diff options
author | Patrick McHardy <kaber@trash.net> | 2006-11-28 20:35:20 -0500 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-03 00:31:19 -0500 |
commit | a999e6837603e4b5a164333c93918a1292f074c8 (patch) | |
tree | 22e04633ff4f046b9769ebf304520eb0e0acfa5b | |
parent | 933a41e7e12b773d1dd026018f02b86b5d257a22 (diff) |
[NETFILTER]: nf_conntrack: sysctl compatibility with old connection tracking
This patch adds an option to keep the connection tracking sysctls visible
under their old names.
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | include/net/netfilter/nf_conntrack_l4proto.h | 6 | ||||
-rw-r--r-- | net/ipv4/netfilter/Kconfig | 11 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 58 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 18 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 2 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto.c | 20 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto_generic.c | 18 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto_sctp.c | 67 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 107 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_proto_udp.c | 26 |
10 files changed, 332 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h index fe1e8fa30d2f..fc8af08ff542 100644 --- a/include/net/netfilter/nf_conntrack_l4proto.h +++ b/include/net/netfilter/nf_conntrack_l4proto.h | |||
@@ -80,7 +80,11 @@ struct nf_conntrack_l4proto | |||
80 | struct ctl_table_header **ctl_table_header; | 80 | struct ctl_table_header **ctl_table_header; |
81 | struct ctl_table *ctl_table; | 81 | struct ctl_table *ctl_table; |
82 | unsigned int *ctl_table_users; | 82 | unsigned int *ctl_table_users; |
83 | #endif /* CONFIG_SYSCTL */ | 83 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT |
84 | struct ctl_table_header *ctl_compat_table_header; | ||
85 | struct ctl_table *ctl_compat_table; | ||
86 | #endif | ||
87 | #endif | ||
84 | 88 | ||
85 | /* Module (if any) which this is connected to. */ | 89 | /* Module (if any) which this is connected to. */ |
86 | struct module *me; | 90 | struct module *me; |
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index d88c292f118c..4ac5b5c4678d 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig | |||
@@ -19,6 +19,17 @@ config NF_CONNTRACK_IPV4 | |||
19 | 19 | ||
20 | To compile it as a module, choose M here. If unsure, say N. | 20 | To compile it as a module, choose M here. If unsure, say N. |
21 | 21 | ||
22 | config NF_CONNTRACK_PROC_COMPAT | ||
23 | bool "proc/sysctl compatibility with old connection tracking" | ||
24 | depends on NF_CONNTRACK | ||
25 | default y | ||
26 | help | ||
27 | This option enables /proc and sysctl compatibility with the old | ||
28 | layer 3 dependant connection tracking. This is needed to keep | ||
29 | old programs that have not been adapted to the new names working. | ||
30 | |||
31 | If unsure, say Y. | ||
32 | |||
22 | # connection tracking, helpers and protocols | 33 | # connection tracking, helpers and protocols |
23 | config IP_NF_CONNTRACK | 34 | config IP_NF_CONNTRACK |
24 | tristate "Connection tracking (required for masq/NAT)" | 35 | tristate "Connection tracking (required for masq/NAT)" |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 786c4ce96cdf..bcec6822f2ee 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -266,6 +266,60 @@ static struct nf_hook_ops ipv4_conntrack_ops[] = { | |||
