aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c55
-rw-r--r--net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c23
2 files changed, 27 insertions, 51 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 9108ecc22bea..a20615ffccff 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -324,21 +324,7 @@ static struct nf_hook_ops ipv6_conntrack_ops[] = {
324}; 324};
325 325
326#ifdef CONFIG_SYSCTL 326#ifdef CONFIG_SYSCTL
327 327static ctl_table nf_ct_ipv6_sysctl_table[] = {
328/* From nf_conntrack_proto_icmpv6.c */
329extern unsigned int nf_ct_icmpv6_timeout;
330
331static struct ctl_table_header *nf_ct_ipv6_sysctl_header;
332
333static ctl_table nf_ct_sysctl_table[] = {
334 {
335 .ctl_name = NET_NF_CONNTRACK_ICMPV6_TIMEOUT,
336 .procname = "nf_conntrack_icmpv6_timeout",
337 .data = &nf_ct_icmpv6_timeout,
338 .maxlen = sizeof(unsigned int),
339 .mode = 0644,
340 .proc_handler = &proc_dointvec_jiffies,
341 },
342 { 328 {
343 .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT, 329 .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT,
344 .procname = "nf_conntrack_frag6_timeout", 330 .procname = "nf_conntrack_frag6_timeout",
@@ -365,26 +351,6 @@ static ctl_table nf_ct_sysctl_table[] = {
365 }, 351 },
366 { .ctl_name = 0 } 352 { .ctl_name = 0 }
367}; 353};
368
369static ctl_table nf_ct_netfilter_table[] = {
370 {
371 .ctl_name = NET_NETFILTER,
372 .procname = "netfilter",
373 .mode = 0555,
374 .child = nf_ct_sysctl_table,
375 },
376 { .ctl_name = 0 }
377};
378
379static ctl_table nf_ct_net_table[] = {
380 {
381 .ctl_name = CTL_NET,
382 .procname = "net",
383 .mode = 0555,
384 .child = nf_ct_netfilter_table,
385 },
386 { .ctl_name = 0 }
387};
388#endif 354#endif
389 355
390#if defined(CONFIG_NF_CT_NETLINK) || \ 356#if defined(CONFIG_NF_CT_NETLINK) || \
@@ -442,6 +408,10 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6 = {
442 .tuple_to_nfattr = ipv6_tuple_to_nfattr, 408 .tuple_to_nfattr = ipv6_tuple_to_nfattr,
443 .nfattr_to_tuple = ipv6_nfattr_to_tuple, 409 .nfattr_to_tuple = ipv6_nfattr_to_tuple,
444#endif 410#endif
411#ifdef CONFIG_SYSCTL
412 .ctl_table_path = nf_net_netfilter_sysctl_path,
413 .ctl_table = nf_ct_ipv6_sysctl_table,
414#endif
445 .get_features = ipv6_get_features, 415 .get_features = ipv6_get_features,
446 .me = THIS_MODULE, 416 .me = THIS_MODULE,
447}; 417};
@@ -492,20 +462,8 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
492 "hook.\n"); 462 "hook.\n");
493 goto cleanup_ipv6; 463 goto cleanup_ipv6;
494 } 464 }
495#ifdef CONFIG_SYSCTL
496 nf_ct_ipv6_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
497 if (nf_ct_ipv6_sysctl_header == NULL) {
498 printk("nf_conntrack: can't register to sysctl.\n");
499 ret = -ENOMEM;
500 goto cleanup_hooks;
501 }
502#endif
503 return ret; 465 return ret;
504 466
505#ifdef CONFIG_SYSCTL
506 cleanup_hooks:
507 nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
508#endif
509 cleanup_ipv6: 467 cleanup_ipv6:
510 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6); 468 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6);
511 cleanup_icmpv6: 469 cleanup_icmpv6:
@@ -522,9 +480,6 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
522static void __exit nf_conntrack_l3proto_ipv6_fini(void) 480static void __exit nf_conntrack_l3proto_ipv6_fini(void)
523{ 481{
524 synchronize_net(); 482 synchronize_net();
525#ifdef CONFIG_SYSCTL
526 unregister_sysctl_table(nf_ct_ipv6_sysctl_header);
527#endif
528 nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops)); 483 nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
529 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6); 484 nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6);
530 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_icmpv6); 485 nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_icmpv6);
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index b3b468c0ef7a..1e8e700f6135 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -33,7 +33,7 @@
33#include <net/netfilter/nf_conntrack_core.h> 33#include <net/netfilter/nf_conntrack_core.h>
34#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h> 34#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>
35 35
36unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ; 36static unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ;
37 37
38#if 0 38#if 0
39#define DEBUGP printk 39#define DEBUGP printk
@@ -298,6 +298,23 @@ static int icmpv6_nfattr_to_tuple(struct nfattr *tb[],
298} 298}
299#endif 299#endif
300 300
301#ifdef CONFIG_SYSCTL
302static struct ctl_table_header *icmpv6_sysctl_header;
303static struct ctl_table icmpv6_sysctl_table[] = {
304 {
305 .ctl_name = NET_NF_CONNTRACK_ICMPV6_TIMEOUT,
306 .procname = "nf_conntrack_icmpv6_timeout",
307 .data = &nf_ct_icmpv6_timeout,
308 .maxlen = sizeof(unsigned int),
309 .mode = 0644,
310 .proc_handler = &proc_dointvec_jiffies,
311 },
312 {
313 .ctl_name = 0
314 }
315};
316#endif /* CONFIG_SYSCTL */
317
301struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 = 318struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 =
302{ 319{
303 .l3proto = PF_INET6, 320 .l3proto = PF_INET6,
@@ -315,6 +332,10 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 =
315 .tuple_to_nfattr = icmpv6_tuple_to_nfattr, 332 .tuple_to_nfattr = icmpv6_tuple_to_nfattr,
316 .nfattr_to_tuple = icmpv6_nfattr_to_tuple, 333 .nfattr_to_tuple = icmpv6_nfattr_to_tuple,
317#endif 334#endif
335#ifdef CONFIG_SYSCTL
336 .ctl_table_header = &icmpv6_sysctl_header,
337 .ctl_table = icmpv6_sysctl_table,
338#endif
318}; 339};
319 340
320EXPORT_SYMBOL(nf_conntrack_l4proto_icmpv6); 341EXPORT_SYMBOL(nf_conntrack_l4proto_icmpv6);