2019-05-22 07:51:23 +00:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2012-02-28 18:13:48 +00:00
|
|
|
/*
|
|
|
|
|
* (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
* (C) 2012 by Vyatta Inc. <http://www.vyatta.com>
|
|
|
|
|
*/
|
|
|
|
|
#include <linux/init.h>
|
|
|
|
|
#include <linux/module.h>
|
|
|
|
|
#include <linux/kernel.h>
|
|
|
|
|
#include <linux/rculist.h>
|
|
|
|
|
#include <linux/rculist_nulls.h>
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
#include <linux/timer.h>
|
|
|
|
|
#include <linux/security.h>
|
|
|
|
|
#include <linux/skbuff.h>
|
|
|
|
|
#include <linux/errno.h>
|
|
|
|
|
#include <linux/netlink.h>
|
|
|
|
|
#include <linux/spinlock.h>
|
|
|
|
|
#include <linux/interrupt.h>
|
|
|
|
|
#include <linux/slab.h>
|
|
|
|
|
|
|
|
|
|
#include <linux/netfilter.h>
|
|
|
|
|
#include <net/netlink.h>
|
2021-04-01 14:11:06 +00:00
|
|
|
#include <net/netns/generic.h>
|
2012-02-28 18:13:48 +00:00
|
|
|
#include <net/sock.h>
|
|
|
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
|
|
|
#include <net/netfilter/nf_conntrack_core.h>
|
|
|
|
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
|
|
|
|
#include <net/netfilter/nf_conntrack_tuple.h>
|
2012-02-29 01:19:19 +00:00
|
|
|
#include <net/netfilter/nf_conntrack_timeout.h>
|
2012-02-28 18:13:48 +00:00
|
|
|
|
|
|
|
|
#include <linux/netfilter/nfnetlink.h>
|
|
|
|
|
#include <linux/netfilter/nfnetlink_cttimeout.h>
|
|
|
|
|
|
2021-04-01 14:11:06 +00:00
|
|
|
static unsigned int nfct_timeout_id __read_mostly;
|
|
|
|
|
|
2022-04-11 11:01:19 +00:00
|
|
|
struct ctnl_timeout {
|
|
|
|
|
struct list_head head;
|
2022-05-19 22:02:05 +00:00
|
|
|
struct list_head free_head;
|
2022-04-11 11:01:19 +00:00
|
|
|
struct rcu_head rcu_head;
|
|
|
|
|
refcount_t refcnt;
|
|
|
|
|
char name[CTNL_TIMEOUT_NAME_MAX];
|
|
|
|
|
|
2022-05-19 22:02:05 +00:00
|
|
|
/* must be at the end */
|
|
|
|
|
struct nf_ct_timeout timeout;
|
2022-04-11 11:01:19 +00:00
|
|
|
};
|
|
|
|
|
|
2021-04-01 14:11:06 +00:00
|
|
|
struct nfct_timeout_pernet {
|
|
|
|
|
struct list_head nfct_timeout_list;
|
2022-04-11 11:01:19 +00:00
|
|
|
struct list_head nfct_timeout_freelist;
|
2021-04-01 14:11:06 +00:00
|
|
|
};
|
|
|
|
|
|
2012-02-28 18:13:48 +00:00
|
|
|
MODULE_LICENSE("GPL");
|
|
|
|
|
MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
|
|
|
|
|
MODULE_DESCRIPTION("cttimeout: Extended Netfilter Connection Tracking timeout tuning");
|
|
|
|
|
|
|
|
|
|
static const struct nla_policy cttimeout_nla_policy[CTA_TIMEOUT_MAX+1] = {
|
2012-11-21 01:37:38 +00:00
|
|
|
[CTA_TIMEOUT_NAME] = { .type = NLA_NUL_STRING,
|
|
|
|
|
.len = CTNL_TIMEOUT_NAME_MAX - 1},
|
2012-02-28 18:13:48 +00:00
|
|
|
[CTA_TIMEOUT_L3PROTO] = { .type = NLA_U16 },
|
|
|
|
|
[CTA_TIMEOUT_L4PROTO] = { .type = NLA_U8 },
|
|
|
|
|
[CTA_TIMEOUT_DATA] = { .type = NLA_NESTED },
|
|
|
|
|
};
|
|
|
|
|
|
2021-04-01 14:11:06 +00:00
|
|
|
static struct nfct_timeout_pernet *nfct_timeout_pernet(struct net *net)
|
|
|
|
|
{
|
|
|
|
|
return net_generic(net, nfct_timeout_id);
|
|
|
|
|
}
|
|
|
|
|
|
2012-02-28 18:13:48 +00:00
|
|
|
static int
|
2018-06-29 05:46:50 +00:00
|
|
|
ctnl_timeout_parse_policy(void *timeout,
|
2017-08-01 10:25:01 +00:00
|
|
|
const struct nf_conntrack_l4proto *l4proto,
|
2013-09-04 18:57:48 +00:00
|
|
|
struct net *net, const struct nlattr *attr)
|
2012-02-28 18:13:48 +00:00
|
|
|
{
|
2018-03-12 23:14:42 +00:00
|
|
|
struct nlattr **tb;
|
2012-02-28 18:13:48 +00:00
|
|
|
int ret = 0;
|
|
|
|
|
|
2018-03-12 23:14:42 +00:00
|
|
|
tb = kcalloc(l4proto->ctnl_timeout.nlattr_max + 1, sizeof(*tb),
|
|
|
|
|
GFP_KERNEL);
|
2012-02-28 18:13:48 +00:00
|
|
|
|
2018-03-12 23:14:42 +00:00
|
|
|
if (!tb)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
netlink: make validation more configurable for future strictness
We currently have two levels of strict validation:
1) liberal (default)
- undefined (type >= max) & NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
- garbage at end of message accepted
2) strict (opt-in)
- NLA_UNSPEC attributes accepted
- attribute length >= expected accepted
Split out parsing strictness into four different options:
* TRAILING - check that there's no trailing data after parsing
attributes (in message or nested)
* MAXTYPE - reject attrs > max known type
* UNSPEC - reject attributes with NLA_UNSPEC policy entries
* STRICT_ATTRS - strictly validate attribute size
The default for future things should be *everything*.
