Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
cloud-kernel
提交
c1baa884
cloud-kernel
项目概览
openanolis
/
cloud-kernel
1 年多 前同步成功
通知
161
Star
36
Fork
7
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
10
列表
看板
标记
里程碑
合并请求
2
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
cloud-kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
10
Issue
10
列表
看板
标记
里程碑
合并请求
2
合并请求
2
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
c1baa884
编写于
11月 29, 2011
作者:
D
David S. Miller
浏览文件
操作
浏览文件
下载
差异文件
Merge branch 'nf' of
git://1984.lsi.us.es/net
上级
a5e5c374
70e9942f
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
87 addition
and
53 deletion
+87
-53
include/net/netfilter/nf_conntrack_ecache.h
include/net/netfilter/nf_conntrack_ecache.h
+10
-9
include/net/netns/conntrack.h
include/net/netns/conntrack.h
+2
-0
net/ipv4/netfilter.c
net/ipv4/netfilter.c
+2
-1
net/netfilter/ipset/ip_set_hash_ipport.c
net/netfilter/ipset/ip_set_hash_ipport.c
+1
-1
net/netfilter/ipset/ip_set_hash_ipportip.c
net/netfilter/ipset/ip_set_hash_ipportip.c
+1
-1
net/netfilter/ipset/ip_set_hash_ipportnet.c
net/netfilter/ipset/ip_set_hash_ipportnet.c
+1
-1
net/netfilter/nf_conntrack_ecache.c
net/netfilter/nf_conntrack_ecache.c
+18
-19
net/netfilter/nf_conntrack_netlink.c
net/netfilter/nf_conntrack_netlink.c
+52
-21
未找到文件。
include/net/netfilter/nf_conntrack_ecache.h
浏览文件 @
c1baa884
...
...
@@ -67,18 +67,18 @@ struct nf_ct_event_notifier {
int
(
*
fcn
)(
unsigned
int
events
,
struct
nf_ct_event
*
item
);
};
extern
struct
nf_ct_event_notifier
__rcu
*
nf_conntrack_event_cb
;
extern
int
nf_conntrack_register_notifier
(
struct
nf_ct_event_notifier
*
nb
);
extern
void
nf_conntrack_unregister_notifier
(
struct
nf_ct_event_notifier
*
nb
);
extern
int
nf_conntrack_register_notifier
(
struct
net
*
net
,
struct
nf_ct_event_notifier
*
nb
);
extern
void
nf_conntrack_unregister_notifier
(
struct
net
*
net
,
struct
nf_ct_event_notifier
*
nb
);
extern
void
nf_ct_deliver_cached_events
(
struct
nf_conn
*
ct
);
static
inline
void
nf_conntrack_event_cache
(
enum
ip_conntrack_events
event
,
struct
nf_conn
*
ct
)
{
struct
net
*
net
=
nf_ct_net
(
ct
);
struct
nf_conntrack_ecache
*
e
;
if
(
nf_conntrack_event_cb
==
NULL
)
if
(
n
et
->
ct
.
n
f_conntrack_event_cb
==
NULL
)
return
;
e
=
nf_ct_ecache_find
(
ct
);
...
...
@@ -95,11 +95,12 @@ nf_conntrack_eventmask_report(unsigned int eventmask,
int
report
)
{
int
ret
=
0
;
struct
net
*
net
=
nf_ct_net
(
ct
);
struct
nf_ct_event_notifier
*
notify
;
struct
nf_conntrack_ecache
*
e
;
rcu_read_lock
();
notify
=
rcu_dereference
(
nf_conntrack_event_cb
);
notify
=
rcu_dereference
(
n
et
->
ct
.
n
f_conntrack_event_cb
);
if
(
notify
==
NULL
)
goto
out_unlock
;
...
...
