diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 81 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_core.h | 1 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_ecache.h | 95 |
3 files changed, 96 insertions, 81 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 9d2581fc04be..9a2950551cd3 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
@@ -244,87 +244,6 @@ extern int nf_conntrack_checksum; | |||
244 | 244 | ||
245 | #define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++) | 245 | #define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++) |
246 | 246 | ||
247 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
248 | #include <linux/notifier.h> | ||
249 | #include <linux/interrupt.h> | ||
250 | #include <net/netfilter/nf_conntrack_expect.h> | ||
251 | |||
252 | struct nf_conntrack_ecache { | ||
253 | struct nf_conn *ct; | ||
254 | unsigned int events; | ||
255 | }; | ||
256 | DECLARE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache); | ||
257 | |||
258 | #define CONNTRACK_ECACHE(x) (__get_cpu_var(nf_conntrack_ecache).x) | ||
259 | |||
260 | extern struct atomic_notifier_head nf_conntrack_chain; | ||
261 | extern struct atomic_notifier_head nf_conntrack_expect_chain; | ||
262 | |||
263 | static inline int nf_conntrack_register_notifier(struct notifier_block *nb) | ||
264 | { | ||
265 | return atomic_notifier_chain_register(&nf_conntrack_chain, nb); | ||
266 | } | ||
267 | |||
268 | static inline int nf_conntrack_unregister_notifier(struct notifier_block *nb) | ||
269 | { | ||
270 | return atomic_notifier_chain_unregister(&nf_conntrack_chain, nb); | ||
271 | } | ||
272 | |||
273 | static inline int | ||
274 | nf_conntrack_expect_register_notifier(struct notifier_block *nb) | ||
275 | { | ||
276 | return atomic_notifier_chain_register(&nf_conntrack_expect_chain, nb); | ||
277 | } | ||
278 | |||
279 | static inline int | ||
280 | nf_conntrack_expect_unregister_notifier(struct notifier_block *nb) | ||
281 | { | ||
282 | return atomic_notifier_chain_unregister(&nf_conntrack_expect_chain, | ||
283 | nb); | ||
284 | } | ||
285 | |||
286 | extern void nf_ct_deliver_cached_events(const struct nf_conn *ct); | ||
287 | extern void __nf_ct_event_cache_init(struct nf_conn *ct); | ||
288 | |||
289 | static inline void | ||
290 | nf_conntrack_event_cache(enum ip_conntrack_events event, | ||
291 | const struct sk_buff *skb) | ||
292 | { | ||
293 | struct nf_conn *ct = (struct nf_conn *)skb->nfct; | ||
294 | struct nf_conntrack_ecache *ecache; | ||
295 | |||
296 | local_bh_disable(); | ||
297 | ecache = &__get_cpu_var(nf_conntrack_ecache); | ||
298 | if (ct != ecache->ct) | ||
299 | __nf_ct_event_cache_init(ct); | ||
300 | ecache->events |= event; | ||
301 | local_bh_enable(); | ||
302 | } | ||
303 | |||
304 | static inline void nf_conntrack_event(enum ip_conntrack_events event, | ||
305 | struct nf_conn *ct) | ||
306 | { | ||
307 | if (nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct)) | ||
308 | atomic_notifier_call_chain(&nf_conntrack_chain, event, ct); | ||
309 | } | ||
310 | |||
311 | static inline void | ||
312 | nf_conntrack_expect_event(enum ip_conntrack_expect_events event, | ||
313 | struct nf_conntrack_expect *exp) | ||
314 | { | ||
315 | atomic_notifier_call_chain(&nf_conntrack_expect_chain, event, exp); | ||
316 | } | ||
317 | #else /* CONFIG_NF_CONNTRACK_EVENTS */ | ||
318 | static inline void nf_conntrack_event_cache(enum ip_conntrack_events event, | ||
319 | const struct sk_buff *skb) {} | ||
320 | static inline void nf_conntrack_event(enum ip_conntrack_events event, | ||
321 | struct nf_conn *ct) {} | ||
322 | static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {} | ||
323 | static inline void | ||
324 | nf_conntrack_expect_event(enum ip_conntrack_expect_events event, | ||
325 | struct nf_conntrack_expect *exp) {} | ||
326 | #endif /* CONFIG_NF_CONNTRACK_EVENTS */ | ||
327 | |||
328 | /* no helper, no nat */ | 247 | /* no helper, no nat */ |
329 | #define NF_CT_F_BASIC 0 | 248 | #define NF_CT_F_BASIC 0 |
330 | /* for helper */ | 249 | /* for helper */ |
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index bf8d3008a381..4676b492d635 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h | |||
@@ -15,6 +15,7 @@ | |||
15 | #include <linux/netfilter.h> | 15 | #include <linux/netfilter.h> |
