Loading include/linux/netfilter/nfnetlink_conntrack.h +38 −0 Original line number Diff line number Diff line Loading @@ -7,6 +7,8 @@ enum cntl_msg_types { IPCTNL_MSG_CT_GET, IPCTNL_MSG_CT_DELETE, IPCTNL_MSG_CT_GET_CTRZERO, IPCTNL_MSG_CT_GET_STATS_CPU, IPCTNL_MSG_CT_GET_STATS, IPCTNL_MSG_MAX }; Loading @@ -15,6 +17,7 @@ enum ctnl_exp_msg_types { IPCTNL_MSG_EXP_NEW, IPCTNL_MSG_EXP_GET, IPCTNL_MSG_EXP_DELETE, IPCTNL_MSG_EXP_GET_STATS_CPU, IPCTNL_MSG_EXP_MAX }; Loading Loading @@ -203,4 +206,39 @@ enum ctattr_secctx { }; #define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1) enum ctattr_stats_cpu { CTA_STATS_UNSPEC, CTA_STATS_SEARCHED, CTA_STATS_FOUND, CTA_STATS_NEW, CTA_STATS_INVALID, CTA_STATS_IGNORE, CTA_STATS_DELETE, CTA_STATS_DELETE_LIST, CTA_STATS_INSERT, CTA_STATS_INSERT_FAILED, CTA_STATS_DROP, CTA_STATS_EARLY_DROP, CTA_STATS_ERROR, CTA_STATS_SEARCH_RESTART, __CTA_STATS_MAX, }; #define CTA_STATS_MAX (__CTA_STATS_MAX - 1) enum ctattr_stats_global { CTA_STATS_GLOBAL_UNSPEC, CTA_STATS_GLOBAL_ENTRIES, __CTA_STATS_GLOBAL_MAX, }; #define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1) enum ctattr_expect_stats { CTA_STATS_EXP_UNSPEC, CTA_STATS_EXP_NEW, CTA_STATS_EXP_CREATE, CTA_STATS_EXP_DELETE, __CTA_STATS_EXP_MAX, }; #define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1) #endif /* _IPCONNTRACK_NETLINK_H */ include/linux/netfilter/nfnetlink_queue.h +1 −0 Original line number Diff line number Diff line Loading @@ -95,5 +95,6 @@ enum nfqnl_attr_config { /* Flags for NFQA_CFG_FLAGS */ #define NFQA_CFG_F_FAIL_OPEN (1 << 0) #define NFQA_CFG_F_CONNTRACK (1 << 1) #define NFQA_CFG_F_MAX (1 << 2) #endif /* _NFNETLINK_QUEUE_H */ include/net/netfilter/nf_conntrack_l4proto.h +12 −1 Original line number Diff line number Diff line Loading @@ -97,7 +97,10 @@ struct nf_conntrack_l4proto { #endif int *net_id; /* Init l4proto pernet data */ int (*init_net)(struct net *net); int (*init_net)(struct net *net, u_int16_t proto); /* Return the per-net protocol part. */ struct nf_proto_net *(*get_net_proto)(struct net *net); /* Protocol name */ const char *name; Loading @@ -124,6 +127,14 @@ extern int nf_conntrack_l4proto_register(struct net *net, extern void nf_conntrack_l4proto_unregister(struct net *net, struct nf_conntrack_l4proto *proto); static inline void nf_ct_kfree_compat_sysctl_table(struct nf_proto_net *pn) { #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) kfree(pn->ctl_compat_table); pn->ctl_compat_table = NULL; #endif } /* Generic netlink helpers */ extern int nf_ct_port_tuple_to_nlattr(struct sk_buff *skb, const struct nf_conntrack_tuple *tuple); Loading net/ipv4/netfilter/nf_conntrack_proto_icmp.c +38 −9 Original line number Diff line number Diff line Loading @@ -337,34 +337,62 @@ static struct ctl_table icmp_compat_sysctl_table[] = { #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ #endif /* CONFIG_SYSCTL */ static int icmp_init_net(struct net *net) static int icmp_kmemdup_sysctl_table(struct nf_proto_net *pn, struct nf_icmp_net *in) { struct nf_icmp_net *in = icmp_pernet(net); struct nf_proto_net *pn = (struct nf_proto_net *)in; in->timeout = nf_ct_icmp_timeout; #ifdef CONFIG_SYSCTL pn->ctl_table = kmemdup(icmp_sysctl_table, sizeof(icmp_sysctl_table), GFP_KERNEL); if (!pn->ctl_table) return -ENOMEM; pn->ctl_table[0].data = &in->timeout; #endif return 0; } static int icmp_kmemdup_compat_sysctl_table(struct nf_proto_net *pn, struct nf_icmp_net *in) { #ifdef CONFIG_SYSCTL #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT pn->ctl_compat_table = kmemdup(icmp_compat_sysctl_table, sizeof(icmp_compat_sysctl_table), GFP_KERNEL); if (!pn->ctl_compat_table) { kfree(pn->ctl_table); pn->ctl_table = NULL; if (!pn->ctl_compat_table) return -ENOMEM; } pn->ctl_compat_table[0].data = &in->timeout; #endif #endif return 0; } static int icmp_init_net(struct net *net, u_int16_t proto) { int ret; struct nf_icmp_net *in = icmp_pernet(net); struct