266 | }, | 266 | }, |
267 | }; | 267 | }; |
268 | 268 | ||
269 | #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) | ||
270 | static int log_invalid_proto_min = 0; | ||
271 | static int log_invalid_proto_max = 255; | ||
272 | |||
273 | static ctl_table ip_ct_sysctl_table[] = { | ||
274 | { | ||
275 | .ctl_name = NET_IPV4_NF_CONNTRACK_MAX, | ||
276 | .procname = "ip_conntrack_max", | ||
277 | .data = &nf_conntrack_max, | ||
278 | .maxlen = sizeof(int), | ||
279 | .mode = 0644, | ||
280 | .proc_handler = &proc_dointvec, | ||
281 | }, | ||
282 | { | ||
283 | .ctl_name = NET_IPV4_NF_CONNTRACK_COUNT, | ||
284 | .procname = "ip_conntrack_count", | ||
285 | .data = &nf_conntrack_count, | ||
286 | .maxlen = sizeof(int), | ||
287 | .mode = 0444, | ||
288 | .proc_handler = &proc_dointvec, | ||
289 | }, | ||
290 | { | ||
291 | .ctl_name = NET_IPV4_NF_CONNTRACK_BUCKETS, | ||
292 | .procname = "ip_conntrack_buckets", | ||
293 | .data = &nf_conntrack_htable_size, | ||
294 | .maxlen = sizeof(unsigned int), | ||
295 | .mode = 0444, | ||
296 | .proc_handler = &proc_dointvec, | ||
297 | }, | ||
298 | { | ||
299 | .ctl_name = NET_IPV4_NF_CONNTRACK_CHECKSUM, | ||
300 | .procname = "ip_conntrack_checksum", | ||
301 | .data = &nf_conntrack_checksum, | ||
302 | .maxlen = sizeof(int), | ||
303 | .mode = 0644, | ||
304 | .proc_handler = &proc_dointvec, | ||
305 | }, | ||
306 | { | ||
307 | .ctl_name = NET_IPV4_NF_CONNTRACK_LOG_INVALID, | ||
308 | .procname = "ip_conntrack_log_invalid", | ||
309 | .data = &nf_ct_log_invalid, | ||
310 | .maxlen = sizeof(unsigned int), | ||
311 | .mode = 0644, | ||
312 | .proc_handler = &proc_dointvec_minmax, | ||
313 | .strategy = &sysctl_intvec, | ||
314 | .extra1 = &log_invalid_proto_min, | ||
315 | .extra2 = &log_invalid_proto_max, | ||
316 | }, | ||
317 | { | ||
318 | .ctl_name = 0 | ||
319 | } | ||
320 | }; | ||
321 | #endif /* CONFIG_SYSCTL && CONFIG_NF_CONNTRACK_PROC_COMPAT */ | ||
322 | |||
269 | /* Fast function for those who don't want to parse /proc (and I don't | 323 | /* Fast function for those who don't want to parse /proc (and I don't |
270 | blame them). */ | 324 | blame them). */ |
271 | /* Reversing the socket's dst/src point of view gives us the reply | 325 | /* Reversing the socket's dst/src point of view gives us the reply |
@@ -386,6 +440,10 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 = { | |||
386 | .tuple_to_nfattr = ipv4_tuple_to_nfattr, | 440 | .tuple_to_nfattr = ipv4_tuple_to_nfattr, |
387 | .nfattr_to_tuple = ipv4_nfattr_to_tuple, | 441 | .nfattr_to_tuple = ipv4_nfattr_to_tuple, |
388 | #endif | 442 | #endif |
443 | #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) | ||
444 | .ctl_table_path = nf_net_ipv4_netfilter_sysctl_path, | ||
445 | .ctl_table = ip_ct_sysctl_table, | ||
446 | #endif | ||
389 | .me = THIS_MODULE, | 447 | .me = THIS_MODULE, |
390 | }; | 448 | }; |
391 | 449 | ||
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index c59f28193a39..46aa44abc078 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
@@ -336,6 +336,21 @@ static struct ctl_table icmp_sysctl_table[] = { | |||
336 | .ctl_name = 0 | 336 | .ctl_name = 0 |
337 | } | 337 | } |
338 | }; | 338 | }; |
339 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
340 | static struct ctl_table icmp_compat_sysctl_table[] = { | ||
341 | { | ||
342 | .ctl_name = NET_IPV4_NF_CONNTRACK_ICMP_TIMEOUT, | ||
