Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
c1baa884
Commit
c1baa884
authored
Nov 29, 2011
by
David S. Miller
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'nf' of
git://1984.lsi.us.es/net
parents
a5e5c374
70e9942f
Changes
8
Show whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
87 additions
and
53 deletions
+87
-53
include/net/netfilter/nf_conntrack_ecache.h
include/net/netfilter/nf_conntrack_ecache.h
+10
-9
include/net/netns/conntrack.h
include/net/netns/conntrack.h
+2
-0
net/ipv4/netfilter.c
net/ipv4/netfilter.c
+2
-1
net/netfilter/ipset/ip_set_hash_ipport.c
net/netfilter/ipset/ip_set_hash_ipport.c
+1
-1
net/netfilter/ipset/ip_set_hash_ipportip.c
net/netfilter/ipset/ip_set_hash_ipportip.c
+1
-1
net/netfilter/ipset/ip_set_hash_ipportnet.c
net/netfilter/ipset/ip_set_hash_ipportnet.c
+1
-1
net/netfilter/nf_conntrack_ecache.c
net/netfilter/nf_conntrack_ecache.c
+18
-19
net/netfilter/nf_conntrack_netlink.c
net/netfilter/nf_conntrack_netlink.c
+52
-21
No files found.
include/net/netfilter/nf_conntrack_ecache.h
View file @
c1baa884
...
...
@@ -67,18 +67,18 @@ struct nf_ct_event_notifier {
int
(
*
fcn
)(
unsigned
int
events
,
struct
nf_ct_event
*
item
);
};
extern
struct
nf_ct_event_notifier
__rcu
*
nf_conntrack_event_cb
;
extern
int
nf_conntrack_register_notifier
(
struct
nf_ct_event_notifier
*
nb
);
extern
void
nf_conntrack_unregister_notifier
(
struct
nf_ct_event_notifier
*
nb
);
extern
int
nf_conntrack_register_notifier
(
struct
net
*
net
,
struct
nf_ct_event_notifier
*
nb
);
extern
void
nf_conntrack_unregister_notifier
(
struct
net
*
net
,
struct
nf_ct_event_notifier
*
nb
);
extern
void
nf_ct_deliver_cached_events
(
struct
nf_conn
*
ct
);
static
inline
void
nf_conntrack_event_cache
(
enum
ip_conntrack_events
event
,
struct
nf_conn
*
ct
)
{
struct
net
*
net
=
nf_ct_net
(
ct
);
struct
nf_conntrack_ecache
*
e
;
if
(
nf_conntrack_event_cb
==
NULL
)
if
(
n
et
->
ct
.
n
f_conntrack_event_cb
==
NULL
)
return
;
e
=
nf_ct_ecache_find
(
ct
);
...
...
@@ -95,11 +95,12 @@ nf_conntrack_eventmask_report(unsigned int eventmask,
int
report
)
{
int
ret
=
0
;
struct
net
*
net
=
nf_ct_net
(
ct
);
struct
nf_ct_event_notifier
*
notify
;
struct
nf_conntrack_ecache
*
e
;
rcu_read_lock
();
notify
=
rcu_dereference
(
nf_conntrack_event_cb
);
notify
=
rcu_dereference
(
n
et
->
ct
.
n
f_conntrack_event_cb
);
if
(
notify
==
NULL
)
goto
out_unlock
;
...
...
@@ -164,9 +165,8 @@ struct nf_exp_event_notifier {
int
(
*
fcn
)(
unsigned
int
events
,
struct
nf_exp_event
*
item
);
};
extern
struct
nf_exp_event_notifier
__rcu
*
nf_expect_event_cb
;
extern
int
nf_ct_expect_register_notifier
(
struct
nf_exp_event_notifier
*
nb
);
extern
void
nf_ct_expect_unregister_notifier
(
struct
nf_exp_event_notifier
*
nb
);
extern
int
nf_ct_expect_register_notifier
(
struct
net
*
net
,
struct
nf_exp_event_notifier
*
nb
);
extern
void
nf_ct_expect_unregister_notifier
(
struct
net
*
net
,
struct
nf_exp_event_notifier
*
nb
);
static
inline
void
nf_ct_expect_event_report
(
enum
ip_conntrack_expect_events
event
,
...
...
@@ -174,11 +174,12 @@ nf_ct_expect_event_report(enum ip_conntrack_expect_events event,
u32
pid
,
int
report
)
{
struct
net
*
net
=
nf_ct_exp_net
(
exp
);
struct
nf_exp_event_notifier
*
notify
;
struct
nf_conntrack_ecache
*
e
;
rcu_read_lock
();
notify
=
rcu_dereference
(
nf_expect_event_cb
);
notify
=
rcu_dereference
(
n
et
->
ct
.
n
f_expect_event_cb
);
if
(
notify
==
NULL
)
goto
out_unlock
;
...
