linux-toradex.git/net/netfilter, branch tegra Linux kernel for Apalis and Colibri modules netfilter: xt_qtaguid: fix crash on ctrl delete command 2011-12-01T05:39:11+00:00 JP Abgrall jpa@google.com 2011-10-08T05:14:24+00:00 5fb93e95b274512800176790a68f07b49b198fdc Because for now the xt_qtaguid module allows procs to use tags without having /dev/xt_qtaguid open, there was a case where it would try to delete a resources from a list that was proc specific. But that resource was never added to that list which is only used when /dev/xt_qtaguid has been opened by the proc. Once our userspace is fully updated, we won't need those exceptions. Change-Id: Idd4bfea926627190c74645142916e10832eb2504 Signed-off-by: JP Abgrall <jpa@google.com> 
Because for now the xt_qtaguid module allows procs to use tags without
having /dev/xt_qtaguid open, there was a case where it would try
to delete a resources from a list that was proc specific.
But that resource was never added to that list which is only
used when /dev/xt_qtaguid has been opened by the proc.

Once our userspace is fully updated, we won't need those exceptions.

Change-Id: Idd4bfea926627190c74645142916e10832eb2504
Signed-off-by: JP Abgrall <jpa@google.com>
netfilter: xt_qtaguid: Fix the stats info display order 2011-12-01T05:39:11+00:00 Ashish Sharma ashishsharma@google.com 2011-10-04T20:11:47+00:00 7098e8e32c2dfcfc1b8e00a62d3fbbe13e00b214 Change-Id: I3bf165c31f35a6c7dc212f23df5eefaeb8129d0d Signed-off-by: Ashish Sharma <ashishsharma@google.com> 
Change-Id: I3bf165c31f35a6c7dc212f23df5eefaeb8129d0d
Signed-off-by: Ashish Sharma <ashishsharma@google.com>
netfilter: xt_qtaguid: add missing tracking for no filp case 2011-12-01T05:39:09+00:00 JP Abgrall jpa@google.com 2011-09-29T23:29:53+00:00 a5132334a6b7258e70808acd2401d1f0efa6e33a In cases where the skb would have an sk_socket but no file, that skb would not be counted at all. Assigning to uid 0 now. Adding extra counters to track skb counts. Change-Id: If049b4b525e1fbd5afc9c72b4a174c0a435f2ca7 Signed-off-by: JP Abgrall <jpa@google.com> 
In cases where the skb would have an sk_socket but no file, that skb
would not be counted at all. Assigning to uid 0 now.

Adding extra counters to track skb counts.

Change-Id: If049b4b525e1fbd5afc9c72b4a174c0a435f2ca7
Signed-off-by: JP Abgrall <jpa@google.com>
netfilter: xt_qtaguid: fix crash after using delete ctrl command 2011-12-01T05:39:08+00:00 JP Abgrall jpa@google.com 2011-09-26T02:24:02+00:00 64d8eb004f4179c4d97cd4f6293d135a32d4cc05 * Crash fix The delete command would delete a socket tag entry without removing it from the proc_qtu_data { ..., sock_tag_list, }. This in turn would cause an exiting process to crash while cleaning up its matching proc_qtu_data. * Added more aggressive tracking/cleanup of proc_qtu_data This should allow one process to cleanup qtu_tag_data{} left around from processes that didn't use resource tracking via /dev/xt_qtaguid. * Debug printing tweaks Better code inclusion/exclusion handling, and extra debug out of full state. Change-Id: I735965af2962ffcd7f3021cdc0068b3ab21245c2 Signed-off-by: JP Abgrall <jpa@google.com> 
* Crash fix
The delete command would delete a socket tag entry without removing it
from the proc_qtu_data { ..., sock_tag_list, }.
This in turn would cause an exiting process to crash while cleaning up
its matching proc_qtu_data.

* Added more aggressive tracking/cleanup of proc_qtu_data
This should allow one process to cleanup qtu_tag_data{} left around from
processes that didn't use resource tracking via /dev/xt_qtaguid.

* Debug printing tweaks
Better code inclusion/exclusion handling,
and extra debug out of full state.