The current *_strict() is a combination of TRAILING and MAXTYPE,
and is renamed to _deprecated_strict().
The current regular parsing has none of this, and is renamed to
*_parse_deprecated().
Additionally it allows us to selectively set one of the new flags
even on old policies. Notably, the UNSPEC flag could be useful in
this case, since it can be arranged (by filling in the policy) to
not be an incompatible userspace ABI change, but would then going
forward prevent forgetting attribute entries. Similar can apply
to the POLICY flag.
We end up with the following renames:
* nla_parse -> nla_parse_deprecated
* nla_parse_strict -> nla_parse_deprecated_strict
* nlmsg_parse -> nlmsg_parse_deprecated
* nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
* nla_parse_nested -> nla_parse_nested_deprecated
* nla_validate_nested -> nla_validate_nested_deprecated
Using spatch, of course:
@@
expression TB, MAX, HEAD, LEN, POL, EXT;
@@
-nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
+nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression NLH, HDRLEN, TB, MAX, POL, EXT;
@@
-nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
+nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
@@
expression TB, MAX, NLA, POL, EXT;
@@
-nla_parse_nested(TB, MAX, NLA, POL, EXT)
+nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
@@
expression START, MAX, POL, EXT;
@@
-nla_validate_nested(START, MAX, POL, EXT)
+nla_validate_nested_deprecated(START, MAX, POL, EXT)
@@
expression NLH, HDRLEN, MAX, POL, EXT;
@@
-nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
+nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
For this patch, don't actually add the strict, non-renamed versions
yet so that it breaks compile if I get it wrong.
Also, while at it, make nla_validate and nla_parse go down to a
common __nla_validate_parse() function to avoid code duplication.
Ultimately, this allows us to have very strict validation for every
new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
next patch, while existing things will continue to work as is.
In effect then, this adds fully strict validation for any new command.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-26 12:07:28 +00:00
|
|
|
ret = nla_parse_nested_deprecated(tb,
|
|
|
|
|
l4proto->ctnl_timeout.nlattr_max,
|
|
|
|
|
attr,
|
|
|
|
|
l4proto->ctnl_timeout.nla_policy,
|
|
|
|
|
NULL);
|
2018-03-12 23:14:42 +00:00
|
|
|
if (ret < 0)
|
|
|
|
|
goto err;
|
|
|
|
|
|
2018-06-29 05:46:50 +00:00
|
|
|
ret = l4proto->ctnl_timeout.nlattr_to_obj(tb, net, timeout);
|
2018-03-12 23:14:42 +00:00
|
|
|
|
|
|
|
|
err:
|
|
|
|
|
kfree(tb);
|
2012-02-28 18:13:48 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
static int cttimeout_new_timeout(struct sk_buff *skb,
|
|
|
|
|
const struct nfnl_info *info,
|
|
|
|
|
const struct nlattr * const cda[])
|
2012-02-28 18:13:48 +00:00
|
|
|
{
|
2021-04-22 22:17:09 +00:00
|
|
|
struct nfct_timeout_pernet *pernet = nfct_timeout_pernet(info->net);
|
2012-02-28 18:13:48 +00:00
|
|
|
__u16 l3num;
|
|
|
|
|
__u8 l4num;
|
2017-08-11 22:57:08 +00:00
|
|
|
const struct nf_conntrack_l4proto *l4proto;
|
2012-02-28 18:13:48 +00:00
|
|
|
struct ctnl_timeout *timeout, *matching = NULL;
|
|
|
|
|
char *name;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
if (!cda[CTA_TIMEOUT_NAME] ||
|
|
|
|
|
!cda[CTA_TIMEOUT_L3PROTO] ||
|
|
|
|
|
!cda[CTA_TIMEOUT_L4PROTO] ||
|
|
|
|
|
!cda[CTA_TIMEOUT_DATA])
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
name = nla_data(cda[CTA_TIMEOUT_NAME]);
|
|
|
|
|
l3num = ntohs(nla_get_be16(cda[CTA_TIMEOUT_L3PROTO]));
|
|
|
|
|
l4num = nla_get_u8(cda[CTA_TIMEOUT_L4PROTO]);
|
|
|
|
|
|
2021-04-01 14:11:06 +00:00
|
|
|
list_for_each_entry(timeout, &pernet->nfct_timeout_list, head) {
|
2012-02-28 18:13:48 +00:00
|
|
|
if (strncmp(timeout->name, name, CTNL_TIMEOUT_NAME_MAX) != 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
if (info->nlh->nlmsg_flags & NLM_F_EXCL)
|
2012-02-28 18:13:48 +00:00
|
|
|
return -EEXIST;
|
|
|
|
|
|
|
|
|
|
matching = timeout;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (matching) {
|
2021-04-22 22:17:09 +00:00
|
|
|
if (info->nlh->nlmsg_flags & NLM_F_REPLACE) {
|
2012-02-28 18:13:48 +00:00
|
|
|
/* You cannot replace one timeout policy by another of
|
|
|
|
|
* different kind, sorry.
