-81

include/net/netfilter/nf_conntrack.h

reviewed

··· 244 244 245 245 #define NF_CT_STAT_INC(count) (__get_cpu_var(nf_conntrack_stat).count++) 246 246 247 247 - #ifdef CONFIG_NF_CONNTRACK_EVENTS 248 248 - #include <linux/notifier.h> 249 249 - #include <linux/interrupt.h> 250 250 - #include <net/netfilter/nf_conntrack_expect.h> 251 251 - 252 252 - struct nf_conntrack_ecache { 253 253 - struct nf_conn *ct; 254 254 - unsigned int events; 255 255 - }; 256 256 - DECLARE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache); 257 257 - 258 258 - #define CONNTRACK_ECACHE(x) (__get_cpu_var(nf_conntrack_ecache).x) 259 259 - 260 260 - extern struct atomic_notifier_head nf_conntrack_chain; 261 261 - extern struct atomic_notifier_head nf_conntrack_expect_chain; 262 262 - 263 263 - static inline int nf_conntrack_register_notifier(struct notifier_block *nb) 264 264 - { 265 265 - return atomic_notifier_chain_register(&nf_conntrack_chain, nb); 266 266 - } 267 267 - 268 268 - static inline int nf_conntrack_unregister_notifier(struct notifier_block *nb) 269 269 - { 270 270 - return atomic_notifier_chain_unregister(&nf_conntrack_chain, nb); 271 271 - } 272 272 - 273 273 - static inline int 274 274 - nf_conntrack_expect_register_notifier(struct notifier_block *nb) 275 275 - { 276 276 - return atomic_notifier_chain_register(&nf_conntrack_expect_chain, nb); 277 277 - } 278 278 - 279 279 - static inline int 280 280 - nf_conntrack_expect_unregister_notifier(struct notifier_block *nb) 281 281 - { 282 282 - return atomic_notifier_chain_unregister(&nf_conntrack_expect_chain, 283 283 - nb); 284 284 - } 285 285 - 286 286 - extern void nf_ct_deliver_cached_events(const struct nf_conn *ct); 287 287 - extern void __nf_ct_event_cache_init(struct nf_conn *ct); 288 288 - 289 289 - static inline void 290 290 - nf_conntrack_event_cache(enum ip_conntrack_events event, 291 291 - const struct sk_buff *skb) 292 292 - { 293 293 - struct nf_conn *ct = (struct nf_conn *)skb->nfct; 294 294 - struct nf_conntrack_ecache *ecache; 295 295 - 296 296 - local_bh_disable(); 297 297 - ecache = &__get_cpu_var(nf_conntrack_ecache); 298 298 - if (ct != ecache->ct) 299 299 - __nf_ct_event_cache_init(ct); 300 300 - ecache->events |= event; 301 301 - local_bh_enable(); 302 302 - } 303 303 - 304 304 - static inline void nf_conntrack_event(enum ip_conntrack_events event, 305 305 - struct nf_conn *ct) 306 306 - { 307 307 - if (nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct)) 308 308 - atomic_notifier_call_chain(&nf_conntrack_chain, event, ct); 309 309 - } 310 310 - 311 311 - static inline void 312 312 - nf_conntrack_expect_event(enum ip_conntrack_expect_events event, 313 313 - struct nf_conntrack_expect *exp) 314 314 - { 315 315 - atomic_notifier_call_chain(&nf_conntrack_expect_chain, event, exp); 316 316 - } 317 317 - #else /* CONFIG_NF_CONNTRACK_EVENTS */ 318 318 - static inline void nf_conntrack_event_cache(enum ip_conntrack_events event, 319 319 - const struct sk_buff *skb) {} 320 320 - static inline void nf_conntrack_event(enum ip_conntrack_events event, 321 321 - struct nf_conn *ct) {} 322 322 - static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {} 323 323 - static inline void 324 324 - nf_conntrack_expect_event(enum ip_conntrack_expect_events event, 325 325 - struct nf_conntrack_expect *exp) {} 326 326 - #endif /* CONFIG_NF_CONNTRACK_EVENTS */ 327 327 - 328 247 /* no helper, no nat */ 329 248 #define NF_CT_F_BASIC 0 330 249 /* for helper */