343 | .procname = "ip_conntrack_icmp_timeout", | ||
344 | .data = &nf_ct_icmp_timeout, | ||
345 | .maxlen = sizeof(unsigned int), | ||
346 | .mode = 0644, | ||
347 | .proc_handler = &proc_dointvec_jiffies, | ||
348 | }, | ||
349 | { | ||
350 | .ctl_name = 0 | ||
351 | } | ||
352 | }; | ||
353 | #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ | ||
339 | #endif /* CONFIG_SYSCTL */ | 354 | #endif /* CONFIG_SYSCTL */ |
340 | 355 | ||
341 | struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp = | 356 | struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp = |
@@ -360,6 +375,9 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp = | |||
360 | #ifdef CONFIG_SYSCTL | 375 | #ifdef CONFIG_SYSCTL |
361 | .ctl_table_header = &icmp_sysctl_header, | 376 | .ctl_table_header = &icmp_sysctl_header, |
362 | .ctl_table = icmp_sysctl_table, | 377 | .ctl_table = icmp_sysctl_table, |
378 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
379 | .ctl_compat_table = icmp_compat_sysctl_table, | ||
380 | #endif | ||
363 | #endif | 381 | #endif |
364 | }; | 382 | }; |
365 | 383 | ||
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 4b972791149d..a6728067780a 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -66,10 +66,12 @@ DEFINE_RWLOCK(nf_conntrack_lock); | |||
66 | 66 | ||
67 | /* nf_conntrack_standalone needs this */ | 67 | /* nf_conntrack_standalone needs this */ |
68 | atomic_t nf_conntrack_count = ATOMIC_INIT(0); | 68 | atomic_t nf_conntrack_count = ATOMIC_INIT(0); |
69 | EXPORT_SYMBOL_GPL(nf_conntrack_count); | ||
69 | 70 | ||
70 | void (*nf_conntrack_destroyed)(struct nf_conn *conntrack) = NULL; | 71 | void (*nf_conntrack_destroyed)(struct nf_conn *conntrack) = NULL; |
71 | unsigned int nf_conntrack_htable_size __read_mostly; | 72 | unsigned int nf_conntrack_htable_size __read_mostly; |
72 | int nf_conntrack_max __read_mostly; | 73 | int nf_conntrack_max __read_mostly; |
74 | EXPORT_SYMBOL_GPL(nf_conntrack_max); | ||
73 | struct list_head *nf_conntrack_hash __read_mostly; | 75 | struct list_head *nf_conntrack_hash __read_mostly; |
74 | struct nf_conn nf_conntrack_untracked __read_mostly; | 76 | struct nf_conn nf_conntrack_untracked __read_mostly; |
75 | unsigned int nf_ct_log_invalid __read_mostly; | 77 | unsigned int nf_ct_log_invalid __read_mostly; |
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index 891c9c56c319..4798afcbbb0d 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c | |||
@@ -250,7 +250,22 @@ static int nf_ct_l4proto_register_sysctl(struct nf_conntrack_l4proto *l4proto) | |||
250 | nf_net_netfilter_sysctl_path, | 250 | nf_net_netfilter_sysctl_path, |
251 | l4proto->ctl_table, | 251 | l4proto->ctl_table, |
252 | l4proto->ctl_table_users); | 252 | l4proto->ctl_table_users); |
253 | if (err < 0) | ||
254 | goto out; | ||
253 | } | 255 | } |
256 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
257 | if (l4proto->ctl_compat_table != NULL) { | ||
258 | err = nf_ct_register_sysctl(&l4proto->ctl_compat_table_header, | ||
259 | nf_net_ipv4_netfilter_sysctl_path, | ||
260 | l4proto->ctl_compat_table, NULL); | ||
261 | if (err == 0) | ||
262 | goto out; | ||
263 | nf_ct_unregister_sysctl(l4proto->ctl_table_header, | ||
264 | l4proto->ctl_table, | ||
265 | l4proto->ctl_table_users); | ||
266 | } | ||
267 | #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ | ||
268 | out: | ||
