mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-28 13:22:57 +00:00
netfilter: conntrack: remove extension register api
These no longer register/unregister a meaningful structure so remove it. Cc: Paul Blakey <paulb@nvidia.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
1bc91a5ddf
commit
1015c3de23
19 changed files with 7 additions and 292 deletions
|
@ -78,7 +78,6 @@ static inline void nf_ct_acct_update(struct nf_conn *ct, u32 dir,
|
||||||
|
|
||||||
void nf_conntrack_acct_pernet_init(struct net *net);
|
void nf_conntrack_acct_pernet_init(struct net *net);
|
||||||
|
|
||||||
int nf_conntrack_acct_init(void);
|
|
||||||
void nf_conntrack_acct_fini(void);
|
void nf_conntrack_acct_fini(void);
|
||||||
|
|
||||||
#endif /* _NF_CONNTRACK_ACCT_H */
|
#endif /* _NF_CONNTRACK_ACCT_H */
|
||||||
|
|
|
@ -166,9 +166,6 @@ void nf_conntrack_ecache_work(struct net *net, enum nf_ct_ecache_state state);
|
||||||
void nf_conntrack_ecache_pernet_init(struct net *net);
|
void nf_conntrack_ecache_pernet_init(struct net *net);
|
||||||
void nf_conntrack_ecache_pernet_fini(struct net *net);
|
void nf_conntrack_ecache_pernet_fini(struct net *net);
|
||||||
|
|
||||||
int nf_conntrack_ecache_init(void);
|
|
||||||
void nf_conntrack_ecache_fini(void);
|
|
||||||
|
|
||||||
static inline bool nf_conntrack_ecache_dwork_pending(const struct net *net)
|
static inline bool nf_conntrack_ecache_dwork_pending(const struct net *net)
|
||||||
{
|
{
|
||||||
return net->ct.ecache_dwork_pending;
|
return net->ct.ecache_dwork_pending;
|
||||||
|
@ -194,16 +191,6 @@ static inline void nf_conntrack_ecache_pernet_init(struct net *net)
|
||||||
static inline void nf_conntrack_ecache_pernet_fini(struct net *net)
|
static inline void nf_conntrack_ecache_pernet_fini(struct net *net)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int nf_conntrack_ecache_init(void)
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline void nf_conntrack_ecache_fini(void)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline bool nf_conntrack_ecache_dwork_pending(const struct net *net) { return false; }
|
static inline bool nf_conntrack_ecache_dwork_pending(const struct net *net) { return false; }
|
||||||
#endif /* CONFIG_NF_CONNTRACK_EVENTS */
|
#endif /* CONFIG_NF_CONNTRACK_EVENTS */
|
||||||
#endif /*_NF_CONNTRACK_ECACHE_H*/
|
#endif /*_NF_CONNTRACK_ECACHE_H*/
|
||||||
|
|
|
@ -72,16 +72,7 @@ static inline void *__nf_ct_ext_find(const struct nf_conn *ct, u8 id)
|
||||||
#define nf_ct_ext_find(ext, id) \
|
#define nf_ct_ext_find(ext, id) \
|
||||||
((id##_TYPE *)__nf_ct_ext_find((ext), (id)))
|
((id##_TYPE *)__nf_ct_ext_find((ext), (id)))
|
||||||
|
|
||||||
/* Destroy all relationships */
|
|
||||||
void nf_ct_ext_destroy(struct nf_conn *ct);
|
|
||||||
|
|
||||||
/* Add this type, returns pointer to data or NULL. */
|
/* Add this type, returns pointer to data or NULL. */
|
||||||
void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp);
|
void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp);
|
||||||
|
|
||||||
struct nf_ct_ext_type {
|
|
||||||
enum nf_ct_ext_id id;
|
|
||||||
};
|
|
||||||
|
|
||||||
int nf_ct_extend_register(const struct nf_ct_ext_type *type);
|
|
||||||
void nf_ct_extend_unregister(const struct nf_ct_ext_type *type);
|
|
||||||
#endif /* _NF_CONNTRACK_EXTEND_H */
|
#endif /* _NF_CONNTRACK_EXTEND_H */
|
||||||
|
|
|
@ -45,12 +45,9 @@ int nf_connlabels_replace(struct nf_conn *ct,