|
|
|
|
|
*/
|
2018-08-07 15:14:15 +00:00
|
|
|
if (matching->timeout.l3num != l3num ||
|
|
|
|
|
matching->timeout.l4proto->l4proto != l4num)
|
2016-08-22 13:58:17 +00:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2018-08-07 15:14:15 +00:00
|
|
|
return ctnl_timeout_parse_policy(&matching->timeout.data,
|
|
|
|
|
matching->timeout.l4proto,
|
2021-04-22 22:17:09 +00:00
|
|
|
info->net,
|
|
|
|
|
cda[CTA_TIMEOUT_DATA]);
|
2012-02-28 18:13:48 +00:00
|
|
|
}
|
2016-08-22 13:58:17 +00:00
|
|
|
|
|
|
|
|
return -EBUSY;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-15 21:03:47 +00:00
|
|
|
l4proto = nf_ct_l4proto_find(l4num);
|
2016-08-22 13:58:17 +00:00
|
|
|
|
|
|
|
|
/* This protocol is not supportted, skip. */
|
|
|
|
|
if (l4proto->l4proto != l4num) {
|
|
|
|
|
ret = -EOPNOTSUPP;
|
2012-03-22 22:40:01 +00:00
|
|
|
goto err_proto_put;
|
2012-02-28 18:13:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
timeout = kzalloc(sizeof(struct ctnl_timeout) +
|
|
|
|
|
l4proto->ctnl_timeout.obj_size, GFP_KERNEL);
|
2012-03-22 22:40:01 +00:00
|
|
|
if (timeout == NULL) {
|
|
|
|
|
ret = -ENOMEM;
|
|
|
|
|
goto err_proto_put;
|
|
|
|
|
}
|
2012-02-28 18:13:48 +00:00
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
ret = ctnl_timeout_parse_policy(&timeout->timeout.data, l4proto,
|
|
|
|
|
info->net, cda[CTA_TIMEOUT_DATA]);
|
2012-02-28 18:13:48 +00:00
|
|
|
if (ret < 0)
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
strcpy(timeout->name, nla_data(cda[CTA_TIMEOUT_NAME]));
|
2018-08-07 15:14:15 +00:00
|
|
|
timeout->timeout.l3num = l3num;
|
|
|
|
|
timeout->timeout.l4proto = l4proto;
|
2017-03-16 08:03:34 +00:00
|
|
|
refcount_set(&timeout->refcnt, 1);
|
2022-03-23 13:22:06 +00:00
|
|
|
__module_get(THIS_MODULE);
|
2021-04-01 14:11:06 +00:00
|
|
|
list_add_tail_rcu(&timeout->head, &pernet->nfct_timeout_list);
|
2012-02-28 18:13:48 +00:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
err:
|
|
|
|
|
kfree(timeout);
|
2012-03-22 22:40:01 +00:00
|
|
|
err_proto_put:
|
2012-02-28 18:13:48 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2012-09-07 20:12:54 +00:00
|
|
|
ctnl_timeout_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
|
2012-02-28 18:13:48 +00:00
|
|
|
int event, struct ctnl_timeout *timeout)
|
|
|
|
|
{
|
|
|
|
|
struct nlmsghdr *nlh;
|
2012-09-07 20:12:54 +00:00
|
|
|
unsigned int flags = portid ? NLM_F_MULTI : 0;
|
2018-08-07 15:14:15 +00:00
|
|
|
const struct nf_conntrack_l4proto *l4proto = timeout->timeout.l4proto;
|
2018-09-11 00:31:11 +00:00
|
|
|
struct nlattr *nest_parms;
|
|
|
|
|
int ret;
|
2012-02-28 18:13:48 +00:00
|
|
|
|
2017-03-28 16:57:32 +00:00
|
|
|
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event);
|
2021-03-30 14:58:37 +00:00
|
|
|
nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
|
|
|
|
|
NFNETLINK_V0, 0);
|
|
|
|
|
if (!nlh)
|
2012-02-28 18:13:48 +00:00
|
|
|
goto nlmsg_failure;
|
|
|
|
|
|
2012-04-01 22:46:00 +00:00
|
|
|
if (nla_put_string(skb, CTA_TIMEOUT_NAME, timeout->name) ||
|
2018-08-07 15:14:15 +00:00
|
|
|
nla_put_be16(skb, CTA_TIMEOUT_L3PROTO,
|
|
|
|
|
htons(timeout->timeout.l3num)) ||
|
|
|
|
|
nla_put_u8(skb, CTA_TIMEOUT_L4PROTO, l4proto->l4proto) ||
|
2012-04-01 22:46:00 +00:00
|
|
|
nla_put_be32(skb, CTA_TIMEOUT_USE,
|
2017-03-16 08:03:34 +00:00
|
|
|
htonl(refcount_read(&timeout->refcnt))))
|
2012-04-01 22:46:00 +00:00
|
|
|
goto nla_put_failure;
|
2012-02-28 18:13:48 +00:00
|
|
|
|
2019-04-26 09:13:06 +00:00
|
|
|
nest_parms = nla_nest_start(skb, CTA_TIMEOUT_DATA);
|
2018-09-11 00:31:11 +00:00
|
|
|
if (!nest_parms)
|
|
|
|
|
goto nla_put_failure;
|
2012-02-28 18:13:48 +00:00
|
|
|
|
2018-09-11 00:31:11 +00:00
|
|
|
ret = l4proto->ctnl_timeout.obj_to_nlattr(skb, &timeout->timeout.data);
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
goto nla_put_failure;
|
2012-02-28 18:13:48 +00:00
|
|
|
|
2018-09-11 00:31:11 +00:00
|
|
|
