->sk_rmem_alloc),
2967
+ sock_i_uid(s),
2968
+ sock_i_ino(s) );
2969
+#endif /* CONFIG_GHOSTIFICATION */
2970
}
2971
2972
return 0;
Loggerhead is a web-based interface for Breezy
Version: 2.0.1