netfilter: netns nf_conntrack: per-netns expectations

#define _NF_CONNTRACK_EXPECT_H

#include <net/netfilter/nf_conntrack.h>

extern struct hlist_head *nf_ct_expect_hash;

extern unsigned int nf_ct_expect_hsize;

extern unsigned int nf_ct_expect_max;

	struct rcu_head rcu;

};

static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp)

{

#ifdef CONFIG_NET_NS

	return exp->master->ct_net;	/* by definition */

#else

	return &init_net;

#endif

}

struct nf_conntrack_expect_policy

{

	unsigned int	max_expected;

#define NF_CT_EXPECT_PERMANENT	0x1

#define NF_CT_EXPECT_INACTIVE	0x2

int nf_conntrack_expect_init(void);

void nf_conntrack_expect_fini(void);

int nf_conntrack_expect_init(struct net *net);

void nf_conntrack_expect_fini(struct net *net);

struct nf_conntrack_expect *

__nf_ct_expect_find(const struct nf_conntrack_tuple *tuple);

__nf_ct_expect_find(struct net *net, const struct nf_conntrack_tuple *tuple);

struct nf_conntrack_expect *

nf_ct_expect_find_get(const struct nf_conntrack_tuple *tuple);

nf_ct_expect_find_get(struct net *net, const struct nf_conntrack_tuple *tuple);

struct nf_conntrack_expect *

nf_ct_find_expectation(const struct nf_conntrack_tuple *tuple);

nf_ct_find_expectation(struct net *net, const struct nf_conntrack_tuple *tuple);

void nf_ct_unlink_expect(struct nf_conntrack_expect *exp);

void nf_ct_remove_expectations(struct nf_conn *ct);

struct netns_ct {

	atomic_t		count;

	unsigned int		expect_count;

	struct hlist_head	*hash;

	struct hlist_head	*expect_hash;

	int			hash_vmalloc;

	int			expect_vmalloc;

};

#endif

static struct hlist_node *ct_expect_get_first(struct seq_file *seq)

{

	struct net *net = &init_net;

	struct ct_expect_iter_state *st = seq->private;

	struct hlist_node *n;

	for (st->bucket = 0; st->bucket < nf_ct_expect_hsize; st->bucket++) {

		n = rcu_dereference(nf_ct_expect_hash[st->bucket].first);

		n = rcu_dereference(net->ct.expect_hash[st->bucket].first);

		if (n)

			return n;

	}

static struct hlist_node *ct_expect_get_next(struct seq_file *seq,

					     struct hlist_node *head)

{

	struct net *net = &init_net;

	struct ct_expect_iter_state *st = seq->private;

	head = rcu_dereference(head->next);

	while (head == NULL) {

		if (++st->bucket >= nf_ct_expect_hsize)

			return NULL;

		head = rcu_dereference(nf_ct_expect_hash[st->bucket].first);

		head = rcu_dereference(net->ct.expect_hash[st->bucket].first);

	}

	return head;

}

	pr_debug("trying to unexpect other dir: ");

	nf_ct_dump_tuple_ip(&t);

	other_exp = nf_ct_expect_find_get(&t);

	other_exp = nf_ct_expect_find_get(&init_net, &t);

	if (other_exp) {

		nf_ct_unexpect_related(other_exp);

		nf_ct_expect_put(other_exp);

	nf_ct_acct_ext_add(ct, GFP_ATOMIC);

	spin_lock_bh(&nf_conntrack_lock);

	exp = nf_ct_find_expectation(tuple);

	exp = nf_ct_find_expectation(net, tuple);

	if (exp) {

		pr_debug("conntrack: expectation arrives ct=%p exp=%p\n",

			 ct, exp);

			     nf_conntrack_htable_size);

	nf_conntrack_acct_fini();

	nf_conntrack_expect_fini();

	nf_conntrack_expect_fini(net);

	nf_conntrack_helper_fini();

	nf_conntrack_proto_fini();

}

	if (ret < 0)

		goto err_free_conntrack_slab;

	ret = nf_conntrack_expect_init();

	ret = nf_conntrack_expect_init(net);

	if (ret < 0)

		goto out_fini_proto;

out_fini_helper:

	nf_conntrack_helper_fini();

out_fini_expect:

	nf_conntrack_expect_fini();

	nf_conntrack_expect_fini(net);

out_fini_proto:

	nf_conntrack_proto_fini();

err_free_conntrack_slab: