Commit e72871ad authored by David S. Miller's avatar David S. Miller

Netfilter enhancement from Harald Welte and Netfilter team.

Add destroy callback to ip_conntrack_helper, to be used by L4
protocol trackers.
parent c9b46cc9
...@@ -42,6 +42,9 @@ struct ip_conntrack_protocol ...@@ -42,6 +42,9 @@ struct ip_conntrack_protocol
int (*new)(struct ip_conntrack *conntrack, struct iphdr *iph, int (*new)(struct ip_conntrack *conntrack, struct iphdr *iph,
size_t len); size_t len);
/* Called when a conntrack entry is destroyed */
void (*destroy)(struct ip_conntrack *conntrack);
/* Module (if any) which this is connected to. */ /* Module (if any) which this is connected to. */
struct module *me; struct module *me;
}; };
......
...@@ -176,6 +176,7 @@ static void ...@@ -176,6 +176,7 @@ static void
destroy_conntrack(struct nf_conntrack *nfct) destroy_conntrack(struct nf_conntrack *nfct)
{ {
struct ip_conntrack *ct = (struct ip_conntrack *)nfct; struct ip_conntrack *ct = (struct ip_conntrack *)nfct;
struct ip_conntrack_protocol *proto;
IP_NF_ASSERT(atomic_read(&nfct->use) == 0); IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
IP_NF_ASSERT(!timer_pending(&ct->timeout)); IP_NF_ASSERT(!timer_pending(&ct->timeout));
...@@ -183,6 +184,13 @@ destroy_conntrack(struct nf_conntrack *nfct) ...@@ -183,6 +184,13 @@ destroy_conntrack(struct nf_conntrack *nfct)
if (ct->master.master) if (ct->master.master)
nf_conntrack_put(&ct->master); nf_conntrack_put(&ct->master);
/* To make sure we don't get any weird locking issues here:
* destroy_conntrack() MUST NOT be called with a write lock
* to ip_conntrack_lock!!! -HW */
proto = find_proto(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum);
if (proto && proto->destroy)
proto->destroy(ct);
if (ip_conntrack_destroyed) if (ip_conntrack_destroyed)
ip_conntrack_destroyed(ct); ip_conntrack_destroyed(ct);
kmem_cache_free(ip_conntrack_cachep, ct); kmem_cache_free(ip_conntrack_cachep, ct);
......
...@@ -57,5 +57,5 @@ new(struct ip_conntrack *conntrack, struct iphdr *iph, size_t len) ...@@ -57,5 +57,5 @@ new(struct ip_conntrack *conntrack, struct iphdr *iph, size_t len)
struct ip_conntrack_protocol ip_conntrack_generic_protocol struct ip_conntrack_protocol ip_conntrack_generic_protocol
= { { NULL, NULL }, 0, "unknown", = { { NULL, NULL }, 0, "unknown",
generic_pkt_to_tuple, generic_invert_tuple, generic_print_tuple, generic_pkt_to_tuple, generic_invert_tuple, generic_print_tuple,
generic_print_conntrack, established, new, NULL }; generic_print_conntrack, established, new, NULL, NULL };
...@@ -113,4 +113,4 @@ static int icmp_new(struct ip_conntrack *conntrack, ...@@ -113,4 +113,4 @@ static int icmp_new(struct ip_conntrack *conntrack,
struct ip_conntrack_protocol ip_conntrack_protocol_icmp struct ip_conntrack_protocol ip_conntrack_protocol_icmp
= { { NULL, NULL }, IPPROTO_ICMP, "icmp", = { { NULL, NULL }, IPPROTO_ICMP, "icmp",
icmp_pkt_to_tuple, icmp_invert_tuple, icmp_print_tuple, icmp_pkt_to_tuple, icmp_invert_tuple, icmp_print_tuple,
icmp_print_conntrack, icmp_packet, icmp_new, NULL }; icmp_print_conntrack, icmp_packet, icmp_new, NULL, NULL };
...@@ -230,4 +230,4 @@ static int tcp_new(struct ip_conntrack *conntrack, ...@@ -230,4 +230,4 @@ static int tcp_new(struct ip_conntrack *conntrack,
struct ip_conntrack_protocol ip_conntrack_protocol_tcp struct ip_conntrack_protocol ip_conntrack_protocol_tcp
= { { NULL, NULL }, IPPROTO_TCP, "tcp", = { { NULL, NULL }, IPPROTO_TCP, "tcp",
tcp_pkt_to_tuple, tcp_invert_tuple, tcp_print_tuple, tcp_print_conntrack, tcp_pkt_to_tuple, tcp_invert_tuple, tcp_print_tuple, tcp_print_conntrack,
tcp_packet, tcp_new, NULL }; tcp_packet, tcp_new, NULL, NULL };
...@@ -71,4 +71,4 @@ static int udp_new(struct ip_conntrack *conntrack, ...@@ -71,4 +71,4 @@ static int udp_new(struct ip_conntrack *conntrack,
struct ip_conntrack_protocol ip_conntrack_protocol_udp struct ip_conntrack_protocol ip_conntrack_protocol_udp
= { { NULL, NULL }, IPPROTO_UDP, "udp", = { { NULL, NULL }, IPPROTO_UDP, "udp",
udp_pkt_to_tuple, udp_invert_tuple, udp_print_tuple, udp_print_conntrack, udp_pkt_to_tuple, udp_invert_tuple, udp_print_tuple, udp_print_conntrack,
udp_packet, udp_new, NULL }; udp_packet, udp_new, NULL, NULL };
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment