aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-11-28 20:35:18 -0500
committerDavid S. Miller <davem@sunset.davemloft.net>2006-12-03 00:31:18 -0500
commit933a41e7e12b773d1dd026018f02b86b5d257a22 (patch)
tree0a99f7759d2488869f93ba6a0206435bcacca85e
parentd62f9ed4a490309bd9e5df0b42ba5d096e7b5902 (diff)
[NETFILTER]: nf_conntrack: move conntrack protocol sysctls to individual modules
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c53
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c23
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c55
-rw-r--r--net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c23
-rw-r--r--net/netfilter/nf_conntrack_core.c8
-rw-r--r--net/netfilter/nf_conntrack_proto.c12
-rw-r--r--net/netfilter/nf_conntrack_proto_generic.c23
-rw-r--r--net/netfilter/nf_conntrack_proto_sctp.c101
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c140
-rw-r--r--net/netfilter/nf_conntrack_proto_udp.c40
-rw-r--r--net/netfilter/nf_conntrack_standalone.c142
11 files changed, 293 insertions, 327 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index d1907082d7d6..786c4ce96cdf 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -266,44 +266,6 @@ static struct nf_hook_ops ipv4_conntrack_ops[] = {
266 }, 266 },
267}; 267};
268 268
269#ifdef CONFIG_SYSCTL
270/* From nf_conntrack_proto_icmp.c */
271extern unsigned int nf_ct_icmp_timeout;
272static struct ctl_table_header *nf_ct_ipv4_sysctl_header;
273
274static ctl_table nf_ct_sysctl_table[] = {
275 {
276 .ctl_name = NET_NF_CONNTRACK_ICMP_TIMEOUT,
277 .procname = "nf_conntrack_icmp_timeout",
278 .data = &nf_ct_icmp_timeout,
279 .maxlen = sizeof(unsigned int),
280 .mode = 0644,
281 .proc_handler = &proc_dointvec_jiffies,
282 },
283 { .ctl_name = 0 }
284};
285
286static ctl_table nf_ct_netfilter_table[] = {
287 {
288 .ctl_name = NET_NETFILTER,
289 .procname = "netfilter",
290 .mode = 0555,
291 .child = nf_ct_sysctl_table,
292 },
293 { .ctl_name = 0 }
294};
295
296static ctl_table nf_ct_net_table[] = {
297 {
298 .ctl_name = CTL_NET,
299 .procname = "net",
300 .mode = 0555,
301 .child = nf_ct_netfilter_table,
302 },
303 { .ctl_name = 0 }
304};
305#endif
306
307/* Fast function for those who don't want to parse /proc (and I don't 269/* Fast function for those who don't want to parse /proc (and I don't
308 blame them). */ 270 blame them). */
309/* Reversing the socket's dst/src point of view gives us the reply 271/* Reversing the socket's dst/src point of view gives us the reply
@@ -472,20 +434,8 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)
472 printk("nf_conntrack_ipv4: can't register hooks.\n"); 434 printk("nf_conntrack_ipv4: can't register hooks.\n");
473 goto cleanup_ipv4; 435 goto cleanup_ipv4;
474 } 436 }
475#ifdef CONFIG_SYSCTL
476 nf_ct_ipv4_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
477 if (nf_ct_ipv4_sysctl_header == NULL) {
478 printk("nf_conntrack: can't register to sysctl.\n");
479 ret = -ENOMEM;
480 goto cleanup_hooks;
481 }
482#endif
483 return ret; 437 return ret;
484 438
485#ifdef CONFIG_SYSCTL
486 cleanup_hooks:
487 nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
488#endif
489 cleanup_ipv4: 439 cleanup_ipv4:
490 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4); 440 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
491 cleanup_icmp: 441 cleanup_icmp:
@@ -502,9 +452,6 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)
502static void __exit nf_conntrack_l3proto_ipv4_fini(void) 452static void __exit nf_conntrack_l3proto_ipv4_fini(void)
503{ 453{
504 synchronize_net(); 454 synchronize_net();
505#ifdef CONFIG_SYSCTL
506 unregister_sysctl_table(nf_ct_ipv4_sysctl_header);
507#endif
508 nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops)); 455 nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
509 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4); 456 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
510 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_icmp); 457 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_icmp);
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 95fc22b49694..c59f28193a39 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -25,7 +25,7 @@
25#include <net/netfilter/nf_conntrack_l4proto.h> 25#include <net/netfilter/nf_conntrack_l4proto.h>
26#include <net/netfilter/nf_conntrack_core.h> 26#include <net/netfilter/nf_conntrack_core.h>
27 27
28unsigned long nf_ct_icmp_timeout __read_mostly = 30*HZ; 28static unsigned long nf_ct_icmp_timeout __read_mostly = 30*HZ;
29 29
30#if 0 30#if 0
31#define DEBUGP printk 31#define DEBUGP printk