nla_nest_end(skb, nest_parms);
|
2012-03-22 22:40:01 +00:00
|
|
|
|
2012-02-28 18:13:48 +00:00
|
|
|
nlmsg_end(skb, nlh);
|
|
|
|
|
return skb->len;
|
|
|
|
|
|
|
|
|
|
nlmsg_failure:
|
|
|
|
|
nla_put_failure:
|
|
|
|
|
nlmsg_cancel(skb, nlh);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
ctnl_timeout_dump(struct sk_buff *skb, struct netlink_callback *cb)
|
|
|
|
|
{
|
2021-04-01 14:11:06 +00:00
|
|
|
struct nfct_timeout_pernet *pernet;
|
2015-12-09 13:07:40 +00:00
|
|
|
struct net *net = sock_net(skb->sk);
|
2012-02-28 18:13:48 +00:00
|
|
|
struct ctnl_timeout *cur, *last;
|
|
|
|
|
|
|
|
|
|
if (cb->args[2])
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
last = (struct ctnl_timeout *)cb->args[1];
|
|
|
|
|
if (cb->args[1])
|
|
|
|
|
cb->args[1] = 0;
|
|
|
|
|
|
|
|
|
|
rcu_read_lock();
|
2021-04-01 14:11:06 +00:00
|
|
|
pernet = nfct_timeout_pernet(net);
|
|
|
|
|
list_for_each_entry_rcu(cur, &pernet->nfct_timeout_list, head) {
|
2013-06-01 13:36:02 +00:00
|
|
|
if (last) {
|
|
|
|
|
if (cur != last)
|
|
|
|
|
continue;
|
2012-02-28 18:13:48 +00:00
|
|
|
|
2013-06-01 13:36:02 +00:00
|
|
|
last = NULL;
|
|
|
|
|
}
|
2012-09-07 20:12:54 +00:00
|
|
|
if (ctnl_timeout_fill_info(skb, NETLINK_CB(cb->skb).portid,
|
2012-02-28 18:13:48 +00:00
|
|
|
cb->nlh->nlmsg_seq,
|
|
|
|
|
NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
|
|
|
|
|
IPCTNL_MSG_TIMEOUT_NEW, cur) < 0) {
|
|
|
|
|
cb->args[1] = (unsigned long)cur;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!cb->args[1])
|
|
|
|
|
cb->args[2] = 1;
|
|
|
|
|
rcu_read_unlock();
|
|
|
|
|
return skb->len;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
static int cttimeout_get_timeout(struct sk_buff *skb,
|
|
|
|
|
const struct nfnl_info *info,
|
|
|
|
|
const struct nlattr * const cda[])
|
2012-02-28 18:13:48 +00:00
|
|
|
{
|
2021-04-22 22:17:09 +00:00
|
|
|
struct nfct_timeout_pernet *pernet = nfct_timeout_pernet(info->net);
|
2012-02-28 18:13:48 +00:00
|
|
|
int ret = -ENOENT;
|
|
|
|
|
char *name;
|
|
|
|
|
struct ctnl_timeout *cur;
|
|
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
|
2012-02-28 18:13:48 +00:00
|
|
|
struct netlink_dump_control c = {
|
|
|
|
|
.dump = ctnl_timeout_dump,
|
|
|
|
|
};
|
2021-04-22 22:17:09 +00:00
|
|
|
return netlink_dump_start(info->sk, skb, info->nlh, &c);
|
2012-02-28 18:13:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!cda[CTA_TIMEOUT_NAME])
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
name = nla_data(cda[CTA_TIMEOUT_NAME]);
|
|
|
|
|
|
2021-04-01 14:11:06 +00:00
|
|
|
list_for_each_entry(cur, &pernet->nfct_timeout_list, head) {
|
2012-02-28 18:13:48 +00:00
|
|
|
struct sk_buff *skb2;
|
|
|
|
|
|
|
|
|
|
if (strncmp(cur->name, name, CTNL_TIMEOUT_NAME_MAX) != 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
|
|
|
|
|
if (skb2 == NULL) {
|
|
|
|
|
ret = -ENOMEM;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-07 20:12:54 +00:00
|
|
|
ret = ctnl_timeout_fill_info(skb2, NETLINK_CB(skb).portid,
|
2021-04-22 22:17:09 +00:00
|
|
|
info->nlh->nlmsg_seq,
|
|
|
|
|
NFNL_MSG_TYPE(info->nlh->nlmsg_type),
|
2012-02-28 18:13:48 +00:00
|
|
|
IPCTNL_MSG_TIMEOUT_NEW, cur);
|
|
|
|
|
if (ret <= 0) {
|
|
|
|
|
kfree_skb(skb2);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-17 12:43:08 +00:00
|
|
|
ret = nfnetlink_unicast(skb2, info->net, NETLINK_CB(skb).portid);
|
|
|
|
|
break;
|
2012-02-28 18:13:48 +00:00
|
|
|
}
|
2021-05-17 12:43:08 +00:00
|
|
|
|
2012-02-28 18:13:48 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* try to delete object, fail if it is still in use. */
|
2015-12-09 13:07:40 +00:00
|
|
|
static int ctnl_timeout_try_del(struct net *net, struct ctnl_timeout *timeout)
|
2012-02-28 18:13:48 +00:00
|
|
|
{
|
|
|
|
|
int ret = 0;
|
|
|
|
|
|
2016-08-18 12:39:05 +00:00
|
|
|
/* We want to avoid races with ctnl_timeout_put. So only when the
|
|
|
|
|
* current refcnt is 1, we decrease it to 0.
