diff options
| -rw-r--r-- | include/net/netfilter/nf_conntrack_ecache.h | 19 | ||||
| -rw-r--r-- | include/net/netns/conntrack.h | 2 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_ecache.c | 37 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 73 |
4 files changed, 82 insertions, 49 deletions
diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h index 4283508b3e18..a88fb6939387 100644 --- a/include/net/netfilter/nf_conntrack_ecache.h +++ b/include/net/netfilter/nf_conntrack_ecache.h | |||
| @@ -67,18 +67,18 @@ struct nf_ct_event_notifier { | |||
| 67 | int (*fcn)(unsigned int events, struct nf_ct_event *item); | 67 | int (*fcn)(unsigned int events, struct nf_ct_event *item); |
| 68 | }; | 68 | }; |
| 69 | 69 | ||
| 70 | extern struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb; | 70 | extern int nf_conntrack_register_notifier(struct net *net, struct nf_ct_event_notifier *nb); |
| 71 | extern int nf_conntrack_register_notifier(struct nf_ct_event_notifier *nb); | 71 | extern void nf_conntrack_unregister_notifier(struct net *net, struct nf_ct_event_notifier *nb); |
| 72 | extern void nf_conntrack_unregister_notifier(struct nf_ct_event_notifier *nb); | ||
| 73 | 72 | ||
| 74 | extern void nf_ct_deliver_cached_events(struct nf_conn *ct); | 73 | extern void nf_ct_deliver_cached_events(struct nf_conn *ct); |
| 75 | 74 | ||
| 76 | static inline void | 75 | static inline void |
| 77 | nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct) | 76 | nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct) |
| 78 | { | 77 | { |
| 78 | struct net *net = nf_ct_net(ct); | ||
| 79 | struct nf_conntrack_ecache *e; | 79 | struct nf_conntrack_ecache *e; |
| 80 | 80 | ||
| 81 | if (nf_conntrack_event_cb == NULL) | 81 | if (net->ct.nf_conntrack_event_cb == NULL) |
| 82 | return; | 82 | return; |
| 83 | 83 | ||
| 84 | e = nf_ct_ecache_find(ct); | 84 | e = nf_ct_ecache_find(ct); |
| @@ -95,11 +95,12 @@ nf_conntrack_eventmask_report(unsigned int eventmask, | |||
| 95 | int report) | 95 | int report) |
| 96 | { | 96 | { |
| 97 | int ret = 0; | 97 | int ret = 0; |
| 98 | struct net *net = nf_ct_net(ct); | ||
| 98 | struct nf_ct_event_notifier *notify; | 99 | struct nf_ct_event_notifier *notify; |
| 99 | struct nf_conntrack_ecache *e; | 100 | struct nf_conntrack_ecache *e; |
| 100 | 101 | ||
| 101 | rcu_read_lock(); | 102 | rcu_read_lock(); |
| 102 | notify = rcu_dereference(nf_conntrack_event_cb); | 103 | notify = rcu_dereference(net->ct.nf_conntrack_event_cb); |
| 103 | if (notify == NULL) | 104 | if (notify == NULL) |
| 104 | goto out_unlock; | 105 | goto out_unlock; |
| 105 | 106 | ||
| @@ -164,9 +165,8 @@ struct nf_exp_event_notifier { | |||
| 164 | int (*fcn)(unsigned int events, struct nf_exp_event *item); | 165 | int (*fcn)(unsigned int events, struct nf_exp_event *item); |
| 165 | }; | 166 | }; |
| 166 | 167 | ||
| 167 | extern struct nf_exp_event_notifier __rcu *nf_expect_event_cb; | 168 | extern int nf_ct_expect_register_notifier(struct net *net, struct nf_exp_event_notifier *nb); |
| 168 | extern int nf_ct_expect_register_notifier(struct nf_exp_event_notifier *nb); | 169 | extern void nf_ct_expect_unregister_notifier(struct net *net, struct nf_exp_event_notifier *nb); |
| 169 | extern void nf_ct_expect_unregister_notifier(struct nf_exp_event_notifier *nb); | ||
| 170 | 170 | ||
| 171 | static inline void | 171 | static inline void |