@@ -321,6 +321,23 @@ static int icmp_nfattr_to_tuple(struct nfattr *tb[],
321} 321}
322#endif 322#endif
323 323
324#ifdef CONFIG_SYSCTL
325static struct ctl_table_header *icmp_sysctl_header;
326static struct ctl_table icmp_sysctl_table[] = {
327 {
328 .ctl_name = NET_NF_CONNTRACK_ICMP_TIMEOUT,
329 .procname = "nf_conntrack_icmp_timeout",
330 .data = &nf_ct_icmp_timeout,
331 .maxlen = sizeof(unsigned int),
332 .mode = 0644,
333 .proc_handler = &proc_dointvec_jiffies,
334 },
335 {
336 .ctl_name = 0
337 }
338};
339#endif /* CONFIG_SYSCTL */
340
324struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp = 341struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
325{ 342{
326 .l3proto = PF_INET, 343 .l3proto = PF_INET,
@@ -340,6 +357,10 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
340 .tuple_to_nfattr = icmp_tuple_to_nfattr, 357 .tuple_to_nfattr = icmp_tuple_to_nfattr,
341 .nfattr_to_tuple = icmp_nfattr_to_tuple, 358 .nfattr_to_tuple = icmp_nfattr_to_tuple,
342#endif 359#endif
360#ifdef CONFIG_SYSCTL
361 .ctl_table_header = &icmp_sysctl_header,
362 .ctl_table = icmp_sysctl_table,
363#endif
343}; 364};
344 365
345EXPORT_SYMBOL(nf_conntrack_l4proto_icmp); 366EXPORT_SYMBOL(nf_conntrack_l4proto_icmp);
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 9108ecc22bea..a20615ffccff 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -324,21 +324,7 @@ static struct nf_hook_ops ipv6_conntrack_ops[] = {
324}; 324};
325 325
326#ifdef CONFIG_SYSCTL 326#ifdef CONFIG_SYSCTL
327 327static ctl_table nf_ct_ipv6_sysctl_table[] = {
328/* From nf_conntrack_proto_icmpv6.c */
329extern unsigned int nf_ct_icmpv6_timeout;
330
331static struct ctl_table_header *nf_ct_ipv6_sysctl_header;
332
333static ctl_table nf_ct_sysctl_table[] = {
334 {
335 .ctl_name = NET_NF_CONNTRACK_ICMPV6_TIMEOUT,
336 .procname = "nf_conntrack_icmpv6_timeout",
337 .data = &nf_ct_icmpv6_timeout,
338 .maxlen = sizeof(unsigned int),
339 .mode = 0644,
340 .proc_handler = &proc_dointvec_jiffies,
341 },
342 { 328 {
343 .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT, 329 .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT,
344 .procname = "nf_conntrack_frag6_timeout", 330 .procname = "nf_conntrack_frag6_timeout",
@@ -365,26 +351,6 @@ static ctl_table nf_ct_sysctl_table[] = {
365 }, 351 },
366 { .ctl_name = 0 } 352 { .ctl_name = 0 }
367}; 353};
368
369static ctl_table nf_ct_netfilter_table[] = {
370 {
371 .ctl_name = NET_NETFILTER,
372 .procname = "netfilter",
373 .mode = 0555,
374 .child = nf_ct_sysctl_table,
375 },
376 { .ctl_name = 0 }
377};
378
379static ctl_table nf_ct_net_table[] = {
380 {
381 .ctl_name = CTL_NET,
382 .procname = "net",
383 .mode = 0555,
384 .child = nf_ct_netfilter_table,
385 },
386 { .ctl_name = 0 }
387};
388#endif 354#endif
389 355
390#if defined(CONFIG_NF_CT_NETLINK) || \ 356#if defined(CONFIG_NF_CT_NETLINK) || \
@@ -442,6 +408,10 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6 = {
442 .tuple_to_nfattr = ipv6_tuple_to_nfattr, 408 .tuple_to_nfattr = ipv6_tuple_to_nfattr,
443 .nfattr_to_tuple = ipv6_nfattr_to_tuple, 409 .nfattr_to_tuple = ipv6_nfattr_to_tuple,
444#endif 410#endif
411#ifdef CONFIG_SYSCTL
412 .ctl_table_path = nf_net_netfilter_sysctl_path,
413 .ctl_table = nf_ct_ipv6_sysctl_table,
414#endif
445 .get_features = ipv6_get_features, 415 .get_features = ipv6_get_features,
446 .me = THIS_MODULE, 416 .me = THIS_MODULE,
447}; 417};
@@ -492,20 +462,8 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
492 "hook.\n"); 462 "hook.\n");
493 goto cleanup_ipv6; 463 goto cleanup_ipv6;
494 } 464 }
495#ifdef CONFIG_SYSCTL
496 nf_ct_ipv6_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
497 if (nf_ct_ipv6_sysctl_header == NULL) {
498 printk("nf_conntrack: can't register to sysctl.\n");
499 ret = -ENOMEM;
500 goto cleanup_hooks;
501 }
502#endif
503 return ret; 465 return ret;
504 466
505#ifdef CONFIG_SYSCTL
506 cleanup_hooks:
507 nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
508#endif
509 cleanup_ipv6: 467 cleanup_ipv6:
510 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6); 468 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6);
511 cleanup_icmpv6: 469 cleanup_icmpv6:
@@ -522,9 +480,6 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
522static void __exit nf_conntrack_l3proto_ipv6_fini(void) 480static void __exit nf_conntrack_l3proto_ipv6_fini(void)
523{ 481{
524 synchronize_net(); 482 synchronize_net();
525#ifdef CONFIG_SYSCTL
526 unregister_sysctl_table(nf_ct_ipv6_sysctl_header);
527#endif
528 nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops)); 483 nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
529 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6); 484 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6);
530 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_icmpv6); 485 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_icmpv6);
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index b3b468c0ef7a..1e8e700f6135 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -33,7 +33,7 @@
33#include <net/netfilter/nf_conntrack_core.h> 33#include <net/netfilter/nf_conntrack_core.h>
34#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h> 34#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>
35 35
36unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ; 36static unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ;
37 37
38#if 0 38#if 0
39#define DEBUGP printk 39#define DEBUGP printk
@@ -298,6 +298,23 @@ static int icmpv6_nfattr_to_tuple(struct nfattr *tb[],
298} 298}
299#endif 299#endif
300 300
301#ifdef CONFIG_SYSCTL
302static struct ctl_table_header *icmpv6_sysctl_header;
303static struct ctl_table icmpv6_sysctl_table[] = {
304 {
305 .ctl_name = NET_NF_CONNTRACK_ICMPV6_TIMEOUT,
306 .procname = "nf_conntrack_icmpv6_timeout",
307 .data = &nf_ct_icmpv6_timeout,
308 .maxlen = sizeof(unsigned int),
309 .mode = 0644,
310 .proc_handler = &proc_dointvec_jiffies,
311 },
312 {
313 .ctl_name = 0
314 }
315};
316#endif /* CONFIG_SYSCTL */
317
301struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 = 318struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 =
302{ 319{
303 .l3proto = PF_INET6, 320 .l3proto = PF_INET6,
@@ -315,6 +332,10 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 =
315 .tuple_to_nfattr = icmpv6_tuple_to_nfattr, 332 .tuple_to_nfattr = icmpv6_tuple_to_nfattr,
316 .nfattr_to_tuple = icmpv6_nfattr_to_tuple, 333 .nfattr_to_tuple = icmpv6_nfattr_to_tuple,
317#endif 334#endif
335#ifdef CONFIG_SYSCTL
336 .ctl_table_header = &icmpv6_sysctl_header,
337 .ctl_table = icmpv6_sysctl_table,
338#endif
318}; 339};
319 340
320EXPORT_SYMBOL(nf_conntrack_l4proto_icmpv6); 341EXPORT_SYMBOL(nf_conntrack_l4proto_icmpv6);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 3e7c0a90003a..4b972791149d 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1070,6 +1070,8 @@ void nf_conntrack_cleanup(void)
1070 free_conntrack_hash(nf_conntrack_hash, nf_conntrack_vmalloc, 1070 free_conntrack_hash(nf_conntrack_hash, nf_conntrack_vmalloc,
1071 nf_conntrack_htable_size); 1071 nf_conntrack_htable_size);
1072 1072
1073 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_generic);
1074
1073 /* free l3proto protocol tables */ 1075 /* free l3proto protocol tables */
1074 for (i = 0; i < PF_MAX; i++) 1076 for (i = 0; i < PF_MAX; i++)
1075 if (nf_ct_protos[i]) { 1077 if (nf_ct_protos[i]) {
@@ -1195,6 +1197,10 @@ int __init nf_conntrack_init(void)
1195 goto err_free_conntrack_slab; 1197 goto err_free_conntrack_slab;
1196 } 1198 }
1197 1199
1200 ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_generic);
1201 if (ret < 0)
1202 goto out_free_expect_slab;
1203
1198 /* Don't NEED lock here, but good form anyway. */ 1204 /* Don't NEED lock here, but good form anyway. */
1199 write_lock_bh(&nf_conntrack_lock); 1205 write_lock_bh(&nf_conntrack_lock);
1200 for (i = 0; i < AF_MAX; i++) 1206 for (i = 0; i < AF_MAX; i++)
@@ -1212,6 +1218,8 @@ int __init nf_conntrack_init(void)
1212 1218
1213 return ret; 1219 return ret;
1214 1220
1221out_free_expect_slab:
1222 kmem_cache_destroy(nf_conntrack_expect_cachep);
1215err_free_conntrack_slab: 1223err_free_conntrack_slab:
1216 nf_conntrack_unregister_cache(NF_CT_F_BASIC); 1224 nf_conntrack_unregister_cache(NF_CT_F_BASIC);
1217err_free_hash: 1225err_free_hash:
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 941b5c3754af..891c9c56c319 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -252,7 +252,7 @@ static int nf_ct_l4proto_register_sysctl(struct nf_conntrack_l4proto *l4proto)
252 l4proto->ctl_table_users); 252 l4proto->ctl_table_users);
253 } 253 }
254 mutex_unlock(&nf_ct_proto_sysctl_mutex); 254 mutex_unlock(&nf_ct_proto_sysctl_mutex);
255#endif 255#endif /* CONFIG_SYSCTL */
256 return err; 256 return err;
257} 257}
258 258
@@ -266,7 +266,7 @@ static void nf_ct_l4proto_unregister_sysctl(struct nf_conntrack_l4proto *l4proto
266 l4proto->ctl_table, 266 l4proto->ctl_table,
267 l4proto->ctl_table_users); 267 l4proto->ctl_table_users);
268 mutex_unlock(&nf_ct_proto_sysctl_mutex); 268 mutex_unlock(&nf_ct_proto_sysctl_mutex);
269#endif 269#endif /* CONFIG_SYSCTL */
270} 270}
271 271
