Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8264deb8 authored by Gao feng's avatar Gao feng Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_conntrack: add namespace support for cttimeout 



This patch adds namespace support for cttimeout.

Acked-by: default avatarEric W. Biederman <ebiederm@xmission.com>
Signed-off-by: default avatarGao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent e76d0af5

include/net/netfilter/nf_conntrack_l4proto.h

+2 −1
Original line number Diff line number Diff line
@@ -87,7 +87,8 @@ struct nf_conntrack_l4proto { 
#if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT)

	struct {

		size_t obj_size;

		int (*nlattr_to_obj)(struct nlattr *tb[], void *data);

		int (*nlattr_to_obj)(struct nlattr *tb[],

				     struct net *net, void *data);

		int (*obj_to_nlattr)(struct sk_buff *skb, const void *data);



		unsigned int nlattr_max;

net/ipv4/netfilter/nf_conntrack_proto_icmp.c

+4 −2
Original line number Diff line number Diff line
@@ -279,16 +279,18 @@ static int icmp_nlattr_tuple_size(void) 
#include <linux/netfilter/nfnetlink.h>

#include <linux/netfilter/nfnetlink_cttimeout.h>



static int icmp_timeout_nlattr_to_obj(struct nlattr *tb[], void *data)

static int icmp_timeout_nlattr_to_obj(struct nlattr *tb[],

				      struct net *net, void *data)

{

	unsigned int *timeout = data;

	struct nf_icmp_net *in = icmp_pernet(net);



	if (tb[CTA_TIMEOUT_ICMP_TIMEOUT]) {

		*timeout =

			ntohl(nla_get_be32(tb[CTA_TIMEOUT_ICMP_TIMEOUT])) * HZ;

	} else {

		/* Set default ICMP timeout. */

		*timeout = nf_ct_icmp_timeout;

		*timeout = in->timeout;

	}

	return 0;

}

net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c

+4 −2
Original line number Diff line number Diff line
@@ -286,16 +286,18 @@ static int icmpv6_nlattr_tuple_size(void) 
#include <linux/netfilter/nfnetlink.h>

#include <linux/netfilter/nfnetlink_cttimeout.h>



static int icmpv6_timeout_nlattr_to_obj(struct nlattr *tb[], void *data)

static int icmpv6_timeout_nlattr_to_obj(struct nlattr *tb[],

					struct net *net, void *data)

{

	unsigned int *timeout = data;

	struct nf_icmp_net *in = icmpv6_pernet(net);



	if (tb[CTA_TIMEOUT_ICMPV6_TIMEOUT]) {

		*timeout =

		    ntohl(nla_get_be32(tb[CTA_TIMEOUT_ICMPV6_TIMEOUT])) * HZ;

	} else {

		/* Set default ICMPv6 timeout. */

		*timeout = nf_ct_icmpv6_timeout;

		*timeout = in->timeout;

	}

	return 0;

}

net/netfilter/nf_conntrack_proto_dccp.c

+3 −2
Original line number Diff line number Diff line
@@ -712,9 +712,10 @@ static int dccp_nlattr_size(void) 
#include <linux/netfilter/nfnetlink.h>

#include <linux/netfilter/nfnetlink_cttimeout.h>



static int dccp_timeout_nlattr_to_obj(struct nlattr *tb[], void *data)

static int dccp_timeout_nlattr_to_obj(struct nlattr *tb[],

				      struct net *net, void *data)

{

	struct dccp_net *dn = dccp_pernet(&init_net);

	struct dccp_net *dn = dccp_pernet(net);

	unsigned int *timeouts = data;

	int i;

net/netfilter/nf_conntrack_proto_generic.c

+4 −2
Original line number Diff line number Diff line
@@ -75,16 +75,18 @@ static bool generic_new(struct nf_conn *ct, const struct sk_buff *skb, 
#include <linux/netfilter/nfnetlink.h>

#include <linux/netfilter/nfnetlink_cttimeout.h>



static int generic_timeout_nlattr_to_obj(struct nlattr *tb[], void *data)

static int generic_timeout_nlattr_to_obj(struct nlattr *tb[],

					 struct net *net, void *data)

{

	unsigned int *timeout = data;

	struct nf_generic_net *gn = generic_pernet(net);



	if (tb[CTA_TIMEOUT_GENERIC_TIMEOUT])

		*timeout =

		    ntohl(nla_get_be32(tb[CTA_TIMEOUT_GENERIC_TIMEOUT])) * HZ;

	else {

		/* Set default generic timeout. */

		*timeout = nf_ct_generic_timeout;

		*timeout = gn->timeout;

	}



	return 0;