|
||||||
|
|
||||||
#ifdef CONFIG_NF_CONNTRACK_LABELS
|
#ifdef CONFIG_NF_CONNTRACK_LABELS
|
||||||
int nf_conntrack_labels_init(void);
|
int nf_conntrack_labels_init(void);
|
||||||
void nf_conntrack_labels_fini(void);
|
|
||||||
int nf_connlabels_get(struct net *net, unsigned int bit);
|
int nf_connlabels_get(struct net *net, unsigned int bit);
|
||||||
void nf_connlabels_put(struct net *net);
|
void nf_connlabels_put(struct net *net);
|
||||||
#else
|
#else
|
||||||
static inline int nf_conntrack_labels_init(void) { return 0; }
|
|
||||||
static inline void nf_conntrack_labels_fini(void) {}
|
|
||||||
static inline int nf_connlabels_get(struct net *net, unsigned int bit) { return 0; }
|
static inline int nf_connlabels_get(struct net *net, unsigned int bit) { return 0; }
|
||||||
static inline void nf_connlabels_put(struct net *net) {}
|
static inline void nf_connlabels_put(struct net *net) {}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -42,7 +42,4 @@ int nf_ct_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
|
||||||
enum ip_conntrack_info ctinfo, unsigned int protoff);
|
enum ip_conntrack_info ctinfo, unsigned int protoff);
|
||||||
s32 nf_ct_seq_offset(const struct nf_conn *ct, enum ip_conntrack_dir, u32 seq);
|
s32 nf_ct_seq_offset(const struct nf_conn *ct, enum ip_conntrack_dir, u32 seq);
|
||||||
|
|
||||||
int nf_conntrack_seqadj_init(void);
|
|
||||||
void nf_conntrack_seqadj_fini(void);
|
|
||||||
|
|
||||||
#endif /* _NF_CONNTRACK_SEQADJ_H */
|
#endif /* _NF_CONNTRACK_SEQADJ_H */
|
||||||
|
|
|
@ -89,23 +89,11 @@ static inline unsigned int *nf_ct_timeout_lookup(const struct nf_conn *ct)
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
|
#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
|
||||||
int nf_conntrack_timeout_init(void);
|
|
||||||
void nf_conntrack_timeout_fini(void);
|
|
||||||
void nf_ct_untimeout(struct net *net, struct nf_ct_timeout *timeout);
|
void nf_ct_untimeout(struct net *net, struct nf_ct_timeout *timeout);
|
||||||
int nf_ct_set_timeout(struct net *net, struct nf_conn *ct, u8 l3num, u8 l4num,
|
int nf_ct_set_timeout(struct net *net, struct nf_conn *ct, u8 l3num, u8 l4num,
|
||||||
const char *timeout_name);
|
const char *timeout_name);
|
||||||
void nf_ct_destroy_timeout(struct nf_conn *ct);
|
void nf_ct_destroy_timeout(struct nf_conn *ct);
|
||||||
#else
|
#else
|
||||||
static inline int nf_conntrack_timeout_init(void)
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline void nf_conntrack_timeout_fini(void)
|
|
||||||
{
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline int nf_ct_set_timeout(struct net *net, struct nf_conn *ct,
|
static inline int nf_ct_set_timeout(struct net *net, struct nf_conn *ct,
|
||||||
u8 l3num, u8 l4num,
|
u8 l3num, u8 l4num,
|
||||||
const char *timeout_name)
|
const char *timeout_name)
|
||||||
|
|
|
@ -40,21 +40,8 @@ struct nf_conn_tstamp *nf_ct_tstamp_ext_add(struct nf_conn *ct, gfp_t gfp)
|
||||||
|
|
||||||
#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
|
#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
|
||||||
void nf_conntrack_tstamp_pernet_init(struct net *net);
|
void nf_conntrack_tstamp_pernet_init(struct net *net);
|
||||||
|
|
||||||
int nf_conntrack_tstamp_init(void);
|
|
||||||
void nf_conntrack_tstamp_fini(void);
|
|
||||||
#else
|
#else
|
||||||
static inline void nf_conntrack_tstamp_pernet_init(struct net *net) {}