254 | mutex_unlock(&nf_ct_proto_sysctl_mutex); | 269 | mutex_unlock(&nf_ct_proto_sysctl_mutex); |
255 | #endif /* CONFIG_SYSCTL */ | 270 | #endif /* CONFIG_SYSCTL */ |
256 | return err; | 271 | return err; |
@@ -265,6 +280,11 @@ static void nf_ct_l4proto_unregister_sysctl(struct nf_conntrack_l4proto *l4proto | |||
265 | nf_ct_unregister_sysctl(l4proto->ctl_table_header, | 280 | nf_ct_unregister_sysctl(l4proto->ctl_table_header, |
266 | l4proto->ctl_table, | 281 | l4proto->ctl_table, |
267 | l4proto->ctl_table_users); | 282 | l4proto->ctl_table_users); |
283 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
284 | if (l4proto->ctl_compat_table_header != NULL) | ||
285 | nf_ct_unregister_sysctl(&l4proto->ctl_compat_table_header, | ||
286 | l4proto->ctl_compat_table, NULL); | ||
287 | #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ | ||
268 | mutex_unlock(&nf_ct_proto_sysctl_mutex); | 288 | mutex_unlock(&nf_ct_proto_sysctl_mutex); |
269 | #endif /* CONFIG_SYSCTL */ | 289 | #endif /* CONFIG_SYSCTL */ |
270 | } | 290 | } |
diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c index 15306b952510..69902531c236 100644 --- a/net/netfilter/nf_conntrack_proto_generic.c +++ b/net/netfilter/nf_conntrack_proto_generic.c | |||
@@ -86,6 +86,21 @@ static struct ctl_table generic_sysctl_table[] = { | |||
86 | .ctl_name = 0 | 86 | .ctl_name = 0 |
87 | } | 87 | } |
88 | }; | 88 | }; |
89 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
90 | static struct ctl_table generic_compat_sysctl_table[] = { | ||
91 | { | ||
92 | .ctl_name = NET_IPV4_NF_CONNTRACK_GENERIC_TIMEOUT, | ||
93 | .procname = "ip_conntrack_generic_timeout", | ||
94 | .data = &nf_ct_generic_timeout, | ||
95 | .maxlen = sizeof(unsigned int), | ||
96 | .mode = 0644, | ||
97 | .proc_handler = &proc_dointvec_jiffies, | ||
98 | }, | ||
99 | { | ||
100 | .ctl_name = 0 | ||
101 | } | ||
102 | }; | ||
103 | #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ | ||
89 | #endif /* CONFIG_SYSCTL */ | 104 | #endif /* CONFIG_SYSCTL */ |
90 | 105 | ||
91 | struct nf_conntrack_l4proto nf_conntrack_l4proto_generic = | 106 | struct nf_conntrack_l4proto nf_conntrack_l4proto_generic = |
@@ -102,5 +117,8 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_generic = | |||
102 | #ifdef CONFIG_SYSCTL | 117 | #ifdef CONFIG_SYSCTL |
103 | .ctl_table_header = &generic_sysctl_header, | 118 | .ctl_table_header = &generic_sysctl_header, |
104 | .ctl_table = generic_sysctl_table, | 119 | .ctl_table = generic_sysctl_table, |
120 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
121 | .ctl_compat_table = generic_compat_sysctl_table, | ||
122 | #endif | ||
105 | #endif | 123 | #endif |
106 | }; | 124 | }; |
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index cc693308878f..7c64b9c1cf4a 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c | |||
@@ -573,6 +573,70 @@ static struct ctl_table sctp_sysctl_table[] = { | |||
573 | .ctl_name = 0 | 573 | .ctl_name = 0 |
574 | } | 574 | } |
575 | }; | 575 | }; |
576 | |||
577 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
578 | static struct ctl_table sctp_compat_sysctl_table[] = { | ||
579 | { | ||
580 | .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED, | ||
581 | .procname = "ip_conntrack_sctp_timeout_closed", | ||
582 | .data = &nf_ct_sctp_timeout_closed, | ||
583 | .maxlen = sizeof(unsigned int), | ||
584 | .mode = 0644, | ||
585 | .proc_handler = &proc_dointvec_jiffies, | ||
