Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ecb2421b authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: add and use nf_ct_netns_get/put 



currently aliased to try_module_get/_put.
Will be changed in next patch when we add functions to make use of ->net
argument to store usercount per l3proto tracker.

This is needed to avoid registering the conntrack hooks in all netns and
later only enable connection tracking in those that need conntrack.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a379854d

include/net/netfilter/nf_conntrack.h

+4 −0
Original line number Diff line number Diff line
@@ -181,6 +181,10 @@ static inline void nf_ct_put(struct nf_conn *ct) 
int nf_ct_l3proto_try_module_get(unsigned short l3proto);

void nf_ct_l3proto_module_put(unsigned short l3proto);



/* load module; enable/disable conntrack in this namespace */

int nf_ct_netns_get(struct net *net, u8 nfproto);

void nf_ct_netns_put(struct net *net, u8 nfproto);



/*

 * Allocate a hashtable of hlist_head (if nulls == 0),

 * or hlist_nulls_head (if nulls == 1)

net/ipv4/netfilter/ipt_CLUSTERIP.c

+2 −2
Original line number Diff line number Diff line
@@ -419,7 +419,7 @@ static int clusterip_tg_check(const struct xt_tgchk_param *par) 
	}

	cipinfo->config = config;



	ret = nf_ct_l3proto_try_module_get(par->family);

	ret = nf_ct_netns_get(par->net, par->family);

	if (ret < 0)

		pr_info("cannot load conntrack support for proto=%u\n",

			par->family);
@@ -444,7 +444,7 @@ static void clusterip_tg_destroy(const struct xt_tgdtor_param *par) 


	clusterip_config_put(cipinfo->config);



	nf_ct_l3proto_module_put(par->family);

	nf_ct_netns_get(par->net, par->family);

}



#ifdef CONFIG_COMPAT

net/ipv4/netfilter/ipt_SYNPROXY.c

+2 −2
Original line number Diff line number Diff line
@@ -418,12 +418,12 @@ static int synproxy_tg4_check(const struct xt_tgchk_param *par) 
	    e->ip.invflags & XT_INV_PROTO)

		return -EINVAL;



	return nf_ct_l3proto_try_module_get(par->family);

	return nf_ct_netns_get(par->net, par->family);

}



static void synproxy_tg4_destroy(const struct xt_tgdtor_param *par)

{

	nf_ct_l3proto_module_put(par->family);

	nf_ct_netns_put(par->net, par->family);

}



static struct xt_target synproxy_tg4_reg __read_mostly = {

net/ipv6/netfilter/ip6t_SYNPROXY.c

+2 −2
Original line number Diff line number Diff line
@@ -440,12 +440,12 @@ static int synproxy_tg6_check(const struct xt_tgchk_param *par) 
	    e->ipv6.invflags & XT_INV_PROTO)

		return -EINVAL;



	return nf_ct_l3proto_try_module_get(par->family);

	return nf_ct_netns_get(par->net, par->family);

}



static void synproxy_tg6_destroy(const struct xt_tgdtor_param *par)

{

	nf_ct_l3proto_module_put(par->family);

	nf_ct_netns_put(par->net, par->family);

}



static struct xt_target synproxy_tg6_reg __read_mostly = {

net/netfilter/nf_conntrack_proto.c

+12 −0
Original line number Diff line number Diff line
@@ -125,6 +125,18 @@ void nf_ct_l3proto_module_put(unsigned short l3proto) 
}

EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);



int nf_ct_netns_get(struct net *net, u8 nfproto)

{

	return nf_ct_l3proto_try_module_get(nfproto);

}

EXPORT_SYMBOL_GPL(nf_ct_netns_get);



void nf_ct_netns_put(struct net *net, u8 nfproto)

{

	nf_ct_l3proto_module_put(nfproto);

}

EXPORT_SYMBOL_GPL(nf_ct_netns_put);



struct nf_conntrack_l4proto *

nf_ct_l4proto_find_get(u_int16_t l3num, u_int8_t l4num)

{