|
static inline void nf_conntrack_tstamp_pernet_init(struct net *net) {}
|
||||||
|
|
||||||
static inline int nf_conntrack_tstamp_init(void)
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline void nf_conntrack_tstamp_fini(void)
|
|
||||||
{
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_NF_CONNTRACK_TIMESTAMP */
|
#endif /* CONFIG_NF_CONNTRACK_TIMESTAMP */
|
||||||
|
|
||||||
#endif /* _NF_CONNTRACK_TSTAMP_H */
|
#endif /* _NF_CONNTRACK_TSTAMP_H */
|
||||||
|
|
|
@ -22,24 +22,7 @@ static bool nf_ct_acct __read_mostly;
|
||||||
module_param_named(acct, nf_ct_acct, bool, 0644);
|
module_param_named(acct, nf_ct_acct, bool, 0644);
|
||||||
MODULE_PARM_DESC(acct, "Enable connection tracking flow accounting.");
|
MODULE_PARM_DESC(acct, "Enable connection tracking flow accounting.");
|
||||||
|
|
||||||
static const struct nf_ct_ext_type acct_extend = {
|
|
||||||
.id = NF_CT_EXT_ACCT,
|
|
||||||
};
|
|
||||||
|
|
||||||
void nf_conntrack_acct_pernet_init(struct net *net)
|
void nf_conntrack_acct_pernet_init(struct net *net)
|
||||||
{
|
{
|
||||||
net->ct.sysctl_acct = nf_ct_acct;
|
net->ct.sysctl_acct = nf_ct_acct;
|
||||||
}
|
}
|
||||||
|
|
||||||
int nf_conntrack_acct_init(void)
|
|
||||||
{
|
|
||||||
int ret = nf_ct_extend_register(&acct_extend);
|
|
||||||
if (ret < 0)
|
|
||||||
pr_err("Unable to register extension\n");
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
void nf_conntrack_acct_fini(void)
|
|
||||||
{
|
|
||||||
nf_ct_extend_unregister(&acct_extend);
|
|
||||||
}
|
|
||||||
|
|
|
@ -38,7 +38,6 @@
|
||||||
#include <net/netfilter/nf_conntrack_l4proto.h>
|
#include <net/netfilter/nf_conntrack_l4proto.h>
|
||||||
#include <net/netfilter/nf_conntrack_expect.h>
|
#include <net/netfilter/nf_conntrack_expect.h>
|
||||||
#include <net/netfilter/nf_conntrack_helper.h>
|
#include <net/netfilter/nf_conntrack_helper.h>
|
||||||
#include <net/netfilter/nf_conntrack_seqadj.h>
|
|
||||||
#include <net/netfilter/nf_conntrack_core.h>
|
#include <net/netfilter/nf_conntrack_core.h>
|
||||||
#include <net/netfilter/nf_conntrack_extend.h>
|
#include <net/netfilter/nf_conntrack_extend.h>
|
||||||
#include <net/netfilter/nf_conntrack_acct.h>
|
#include <net/netfilter/nf_conntrack_acct.h>
|
||||||
|
@ -2477,13 +2476,7 @@ void nf_conntrack_cleanup_end(void)
|
||||||
kvfree(nf_conntrack_hash);
|
kvfree(nf_conntrack_hash);
|
||||||
|
|
||||||
nf_conntrack_proto_fini();
|
nf_conntrack_proto_fini();
|
||||||
nf_conntrack_seqadj_fini();
|
|
||||||
nf_conntrack_labels_fini();
|
|
||||||
nf_conntrack_helper_fini();
|
nf_conntrack_helper_fini();
|
||||||
nf_conntrack_timeout_fini();
|
|
||||||
nf_conntrack_ecache_fini();
|
|
||||||
nf_conntrack_tstamp_fini();
|
|
||||||
nf_conntrack_acct_fini();
|
|
||||||
nf_conntrack_expect_fini();
|
nf_conntrack_expect_fini();
|
||||||
|
|
||||||
kmem_cache_destroy(nf_conntrack_cachep);
|
kmem_cache_destroy(nf_conntrack_cachep);
|
||||||
|
@ -2689,34 +2682,10 @@ int nf_conntrack_init_start(void)
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err_expect;
|
goto err_expect;
|
||||||
|
|
||||||
ret = nf_conntrack_acct_init();
|
|
||||||
if (ret < 0)
|
|
||||||
goto err_acct;
|
|
||||||
|
|
||||||
ret = nf_conntrack_tstamp_init();
|
|
||||||
if (ret < 0)
|
|
||||||
goto err_tstamp;
|
|
||||||
|
|
||||||
ret = nf_conntrack_ecache_init();
|
|
||||||
if (ret < 0)
|
|
||||||
goto err_ecache;
