Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b9f78f9f authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by David S. Miller
Browse files

[NETFILTER]: nf_conntrack: support for layer 3 protocol load on demand 



x_tables matches and targets that require nf_conntrack_ipv[4|6] to work
don't have enough information to load on demand these modules. This
patch introduces the following changes to solve this issue:

o nf_ct_l3proto_try_module_get: try to load the layer 3 connection
tracker module and increases the refcount.
o nf_ct_l3proto_module put: drop the refcount of the module.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a45049c5

include/net/netfilter/nf_conntrack.h

+4 −0
Original line number Diff line number Diff line
@@ -195,6 +195,10 @@ static inline void nf_ct_put(struct nf_conn *ct) 
	nf_conntrack_put(&ct->ct_general);

}



/* Protocol module loading */

extern int nf_ct_l3proto_try_module_get(unsigned short l3proto);

extern void nf_ct_l3proto_module_put(unsigned short l3proto);



extern struct nf_conntrack_tuple_hash *

__nf_conntrack_find(const struct nf_conntrack_tuple *tuple,

		    const struct nf_conn *ignored_conntrack);

net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c

+1 −0
Original line number Diff line number Diff line
@@ -568,6 +568,7 @@ static int init_or_cleanup(int init) 
	return ret;

}



MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET));

MODULE_LICENSE("GPL");



static int __init init(void)

net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c

+1 −0
Original line number Diff line number Diff line
@@ -584,6 +584,7 @@ static int init_or_cleanup(int init) 
	return ret;

}



MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6));

MODULE_LICENSE("GPL");

MODULE_AUTHOR("Yasuyuki KOZAKAI @USAGI <yasuyuki.kozakai@toshiba.co.jp>");

net/netfilter/nf_conntrack_core.c

+31 −0
Original line number Diff line number Diff line
@@ -23,6 +23,8 @@ 
 * 26 Jan 2006: Harald Welte <laforge@netfilter.org>

 * 	- restructure nf_conn (introduce nf_conn_help)

 * 	- redesign 'features' how they were originally intended

 * 26 Feb 2006: Pablo Neira Ayuso <pablo@eurodev.net>

 * 	- add support for L3 protocol module load on demand.

 *

 * Derived from net/ipv4/netfilter/ip_conntrack_core.c

 */
@@ -241,6 +243,35 @@ void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p) 
	module_put(p->me);

}



int

nf_ct_l3proto_try_module_get(unsigned short l3proto)

{

	int ret;

	struct nf_conntrack_l3proto *p;



retry:	p = nf_ct_l3proto_find_get(l3proto);

	if (p == &nf_conntrack_generic_l3proto) {

		ret = request_module("nf_conntrack-%d", l3proto);

		if (!ret)

			goto retry;



		return -EPROTOTYPE;

	}



	return 0;

}



void nf_ct_l3proto_module_put(unsigned short l3proto)

{

	struct nf_conntrack_l3proto *p;



	preempt_disable();

	p = __nf_ct_l3proto_find(l3proto);

	preempt_enable();



	module_put(p->me);

}



static int nf_conntrack_hash_rnd_initted;

static unsigned int nf_conntrack_hash_rnd;

net/netfilter/nf_conntrack_standalone.c

+2 −0
Original line number Diff line number Diff line
@@ -834,6 +834,8 @@ EXPORT_SYMBOL_GPL(__nf_ct_event_cache_init); 
EXPORT_PER_CPU_SYMBOL_GPL(nf_conntrack_ecache);

EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events);

#endif

EXPORT_SYMBOL(nf_ct_l3proto_try_module_get);

EXPORT_SYMBOL(nf_ct_l3proto_module_put);

EXPORT_SYMBOL(nf_conntrack_l3proto_register);

EXPORT_SYMBOL(nf_conntrack_l3proto_unregister);

EXPORT_SYMBOL(nf_conntrack_protocol_register);