16 | #include <net/netfilter/nf_conntrack_l3proto.h> | 16 | #include <net/netfilter/nf_conntrack_l3proto.h> |
17 | #include <net/netfilter/nf_conntrack_protocol.h> | 17 | #include <net/netfilter/nf_conntrack_protocol.h> |
18 | #include <net/netfilter/nf_conntrack_ecache.h> | ||
18 | 19 | ||
19 | /* This header is used to share core functionality between the | 20 | /* This header is used to share core functionality between the |
20 | standalone connection tracking module, and the compatibility layer's use | 21 | standalone connection tracking module, and the compatibility layer's use |
diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h new file mode 100644 index 000000000000..b62a8a9ec9d8 --- /dev/null +++ b/include/net/netfilter/nf_conntrack_ecache.h | |||
@@ -0,0 +1,95 @@ | |||
1 | /* | ||
2 | * connection tracking event cache. | ||
3 | */ | ||
4 | |||
5 | #ifndef _NF_CONNTRACK_ECACHE_H | ||
6 | #define _NF_CONNTRACK_ECACHE_H | ||
7 | #include <net/netfilter/nf_conntrack.h> | ||
8 | |||
9 | #include <linux/notifier.h> | ||
10 | #include <linux/interrupt.h> | ||
11 | #include <net/netfilter/nf_conntrack_expect.h> | ||
12 | |||
13 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | ||
14 | struct nf_conntrack_ecache { | ||
15 | struct nf_conn *ct; | ||
16 | unsigned int events; | ||
17 | }; | ||
18 | DECLARE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache); | ||
19 | |||
20 | #define CONNTRACK_ECACHE(x) (__get_cpu_var(nf_conntrack_ecache).x) | ||
21 | |||
22 | extern struct atomic_notifier_head nf_conntrack_chain; | ||
23 | extern struct atomic_notifier_head nf_conntrack_expect_chain; | ||
24 | |||
25 | static inline int nf_conntrack_register_notifier(struct notifier_block *nb) | ||
26 | { | ||
27 | return atomic_notifier_chain_register(&nf_conntrack_chain, nb); | ||
28 | } | ||
29 | |||
30 | static inline int nf_conntrack_unregister_notifier(struct notifier_block *nb) | ||
31 | { | ||
32 | return atomic_notifier_chain_unregister(&nf_conntrack_chain, nb); | ||
33 | } | ||
34 | |||
35 | static inline int | ||
36 | nf_conntrack_expect_register_notifier(struct notifier_block *nb) | ||
37 | { | ||
38 | return atomic_notifier_chain_register(&nf_conntrack_expect_chain, nb); | ||
39 | } | ||
40 | |||
41 | static inline int | ||
42 | nf_conntrack_expect_unregister_notifier(struct notifier_block *nb) | ||
43 | { | ||
44 | return atomic_notifier_chain_unregister(&nf_conntrack_expect_chain, | ||
45 | nb); | ||
46 | } | ||
47 | |||
48 | extern void nf_ct_deliver_cached_events(const struct nf_conn *ct); | ||
49 | extern void __nf_ct_event_cache_init(struct nf_conn *ct); | ||
50 | extern void nf_ct_event_cache_flush(void); | ||
51 | |||
52 | static inline void | ||
53 | nf_conntrack_event_cache(enum ip_conntrack_events event, | ||
54 | const struct sk_buff *skb) | ||
55 | { | ||
56 | struct nf_conn *ct = (struct nf_conn *)skb->nfct; | ||
57 | struct nf_conntrack_ecache *ecache; | ||
58 | |||
59 | local_bh_disable(); | ||
60 | ecache = &__get_cpu_var(nf_conntrack_ecache); | ||
61 | if (ct != ecache->ct) | ||
62 | __nf_ct_event_cache_init(ct); | ||
63 | ecache->events |= event; | ||
64 | local_bh_enable(); | ||
65 | } | ||
66 | |||
67 | static inline void nf_conntrack_event(enum ip_conntrack_events event, | ||
68 | struct nf_conn *ct) | ||
69 | { | ||
70 | if (nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct)) | ||
71 | atomic_notifier_call_chain(&nf_conntrack_chain, event, ct); | ||
72 | } | ||
73 | |||
74 | static inline void | ||
75 | nf_conntrack_expect_event(enum ip_conntrack_expect_events event, | ||
76 | struct nf_conntrack_expect *exp) | ||
77 | { | ||
78 | atomic_notifier_call_chain(&nf_conntrack_expect_chain, event, exp); | ||
79 | } | ||
80 | |||
81 | #else /* CONFIG_NF_CONNTRACK_EVENTS */ | ||
82 | |||
83 | static inline void nf_conntrack_event_cache(enum ip_conntrack_events event, | ||
84 | const struct sk_buff *skb) {} | ||
85 | static inline void nf_conntrack_event(enum ip_conntrack_events event, | ||
86 | struct nf_conn *ct) {} | ||
87 | static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {} | ||
88 | static inline void | ||
89 | nf_conntrack_expect_event(enum ip_conntrack_expect_events event, | ||
90 | struct nf_conntrack_expect *exp) {} | ||
91 | static inline void nf_ct_event_cache_flush(void) {} | ||
92 | #endif /* CONFIG_NF_CONNTRACK_EVENTS */ | ||
93 | |||
94 | #endif /*_NF_CONNTRACK_ECACHE_H*/ | ||
95 | |||