diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:10 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:10 -0400 |
commit | 0e6e75af921d1f4799eeb9f83a31c86ab7cdeb8f (patch) | |
tree | d718ebbcf5bfbd3e16a640b3c9b2cee40cd40032 /net/netfilter | |
parent | 3bb0d1c00f86b13bb184193a8f0189ddd6f0459f (diff) |
netfilter: netns nf_conntrack: PPTP conntracking in netns
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/nf_conntrack_pptp.c | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c index e47d5de41cc..373e51e91ce 100644 --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c | |||
@@ -98,6 +98,7 @@ EXPORT_SYMBOL(pptp_msg_name); | |||
98 | static void pptp_expectfn(struct nf_conn *ct, | 98 | static void pptp_expectfn(struct nf_conn *ct, |
99 | struct nf_conntrack_expect *exp) | 99 | struct nf_conntrack_expect *exp) |
100 | { | 100 | { |
101 | struct net *net = nf_ct_net(ct); | ||
101 | typeof(nf_nat_pptp_hook_expectfn) nf_nat_pptp_expectfn; | 102 | typeof(nf_nat_pptp_hook_expectfn) nf_nat_pptp_expectfn; |
102 | pr_debug("increasing timeouts\n"); | 103 | pr_debug("increasing timeouts\n"); |
103 | 104 | ||
@@ -121,7 +122,7 @@ static void pptp_expectfn(struct nf_conn *ct, | |||
121 | pr_debug("trying to unexpect other dir: "); | 122 | pr_debug("trying to unexpect other dir: "); |
122 | nf_ct_dump_tuple(&inv_t); | 123 | nf_ct_dump_tuple(&inv_t); |
123 | 124 | ||
124 | exp_other = nf_ct_expect_find_get(&init_net, &inv_t); | 125 | exp_other = nf_ct_expect_find_get(net, &inv_t); |
125 | if (exp_other) { | 126 | if (exp_other) { |
126 | /* delete other expectation. */ | 127 | /* delete other expectation. */ |
127 | pr_debug("found\n"); | 128 | pr_debug("found\n"); |
@@ -134,7 +135,8 @@ static void pptp_expectfn(struct nf_conn *ct, | |||
134 | rcu_read_unlock(); | 135 | rcu_read_unlock(); |
135 | } | 136 | } |
136 | 137 | ||
137 | static int destroy_sibling_or_exp(const struct nf_conntrack_tuple *t) | 138 | static int destroy_sibling_or_exp(struct net *net, |
139 | const struct nf_conntrack_tuple *t) | ||
138 | { | 140 | { |
139 | const struct nf_conntrack_tuple_hash *h; | 141 | const struct nf_conntrack_tuple_hash *h; |
140 | struct nf_conntrack_expect *exp; | 142 | struct nf_conntrack_expect *exp; |
@@ -143,7 +145,7 @@ static int destroy_sibling_or_exp(const struct nf_conntrack_tuple *t) | |||
143 | pr_debug("trying to timeout ct or exp for tuple "); | 145 | pr_debug("trying to timeout ct or exp for tuple "); |
144 | nf_ct_dump_tuple(t); | 146 | nf_ct_dump_tuple(t); |
145 | 147 | ||
146 | h = nf_conntrack_find_get(&init_net, t); | 148 | h = nf_conntrack_find_get(net, t); |
147 | if (h) { | 149 | if (h) { |
148 | sibling = nf_ct_tuplehash_to_ctrack(h); | 150 | sibling = nf_ct_tuplehash_to_ctrack(h); |
149 | pr_debug("setting timeout of conntrack %p to 0\n", sibling); | 151 | pr_debug("setting timeout of conntrack %p to 0\n", sibling); |
@@ -154,7 +156,7 @@ static int destroy_sibling_or_exp(const struct nf_conntrack_tuple *t) | |||
154 | nf_ct_put(sibling); | 156 | nf_ct_put(sibling); |
155 | return 1; | 157 | return 1; |
156 | } else { | 158 | } else { |
157 | exp = nf_ct_expect_find_get(&init_net, t); | 159 | exp = nf_ct_expect_find_get(net, t); |
158 | if (exp) { | 160 | if (exp) { |
159 | pr_debug("unexpect_related of expect %p\n", exp); | 161 | pr_debug("unexpect_related of expect %p\n", exp); |
160 | nf_ct_unexpect_related(exp); | 162 | nf_ct_unexpect_related(exp); |