@@ -164,9 +165,8 @@ struct nf_exp_event_notifier {
int
(
*
fcn
)(
unsigned
int
events
,
struct
nf_exp_event
*
item
);
};
extern
struct
nf_exp_event_notifier
__rcu
*
nf_expect_event_cb
;
extern
int
nf_ct_expect_register_notifier
(
struct
nf_exp_event_notifier
*
nb
);
extern
void
nf_ct_expect_unregister_notifier
(
struct
nf_exp_event_notifier
*
nb
);
extern
int
nf_ct_expect_register_notifier
(
struct
net
*
net
,
struct
nf_exp_event_notifier
*
nb
);
extern
void
nf_ct_expect_unregister_notifier
(
struct
net
*
net
,
struct
nf_exp_event_notifier
*
nb
);
static
inline
void
nf_ct_expect_event_report
(
enum
ip_conntrack_expect_events
event
,
...
...
@@ -174,11 +174,12 @@ nf_ct_expect_event_report(enum ip_conntrack_expect_events event,
u32
pid
,
int
report
)
{
struct
net
*
net
=
nf_ct_exp_net
(
exp
);
struct
nf_exp_event_notifier
*
notify
;
struct
nf_conntrack_ecache
*
e
;
rcu_read_lock
();
notify
=
rcu_dereference
(
nf_expect_event_cb
);
notify
=
rcu_dereference
(
n
et
->
ct
.
n
f_expect_event_cb
);
if
(
notify
==
NULL
)
goto
out_unlock
;
...
...
include/net/netns/conntrack.h
浏览文件 @
c1baa884
...
...
@@ -18,6 +18,8 @@ struct netns_ct {
struct
hlist_nulls_head
unconfirmed
;
struct
hlist_nulls_head
dying
;
struct
ip_conntrack_stat
__percpu
*
stat
;
struct
nf_ct_event_notifier
__rcu
*
nf_conntrack_event_cb
;
struct
nf_exp_event_notifier
__rcu
*
nf_expect_event_cb
;
int
sysctl_events
;
unsigned
int
sysctl_events_retry_timeout
;
int
sysctl_acct
;
...
...
net/ipv4/netfilter.c
浏览文件 @
c1baa884
...
...
@@ -64,7 +64,8 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
/* Change in oif may mean change in hh_len. */
hh_len
=
skb_dst
(
skb
)
->
dev
->
hard_header_len
;
if
(
skb_headroom
(
skb
)
<
hh_len
&&
pskb_expand_head
(
skb
,
hh_len
-
skb_headroom
(
skb
),
0
,
GFP_ATOMIC
))
pskb_expand_head
(
skb
,
HH_DATA_ALIGN
(
hh_len
-
skb_headroom
(
skb
)),
0
,
GFP_ATOMIC
))
return
-
1
;
return
0
;
...
...
net/netfilter/ipset/ip_set_hash_ipport.c
浏览文件 @
c1baa884
...
...
@@ -158,7 +158,7 @@ hash_ipport4_uadt(struct ip_set *set, struct nlattr *tb[],
const
struct
ip_set_hash
*
h
=
set
->
data
;
ipset_adtfn
adtfn
=
set
->
variant
->
adt
[
adt
];
struct
hash_ipport4_elem
data
=
{
};
u32
ip
,
ip_to
,
p
=
0
,
port
,
port_to
;
u32
ip
,
ip_to
=
0
,
p
=
0
,
port
,
port_to
;
u32
timeout
=
h
->
timeout
;
bool
with_ports
=
false
;
int
ret
;
...
...
net/netfilter/ipset/ip_set_hash_ipportip.c
浏览文件 @
c1baa884
...
...
@@ -162,7 +162,7 @@ hash_ipportip4_uadt(struct ip_set *set, struct nlattr *tb[],
const
struct
ip_set_hash
*
h
=
set
->
data
;
ipset_adtfn
adtfn
=
set
->
variant
->
adt
[
adt
];
struct
hash_ipportip4_elem
data
=
{
};
u32
ip
,
ip_to
,
p
=
0
,
port
,
port_to
;
u32
ip
,
ip_to
=
0
,
p
=
0
,
port
,
port_to
;
u32
timeout
=
h
->
timeout
;
bool
with_ports
=
false
;
int
ret
;
...
