diff options
author | David S. Miller <davem@davemloft.net> | 2011-11-29 01:20:55 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-11-29 01:20:55 -0500 |
commit | c1baa88431fe0fe4fad492dece4177a7735f89cf (patch) | |
tree | 3513c0018bd149625aa999b82c0ed6097a55a267 /net | |
parent | a5e5c37434eb182cf50cec90d9736d9a9a390116 (diff) | |
parent | 70e9942f17a6193e9172a804e6569a8806633d6b (diff) |
Merge branch 'nf' of git://1984.lsi.us.es/net
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter.c | 3 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipport.c | 2 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportip.c | 2 | ||||
-rw-r--r-- | net/netfilter/ipset/ip_set_hash_ipportnet.c | 2 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_ecache.c | 37 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 73 |
6 files changed, 75 insertions, 44 deletions
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index 9899619ab9b8..4f47e064e262 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c | |||
@@ -64,7 +64,8 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type) | |||
64 | /* Change in oif may mean change in hh_len. */ | 64 | /* Change in oif may mean change in hh_len. */ |
65 | hh_len = skb_dst(skb)->dev->hard_header_len; | 65 | hh_len = skb_dst(skb)->dev->hard_header_len; |
66 | if (skb_headroom(skb) < hh_len && | 66 | if (skb_headroom(skb) < hh_len && |
67 | pskb_expand_head(skb, hh_len - skb_headroom(skb), 0, GFP_ATOMIC)) | 67 | pskb_expand_head(skb, HH_DATA_ALIGN(hh_len - skb_headroom(skb)), |
68 | 0, GFP_ATOMIC)) | ||
68 | return -1; | 69 | return -1; |
69 | 70 | ||
70 | return 0; | 71 | return 0; |
diff --git a/net/netfilter/ipset/ip_set_hash_ipport.c b/net/netfilter/ipset/ip_set_hash_ipport.c index 6ee10f5d59bd..37d667e3f6f8 100644 --- a/net/netfilter/ipset/ip_set_hash_ipport.c +++ b/net/netfilter/ipset/ip_set_hash_ipport.c | |||
@@ -158,7 +158,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
158 | const struct ip_set_hash *h = set->data; | 158 | const struct ip_set_hash *h = set->data; |
159 | ipset_adtfn adtfn = set->variant->adt[adt]; | 159 | ipset_adtfn adtfn = set->variant->adt[adt]; |
160 | struct hash_ipport4_elem data = { }; | 160 | struct hash_ipport4_elem data = { }; |
161 | u32 ip, ip_to, p = 0, port, port_to; | 161 | u32 ip, ip_to = 0, p = 0, port, port_to; |
162 | u32 timeout = h->timeout; | 162 | u32 timeout = h->timeout; |
163 | bool with_ports = false; | 163 | bool with_ports = false; |
164 | int ret; | 164 | int ret; |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportip.c b/net/netfilter/ipset/ip_set_hash_ipportip.c index fb90e344e907..e69e2718fbe1 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportip.c +++ b/net/netfilter/ipset/ip_set_hash_ipportip.c | |||
@@ -162,7 +162,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
162 | const struct ip_set_hash *h = set->data; | 162 | const struct ip_set_hash *h = set->data; |
163 | ipset_adtfn adtfn = set->variant->adt[adt]; | 163 | ipset_adtfn adtfn = set->variant->adt[adt]; |
164 | struct hash_ipportip4_elem data = { }; | 164 | struct hash_ipportip4_elem data = { }; |
165 | u32 ip, ip_to, p = 0, port, port_to; | 165 | u32 ip, ip_to = 0, p = 0, port, port_to; |