| 172 | nf_ct_expect_event_report(enum ip_conntrack_expect_events event, | 172 | nf_ct_expect_event_report(enum ip_conntrack_expect_events event, |
| @@ -174,11 +174,12 @@ nf_ct_expect_event_report(enum ip_conntrack_expect_events event, | |||
| 174 | u32 pid, | 174 | u32 pid, |
| 175 | int report) | 175 | int report) |
| 176 | { | 176 | { |
| 177 | struct net *net = nf_ct_exp_net(exp); | ||
| 177 | struct nf_exp_event_notifier *notify; | 178 | struct nf_exp_event_notifier *notify; |
| 178 | struct nf_conntrack_ecache *e; | 179 | struct nf_conntrack_ecache *e; |
| 179 | 180 | ||
| 180 | rcu_read_lock(); | 181 | rcu_read_lock(); |
| 181 | notify = rcu_dereference(nf_expect_event_cb); | 182 | notify = rcu_dereference(net->ct.nf_expect_event_cb); |
| 182 | if (notify == NULL) | 183 | if (notify == NULL) |
| 183 | goto out_unlock; | 184 | goto out_unlock; |
| 184 | 185 | ||
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h index 0249399e51a7..7a911eca0f18 100644 --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h | |||
| @@ -18,6 +18,8 @@ struct netns_ct { | |||
| 18 | struct hlist_nulls_head unconfirmed; | 18 | struct hlist_nulls_head unconfirmed; |
| 19 | struct hlist_nulls_head dying; | 19 | struct hlist_nulls_head dying; |
| 20 | struct ip_conntrack_stat __percpu *stat; | 20 | struct ip_conntrack_stat __percpu *stat; |
| 21 | struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb; | ||
| 22 | struct nf_exp_event_notifier __rcu *nf_expect_event_cb; | ||
| 21 | int sysctl_events; | 23 | int sysctl_events; |
| 22 | unsigned int sysctl_events_retry_timeout; | 24 | unsigned int sysctl_events_retry_timeout; |
| 23 | int sysctl_acct; | 25 | int sysctl_acct; |
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c index 6b368be937c6..b62c4148b921 100644 --- a/net/netfilter/nf_conntrack_ecache.c +++ b/net/netfilter/nf_conntrack_ecache.c | |||
| @@ -27,22 +27,17 @@ | |||
| 27 | 27 | ||
| 28 | static DEFINE_MUTEX(nf_ct_ecache_mutex); | 28 | static DEFINE_MUTEX(nf_ct_ecache_mutex); |
| 29 | 29 | ||
| 30 | struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb __read_mostly; | ||
| 31 | EXPORT_SYMBOL_GPL(nf_conntrack_event_cb); | ||
| 32 | |||
| 33 | struct nf_exp_event_notifier __rcu *nf_expect_event_cb __read_mostly; | ||
| 34 | EXPORT_SYMBOL_GPL(nf_expect_event_cb); | ||
| 35 | |||
| 36 | /* deliver cached events and clear cache entry - must be called with locally | 30 | /* deliver cached events and clear cache entry - must be called with locally |
| 37 | * disabled softirqs */ | 31 | * disabled softirqs */ |
| 38 | void nf_ct_deliver_cached_events(struct nf_conn *ct) | 32 | void nf_ct_deliver_cached_events(struct nf_conn *ct) |
| 39 | { | 33 | { |
| 34 | struct net *net = nf_ct_net(ct); | ||
| 40 | unsigned long events; | 35 | unsigned long events; |
| 41 | struct nf_ct_event_notifier *notify; | 36 | struct nf_ct_event_notifier *notify; |
| 42 | struct nf_conntrack_ecache *e; | 37 | struct nf_conntrack_ecache *e; |
| 43 | 38 | ||
| 44 | rcu_read_lock(); | 39 | rcu_read_lock(); |
| 45 | notify = rcu_dereference(nf_conntrack_event_cb); | 40 | notify = rcu_dereference(net->ct.nf_conntrack_event_cb); |
| 46 | if (notify == NULL) | 41 | if (notify == NULL) |
| 47 | goto out_unlock; | 42 | goto out_unlock; |
| 48 | 43 | ||
| @@ -83,19 +78,20 @@ out_unlock: | |||
| 83 | } | 78 | } |
| 84 | EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); | 79 | EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events); |
| 85 | 80 | ||