272/* FIXME: Allow NULL functions and sub in pointers to generic for 272/* FIXME: Allow NULL functions and sub in pointers to generic for
@@ -280,6 +280,9 @@ int nf_conntrack_l4proto_register(struct nf_conntrack_l4proto *l4proto)
280 goto out; 280 goto out;
281 } 281 }
282 282
283 if (l4proto == &nf_conntrack_l4proto_generic)
284 return nf_ct_l4proto_register_sysctl(l4proto);
285
283retry: 286retry:
284 write_lock_bh(&nf_conntrack_lock); 287 write_lock_bh(&nf_conntrack_lock);
285 if (nf_ct_protos[l4proto->l3proto]) { 288 if (nf_ct_protos[l4proto->l3proto]) {
@@ -346,6 +349,11 @@ int nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *l4proto)
346 goto out; 349 goto out;
347 } 350 }
348 351
352 if (l4proto == &nf_conntrack_l4proto_generic) {
353 nf_ct_l4proto_unregister_sysctl(l4proto);
354 goto out;
355 }
356
349 write_lock_bh(&nf_conntrack_lock); 357 write_lock_bh(&nf_conntrack_lock);
350 if (nf_ct_protos[l4proto->l3proto][l4proto->l4proto] 358 if (nf_ct_protos[l4proto->l3proto][l4proto->l4proto]
351 != l4proto) { 359 != l4proto) {
diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
index f44811e0b475..15306b952510 100644
--- a/net/netfilter/nf_conntrack_proto_generic.c
+++ b/net/netfilter/nf_conntrack_proto_generic.c
@@ -17,7 +17,7 @@
17#include <linux/netfilter.h> 17#include <linux/netfilter.h>
18#include <net/netfilter/nf_conntrack_l4proto.h> 18#include <net/netfilter/nf_conntrack_l4proto.h>
19 19
20unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ; 20static unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ;
21 21
22static int generic_pkt_to_tuple(const struct sk_buff *skb, 22static int generic_pkt_to_tuple(const struct sk_buff *skb,
23 unsigned int dataoff, 23 unsigned int dataoff,
@@ -71,6 +71,23 @@ static int new(struct nf_conn *conntrack, const struct sk_buff *skb,
71 return 1; 71 return 1;
72} 72}
73 73
74#ifdef CONFIG_SYSCTL
75static struct ctl_table_header *generic_sysctl_header;
76static struct ctl_table generic_sysctl_table[] = {
77 {
78 .ctl_name = NET_NF_CONNTRACK_GENERIC_TIMEOUT,
79 .procname = "nf_conntrack_generic_timeout",
80 .data = &nf_ct_generic_timeout,
81 .maxlen = sizeof(unsigned int),
82 .mode = 0644,
83 .proc_handler = &proc_dointvec_jiffies,
84 },
85 {
86 .ctl_name = 0
87 }
88};
89#endif /* CONFIG_SYSCTL */
90
74struct nf_conntrack_l4proto nf_conntrack_l4proto_generic = 91struct nf_conntrack_l4proto nf_conntrack_l4proto_generic =
75{ 92{
76 .l3proto = PF_UNSPEC, 93 .l3proto = PF_UNSPEC,
@@ -82,4 +99,8 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_generic =
82 .print_conntrack = generic_print_conntrack, 99 .print_conntrack = generic_print_conntrack,
83 .packet = packet, 100 .packet = packet,
84 .new = new, 101 .new = new,
102#ifdef CONFIG_SYSCTL
103 .ctl_table_header = &generic_sysctl_header,
104 .ctl_table = generic_sysctl_table,
105#endif
85}; 106};
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index 5115619138e4..cc693308878f 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -509,36 +509,10 @@ static int sctp_new(struct nf_conn *conntrack, const struct sk_buff *skb,
509 return 1; 509 return 1;
510} 510}
511 511
512struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = {
513 .l3proto = PF_INET,
514 .l4proto = IPPROTO_SCTP,
515 .name = "sctp",
516 .pkt_to_tuple = sctp_pkt_to_tuple,
517 .invert_tuple = sctp_invert_tuple,
518 .print_tuple = sctp_print_tuple,
519 .print_conntrack = sctp_print_conntrack,
520 .packet = sctp_packet,
521 .new = sctp_new,
522 .destroy = NULL,
523 .me = THIS_MODULE
524};
525
526struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 = {
527 .l3proto = PF_INET6,
528 .l4proto = IPPROTO_SCTP,
529 .name = "sctp",
530 .pkt_to_tuple = sctp_pkt_to_tuple,
531 .invert_tuple = sctp_invert_tuple,
532 .print_tuple = sctp_print_tuple,
533 .print_conntrack = sctp_print_conntrack,
534 .packet = sctp_packet,
535 .new = sctp_new,
536 .destroy = NULL,
537 .me = THIS_MODULE
538};
539
540#ifdef CONFIG_SYSCTL 512#ifdef CONFIG_SYSCTL
541static ctl_table nf_ct_sysctl_table[] = { 513static unsigned int sctp_sysctl_table_users;
514static struct ctl_table_header *sctp_sysctl_header;
515static struct ctl_table sctp_sysctl_table[] = {
542 { 516 {
543 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED, 517 .ctl_name = NET_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED,
544 .procname = "nf_conntrack_sctp_timeout_closed", 518 .procname = "nf_conntrack_sctp_timeout_closed",
@@ -595,31 +569,47 @@ static ctl_table nf_ct_sysctl_table[] = {
595 .mode = 0644, 569 .mode = 0644,
596 .proc_handler = &proc_dointvec_jiffies, 570 .proc_handler = &proc_dointvec_jiffies,