...
net/netfilter/ipset/ip_set_hash_ipportnet.c
浏览文件 @
c1baa884
...
...
@@ -184,7 +184,7 @@ hash_ipportnet4_uadt(struct ip_set *set, struct nlattr *tb[],
const
struct
ip_set_hash
*
h
=
set
->
data
;
ipset_adtfn
adtfn
=
set
->
variant
->
adt
[
adt
];
struct
hash_ipportnet4_elem
data
=
{
.
cidr
=
HOST_MASK
};
u32
ip
,
ip_to
,
p
=
0
,
port
,
port_to
;
u32
ip
,
ip_to
=
0
,
p
=
0
,
port
,
port_to
;
u32
ip2_from
=
0
,
ip2_to
,
ip2_last
,
ip2
;
u32
timeout
=
h
->
timeout
;
bool
with_ports
=
false
;
...
...
net/netfilter/nf_conntrack_ecache.c
浏览文件 @
c1baa884
...
...
@@ -27,22 +27,17 @@
static
DEFINE_MUTEX
(
nf_ct_ecache_mutex
);
struct
nf_ct_event_notifier
__rcu
*
nf_conntrack_event_cb
__read_mostly
;
EXPORT_SYMBOL_GPL
(
nf_conntrack_event_cb
);
struct
nf_exp_event_notifier
__rcu
*
nf_expect_event_cb
__read_mostly
;
EXPORT_SYMBOL_GPL
(
nf_expect_event_cb
);
/* deliver cached events and clear cache entry - must be called with locally
* disabled softirqs */
void
nf_ct_deliver_cached_events
(
struct
nf_conn
*
ct
)
{
struct
net
*
net
=
nf_ct_net
(
ct
);
unsigned
long
events
;
struct
nf_ct_event_notifier
*
notify
;
struct
nf_conntrack_ecache
*
e
;
rcu_read_lock
();
notify
=
rcu_dereference
(
nf_conntrack_event_cb
);
notify
=
rcu_dereference
(
n
et
->
ct
.
n
f_conntrack_event_cb
);
if
(
notify
==
NULL
)
goto
out_unlock
;
...
...
@@ -83,19 +78,20 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct)
}
EXPORT_SYMBOL_GPL
(
nf_ct_deliver_cached_events
);
int
nf_conntrack_register_notifier
(
struct
nf_ct_event_notifier
*
new
)
int
nf_conntrack_register_notifier
(
struct
net
*
net
,
struct
nf_ct_event_notifier
*
new
)
{
int
ret
=
0
;
struct
nf_ct_event_notifier
*
notify
;
mutex_lock
(
&
nf_ct_ecache_mutex
);
notify
=
rcu_dereference_protected
(
nf_conntrack_event_cb
,
notify
=
rcu_dereference_protected
(
n
et
->
ct
.
n
f_conntrack_event_cb
,
lockdep_is_held
(
&
nf_ct_ecache_mutex
));
if
(
notify
!=
NULL
)
{
ret
=
-
EBUSY
;
goto
out_unlock
;
}
RCU_INIT_POINTER
(
nf_conntrack_event_cb
,
new
);
RCU_INIT_POINTER
(
n
et
->
ct
.
n
f_conntrack_event_cb
,
new
);
mutex_unlock
(
&
nf_ct_ecache_mutex
);
return
ret
;
...
...
