aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/net/netfilter/nf_conntrack.h81
-rw-r--r--include/net/netfilter/nf_conntrack_core.h1
-rw-r--r--include/net/netfilter/nf_conntrack_ecache.h95
3 files changed, 96 insertions, 81 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 9d2581fc04be..9a2950551cd3 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -244,87 +244,6 @@ extern int nf_conntrack_checksum;
244 244
245#define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++) 245#define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++)
246 246
247#ifdef CONFIG_NF_CONNTRACK_EVENTS
248#include <linux/notifier.h>
249#include <linux/interrupt.h>
250#include <net/netfilter/nf_conntrack_expect.h>
251
252struct nf_conntrack_ecache {
253 struct nf_conn *ct;
254 unsigned int events;
255};
256DECLARE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache);
257
258#define CONNTRACK_ECACHE(x) (__get_cpu_var(nf_conntrack_ecache).x)
259
260extern struct atomic_notifier_head nf_conntrack_chain;
261extern struct atomic_notifier_head nf_conntrack_expect_chain;
262
263static inline int nf_conntrack_register_notifier(struct notifier_block *nb)
264{
265 return atomic_notifier_chain_register(&nf_conntrack_chain, nb);
266}
267
268static inline int nf_conntrack_unregister_notifier(struct notifier_block *nb)
269{
270 return atomic_notifier_chain_unregister(&nf_conntrack_chain, nb);
271}
272
273static inline int
274nf_conntrack_expect_register_notifier(struct notifier_block *nb)
275{
276 return atomic_notifier_chain_register(&nf_conntrack_expect_chain, nb);
277}
278
279static inline int
280nf_conntrack_expect_unregister_notifier(struct notifier_block *nb)
281{
282 return atomic_notifier_chain_unregister(&nf_conntrack_expect_chain,
283 nb);
284}
285
286extern void nf_ct_deliver_cached_events(const struct nf_conn *ct);
287extern void __nf_ct_event_cache_init(struct nf_conn *ct);
288
289static inline void
290nf_conntrack_event_cache(enum ip_conntrack_events event,
291 const struct sk_buff *skb)
292{
293 struct nf_conn *ct = (struct nf_conn *)skb->nfct;
294 struct nf_conntrack_ecache *ecache;
295
296 local_bh_disable();
297 ecache = &__get_cpu_var(nf_conntrack_ecache);
298 if (ct != ecache->ct)
299 __nf_ct_event_cache_init(ct);
300 ecache->events |= event;
301 local_bh_enable();
302}
303
304static inline void nf_conntrack_event(enum ip_conntrack_events event,
305 struct nf_conn *ct)
306{
307 if (nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
308 atomic_notifier_call_chain(&nf_conntrack_chain, event, ct);
309}
310
311static inline void
312nf_conntrack_expect_event(enum ip_conntrack_expect_events event,
313 struct nf_conntrack_expect *exp)
314{
315 atomic_notifier_call_chain(&nf_conntrack_expect_chain, event, exp);
316}
317#else /* CONFIG_NF_CONNTRACK_EVENTS */
318static inline void nf_conntrack_event_cache(enum ip_conntrack_events event,
319 const struct sk_buff *skb) {}
320static inline void nf_conntrack_event(enum ip_conntrack_events event,
321 struct nf_conn *ct) {}
322static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {}
323static inline void
324nf_conntrack_expect_event(enum ip_conntrack_expect_events event,
325 struct nf_conntrack_expect *exp) {}
326#endif /* CONFIG_NF_CONNTRACK_EVENTS */
327
328/* no helper, no nat */ 247/* no helper, no nat */
329#define NF_CT_F_BASIC 0 248#define NF_CT_F_BASIC 0
330/* for helper */ 249/* for helper */
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index bf8d3008a381..4676b492d635 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -15,6 +15,7 @@
15#include <linux/netfilter.h> 15#include <linux/netfilter.h>
16#include <net/netfilter/nf_conntrack_l3proto.h> 16#include <net/netfilter/nf_conntrack_l3proto.h>
17#include <net/netfilter/nf_conntrack_protocol.h> 17#include <net/netfilter/nf_conntrack_protocol.h>
18#include <net/netfilter/nf_conntrack_ecache.h>
18 19
19/* This header is used to share core functionality between the 20/* This header is used to share core functionality between the
20 standalone connection tracking module, and the compatibility layer's use 21 standalone connection tracking module, and the compatibility layer's use
diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h
new file mode 100644
index 000000000000..b62a8a9ec9d8
--- /dev/null
+++ b/include/net/netfilter/nf_conntrack_ecache.h
@@ -0,0 +1,95 @@
1/*
2 * connection tracking event cache.