Change-Id: I735965af2962ffcd7f3021cdc0068b3ab21245c2
Signed-off-by: JP Abgrall <jpa@google.com>
netfilter: xt_qtaguid: change WARN_ONCE into pr_warn_once 2011-12-01T05:39:07+00:00 JP Abgrall jpa@google.com 2011-09-20T21:23:39+00:00 13a64b2007ea68795d06d869f55d4087b9acf0d6 Make the warning less scary. Change-Id: I0276c5413e37ec991f24db57aeb90333fb1b5a65 Signed-off-by: JP Abgrall <jpa@google.com> 
Make the warning less scary.

Change-Id: I0276c5413e37ec991f24db57aeb90333fb1b5a65
Signed-off-by: JP Abgrall <jpa@google.com>
netfilter: xt_qtaguid: provide an iface_stat_all proc entry 2011-12-01T05:39:07+00:00 JP Abgrall jpa@google.com 2011-09-20T05:54:51+00:00 21aefc18f6de2ca9675e568cb32174b454d01b8e There is a /proc/net/xt_qtaguid/iface/<iface>/{rx_bytes,rx_packets,tx_bytes,...} but for better convenience and to avoid getting overly stale net/dev stats we now have /proc/net/xt_qtaguid/iface_stat_all which outputs lines of: iface_name active rx_bytes rx_packets tx_bytes tx_packets net_dev_rx_bytes net_dev_rx_packets net_dev_tx_bytes net_dev_tx_packets Change-Id: I12cc10d2d123b86b56d4eb489b1d77b2ce72ebcf Signed-off-by: JP Abgrall <jpa@google.com> 
There is a
  /proc/net/xt_qtaguid/iface/<iface>/{rx_bytes,rx_packets,tx_bytes,...}
but for better convenience and to avoid getting overly stale net/dev stats
we now have
  /proc/net/xt_qtaguid/iface_stat_all
which outputs lines of:
  iface_name active rx_bytes rx_packets tx_bytes tx_packets
    net_dev_rx_bytes net_dev_rx_packets net_dev_tx_bytes net_dev_tx_packets

Change-Id: I12cc10d2d123b86b56d4eb489b1d77b2ce72ebcf
Signed-off-by: JP Abgrall <jpa@google.com>
netfilter: xt_qtaguid: work around devices that reset their stats 2011-12-01T05:39:06+00:00 JP Abgrall jpa@google.com 2011-09-15T07:56:20+00:00 edbd09a6f47f62a4a58730b56d6fc4c2d460b68f Most net devs will not reset their stats when just going down/up, unless a NETDEV_UNREGISTER was notified. But some devs will not send out a NETDEV_UNREGISTER but still reset their stats just before a NETDEV_UP. Now we just track the dev stats during NETDEV_DOWN... just in case. Then on NETDEV_UP we check the stats: if the device didn't do a NETDEV_UNREGISTER and a prior NETDEV_DOWN captured stats, then we treat it as an UNREGISTER and save the totals from the stashed values. Added extra netdev event debugging. Change-Id: Iec79e74bfd40269aa3e5892f161be71e09de6946 Signed-off-by: JP Abgrall <jpa@google.com> 
Most net devs will not reset their stats when just going down/up,
unless a NETDEV_UNREGISTER was notified.
But some devs will not send out a NETDEV_UNREGISTER but still
reset their stats just before a NETDEV_UP.
Now we just track the dev stats during NETDEV_DOWN... just in case.
Then on NETDEV_UP we check the stats: if the device didn't do a
NETDEV_UNREGISTER and a prior NETDEV_DOWN captured stats, then we treat
it as an UNREGISTER and save the totals from the stashed values.

Added extra netdev event debugging.

Change-Id: Iec79e74bfd40269aa3e5892f161be71e09de6946
Signed-off-by: JP Abgrall <jpa@google.com>
netfilter: xt_qtaguid: warn only once for missing proc qtaguid data 2011-12-01T05:39:04+00:00 JP Abgrall jpa@google.com 2011-09-11T19:13:41+00:00 4aea0ba0dcf7b6386b078c2ba992f5bfb74ab20b When a process doesn't have /dev/xt_qtaguid open, only warn once instead of for every ctrl access. Change-Id: I98a462a8731254ddc3bf6d2fefeef9823659b1f0 Signed-off-by: JP Abgrall <jpa@google.com> 
When a process doesn't have /dev/xt_qtaguid open, only warn once
instead of for every ctrl access.