597 }, 571 },
598 { .ctl_name = 0 }
599};
600
601static ctl_table nf_ct_netfilter_table[] = {
602 { 572 {
603 .ctl_name = NET_NETFILTER, 573 .ctl_name = 0
604 .procname = "netfilter", 574 }
605 .mode = 0555,
606 .child = nf_ct_sysctl_table,
607 },
608 { .ctl_name = 0 }
609}; 575};
576#endif
610 577
611static ctl_table nf_ct_net_table[] = { 578struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = {
612 { 579 .l3proto = PF_INET,
613 .ctl_name = CTL_NET, 580 .l4proto = IPPROTO_SCTP,
614 .procname = "net", 581 .name = "sctp",
615 .mode = 0555, 582 .pkt_to_tuple = sctp_pkt_to_tuple,
616 .child = nf_ct_netfilter_table, 583 .invert_tuple = sctp_invert_tuple,
617 }, 584 .print_tuple = sctp_print_tuple,
618 { .ctl_name = 0 } 585 .print_conntrack = sctp_print_conntrack,
586 .packet = sctp_packet,
587 .new = sctp_new,
588 .me = THIS_MODULE,
589#ifdef CONFIG_SYSCTL
590 .ctl_table_users = &sctp_sysctl_table_users,
591 .ctl_table_header = &sctp_sysctl_header,
592 .ctl_table = sctp_sysctl_table,
593#endif
619}; 594};
620 595
621static struct ctl_table_header *nf_ct_sysctl_header; 596struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 = {
597 .l3proto = PF_INET6,
598 .l4proto = IPPROTO_SCTP,
599 .name = "sctp",
600 .pkt_to_tuple = sctp_pkt_to_tuple,
601 .invert_tuple = sctp_invert_tuple,
602 .print_tuple = sctp_print_tuple,
603 .print_conntrack = sctp_print_conntrack,
604 .packet = sctp_packet,
605 .new = sctp_new,
606 .me = THIS_MODULE,
607#ifdef CONFIG_SYSCTL
608 .ctl_table_users = &sctp_sysctl_table_users,
609 .ctl_table_header = &sctp_sysctl_header,
610 .ctl_table = sctp_sysctl_table,
622#endif 611#endif
612};
623 613
624int __init nf_conntrack_proto_sctp_init(void) 614int __init nf_conntrack_proto_sctp_init(void)
625{ 615{
@@ -636,20 +626,8 @@ int __init nf_conntrack_proto_sctp_init(void)
636 goto cleanup_sctp4; 626 goto cleanup_sctp4;
637 } 627 }
638 628
639#ifdef CONFIG_SYSCTL
640 nf_ct_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
641 if (nf_ct_sysctl_header == NULL) {
642 printk("nf_conntrack_proto_sctp: can't register to sysctl.\n");
643 goto cleanup;
644 }
645#endif
646
647 return ret; 629 return ret;
648 630
649#ifdef CONFIG_SYSCTL
650 cleanup:
651 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp6);
652#endif
653 cleanup_sctp4: 631 cleanup_sctp4:
654 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp4); 632 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp4);
655 out: 633 out:
@@ -662,9 +640,6 @@ void __exit nf_conntrack_proto_sctp_fini(void)
662{ 640{
663 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp6); 641 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp6);
664 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp4); 642 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_sctp4);
665#ifdef CONFIG_SYSCTL
666 unregister_sysctl_table(nf_ct_sysctl_header);
667#endif
668 DEBUGP("SCTP conntrack module unloaded\n"); 643 DEBUGP("SCTP conntrack module unloaded\n");
669} 644}
670 645
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 32b88b7efc46..6f6f9a061e76 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -93,22 +93,22 @@ static const char *tcp_conntrack_names[] = {
93#define HOURS * 60 MINS 93#define HOURS * 60 MINS
94#define DAYS * 24 HOURS 94#define DAYS * 24 HOURS
95 95
96unsigned int nf_ct_tcp_timeout_syn_sent __read_mostly = 2 MINS; 96static unsigned int nf_ct_tcp_timeout_syn_sent __read_mostly = 2 MINS;
97unsigned int nf_ct_tcp_timeout_syn_recv __read_mostly = 60 SECS; 97static unsigned int nf_ct_tcp_timeout_syn_recv __read_mostly = 60 SECS;
98unsigned int nf_ct_tcp_timeout_established __read_mostly = 5 DAYS; 98static unsigned int nf_ct_tcp_timeout_established __read_mostly = 5 DAYS;
99unsigned int nf_ct_tcp_timeout_fin_wait __read_mostly = 2 MINS; 99static unsigned int nf_ct_tcp_timeout_fin_wait __read_mostly = 2 MINS;
100unsigned int nf_ct_tcp_timeout_close_wait __read_mostly = 60 SECS; 100static unsigned int nf_ct_tcp_timeout_close_wait __read_mostly = 60 SECS;
101unsigned int nf_ct_tcp_timeout_last_ack __read_mostly = 30 SECS; 101static unsigned int nf_ct_tcp_timeout_last_ack __read_mostly = 30 SECS;
102unsigned int nf_ct_tcp_timeout_time_wait __read_mostly = 2 MINS; 102static unsigned int nf_ct_tcp_timeout_time_wait __read_mostly = 2 MINS;
103unsigned int nf_ct_tcp_timeout_close __read_mostly = 10 SECS; 103static unsigned int nf_ct_tcp_timeout_close __read_mostly = 10 SECS;
104 104
105/* RFC1122 says the R2 limit should be at least 100 seconds. 105/* RFC1122 says the R2 limit should be at least 100 seconds.