3 */
4
5#ifndef _NF_CONNTRACK_ECACHE_H
6#define _NF_CONNTRACK_ECACHE_H
7#include <net/netfilter/nf_conntrack.h>
8
9#include <linux/notifier.h>
10#include <linux/interrupt.h>
11#include <net/netfilter/nf_conntrack_expect.h>
12
13#ifdef CONFIG_NF_CONNTRACK_EVENTS
14struct nf_conntrack_ecache {
15 struct nf_conn *ct;
16 unsigned int events;
17};
18DECLARE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache);
19
20#define CONNTRACK_ECACHE(x) (__get_cpu_var(nf_conntrack_ecache).x)
21
22extern struct atomic_notifier_head nf_conntrack_chain;
23extern struct atomic_notifier_head nf_conntrack_expect_chain;
24
25static inline int nf_conntrack_register_notifier(struct notifier_block *nb)
26{
27 return atomic_notifier_chain_register(&nf_conntrack_chain, nb);
28}
29
30static inline int nf_conntrack_unregister_notifier(struct notifier_block *nb)
31{
32 return atomic_notifier_chain_unregister(&nf_conntrack_chain, nb);
33}
34
35static inline int
36nf_conntrack_expect_register_notifier(struct notifier_block *nb)
37{
38 return atomic_notifier_chain_register(&nf_conntrack_expect_chain, nb);
39}
40
41static inline int
42nf_conntrack_expect_unregister_notifier(struct notifier_block *nb)
43{
44 return atomic_notifier_chain_unregister(&nf_conntrack_expect_chain,
45 nb);
46}
47
48extern void nf_ct_deliver_cached_events(const struct nf_conn *ct);
49extern void __nf_ct_event_cache_init(struct nf_conn *ct);
50extern void nf_ct_event_cache_flush(void);
51
52static inline void
53nf_conntrack_event_cache(enum ip_conntrack_events event,
54 const struct sk_buff *skb)
55{
56 struct nf_conn *ct = (struct nf_conn *)skb->nfct;
57 struct nf_conntrack_ecache *ecache;
58
59 local_bh_disable();
60 ecache = &__get_cpu_var(nf_conntrack_ecache);
61 if (ct != ecache->ct)
62 __nf_ct_event_cache_init(ct);
63 ecache->events |= event;
64 local_bh_enable();
65}
66
67static inline void nf_conntrack_event(enum ip_conntrack_events event,
68 struct nf_conn *ct)
69{
70 if (nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
71 atomic_notifier_call_chain(&nf_conntrack_chain, event, ct);
72}
73
74static inline void
75nf_conntrack_expect_event(enum ip_conntrack_expect_events event,
76 struct nf_conntrack_expect *exp)
77{
78 atomic_notifier_call_chain(&nf_conntrack_expect_chain, event, exp);
79}
80
81#else /* CONFIG_NF_CONNTRACK_EVENTS */
82
83static inline void nf_conntrack_event_cache(enum ip_conntrack_events event,
84 const struct sk_buff *skb) {}
85static inline void nf_conntrack_event(enum ip_conntrack_events event,
86 struct nf_conn *ct) {}
87static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {}
88static inline void
89nf_conntrack_expect_event(enum ip_conntrack_expect_events event,
90 struct nf_conntrack_expect *exp) {}
91static inline void nf_ct_event_cache_flush(void) {}
92#endif /* CONFIG_NF_CONNTRACK_EVENTS */
93
94#endif /*_NF_CONNTRACK_ECACHE_H*/
95