586 | }, | ||
587 | { | ||
588 | .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_WAIT, | ||
589 | .procname = "ip_conntrack_sctp_timeout_cookie_wait", | ||
590 | .data = &nf_ct_sctp_timeout_cookie_wait, | ||
591 | .maxlen = sizeof(unsigned int), | ||
592 | .mode = 0644, | ||
593 | .proc_handler = &proc_dointvec_jiffies, | ||
594 | }, | ||
595 | { | ||
596 | .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_ECHOED, | ||
597 | .procname = "ip_conntrack_sctp_timeout_cookie_echoed", | ||
598 | .data = &nf_ct_sctp_timeout_cookie_echoed, | ||
599 | .maxlen = sizeof(unsigned int), | ||
600 | .mode = 0644, | ||
601 | .proc_handler = &proc_dointvec_jiffies, | ||
602 | }, | ||
603 | { | ||
604 | .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_ESTABLISHED, | ||
605 | .procname = "ip_conntrack_sctp_timeout_established", | ||
606 | .data = &nf_ct_sctp_timeout_established, | ||
607 | .maxlen = sizeof(unsigned int), | ||
608 | .mode = 0644, | ||
609 | .proc_handler = &proc_dointvec_jiffies, | ||
610 | }, | ||
611 | { | ||
612 | .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_SENT, | ||
613 | .procname = "ip_conntrack_sctp_timeout_shutdown_sent", | ||
614 | .data = &nf_ct_sctp_timeout_shutdown_sent, | ||
615 | .maxlen = sizeof(unsigned int), | ||
616 | .mode = 0644, | ||
617 | .proc_handler = &proc_dointvec_jiffies, | ||
618 | }, | ||
619 | { | ||
620 | .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD, | ||
621 | .procname = "ip_conntrack_sctp_timeout_shutdown_recd", | ||
622 | .data = &nf_ct_sctp_timeout_shutdown_recd, | ||
623 | .maxlen = sizeof(unsigned int), | ||
624 | .mode = 0644, | ||
625 | .proc_handler = &proc_dointvec_jiffies, | ||
626 | }, | ||
627 | { | ||
628 | .ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT, | ||
629 | .procname = "ip_conntrack_sctp_timeout_shutdown_ack_sent", | ||
630 | .data = &nf_ct_sctp_timeout_shutdown_ack_sent, | ||
631 | .maxlen = sizeof(unsigned int), | ||
632 | .mode = 0644, | ||
633 | .proc_handler = &proc_dointvec_jiffies, | ||
634 | }, | ||
635 | { | ||
636 | .ctl_name = 0 | ||
637 | } | ||
638 | }; | ||
639 | #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ | ||
576 | #endif | 640 | #endif |
577 | 641 | ||
578 | struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = { | 642 | struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = { |
@@ -590,6 +654,9 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = { | |||
590 | .ctl_table_users = &sctp_sysctl_table_users, | 654 | .ctl_table_users = &sctp_sysctl_table_users, |
591 | .ctl_table_header = &sctp_sysctl_header, | 655 | .ctl_table_header = &sctp_sysctl_header, |
592 | .ctl_table = sctp_sysctl_table, | 656 | .ctl_table = sctp_sysctl_table, |
657 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
658 | .ctl_compat_table = sctp_compat_sysctl_table, | ||
659 | #endif | ||
593 | #endif | 660 | #endif |
594 | }; | 661 | }; |
595 | 662 | ||
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index 6f6f9a061e76..d99c7c4176d4 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
@@ -1273,6 +1273,110 @@ static struct ctl_table tcp_sysctl_table[] = { | |||
1273 | .ctl_name = 0 | 1273 | .ctl_name = 0 |
1274 | } | 1274 | } |
1275 | }; | 1275 | }; |
1276 | |||
1277 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
1278 | static struct ctl_table tcp_compat_sysctl_table[] = { | ||
1279 | { | ||
1280 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT, | ||
1281 | .procname = "ip_conntrack_tcp_timeout_syn_sent", | ||
1282 | .data = &nf_ct_tcp_timeout_syn_sent, | ||
1283 | .maxlen = sizeof(unsigned int), | ||
1284 | .mode = 0644, | ||
1285 | .proc_handler = &proc_dointvec_jiffies, | ||
1286 | }, | ||
1287 | { | ||
1288 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV, | ||
1289 | .procname = "ip_conntrack_tcp_timeout_syn_recv", | ||
1290 | .data = &nf_ct_tcp_timeout_syn_recv, | ||
1291 | .maxlen = sizeof(unsigned int), | ||
1292 | .mode = 0644, | ||
1293 | .proc_handler = &proc_dointvec_jiffies, | ||
1294 | }, | ||
1295 | { | ||
1296 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED, | ||
1297 | .procname = "ip_conntrack_tcp_timeout_established", | ||
1298 | .data = &nf_ct_tcp_timeout_established, | ||
1299 | .maxlen = sizeof(unsigned int), | ||
1300 | .mode = 0644, | ||
1301 | .proc_handler = &proc_dointvec_jiffies, | ||
1302 | }, | ||
1303 | { | ||
1304 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT, | ||
1305 | .procname = "ip_conntrack_tcp_timeout_fin_wait", | ||
1306 | .data = &nf_ct_tcp_timeout_fin_wait, | ||
1307 | .maxlen = sizeof(unsigned int), | ||
1308 | .mode = 0644, | ||
1309 | .proc_handler = &proc_dointvec_jiffies, | ||
1310 | }, | ||
1311 | { | ||
1312 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT, | ||
1313 | .procname = "ip_conntrack_tcp_timeout_close_wait", | ||
1314 | .data = &nf_ct_tcp_timeout_close_wait, | ||
1315 | .maxlen = sizeof(unsigned int), | ||
1316 | .mode = 0644, | ||
1317 | .proc_handler = &proc_dointvec_jiffies, | ||
1318 | }, | ||
1319 | { | ||
1320 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK, | ||
1321 | .procname = "ip_conntrack_tcp_timeout_last_ack", | ||
1322 | .data = &nf_ct_tcp_timeout_last_ack, | ||
1323 | .maxlen = sizeof(unsigned int), | ||
1324 | .mode = 0644, | ||
1325 | .proc_handler = &proc_dointvec_jiffies, | ||
1326 | }, | ||
1327 | { | ||
1328 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT, | ||
1329 | .procname = "ip_conntrack_tcp_timeout_time_wait", | ||
1330 | .data = &nf_ct_tcp_timeout_time_wait, | ||
1331 | .maxlen = sizeof(unsigned int), | ||
1332 | .mode = 0644, | ||
1333 | .proc_handler = &proc_dointvec_jiffies, | ||
1334 | }, | ||
1335 | { | ||
1336 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_CLOSE, | ||
1337 | .procname = "ip_conntrack_tcp_timeout_close", | ||
1338 | .data = &nf_ct_tcp_timeout_close, | ||
1339 | .maxlen = sizeof(unsigned int), | ||
1340 | .mode = 0644, | ||
1341 | .proc_handler = &proc_dointvec_jiffies, | ||
1342 | }, | ||
1343 | { | ||
1344 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_MAX_RETRANS, | ||
1345 | .procname = "ip_conntrack_tcp_timeout_max_retrans", | ||
1346 | .data = &nf_ct_tcp_timeout_max_retrans, | ||
1347 | .maxlen = sizeof(unsigned int), | ||
1348 | .mode = 0644, | ||
1349 | .proc_handler = &proc_dointvec_jiffies, | ||
1350 | }, | ||
1351 | { | ||
1352 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_LOOSE, | ||
1353 | .procname = "ip_conntrack_tcp_loose", | ||
1354 | .data = &nf_ct_tcp_loose, | ||
1355 | .maxlen = sizeof(unsigned int), | ||
1356 | .mode = 0644, | ||
1357 | .proc_handler = &proc_dointvec, | ||
1358 | }, | ||
1359 | { | ||
1360 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_BE_LIBERAL, | ||
1361 | .procname = "ip_conntrack_tcp_be_liberal", | ||
1362 | .data = &nf_ct_tcp_be_liberal, | ||
1363 | .maxlen = sizeof(unsigned int), | ||
1364 | .mode = 0644, | ||
1365 | .proc_handler = &proc_dointvec, | ||
1366 | }, | ||
1367 | { | ||
1368 | .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_MAX_RETRANS, | ||
1369 | .procname = "ip_conntrack_tcp_max_retrans", | ||
1370 | .data = &nf_ct_tcp_max_retrans, | ||
1371 | .maxlen = sizeof(unsigned int), | ||
1372 | .mode = 0644, | ||
1373 | .proc_handler = &proc_dointvec, | ||
1374 | }, | ||
1375 | { | ||
1376 | .ctl_name = 0 | ||
1377 | } | ||
1378 | }; | ||
1379 | #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ | ||
1276 | #endif /* CONFIG_SYSCTL */ | 1380 | #endif /* CONFIG_SYSCTL */ |
1277 | 1381 | ||
1278 | struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 = | 1382 | struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 = |
@@ -1298,6 +1402,9 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 = | |||
1298 | .ctl_table_users = &tcp_sysctl_table_users, | 1402 | .ctl_table_users = &tcp_sysctl_table_users, |
1299 | .ctl_table_header = &tcp_sysctl_header, | 1403 | .ctl_table_header = &tcp_sysctl_header, |
1300 | .ctl_table = tcp_sysctl_table, | 1404 | .ctl_table = tcp_sysctl_table, |
1405 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
1406 | .ctl_compat_table = tcp_compat_sysctl_table, | ||
1407 | #endif | ||
1301 | #endif | 1408 | #endif |
1302 | }; | 1409 | }; |
1303 | 1410 | ||
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c index d86749cb4a46..908fde7719f4 100644 --- a/net/netfilter/nf_conntrack_proto_udp.c +++ b/net/netfilter/nf_conntrack_proto_udp.c | |||
@@ -172,6 +172,29 @@ static struct ctl_table udp_sysctl_table[] = { | |||
172 | .ctl_name = 0 | 172 | .ctl_name = 0 |
173 | } | 173 | } |
174 | }; | 174 | }; |
175 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
176 | static struct ctl_table udp_compat_sysctl_table[] = { | ||
177 | { | ||
178 | .ctl_name = NET_IPV4_NF_CONNTRACK_UDP_TIMEOUT, | ||
179 | .procname = "ip_conntrack_udp_timeout", | ||
180 | .data = &nf_ct_udp_timeout, | ||
181 | .maxlen = sizeof(unsigned int), | ||
182 | .mode = 0644, | ||
183 | .proc_handler = &proc_dointvec_jiffies, | ||
184 | }, | ||
185 | { | ||
186 | .ctl_name = NET_IPV4_NF_CONNTRACK_UDP_TIMEOUT_STREAM, | ||
187 | .procname = "ip_conntrack_udp_timeout_stream", | ||
188 | .data = &nf_ct_udp_timeout_stream, | ||
189 | .maxlen = sizeof(unsigned int), | ||
190 | .mode = 0644, | ||
191 | .proc_handler = &proc_dointvec_jiffies, | ||
192 | }, | ||
193 | { | ||
194 | .ctl_name = 0 | ||
195 | } | ||
196 | }; | ||
197 | #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ | ||
175 | #endif /* CONFIG_SYSCTL */ | 198 | #endif /* CONFIG_SYSCTL */ |
176 | 199 | ||
177 | struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 = | 200 | struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 = |
@@ -195,6 +218,9 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 = | |||
195 | .ctl_table_users = &udp_sysctl_table_users, | 218 | .ctl_table_users = &udp_sysctl_table_users, |
196 | .ctl_table_header = &udp_sysctl_header, | 219 | .ctl_table_header = &udp_sysctl_header, |
197 | .ctl_table = udp_sysctl_table, | 220 | .ctl_table = udp_sysctl_table, |
221 | #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT | ||
222 | .ctl_compat_table = udp_compat_sysctl_table, | ||
223 | #endif | ||
198 | #endif | 224 | #endif |
199 | }; | 225 | }; |
200 | 226 | ||