提交 84c39451 编写于 作者: G Gao feng 提交者: Pablo Neira Ayuso

netfilter: nf_ct_dccp: use new namespace support

This patch modifies the DCCP protocol tracker to use the new
namespace infrastructure for nf_conntrack.
Acked-by: NEric W. Biederman <ebiederm@xmission.com>
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 a8021fed
...@@ -387,12 +387,9 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] = ...@@ -387,12 +387,9 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] =
/* this module per-net specifics */ /* this module per-net specifics */
static int dccp_net_id __read_mostly; static int dccp_net_id __read_mostly;
struct dccp_net { struct dccp_net {
struct nf_proto_net np;
int dccp_loose; int dccp_loose;
unsigned int dccp_timeout[CT_DCCP_MAX + 1]; unsigned int dccp_timeout[CT_DCCP_MAX + 1];
#ifdef CONFIG_SYSCTL
struct ctl_table_header *sysctl_header;
struct ctl_table *sysctl_table;
#endif
}; };
static inline struct dccp_net *dccp_pernet(struct net *net) static inline struct dccp_net *dccp_pernet(struct net *net)
...@@ -817,6 +814,45 @@ static struct ctl_table dccp_sysctl_table[] = { ...@@ -817,6 +814,45 @@ static struct ctl_table dccp_sysctl_table[] = {
}; };
#endif /* CONFIG_SYSCTL */ #endif /* CONFIG_SYSCTL */
static int dccp_init_net(struct net *net)
{
struct dccp_net *dn = dccp_pernet(net);
struct nf_proto_net *pn = (struct nf_proto_net *)dn;
#ifdef CONFIG_SYSCTL
if (!pn->ctl_table) {
#else
if (!pn->users++) {
#endif
/* default values */
dn->dccp_loose = 1;
dn->dccp_timeout[CT_DCCP_REQUEST] = 2 * DCCP_MSL;
dn->dccp_timeout[CT_DCCP_RESPOND] = 4 * DCCP_MSL;
dn->dccp_timeout[CT_DCCP_PARTOPEN] = 4 * DCCP_MSL;
dn->dccp_timeout[CT_DCCP_OPEN] = 12 * 3600 * HZ;
dn->dccp_timeout[CT_DCCP_CLOSEREQ] = 64 * HZ;
dn->dccp_timeout[CT_DCCP_CLOSING] = 64 * HZ;
dn->dccp_timeout[CT_DCCP_TIMEWAIT] = 2 * DCCP_MSL;
#ifdef CONFIG_SYSCTL
pn->ctl_table = kmemdup(dccp_sysctl_table,
sizeof(dccp_sysctl_table),
GFP_KERNEL);
if (!pn->ctl_table)
return -ENOMEM;
pn->ctl_table[0].data = &dn->dccp_timeout[CT_DCCP_REQUEST];
pn->ctl_table[1].data = &dn->dccp_timeout[CT_DCCP_RESPOND];
pn->ctl_table[2].data = &dn->dccp_timeout[CT_DCCP_PARTOPEN];
pn->ctl_table[3].data = &dn->dccp_timeout[CT_DCCP_OPEN];
pn->ctl_table[4].data = &dn->dccp_timeout[CT_DCCP_CLOSEREQ];
pn->ctl_table[5].data = &dn->dccp_timeout[CT_DCCP_CLOSING];
pn->ctl_table[6].data = &dn->dccp_timeout[CT_DCCP_TIMEWAIT];
pn->ctl_table[7].data = &dn->dccp_loose;
#endif
}
return 0;
}
static struct nf_conntrack_l4proto dccp_proto4 __read_mostly = { static struct nf_conntrack_l4proto dccp_proto4 __read_mostly = {
.l3proto = AF_INET, .l3proto = AF_INET,
.l4proto = IPPROTO_DCCP, .l4proto = IPPROTO_DCCP,
...@@ -847,6 +883,8 @@ static struct nf_conntrack_l4proto dccp_proto4 __read_mostly = { ...@@ -847,6 +883,8 @@ static struct nf_conntrack_l4proto dccp_proto4 __read_mostly = {
.nla_policy = dccp_timeout_nla_policy, .nla_policy = dccp_timeout_nla_policy,
}, },
#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
.net_id = &dccp_net_id,
.init_net = dccp_init_net,
}; };
static struct nf_conntrack_l4proto dccp_proto6 __read_mostly = { static struct nf_conntrack_l4proto dccp_proto6 __read_mostly = {
...@@ -879,55 +917,39 @@ static struct nf_conntrack_l4proto dccp_proto6 __read_mostly = { ...@@ -879,55 +917,39 @@ static struct nf_conntrack_l4proto dccp_proto6 __read_mostly = {
.nla_policy = dccp_timeout_nla_policy, .nla_policy = dccp_timeout_nla_policy,
}, },