@@ -105,32 +101,34 @@ int nf_conntrack_register_notifier(struct nf_ct_event_notifier *new)
}
EXPORT_SYMBOL_GPL
(
nf_conntrack_register_notifier
);
void
nf_conntrack_unregister_notifier
(
struct
nf_ct_event_notifier
*
new
)
void
nf_conntrack_unregister_notifier
(
struct
net
*
net
,
struct
nf_ct_event_notifier
*
new
)
{
struct
nf_ct_event_notifier
*
notify
;
mutex_lock
(
&
nf_ct_ecache_mutex
);
notify
=
rcu_dereference_protected
(
nf_conntrack_event_cb
,
notify
=
rcu_dereference_protected
(
n
et
->
ct
.
n
f_conntrack_event_cb
,
lockdep_is_held
(
&
nf_ct_ecache_mutex
));
BUG_ON
(
notify
!=
new
);
RCU_INIT_POINTER
(
nf_conntrack_event_cb
,
NULL
);
RCU_INIT_POINTER
(
n
et
->
ct
.
n
f_conntrack_event_cb
,
NULL
);
mutex_unlock
(
&
nf_ct_ecache_mutex
);
}
EXPORT_SYMBOL_GPL
(
nf_conntrack_unregister_notifier
);
int
nf_ct_expect_register_notifier
(
struct
nf_exp_event_notifier
*
new
)
int
nf_ct_expect_register_notifier
(
struct
net
*
net
,
struct
nf_exp_event_notifier
*
new
)
{
int
ret
=
0
;
struct
nf_exp_event_notifier
*
notify
;
mutex_lock
(
&
nf_ct_ecache_mutex
);
notify
=
rcu_dereference_protected
(
nf_expect_event_cb
,
notify
=
rcu_dereference_protected
(
n
et
->
ct
.
n
f_expect_event_cb
,
lockdep_is_held
(
&
nf_ct_ecache_mutex
));
if
(
notify
!=
NULL
)
{
ret
=
-
EBUSY
;
goto
out_unlock
;
}
RCU_INIT_POINTER
(
nf_expect_event_cb
,
new
);
RCU_INIT_POINTER
(
n
et
->
ct
.
n
f_expect_event_cb
,
new
);
mutex_unlock
(
&
nf_ct_ecache_mutex
);
return
ret
;
...
...
@@ -140,15 +138,16 @@ int nf_ct_expect_register_notifier(struct nf_exp_event_notifier *new)
}
EXPORT_SYMBOL_GPL
(
nf_ct_expect_register_notifier
);
void
nf_ct_expect_unregister_notifier
(
struct
nf_exp_event_notifier
*
new
)
void
nf_ct_expect_unregister_notifier
(
struct
net
*
net
,
struct
nf_exp_event_notifier
*
new
)
{
struct
nf_exp_event_notifier
*
notify
;
mutex_lock
(
&
nf_ct_ecache_mutex
);
notify
=
rcu_dereference_protected
(
nf_expect_event_cb
,
notify
=
rcu_dereference_protected
(
n
et
->
ct
.
n
f_expect_event_cb
,
lockdep_is_held
(
&
nf_ct_ecache_mutex
));
BUG_ON
(
notify
!=
new
);
RCU_INIT_POINTER
(
nf_expect_event_cb
,
NULL
);
RCU_INIT_POINTER
(
n
et
->
ct
.
n
f_expect_event_cb
,
NULL
);
mutex_unlock
(
&
nf_ct_ecache_mutex
);
}
EXPORT_SYMBOL_GPL
(
nf_ct_expect_unregister_notifier
);
...
...
net/netfilter/nf_conntrack_netlink.c
浏览文件 @
c1baa884
...
...
@@ -4,7 +4,7 @@
* (C) 2001 by Jay Schulist <jschlst@samba.org>
* (C) 2002-2006 by Harald Welte <laforge@gnumonks.org>
* (C) 2003 by Patrick Mchardy <kaber@trash.net>
* (C) 2005-20
08
by Pablo Neira Ayuso <pablo@netfilter.org>
* (C) 2005-20
11
by Pablo Neira Ayuso <pablo@netfilter.org>
*
* Initial connection tracking via netlink development funded and
* generally made possible by Network Robots, Inc. (www.networkrobots.com)
...
...