166 | u32 timeout = h->timeout; | 166 | u32 timeout = h->timeout; |
167 | bool with_ports = false; | 167 | bool with_ports = false; |
168 | int ret; | 168 | int ret; |
diff --git a/net/netfilter/ipset/ip_set_hash_ipportnet.c b/net/netfilter/ipset/ip_set_hash_ipportnet.c index deb3e3dfa5fc..64199b4e93c9 100644 --- a/net/netfilter/ipset/ip_set_hash_ipportnet.c +++ b/net/netfilter/ipset/ip_set_hash_ipportnet.c | |||
@@ -184,7 +184,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[], | |||
184 | const struct ip_set_hash *h = set->data; | 184 | const struct ip_set_hash *h = set->data; |
185 | ipset_adtfn adtfn = set->variant->adt[adt]; | 185 | ipset_adtfn adtfn = set->variant->adt[adt]; |
186 | struct hash_ipportnet4_elem data = { .cidr = HOST_MASK }; | 186 | struct hash_ipportnet4_elem data = { .cidr = HOST_MASK }; |
187 | u32 ip, ip_to, p = 0, port, port_to; | 187 | u32 ip, ip_to = 0, p = 0, port, port_to; |
188 | u32 ip2_from = 0, ip2_to, ip2_last, ip2; | 188 | u32 ip2_from = 0, ip2_to, ip2_last, ip2; |
189 | u32 timeout = h->timeout; | 189 | u32 timeout = h->timeout; |
190 | bool with_ports = false; | 190 | bool with_ports = false; |
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c index 6b368be937c6..b62c4148b921 100644 --- a/net/netfilter/nf_conntrack_ecache.c +++ b/net/netfilter/nf_conntrack_ecache.c | |||
@@ -27,22 +27,17 @@ | |||
27 | 27 | ||
28 | static DEFINE_MUTEX(nf_ct_ecache_mutex); | 28 | static DEFINE_MUTEX(nf_ct_ecache_mutex); |
29 | 29 | ||
30 | struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb __read_mostly; | ||
31 | EXPORT_SYMBOL_GPL(nf_conntrack_event_cb); | ||
32 | |||
33 | struct nf_exp_event_notifier __rcu *nf_expect_event_cb __read_mostly; | ||
34 | EXPORT_SYMBOL_GPL(nf_expect_event_cb); | ||
35 | |||
36 | /* deliver cached events and clear cache entry - must be called with locally | 30 | /* deliver cached events and clear cache entry - must be called with locally |
37 | * disabled softirqs */ | 31 | * disabled softirqs */ |
38 | void nf_ct_deliver_cached_events(struct nf_conn *ct) | 32 | void nf_ct_deliver_cached_events(struct nf_conn *ct) |
39 | { | 33 | { |
34 | struct net *net = nf_ct_net(ct); | ||
40 | unsigned long events; | 35 | unsigned long events; |
41 | struct nf_ct_event_notifier *notify; | 36 | struct nf_ct_event_notifier *notify; |
42 | struct nf_conntrack_ecache *e; | 37 | struct nf_conntrack_ecache *e; |
43 | 38 | ||
44 | rcu_read_lock(); | 39 | rcu_read_lock(); |
45 | notify = rcu_dereference(nf_conntrack_event_cb); | 40 | notify = rcu_dereference(net->ct.nf_conntrack_event_cb); |
46 | if (notify == NULL) | 41 | if (notify == NULL) |
47 | goto out_unlock; | 42 | goto out_unlock; |
48 | 43 | ||
@@ -83,19 +78,20 @@ out_unlock: | |||
83 | } | 78 | } |
84 | EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); | 79 | EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); |
85 | 80 | ||
86 | int nf_conntrack_register_notifier(struct nf_ct_event_notifier *new) | 81 | int nf_conntrack_register_notifier(struct net *net, |
82 | struct nf_ct_event_notifier *new) | ||
87 | { | 83 | { |
88 | int ret = 0; | 84 | int ret = 0; |
89 | struct nf_ct_event_notifier *notify; | 85 | struct nf_ct_event_notifier *notify; |
90 | 86 | ||