106 Linux uses 15 packets as limit, which corresponds 106 Linux uses 15 packets as limit, which corresponds
107 to ~13-30min depending on RTO. */ 107 to ~13-30min depending on RTO. */
108unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS; 108static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS;
109 109
110static unsigned int * tcp_timeouts[] 110static unsigned int * tcp_timeouts[] = {
111= { NULL, /* TCP_CONNTRACK_NONE */ 111 NULL, /* TCP_CONNTRACK_NONE */
112 &nf_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */ 112 &nf_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */
113 &nf_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */ 113 &nf_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */
114 &nf_ct_tcp_timeout_established, /* TCP_CONNTRACK_ESTABLISHED, */ 114 &nf_ct_tcp_timeout_established, /* TCP_CONNTRACK_ESTABLISHED, */
@@ -1168,7 +1168,113 @@ static int nfattr_to_tcp(struct nfattr *cda[], struct nf_conn *ct)
1168 return 0; 1168 return 0;
1169} 1169}
1170#endif 1170#endif
1171 1171
1172#ifdef CONFIG_SYSCTL
1173static unsigned int tcp_sysctl_table_users;
1174static struct ctl_table_header *tcp_sysctl_header;
1175static struct ctl_table tcp_sysctl_table[] = {
1176 {
1177 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT,
1178 .procname = "nf_conntrack_tcp_timeout_syn_sent",
1179 .data = &nf_ct_tcp_timeout_syn_sent,
1180 .maxlen = sizeof(unsigned int),
1181 .mode = 0644,
1182 .proc_handler = &proc_dointvec_jiffies,
1183 },
1184 {
1185 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV,
1186 .procname = "nf_conntrack_tcp_timeout_syn_recv",
1187 .data = &nf_ct_tcp_timeout_syn_recv,
1188 .maxlen = sizeof(unsigned int),
1189 .mode = 0644,
1190 .proc_handler = &proc_dointvec_jiffies,
1191 },
1192 {
1193 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED,
1194 .procname = "nf_conntrack_tcp_timeout_established",
1195 .data = &nf_ct_tcp_timeout_established,
1196 .maxlen = sizeof(unsigned int),
1197 .mode = 0644,
1198 .proc_handler = &proc_dointvec_jiffies,
1199 },
1200 {
1201 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT,
1202 .procname = "nf_conntrack_tcp_timeout_fin_wait",
1203 .data = &nf_ct_tcp_timeout_fin_wait,
1204 .maxlen = sizeof(unsigned int),
1205 .mode = 0644,
1206 .proc_handler = &proc_dointvec_jiffies,
1207 },
1208 {
1209 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT,
1210 .procname = "nf_conntrack_tcp_timeout_close_wait",
1211 .data = &nf_ct_tcp_timeout_close_wait,
1212 .maxlen = sizeof(unsigned int),
1213 .mode = 0644,
1214 .proc_handler = &proc_dointvec_jiffies,
1215 },
1216 {
1217 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK,
1218 .procname = "nf_conntrack_tcp_timeout_last_ack",
1219 .data = &nf_ct_tcp_timeout_last_ack,
1220 .maxlen = sizeof(unsigned int),
1221 .mode = 0644,
1222 .proc_handler = &proc_dointvec_jiffies,
1223 },
1224 {
1225 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT,
1226 .procname = "nf_conntrack_tcp_timeout_time_wait",
1227 .data = &nf_ct_tcp_timeout_time_wait,
1228 .maxlen = sizeof(unsigned int),
1229 .mode = 0644,
1230 .proc_handler = &proc_dointvec_jiffies,
1231 },
1232 {
1233 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE,
1234 .procname = "nf_conntrack_tcp_timeout_close",
1235 .data = &nf_ct_tcp_timeout_close,
1236 .maxlen = sizeof(unsigned int),
1237 .mode = 0644,
1238 .proc_handler = &proc_dointvec_jiffies,
1239 },
1240 {
1241 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_MAX_RETRANS,
1242 .procname = "nf_conntrack_tcp_timeout_max_retrans",
1243 .data = &nf_ct_tcp_timeout_max_retrans,
1244 .maxlen = sizeof(unsigned int),
1245 .mode = 0644,
1246 .proc_handler = &proc_dointvec_jiffies,
1247 },
1248 {
1249 .ctl_name = NET_NF_CONNTRACK_TCP_LOOSE,
1250 .procname = "nf_conntrack_tcp_loose",
1251 .data = &nf_ct_tcp_loose,
1252 .maxlen = sizeof(unsigned int),
1253 .mode = 0644,
1254 .proc_handler = &proc_dointvec,
1255 },
1256 {
1257 .ctl_name = NET_NF_CONNTRACK_TCP_BE_LIBERAL,
1258 .procname = "nf_conntrack_tcp_be_liberal",
1259 .data = &nf_ct_tcp_be_liberal,
1260 .maxlen = sizeof(unsigned int),
1261 .mode = 0644,
1262 .proc_handler = &proc_dointvec,
1263 },
1264 {
1265 .ctl_name = NET_NF_CONNTRACK_TCP_MAX_RETRANS,
1266 .procname = "nf_conntrack_tcp_max_retrans",
1267 .data = &nf_ct_tcp_max_retrans,
1268 .maxlen = sizeof(unsigned int),
1269 .mode = 0644,
1270 .proc_handler = &proc_dointvec,
1271 },
1272 {
1273 .ctl_name = 0
1274 }
1275};
1276#endif /* CONFIG_SYSCTL */
1277
1172struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 = 1278struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 =
1173{ 1279{
1174 .l3proto = PF_INET, 1280 .l3proto = PF_INET,
@@ -1188,6 +1294,11 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 =
1188 .tuple_to_nfattr = nf_ct_port_tuple_to_nfattr, 1294 .tuple_to_nfattr = nf_ct_port_tuple_to_nfattr,
1189 .nfattr_to_tuple = nf_ct_port_nfattr_to_tuple, 1295 .nfattr_to_tuple = nf_ct_port_nfattr_to_tuple,
1190#endif 1296#endif