|
|
||||||
|
|
||||||
ret = nf_conntrack_timeout_init();
|
|
||||||
if (ret < 0)
|
|
||||||
goto err_timeout;
|
|
||||||
|
|
||||||
ret = nf_conntrack_helper_init();
|
ret = nf_conntrack_helper_init();
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err_helper;
|
goto err_helper;
|
||||||
|
|
||||||
ret = nf_conntrack_labels_init();
|
|
||||||
if (ret < 0)
|
|
||||||
goto err_labels;
|
|
||||||
|
|
||||||
ret = nf_conntrack_seqadj_init();
|
|
||||||
if (ret < 0)
|
|
||||||
goto err_seqadj;
|
|
||||||
|
|
||||||
ret = nf_conntrack_proto_init();
|
ret = nf_conntrack_proto_init();
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
goto err_proto;
|
goto err_proto;
|
||||||
|
@ -2734,20 +2703,8 @@ int nf_conntrack_init_start(void)
|
||||||
cancel_delayed_work_sync(&conntrack_gc_work.dwork);
|
cancel_delayed_work_sync(&conntrack_gc_work.dwork);
|
||||||
nf_conntrack_proto_fini();
|
nf_conntrack_proto_fini();
|
||||||
err_proto:
|
err_proto:
|
||||||
nf_conntrack_seqadj_fini();
|
|
||||||
err_seqadj:
|
|
||||||
nf_conntrack_labels_fini();
|
|
||||||
err_labels:
|
|
||||||
nf_conntrack_helper_fini();
|
nf_conntrack_helper_fini();
|
||||||
err_helper:
|
err_helper:
|
||||||
nf_conntrack_timeout_fini();
|
|
||||||
err_timeout:
|
|
||||||
nf_conntrack_ecache_fini();
|
|
||||||
err_ecache:
|
|
||||||
nf_conntrack_tstamp_fini();
|
|
||||||
err_tstamp:
|
|
||||||
nf_conntrack_acct_fini();
|
|
||||||
err_acct:
|
|
||||||
nf_conntrack_expect_fini();
|
nf_conntrack_expect_fini();
|
||||||
err_expect:
|
err_expect:
|
||||||
kmem_cache_destroy(nf_conntrack_cachep);
|
kmem_cache_destroy(nf_conntrack_cachep);
|
||||||
|
|
|
@ -304,10 +304,6 @@ void nf_conntrack_ecache_work(struct net *net, enum nf_ct_ecache_state state)
|
||||||
#define NF_CT_EVENTS_DEFAULT 1
|
#define NF_CT_EVENTS_DEFAULT 1
|
||||||
static int nf_ct_events __read_mostly = NF_CT_EVENTS_DEFAULT;
|
static int nf_ct_events __read_mostly = NF_CT_EVENTS_DEFAULT;
|
||||||
|
|
||||||
static const struct nf_ct_ext_type event_extend = {
|
|
||||||
.id = NF_CT_EXT_ECACHE,
|
|
||||||
};
|
|
||||||
|
|
||||||
void nf_conntrack_ecache_pernet_init(struct net *net)
|
void nf_conntrack_ecache_pernet_init(struct net *net)
|
||||||
{
|
{
|
||||||
struct nf_conntrack_net *cnet = nf_ct_pernet(net);
|
struct nf_conntrack_net *cnet = nf_ct_pernet(net);
|
||||||
|
@ -315,6 +311,8 @@ void nf_conntrack_ecache_pernet_init(struct net *net)
|
||||||
net->ct.sysctl_events = nf_ct_events;
|
net->ct.sysctl_events = nf_ct_events;
|
||||||
cnet->ct_net = &net->ct;
|
cnet->ct_net = &net->ct;
|
||||||
INIT_DELAYED_WORK(&cnet->ecache_dwork, ecache_work);
|
INIT_DELAYED_WORK(&cnet->ecache_dwork, ecache_work);
|
||||||
|
|
||||||
|
BUILD_BUG_ON(__IPCT_MAX >= 16); /* ctmask, missed use u16 */
|
||||||
}
|
}
|
||||||
|
|
||||||
void nf_conntrack_ecache_pernet_fini(struct net *net)
|
void nf_conntrack_ecache_pernet_fini(struct net *net)
|
||||||
|
@ -323,19 +321,3 @@ void nf_conntrack_ecache_pernet_fini(struct net *net)
|
||||||
|
|
||||||
cancel_delayed_work_sync(&cnet->ecache_dwork);
|
cancel_delayed_work_sync(&cnet->ecache_dwork);
|
||||||
}
|
}
|
||||||
|
|
||||||
int nf_conntrack_ecache_init(void)
|
|
||||||
{
|
|
||||||
int ret = nf_ct_extend_register(&event_extend);
|
|
||||||
if (ret < 0)
|
|
||||||
pr_err("Unable to register event extension\n");
|
|
||||||
|
|
||||||
BUILD_BUG_ON(__IPCT_MAX >= 16); /* ctmask, missed use u16 */