91 | mutex_lock(&nf_ct_ecache_mutex); | 87 | mutex_lock(&nf_ct_ecache_mutex); |
92 | notify = rcu_dereference_protected(nf_conntrack_event_cb, | 88 | notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb, |
93 | lockdep_is_held(&nf_ct_ecache_mutex)); | 89 | lockdep_is_held(&nf_ct_ecache_mutex)); |
94 | if (notify != NULL) { | 90 | if (notify != NULL) { |
95 | ret = -EBUSY; | 91 | ret = -EBUSY; |
96 | goto out_unlock; | 92 | goto out_unlock; |
97 | } | 93 | } |
98 | RCU_INIT_POINTER(nf_conntrack_event_cb, new); | 94 | RCU_INIT_POINTER(net->ct.nf_conntrack_event_cb, new); |
99 | mutex_unlock(&nf_ct_ecache_mutex); | 95 | mutex_unlock(&nf_ct_ecache_mutex); |
100 | return ret; | 96 | return ret; |
101 | 97 | ||
@@ -105,32 +101,34 @@ out_unlock: | |||
105 | } | 101 | } |
106 | EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier); | 102 | EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier); |
107 | 103 | ||
108 | void nf_conntrack_unregister_notifier(struct nf_ct_event_notifier *new) | 104 | void nf_conntrack_unregister_notifier(struct net *net, |
105 | struct nf_ct_event_notifier *new) | ||
109 | { | 106 | { |
110 | struct nf_ct_event_notifier *notify; | 107 | struct nf_ct_event_notifier *notify; |
111 | 108 | ||
112 | mutex_lock(&nf_ct_ecache_mutex); | 109 | mutex_lock(&nf_ct_ecache_mutex); |
113 | notify = rcu_dereference_protected(nf_conntrack_event_cb, | 110 | notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb, |
114 | lockdep_is_held(&nf_ct_ecache_mutex)); | 111 | lockdep_is_held(&nf_ct_ecache_mutex)); |
115 | BUG_ON(notify != new); | 112 | BUG_ON(notify != new); |
116 | RCU_INIT_POINTER(nf_conntrack_event_cb, NULL); | 113 | RCU_INIT_POINTER(net->ct.nf_conntrack_event_cb, NULL); |
117 | mutex_unlock(&nf_ct_ecache_mutex); | 114 | mutex_unlock(&nf_ct_ecache_mutex); |
118 | } | 115 | } |
119 | EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); | 116 | EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); |
120 | 117 | ||
121 | int nf_ct_expect_register_notifier(struct nf_exp_event_notifier *new) | 118 | int nf_ct_expect_register_notifier(struct net *net, |
119 | struct nf_exp_event_notifier *new) | ||
122 | { | 120 | { |
123 | int ret = 0; | 121 | int ret = 0; |
124 | struct nf_exp_event_notifier *notify; | 122 | struct nf_exp_event_notifier *notify; |
125 | 123 | ||
126 | mutex_lock(&nf_ct_ecache_mutex); | 124 | mutex_lock(&nf_ct_ecache_mutex); |
127 | notify = rcu_dereference_protected(nf_expect_event_cb, | 125 | notify = rcu_dereference_protected(net->ct.nf_expect_event_cb, |
128 | lockdep_is_held(&nf_ct_ecache_mutex)); | 126 | lockdep_is_held(&nf_ct_ecache_mutex)); |
129 | if (notify != NULL) { | 127 | if (notify != NULL) { |
130 | ret = -EBUSY; | 128 | ret = -EBUSY; |
131 | goto out_unlock; | 129 | goto out_unlock; |
132 | } | 130 | } |
133 | RCU_INIT_POINTER(nf_expect_event_cb, new); | 131 | RCU_INIT_POINTER(net->ct.nf_expect_event_cb, new); |
134 | mutex_unlock(&nf_ct_ecache_mutex); | 132 | mutex_unlock(&nf_ct_ecache_mutex); |
135 | return ret; | 133 | return ret; |
136 | 134 | ||
@@ -140,15 +138,16 @@ out_unlock: | |||
140 | } | 138 | } |
141 | EXPORT_SYMBOL_GPL(nf_ct_expect_register_notifier); | 139 | EXPORT_SYMBOL_GPL(nf_ct_expect_register_notifier); |
142 | 140 | ||