1297#ifdef CONFIG_SYSCTL
1298 .ctl_table_users = &tcp_sysctl_table_users,
1299 .ctl_table_header = &tcp_sysctl_header,
1300 .ctl_table = tcp_sysctl_table,
1301#endif
1191}; 1302};
1192 1303
1193struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 = 1304struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 =
@@ -1209,6 +1320,11 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 =
1209 .tuple_to_nfattr = nf_ct_port_tuple_to_nfattr, 1320 .tuple_to_nfattr = nf_ct_port_tuple_to_nfattr,
1210 .nfattr_to_tuple = nf_ct_port_nfattr_to_tuple, 1321 .nfattr_to_tuple = nf_ct_port_nfattr_to_tuple,
1211#endif 1322#endif
1323#ifdef CONFIG_SYSCTL
1324 .ctl_table_users = &tcp_sysctl_table_users,
1325 .ctl_table_header = &tcp_sysctl_header,
1326 .ctl_table = tcp_sysctl_table,
1327#endif
1212}; 1328};
1213 1329
1214EXPORT_SYMBOL(nf_conntrack_l4proto_tcp4); 1330EXPORT_SYMBOL(nf_conntrack_l4proto_tcp4);
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 200d7d324362..d86749cb4a46 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -29,8 +29,8 @@
29#include <net/netfilter/nf_conntrack_l4proto.h> 29#include <net/netfilter/nf_conntrack_l4proto.h>
30#include <net/netfilter/nf_conntrack_ecache.h> 30#include <net/netfilter/nf_conntrack_ecache.h>
31 31
32unsigned int nf_ct_udp_timeout __read_mostly = 30*HZ; 32static unsigned int nf_ct_udp_timeout __read_mostly = 30*HZ;
33unsigned int nf_ct_udp_timeout_stream __read_mostly = 180*HZ; 33static unsigned int nf_ct_udp_timeout_stream __read_mostly = 180*HZ;
34 34
35static int udp_pkt_to_tuple(const struct sk_buff *skb, 35static int udp_pkt_to_tuple(const struct sk_buff *skb,
36 unsigned int dataoff, 36 unsigned int dataoff,
@@ -148,6 +148,32 @@ static int udp_error(struct sk_buff *skb, unsigned int dataoff,
148 return NF_ACCEPT; 148 return NF_ACCEPT;
149} 149}
150 150
151#ifdef CONFIG_SYSCTL
152static unsigned int udp_sysctl_table_users;
153static struct ctl_table_header *udp_sysctl_header;
154static struct ctl_table udp_sysctl_table[] = {
155 {
156 .ctl_name = NET_NF_CONNTRACK_UDP_TIMEOUT,
157 .procname = "nf_conntrack_udp_timeout",
158 .data = &nf_ct_udp_timeout,
159 .maxlen = sizeof(unsigned int),
160 .mode = 0644,
161 .proc_handler = &proc_dointvec_jiffies,
162 },
163 {
164 .ctl_name = NET_NF_CONNTRACK_UDP_TIMEOUT_STREAM,
165 .procname = "nf_conntrack_udp_timeout_stream",
166 .data = &nf_ct_udp_timeout_stream,
167 .maxlen = sizeof(unsigned int),
168 .mode = 0644,
169 .proc_handler = &proc_dointvec_jiffies,
170 },
171 {
172 .ctl_name = 0
173 }
174};
175#endif /* CONFIG_SYSCTL */
176
151struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 = 177struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 =
152{ 178{
153 .l3proto = PF_INET, 179 .l3proto = PF_INET,
@@ -165,6 +191,11 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 =
165 .tuple_to_nfattr = nf_ct_port_tuple_to_nfattr, 191 .tuple_to_nfattr = nf_ct_port_tuple_to_nfattr,
166 .nfattr_to_tuple = nf_ct_port_nfattr_to_tuple, 192 .nfattr_to_tuple = nf_ct_port_nfattr_to_tuple,
167#endif 193#endif
194#ifdef CONFIG_SYSCTL
195 .ctl_table_users = &udp_sysctl_table_users,
196 .ctl_table_header = &udp_sysctl_header,
197 .ctl_table = udp_sysctl_table,
198#endif
168}; 199};
169 200
170struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 = 201struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 =
@@ -184,6 +215,11 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 =
184 .tuple_to_nfattr = nf_ct_port_tuple_to_nfattr, 215 .tuple_to_nfattr = nf_ct_port_tuple_to_nfattr,
185 .nfattr_to_tuple = nf_ct_port_nfattr_to_tuple, 216 .nfattr_to_tuple = nf_ct_port_nfattr_to_tuple,
186#endif 217#endif
218#ifdef CONFIG_SYSCTL
219 .ctl_table_users = &udp_sysctl_table_users,
220 .ctl_table_header = &udp_sysctl_header,
221 .ctl_table = udp_sysctl_table,
222#endif
187}; 223};
188 224
189EXPORT_SYMBOL(nf_conntrack_l4proto_udp4); 225EXPORT_SYMBOL(nf_conntrack_l4proto_udp4);
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 2283a2686949..9d8906848b98 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -330,28 +330,6 @@ static struct file_operations ct_cpu_seq_fops = {
330int nf_conntrack_checksum __read_mostly = 1; 330int nf_conntrack_checksum __read_mostly = 1;
331 331
332#ifdef CONFIG_SYSCTL 332#ifdef CONFIG_SYSCTL
333
334/* From nf_conntrack_proto_tcp.c */
335extern unsigned int nf_ct_tcp_timeout_syn_sent;
336extern unsigned int nf_ct_tcp_timeout_syn_recv;
337extern unsigned int nf_ct_tcp_timeout_established;
338extern unsigned int nf_ct_tcp_timeout_fin_wait;
339extern unsigned int nf_ct_tcp_timeout_close_wait;
340extern unsigned int nf_ct_tcp_timeout_last_ack;
341extern unsigned int nf_ct_tcp_timeout_time_wait;
342extern unsigned int nf_ct_tcp_timeout_close;
343extern unsigned int nf_ct_tcp_timeout_max_retrans;
344extern int nf_ct_tcp_loose;
345extern int nf_ct_tcp_be_liberal;
346extern int nf_ct_tcp_max_retrans;
347
348/* From nf_conntrack_proto_udp.c */
349extern unsigned int nf_ct_udp_timeout;