| 86 | int nf_conntrack_register_notifier(struct nf_ct_event_notifier *new) | 81 | int nf_conntrack_register_notifier(struct net *net, |
| 82 | struct nf_ct_event_notifier *new) | ||
| 87 | { | 83 | { |
| 88 | int ret = 0; | 84 | int ret = 0; |
| 89 | struct nf_ct_event_notifier *notify; | 85 | struct nf_ct_event_notifier *notify; |
| 90 | 86 | ||
| 91 | mutex_lock(&nf_ct_ecache_mutex); | 87 | mutex_lock(&nf_ct_ecache_mutex); |
| 92 | notify = rcu_dereference_protected(nf_conntrack_event_cb, | 88 | notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb, |
| 93 | lockdep_is_held(&nf_ct_ecache_mutex)); | 89 | lockdep_is_held(&nf_ct_ecache_mutex)); |
| 94 | if (notify != NULL) { | 90 | if (notify != NULL) { |
| 95 | ret = -EBUSY; | 91 | ret = -EBUSY; |
| 96 | goto out_unlock; | 92 | goto out_unlock; |
| 97 | } | 93 | } |
| 98 | RCU_INIT_POINTER(nf_conntrack_event_cb, new); | 94 | RCU_INIT_POINTER(net->ct.nf_conntrack_event_cb, new); |
| 99 | mutex_unlock(&nf_ct_ecache_mutex); | 95 | mutex_unlock(&nf_ct_ecache_mutex); |
| 100 | return ret; | 96 | return ret; |
| 101 | 97 | ||
| @@ -105,32 +101,34 @@ out_unlock: | |||
| 105 | } | 101 | } |
| 106 | EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier); | 102 | EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier); |
| 107 | 103 | ||
| 108 | void nf_conntrack_unregister_notifier(struct nf_ct_event_notifier *new) | 104 | void nf_conntrack_unregister_notifier(struct net *net, |
| 105 | struct nf_ct_event_notifier *new) | ||
| 109 | { | 106 | { |
| 110 | struct nf_ct_event_notifier *notify; | 107 | struct nf_ct_event_notifier *notify; |
| 111 | 108 | ||
| 112 | mutex_lock(&nf_ct_ecache_mutex); | 109 | mutex_lock(&nf_ct_ecache_mutex); |
| 113 | notify = rcu_dereference_protected(nf_conntrack_event_cb, | 110 | notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb, |
| 114 | lockdep_is_held(&nf_ct_ecache_mutex)); | 111 | lockdep_is_held(&nf_ct_ecache_mutex)); |
| 115 | BUG_ON(notify != new); | 112 | BUG_ON(notify != new); |
| 116 | RCU_INIT_POINTER(nf_conntrack_event_cb, NULL); | 113 | RCU_INIT_POINTER(net->ct.nf_conntrack_event_cb, NULL); |
| 117 | mutex_unlock(&nf_ct_ecache_mutex); | 114 | mutex_unlock(&nf_ct_ecache_mutex); |
| 118 | } | 115 | } |
| 119 | EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); | 116 | EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier); |
| 120 | 117 | ||
| 121 | int nf_ct_expect_register_notifier(struct nf_exp_event_notifier *new) | 118 | int nf_ct_expect_register_notifier(struct net *net, |
| 119 | struct nf_exp_event_notifier *new) | ||
| 122 | { | 120 | { |
| 123 | int ret = 0; | 121 | int ret = 0; |
| 124 | struct nf_exp_event_notifier *notify; | 122 | struct nf_exp_event_notifier *notify; |
| 125 | 123 | ||
| 126 | mutex_lock(&nf_ct_ecache_mutex); | 124 | mutex_lock(&nf_ct_ecache_mutex); |
| 127 | notify = rcu_dereference_protected(nf_expect_event_cb, | 125 | notify = rcu_dereference_protected(net->ct.nf_expect_event_cb, |
| 128 | lockdep_is_held(&nf_ct_ecache_mutex)); | 126 | lockdep_is_held(&nf_ct_ecache_mutex)); |
| 129 | if (notify != NULL) { | 127 | if (notify != NULL) { |
| 130 | ret = -EBUSY; | 128 | ret = -EBUSY; |
| 131 | goto out_unlock; | 129 | goto out_unlock; |
| 132 | } | 130 | } |
| 133 | RCU_INIT_POINTER(nf_expect_event_cb, new); | 131 | RCU_INIT_POINTER(net->ct.nf_expect_event_cb, new); |
| 134 | mutex_unlock(&nf_ct_ecache_mutex); | 132 | mutex_unlock(&nf_ct_ecache_mutex); |
| 135 | return ret; | 133 | return ret; |
| 136 | 134 | ||
