diff options
| author | David S. Miller <davem@davemloft.net> | 2011-12-02 13:49:21 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2011-12-02 13:49:21 -0500 |
| commit | b3613118eb30a589d971e4eccbbb2a1314f5dfd4 (patch) | |
| tree | 868c1ee59e1b5c19a4f2e43716400d0001a994e5 /net/netfilter | |
| parent | 7505afe28c16a8d386624930a018d0052c75d687 (diff) | |
| parent | 5983fe2b29df5885880d7fa3b91aca306c7564ef (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/Kconfig | 1 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipport.c | 2 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportip.c | 2 | ||||
| -rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportnet.c | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_ecache.c | 37 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 73 |
6 files changed, 73 insertions, 44 deletions
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index e8f379692294..d5597b759ba3 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig | |||
| @@ -201,7 +201,6 @@ config NF_CONNTRACK_BROADCAST | |||
| 201 | 201 | ||
| 202 | config NF_CONNTRACK_NETBIOS_NS | 202 | config NF_CONNTRACK_NETBIOS_NS |
| 203 | tristate "NetBIOS name service protocol support" | 203 | tristate "NetBIOS name service protocol support" |
| 204 | depends on NETFILTER_ADVANCED | ||
| 205 | select NF_CONNTRACK_BROADCAST | 204 | select NF_CONNTRACK_BROADCAST |
| 206 | help | 205 | help |
| 207 | NetBIOS name service requests are sent as broadcast messages from an | 206 | NetBIOS name service requests are sent as broadcast messages from an |
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c index 6ee10f5d59bd..37d667e3f6f8 100644 --- a/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/net/netfilter/ipset/ip_set_hash_ipport.c | |||
| @@ -158,7 +158,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 158 | const struct ip_set_hash *h = set->data; | 158 | const struct ip_set_hash *h = set->data; |
| 159 | ipset_adtfn adtfn = set->variant->adt[adt]; | 159 | ipset_adtfn adtfn = set->variant->adt[adt]; |
| 160 | struct hash_ipport4_elem data = { }; | 160 | struct hash_ipport4_elem data = { }; |
| 161 | u32 ip, ip_to, p = 0, port, port_to; | 161 | u32 ip, ip_to = 0, p = 0, port, port_to; |
| 162 | u32 timeout = h->timeout; | 162 | u32 timeout = h->timeout; |
| 163 | bool with_ports = false; | 163 | bool with_ports = false; |
| 164 | int ret; | 164 | int ret; |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c index fb90e344e907..e69e2718fbe1 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/net/netfilter/ipset/ip_set_hash_ipportip.c | |||
| @@ -162,7 +162,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 162 | const struct ip_set_hash *h = set->data; | 162 | const struct ip_set_hash *h = set->data; |
| 163 | ipset_adtfn adtfn = set->variant->adt[adt]; | 163 | ipset_adtfn adtfn = set->variant->adt[adt]; |
| 164 | struct hash_ipportip4_elem data = { }; | 164 | struct hash_ipportip4_elem data = { }; |
| 165 | u32 ip, ip_to, p = 0, port, port_to; | 165 | u32 ip, ip_to = 0, p = 0, port, port_to; |
| 166 | u32 timeout = h->timeout; | 166 | u32 timeout = h->timeout; |
| 167 | bool with_ports = false; | 167 | bool with_ports = false; |
