Loading include/net/ip_vs.h +17 −0 Original line number Original line Diff line number Diff line Loading @@ -791,6 +791,7 @@ struct ip_vs_app { /* IPVS in network namespace */ /* IPVS in network namespace */ struct netns_ipvs { struct netns_ipvs { int gen; /* Generation */ int gen; /* Generation */ int enable; /* enable like nf_hooks do */ /* /* * Hash table: for real service lookups * Hash table: for real service lookups */ */ Loading Loading @@ -1089,6 +1090,22 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp) atomic_inc(&ctl_cp->n_control); atomic_inc(&ctl_cp->n_control); } } /* * IPVS netns init & cleanup functions */ extern int __ip_vs_estimator_init(struct net *net); extern int __ip_vs_control_init(struct net *net); extern int __ip_vs_protocol_init(struct net *net); extern int __ip_vs_app_init(struct net *net); extern int __ip_vs_conn_init(struct net *net); extern int __ip_vs_sync_init(struct net *net); extern void __ip_vs_conn_cleanup(struct net *net); extern void __ip_vs_app_cleanup(struct net *net); extern void __ip_vs_protocol_cleanup(struct net *net); extern void __ip_vs_control_cleanup(struct net *net); extern void __ip_vs_estimator_cleanup(struct net *net); extern void __ip_vs_sync_cleanup(struct net *net); extern void __ip_vs_service_cleanup(struct net *net); /* /* * IPVS application functions * IPVS application functions Loading net/bridge/netfilter/ebtables.c +11 −53 Original line number Original line Diff line number Diff line Loading @@ -1766,7 +1766,7 @@ static int compat_table_info(const struct ebt_table_info *info, newinfo->entries_size = size; newinfo->entries_size = size; xt_compat_init_offsets(AF_INET, info->nentries); xt_compat_init_offsets(NFPROTO_BRIDGE, info->nentries); return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info, return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info, entries, newinfo); entries, newinfo); } } Loading Loading @@ -1882,7 +1882,7 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt, struct xt_match *match; struct xt_match *match; struct xt_target *wt; struct xt_target *wt; void *dst = NULL; void *dst = NULL; int off, pad = 0, ret = 0; int off, pad = 0; unsigned int size_kern, entry_offset, match_size = mwt->match_size; unsigned int size_kern, entry_offset, match_size = mwt->match_size; strlcpy(name, mwt->u.name, sizeof(name)); strlcpy(name, mwt->u.name, sizeof(name)); Loading Loading @@ -1935,13 +1935,6 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt, break; break; } } if (!dst) { ret = xt_compat_add_offset(NFPROTO_BRIDGE, entry_offset, off + ebt_compat_entry_padsize()); if (ret < 0) return ret; } state->buf_kern_offset += match_size + off; state->buf_kern_offset += match_size + off; state->buf_user_offset += match_size; state->buf_user_offset += match_size; pad = XT_ALIGN(size_kern) - size_kern; pad = XT_ALIGN(size_kern) - size_kern; Loading Loading @@ -2016,50 +2009,6 @@ static int ebt_size_mwt(struct compat_ebt_entry_mwt *match32, return growth; return growth; } } #define EBT_COMPAT_WATCHER_ITERATE(e, fn, args...) \ ({ \ unsigned int __i; \ int __ret = 0; \ struct compat_ebt_entry_mwt *__watcher; \ \ for (__i = e->watchers_offset; \ __i < (e)->target_offset; \ __i += __watcher->watcher_size + \ sizeof(struct compat_ebt_entry_mwt)) { \ __watcher = (void *)(e) + __i; \ __ret = fn(__watcher , ## args); \ if (__ret != 0) \ break; \ } \ if (__ret == 0) { \ if (__i != (e)->target_offset) \ __ret = -EINVAL; \ } \ __ret; \ }) #define EBT_COMPAT_MATCH_ITERATE(e, fn, args...) \ ({ \ unsigned int __i; \ int __ret = 0; \ struct compat_ebt_entry_mwt *__match; \ \ for (__i = sizeof(struct ebt_entry); \ __i < (e)->watchers_offset; \ __i += __match->match_size + \ sizeof(struct compat_ebt_entry_mwt)) { \ __match = (void *)(e) + __i; \ __ret = fn(__match , ## args); \ if (__ret != 0) \ break; \ } \ if (__ret == 0) { \ if (__i != (e)->watchers_offset) \ __ret = -EINVAL; \ } \ __ret; \ }) /* called for all ebt_entry structures. */ /* called for all ebt_entry structures. */ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base, static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base, unsigned int *total, unsigned int *total, Loading Loading @@ -2132,6 +2081,14 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base, } } } } if (state->buf_kern_start == NULL) { unsigned int offset = buf_start - (char *) base; ret = xt_compat_add_offset(NFPROTO_BRIDGE, offset, new_offset); if (ret < 0) return ret; } startoff = state->buf_user_offset - startoff; startoff = state->buf_user_offset - startoff; BUG_ON(*total < startoff); BUG_ON(*total < startoff); Loading Loading @@ -2240,6 +2197,7 @@ static int compat_do_replace(struct net *net, void __user *user, xt_compat_lock(NFPROTO_BRIDGE); xt_compat_lock(NFPROTO_BRIDGE); xt_compat_init_offsets(NFPROTO_BRIDGE, tmp.nentries); ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state); ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state); if (ret < 0) if (ret < 0) goto out_unlock; goto out_unlock; Loading net/ipv6/netfilter/ip6t_REJECT.c +3 −1 Original line number Original line Diff line number Diff line Loading @@ -45,6 +45,8 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) int tcphoff, needs_ack; int tcphoff, needs_ack; const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); struct ipv6hdr *ip6h; struct ipv6hdr *ip6h; #define DEFAULT_TOS_VALUE 0x0U const __u8 tclass = DEFAULT_TOS_VALUE; struct dst_entry *dst = NULL; struct dst_entry *dst = NULL; u8 proto; u8 proto; struct flowi6 fl6; struct flowi6 fl6; Loading Loading @@ -124,7 +126,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) skb_put(nskb, sizeof(struct ipv6hdr)); skb_put(nskb, sizeof(struct ipv6hdr)); skb_reset_network_header(nskb); skb_reset_network_header(nskb); ip6h = ipv6_hdr(nskb); ip6h = ipv6_hdr(nskb); ip6h->version = 6; *(__be32 *)ip6h = htonl(0x60000000 | (tclass << 20)); ip6h->hop_limit = ip6_dst_hoplimit(dst); ip6h->hop_limit = ip6_dst_hoplimit(dst); ip6h->nexthdr = IPPROTO_TCP; ip6h->nexthdr = IPPROTO_TCP; ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr); ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr); Loading net/netfilter/ipvs/ip_vs_app.c +3 −12 Original line number Original line Diff line number Diff line Loading @@ -576,7 +576,7 @@ static const struct file_operations ip_vs_app_fops = { }; }; #endif #endif static int __net_init __ip_vs_app_init(struct net *net) int __net_init __ip_vs_app_init(struct net *net) { { struct netns_ipvs *ipvs = net_ipvs(net); struct netns_ipvs *ipvs = net_ipvs(net); Loading @@ -585,26 +585,17 @@ static int __net_init __ip_vs_app_init(struct net *net) return 0; return 0; } } static void __net_exit __ip_vs_app_cleanup(struct net *net) void __net_exit __ip_vs_app_cleanup(struct net *net) { { proc_net_remove(net, "ip_vs_app"); proc_net_remove(net, "ip_vs_app"); } } static struct pernet_operations ip_vs_app_ops = { .init = __ip_vs_app_init, .exit = __ip_vs_app_cleanup, }; int __init ip_vs_app_init(void) int __init ip_vs_app_init(void) { { int rv; return 0; rv = register_pernet_subsys(&ip_vs_app_ops); return rv; } } void ip_vs_app_cleanup(void) void ip_vs_app_cleanup(void) { { unregister_pernet_subsys(&ip_vs_app_ops); } } net/netfilter/ipvs/ip_vs_conn.c +2 −10 Original line number Original line Diff line number Diff line Loading @@ -1258,22 +1258,17 @@ int __net_init __ip_vs_conn_init(struct net *net) return 0; return 0; } } static void __net_exit __ip_vs_conn_cleanup(struct net *net) void __net_exit __ip_vs_conn_cleanup(struct net *net) { { /* flush all the connection entries first */ /* flush all the connection entries first */ ip_vs_conn_flush(net); ip_vs_conn_flush(net); proc_net_remove(net, "ip_vs_conn"); proc_net_remove(net, "ip_vs_conn"); proc_net_remove(net, "ip_vs_conn_sync"); proc_net_remove(net, "ip_vs_conn_sync"); } } static struct pernet_operations ipvs_conn_ops = { .init = __ip_vs_conn_init, .exit = __ip_vs_conn_cleanup, }; int __init ip_vs_conn_init(void) int __init ip_vs_conn_init(void) { { int idx; int idx; int retc; /* Compute size and mask */ /* Compute size and mask */ ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits; ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits; Loading Loading @@ -1309,17 +1304,14 @@ int __init ip_vs_conn_init(void) rwlock_init(&__ip_vs_conntbl_lock_array[idx].l); rwlock_init(&__ip_vs_conntbl_lock_array[idx].l); } } retc = register_pernet_subsys(&ipvs_conn_ops); /* calculate the random value for connection hash */ /* calculate the random value for connection hash */ get_random_bytes(&ip_vs_conn_rnd, sizeof(ip_vs_conn_rnd)); get_random_bytes(&ip_vs_conn_rnd, sizeof(ip_vs_conn_rnd)); return retc; return 0; } } void ip_vs_conn_cleanup(void) void ip_vs_conn_cleanup(void) { { unregister_pernet_subsys(&ipvs_conn_ops); /* Release the empty cache */ /* Release the empty cache */ kmem_cache_destroy(ip_vs_conn_cachep); kmem_cache_destroy(ip_vs_conn_cachep); vfree(ip_vs_conn_tab); vfree(ip_vs_conn_tab); Loading Loading
include/net/ip_vs.h +17 −0 Original line number Original line Diff line number Diff line Loading @@ -791,6 +791,7 @@ struct ip_vs_app { /* IPVS in network namespace */ /* IPVS in network namespace */ struct netns_ipvs { struct netns_ipvs { int gen; /* Generation */ int gen; /* Generation */ int enable; /* enable like nf_hooks do */ /* /* * Hash table: for real service lookups * Hash table: for real service lookups */ */ Loading Loading @@ -1089,6 +1090,22 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp) atomic_inc(&ctl_cp->n_control); atomic_inc(&ctl_cp->n_control); } } /* * IPVS netns init & cleanup functions */ extern int __ip_vs_estimator_init(struct net *net); extern int __ip_vs_control_init(struct net *net); extern int __ip_vs_protocol_init(struct net *net); extern int __ip_vs_app_init(struct net *net); extern int __ip_vs_conn_init(struct net *net); extern int __ip_vs_sync_init(struct net *net); extern void __ip_vs_conn_cleanup(struct net *net); extern void __ip_vs_app_cleanup(struct net *net); extern void __ip_vs_protocol_cleanup(struct net *net); extern void __ip_vs_control_cleanup(struct net *net); extern void __ip_vs_estimator_cleanup(struct net *net); extern void __ip_vs_sync_cleanup(struct net *net); extern void __ip_vs_service_cleanup(struct net *net); /* /* * IPVS application functions * IPVS application functions Loading
net/bridge/netfilter/ebtables.c +11 −53 Original line number Original line Diff line number Diff line Loading @@ -1766,7 +1766,7 @@ static int compat_table_info(const struct ebt_table_info *info, newinfo->entries_size = size; newinfo->entries_size = size; xt_compat_init_offsets(AF_INET, info->nentries); xt_compat_init_offsets(NFPROTO_BRIDGE, info->nentries); return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info, return EBT_ENTRY_ITERATE(entries, size, compat_calc_entry, info, entries, newinfo); entries, newinfo); } } Loading Loading @@ -1882,7 +1882,7 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt, struct xt_match *match; struct xt_match *match; struct xt_target *wt; struct xt_target *wt; void *dst = NULL; void *dst = NULL; int off, pad = 0, ret = 0; int off, pad = 0; unsigned int size_kern, entry_offset, match_size = mwt->match_size; unsigned int size_kern, entry_offset, match_size = mwt->match_size; strlcpy(name, mwt->u.name, sizeof(name)); strlcpy(name, mwt->u.name, sizeof(name)); Loading Loading @@ -1935,13 +1935,6 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt, break; break; } } if (!dst) { ret = xt_compat_add_offset(NFPROTO_BRIDGE, entry_offset, off + ebt_compat_entry_padsize()); if (ret < 0) return ret; } state->buf_kern_offset += match_size + off; state->buf_kern_offset += match_size + off; state->buf_user_offset += match_size; state->buf_user_offset += match_size; pad = XT_ALIGN(size_kern) - size_kern; pad = XT_ALIGN(size_kern) - size_kern; Loading Loading @@ -2016,50 +2009,6 @@ static int ebt_size_mwt(struct compat_ebt_entry_mwt *match32, return growth; return growth; } } #define EBT_COMPAT_WATCHER_ITERATE(e, fn, args...) \ ({ \ unsigned int __i; \ int __ret = 0; \ struct compat_ebt_entry_mwt *__watcher; \ \ for (__i = e->watchers_offset; \ __i < (e)->target_offset; \ __i += __watcher->watcher_size + \ sizeof(struct compat_ebt_entry_mwt)) { \ __watcher = (void *)(e) + __i; \ __ret = fn(__watcher , ## args); \ if (__ret != 0) \ break; \ } \ if (__ret == 0) { \ if (__i != (e)->target_offset) \ __ret = -EINVAL; \ } \ __ret; \ }) #define EBT_COMPAT_MATCH_ITERATE(e, fn, args...) \ ({ \ unsigned int __i; \ int __ret = 0; \ struct compat_ebt_entry_mwt *__match; \ \ for (__i = sizeof(struct ebt_entry); \ __i < (e)->watchers_offset; \ __i += __match->match_size + \ sizeof(struct compat_ebt_entry_mwt)) { \ __match = (void *)(e) + __i; \ __ret = fn(__match , ## args); \ if (__ret != 0) \ break; \ } \ if (__ret == 0) { \ if (__i != (e)->watchers_offset) \ __ret = -EINVAL; \ } \ __ret; \ }) /* called for all ebt_entry structures. */ /* called for all ebt_entry structures. */ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base, static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base, unsigned int *total, unsigned int *total, Loading Loading @@ -2132,6 +2081,14 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base, } } } } if (state->buf_kern_start == NULL) { unsigned int offset = buf_start - (char *) base; ret = xt_compat_add_offset(NFPROTO_BRIDGE, offset, new_offset); if (ret < 0) return ret; } startoff = state->buf_user_offset - startoff; startoff = state->buf_user_offset - startoff; BUG_ON(*total < startoff); BUG_ON(*total < startoff); Loading Loading @@ -2240,6 +2197,7 @@ static int compat_do_replace(struct net *net, void __user *user, xt_compat_lock(NFPROTO_BRIDGE); xt_compat_lock(NFPROTO_BRIDGE); xt_compat_init_offsets(NFPROTO_BRIDGE, tmp.nentries); ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state); ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state); if (ret < 0) if (ret < 0) goto out_unlock; goto out_unlock; Loading
net/ipv6/netfilter/ip6t_REJECT.c +3 −1 Original line number Original line Diff line number Diff line Loading @@ -45,6 +45,8 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) int tcphoff, needs_ack; int tcphoff, needs_ack; const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); const struct ipv6hdr *oip6h = ipv6_hdr(oldskb); struct ipv6hdr *ip6h; struct ipv6hdr *ip6h; #define DEFAULT_TOS_VALUE 0x0U const __u8 tclass = DEFAULT_TOS_VALUE; struct dst_entry *dst = NULL; struct dst_entry *dst = NULL; u8 proto; u8 proto; struct flowi6 fl6; struct flowi6 fl6; Loading Loading @@ -124,7 +126,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) skb_put(nskb, sizeof(struct ipv6hdr)); skb_put(nskb, sizeof(struct ipv6hdr)); skb_reset_network_header(nskb); skb_reset_network_header(nskb); ip6h = ipv6_hdr(nskb); ip6h = ipv6_hdr(nskb); ip6h->version = 6; *(__be32 *)ip6h = htonl(0x60000000 | (tclass << 20)); ip6h->hop_limit = ip6_dst_hoplimit(dst); ip6h->hop_limit = ip6_dst_hoplimit(dst); ip6h->nexthdr = IPPROTO_TCP; ip6h->nexthdr = IPPROTO_TCP; ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr); ipv6_addr_copy(&ip6h->saddr, &oip6h->daddr); Loading
net/netfilter/ipvs/ip_vs_app.c +3 −12 Original line number Original line Diff line number Diff line Loading @@ -576,7 +576,7 @@ static const struct file_operations ip_vs_app_fops = { }; }; #endif #endif static int __net_init __ip_vs_app_init(struct net *net) int __net_init __ip_vs_app_init(struct net *net) { { struct netns_ipvs *ipvs = net_ipvs(net); struct netns_ipvs *ipvs = net_ipvs(net); Loading @@ -585,26 +585,17 @@ static int __net_init __ip_vs_app_init(struct net *net) return 0; return 0; } } static void __net_exit __ip_vs_app_cleanup(struct net *net) void __net_exit __ip_vs_app_cleanup(struct net *net) { { proc_net_remove(net, "ip_vs_app"); proc_net_remove(net, "ip_vs_app"); } } static struct pernet_operations ip_vs_app_ops = { .init = __ip_vs_app_init, .exit = __ip_vs_app_cleanup, }; int __init ip_vs_app_init(void) int __init ip_vs_app_init(void) { { int rv; return 0; rv = register_pernet_subsys(&ip_vs_app_ops); return rv; } } void ip_vs_app_cleanup(void) void ip_vs_app_cleanup(void) { { unregister_pernet_subsys(&ip_vs_app_ops); } }
net/netfilter/ipvs/ip_vs_conn.c +2 −10 Original line number Original line Diff line number Diff line Loading @@ -1258,22 +1258,17 @@ int __net_init __ip_vs_conn_init(struct net *net) return 0; return 0; } } static void __net_exit __ip_vs_conn_cleanup(struct net *net) void __net_exit __ip_vs_conn_cleanup(struct net *net) { { /* flush all the connection entries first */ /* flush all the connection entries first */ ip_vs_conn_flush(net); ip_vs_conn_flush(net); proc_net_remove(net, "ip_vs_conn"); proc_net_remove(net, "ip_vs_conn"); proc_net_remove(net, "ip_vs_conn_sync"); proc_net_remove(net, "ip_vs_conn_sync"); } } static struct pernet_operations ipvs_conn_ops = { .init = __ip_vs_conn_init, .exit = __ip_vs_conn_cleanup, }; int __init ip_vs_conn_init(void) int __init ip_vs_conn_init(void) { { int idx; int idx; int retc; /* Compute size and mask */ /* Compute size and mask */ ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits; ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits; Loading Loading @@ -1309,17 +1304,14 @@ int __init ip_vs_conn_init(void) rwlock_init(&__ip_vs_conntbl_lock_array[idx].l); rwlock_init(&__ip_vs_conntbl_lock_array[idx].l); } } retc = register_pernet_subsys(&ipvs_conn_ops); /* calculate the random value for connection hash */ /* calculate the random value for connection hash */ get_random_bytes(&ip_vs_conn_rnd, sizeof(ip_vs_conn_rnd)); get_random_bytes(&ip_vs_conn_rnd, sizeof(ip_vs_conn_rnd)); return retc; return 0; } } void ip_vs_conn_cleanup(void) void ip_vs_conn_cleanup(void) { { unregister_pernet_subsys(&ipvs_conn_ops); /* Release the empty cache */ /* Release the empty cache */ kmem_cache_destroy(ip_vs_conn_cachep); kmem_cache_destroy(ip_vs_conn_cachep); vfree(ip_vs_conn_tab); vfree(ip_vs_conn_tab); Loading