...
include/net/netns/conntrack.h
View file @
c1baa884
...
...
@@ -18,6 +18,8 @@ struct netns_ct {
struct
hlist_nulls_head
unconfirmed
;
struct
hlist_nulls_head
dying
;
struct
ip_conntrack_stat
__percpu
*
stat
;
struct
nf_ct_event_notifier
__rcu
*
nf_conntrack_event_cb
;
struct
nf_exp_event_notifier
__rcu
*
nf_expect_event_cb
;
int
sysctl_events
;
unsigned
int
sysctl_events_retry_timeout
;
int
sysctl_acct
;
...
...
net/ipv4/netfilter.c
View file @
c1baa884
...
...
@@ -64,7 +64,8 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
/* Change in oif may mean change in hh_len. */
hh_len
=
skb_dst
(
skb
)
->
dev
->
hard_header_len
;
if
(
skb_headroom
(
skb
)
<
hh_len
&&
pskb_expand_head
(
skb
,
hh_len
-
skb_headroom
(
skb
),
0
,
GFP_ATOMIC
))
pskb_expand_head
(
skb
,
HH_DATA_ALIGN
(
hh_len
-
skb_headroom
(
skb
)),
0
,
GFP_ATOMIC
))
return
-
1
;
return
0
;
...
...
net/netfilter/ipset/ip_set_hash_ipport.c
View file @
c1baa884
...
...
@@ -158,7 +158,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
const
struct
ip_set_hash
*
h
=
set
->
data
;
ipset_adtfn
adtfn
=
set
->
variant
->
adt
[
adt
];
struct
hash_ipport4_elem
data
=
{
};
u32
ip
,
ip_to
,
p
=
0
,
port
,
port_to
;
u32
ip
,
ip_to
=
0
,
p
=
0
,
port
,
port_to
;
u32
timeout
=
h
->
timeout
;
bool
with_ports
=
false
;
int
ret
;
...
...
net/netfilter/ipset/ip_set_hash_ipportip.c
View file @
c1baa884
...
...
@@ -162,7 +162,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
const
struct
ip_set_hash
*
h
=
set
->
data
;
ipset_adtfn
adtfn
=
set
->
variant
->
adt
[
adt
];
struct
hash_ipportip4_elem
data
=
{
};
u32
ip
,
ip_to
,
p
=
0
,
port
,
port_to
;
u32
ip
,
ip_to
=
0
,
p
=
0
,
port
,
port_to
;
u32
timeout
=
h
->
timeout
;
bool
with_ports
=
false
;
int
ret
;
...
...
net/netfilter/ipset/ip_set_hash_ipportnet.c
View file @
c1baa884
...
...
@@ -184,7 +184,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
const
struct
ip_set_hash
*
h
=
set
->
data
;
ipset_adtfn
adtfn
=
set
->
variant
->
adt
[
adt
];
struct
hash_ipportnet4_elem
data
=
{
.
cidr
=
HOST_MASK
};
u32
ip
,
ip_to
,
p
=
0
,
port
,
port_to
;
u32
ip
,
ip_to
=
0
,
p
=
0
,
port
,
port_to
;
u32
ip2_from
=
0
,
ip2_to
,
ip2_last
,
ip2
;
u32
timeout
=
h
->
timeout
;
bool
with_ports
=
false
;
...
...
net/netfilter/nf_conntrack_ecache.c
View file @
c1baa884
...
...
@@ -27,22 +27,17 @@
static
DEFINE_MUTEX
(
nf_ct_ecache_mutex
);
struct
nf_ct_event_notifier
__rcu
*
nf_conntrack_event_cb
__read_mostly
;
EXPORT_SYMBOL_GPL
(
nf_conntrack_event_cb
);
struct
nf_exp_event_notifier
__rcu
*
nf_expect_event_cb
__read_mostly
;
EXPORT_SYMBOL_GPL
(
nf_expect_event_cb
);
/* deliver cached events and clear cache entry - must be called with locally
* disabled softirqs */
void
nf_ct_deliver_cached_events
(
struct
nf_conn
*
ct
)
{
struct
net
*
net
=
nf_ct_net
(
ct
);
unsigned
long
events
;
struct
nf_ct_event_notifier
*
notify
;
struct
nf_conntrack_ecache
*
e
;
rcu_read_lock
();
notify
=
rcu_dereference
(
nf_conntrack_event_cb
);
notify
=
rcu_dereference
(
n
et
->
ct
.
n
f_conntrack_event_cb
);
if
(
notify
==
NULL
)
goto
out_unlock
;
...
...