| @@ -140,15 +138,16 @@ out_unlock: | |||
| 140 | } | 138 | } |
| 141 | EXPORT_SYMBOL_GPL(nf_ct_expect_register_notifier); | 139 | EXPORT_SYMBOL_GPL(nf_ct_expect_register_notifier); |
| 142 | 140 | ||
| 143 | void nf_ct_expect_unregister_notifier(struct nf_exp_event_notifier *new) | 141 | void nf_ct_expect_unregister_notifier(struct net *net, |
| 142 | struct nf_exp_event_notifier *new) | ||
| 144 | { | 143 | { |
| 145 | struct nf_exp_event_notifier *notify; | 144 | struct nf_exp_event_notifier *notify; |
| 146 | 145 | ||
| 147 | mutex_lock(&nf_ct_ecache_mutex); | 146 | mutex_lock(&nf_ct_ecache_mutex); |
| 148 | notify = rcu_dereference_protected(nf_expect_event_cb, | 147 | notify = rcu_dereference_protected(net->ct.nf_expect_event_cb, |
| 149 | lockdep_is_held(&nf_ct_ecache_mutex)); | 148 | lockdep_is_held(&nf_ct_ecache_mutex)); |
| 150 | BUG_ON(notify != new); | 149 | BUG_ON(notify != new); |
| 151 | RCU_INIT_POINTER(nf_expect_event_cb, NULL); | 150 | RCU_INIT_POINTER(net->ct.nf_expect_event_cb, NULL); |
| 152 | mutex_unlock(&nf_ct_ecache_mutex); | 151 | mutex_unlock(&nf_ct_ecache_mutex); |
| 153 | } | 152 | } |
| 154 | EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier); | 153 | EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier); |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index e58aa9b1fe8a..ef21b221f036 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -4,7 +4,7 @@ | |||
| 4 | * (C) 2001 by Jay Schulist <jschlst@samba.org> | 4 | * (C) 2001 by Jay Schulist <jschlst@samba.org> |
| 5 | * (C) 2002-2006 by Harald Welte <laforge@gnumonks.org> | 5 | * (C) 2002-2006 by Harald Welte <laforge@gnumonks.org> |
| 6 | * (C) 2003 by Patrick Mchardy <kaber@trash.net> | 6 | * (C) 2003 by Patrick Mchardy <kaber@trash.net> |
| 7 | * (C) 2005-2008 by Pablo Neira Ayuso <pablo@netfilter.org> | 7 | * (C) 2005-2011 by Pablo Neira Ayuso <pablo@netfilter.org> |
| 8 | * | 8 | * |
| 9 | * Initial connection tracking via netlink development funded and | 9 | * Initial connection tracking via netlink development funded and |
| 10 | * generally made possible by Network Robots, Inc. (www.networkrobots.com) | 10 | * generally made possible by Network Robots, Inc. (www.networkrobots.com) |
| @@ -2163,6 +2163,54 @@ MODULE_ALIAS("ip_conntrack_netlink"); | |||
| 2163 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK); | 2163 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK); |
| 2164 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK_EXP); | 2164 | MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK_EXP); |
| 2165 | 2165 | ||
| 2166 | static int __net_init ctnetlink_net_init(struct net *net) | ||
| 2167 | { | ||
| 2168 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
| 2169 | int ret; | ||
| 2170 | |||
| 2171 | ret = nf_conntrack_register_notifier(net, &ctnl_notifier); | ||
| 2172 | if (ret < 0) { | ||
| 2173 | pr_err("ctnetlink_init: cannot register notifier.\n"); | ||
| 2174 | goto err_out; | ||
| 2175 | } | ||
| 2176 | |||
| 2177 | ret = nf_ct_expect_register_notifier(net, &ctnl_notifier_exp); | ||
| 2178 | if (ret < 0) { | ||
| 2179 | pr_err("ctnetlink_init: cannot expect register notifier.\n"); | ||
| 2180 | goto err_unreg_notifier; | ||
| 2181 | } | ||
| 2182 | #endif | ||
| 2183 | return 0; | ||
| 2184 | |||
| 2185 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
| 2186 | err_unreg_notifier: | ||
| 2187 | nf_conntrack_unregister_notifier(net, &ctnl_notifier); | ||