#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
.net_id = &dccp_net_id,
.init_net = dccp_init_net,
}; };
static __net_init int dccp_net_init(struct net *net) static __net_init int dccp_net_init(struct net *net)
{ {
struct dccp_net *dn = dccp_pernet(net); int ret = 0;
ret = nf_conntrack_l4proto_register(net,
/* default values */ &dccp_proto4);
dn->dccp_loose = 1; if (ret < 0) {
dn->dccp_timeout[CT_DCCP_REQUEST] = 2 * DCCP_MSL; pr_err("nf_conntrack_l4proto_dccp4 :protocol register failed.\n");
dn->dccp_timeout[CT_DCCP_RESPOND] = 4 * DCCP_MSL; goto out;
dn->dccp_timeout[CT_DCCP_PARTOPEN] = 4 * DCCP_MSL; }
dn->dccp_timeout[CT_DCCP_OPEN] = 12 * 3600 * HZ; ret = nf_conntrack_l4proto_register(net,
dn->dccp_timeout[CT_DCCP_CLOSEREQ] = 64 * HZ; &dccp_proto6);
dn->dccp_timeout[CT_DCCP_CLOSING] = 64 * HZ; if (ret < 0) {
dn->dccp_timeout[CT_DCCP_TIMEWAIT] = 2 * DCCP_MSL; pr_err("nf_conntrack_l4proto_dccp6 :protocol register failed.\n");
goto cleanup_dccp4;
#ifdef CONFIG_SYSCTL
dn->sysctl_table = kmemdup(dccp_sysctl_table,
sizeof(dccp_sysctl_table), GFP_KERNEL);
if (!dn->sysctl_table)
return -ENOMEM;
dn->sysctl_table[0].data = &dn->dccp_timeout[CT_DCCP_REQUEST];
dn->sysctl_table[1].data = &dn->dccp_timeout[CT_DCCP_RESPOND];
dn->sysctl_table[2].data = &dn->dccp_timeout[CT_DCCP_PARTOPEN];
dn->sysctl_table[3].data = &dn->dccp_timeout[CT_DCCP_OPEN];
dn->sysctl_table[4].data = &dn->dccp_timeout[CT_DCCP_CLOSEREQ];
dn->sysctl_table[5].data = &dn->dccp_timeout[CT_DCCP_CLOSING];
dn->sysctl_table[6].data = &dn->dccp_timeout[CT_DCCP_TIMEWAIT];
dn->sysctl_table[7].data = &dn->dccp_loose;
dn->sysctl_header = register_net_sysctl(net, "net/netfilter",
dn->sysctl_table);
if (!dn->sysctl_header) {
kfree(dn->sysctl_table);
return -ENOMEM;
} }
#endif
return 0; return 0;
cleanup_dccp4:
nf_conntrack_l4proto_unregister(net,
&dccp_proto4);
out:
return ret;
} }
static __net_exit void dccp_net_exit(struct net *net) static __net_exit void dccp_net_exit(struct net *net)
{ {
struct dccp_net *dn = dccp_pernet(net); nf_conntrack_l4proto_unregister(net,
#ifdef CONFIG_SYSCTL &dccp_proto6);
unregister_net_sysctl_table(dn->sysctl_header); nf_conntrack_l4proto_unregister(net,
kfree(dn->sysctl_table); &dccp_proto4);
#endif
} }
static struct pernet_operations dccp_net_ops = { static struct pernet_operations dccp_net_ops = {
...@@ -939,34 +961,12 @@ static struct pernet_operations dccp_net_ops = { ...@@ -939,34 +961,12 @@ static struct pernet_operations dccp_net_ops = {
static int __init nf_conntrack_proto_dccp_init(void) static int __init nf_conntrack_proto_dccp_init(void)
{ {
int err; return register_pernet_subsys(&dccp_net_ops);
err = register_pernet_subsys(&dccp_net_ops);
if (err < 0)
goto err1;
err = nf_conntrack_l4proto_register(&init_net, &dccp_proto4);
if (err < 0)
goto err2;
err = nf_conntrack_l4proto_register(&init_net, &dccp_proto6);
if (err < 0)
goto err3;
return 0;
err3:
nf_conntrack_l4proto_unregister(&init_net, &dccp_proto4);
err2:
unregister_pernet_subsys(&dccp_net_ops);
err1:
return err;
} }
static void __exit nf_conntrack_proto_dccp_fini(void) static void __exit nf_conntrack_proto_dccp_fini(void)
{ {
unregister_pernet_subsys(&dccp_net_ops); unregister_pernet_subsys(&dccp_net_ops);
nf_conntrack_l4proto_unregister(&init_net, &dccp_proto6);
nf_conntrack_l4proto_unregister(&init_net, &dccp_proto4);
} }
module_init(nf_conntrack_proto_dccp_init); module_init(nf_conntrack_proto_dccp_init);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册