diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:10 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:10 -0400 |
| commit | 0e6e75af921d1f4799eeb9f83a31c86ab7cdeb8f (patch) | |
| tree | d718ebbcf5bfbd3e16a640b3c9b2cee40cd40032 /net | |
| parent | 3bb0d1c00f86b13bb184193a8f0189ddd6f0459f (diff) | |
netfilter: netns nf_conntrack: PPTP conntracking in netns
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_conntrack_pptp.c | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c index e47d5de41cc2..373e51e91ce5 100644 --- a/net/netfilter/nf_conntrack_pptp.c +++ b/net/netfilter/nf_conntrack_pptp.c | |||
| @@ -98,6 +98,7 @@ EXPORT_SYMBOL(pptp_msg_name); | |||
| 98 | static void pptp_expectfn(struct nf_conn *ct, | 98 | static void pptp_expectfn(struct nf_conn *ct, |
| 99 | struct nf_conntrack_expect *exp) | 99 | struct nf_conntrack_expect *exp) |
| 100 | { | 100 | { |
| 101 | struct net *net = nf_ct_net(ct); | ||
| 101 | typeof(nf_nat_pptp_hook_expectfn) nf_nat_pptp_expectfn; | 102 | typeof(nf_nat_pptp_hook_expectfn) nf_nat_pptp_expectfn; |
| 102 | pr_debug("increasing timeouts\n"); | 103 | pr_debug("increasing timeouts\n"); |
| 103 | 104 | ||
| @@ -121,7 +122,7 @@ static void pptp_expectfn(struct nf_conn *ct, | |||
| 121 | pr_debug("trying to unexpect other dir: "); | 122 | pr_debug("trying to unexpect other dir: "); |
| 122 | nf_ct_dump_tuple(&inv_t); | 123 | nf_ct_dump_tuple(&inv_t); |
| 123 | 124 | ||
| 124 | exp_other = nf_ct_expect_find_get(&init_net, &inv_t); | 125 | exp_other = nf_ct_expect_find_get(net, &inv_t); |
| 125 | if (exp_other) { | 126 | if (exp_other) { |
| 126 | /* delete other expectation. */ | 127 | /* delete other expectation. */ |
| 127 | pr_debug("found\n"); | 128 | pr_debug("found\n"); |
| @@ -134,7 +135,8 @@ static void pptp_expectfn(struct nf_conn *ct, | |||
| 134 | rcu_read_unlock(); | 135 | rcu_read_unlock(); |
| 135 | } | 136 | } |
| 136 | 137 | ||
| 137 | static int destroy_sibling_or_exp(const struct nf_conntrack_tuple *t) | 138 | static int destroy_sibling_or_exp(struct net *net, |
| 139 | const struct nf_conntrack_tuple *t) | ||
| 138 | { | 140 | { |
| 139 | const struct nf_conntrack_tuple_hash *h; | 141 | const struct nf_conntrack_tuple_hash *h; |
| 140 | struct nf_conntrack_expect *exp; | 142 | struct nf_conntrack_expect *exp; |
| @@ -143,7 +145,7 @@ static int destroy_sibling_or_exp(const struct nf_conntrack_tuple *t) | |||
| 143 | pr_debug("trying to timeout ct or exp for tuple "); | 145 | pr_debug("trying to timeout ct or exp for tuple "); |
| 144 | nf_ct_dump_tuple(t); | 146 | nf_ct_dump_tuple(t); |
| 145 | 147 | ||
| 146 | h = nf_conntrack_find_get(&init_net, t); | 148 | h = nf_conntrack_find_get(net, t); |
| 147 | if (h) { | 149 | if (h) { |
| 148 | sibling = nf_ct_tuplehash_to_ctrack(h); | 150 | sibling = nf_ct_tuplehash_to_ctrack(h); |
| 149 | pr_debug("setting timeout of conntrack %p to 0\n", sibling); | 151 | pr_debug("setting timeout of conntrack %p to 0\n", sibling); |
| @@ -154,7 +156,7 @@ static int destroy_sibling_or_exp(const struct nf_conntrack_tuple *t) | |||
| 154 | nf_ct_put(sibling); | 156 | nf_ct_put(sibling); |
| 155 | return 1; | 157 | return 1; |
| 156 | } else { | 158 | } else { |
| 157 | exp = nf_ct_expect_find_get(&init_net, t); | 159 | exp = nf_ct_expect_find_get(net, t); |
| 158 | if (exp) { | 160 | if (exp) { |
| 159 | pr_debug("unexpect_related of expect %p\n", exp); | 161 | pr_debug("unexpect_related of expect %p\n", exp); |
| 160 | nf_ct_unexpect_related(exp); | 162 | nf_ct_unexpect_related(exp); |
| @@ -168,6 +170,7 @@ static int destroy_sibling_or_exp(const struct nf_conntrack_tuple *t) | |||
| 168 | /* timeout GRE data connections */ | 170 | /* timeout GRE data connections */ |
| 169 | static void pptp_destroy_siblings(struct nf_conn *ct) | 171 | static void pptp_destroy_siblings(struct nf_conn *ct) |
| 170 | { | 172 | { |
| 173 | struct net *net = nf_ct_net(ct); | ||
| 171 | const struct nf_conn_help *help = nfct_help(ct); | 174 | const struct nf_conn_help *help = nfct_help(ct); |
| 172 | struct nf_conntrack_tuple t; | 175 | struct nf_conntrack_tuple t; |
| 173 | 176 | ||
| @@ -178,7 +181,7 @@ static void pptp_destroy_siblings(struct nf_conn *ct) | |||
| 178 | t.dst.protonum = IPPROTO_GRE; | 181 | t.dst.protonum = IPPROTO_GRE; |
| 179 | t.src.u.gre.key = help->help.ct_pptp_info.pns_call_id; | 182 | t.src.u.gre.key = help->help.ct_pptp_info.pns_call_id; |
| 180 | t.dst.u.gre.key = help->help.ct_pptp_info.pac_call_id; | 183 | t.dst.u.gre.key = help->help.ct_pptp_info.pac_call_id; |
| 181 | if (!destroy_sibling_or_exp(&t)) | 184 | if (!destroy_sibling_or_exp(net, &t)) |
| 182 | pr_debug("failed to timeout original pns->pac ct/exp\n"); | 185 | pr_debug("failed to timeout original pns->pac ct/exp\n"); |
| 183 | 186 | ||
| 184 | /* try reply (pac->pns) tuple */ | 187 | /* try reply (pac->pns) tuple */ |
| @@ -186,7 +189,7 @@ static void pptp_destroy_siblings(struct nf_conn *ct) | |||
| 186 | t.dst.protonum = IPPROTO_GRE; | 189 | t.dst.protonum = IPPROTO_GRE; |
| 187 | t.src.u.gre.key = help->help.ct_pptp_info.pac_call_id; | 190 | t.src.u.gre.key = help->help.ct_pptp_info.pac_call_id; |
| 188 | t.dst.u.gre.key = help->help.ct_pptp_info.pns_call_id; | 191 | t.dst.u.gre.key = help->help.ct_pptp_info.pns_call_id; |
| 189 | if (!destroy_sibling_or_exp(&t)) | 192 | if (!destroy_sibling_or_exp(net, &t)) |
| 190 | pr_debug("failed to timeout reply pac->pns ct/exp\n"); | 193 | pr_debug("failed to timeout reply pac->pns ct/exp\n"); |
| 191 | } | 194 | } |
| 192 | 195 | ||
| @@ -594,15 +597,32 @@ static struct nf_conntrack_helper pptp __read_mostly = { | |||
| 594 | .expect_policy = &pptp_exp_policy, | 597 | .expect_policy = &pptp_exp_policy, |
| 595 | }; | 598 | }; |
| 596 | 599 | ||
| 600 | static void nf_conntrack_pptp_net_exit(struct net *net) | ||
| 601 | { | ||
| 602 | nf_ct_gre_keymap_flush(net); | ||
| 603 | } | ||
| 604 | |||
| 605 | static struct pernet_operations nf_conntrack_pptp_net_ops = { | ||
| 606 | .exit = nf_conntrack_pptp_net_exit, | ||
| 607 | }; | ||
| 608 | |||
| 597 | static int __init nf_conntrack_pptp_init(void) | 609 | static int __init nf_conntrack_pptp_init(void) |
| 598 | { | 610 | { |
| 599 | return nf_conntrack_helper_register(&pptp); | 611 | int rv; |
| 612 | |||
| 613 | rv = nf_conntrack_helper_register(&pptp); | ||
| 614 | if (rv < 0) | ||
| 615 | return rv; | ||
| 616 | rv = register_pernet_subsys(&nf_conntrack_pptp_net_ops); | ||
| 617 | if (rv < 0) | ||
| 618 | nf_conntrack_helper_unregister(&pptp); | ||
| 619 | return rv; | ||
| 600 | } | 620 | } |
| 601 | 621 | ||
| 602 | static void __exit nf_conntrack_pptp_fini(void) | 622 | static void __exit nf_conntrack_pptp_fini(void) |
| 603 | { | 623 | { |
| 604 | nf_conntrack_helper_unregister(&pptp); | 624 | nf_conntrack_helper_unregister(&pptp); |
| 605 | nf_ct_gre_keymap_flush(&init_net); | 625 | unregister_pernet_subsys(&nf_conntrack_pptp_net_ops); |
| 606 | } | 626 | } |
| 607 | 627 | ||
| 608 | module_init(nf_conntrack_pptp_init); | 628 | module_init(nf_conntrack_pptp_init); |