| 2188 | err_out: | ||
| 2189 | return ret; | ||
| 2190 | #endif | ||
| 2191 | } | ||
| 2192 | |||
| 2193 | static void ctnetlink_net_exit(struct net *net) | ||
| 2194 | { | ||
| 2195 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
| 2196 | nf_ct_expect_unregister_notifier(net, &ctnl_notifier_exp); | ||
| 2197 | nf_conntrack_unregister_notifier(net, &ctnl_notifier); | ||
| 2198 | #endif | ||
| 2199 | } | ||
| 2200 | |||
| 2201 | static void __net_exit ctnetlink_net_exit_batch(struct list_head *net_exit_list) | ||
| 2202 | { | ||
| 2203 | struct net *net; | ||
| 2204 | |||
| 2205 | list_for_each_entry(net, net_exit_list, exit_list) | ||
| 2206 | ctnetlink_net_exit(net); | ||
| 2207 | } | ||
| 2208 | |||
| 2209 | static struct pernet_operations ctnetlink_net_ops = { | ||
| 2210 | .init = ctnetlink_net_init, | ||
| 2211 | .exit_batch = ctnetlink_net_exit_batch, | ||
| 2212 | }; | ||
| 2213 | |||
| 2166 | static int __init ctnetlink_init(void) | 2214 | static int __init ctnetlink_init(void) |
| 2167 | { | 2215 | { |
| 2168 | int ret; | 2216 | int ret; |
| @@ -2180,28 +2228,15 @@ static int __init ctnetlink_init(void) | |||
| 2180 | goto err_unreg_subsys; | 2228 | goto err_unreg_subsys; |
| 2181 | } | 2229 | } |
| 2182 | 2230 | ||
| 2183 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | 2231 | if (register_pernet_subsys(&ctnetlink_net_ops)) { |
| 2184 | ret = nf_conntrack_register_notifier(&ctnl_notifier); | 2232 | pr_err("ctnetlink_init: cannot register pernet operations\n"); |
| 2185 | if (ret < 0) { | ||
| 2186 | pr_err("ctnetlink_init: cannot register notifier.\n"); | ||
| 2187 | goto err_unreg_exp_subsys; | 2233 | goto err_unreg_exp_subsys; |
| 2188 | } | 2234 | } |
| 2189 | 2235 | ||
| 2190 | ret = nf_ct_expect_register_notifier(&ctnl_notifier_exp); | ||
| 2191 | if (ret < 0) { | ||
| 2192 | pr_err("ctnetlink_init: cannot expect register notifier.\n"); | ||
| 2193 | goto err_unreg_notifier; | ||
| 2194 | } | ||
| 2195 | #endif | ||
| 2196 | |||
| 2197 | return 0; | 2236 | return 0; |
| 2198 | 2237 | ||
| 2199 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
| 2200 | err_unreg_notifier: | ||
| 2201 | nf_conntrack_unregister_notifier(&ctnl_notifier); | ||
| 2202 | err_unreg_exp_subsys: | 2238 | err_unreg_exp_subsys: |
| 2203 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); | 2239 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); |
| 2204 | #endif | ||
| 2205 | err_unreg_subsys: | 2240 | err_unreg_subsys: |
| 2206 | nfnetlink_subsys_unregister(&ctnl_subsys); | 2241 | nfnetlink_subsys_unregister(&ctnl_subsys); |
| 2207 | err_out: | 2242 | err_out: |
| @@ -2213,11 +2248,7 @@ static void __exit ctnetlink_exit(void) | |||
| 2213 | pr_info("ctnetlink: unregistering from nfnetlink.\n"); | 2248 | pr_info("ctnetlink: unregistering from nfnetlink.\n"); |
| 2214 | 2249 | ||
| 2215 | nf_ct_remove_userspace_expectations(); | 2250 | nf_ct_remove_userspace_expectations(); |
| 2216 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | 2251 | unregister_pernet_subsys(&ctnetlink_net_ops); |
| 2217 | nf_ct_expect_unregister_notifier(&ctnl_notifier_exp); | ||
| 2218 | nf_conntrack_unregister_notifier(&ctnl_notifier); | ||
| 2219 | #endif | ||
| 2220 | |||
| 2221 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); | 2252 | nfnetlink_subsys_unregister(&ctnl_exp_subsys); |
| 2222 | nfnetlink_subsys_unregister(&ctnl_subsys); | 2253 | nfnetlink_subsys_unregister(&ctnl_subsys); |
| 2223 | } | 2254 | } |