aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/net/netns/conntrack.h6
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c38
-rw-r--r--net/netfilter/nf_conntrack_proto.c2
3 files changed, 43 insertions, 3 deletions
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index 7bd14ab8ce1c..3d8e9e3b08a6 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -45,10 +45,16 @@ struct nf_udp_net {
45 unsigned int timeouts[UDP_CT_MAX]; 45 unsigned int timeouts[UDP_CT_MAX];
46}; 46};
47 47
48struct nf_icmp_net {
49 struct nf_proto_net pn;
50 unsigned int timeout;
51};
52
48struct nf_ip_net { 53struct nf_ip_net {
49 struct nf_generic_net generic; 54 struct nf_generic_net generic;
50 struct nf_tcp_net tcp; 55 struct nf_tcp_net tcp;
51 struct nf_udp_net udp; 56 struct nf_udp_net udp;
57 struct nf_icmp_net icmp;
52#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) 58#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
53 struct ctl_table_header *ctl_table_header; 59 struct ctl_table_header *ctl_table_header;
54 struct ctl_table *ctl_table; 60 struct ctl_table *ctl_table;
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 0847e373d33c..a0eabeb36b9f 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -23,6 +23,11 @@
23 23
24static unsigned int nf_ct_icmp_timeout __read_mostly = 30*HZ; 24static unsigned int nf_ct_icmp_timeout __read_mostly = 30*HZ;
25 25
26static inline struct nf_icmp_net *icmp_pernet(struct net *net)
27{
28 return &net->ct.nf_ct_proto.icmp;
29}
30
26static bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff, 31static bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
27 struct nf_conntrack_tuple *tuple) 32 struct nf_conntrack_tuple *tuple)
28{ 33{
@@ -77,7 +82,7 @@ static int icmp_print_tuple(struct seq_file *s,
77 82
78static unsigned int *icmp_get_timeouts(struct net *net) 83static unsigned int *icmp_get_timeouts(struct net *net)
79{ 84{
80 return &nf_ct_icmp_timeout; 85 return &icmp_pernet(net)->timeout;
81} 86}
82 87
83/* Returns verdict for packet, or -1 for invalid. */ 88/* Returns verdict for packet, or -1 for invalid. */
@@ -312,7 +317,6 @@ static struct ctl_table_header *icmp_sysctl_header;
312static struct ctl_table icmp_sysctl_table[] = { 317static struct ctl_table icmp_sysctl_table[] = {
313 { 318 {
314 .procname = "nf_conntrack_icmp_timeout", 319 .procname = "nf_conntrack_icmp_timeout",
315 .data = &nf_ct_icmp_timeout,
316 .maxlen = sizeof(unsigned int), 320 .maxlen = sizeof(unsigned int),
317 .mode = 0644, 321 .mode = 0644,
318 .proc_handler = proc_dointvec_jiffies, 322 .proc_handler = proc_dointvec_jiffies,
@@ -323,7 +327,6 @@ static struct ctl_table icmp_sysctl_table[] = {
323static struct ctl_table icmp_compat_sysctl_table[] = { 327static struct ctl_table icmp_compat_sysctl_table[] = {
324 { 328 {
325 .procname = "ip_conntrack_icmp_timeout", 329 .procname = "ip_conntrack_icmp_timeout",
326 .data = &nf_ct_icmp_timeout,
327 .maxlen = sizeof(unsigned int), 330 .maxlen = sizeof(unsigned int),
328 .mode = 0644, 331 .mode = 0644,
329 .proc_handler = proc_dointvec_jiffies, 332 .proc_handler = proc_dointvec_jiffies,
@@ -333,6 +336,34 @@ static struct ctl_table icmp_compat_sysctl_table[] = {
333#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ 336#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
334#endif /* CONFIG_SYSCTL */ 337#endif /* CONFIG_SYSCTL */
335 338
339static int icmp_init_net(struct net *net)
340{
341 struct nf_icmp_net *in = icmp_pernet(net);
342 struct nf_proto_net *pn = (struct nf_proto_net *)in;
343 in->timeout = nf_ct_icmp_timeout;
344
345#ifdef CONFIG_SYSCTL
346 pn->ctl_table = kmemdup(icmp_sysctl_table,
347 sizeof(icmp_sysctl_table),
348 GFP_KERNEL);
349 if (!pn->ctl_table)
350 return -ENOMEM;
351 pn->ctl_table[0].data = &in->timeout;
352#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
353 pn->ctl_compat_table = kmemdup(icmp_compat_sysctl_table,
354 sizeof(icmp_compat_sysctl_table),
355 GFP_KERNEL);
356 if (!pn->ctl_compat_table) {
357 kfree(pn->ctl_table);
358 pn->ctl_table = NULL;
359 return -ENOMEM;
360 }
361 pn->ctl_compat_table[0].data = &in->timeout;
362#endif
363#endif
364 return 0;
365}
366
336struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly = 367struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly =
337{ 368{
338 .l3proto = PF_INET, 369 .l3proto = PF_INET,
@@ -369,4 +400,5 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly =
369 .ctl_compat_table = icmp_compat_sysctl_table, 400 .ctl_compat_table = icmp_compat_sysctl_table,
370#endif 401#endif
371#endif 402#endif
403 .init_net = icmp_init_net,
372}; 404};
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 9c6aee51dea2..dbade5f2b1d3 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -307,6 +307,8 @@ static struct nf_proto_net *nf_ct_l4proto_net(struct net *net,
307 return (struct nf_proto_net *)&net->ct.nf_ct_proto.tcp; 307 return (struct nf_proto_net *)&net->ct.nf_ct_proto.tcp;
308 case IPPROTO_UDP: 308 case IPPROTO_UDP:
309 return (struct nf_proto_net *)&net->ct.nf_ct_proto.udp; 309 return (struct nf_proto_net *)&net->ct.nf_ct_proto.udp;
310 case IPPROTO_ICMP:
311 return (struct nf_proto_net *)&net->ct.nf_ct_proto.icmp;
310 case 255: /* l4proto_generic */ 312 case 255: /* l4proto_generic */
311 return (struct nf_proto_net *)&net->ct.nf_ct_proto.generic; 313 return (struct nf_proto_net *)&net->ct.nf_ct_proto.generic;
312 default: 314 default:
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-25 22:02:49 -0500