@@ -83,19 +78,20 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct)
}
EXPORT_SYMBOL_GPL
(
nf_ct_deliver_cached_events
);
int
nf_conntrack_register_notifier
(
struct
nf_ct_event_notifier
*
new
)
int
nf_conntrack_register_notifier
(
struct
net
*
net
,
struct
nf_ct_event_notifier
*
new
)
{
int
ret
=
0
;
struct
nf_ct_event_notifier
*
notify
;
mutex_lock
(
&
nf_ct_ecache_mutex
);
notify
=
rcu_dereference_protected
(
nf_conntrack_event_cb
,
notify
=
rcu_dereference_protected
(
n
et
->
ct
.
n
f_conntrack_event_cb
,
lockdep_is_held
(
&
nf_ct_ecache_mutex
));
if
(
notify
!=
NULL
)
{
ret
=
-
EBUSY
;
goto
out_unlock
;
}
RCU_INIT_POINTER
(
nf_conntrack_event_cb
,
new
);
RCU_INIT_POINTER
(
n
et
->
ct
.
n
f_conntrack_event_cb
,
new
);
mutex_unlock
(
&
nf_ct_ecache_mutex
);
return
ret
;
...
...
@@ -105,32 +101,34 @@ int nf_conntrack_register_notifier(struct nf_ct_event_notifier *new)
}
EXPORT_SYMBOL_GPL
(
nf_conntrack_register_notifier
);
void
nf_conntrack_unregister_notifier
(
struct
nf_ct_event_notifier
*
new
)
void
nf_conntrack_unregister_notifier
(
struct
net
*
net
,
struct
nf_ct_event_notifier
*
new
)
{
struct
nf_ct_event_notifier
*
notify
;
mutex_lock
(
&
nf_ct_ecache_mutex
);
notify
=
rcu_dereference_protected
(
nf_conntrack_event_cb
,
notify
=
rcu_dereference_protected
(
n
et
->
ct
.
n
f_conntrack_event_cb
,
lockdep_is_held
(
&
nf_ct_ecache_mutex
));
BUG_ON
(
notify
!=
new
);
RCU_INIT_POINTER
(
nf_conntrack_event_cb
,
NULL
);
RCU_INIT_POINTER
(
n
et
->
ct
.
n
f_conntrack_event_cb
,
NULL
);
mutex_unlock
(
&
nf_ct_ecache_mutex
);
}
EXPORT_SYMBOL_GPL
(
nf_conntrack_unregister_notifier
);
int
nf_ct_expect_register_notifier
(
struct
nf_exp_event_notifier
*
new
)
int
nf_ct_expect_register_notifier
(
struct
net
*
net
,
struct
nf_exp_event_notifier
*
new
)
{
int
ret
=
0
;
struct
nf_exp_event_notifier
*
notify
;
mutex_lock
(
&
nf_ct_ecache_mutex
);
notify
=
rcu_dereference_protected
(
nf_expect_event_cb
,
notify
=
rcu_dereference_protected
(
n
et
->
ct
.
n
f_expect_event_cb
,
lockdep_is_held
(
&
nf_ct_ecache_mutex
));
if
(
notify
!=
NULL
)
{
ret
=
-
EBUSY
;
goto
out_unlock
;
}
RCU_INIT_POINTER
(
nf_expect_event_cb
,
new
);
RCU_INIT_POINTER
(
n
et
->
ct
.
n
f_expect_event_cb
,
new
);
mutex_unlock
(
&
nf_ct_ecache_mutex
);
return
ret
;
...
...
@@ -140,15 +138,16 @@ int nf_ct_expect_register_notifier(struct nf_exp_event_notifier *new)
}
EXPORT_SYMBOL_GPL
(
nf_ct_expect_register_notifier
);
void
nf_ct_expect_unregister_notifier
(
struct
nf_exp_event_notifier
*
new
)
void
nf_ct_expect_unregister_notifier
(
struct
net
*
net
,
struct
nf_exp_event_notifier
*
new
)
{
struct
nf_exp_event_notifier
*
notify
;
mutex_lock
(
&
nf_ct_ecache_mutex
);
notify
=
rcu_dereference_protected
(
nf_expect_event_cb
,
notify
=
rcu_dereference_protected
(
n
et
->
ct
.
n
f_expect_event_cb
,
lockdep_is_held
(
&
nf_ct_ecache_mutex
));
BUG_ON
(
notify
!=
new
);
RCU_INIT_POINTER
(
nf_expect_event_cb
,
NULL
);
RCU_INIT_POINTER
(
n
et
->
ct
.
n
f_expect_event_cb
,
NULL
);
mutex_unlock
(
&
nf_ct_ecache_mutex
);
}
EXPORT_SYMBOL_GPL
(
nf_ct_expect_unregister_notifier
);
...
...
net/netfilter/nf_conntrack_netlink.c
View file @
c1baa884
...
...
@@ -4,7 +4,7 @@
* (C) 2001 by Jay Schulist <jschlst@samba.org>
* (C) 2002-2006 by Harald Welte <laforge@gnumonks.org>
* (C) 2003 by Patrick Mchardy <kaber@trash.net>
* (C) 2005-20
08
by Pablo Neira Ayuso <pablo@netfilter.org>
* (C) 2005-20
11
by Pablo Neira Ayuso <pablo@netfilter.org>
*
* Initial connection tracking via netlink development funded and
* generally made possible by Network Robots, Inc. (www.networkrobots.com)
...
...
@@ -2163,6 +2163,54 @@ MODULE_ALIAS("ip_conntrack_netlink");
MODULE_ALIAS_NFNL_SUBSYS
(
NFNL_SUBSYS_CTNETLINK
);
MODULE_ALIAS_NFNL_SUBSYS
(
NFNL_SUBSYS_CTNETLINK_EXP
);
static
int
__net_init
ctnetlink_net_init
(
struct
net
*
net
)
{
#ifdef CONFIG_NF_CONNTRACK_EVENTS
int
ret
;
ret
=
nf_conntrack_register_notifier
(
net
,
&
ctnl_notifier
);
if
(
ret
<
0
)
{
pr_err
(
"ctnetlink_init: cannot register notifier.
\n
"
);
goto
err_out
;
}
ret
=
nf_ct_expect_register_notifier
(
net
,
&
ctnl_notifier_exp
);
if
(
ret
<
0
)
{
pr_err
(
"ctnetlink_init: cannot expect register notifier.
\n
"
);
goto
err_unreg_notifier
;
}
#endif
return
0
;
#ifdef CONFIG_NF_CONNTRACK_EVENTS
err_unreg_notifier:
nf_conntrack_unregister_notifier
(
net
,
&
ctnl_notifier
);
err_out:
return
ret
;
#endif
}
static
void
ctnetlink_net_exit
(
struct
net
*
net
)
{
#ifdef CONFIG_NF_CONNTRACK_EVENTS
nf_ct_expect_unregister_notifier
(
net
,
&
ctnl_notifier_exp
);
nf_conntrack_unregister_notifier
(
net
,
&
ctnl_notifier
);
#endif
}
static
void
__net_exit
ctnetlink_net_exit_batch
(
struct
list_head
*
net_exit_list
)
{
struct
net
*
net
;
list_for_each_entry
(
net
,
net_exit_list
,
exit_list
)
ctnetlink_net_exit
(
net
);
}
static
struct
pernet_operations
ctnetlink_net_ops
=
{
.
init
=
ctnetlink_net_init
,
.
exit_batch
=
ctnetlink_net_exit_batch
,
};
static
int
__init
ctnetlink_init
(
void
)
{
int
ret
;
...
...
@@ -2180,28 +2228,15 @@ static int __init ctnetlink_init(void)
goto
err_unreg_subsys
;
}
#ifdef CONFIG_NF_CONNTRACK_EVENTS
ret
=
nf_conntrack_register_notifier
(
&
ctnl_notifier
);
if
(
ret
<
0
)
{
pr_err
(
"ctnetlink_init: cannot register notifier.
\n
"
);
if
(
register_pernet_subsys
(
&
ctnetlink_net_ops
))
{
pr_err
(
"ctnetlink_init: cannot register pernet operations
\n
"
);
goto
err_unreg_exp_subsys
;
}
ret
=
nf_ct_expect_register_notifier
(
&
ctnl_notifier_exp
);
if
(
ret
<
0
)
{
pr_err
(
"ctnetlink_init: cannot expect register notifier.
\n
"
);
goto
err_unreg_notifier
;
}
#endif
return
0
;
#ifdef CONFIG_NF_CONNTRACK_EVENTS
err_unreg_notifier:
nf_conntrack_unregister_notifier
(
&
ctnl_notifier
);
err_unreg_exp_subsys:
nfnetlink_subsys_unregister
(
&
ctnl_exp_subsys
);
#endif
err_unreg_subsys:
nfnetlink_subsys_unregister
(
&
ctnl_subsys
);
err_out:
...
...
@@ -2213,11 +2248,7 @@ static void __exit ctnetlink_exit(void)
pr_info
(
"ctnetlink: unregistering from nfnetlink.
\n
"
);
nf_ct_remove_userspace_expectations
();
#ifdef CONFIG_NF_CONNTRACK_EVENTS
nf_ct_expect_unregister_notifier
(
&
ctnl_notifier_exp
);
nf_conntrack_unregister_notifier
(
&
ctnl_notifier
);
#endif
unregister_pernet_subsys
(
&
ctnetlink_net_ops
);
nfnetlink_subsys_unregister
(
&
ctnl_exp_subsys
);
nfnetlink_subsys_unregister
(
&
ctnl_subsys
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment