netfilter: conntrack: unify sysctl handling (b884fa46) · Commits · e / devices / android_kernel_fairphone_FP5

net/netfilter/nf_conntrack_proto_dccp.c

+1 −85

Original line number	Diff line number	Diff line
		@@ -724,90 +724,6 @@ dccp_timeout_nla_policy[CTA_TIMEOUT_DCCP_MAX+1] = {
		};
		#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */

		#ifdef CONFIG_SYSCTL
		/* template, data assigned later */
		static struct ctl_table dccp_sysctl_table[] = {
		{
		.procname = "nf_conntrack_dccp_timeout_request",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{
		.procname = "nf_conntrack_dccp_timeout_respond",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{
		.procname = "nf_conntrack_dccp_timeout_partopen",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{
		.procname = "nf_conntrack_dccp_timeout_open",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{
		.procname = "nf_conntrack_dccp_timeout_closereq",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{
		.procname = "nf_conntrack_dccp_timeout_closing",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{
		.procname = "nf_conntrack_dccp_timeout_timewait",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{
		.procname = "nf_conntrack_dccp_loose",
		.maxlen = sizeof(int),
		.mode = 0644,
		.proc_handler = proc_dointvec,
		},
		{ }
		};
		#endif /* CONFIG_SYSCTL */

		static int dccp_kmemdup_sysctl_table(struct net net, struct nf_proto_net pn,
		struct nf_dccp_net *dn)
		{
		#ifdef CONFIG_SYSCTL
		if (pn->ctl_table)
		return 0;

		pn->ctl_table = kmemdup(dccp_sysctl_table,
		sizeof(dccp_sysctl_table),
		GFP_KERNEL);
		if (!pn->ctl_table)
		return -ENOMEM;

		pn->ctl_table[0].data = &dn->dccp_timeout[CT_DCCP_REQUEST];
		pn->ctl_table[1].data = &dn->dccp_timeout[CT_DCCP_RESPOND];
		pn->ctl_table[2].data = &dn->dccp_timeout[CT_DCCP_PARTOPEN];
		pn->ctl_table[3].data = &dn->dccp_timeout[CT_DCCP_OPEN];
		pn->ctl_table[4].data = &dn->dccp_timeout[CT_DCCP_CLOSEREQ];
		pn->ctl_table[5].data = &dn->dccp_timeout[CT_DCCP_CLOSING];
		pn->ctl_table[6].data = &dn->dccp_timeout[CT_DCCP_TIMEWAIT];
		pn->ctl_table[7].data = &dn->dccp_loose;

		/* Don't export sysctls to unprivileged users */
		if (net->user_ns != &init_user_ns)
		pn->ctl_table[0].procname = NULL;
		#endif
		return 0;
		}

		static int dccp_init_net(struct net *net)
		{
		struct nf_dccp_net *dn = nf_dccp_pernet(net);
		@@ -830,7 +746,7 @@ static int dccp_init_net(struct net *net)
		dn->dccp_timeout[CT_DCCP_NONE] = dn->dccp_timeout[CT_DCCP_REQUEST];
		}

		return dccp_kmemdup_sysctl_table(net, pn, dn);
		return 0;
		}

		static struct nf_proto_net dccp_get_net_proto(struct net net)

net/netfilter/nf_conntrack_proto_generic.c

+1 −29

Original line number	Diff line number	Diff line
		@@ -60,41 +60,13 @@ generic_timeout_nla_policy[CTA_TIMEOUT_GENERIC_MAX+1] = {
		};
		#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */

		#ifdef CONFIG_SYSCTL
		static struct ctl_table generic_sysctl_table[] = {
		{
		.procname = "nf_conntrack_generic_timeout",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{ }
		};
		#endif /* CONFIG_SYSCTL */

		static int generic_kmemdup_sysctl_table(struct nf_proto_net *pn,
		struct nf_generic_net *gn)
		{
		#ifdef CONFIG_SYSCTL
		pn->ctl_table = kmemdup(generic_sysctl_table,
		sizeof(generic_sysctl_table),
		GFP_KERNEL);
		if (!pn->ctl_table)
		return -ENOMEM;

		pn->ctl_table[0].data = &gn->timeout;
		#endif
		return 0;
		}

		static int generic_init_net(struct net *net)
		{
		struct nf_generic_net *gn = nf_generic_pernet(net);
		struct nf_proto_net *pn = &gn->pn;

		gn->timeout = nf_ct_generic_timeout;

		return generic_kmemdup_sysctl_table(pn, gn);
		return 0;
		}

		static struct nf_proto_net generic_get_net_proto(struct net net)

net/netfilter/nf_conntrack_proto_gre.c

+1 −41

Original line number	Diff line number	Diff line
		@@ -313,46 +313,6 @@ gre_timeout_nla_policy[CTA_TIMEOUT_GRE_MAX+1] = {
		};
		#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */

		#ifdef CONFIG_SYSCTL
		static struct ctl_table gre_sysctl_table[] = {
		{
		.procname = "nf_conntrack_gre_timeout",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{
		.procname = "nf_conntrack_gre_timeout_stream",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{}
		};
		#endif

		static int gre_kmemdup_sysctl_table(struct net *net)
		{
		#ifdef CONFIG_SYSCTL
		struct nf_gre_net *net_gre = gre_pernet(net);
		struct nf_proto_net *nf = &net_gre->nf;
		int i;

		if (nf->ctl_table)
		return 0;

		nf->ctl_table = kmemdup(gre_sysctl_table,
		sizeof(gre_sysctl_table),
		GFP_KERNEL);
		if (!nf->ctl_table)
		return -ENOMEM;

		for (i = 0; i < GRE_CT_MAX; i++)
		nf->ctl_table[i].data = &net_gre->timeouts[i];
		#endif
		return 0;
		}

		static int gre_init_net(struct net *net)
		{
		struct nf_gre_net *net_gre = gre_pernet(net);
		@@ -362,7 +322,7 @@ static int gre_init_net(struct net *net)
		for (i = 0; i < GRE_CT_MAX; i++)
		net_gre->timeouts[i] = gre_timeouts[i];

		return gre_kmemdup_sysctl_table(net);
		return 0;
		}

		/* protocol helper struct */

net/netfilter/nf_conntrack_proto_icmp.c

+1 −28

Original line number	Diff line number	Diff line
		@@ -298,41 +298,14 @@ icmp_timeout_nla_policy[CTA_TIMEOUT_ICMP_MAX+1] = {
		};
		#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */

		#ifdef CONFIG_SYSCTL
		static struct ctl_table icmp_sysctl_table[] = {
		{
		.procname = "nf_conntrack_icmp_timeout",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{ }
		};
		#endif /* CONFIG_SYSCTL */

		static int icmp_kmemdup_sysctl_table(struct nf_proto_net *pn,
		struct nf_icmp_net *in)
		{
		#ifdef CONFIG_SYSCTL
		pn->ctl_table = kmemdup(icmp_sysctl_table,
		sizeof(icmp_sysctl_table),
		GFP_KERNEL);
		if (!pn->ctl_table)
		return -ENOMEM;

		pn->ctl_table[0].data = &in->timeout;
		#endif
		return 0;
		}

		static int icmp_init_net(struct net *net)
		{
		struct nf_icmp_net *in = nf_icmp_pernet(net);
		struct nf_proto_net *pn = &in->pn;

		in->timeout = nf_ct_icmp_timeout;

		return icmp_kmemdup_sysctl_table(pn, in);
		return 0;
		}

		static struct nf_proto_net icmp_get_net_proto(struct net net)

net/netfilter/nf_conntrack_proto_icmpv6.c

+1 −28

Original line number	Diff line number	Diff line
		@@ -309,41 +309,14 @@ icmpv6_timeout_nla_policy[CTA_TIMEOUT_ICMPV6_MAX+1] = {
		};
		#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */

		#ifdef CONFIG_SYSCTL
		static struct ctl_table icmpv6_sysctl_table[] = {
		{
		.procname = "nf_conntrack_icmpv6_timeout",
		.maxlen = sizeof(unsigned int),
		.mode = 0644,
		.proc_handler = proc_dointvec_jiffies,
		},
		{ }
		};
		#endif /* CONFIG_SYSCTL */

		static int icmpv6_kmemdup_sysctl_table(struct nf_proto_net *pn,
		struct nf_icmp_net *in)
		{
		#ifdef CONFIG_SYSCTL
		pn->ctl_table = kmemdup(icmpv6_sysctl_table,
		sizeof(icmpv6_sysctl_table),
		GFP_KERNEL);
		if (!pn->ctl_table)
		return -ENOMEM;

		pn->ctl_table[0].data = &in->timeout;
		#endif
		return 0;
		}

		static int icmpv6_init_net(struct net *net)
		{
		struct nf_icmp_net *in = nf_icmpv6_pernet(net);
		struct nf_proto_net *pn = &in->pn;

		in->timeout = nf_ct_icmpv6_timeout;

		return icmpv6_kmemdup_sysctl_table(pn, in);
		return 0;
		}

		static struct nf_proto_net icmpv6_get_net_proto(struct net net)