143 | void nf_ct_expect_unregister_notifier(struct nf_exp_event_notifier *new) | 141 | void nf_ct_expect_unregister_notifier(struct net *net, |
142 | struct nf_exp_event_notifier *new) | ||
144 | { | 143 | { |
145 | struct nf_exp_event_notifier *notify; | 144 | struct nf_exp_event_notifier *notify; |
146 | 145 | ||
147 | mutex_lock(&nf_ct_ecache_mutex); | 146 | mutex_lock(&nf_ct_ecache_mutex); |
148 | notify = rcu_dereference_protected(nf_expect_event_cb, | 147 | notify = rcu_dereference_protected(net->ct.nf_expect_event_cb, |
149 | lockdep_is_held(&nf_ct_ecache_mutex)); | 148 | lockdep_is_held(&nf_ct_ecache_mutex)); |
150 | BUG_ON(notify != new); | 149 | BUG_ON(notify != new); |
151 | RCU_INIT_POINTER(nf_expect_event_cb, NULL); | 150 | RCU_INIT_POINTER(net->ct.nf_expect_event_cb, NULL); |
152 | mutex_unlock(&nf_ct_ecache_mutex); | 151 | mutex_unlock(&nf_ct_ecache_mutex); |
153 | } | 152 | } |
154 | EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier); | 153 | EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier); |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index e58aa9b1fe8a..ef21b221f036 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
@@ -4,7 +4,7 @@ | |||
4 | * (C) 2001 by Jay Schulist <jschlst@samba.org> | 4 | * (C) 2001 by Jay Schulist <jschlst@samba.org> |
5 | * (C) 2002-2006 by Harald Welte <laforge@gnumonks.org> | 5 | * (C) 2002-2006 by Harald Welte <laforge@gnumonks.org> |
6 | * (C) 2003 by Patrick Mchardy <kaber@trash.net> | 6 | * (C) 2003 by Patrick Mchardy <kaber@trash.net> |
7 | * (C) 2005-2008 by Pablo Neira Ayuso <pablo@netfilter.org> | 7 | * (C) 2005-2011 by Pablo Neira Ayuso <pablo@netfilter.org> |
8 | * | 8 | * |
9 | * Initial connection tracking via netlink development funded and | 9 | * Initial connection tracking via netlink development funded and |
10 | * generally made possible by Network Robots, Inc. (www.networkrobots.com) | 10 | * generally made possible by Network Robots, Inc. (www.networkrobots.com) |
@@ -2163,6 +2163,54 @@ MODULE_ALIAS("ip_conntrack_netlink"); | |||
2163 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK); | 2163 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK); |
2164 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK_EXP); | 2164 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK_EXP); |
2165 | 2165 | ||
2166 | static int __net_init ctnetlink_net_init(struct net *net) | ||
2167 | { | ||
2168 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
2169 | int ret; | ||
2170 | |||
2171 | ret = nf_conntrack_register_notifier(net, &ctnl_notifier); | ||
2172 | if (ret < 0) { | ||
2173 | pr_err("ctnetlink_init: cannot register notifier.\n"); | ||
2174 | goto err_out; | ||
2175 | } | ||
2176 | |||
2177 | ret = nf_ct_expect_register_notifier(net, &ctnl_notifier_exp); | ||
2178 | if (ret < 0) { | ||
2179 | pr_err("ctnetlink_init: cannot expect register notifier.\n"); | ||
2180 | goto err_unreg_notifier; | ||
2181 | } | ||
2182 | #endif | ||
2183 | return 0; | ||
2184 | |||
2185 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
2186 | err_unreg_notifier: | ||
2187 | nf_conntrack_unregister_notifier(net, &ctnl_notifier); | ||
2188 | err_out: | ||
2189 | return ret; | ||
2190 | #endif | ||
2191 | } | ||
2192 | |||
