aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorGao feng <gaofeng@cn.fujitsu.com>2012-05-28 17:04:16 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2012-06-07 08:58:40 -0400
commit3ea04dd3a78916db9186a602b6ce974d36a33fbb (patch)
treef09e46d72fff47f883aedcb77b574dab105f78f8 /net/ipv4
parent7080ba0955438ecd2885c1b73fbd9760b1594a41 (diff)
netfilter: nf_ct_ipv4: add namespace support
This patch adds namespace support for IPv4 protocol tracker. Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c123
1 files changed, 85 insertions, 38 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 0c0fb906c19d..5c66203af51c 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -207,35 +207,30 @@ static int log_invalid_proto_max = 255;
207static ctl_table ip_ct_sysctl_table[] = { 207static ctl_table ip_ct_sysctl_table[] = {
208 { 208 {
209 .procname = "ip_conntrack_max", 209 .procname = "ip_conntrack_max",
210 .data = &nf_conntrack_max,
211 .maxlen = sizeof(int), 210 .maxlen = sizeof(int),
212 .mode = 0644, 211 .mode = 0644,
213 .proc_handler = proc_dointvec, 212 .proc_handler = proc_dointvec,
214 }, 213 },
215 { 214 {
216 .procname = "ip_conntrack_count", 215 .procname = "ip_conntrack_count",
217 .data = &init_net.ct.count,
218 .maxlen = sizeof(int), 216 .maxlen = sizeof(int),
219 .mode = 0444, 217 .mode = 0444,
220 .proc_handler = proc_dointvec, 218 .proc_handler = proc_dointvec,
221 }, 219 },
222 { 220 {
223 .procname = "ip_conntrack_buckets", 221 .procname = "ip_conntrack_buckets",
224 .data = &init_net.ct.htable_size,
225 .maxlen = sizeof(unsigned int), 222 .maxlen = sizeof(unsigned int),
226 .mode = 0444, 223 .mode = 0444,
227 .proc_handler = proc_dointvec, 224 .proc_handler = proc_dointvec,
228 }, 225 },
229 { 226 {
230 .procname = "ip_conntrack_checksum", 227 .procname = "ip_conntrack_checksum",
231 .data = &init_net.ct.sysctl_checksum,
232 .maxlen = sizeof(int), 228 .maxlen = sizeof(int),
233 .mode = 0644, 229 .mode = 0644,
234 .proc_handler = proc_dointvec, 230 .proc_handler = proc_dointvec,
235 }, 231 },
236 { 232 {
237 .procname = "ip_conntrack_log_invalid", 233 .procname = "ip_conntrack_log_invalid",
238 .data = &init_net.ct.sysctl_log_invalid,
239 .maxlen = sizeof(unsigned int), 234 .maxlen = sizeof(unsigned int),
240 .mode = 0644, 235 .mode = 0644,
241 .proc_handler = proc_dointvec_minmax, 236 .proc_handler = proc_dointvec_minmax,
@@ -351,6 +346,25 @@ static struct nf_sockopt_ops so_getorigdst = {
351 .owner = THIS_MODULE, 346 .owner = THIS_MODULE,
352}; 347};
353 348
349static int ipv4_init_net(struct net *net)
350{
351#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
352 struct nf_ip_net *in = &net->ct.nf_ct_proto;
353 in->ctl_table = kmemdup(ip_ct_sysctl_table,
354 sizeof(ip_ct_sysctl_table),
355 GFP_KERNEL);
356 if (!in->ctl_table)
357 return -ENOMEM;
358
359 in->ctl_table[0].data = &nf_conntrack_max;
360 in->ctl_table[1].data = &net->ct.count;
361 in->ctl_table[2].data = &net->ct.htable_size;
362 in->ctl_table[3].data = &net->ct.sysctl_checksum;
363 in->ctl_table[4].data = &net->ct.sysctl_log_invalid;
364#endif
365 return 0;
366}
367
354struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 __read_mostly = { 368struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 __read_mostly = {
355 .l3proto = PF_INET, 369 .l3proto = PF_INET,
356 .name = "ipv4", 370 .name = "ipv4",
@@ -368,6 +382,7 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 __read_mostly = {
368 .ctl_table_path = "net/ipv4/netfilter", 382 .ctl_table_path = "net/ipv4/netfilter",
369 .ctl_table = ip_ct_sysctl_table, 383 .ctl_table = ip_ct_sysctl_table,
370#endif 384#endif
385 .init_net = ipv4_init_net,
371 .me = THIS_MODULE, 386 .me = THIS_MODULE,
372}; 387};
373 388
@@ -378,6 +393,65 @@ MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET));
378MODULE_ALIAS("ip_conntrack"); 393MODULE_ALIAS("ip_conntrack");
379MODULE_LICENSE("GPL"); 394MODULE_LICENSE("GPL");
380 395
396static int ipv4_net_init(struct net *net)
397{
398 int ret = 0;
399
400 ret = nf_conntrack_l4proto_register(net,
401 &nf_conntrack_l4proto_tcp4);
402 if (ret < 0) {
403 pr_err("nf_conntrack_l4proto_tcp4 :protocol register failed\n");
404 goto out_tcp;
405 }
406 ret = nf_conntrack_l4proto_register(net,
407 &nf_conntrack_l4proto_udp4);
408 if (ret < 0) {
409 pr_err("nf_conntrack_l4proto_udp4 :protocol register failed\n");
410 goto out_udp;
411 }
412 ret = nf_conntrack_l4proto_register(net,
413 &nf_conntrack_l4proto_icmp);
414 if (ret < 0) {
415 pr_err("nf_conntrack_l4proto_icmp4 :protocol register failed\n");
416 goto out_icmp;
417 }
418 ret = nf_conntrack_l3proto_register(net,
419 &nf_conntrack_l3proto_ipv4);
420 if (ret < 0) {
421 pr_err("nf_conntrack_l3proto_ipv4 :protocol register failed\n");
422 goto out_ipv4;
423 }
424 return 0;
425out_ipv4:
426 nf_conntrack_l4proto_unregister(net,
427 &nf_conntrack_l4proto_icmp);
428out_icmp:
429 nf_conntrack_l4proto_unregister(net,
430 &nf_conntrack_l4proto_udp4);
431out_udp:
432 nf_conntrack_l4proto_unregister(net,
433 &nf_conntrack_l4proto_tcp4);
434out_tcp:
435 return ret;
436}
437
438static void ipv4_net_exit(struct net *net)
439{
440 nf_conntrack_l3proto_unregister(net,
441 &nf_conntrack_l3proto_ipv4);
442 nf_conntrack_l4proto_unregister(net,
443 &nf_conntrack_l4proto_icmp);
444 nf_conntrack_l4proto_unregister(net,
445 &nf_conntrack_l4proto_udp4);
446 nf_conntrack_l4proto_unregister(net,
447 &nf_conntrack_l4proto_tcp4);
448}
449
450static struct pernet_operations ipv4_net_ops = {
451 .init = ipv4_net_init,
452 .exit = ipv4_net_exit,
453};
454
381static int __init nf_conntrack_l3proto_ipv4_init(void) 455static int __init nf_conntrack_l3proto_ipv4_init(void)
382{ 456{
383 int ret = 0; 457 int ret = 0;
@@ -391,35 +465,17 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)
391 return ret; 465 return ret;
392 } 466 }
393 467
394 ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_tcp4); 468 ret = register_pernet_subsys(&ipv4_net_ops);
395 if (ret < 0) { 469 if (ret < 0) {
396 pr_err("nf_conntrack_ipv4: can't register tcp.\n"); 470 pr_err("nf_conntrack_ipv4: can't register pernet ops\n");
397 goto cleanup_sockopt; 471 goto cleanup_sockopt;
398 } 472 }
399 473
400 ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_udp4);
401 if (ret < 0) {
402 pr_err("nf_conntrack_ipv4: can't register udp.\n");
403 goto cleanup_tcp;
404 }
405
406 ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_icmp);
407 if (ret < 0) {
408 pr_err("nf_conntrack_ipv4: can't register icmp.\n");
409 goto cleanup_udp;
410 }
411
412 ret = nf_conntrack_l3proto_register(&init_net, &nf_conntrack_l3proto_ipv4);
413 if (ret < 0) {
414 pr_err("nf_conntrack_ipv4: can't register ipv4\n");
415 goto cleanup_icmp;
416 }
417
418 ret = nf_register_hooks(ipv4_conntrack_ops, 474 ret = nf_register_hooks(ipv4_conntrack_ops,
419 ARRAY_SIZE(ipv4_conntrack_ops)); 475 ARRAY_SIZE(ipv4_conntrack_ops));
420 if (ret < 0) { 476 if (ret < 0) {
421 pr_err("nf_conntrack_ipv4: can't register hooks.\n"); 477 pr_err("nf_conntrack_ipv4: can't register hooks.\n");
422 goto cleanup_ipv4; 478 goto cleanup_pernet;
423 } 479 }
424#if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) 480#if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
425 ret = nf_conntrack_ipv4_compat_init(); 481 ret = nf_conntrack_ipv4_compat_init();
@@ -431,14 +487,8 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)
431 cleanup_hooks: 487 cleanup_hooks:
432 nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops)); 488 nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
433#endif 489#endif
434 cleanup_ipv4: 490 cleanup_pernet:
435 nf_conntrack_l3proto_unregister(&init_net, &nf_conntrack_l3proto_ipv4); 491 unregister_pernet_subsys(&ipv4_net_ops);
436 cleanup_icmp:
437 nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_icmp);
438 cleanup_udp:
439 nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_udp4);
440 cleanup_tcp:
441 nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_tcp4);
442 cleanup_sockopt: 492 cleanup_sockopt:
443 nf_unregister_sockopt(&so_getorigdst); 493 nf_unregister_sockopt(&so_getorigdst);
444 return ret; 494 return ret;
@@ -451,10 +501,7 @@ static void __exit nf_conntrack_l3proto_ipv4_fini(void)
451 nf_conntrack_ipv4_compat_fini(); 501 nf_conntrack_ipv4_compat_fini();
452#endif 502#endif
453 nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops)); 503 nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
454 nf_conntrack_l3proto_unregister(&init_net, &nf_conntrack_l3proto_ipv4); 504 unregister_pernet_subsys(&ipv4_net_ops);
455 nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_icmp);
456 nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_udp4);
457 nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_tcp4);
458 nf_unregister_sockopt(&so_getorigdst); 505 nf_unregister_sockopt(&so_getorigdst);
459} 506}
460 507
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-11 18:34:34 -0400