Change-Id: I98a462a8731254ddc3bf6d2fefeef9823659b1f0
Signed-off-by: JP Abgrall <jpa@google.com>
netfilter: xt_qtaguid: 1st pass at tracking tag based data resources 2011-12-01T05:39:04+00:00 JP Abgrall jpa@google.com 2011-09-09T08:55:24+00:00 76a22ac439a4048bc6bd012253572bb571cc66d9 * Added global resource tracking based on tags. - Can be put into passive mode via /sys/modules/xt_qtaguid/params/tag_tracking_passive - The number of socket tags per UID is now limited - Adding /dev/xt_qtaguid that each process should open before starting to tag sockets. A later change will make it a "must". - A process should not create new tags unless it has the dev open. A later change will make it a must. - On qtaguid_resources release, the process' matching socket tag info is deleted. * Support run-time debug mask via /sys/modules parameter "debug_mask". * split module into prettyprinting code, includes, main. * Removed ptrdiff_t usage which didn't work in all cases. Change-Id: I4a21d3bea55d23c1c3747253904e2a79f7d555d9 Signed-off-by: JP Abgrall <jpa@google.com> 
* Added global resource tracking based on tags.
 - Can be put into passive mode via
    /sys/modules/xt_qtaguid/params/tag_tracking_passive
 - The number of socket tags per UID is now limited
 - Adding /dev/xt_qtaguid that each process should open before starting
to tag sockets. A later change will make it a "must".
 - A process should not create new tags unless it has the dev open.
  A later change will make it a must.
 - On qtaguid_resources release, the process' matching socket tag info
  is deleted.
* Support run-time debug mask via /sys/modules parameter "debug_mask".
* split module into prettyprinting code, includes, main.
* Removed ptrdiff_t usage which didn't work in all cases.

Change-Id: I4a21d3bea55d23c1c3747253904e2a79f7d555d9
Signed-off-by: JP Abgrall <jpa@google.com>
netfilter: qtaguid: fix proc/.../stats uid filtered output 2011-12-01T05:39:03+00:00 JP Abgrall jpa@google.com 2011-08-31T20:50:15+00:00 5e0d0a23f7a54f41162a995b140ef5746907329e "cat /proc/net/xt_qtaguid/stats" for a non-priviledged UID would output multiple twice its own stats. The fix tweaks the way lines are counted. Non-root: idx iface acct_tag_hex uid_tag_int cnt_set ... 2 wlan0 0x0 10022 0 ... 3 wlan0 0x0 10022 1 ... 4 wlan0 0x3010000000000000 10022 0 ... 5 wlan0 0x3010000000000000 10022 1 ... Root: idx iface acct_tag_hex uid_tag_int cnt_set 2 wlan0 0x0 0 0 ... 3 wlan0 0x0 0 1 ... 4 wlan0 0x0 1000 0 ... ... 12 wlan0 0x0 10022 0 ... 13 wlan0 0x0 10022 1 ... ... 18 wlan0 0x3010000000000000 10022 0 ... 19 wlan0 0x3010000000000000 10022 1 ... Change-Id: I3cae1f4fee616bc897831350374656b0c718c45b Signed-off-by: JP Abgrall <jpa@google.com> 
"cat /proc/net/xt_qtaguid/stats"
for a non-priviledged UID would output multiple twice its own stats.
The fix tweaks the way lines are counted.

Non-root:
  idx iface acct_tag_hex uid_tag_int cnt_set ...
  2 wlan0 0x0 10022 0 ...
  3 wlan0 0x0 10022 1 ...
  4 wlan0 0x3010000000000000 10022 0 ...
  5 wlan0 0x3010000000000000 10022 1 ...

Root:
  idx iface acct_tag_hex uid_tag_int cnt_set
  2 wlan0 0x0 0 0 ...
  3 wlan0 0x0 0 1 ...
  4 wlan0 0x0 1000 0 ...
  ...
  12 wlan0 0x0 10022 0 ...
  13 wlan0 0x0 10022 1 ...
  ...
  18 wlan0 0x3010000000000000 10022 0 ...
  19 wlan0 0x3010000000000000 10022 1 ...

Change-Id: I3cae1f4fee616bc897831350374656b0c718c45b
Signed-off-by: JP Abgrall <jpa@google.com>