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
void nf_conntrack_ecache_fini(void)
|
|
||||||
{
|
|
||||||
nf_ct_extend_unregister(&event_extend);
|
|
||||||
}
|
|
||||||
|
|
|
@ -25,8 +25,6 @@
|
||||||
#include <net/netfilter/nf_conntrack_act_ct.h>
|
#include <net/netfilter/nf_conntrack_act_ct.h>
|
||||||
#include <net/netfilter/nf_nat.h>
|
#include <net/netfilter/nf_nat.h>
|
||||||
|
|
||||||
static struct nf_ct_ext_type __rcu *nf_ct_ext_types[NF_CT_EXT_NUM];
|
|
||||||
static DEFINE_MUTEX(nf_ct_ext_type_mutex);
|
|
||||||
#define NF_CT_EXT_PREALLOC 128u /* conntrack events are on by default */
|
#define NF_CT_EXT_PREALLOC 128u /* conntrack events are on by default */
|
||||||
|
|
||||||
static const u8 nf_ct_ext_type_len[NF_CT_EXT_NUM] = {
|
static const u8 nf_ct_ext_type_len[NF_CT_EXT_NUM] = {
|
||||||
|
@ -97,6 +95,8 @@ void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
|
||||||
/* Conntrack must not be confirmed to avoid races on reallocation. */
|
/* Conntrack must not be confirmed to avoid races on reallocation. */
|
||||||
WARN_ON(nf_ct_is_confirmed(ct));
|
WARN_ON(nf_ct_is_confirmed(ct));
|
||||||
|
|
||||||
|
/* struct nf_ct_ext uses u8 to store offsets/size */
|
||||||
|
BUILD_BUG_ON(total_extension_size() > 255u);
|
||||||
|
|
||||||
if (ct->ext) {
|
if (ct->ext) {
|
||||||
const struct nf_ct_ext *old = ct->ext;
|
const struct nf_ct_ext *old = ct->ext;
|
||||||
|
@ -127,34 +127,3 @@ void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
|
||||||
return (void *)new + newoff;
|
return (void *)new + newoff;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(nf_ct_ext_add);
|
EXPORT_SYMBOL(nf_ct_ext_add);
|
||||||
|
|
||||||
/* This MUST be called in process context. */
|
|
||||||
int nf_ct_extend_register(const struct nf_ct_ext_type *type)
|
|
||||||
{
|
|
||||||
int ret = 0;
|
|
||||||
|
|
||||||
/* struct nf_ct_ext uses u8 to store offsets/size */
|
|
||||||
BUILD_BUG_ON(total_extension_size() > 255u);
|
|
||||||
|
|
||||||
mutex_lock(&nf_ct_ext_type_mutex);
|
|
||||||
if (nf_ct_ext_types[type->id]) {
|
|
||||||
ret = -EBUSY;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
rcu_assign_pointer(nf_ct_ext_types[type->id], type);
|
|
||||||
out:
|
|
||||||
mutex_unlock(&nf_ct_ext_type_mutex);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
EXPORT_SYMBOL_GPL(nf_ct_extend_register);
|
|
||||||
|
|
||||||
/* This MUST be called in process context. */
|
|
||||||
void nf_ct_extend_unregister(const struct nf_ct_ext_type *type)
|
|
||||||
{
|
|
||||||
mutex_lock(&nf_ct_ext_type_mutex);
|
|
||||||
RCU_INIT_POINTER(nf_ct_ext_types[type->id], NULL);
|
|
||||||
mutex_unlock(&nf_ct_ext_type_mutex);
|
|
||||||
synchronize_rcu();
|
|
||||||
}
|
|
||||||
EXPORT_SYMBOL_GPL(nf_ct_extend_unregister);
|
|
||||||
|
|
|
@ -550,10 +550,6 @@ void nf_nat_helper_unregister(struct nf_conntrack_nat_helper *nat)
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nf_nat_helper_unregister);
|
EXPORT_SYMBOL_GPL(nf_nat_helper_unregister);
|
||||||
|
|
||||||
static const struct nf_ct_ext_type helper_extend = {
|
|
||||||
.id = NF_CT_EXT_HELPER,
|
|
||||||
};
|
|
||||||
|
|
||||||
void nf_conntrack_helper_pernet_init(struct net *net)
|
void nf_conntrack_helper_pernet_init(struct net *net)
|
||||||
{
|
{
|
||||||
struct nf_conntrack_net *cnet = nf_ct_pernet(net);
|
struct nf_conntrack_net *cnet = nf_ct_pernet(net);
|
||||||
|