2193 | static void ctnetlink_net_exit(struct net *net) | ||
2194 | { | ||
2195 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
2196 | nf_ct_expect_unregister_notifier(net, &ctnl_notifier_exp); | ||
2197 | nf_conntrack_unregister_notifier(net, &ctnl_notifier); | ||
2198 | #endif | ||
2199 | } | ||
2200 | |||
2201 | static void __net_exit ctnetlink_net_exit_batch(struct list_head *net_exit_list) | ||
2202 | { | ||
2203 | struct net *net; | ||
2204 | |||
2205 | list_for_each_entry(net, net_exit_list, exit_list) | ||
2206 | ctnetlink_net_exit(net); | ||
2207 | } | ||
2208 | |||
2209 | static struct pernet_operations ctnetlink_net_ops = { | ||
2210 | .init = ctnetlink_net_init, | ||
2211 | .exit_batch = ctnetlink_net_exit_batch, | ||
2212 | }; | ||
2213 | |||
2166 | static int __init ctnetlink_init(void) | 2214 | static int __init ctnetlink_init(void) |
2167 | { | 2215 | { |
2168 | int ret; | 2216 | int ret; |
@@ -2180,28 +2228,15 @@ static int __init ctnetlink_init(void) | |||
2180 | goto err_unreg_subsys; | 2228 | goto err_unreg_subsys; |
2181 | } | 2229 | } |
2182 | 2230 | ||
2183 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | 2231 | if (register_pernet_subsys(&ctnetlink_net_ops)) { |
2184 | ret = nf_conntrack_register_notifier(&ctnl_notifier); | 2232 | pr_err("ctnetlink_init: cannot register pernet operations\n"); |
2185 | if (ret < 0) { | ||
2186 | pr_err("ctnetlink_init: cannot register notifier.\n"); | ||
2187 | goto err_unreg_exp_subsys; | 2233 | goto err_unreg_exp_subsys; |
2188 | } | 2234 | } |
2189 | 2235 | ||
2190 | ret = nf_ct_expect_register_notifier(&ctnl_notifier_exp); | ||
2191 | if (ret < 0) { | ||
2192 | pr_err("ctnetlink_init: cannot expect register notifier.\n"); | ||
2193 | goto err_unreg_notifier; | ||
2194 | } | ||
2195 | #endif | ||
2196 | |||
2197 | return 0; | 2236 | return 0; |
2198 | 2237 | ||
2199 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
2200 | err_unreg_notifier: | ||
2201 | nf_conntrack_unregister_notifier(&ctnl_notifier); | ||
2202 | err_unreg_exp_subsys: | 2238 | err_unreg_exp_subsys: |
2203 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); | 2239 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); |
2204 | #endif | ||
2205 | err_unreg_subsys: | 2240 | err_unreg_subsys: |
2206 | nfnetlink_subsys_unregister(&ctnl_subsys); | 2241 | nfnetlink_subsys_unregister(&ctnl_subsys); |
2207 | err_out: | 2242 | err_out: |
@@ -2213,11 +2248,7 @@ static void __exit ctnetlink_exit(void) | |||
2213 | pr_info("ctnetlink: unregistering from nfnetlink.\n"); | 2248 | pr_info("ctnetlink: unregistering from nfnetlink.\n"); |
2214 | 2249 | ||
2215 | nf_ct_remove_userspace_expectations(); | 2250 | nf_ct_remove_userspace_expectations(); |
2216 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | 2251 | unregister_pernet_subsys(&ctnetlink_net_ops); |
2217 | nf_ct_expect_unregister_notifier(&ctnl_notifier_exp); | ||
2218 | nf_conntrack_unregister_notifier(&ctnl_notifier); | ||
2219 | #endif | ||
2220 | |||
2221 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); | 2252 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); |
2222 | nfnetlink_subsys_unregister(&ctnl_subsys); | 2253 | nfnetlink_subsys_unregister(&ctnl_subsys); |
2223 | } | 2254 | } |