@@ -168,6 +170,7 @@ static int destroy_sibling_or_exp(const struct nf_conntrack_tuple *t) | |||
168 | /* timeout GRE data connections */ | 170 | /* timeout GRE data connections */ |
169 | static void pptp_destroy_siblings(struct nf_conn *ct) | 171 | static void pptp_destroy_siblings(struct nf_conn *ct) |
170 | { | 172 | { |
173 | struct net *net = nf_ct_net(ct); | ||
171 | const struct nf_conn_help *help = nfct_help(ct); | 174 | const struct nf_conn_help *help = nfct_help(ct); |
172 | struct nf_conntrack_tuple t; | 175 | struct nf_conntrack_tuple t; |
173 | 176 | ||
@@ -178,7 +181,7 @@ static void pptp_destroy_siblings(struct nf_conn *ct) | |||
178 | t.dst.protonum = IPPROTO_GRE; | 181 | t.dst.protonum = IPPROTO_GRE; |
179 | t.src.u.gre.key = help->help.ct_pptp_info.pns_call_id; | 182 | t.src.u.gre.key = help->help.ct_pptp_info.pns_call_id; |
180 | t.dst.u.gre.key = help->help.ct_pptp_info.pac_call_id; | 183 | t.dst.u.gre.key = help->help.ct_pptp_info.pac_call_id; |
181 | if (!destroy_sibling_or_exp(&t)) | 184 | if (!destroy_sibling_or_exp(net, &t)) |
182 | pr_debug("failed to timeout original pns->pac ct/exp\n"); | 185 | pr_debug("failed to timeout original pns->pac ct/exp\n"); |
183 | 186 | ||
184 | /* try reply (pac->pns) tuple */ | 187 | /* try reply (pac->pns) tuple */ |
@@ -186,7 +189,7 @@ static void pptp_destroy_siblings(struct nf_conn *ct) | |||
186 | t.dst.protonum = IPPROTO_GRE; | 189 | t.dst.protonum = IPPROTO_GRE; |
187 | t.src.u.gre.key = help->help.ct_pptp_info.pac_call_id; | 190 | t.src.u.gre.key = help->help.ct_pptp_info.pac_call_id; |
188 | t.dst.u.gre.key = help->help.ct_pptp_info.pns_call_id; | 191 | t.dst.u.gre.key = help->help.ct_pptp_info.pns_call_id; |
189 | if (!destroy_sibling_or_exp(&t)) | 192 | if (!destroy_sibling_or_exp(net, &t)) |
190 | pr_debug("failed to timeout reply pac->pns ct/exp\n"); | 193 | pr_debug("failed to timeout reply pac->pns ct/exp\n"); |
191 | } | 194 | } |
192 | 195 | ||
@@ -594,15 +597,32 @@ static struct nf_conntrack_helper pptp __read_mostly = { | |||
594 | .expect_policy = &pptp_exp_policy, | 597 | .expect_policy = &pptp_exp_policy, |
595 | }; | 598 | }; |
596 | 599 | ||
600 | static void nf_conntrack_pptp_net_exit(struct net *net) | ||
601 | { | ||
602 | nf_ct_gre_keymap_flush(net); | ||
603 | } | ||
604 | |||
605 | static struct pernet_operations nf_conntrack_pptp_net_ops = { | ||
606 | .exit = nf_conntrack_pptp_net_exit, | ||
607 | }; | ||
608 | |||
597 | static int __init nf_conntrack_pptp_init(void) | 609 | static int __init nf_conntrack_pptp_init(void) |
598 | { | 610 | { |
599 | return nf_conntrack_helper_register(&pptp); | 611 | int rv; |
612 | |||
613 | rv = nf_conntrack_helper_register(&pptp); | ||
614 | if (rv < 0) | ||
615 | return rv; | ||
616 | rv = register_pernet_subsys(&nf_conntrack_pptp_net_ops); | ||
617 | if (rv < 0) | ||
618 | nf_conntrack_helper_unregister(&pptp); | ||
619 | return rv; | ||
600 | } | 620 | } |
601 | 621 | ||
602 | static void __exit nf_conntrack_pptp_fini(void) | 622 | static void __exit nf_conntrack_pptp_fini(void) |
603 | { | 623 | { |
604 | nf_conntrack_helper_unregister(&pptp); | 624 | nf_conntrack_helper_unregister(&pptp); |
605 | nf_ct_gre_keymap_flush(&init_net); | 625 | unregister_pernet_subsys(&nf_conntrack_pptp_net_ops); |
606 | } | 626 | } |
607 | 627 | ||
608 | module_init(nf_conntrack_pptp_init); | 628 | module_init(nf_conntrack_pptp_init); |