@ -563,28 +559,17 @@ void nf_conntrack_helper_pernet_init(struct net *net)
|
||||||
|
|
||||||
int nf_conntrack_helper_init(void)
|
int nf_conntrack_helper_init(void)
|
||||||
{
|
{
|
||||||
int ret;
|
|
||||||
nf_ct_helper_hsize = 1; /* gets rounded up to use one page */
|
nf_ct_helper_hsize = 1; /* gets rounded up to use one page */
|
||||||
nf_ct_helper_hash =
|
nf_ct_helper_hash =
|
||||||
nf_ct_alloc_hashtable(&nf_ct_helper_hsize, 0);
|
nf_ct_alloc_hashtable(&nf_ct_helper_hsize, 0);
|
||||||
if (!nf_ct_helper_hash)
|
if (!nf_ct_helper_hash)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
ret = nf_ct_extend_register(&helper_extend);
|
|
||||||
if (ret < 0) {
|
|
||||||
pr_err("nf_ct_helper: Unable to register helper extension.\n");
|
|
||||||
goto out_extend;
|
|
||||||
}
|
|
||||||
|
|
||||||
INIT_LIST_HEAD(&nf_ct_nat_helpers);
|
INIT_LIST_HEAD(&nf_ct_nat_helpers);
|
||||||
return 0;
|
return 0;
|
||||||
out_extend:
|
|
||||||
kvfree(nf_ct_helper_hash);
|
|
||||||
return ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void nf_conntrack_helper_fini(void)
|
void nf_conntrack_helper_fini(void)
|
||||||
{
|
{
|
||||||
nf_ct_extend_unregister(&helper_extend);
|
|
||||||
kvfree(nf_ct_helper_hash);
|
kvfree(nf_ct_helper_hash);
|
||||||
}
|
}
|
||||||
|
|
|
@ -67,6 +67,8 @@ int nf_connlabels_get(struct net *net, unsigned int bits)
|
||||||
net->ct.labels_used++;
|
net->ct.labels_used++;
|
||||||
spin_unlock(&nf_connlabels_lock);
|
spin_unlock(&nf_connlabels_lock);
|
||||||
|
|
||||||
|
BUILD_BUG_ON(NF_CT_LABELS_MAX_SIZE / sizeof(long) >= U8_MAX);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nf_connlabels_get);
|
EXPORT_SYMBOL_GPL(nf_connlabels_get);
|
||||||
|
@ -78,19 +80,3 @@ void nf_connlabels_put(struct net *net)
|
||||||
spin_unlock(&nf_connlabels_lock);
|
spin_unlock(&nf_connlabels_lock);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nf_connlabels_put);
|
EXPORT_SYMBOL_GPL(nf_connlabels_put);
|
||||||
|
|
||||||
static const struct nf_ct_ext_type labels_extend = {
|
|
||||||
.id = NF_CT_EXT_LABELS,
|
|
||||||
};
|
|
||||||
|
|
||||||
int nf_conntrack_labels_init(void)
|
|
||||||
{
|
|
||||||
BUILD_BUG_ON(NF_CT_LABELS_MAX_SIZE / sizeof(long) >= U8_MAX);
|
|
||||||
|
|
||||||
return nf_ct_extend_register(&labels_extend);
|
|
||||||
}
|
|
||||||
|
|
||||||
void nf_conntrack_labels_fini(void)
|
|
||||||
{
|
|
||||||
nf_ct_extend_unregister(&labels_extend);
|
|
||||||
}
|
|
||||||
|
|
|
@ -232,17 +232,3 @@ s32 nf_ct_seq_offset(const struct nf_conn *ct,
|
||||||
this_way->offset_after : this_way->offset_before;
|
this_way->offset_after : this_way->offset_before;
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nf_ct_seq_offset);
|
EXPORT_SYMBOL_GPL(nf_ct_seq_offset);
|
||||||
|
|
||||||
static const struct nf_ct_ext_type nf_ct_seqadj_extend = {
|
|
||||||
.id = NF_CT_EXT_SEQADJ,
|
|
||||||
};
|
|
||||||
|
|
||||||
int nf_conntrack_seqadj_init(void)
|
|
||||||
{
|
|
||||||
return nf_ct_extend_register(&nf_ct_seqadj_extend);
|
|
||||||
}
|
|
||||||
|
|
||||||
void nf_conntrack_seqadj_fini(void)
|
|
||||||
{
|
|
||||||
nf_ct_extend_unregister(&nf_ct_seqadj_extend);
|
|
||||||
}
|
|
||||||
|
|
|
@ -134,20 +134,3 @@ void nf_ct_destroy_timeout(struct nf_conn *ct)
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nf_ct_destroy_timeout);
|
EXPORT_SYMBOL_GPL(nf_ct_destroy_timeout);
|
||||||
|
|
||||||
static const struct nf_ct_ext_type timeout_extend = {