| 168 | int ret; | 168 | int ret; |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c index deb3e3dfa5fc..64199b4e93c9 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c | |||
| @@ -184,7 +184,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
| 184 | const struct ip_set_hash *h = set->data; | 184 | const struct ip_set_hash *h = set->data; |
| 185 | ipset_adtfn adtfn = set->variant->adt[adt]; | 185 | ipset_adtfn adtfn = set->variant->adt[adt]; |
| 186 | struct hash_ipportnet4_elem data = { .cidr = HOST_MASK }; | 186 | struct hash_ipportnet4_elem data = { .cidr = HOST_MASK }; |
| 187 | u32 ip, ip_to, p = 0, port, port_to; | 187 | u32 ip, ip_to = 0, p = 0, port, port_to; |
| 188 | u32 ip2_from = 0, ip2_to, ip2_last, ip2; | 188 | u32 ip2_from = 0, ip2_to, ip2_last, ip2; |
| 189 | u32 timeout = h->timeout; | 189 | u32 timeout = h->timeout; |
| 190 | bool with_ports = false; | 190 | bool with_ports = false; |
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c index 6b368be937c6..b62c4148b921 100644 --- a/net/netfilter/nf_conntrack_ecache.c +++ b/net/netfilter/nf_conntrack_ecache.c | |||
| @@ -27,22 +27,17 @@ | |||
| 27 | 27 | ||
| 28 | static DEFINE_MUTEX(nf_ct_ecache_mutex); | 28 | static DEFINE_MUTEX(nf_ct_ecache_mutex); |
| 29 | 29 | ||
| 30 | struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb __read_mostly; | ||
| 31 | EXPORT_SYMBOL_GPL(nf_conntrack_event_cb); | ||
| 32 | |||
| 33 | struct nf_exp_event_notifier __rcu *nf_expect_event_cb __read_mostly; | ||
| 34 | EXPORT_SYMBOL_GPL(nf_expect_event_cb); | ||
| 35 | |||
| 36 | /* deliver cached events and clear cache entry - must be called with locally | 30 | /* deliver cached events and clear cache entry - must be called with locally |
| 37 | * disabled softirqs */ | 31 | * disabled softirqs */ |
| 38 | void nf_ct_deliver_cached_events(struct nf_conn *ct) | 32 | void nf_ct_deliver_cached_events(struct nf_conn *ct) |
| 39 | { | 33 | { |
| 34 | struct net *net = nf_ct_net(ct); | ||
| 40 | unsigned long events; | 35 | unsigned long events; |
| 41 | struct nf_ct_event_notifier *notify; | 36 | struct nf_ct_event_notifier *notify; |
| 42 | struct nf_conntrack_ecache *e; | 37 | struct nf_conntrack_ecache *e; |
| 43 | 38 | ||
| 44 | rcu_read_lock(); | 39 | rcu_read_lock(); |
| 45 | notify = rcu_dereference(nf_conntrack_event_cb); | 40 | notify = rcu_dereference(net->ct.nf_conntrack_event_cb); |
| 46 | if (notify == NULL) | 41 | if (notify == NULL) |
| 47 | goto out_unlock; | 42 | goto out_unlock; |
| 48 | 43 | ||
| @@ -83,19 +78,20 @@ out_unlock: | |||
| 83 | } | 78 | } |
| 84 | EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); | 79 | EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); |
| 85 | 80 | ||
| 86 | int nf_conntrack_register_notifier(struct nf_ct_event_notifier *new) | 81 | int nf_conntrack_register_notifier(struct net *net, |
| 82 | struct nf_ct_event_notifier *new) | ||
| 87 | { | 83 | { |
| 88 | int ret = 0; | 84 | int ret = 0; |
| 89 | struct nf_ct_event_notifier *notify; | 85 | struct nf_ct_event_notifier *notify; |
| 90 | 86 | ||
| 91 | mutex_lock(&nf_ct_ecache_mutex); | 87 | mutex_lock(&nf_ct_ecache_mutex); |
| 92 | notify = rcu_dereference_protected(nf_conntrack_event_cb, | 88 | notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb, |
| 93 | lockdep_is_held(&nf_ct_ecache_mutex)); | 89 | lockdep_is_held(&nf_ct_ecache_mutex)); |
| 94 | if (notify != NULL) { | 90 | if (notify != NULL) { |
| 95 | ret = -EBUSY; | 91 | ret = -EBUSY; |
| 96 | goto out_unlock; | 92 | goto out_unlock; |
| 97 | } | 93 | } |
| 98 | RCU_INIT_POINTER(nf_conntrack_event_cb, new); | 94 | RCU_INIT_POINTER(net->ct.nf_conntrack_event_cb, new); |
| 99 | mutex_unlock(&nf_ct_ecache_mutex); | 95 | mutex_unlock(&nf_ct_ecache_mutex); |
| 100 | return ret; | 96 | return ret; |
| 101 | 97 | ||
| @@ -105,32 +101,34 @@ out_unlock: | |||
| 105 | } | 101 | } |
| 106 | EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier); | 102 | EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier); |
| 107 | 103 | ||
| 108 | void nf_conntrack_unregister_notifier(struct nf_ct_event_notifier *new) | 104 | void nf_conntrack_unregister_notifier(struct net *net, |
| 105 | struct nf_ct_event_notifier *new) | ||
| 109 | { | 106 | { |
| 110 | struct nf_ct_event_notifier *notify; | 107 | struct nf_ct_event_notifier *notify; |
| 111 | 108 | ||
| 112 | mutex_lock(&nf_ct_ecache_mutex); | 109 | mutex_lock(&nf_ct_ecache_mutex); |
| 113 | notify = rcu_dereference_protected(nf_conntrack_event_cb, | 110 | notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb, |
| 114 | lockdep_is_held(&nf_ct_ecache_mutex)); | 111 | lockdep_is_held(&nf_ct_ecache_mutex)); |
| 115 | BUG_ON(notify != new); | 112 | BUG_ON(notify != new); |
| 116 | RCU_INIT_POINTER(nf_conntrack_event_cb, NULL); | 113 | RCU_INIT_POINTER(net->ct.nf_conntrack_event_cb, NULL); |
| 117 | mutex_unlock(&nf_ct_ecache_mutex); | 114 | mutex_unlock(&nf_ct_ecache_mutex); |
| 118 | } | 115 | } |
| 119 | EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); | 116 | EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); |
| 120 | 117 | ||
| 121 | int nf_ct_expect_register_notifier(struct nf_exp_event_notifier *new) | 118 | int nf_ct_expect_register_notifier(struct net *net, |
| 119 | struct nf_exp_event_notifier *new) | ||
| 122 | { | 120 | { |
| 123 | int ret = 0; | 121 | int ret = 0; |
| 124 | struct nf_exp_event_notifier *notify; | 122 | struct nf_exp_event_notifier *notify; |
| 125 | 123 | ||
| 126 | mutex_lock(&nf_ct_ecache_mutex); | 124 | mutex_lock(&nf_ct_ecache_mutex); |
| 127 | notify = rcu_dereference_protected(nf_expect_event_cb, | 125 | notify = rcu_dereference_protected(net->ct.nf_expect_event_cb, |
| 128 | lockdep_is_held(&nf_ct_ecache_mutex)); | 126 | lockdep_is_held(&nf_ct_ecache_mutex)); |
| 129 | if (notify != NULL) { | 127 | if (notify != NULL) { |
| 130 | ret = -EBUSY; | 128 | ret = -EBUSY; |
| 131 | goto out_unlock; | 129 | goto out_unlock; |
| 132 | } | 130 | } |
| 133 | RCU_INIT_POINTER(nf_expect_event_cb, new); | 131 | RCU_INIT_POINTER(net->ct.nf_expect_event_cb, new); |
| 134 | mutex_unlock(&nf_ct_ecache_mutex); | 132 | mutex_unlock(&nf_ct_ecache_mutex); |
| 135 | return ret; | 133 | return ret; |
| 136 | 134 | ||
| @@ -140,15 +138,16 @@ out_unlock: | |||
| 140 | } | 138 | } |
| 141 | EXPORT_SYMBOL_GPL(nf_ct_expect_register_notifier); | 139 | EXPORT_SYMBOL_GPL(nf_ct_expect_register_notifier); |
| 142 | 140 | ||
| 143 | void nf_ct_expect_unregister_notifier(struct nf_exp_event_notifier *new) | 141 | void nf_ct_expect_unregister_notifier(struct net *net, |
| 142 | struct nf_exp_event_notifier *new) | ||
| 144 | { | 143 | { |
| 145 | struct nf_exp_event_notifier *notify; | 144 | struct nf_exp_event_notifier *notify; |
| 146 | 145 | ||
| 147 | mutex_lock(&nf_ct_ecache_mutex); | 146 | mutex_lock(&nf_ct_ecache_mutex); |
| 148 | notify = rcu_dereference_protected(nf_expect_event_cb, | 147 | notify = rcu_dereference_protected(net->ct.nf_expect_event_cb, |
| 149 | lockdep_is_held(&nf_ct_ecache_mutex)); | 148 | lockdep_is_held(&nf_ct_ecache_mutex)); |
| 150 | BUG_ON(notify != new); | 149 | BUG_ON(notify != new); |
| 151 | RCU_INIT_POINTER(nf_expect_event_cb, NULL); | 150 | RCU_INIT_POINTER(net->ct.nf_expect_event_cb, NULL); |
| 152 | mutex_unlock(&nf_ct_ecache_mutex); | 151 | mutex_unlock(&nf_ct_ecache_mutex); |
| 153 | } | 152 | } |
| 154 | EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier); | 153 | EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier); |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index e58aa9b1fe8a..ef21b221f036 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -4,7 +4,7 @@ | |||
| 4 | * (C) 2001 by Jay Schulist <jschlst@samba.org> | 4 | * (C) 2001 by Jay Schulist <jschlst@samba.org> |
| 5 | * (C) 2002-2006 by Harald Welte <laforge@gnumonks.org> | 5 | * (C) 2002-2006 by Harald Welte <laforge@gnumonks.org> |
| 6 | * (C) 2003 by Patrick Mchardy <kaber@trash.net> | 6 | * (C) 2003 by Patrick Mchardy <kaber@trash.net> |
| 7 | * (C) 2005-2008 by Pablo Neira Ayuso <pablo@netfilter.org> | 7 | * (C) 2005-2011 by Pablo Neira Ayuso <pablo@netfilter.org> |
| 8 | * | 8 | * |
| 9 | * Initial connection tracking via netlink development funded and | 9 | * Initial connection tracking via netlink development funded and |
| 10 | * generally made possible by Network Robots, Inc. (www.networkrobots.com) | 10 | * generally made possible by Network Robots, Inc. (www.networkrobots.com) |
| @@ -2163,6 +2163,54 @@ MODULE_ALIAS("ip_conntrack_netlink"); | |||
| 2163 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK); | 2163 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK); |
| 2164 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK_EXP); | 2164 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK_EXP); |
| 2165 | 2165 | ||
| 2166 | static int __net_init ctnetlink_net_init(struct net *net) | ||
| 2167 | { | ||
| 2168 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
| 2169 | int ret; | ||
| 2170 | |||
| 2171 | ret = nf_conntrack_register_notifier(net, &ctnl_notifier); | ||
| 2172 | if (ret < 0) { | ||
| 2173 | pr_err("ctnetlink_init: cannot register notifier.\n"); | ||
| 2174 | goto err_out; | ||
| 2175 | } | ||
| 2176 | |||
| 2177 | ret = nf_ct_expect_register_notifier(net, &ctnl_notifier_exp); | ||
| 2178 | if (ret < 0) { | ||
| 2179 | pr_err("ctnetlink_init: cannot expect register notifier.\n"); | ||
| 2180 | goto err_unreg_notifier; | ||
| 2181 | } | ||
| 2182 | #endif | ||
| 2183 | return 0; | ||
| 2184 | |||
| 2185 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
| 2186 | err_unreg_notifier: | ||
| 2187 | nf_conntrack_unregister_notifier(net, &ctnl_notifier); | ||
| 2188 | err_out: | ||
| 2189 | return ret; | ||
| 2190 | #endif | ||
| 2191 | } | ||
| 2192 | |||
| 2193 | static void ctnetlink_net_exit(struct net *net) | ||
| 2194 | { | ||
| 2195 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
| 2196 | nf_ct_expect_unregister_notifier(net, &ctnl_notifier_exp); | ||
| 2197 | nf_conntrack_unregister_notifier(net, &ctnl_notifier); | ||
| 2198 | #endif | ||
| 2199 | } | ||
| 2200 | |||
| 2201 | static void __net_exit ctnetlink_net_exit_batch(struct list_head *net_exit_list) | ||
| 2202 | { | ||
| 2203 | struct net *net; | ||
| 2204 | |||
| 2205 | list_for_each_entry(net, net_exit_list, exit_list) | ||
| 2206 | ctnetlink_net_exit(net); | ||
| 2207 | } | ||
| 2208 | |||
| 2209 | static struct pernet_operations ctnetlink_net_ops = { | ||
| 2210 | .init = ctnetlink_net_init, | ||
| 2211 | .exit_batch = ctnetlink_net_exit_batch, | ||
| 2212 | }; | ||
| 2213 | |||
| 2166 | static int __init ctnetlink_init(void) | 2214 | static int __init ctnetlink_init(void) |
| 2167 | { | 2215 | { |
| 2168 | int ret; | 2216 | int ret; |
| @@ -2180,28 +2228,15 @@ static int __init ctnetlink_init(void) | |||
| 2180 | goto err_unreg_subsys; | 2228 | goto err_unreg_subsys; |
| 2181 | } | 2229 | } |
| 2182 | 2230 | ||
| 2183 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | 2231 | if (register_pernet_subsys(&ctnetlink_net_ops)) { |
| 2184 | ret = nf_conntrack_register_notifier(&ctnl_notifier); | 2232 | pr_err("ctnetlink_init: cannot register pernet operations\n"); |
| 2185 | if (ret < 0) { | ||
| 2186 | pr_err("ctnetlink_init: cannot register notifier.\n"); | ||
| 2187 | goto err_unreg_exp_subsys; | 2233 | goto err_unreg_exp_subsys; |
| 2188 | } | 2234 | } |
| 2189 | 2235 | ||
| 2190 | ret = nf_ct_expect_register_notifier(&ctnl_notifier_exp); | ||
| 2191 | if (ret < 0) { | ||
| 2192 | pr_err("ctnetlink_init: cannot expect register notifier.\n"); | ||
| 2193 | goto err_unreg_notifier; | ||
| 2194 | } | ||
| 2195 | #endif | ||
| 2196 | |||
| 2197 | return 0; | 2236 | return 0; |
| 2198 | 2237 | ||
| 2199 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
| 2200 | err_unreg_notifier: | ||
| 2201 | nf_conntrack_unregister_notifier(&ctnl_notifier); | ||
| 2202 | err_unreg_exp_subsys: | 2238 | err_unreg_exp_subsys: |
| 2203 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); | 2239 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); |
| 2204 | #endif | ||
| 2205 | err_unreg_subsys: | 2240 | err_unreg_subsys: |
| 2206 | nfnetlink_subsys_unregister(&ctnl_subsys); | 2241 | nfnetlink_subsys_unregister(&ctnl_subsys); |
| 2207 | err_out: | 2242 | err_out: |
| @@ -2213,11 +2248,7 @@ static void __exit ctnetlink_exit(void) | |||
| 2213 | pr_info("ctnetlink: unregistering from nfnetlink.\n"); | 2248 | pr_info("ctnetlink: unregistering from nfnetlink.\n"); |
| 2214 | 2249 | ||
| 2215 | nf_ct_remove_userspace_expectations(); | 2250 | nf_ct_remove_userspace_expectations(); |
| 2216 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | 2251 | unregister_pernet_subsys(&ctnetlink_net_ops); |
| 2217 | nf_ct_expect_unregister_notifier(&ctnl_notifier_exp); | ||
| 2218 | nf_conntrack_unregister_notifier(&ctnl_notifier); | ||
| 2219 | #endif | ||
| 2220 | |||
| 2221 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); | 2252 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); |
| 2222 | nfnetlink_subsys_unregister(&ctnl_subsys); | 2253 | nfnetlink_subsys_unregister(&ctnl_subsys); |
| 2223 | } | 2254 | } |