|
|
|
|
|
*/
|
2017-03-16 08:03:34 +00:00
|
|
|
if (refcount_dec_if_one(&timeout->refcnt)) {
|
2012-02-28 18:13:48 +00:00
|
|
|
/* We are protected by nfnl mutex. */
|
|
|
|
|
list_del_rcu(&timeout->head);
|
2018-08-07 15:14:15 +00:00
|
|
|
nf_ct_untimeout(net, &timeout->timeout);
|
2012-02-28 18:13:48 +00:00
|
|
|
kfree_rcu(timeout, rcu_head);
|
|
|
|
|
} else {
|
|
|
|
|
ret = -EBUSY;
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
static int cttimeout_del_timeout(struct sk_buff *skb,
|
|
|
|
|
const struct nfnl_info *info,
|
|
|
|
|
const struct nlattr * const cda[])
|
2012-02-28 18:13:48 +00:00
|
|
|
{
|
2021-04-22 22:17:09 +00:00
|
|
|
struct nfct_timeout_pernet *pernet = nfct_timeout_pernet(info->net);
|
2016-08-22 13:58:16 +00:00
|
|
|
struct ctnl_timeout *cur, *tmp;
|
2012-02-28 18:13:48 +00:00
|
|
|
int ret = -ENOENT;
|
2015-12-15 17:41:56 +00:00
|
|
|
char *name;
|
2012-02-28 18:13:48 +00:00
|
|
|
|
|
|
|
|
if (!cda[CTA_TIMEOUT_NAME]) {
|
2021-04-01 14:11:06 +00:00
|
|
|
list_for_each_entry_safe(cur, tmp, &pernet->nfct_timeout_list,
|
2016-08-22 13:58:16 +00:00
|
|
|
head)
|
2021-04-22 22:17:09 +00:00
|
|
|
ctnl_timeout_try_del(info->net, cur);
|
2012-02-28 18:13:48 +00:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
name = nla_data(cda[CTA_TIMEOUT_NAME]);
|
|
|
|
|
|
2021-04-01 14:11:06 +00:00
|
|
|
list_for_each_entry(cur, &pernet->nfct_timeout_list, head) {
|
2012-02-28 18:13:48 +00:00
|
|
|
if (strncmp(cur->name, name, CTNL_TIMEOUT_NAME_MAX) != 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
ret = ctnl_timeout_try_del(info->net, cur);
|
2012-02-28 18:13:48 +00:00
|
|
|
if (ret < 0)
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
static int cttimeout_default_set(struct sk_buff *skb,
|
|
|
|
|
const struct nfnl_info *info,
|
|
|
|
|
const struct nlattr * const cda[])
|
2013-09-04 18:57:48 +00:00
|
|
|
{
|
2017-08-11 22:57:08 +00:00
|
|
|
const struct nf_conntrack_l4proto *l4proto;
|
2013-09-04 18:57:48 +00:00
|
|
|
__u8 l4num;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
if (!cda[CTA_TIMEOUT_L3PROTO] ||
|
|
|
|
|
!cda[CTA_TIMEOUT_L4PROTO] ||
|
|
|
|
|
!cda[CTA_TIMEOUT_DATA])
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
l4num = nla_get_u8(cda[CTA_TIMEOUT_L4PROTO]);
|
2019-01-15 21:03:47 +00:00
|
|
|
l4proto = nf_ct_l4proto_find(l4num);
|
2013-09-04 18:57:48 +00:00
|
|
|
|
|
|
|
|
/* This protocol is not supported, skip. */
|
|
|
|
|
if (l4proto->l4proto != l4num) {
|
|
|
|
|
ret = -EOPNOTSUPP;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
ret = ctnl_timeout_parse_policy(NULL, l4proto, info->net,
|
2013-09-04 18:57:48 +00:00
|
|
|
cda[CTA_TIMEOUT_DATA]);
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
err:
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
cttimeout_default_fill_info(struct net *net, struct sk_buff *skb, u32 portid,
|
2018-09-17 10:02:54 +00:00
|
|
|
u32 seq, u32 type, int event, u16 l3num,
|
2018-11-01 23:14:00 +00:00
|
|
|
const struct nf_conntrack_l4proto *l4proto,
|
|
|
|
|
const unsigned int *timeouts)
|
2013-09-04 18:57:48 +00:00
|
|
|
{
|
|
|
|
|
struct nlmsghdr *nlh;
|
|
|
|
|
unsigned int flags = portid ? NLM_F_MULTI : 0;
|
2018-09-11 00:31:11 +00:00
|
|
|
struct nlattr *nest_parms;
|
|
|
|
|
int ret;
|
2013-09-04 18:57:48 +00:00
|
|
|
|
2017-03-28 16:57:32 +00:00
|
|
|
event = nfnl_msg_type(NFNL_SUBSYS_CTNETLINK_TIMEOUT, event);
|
2021-03-30 14:58:37 +00:00
|
|
|
nlh = nfnl_msg_put(skb, portid, seq, event, flags, AF_UNSPEC,
|
|
|
|
|
NFNETLINK_V0, 0);
|
|
|
|
|
if (!nlh)
|
2013-09-04 18:57:48 +00:00
|
|
|
goto nlmsg_failure;
|
|
|
|
|
|
2018-09-17 10:02:54 +00:00
|
|
|
if (nla_put_be16(skb, CTA_TIMEOUT_L3PROTO, htons(l3num)) ||
|
2013-09-04 18:57:48 +00:00
|
|
|
nla_put_u8(skb, CTA_TIMEOUT_L4PROTO, l4proto->l4proto))
|
|
|
|
|
goto nla_put_failure;
|
|
|
|
|
|
2019-04-26 09:13:06 +00:00
|
|
|
nest_parms = nla_nest_start(skb, CTA_TIMEOUT_DATA);
