Commit a95a7774 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: conntrack: add nf_{tcp,udp,sctp,icmp,dccp,icmpv6,generic}_pernet() 



Expose these functions to access conntrack protocol tracker netns area,
nfnetlink_cttimeout needs this.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 8a02bdd5

include/net/netfilter/nf_conntrack_l4proto.h

+39 −0
Original line number Diff line number Diff line
@@ -153,4 +153,43 @@ void nf_ct_l4proto_log_invalid(const struct sk_buff *skb, 
			       const char *fmt, ...) { }

#endif /* CONFIG_SYSCTL */



static inline struct nf_generic_net *nf_generic_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.generic;

}



static inline struct nf_tcp_net *nf_tcp_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.tcp;

}



static inline struct nf_udp_net *nf_udp_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.udp;

}



static inline struct nf_icmp_net *nf_icmp_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.icmp;

}



static inline struct nf_icmp_net *nf_icmpv6_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.icmpv6;

}



#ifdef CONFIG_NF_CT_PROTO_DCCP

static inline struct nf_dccp_net *nf_dccp_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.dccp;

}

#endif



#ifdef CONFIG_NF_CT_PROTO_SCTP

static inline struct nf_sctp_net *nf_sctp_pernet(struct net *net)

{

       return &net->ct.nf_ct_proto.sctp;

}

#endif



#endif /*_NF_CONNTRACK_PROTOCOL_H*/

net/netfilter/nf_conntrack_proto_dccp.c

+4 −9
Original line number Diff line number Diff line
@@ -384,11 +384,6 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] = 
	},

};



static inline struct nf_dccp_net *dccp_pernet(struct net *net)

{

	return &net->ct.nf_ct_proto.dccp;

}



static noinline bool

dccp_new(struct nf_conn *ct, const struct sk_buff *skb,

	 const struct dccp_hdr *dh)
@@ -401,7 +396,7 @@ dccp_new(struct nf_conn *ct, const struct sk_buff *skb, 
	state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE];

	switch (state) {

	default:

		dn = dccp_pernet(net);

		dn = nf_dccp_pernet(net);

		if (dn->dccp_loose == 0) {

			msg = "not picking up existing connection ";

			goto out_invalid;
@@ -568,7 +563,7 @@ static int dccp_packet(struct nf_conn *ct, struct sk_buff *skb, 


	timeouts = nf_ct_timeout_lookup(ct);

	if (!timeouts)

		timeouts = dccp_pernet(nf_ct_net(ct))->dccp_timeout;

		timeouts = nf_dccp_pernet(nf_ct_net(ct))->dccp_timeout;

	nf_ct_refresh_acct(ct, ctinfo, skb, timeouts[new_state]);



	return NF_ACCEPT;
@@ -681,7 +676,7 @@ static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct) 
static int dccp_timeout_nlattr_to_obj(struct nlattr *tb[],

				      struct net *net, void *data)

{

	struct nf_dccp_net *dn = dccp_pernet(net);

	struct nf_dccp_net *dn = nf_dccp_pernet(net);

	unsigned int *timeouts = data;

	int i;
@@ -814,7 +809,7 @@ static int dccp_kmemdup_sysctl_table(struct net *net, struct nf_proto_net *pn, 


static int dccp_init_net(struct net *net)

{

	struct nf_dccp_net *dn = dccp_pernet(net);

	struct nf_dccp_net *dn = nf_dccp_pernet(net);

	struct nf_proto_net *pn = &dn->pn;



	if (!pn->users) {

net/netfilter/nf_conntrack_proto_generic.c

+3 −8
Original line number Diff line number Diff line
@@ -27,11 +27,6 @@ static bool nf_generic_should_process(u8 proto) 
	}

}



static inline struct nf_generic_net *generic_pernet(struct net *net)

{

	return &net->ct.nf_ct_proto.generic;

}



static bool generic_pkt_to_tuple(const struct sk_buff *skb,

				 unsigned int dataoff,

				 struct net *net, struct nf_conntrack_tuple *tuple)
@@ -58,7 +53,7 @@ static int generic_packet(struct nf_conn *ct, 
	}



	if (!timeout)

		timeout = &generic_pernet(nf_ct_net(ct))->timeout;

		timeout = &nf_generic_pernet(nf_ct_net(ct))->timeout;



	nf_ct_refresh_acct(ct, ctinfo, skb, *timeout);

	return NF_ACCEPT;
@@ -72,7 +67,7 @@ static int generic_packet(struct nf_conn *ct, 
static int generic_timeout_nlattr_to_obj(struct nlattr *tb[],

					 struct net *net, void *data)

{

	struct nf_generic_net *gn = generic_pernet(net);

	struct nf_generic_net *gn = nf_generic_pernet(net);

	unsigned int *timeout = data;



	if (!timeout)
@@ -138,7 +133,7 @@ static int generic_kmemdup_sysctl_table(struct nf_proto_net *pn, 


static int generic_init_net(struct net *net)

{

	struct nf_generic_net *gn = generic_pernet(net);

	struct nf_generic_net *gn = nf_generic_pernet(net);

	struct nf_proto_net *pn = &gn->pn;



	gn->timeout = nf_ct_generic_timeout;

net/netfilter/nf_conntrack_proto_icmp.c

+3 −8
Original line number Diff line number Diff line
@@ -25,11 +25,6 @@ 


static const unsigned int nf_ct_icmp_timeout = 30*HZ;



static inline struct nf_icmp_net *icmp_pernet(struct net *net)

{

	return &net->ct.nf_ct_proto.icmp;

}



static bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,

			      struct net *net, struct nf_conntrack_tuple *tuple)

{
@@ -103,7 +98,7 @@ static int icmp_packet(struct nf_conn *ct, 
	}



	if (!timeout)

		timeout = &icmp_pernet(nf_ct_net(ct))->timeout;

		timeout = &nf_icmp_pernet(nf_ct_net(ct))->timeout;



	nf_ct_refresh_acct(ct, ctinfo, skb, *timeout);

	return NF_ACCEPT;
@@ -275,7 +270,7 @@ static int icmp_timeout_nlattr_to_obj(struct nlattr *tb[], 
				      struct net *net, void *data)

{

	unsigned int *timeout = data;

	struct nf_icmp_net *in = icmp_pernet(net);

	struct nf_icmp_net *in = nf_icmp_pernet(net);



	if (tb[CTA_TIMEOUT_ICMP_TIMEOUT]) {

		if (!timeout)
@@ -337,7 +332,7 @@ static int icmp_kmemdup_sysctl_table(struct nf_proto_net *pn, 


static int icmp_init_net(struct net *net)

{

	struct nf_icmp_net *in = icmp_pernet(net);

	struct nf_icmp_net *in = nf_icmp_pernet(net);

	struct nf_proto_net *pn = &in->pn;



	in->timeout = nf_ct_icmp_timeout;

net/netfilter/nf_conntrack_proto_icmpv6.c

+3 −8
Original line number Diff line number Diff line
@@ -30,11 +30,6 @@ 


static const unsigned int nf_ct_icmpv6_timeout = 30*HZ;



static inline struct nf_icmp_net *icmpv6_pernet(struct net *net)

{

	return &net->ct.nf_ct_proto.icmpv6;

}



static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,

				unsigned int dataoff,

				struct net *net,
@@ -87,7 +82,7 @@ static bool icmpv6_invert_tuple(struct nf_conntrack_tuple *tuple, 


static unsigned int *icmpv6_get_timeouts(struct net *net)

{

	return &icmpv6_pernet(net)->timeout;

	return &nf_icmpv6_pernet(net)->timeout;

}



/* Returns verdict for packet, or -1 for invalid. */
@@ -286,7 +281,7 @@ static int icmpv6_timeout_nlattr_to_obj(struct nlattr *tb[], 
					struct net *net, void *data)

{

	unsigned int *timeout = data;

	struct nf_icmp_net *in = icmpv6_pernet(net);

	struct nf_icmp_net *in = nf_icmpv6_pernet(net);



	if (!timeout)

		timeout = icmpv6_get_timeouts(net);
@@ -348,7 +343,7 @@ static int icmpv6_kmemdup_sysctl_table(struct nf_proto_net *pn, 


static int icmpv6_init_net(struct net *net)

{

	struct nf_icmp_net *in = icmpv6_pernet(net);

	struct nf_icmp_net *in = nf_icmpv6_pernet(net);

	struct nf_proto_net *pn = &in->pn;



	in->timeout = nf_ct_icmpv6_timeout;

CRA Git | Maintained and supported by SUSTech CRA and CCSE