350extern unsigned int nf_ct_udp_timeout_stream;
351
352/* From nf_conntrack_proto_generic.c */
353extern unsigned int nf_ct_generic_timeout;
354
355/* Log invalid packets of a given protocol */ 333/* Log invalid packets of a given protocol */
356static int log_invalid_proto_min = 0; 334static int log_invalid_proto_min = 0;
357static int log_invalid_proto_max = 255; 335static int log_invalid_proto_max = 255;
@@ -392,94 +370,6 @@ static ctl_table nf_ct_sysctl_table[] = {
392 .proc_handler = &proc_dointvec, 370 .proc_handler = &proc_dointvec,
393 }, 371 },
394 { 372 {
395 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT,
396 .procname = "nf_conntrack_tcp_timeout_syn_sent",
397 .data = &nf_ct_tcp_timeout_syn_sent,
398 .maxlen = sizeof(unsigned int),
399 .mode = 0644,
400 .proc_handler = &proc_dointvec_jiffies,
401 },
402 {
403 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV,
404 .procname = "nf_conntrack_tcp_timeout_syn_recv",
405 .data = &nf_ct_tcp_timeout_syn_recv,
406 .maxlen = sizeof(unsigned int),
407 .mode = 0644,
408 .proc_handler = &proc_dointvec_jiffies,
409 },
410 {
411 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED,
412 .procname = "nf_conntrack_tcp_timeout_established",
413 .data = &nf_ct_tcp_timeout_established,
414 .maxlen = sizeof(unsigned int),
415 .mode = 0644,
416 .proc_handler = &proc_dointvec_jiffies,
417 },
418 {
419 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT,
420 .procname = "nf_conntrack_tcp_timeout_fin_wait",
421 .data = &nf_ct_tcp_timeout_fin_wait,
422 .maxlen = sizeof(unsigned int),
423 .mode = 0644,
424 .proc_handler = &proc_dointvec_jiffies,
425 },
426 {
427 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT,
428 .procname = "nf_conntrack_tcp_timeout_close_wait",
429 .data = &nf_ct_tcp_timeout_close_wait,
430 .maxlen = sizeof(unsigned int),
431 .mode = 0644,
432 .proc_handler = &proc_dointvec_jiffies,
433 },
434 {
435 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK,
436 .procname = "nf_conntrack_tcp_timeout_last_ack",
437 .data = &nf_ct_tcp_timeout_last_ack,
438 .maxlen = sizeof(unsigned int),
439 .mode = 0644,
440 .proc_handler = &proc_dointvec_jiffies,
441 },
442 {
443 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT,
444 .procname = "nf_conntrack_tcp_timeout_time_wait",
445 .data = &nf_ct_tcp_timeout_time_wait,
446 .maxlen = sizeof(unsigned int),
447 .mode = 0644,
448 .proc_handler = &proc_dointvec_jiffies,
449 },
450 {
451 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE,
452 .procname = "nf_conntrack_tcp_timeout_close",
453 .data = &nf_ct_tcp_timeout_close,
454 .maxlen = sizeof(unsigned int),
455 .mode = 0644,
456 .proc_handler = &proc_dointvec_jiffies,
457 },
458 {
459 .ctl_name = NET_NF_CONNTRACK_UDP_TIMEOUT,
460 .procname = "nf_conntrack_udp_timeout",
461 .data = &nf_ct_udp_timeout,
462 .maxlen = sizeof(unsigned int),
463 .mode = 0644,
464 .proc_handler = &proc_dointvec_jiffies,
465 },
466 {
467 .ctl_name = NET_NF_CONNTRACK_UDP_TIMEOUT_STREAM,
468 .procname = "nf_conntrack_udp_timeout_stream",
469 .data = &nf_ct_udp_timeout_stream,
470 .maxlen = sizeof(unsigned int),
471 .mode = 0644,
472 .proc_handler = &proc_dointvec_jiffies,
473 },
474 {
475 .ctl_name = NET_NF_CONNTRACK_GENERIC_TIMEOUT,
476 .procname = "nf_conntrack_generic_timeout",
477 .data = &nf_ct_generic_timeout,
478 .maxlen = sizeof(unsigned int),
479 .mode = 0644,
480 .proc_handler = &proc_dointvec_jiffies,
481 },
482 {
483 .ctl_name = NET_NF_CONNTRACK_LOG_INVALID, 373 .ctl_name = NET_NF_CONNTRACK_LOG_INVALID,
484 .procname = "nf_conntrack_log_invalid", 374 .procname = "nf_conntrack_log_invalid",
485 .data = &nf_ct_log_invalid, 375 .data = &nf_ct_log_invalid,
@@ -490,38 +380,6 @@ static ctl_table nf_ct_sysctl_table[] = {
490 .extra1 = &log_invalid_proto_min, 380 .extra1 = &log_invalid_proto_min,
491 .extra2 = &log_invalid_proto_max, 381 .extra2 = &log_invalid_proto_max,
492 }, 382 },
493 {
494 .ctl_name = NET_NF_CONNTRACK_TCP_TIMEOUT_MAX_RETRANS,
495 .procname = "nf_conntrack_tcp_timeout_max_retrans",
496 .data = &nf_ct_tcp_timeout_max_retrans,
497 .maxlen = sizeof(unsigned int),
498 .mode = 0644,
499 .proc_handler = &proc_dointvec_jiffies,
500 },
501 {
502 .ctl_name = NET_NF_CONNTRACK_TCP_LOOSE,
503 .procname = "nf_conntrack_tcp_loose",
504 .data = &nf_ct_tcp_loose,
505 .maxlen = sizeof(unsigned int),
506 .mode = 0644,
507 .proc_handler = &proc_dointvec,
508 },
509 {
510 .ctl_name = NET_NF_CONNTRACK_TCP_BE_LIBERAL,
511 .procname = "nf_conntrack_tcp_be_liberal",
512 .data = &nf_ct_tcp_be_liberal,
513 .maxlen = sizeof(unsigned int),
514 .mode = 0644,
515 .proc_handler = &proc_dointvec,
516 },
517 {
518 .ctl_name = NET_NF_CONNTRACK_TCP_MAX_RETRANS,
519 .procname = "nf_conntrack_tcp_max_retrans",
520 .data = &nf_ct_tcp_max_retrans,
521 .maxlen = sizeof(unsigned int),
522 .mode = 0644,
523 .proc_handler = &proc_dointvec,
524 },
525 383
526 { .ctl_name = 0 } 384 { .ctl_name = 0 }
527}; 385};
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-01 15:57:36 -0500