@@ -2163,6 +2163,54 @@ MODULE_ALIAS("ip_conntrack_netlink");
MODULE_ALIAS_NFNL_SUBSYS
(
NFNL_SUBSYS_CTNETLINK
);
MODULE_ALIAS_NFNL_SUBSYS
(
NFNL_SUBSYS_CTNETLINK_EXP
);
static
int
__net_init
ctnetlink_net_init
(
struct
net
*
net
)
{
#ifdef CONFIG_NF_CONNTRACK_EVENTS
int
ret
;
ret
=
nf_conntrack_register_notifier
(
net
,
&
ctnl_notifier
);
if
(
ret
<
0
)
{
pr_err
(
"ctnetlink_init: cannot register notifier.
\n
"
);
goto
err_out
;
}
ret
=
nf_ct_expect_register_notifier
(
net
,
&
ctnl_notifier_exp
);
if
(
ret
<
0
)
{
pr_err
(
"ctnetlink_init: cannot expect register notifier.
\n
"
);
goto
err_unreg_notifier
;
}
#endif
return
0
;
#ifdef CONFIG_NF_CONNTRACK_EVENTS
err_unreg_notifier:
nf_conntrack_unregister_notifier
(
net
,
&
ctnl_notifier
);
err_out:
return
ret
;
#endif
}
static
void
ctnetlink_net_exit
(
struct
net
*
net
)
{
#ifdef CONFIG_NF_CONNTRACK_EVENTS
nf_ct_expect_unregister_notifier
(
net
,
&
ctnl_notifier_exp
);
nf_conntrack_unregister_notifier
(
net
,
&
ctnl_notifier
);
#endif
}
static
void
__net_exit
ctnetlink_net_exit_batch
(
struct
list_head
*
net_exit_list
)
{
struct
net
*
net
;
list_for_each_entry
(
net
,
net_exit_list
,
exit_list
)
ctnetlink_net_exit
(
net
);
}
static
struct
pernet_operations
ctnetlink_net_ops
=
{
.
init
=
ctnetlink_net_init
,
.
exit_batch
=
ctnetlink_net_exit_batch
,
};
static
int
__init
ctnetlink_init
(
void
)
{
int
ret
;
...
...
@@ -2180,28 +2228,15 @@ static int __init ctnetlink_init(void)
goto
err_unreg_subsys
;
}
#ifdef CONFIG_NF_CONNTRACK_EVENTS
ret
=
nf_conntrack_register_notifier
(
&
ctnl_notifier
);
if
(
ret
<
0
)
{
pr_err
(
"ctnetlink_init: cannot register notifier.
\n
"
);
if
(
register_pernet_subsys
(
&
ctnetlink_net_ops
))
{
pr_err
(
"ctnetlink_init: cannot register pernet operations
\n
"
);
goto
err_unreg_exp_subsys
;
}
ret
=
nf_ct_expect_register_notifier
(
&
ctnl_notifier_exp
);
if
(
ret
<
0
)
{
pr_err
(
"ctnetlink_init: cannot expect register notifier.
\n
"
);
goto
err_unreg_notifier
;
}
#endif
return
0
;
#ifdef CONFIG_NF_CONNTRACK_EVENTS
err_unreg_notifier:
nf_conntrack_unregister_notifier
(
&
ctnl_notifier
);
err_unreg_exp_subsys:
nfnetlink_subsys_unregister
(
&
ctnl_exp_subsys
);
#endif
err_unreg_subsys:
nfnetlink_subsys_unregister
(
&
ctnl_subsys
);
err_out:
...
...
@@ -2213,11 +2248,7 @@ static void __exit ctnetlink_exit(void)
pr_info
(
"ctnetlink: unregistering from nfnetlink.
\n
"
);
nf_ct_remove_userspace_expectations
();
#ifdef CONFIG_NF_CONNTRACK_EVENTS
nf_ct_expect_unregister_notifier
(
&
ctnl_notifier_exp
);
nf_conntrack_unregister_notifier
(
&
ctnl_notifier
);
#endif
unregister_pernet_subsys
(
&
ctnetlink_net_ops
);
nfnetlink_subsys_unregister
(
&
ctnl_exp_subsys
);
nfnetlink_subsys_unregister
(
&
ctnl_subsys
);
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录