nf_proto_net *pn = &in->pn; in->timeout = nf_ct_icmp_timeout; ret = icmp_kmemdup_compat_sysctl_table(pn, in); if (ret < 0) return ret; ret = icmp_kmemdup_sysctl_table(pn, in); if (ret < 0) nf_ct_kfree_compat_sysctl_table(pn); return ret; } static struct nf_proto_net *icmp_get_net_proto(struct net *net) { return &net->ct.nf_ct_proto.icmp.pn; } struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly = { .l3proto = PF_INET, Loading Loading @@ -395,4 +423,5 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly = }, #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ .init_net = icmp_init_net, .get_net_proto = icmp_get_net_proto, }; net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +19 −4 Original line number Diff line number Diff line Loading @@ -333,22 +333,36 @@ static struct ctl_table icmpv6_sysctl_table[] = { }; #endif /* CONFIG_SYSCTL */ static int icmpv6_init_net(struct net *net) static int icmpv6_kmemdup_sysctl_table(struct nf_proto_net *pn, struct nf_icmp_net *in) { struct nf_icmp_net *in = icmpv6_pernet(net); struct nf_proto_net *pn = (struct nf_proto_net *)in; in->timeout = nf_ct_icmpv6_timeout; #ifdef CONFIG_SYSCTL pn->ctl_table = kmemdup(icmpv6_sysctl_table, sizeof(icmpv6_sysctl_table), GFP_KERNEL); if (!pn->ctl_table) return -ENOMEM; pn->ctl_table[0].data = &in->timeout; #endif return 0; } static int icmpv6_init_net(struct net *net, u_int16_t proto) { struct nf_icmp_net *in = icmpv6_pernet(net); struct nf_proto_net *pn = &in->pn; in->timeout = nf_ct_icmpv6_timeout; return icmpv6_kmemdup_sysctl_table(pn, in); } static struct nf_proto_net *icmpv6_get_net_proto(struct net *net) { return &net->ct.nf_ct_proto.icmpv6.pn; } struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly = { .l3proto = PF_INET6, Loading Loading @@ -377,4 +391,5 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly = }, #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ .init_net = icmpv6_init_net, .get_net_proto = icmpv6_get_net_proto, }; Loading
include/linux/netfilter/nfnetlink_conntrack.h +38 −0 Original line number Diff line number Diff line Loading @@ -7,6 +7,8 @@ enum cntl_msg_types { IPCTNL_MSG_CT_GET, IPCTNL_MSG_CT_DELETE, IPCTNL_MSG_CT_GET_CTRZERO, IPCTNL_MSG_CT_GET_STATS_CPU, IPCTNL_MSG_CT_GET_STATS, IPCTNL_MSG_MAX }; Loading @@ -15,6 +17,7 @@ enum ctnl_exp_msg_types { IPCTNL_MSG_EXP_NEW, IPCTNL_MSG_EXP_GET, IPCTNL_MSG_EXP_DELETE, IPCTNL_MSG_EXP_GET_STATS_CPU, IPCTNL_MSG_EXP_MAX }; Loading Loading @@ -203,4 +206,39 @@ enum ctattr_secctx { }; #define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1) enum ctattr_stats_cpu { CTA_STATS_UNSPEC, CTA_STATS_SEARCHED, CTA_STATS_FOUND, CTA_STATS_NEW, CTA_STATS_INVALID, CTA_STATS_IGNORE, CTA_STATS_DELETE, CTA_STATS_DELETE_LIST, CTA_STATS_INSERT, CTA_STATS_INSERT_FAILED, CTA_STATS_DROP, CTA_STATS_EARLY_DROP, CTA_STATS_ERROR, CTA_STATS_SEARCH_RESTART, __CTA_STATS_MAX, }; #define CTA_STATS_MAX (__CTA_STATS_MAX - 1) enum ctattr_stats_global { CTA_STATS_GLOBAL_UNSPEC, CTA_STATS_GLOBAL_ENTRIES, __CTA_STATS_GLOBAL_MAX, }; #define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1) enum ctattr_expect_stats { CTA_STATS_EXP_UNSPEC, CTA_STATS_EXP_NEW, CTA_STATS_EXP_CREATE, CTA_STATS_EXP_DELETE, __CTA_STATS_EXP_MAX, }; #define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1) #endif /* _IPCONNTRACK_NETLINK_H */
include/linux/netfilter/nfnetlink_queue.h +1 −0 Original line number Diff line number Diff line Loading @@ -95,5 +95,6 @@ enum nfqnl_attr_config { /* Flags for NFQA_CFG_FLAGS */ #define NFQA_CFG_F_FAIL_OPEN (1 << 0) #define NFQA_CFG_F_CONNTRACK (1 << 1) #define NFQA_CFG_F_MAX (1 << 2) #endif /* _NFNETLINK_QUEUE_H */
include/net/netfilter/nf_conntrack_l4proto.h +12 −1 Original line number Diff line number Diff line Loading @@ -97,7 +97,10 @@ struct nf_conntrack_l4proto { #endif int *net_id; /* Init l4proto pernet data */ int (*init_net)(struct net *net); int (*init_net)(struct net *net, u_int16_t proto); /* Return the per-net protocol part. */ struct nf_proto_net *(*get_net_proto)(struct net *net); /* Protocol name */ const char *name; Loading @@ -124,6 +127,14 @@ extern int nf_conntrack_l4proto_register(struct net *net, extern void nf_conntrack_l4proto_unregister(struct net *net, struct nf_conntrack_l4proto *proto); static inline void nf_ct_kfree_compat_sysctl_table(struct nf_proto_net *pn) { #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) kfree(pn->ctl_compat_table); pn->ctl_compat_table = NULL; #endif } /* Generic netlink helpers */ extern int nf_ct_port_tuple_to_nlattr(struct sk_buff *skb, const struct nf_conntrack_tuple *tuple); Loading
net/ipv4/netfilter/nf_conntrack_proto_icmp.c +38 −9 Original line number Diff line number Diff line Loading @@ -337,34 +337,62 @@ static struct ctl_table icmp_compat_sysctl_table[] = { #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ #endif /* CONFIG_SYSCTL */ static int icmp_init_net(struct net *net) static int icmp_kmemdup_sysctl_table(struct nf_proto_net *pn, struct nf_icmp_net *in) { struct nf_icmp_net *in = icmp_pernet(net); struct nf_proto_net *pn = (struct nf_proto_net *)in; in->timeout = nf_ct_icmp_timeout; #ifdef CONFIG_SYSCTL pn->ctl_table = kmemdup(icmp_sysctl_table, sizeof(icmp_sysctl_table), GFP_KERNEL); if (!pn->ctl_table) return -ENOMEM; pn->ctl_table[0].data = &in->timeout; #endif return 0; } static int icmp_kmemdup_compat_sysctl_table(struct nf_proto_net *pn, struct nf_icmp_net *in) { #ifdef CONFIG_SYSCTL #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT pn->ctl_compat_table = kmemdup(icmp_compat_sysctl_table, sizeof(icmp_compat_sysctl_table), GFP_KERNEL); if (!pn->ctl_compat_table) { kfree(pn->ctl_table); pn->ctl_table = NULL; if (!pn->ctl_compat_table) return -ENOMEM; } pn->ctl_compat_table[0].data = &in->timeout; #endif #endif return 0; } static int icmp_init_net(struct net *net, u_int16_t proto) { int ret; struct nf_icmp_net *in = icmp_pernet(net); struct nf_proto_net *pn = &in->pn; in->timeout = nf_ct_icmp_timeout; ret = icmp_kmemdup_compat_sysctl_table(pn, in); if (ret < 0) return ret; ret = icmp_kmemdup_sysctl_table(pn, in); if (ret < 0) nf_ct_kfree_compat_sysctl_table(pn); return ret; } static struct nf_proto_net *icmp_get_net_proto(struct net *net) { return &net->ct.nf_ct_proto.icmp.pn; } struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly = { .l3proto = PF_INET, Loading Loading @@ -395,4 +423,5 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly = }, #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ .init_net = icmp_init_net, .get_net_proto = icmp_get_net_proto, };
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +19 −4 Original line number Diff line number Diff line Loading @@ -333,22 +333,36 @@ static struct ctl_table icmpv6_sysctl_table[] = { }; #endif /* CONFIG_SYSCTL */ static int icmpv6_init_net(struct net *net) static int icmpv6_kmemdup_sysctl_table(struct nf_proto_net *pn, struct nf_icmp_net *in) { struct nf_icmp_net *in = icmpv6_pernet(net); struct nf_proto_net *pn = (struct nf_proto_net *)in; in->timeout = nf_ct_icmpv6_timeout; #ifdef CONFIG_SYSCTL pn->ctl_table = kmemdup(icmpv6_sysctl_table, sizeof(icmpv6_sysctl_table), GFP_KERNEL); if (!pn->ctl_table) return -ENOMEM; pn->ctl_table[0].data = &in->timeout; #endif return 0; } static int icmpv6_init_net(struct net *net, u_int16_t proto) { struct nf_icmp_net *in = icmpv6_pernet(net); struct nf_proto_net *pn = &in->pn; in->timeout = nf_ct_icmpv6_timeout; return icmpv6_kmemdup_sysctl_table(pn, in); } static struct nf_proto_net *icmpv6_get_net_proto(struct net *net) { return &net->ct.nf_ct_proto.icmpv6.pn; } struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly = { .l3proto = PF_INET6, Loading Loading @@ -377,4 +391,5 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly = }, #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ .init_net = icmpv6_init_net, .get_net_proto = icmpv6_get_net_proto, };