|
2018-09-11 00:31:11 +00:00
|
|
|
if (!nest_parms)
|
|
|
|
|
goto nla_put_failure;
|
2013-09-04 18:57:48 +00:00
|
|
|
|
2018-11-01 23:14:00 +00:00
|
|
|
ret = l4proto->ctnl_timeout.obj_to_nlattr(skb, timeouts);
|
2018-09-11 00:31:11 +00:00
|
|
|
if (ret < 0)
|
|
|
|
|
goto nla_put_failure;
|
2013-09-04 18:57:48 +00:00
|
|
|
|
2018-09-11 00:31:11 +00:00
|
|
|
nla_nest_end(skb, nest_parms);
|
2013-09-04 18:57:48 +00:00
|
|
|
|
|
|
|
|
nlmsg_end(skb, nlh);
|
|
|
|
|
return skb->len;
|
|
|
|
|
|
|
|
|
|
nlmsg_failure:
|
|
|
|
|
nla_put_failure:
|
|
|
|
|
nlmsg_cancel(skb, nlh);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
static int cttimeout_default_get(struct sk_buff *skb,
|
|
|
|
|
const struct nfnl_info *info,
|
|
|
|
|
const struct nlattr * const cda[])
|
2013-09-04 18:57:48 +00:00
|
|
|
{
|
2017-08-11 22:57:08 +00:00
|
|
|
const struct nf_conntrack_l4proto *l4proto;
|
2018-11-01 23:14:00 +00:00
|
|
|
unsigned int *timeouts = NULL;
|
2013-09-04 18:57:48 +00:00
|
|
|
struct sk_buff *skb2;
|
2017-08-11 22:57:08 +00:00
|
|
|
__u16 l3num;
|
|
|
|
|
__u8 l4num;
|
2021-05-17 12:43:08 +00:00
|
|
|
int ret;
|
2013-09-04 18:57:48 +00:00
|
|
|
|
|
|
|
|
if (!cda[CTA_TIMEOUT_L3PROTO] || !cda[CTA_TIMEOUT_L4PROTO])
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
l3num = ntohs(nla_get_be16(cda[CTA_TIMEOUT_L3PROTO]));
|
|
|
|
|
l4num = nla_get_u8(cda[CTA_TIMEOUT_L4PROTO]);
|
2019-01-15 21:03:47 +00:00
|
|
|
l4proto = nf_ct_l4proto_find(l4num);
|
2013-09-04 18:57:48 +00:00
|
|
|
|
2018-11-01 23:14:00 +00:00
|
|
|
if (l4proto->l4proto != l4num)
|
2021-05-17 12:43:08 +00:00
|
|
|
return -EOPNOTSUPP;
|
2018-11-01 23:14:00 +00:00
|
|
|
|
|
|
|
|
switch (l4proto->l4proto) {
|
|
|
|
|
case IPPROTO_ICMP:
|
2021-04-22 22:17:09 +00:00
|
|
|
timeouts = &nf_icmp_pernet(info->net)->timeout;
|
2018-11-01 23:14:00 +00:00
|
|
|
break;
|
|
|
|
|
case IPPROTO_TCP:
|
2021-04-22 22:17:09 +00:00
|
|
|
timeouts = nf_tcp_pernet(info->net)->timeouts;
|
2018-11-01 23:14:00 +00:00
|
|
|
break;
|
2020-07-08 20:09:39 +00:00
|
|
|
case IPPROTO_UDP:
|
2018-11-17 10:32:29 +00:00
|
|
|
case IPPROTO_UDPLITE:
|
2021-04-22 22:17:09 +00:00
|
|
|
timeouts = nf_udp_pernet(info->net)->timeouts;
|
2018-11-01 23:14:00 +00:00
|
|
|
break;
|
|
|
|
|
case IPPROTO_DCCP:
|
|
|
|
|
#ifdef CONFIG_NF_CT_PROTO_DCCP
|
2021-04-22 22:17:09 +00:00
|
|
|
timeouts = nf_dccp_pernet(info->net)->dccp_timeout;
|
2018-11-01 23:14:00 +00:00
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case IPPROTO_ICMPV6:
|
2021-04-22 22:17:09 +00:00
|
|
|
timeouts = &nf_icmpv6_pernet(info->net)->timeout;
|
2018-11-01 23:14:00 +00:00
|
|
|
break;
|
|
|
|
|
case IPPROTO_SCTP:
|
|
|
|
|
#ifdef CONFIG_NF_CT_PROTO_SCTP
|
2021-04-22 22:17:09 +00:00
|
|
|
timeouts = nf_sctp_pernet(info->net)->timeouts;
|
2018-11-17 10:32:29 +00:00
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case IPPROTO_GRE:
|
|
|
|
|
#ifdef CONFIG_NF_CT_PROTO_GRE
|
2021-04-22 22:17:09 +00:00
|
|
|
timeouts = nf_gre_pernet(info->net)->timeouts;
|
2018-11-01 23:14:00 +00:00
|
|
|
#endif
|
|
|
|
|
break;
|
|
|
|
|
case 255:
|
2021-04-22 22:17:09 +00:00
|
|
|
timeouts = &nf_generic_pernet(info->net)->timeout;
|
2018-11-01 23:14:00 +00:00
|
|
|
break;
|
|
|
|
|
default:
|
2018-11-17 10:32:29 +00:00
|
|
|
WARN_ONCE(1, "Missing timeouts for proto %d", l4proto->l4proto);
|
2018-11-01 23:14:00 +00:00
|
|
|
break;
|
2013-09-04 18:57:48 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-01 23:14:00 +00:00
|
|
|
if (!timeouts)
|
2021-05-17 12:43:08 +00:00
|
|
|
return -EOPNOTSUPP;
|
2018-11-01 23:14:00 +00:00
|
|
|
|
2013-09-04 18:57:48 +00:00
|
|
|
skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
|
2021-05-17 12:43:08 +00:00
|
|
|
if (!skb2)
|
|
|
|
|
return -ENOMEM;
|
2013-09-04 18:57:48 +00:00
|
|
|
|
2021-04-22 22:17:09 +00:00
|
|
|
ret = cttimeout_default_fill_info(info->net, skb2,
|
|
|
|
|
NETLINK_CB(skb).portid,
|
|
|
|
|
info->nlh->nlmsg_seq,
|
|
|
|
|
NFNL_MSG_TYPE(info->nlh->nlmsg_type),
|
2013-09-04 18:57:48 +00:00
|
|
|
IPCTNL_MSG_TIMEOUT_DEFAULT_SET,
|
2018-11-01 23:14:00 +00:00
|
|
|
l3num, l4proto, timeouts);
|
2013-09-04 18:57:48 +00:00
|
|
|
if (ret <= 0) {
|
|
|
|
|
kfree_skb(skb2);
|
2021-05-17 12:43:08 +00:00
|
|
|
return -ENOMEM;
|
2013-09-04 18:57:48 +00:00
|
|
|
}
|
|
|
|
|
|
2021-05-17 12:43:08 +00:00
|
|
|
return nfnetlink_unicast(skb2, info->net, NETLINK_CB(skb).portid);
|
2013-09-04 18:57:48 +00:00
|
|
|
}
|
|
|
|
|
|
2018-09-03 11:53:22 +00:00
|
|
|
static struct nf_ct_timeout *ctnl_timeout_find_get(struct net *net,
|
|
|
|
|
const char *name)
|
2012-02-29 01:19:19 +00:00
|
|
|
{
|
2021-04-01 14:11:06 +00:00
|
|
|
struct nfct_timeout_pernet *pernet = nfct_timeout_pernet(net);
|
2012-02-29 01:19:19 +00:00
|
|
|
struct ctnl_timeout *timeout, *matching = NULL;
|
|
|
|
|
|
2021-04-01 14:11:06 +00:00
|
|
|
list_for_each_entry_rcu(timeout, &pernet->nfct_timeout_list, head) {
|
2012-02-29 01:19:19 +00:00
|
|
|
if (strncmp(timeout->name, name, CTNL_TIMEOUT_NAME_MAX) != 0)
|
|
|
|
|
continue;
|
|
|
|
|
|
2022-03-23 13:22:06 +00:00
|
|
|
if (!refcount_inc_not_zero(&timeout->refcnt))
|
2012-02-29 01:19:19 +00:00
|
|
|
goto err;
|
|
|
|
|
matching = timeout;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
err:
|
2018-09-03 11:53:22 +00:00
|
|
|
return matching ? &matching->timeout : NULL;
|
2012-02-29 01:19:19 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-07 15:14:15 +00:00
|
|
|
static void ctnl_timeout_put(struct nf_ct_timeout *t)
|
2012-02-29 01:19:19 +00:00
|
|
|
{
|
2018-08-07 15:14:15 +00:00
|
|
|
struct ctnl_timeout *timeout =
|
|
|
|
|
container_of(t, struct ctnl_timeout, timeout);
|
|
|
|
|
|
2022-03-23 13:22:06 +00:00
|
|
|
if (refcount_dec_and_test(&timeout->refcnt)) {
|
2016-08-18 12:39:05 +00:00
|
|
|
kfree_rcu(timeout, rcu_head);
|
2022-03-23 13:22:06 +00:00
|
|
|
module_put(THIS_MODULE);
|
|
|
|
|
}
|
2012-02-29 01:19:19 +00:00
|
|
|
}
|
|
|
|
|
|
2012-02-28 18:13:48 +00:00
|
|
|
static const struct nfnl_callback cttimeout_cb[IPCTNL_MSG_TIMEOUT_MAX] = {
|
2021-04-22 22:17:12 +00:00
|
|
|
[IPCTNL_MSG_TIMEOUT_NEW] = {
|
|
|
|
|
.call = cttimeout_new_timeout,
|
|
|
|
|
.type = NFNL_CB_MUTEX,
|
|
|
|
|
.attr_count = CTA_TIMEOUT_MAX,
|
|
|
|
|
.policy = cttimeout_nla_policy
|
|
|
|
|
},
|
|
|
|
|
[IPCTNL_MSG_TIMEOUT_GET] = {
|
|
|
|
|
.call = cttimeout_get_timeout,
|
|
|
|
|
.type = NFNL_CB_MUTEX,
|
|
|
|
|
.attr_count = CTA_TIMEOUT_MAX,
|
|
|
|
|
.policy = cttimeout_nla_policy
|
|
|
|
|
},
|
|
|
|
|
[IPCTNL_MSG_TIMEOUT_DELETE] = {
|
|
|
|
|
.call = cttimeout_del_timeout,
|
|
|
|
|
.type = NFNL_CB_MUTEX,
|
|
|
|
|
.attr_count = CTA_TIMEOUT_MAX,
|
|
|
|
|
.policy = cttimeout_nla_policy
|
|
|
|
|
},
|
|
|
|
|
[IPCTNL_MSG_TIMEOUT_DEFAULT_SET] = {
|
|
|
|
|
.call = cttimeout_default_set,
|
|
|
|
|
.type = NFNL_CB_MUTEX,
|
|
|
|
|
.attr_count = CTA_TIMEOUT_MAX,
|
|
|
|
|
.policy = cttimeout_nla_policy
|
|
|
|
|
},
|
|
|
|
|
[IPCTNL_MSG_TIMEOUT_DEFAULT_GET] = {
|
|
|
|
|
.call = cttimeout_default_get,
|
|
|
|
|
.type = NFNL_CB_MUTEX,
|
|
|
|
|
.attr_count = CTA_TIMEOUT_MAX,
|
|
|
|
|
.policy = cttimeout_nla_policy
|
|
|
|
|
},
|
2012-02-28 18:13:48 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const struct nfnetlink_subsystem cttimeout_subsys = {
|
|
|
|
|
.name = "conntrack_timeout",
|
|
|
|
|
.subsys_id = NFNL_SUBSYS_CTNETLINK_TIMEOUT,
|
|
|
|
|
.cb_count = IPCTNL_MSG_TIMEOUT_MAX,
|
|
|
|
|
.cb = cttimeout_cb,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK_TIMEOUT);
|
|
|
|
|
|
2015-12-09 13:07:40 +00:00
|
|
|
static int __net_init cttimeout_net_init(struct net *net)
|
|
|
|
|
{
|
2021-04-01 14:11:06 +00:00
|
|
|
struct nfct_timeout_pernet *pernet = nfct_timeout_pernet(net);
|
|
|
|
|
|
|
|
|
|
INIT_LIST_HEAD(&pernet->nfct_timeout_list);
|
2022-04-11 11:01:19 +00:00
|
|
|
INIT_LIST_HEAD(&pernet->nfct_timeout_freelist);
|
2015-12-09 13:07:40 +00:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-11 11:01:19 +00:00
|
|
|
static void __net_exit cttimeout_net_pre_exit(struct net *net)
|
|
|
|
|
{
|
|
|
|
|
struct nfct_timeout_pernet *pernet = nfct_timeout_pernet(net);
|
|
|
|
|
struct ctnl_timeout *cur, *tmp;
|
|
|
|
|
|
|
|
|
|
list_for_each_entry_safe(cur, tmp, &pernet->nfct_timeout_list, head) {
|
|
|
|
|
list_del_rcu(&cur->head);
|
|
|
|
|
list_add(&cur->free_head, &pernet->nfct_timeout_freelist);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* core calls synchronize_rcu() after this */
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-09 13:07:40 +00:00
|
|
|
static void __net_exit cttimeout_net_exit(struct net *net)
|
|
|
|
|
{
|
2021-04-01 14:11:06 +00:00
|
|
|
struct nfct_timeout_pernet *pernet = nfct_timeout_pernet(net);
|
2015-12-09 13:07:40 +00:00
|
|
|
struct ctnl_timeout *cur, *tmp;
|
|
|
|
|
|
2022-04-11 11:01:20 +00:00
|
|
|
if (list_empty(&pernet->nfct_timeout_freelist))
|
|
|
|
|
return;
|
|
|
|
|
|
2018-08-07 15:14:10 +00:00
|
|
|
nf_ct_untimeout(net, NULL);
|
2015-12-09 13:07:40 +00:00
|
|
|
|
2022-06-15 13:36:54 +00:00
|
|
|
list_for_each_entry_safe(cur, tmp, &pernet->nfct_timeout_freelist, free_head) {
|
2022-04-11 11:01:19 +00:00
|
|
|
list_del(&cur->free_head);
|
2016-08-18 12:39:05 +00:00
|
|
|
|
2017-03-16 08:03:34 +00:00
|
|
|
if (refcount_dec_and_test(&cur->refcnt))
|
2016-08-18 12:39:05 +00:00
|
|
|
kfree_rcu(cur, rcu_head);
|
2015-12-09 13:07:40 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct pernet_operations cttimeout_ops = {
|
|
|
|
|
.init = cttimeout_net_init,
|
2022-04-11 11:01:19 +00:00
|
|
|
.pre_exit = cttimeout_net_pre_exit,
|
2015-12-09 13:07:40 +00:00
|
|
|
.exit = cttimeout_net_exit,
|
2021-04-01 14:11:06 +00:00
|
|
|
.id = &nfct_timeout_id,
|
|
|
|
|
.size = sizeof(struct nfct_timeout_pernet),
|
2015-12-09 13:07:40 +00:00
|
|
|
};
|
|
|
|
|
|
2022-02-08 11:29:47 +00:00
|
|
|
static const struct nf_ct_timeout_hooks hooks = {
|
|
|
|
|
.timeout_find_get = ctnl_timeout_find_get,
|
|
|
|
|
.timeout_put = ctnl_timeout_put,
|
|
|
|
|
};
|
|
|
|
|
|
2012-02-28 18:13:48 +00:00
|
|
|
static int __init cttimeout_init(void)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
2015-12-09 13:07:40 +00:00
|
|
|
ret = register_pernet_subsys(&cttimeout_ops);
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
return ret;
|
|
|
|
|
|
2012-02-28 18:13:48 +00:00
|
|
|
ret = nfnetlink_subsys_register(&cttimeout_subsys);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
pr_err("cttimeout_init: cannot register cttimeout with "
|
|
|
|
|
"nfnetlink.\n");
|
|
|
|
|
goto err_out;
|
|
|
|
|
}
|
2022-02-08 11:29:47 +00:00
|
|
|
RCU_INIT_POINTER(nf_ct_timeout_hook, &hooks);
|
2012-02-28 18:13:48 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
err_out:
|
2015-12-09 13:07:40 +00:00
|
|
|
unregister_pernet_subsys(&cttimeout_ops);
|
2012-02-28 18:13:48 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-11 11:01:22 +00:00
|
|
|
static int untimeout(struct nf_conn *ct, void *timeout)
|
|
|
|
|
{
|
|
|
|
|
struct nf_conn_timeout *timeout_ext = nf_ct_timeout_find(ct);
|
|
|
|
|
|
|
|
|
|
if (timeout_ext)
|
|
|
|
|
RCU_INIT_POINTER(timeout_ext->timeout, NULL);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-02-28 18:13:48 +00:00
|
|
|
static void __exit cttimeout_exit(void)
|
|
|
|
|
{
|
|
|
|
|
nfnetlink_subsys_unregister(&cttimeout_subsys);
|
2015-10-05 14:51:01 +00:00
|
|
|
|
2015-12-09 13:07:40 +00:00
|
|
|
unregister_pernet_subsys(&cttimeout_ops);
|
2022-02-08 11:29:47 +00:00
|
|
|
RCU_INIT_POINTER(nf_ct_timeout_hook, NULL);
|
2022-04-11 11:01:22 +00:00
|
|
|
|
|
|
|
|
nf_ct_iterate_destroy(untimeout, NULL);
|
2012-02-28 18:13:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module_init(cttimeout_init);
|
|
|
|
|
module_exit(cttimeout_exit);
|