|
|
||||||
.id = NF_CT_EXT_TIMEOUT,
|
|
||||||
};
|
|
||||||
|
|
||||||
int nf_conntrack_timeout_init(void)
|
|
||||||
{
|
|
||||||
int ret = nf_ct_extend_register(&timeout_extend);
|
|
||||||
if (ret < 0)
|
|
||||||
pr_err("nf_ct_timeout: Unable to register timeout extension.\n");
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
void nf_conntrack_timeout_fini(void)
|
|
||||||
{
|
|
||||||
nf_ct_extend_unregister(&timeout_extend);
|
|
||||||
}
|
|
||||||
|
|
|
@ -19,25 +19,7 @@ static bool nf_ct_tstamp __read_mostly;
|
||||||
module_param_named(tstamp, nf_ct_tstamp, bool, 0644);
|
module_param_named(tstamp, nf_ct_tstamp, bool, 0644);
|
||||||
MODULE_PARM_DESC(tstamp, "Enable connection tracking flow timestamping.");
|
MODULE_PARM_DESC(tstamp, "Enable connection tracking flow timestamping.");
|
||||||
|
|
||||||
static const struct nf_ct_ext_type tstamp_extend = {
|
|
||||||
.id = NF_CT_EXT_TSTAMP,
|
|
||||||
};
|
|
||||||
|
|
||||||
void nf_conntrack_tstamp_pernet_init(struct net *net)
|
void nf_conntrack_tstamp_pernet_init(struct net *net)
|
||||||
{
|
{
|
||||||
net->ct.sysctl_tstamp = nf_ct_tstamp;
|
net->ct.sysctl_tstamp = nf_ct_tstamp;
|
||||||
}
|
}
|
||||||
|
|
||||||
int nf_conntrack_tstamp_init(void)
|
|
||||||
{
|
|
||||||
int ret;
|
|
||||||
ret = nf_ct_extend_register(&tstamp_extend);
|
|
||||||
if (ret < 0)
|
|
||||||
pr_err("Unable to register extension\n");
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
void nf_conntrack_tstamp_fini(void)
|
|
||||||
{
|
|
||||||
nf_ct_extend_unregister(&tstamp_extend);
|
|
||||||
}
|
|
||||||
|
|
|
@ -868,10 +868,6 @@ static int nf_nat_proto_clean(struct nf_conn *ct, void *data)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct nf_ct_ext_type nat_extend __read_mostly = {
|
|
||||||
.id = NF_CT_EXT_NAT,
|
|
||||||
};
|
|
||||||
|
|
||||||
#if IS_ENABLED(CONFIG_NF_CT_NETLINK)
|
#if IS_ENABLED(CONFIG_NF_CT_NETLINK)
|
||||||
|
|
||||||
#include <linux/netfilter/nfnetlink.h>
|
#include <linux/netfilter/nfnetlink.h>
|
||||||
|
@ -1179,19 +1175,11 @@ static int __init nf_nat_init(void)
|
||||||
if (!nf_nat_bysource)
|
if (!nf_nat_bysource)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
ret = nf_ct_extend_register(&nat_extend);
|
|
||||||
if (ret < 0) {
|
|
||||||
kvfree(nf_nat_bysource);
|
|
||||||
pr_err("Unable to register extension\n");
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (i = 0; i < CONNTRACK_LOCKS; i++)
|
for (i = 0; i < CONNTRACK_LOCKS; i++)
|
||||||
spin_lock_init(&nf_nat_locks[i]);
|
spin_lock_init(&nf_nat_locks[i]);
|
||||||
|
|
||||||
ret = register_pernet_subsys(&nat_net_ops);
|
ret = register_pernet_subsys(&nat_net_ops);
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
nf_ct_extend_unregister(&nat_extend);
|
|
||||||
kvfree(nf_nat_bysource);
|
kvfree(nf_nat_bysource);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
@ -1210,7 +1198,6 @@ static void __exit nf_nat_cleanup(void)
|
||||||
|
|
||||||
nf_ct_iterate_destroy(nf_nat_proto_clean, &clean);
|
nf_ct_iterate_destroy(nf_nat_proto_clean, &clean);
|
||||||
|
|
||||||
nf_ct_extend_unregister(&nat_extend);
|
|
||||||
nf_ct_helper_expectfn_unregister(&follow_master_nat);
|
nf_ct_helper_expectfn_unregister(&follow_master_nat);
|
||||||
RCU_INIT_POINTER(nf_nat_hook, NULL);
|
RCU_INIT_POINTER(nf_nat_hook, NULL);
|
||||||
|
|
||||||
|
|
|
@ -236,10 +236,6 @@ synproxy_tstamp_adjust(struct sk_buff *skb, unsigned int protoff,
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static struct nf_ct_ext_type nf_ct_synproxy_extend __read_mostly = {
|
|
||||||
.id = NF_CT_EXT_SYNPROXY,
|
|
||||||
};
|
|
||||||
|
|
||||||
#ifdef CONFIG_PROC_FS
|
#ifdef CONFIG_PROC_FS
|
||||||
static void *synproxy_cpu_seq_start(struct seq_file *seq, loff_t *pos)
|
static void *synproxy_cpu_seq_start(struct seq_file *seq, loff_t *pos)
|
||||||
{
|
{
|
||||||
|
@ -385,28 +381,12 @@ static struct pernet_operations synproxy_net_ops = {
|
||||||
|
|
||||||
static int __init synproxy_core_init(void)
|
static int __init synproxy_core_init(void)
|
||||||
{
|
{
|
||||||
int err;
|
return register_pernet_subsys(&synproxy_net_ops);
|
||||||
|
|
||||||
err = nf_ct_extend_register(&nf_ct_synproxy_extend);
|
|
||||||
if (err < 0)
|
|
||||||
goto err1;
|
|
||||||
|
|
||||||
err = register_pernet_subsys(&synproxy_net_ops);
|
|
||||||
if (err < 0)
|
|
||||||
goto err2;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
err2:
|
|
||||||
nf_ct_extend_unregister(&nf_ct_synproxy_extend);
|
|
||||||
err1:
|
|
||||||
return err;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void __exit synproxy_core_exit(void)
|
static void __exit synproxy_core_exit(void)
|
||||||
{
|
{
|
||||||
unregister_pernet_subsys(&synproxy_net_ops);
|
unregister_pernet_subsys(&synproxy_net_ops);
|
||||||
nf_ct_extend_unregister(&nf_ct_synproxy_extend);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
module_init(synproxy_core_init);
|
module_init(synproxy_core_init);
|
||||||
|
|
|
@ -57,10 +57,6 @@ static const struct rhashtable_params zones_params = {
|
||||||
.automatic_shrinking = true,
|
.automatic_shrinking = true,
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct nf_ct_ext_type act_ct_extend __read_mostly = {
|
|
||||||
.id = NF_CT_EXT_ACT_CT,
|
|
||||||
};
|
|
||||||
|
|
||||||
static struct flow_action_entry *
|
static struct flow_action_entry *
|
||||||
tcf_ct_flow_table_flow_action_get_next(struct flow_action *flow_action)
|
tcf_ct_flow_table_flow_action_get_next(struct flow_action *flow_action)
|
||||||
{
|
{
|
||||||
|
@ -1606,16 +1602,10 @@ static int __init ct_init_module(void)
|
||||||
if (err)
|
if (err)
|
||||||
goto err_register;
|
goto err_register;
|
||||||
|
|
||||||
err = nf_ct_extend_register(&act_ct_extend);
|
|
||||||
if (err)
|
|
||||||
goto err_register_extend;
|
|
||||||
|
|
||||||
static_branch_inc(&tcf_frag_xmit_count);
|
static_branch_inc(&tcf_frag_xmit_count);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err_register_extend:
|
|
||||||
tcf_unregister_action(&act_ct_ops, &ct_net_ops);
|
|
||||||
err_register:
|
err_register:
|
||||||
tcf_ct_flow_tables_uninit();
|
tcf_ct_flow_tables_uninit();
|
||||||
err_tbl_init:
|
err_tbl_init:
|
||||||
|
@ -1626,7 +1616,6 @@ static int __init ct_init_module(void)
|
||||||
static void __exit ct_cleanup_module(void)
|
static void __exit ct_cleanup_module(void)
|
||||||
{
|
{
|
||||||
static_branch_dec(&tcf_frag_xmit_count);
|
static_branch_dec(&tcf_frag_xmit_count);
|
||||||
nf_ct_extend_unregister(&act_ct_extend);
|
|
||||||
tcf_unregister_action(&act_ct_ops, &ct_net_ops);
|
tcf_unregister_action(&act_ct_ops, &ct_net_ops);
|
||||||
tcf_ct_flow_tables_uninit();
|
tcf_ct_flow_tables_uninit();
|
||||||
destroy_workqueue(act_ct_wq);
|
destroy_workqueue(act_ct_wq);
|
||||||
|
|
Loading…
Reference in a new issue