+1

include/net/netfilter/nf_conntrack_core.h

reviewed

··· 15 15 #include <linux/netfilter.h> 16 16 #include <net/netfilter/nf_conntrack_l3proto.h> 17 17 #include <net/netfilter/nf_conntrack_protocol.h> 18 18 + #include <net/netfilter/nf_conntrack_ecache.h> 18 19 19 20 /* This header is used to share core functionality between the 20 21 standalone connection tracking module, and the compatibility layer's use

+95

include/net/netfilter/nf_conntrack_ecache.h

reviewed

··· 1 1 + /* 2 2 + * connection tracking event cache. 3 3 + */ 4 4 + 5 5 + #ifndef _NF_CONNTRACK_ECACHE_H 6 6 + #define _NF_CONNTRACK_ECACHE_H 7 7 + #include <net/netfilter/nf_conntrack.h> 8 8 + 9 9 + #include <linux/notifier.h> 10 10 + #include <linux/interrupt.h> 11 11 + #include <net/netfilter/nf_conntrack_expect.h> 12 12 + 13 13 + #ifdef CONFIG_NF_CONNTRACK_EVENTS 14 14 + struct nf_conntrack_ecache { 15 15 + struct nf_conn *ct; 16 16 + unsigned int events; 17 17 + }; 18 18 + DECLARE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache); 19 19 + 20 20 + #define CONNTRACK_ECACHE(x) (__get_cpu_var(nf_conntrack_ecache).x) 21 21 + 22 22 + extern struct atomic_notifier_head nf_conntrack_chain; 23 23 + extern struct atomic_notifier_head nf_conntrack_expect_chain; 24 24 + 25 25 + static inline int nf_conntrack_register_notifier(struct notifier_block *nb) 26 26 + { 27 27 + return atomic_notifier_chain_register(&nf_conntrack_chain, nb); 28 28 + } 29 29 + 30 30 + static inline int nf_conntrack_unregister_notifier(struct notifier_block *nb) 31 31 + { 32 32 + return atomic_notifier_chain_unregister(&nf_conntrack_chain, nb); 33 33 + } 34 34 + 35 35 + static inline int 36 36 + nf_conntrack_expect_register_notifier(struct notifier_block *nb) 37 37 + { 38 38 + return atomic_notifier_chain_register(&nf_conntrack_expect_chain, nb); 39 39 + } 40 40 + 41 41 + static inline int 42 42 + nf_conntrack_expect_unregister_notifier(struct notifier_block *nb) 43 43 + { 44 44 + return atomic_notifier_chain_unregister(&nf_conntrack_expect_chain, 45 45 + nb); 46 46 + } 47 47 + 48 48 + extern void nf_ct_deliver_cached_events(const struct nf_conn *ct); 49 49 + extern void __nf_ct_event_cache_init(struct nf_conn *ct); 50 50 + extern void nf_ct_event_cache_flush(void); 51 51 + 52 52 + static inline void 53 53 + nf_conntrack_event_cache(enum ip_conntrack_events event, 54 54 + const struct sk_buff *skb) 55 55 + { 56 56 + struct nf_conn *ct = (struct nf_conn *)skb->nfct; 57 57 + struct nf_conntrack_ecache *ecache; 58 58 + 59 59 + local_bh_disable(); 60 60 + ecache = &__get_cpu_var(nf_conntrack_ecache); 61 61 + if (ct != ecache->ct) 62 62 + __nf_ct_event_cache_init(ct); 63 63 + ecache->events |= event; 64 64 + local_bh_enable(); 65 65 + } 66 66 + 67 67 + static inline void nf_conntrack_event(enum ip_conntrack_events event, 68 68 + struct nf_conn *ct) 69 69 + { 70 70 + if (nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct)) 71 71 + atomic_notifier_call_chain(&nf_conntrack_chain, event, ct); 72 72 + } 73 73 + 74 74 + static inline void 75 75 + nf_conntrack_expect_event(enum ip_conntrack_expect_events event, 76 76 + struct nf_conntrack_expect *exp) 77 77 + { 78 78 + atomic_notifier_call_chain(&nf_conntrack_expect_chain, event, exp); 79 79 + } 80 80 + 81 81 + #else /* CONFIG_NF_CONNTRACK_EVENTS */ 82 82 + 83 83 + static inline void nf_conntrack_event_cache(enum ip_conntrack_events event, 84 84 + const struct sk_buff *skb) {} 85 85 + static inline void nf_conntrack_event(enum ip_conntrack_events event, 86 86 + struct nf_conn *ct) {} 87 87 + static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {} 88 88 + static inline void 89 89 + nf_conntrack_expect_event(enum ip_conntrack_expect_events event, 90 90 + struct nf_conntrack_expect *exp) {} 91 91 + static inline void nf_ct_event_cache_flush(void) {} 92 92 + #endif /* CONFIG_NF_CONNTRACK_EVENTS */ 93 93 + 94 94 + #endif /*_NF_CONNTRACK_ECACHE_H*/ 95 95 +

+3 -1

net/netfilter/Makefile

reviewed

··· 1 1 netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o 2 2 - nf_conntrack-objs := nf_conntrack_core.o nf_conntrack_standalone.o nf_conntrack_expect.o nf_conntrack_helper.o nf_conntrack_l3proto_generic.o nf_conntrack_proto_generic.o nf_conntrack_proto_tcp.o nf_conntrack_proto_udp.o 2 2 + 3 3 + nf_conntrack-y := nf_conntrack_core.o nf_conntrack_standalone.o nf_conntrack_expect.o nf_conntrack_helper.o nf_conntrack_l3proto_generic.o nf_conntrack_proto_generic.o nf_conntrack_proto_tcp.o nf_conntrack_proto_udp.o 4 4 + nf_conntrack-$(CONFIG_NF_CONNTRACK_EVENTS) += nf_conntrack_ecache.o 3 5 4 6 obj-$(CONFIG_NETFILTER) = netfilter.o 5 7

-67

net/netfilter/nf_conntrack_core.c

reviewed

··· 85 85 86 86 static unsigned int nf_conntrack_next_id; 87 87 88 88 - #ifdef CONFIG_NF_CONNTRACK_EVENTS 89 89 - ATOMIC_NOTIFIER_HEAD(nf_conntrack_chain); 90 90 - ATOMIC_NOTIFIER_HEAD(nf_conntrack_expect_chain); 91 91 - 92 92 - DEFINE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache); 93 93 - 94 94 - /* deliver cached events and clear cache entry - must be called with locally 95 95 - * disabled softirqs */ 96 96 - static inline void 97 97 - __nf_ct_deliver_cached_events(struct nf_conntrack_ecache *ecache) 98 98 - { 99 99 - DEBUGP("ecache: delivering events for %p\n", ecache->ct); 100 100 - if (nf_ct_is_confirmed(ecache->ct) && !nf_ct_is_dying(ecache->ct) 101 101 - && ecache->events) 102 102 - atomic_notifier_call_chain(&nf_conntrack_chain, ecache->events, 103 103 - ecache->ct); 104 104 - 105 105 - ecache->events = 0; 106 106 - nf_ct_put(ecache->ct); 107 107 - ecache->ct = NULL; 108 108 - } 109 109 - 110 110 - /* Deliver all cached events for a particular conntrack. This is called 111 111 - * by code prior to async packet handling for freeing the skb */ 112 112 - void nf_ct_deliver_cached_events(const struct nf_conn *ct) 113 113 - { 114 114 - struct nf_conntrack_ecache *ecache; 115 115 - 116 116 - local_bh_disable(); 117 117 - ecache = &__get_cpu_var(nf_conntrack_ecache); 118 118 - if (ecache->ct == ct) 119 119 - __nf_ct_deliver_cached_events(ecache); 120 120 - local_bh_enable(); 121 121 - } 122 122 - 123 123 - /* Deliver cached events for old pending events, if current conntrack != old */ 124 124 - void __nf_ct_event_cache_init(struct nf_conn *ct) 125 125 - { 126 126 - struct nf_conntrack_ecache *ecache; 127 127 - 128 128 - /* take care of delivering potentially old events */ 129 129 - ecache = &__get_cpu_var(nf_conntrack_ecache); 130 130 - BUG_ON(ecache->ct == ct); 131 131 - if (ecache->ct) 132 132 - __nf_ct_deliver_cached_events(ecache); 133 133 - /* initialize for this conntrack/packet */ 134 134 - ecache->ct = ct; 135 135 - nf_conntrack_get(&ct->ct_general); 136 136 - } 137 137 - 138 138 - /* flush the event cache - touches other CPU's data and must not be called 139 139 - * while packets are still passing through the code */ 140 140 - static void nf_ct_event_cache_flush(void) 141 141 - { 142 142 - struct nf_conntrack_ecache *ecache; 143 143 - int cpu; 144 144 - 145 145 - for_each_possible_cpu(cpu) { 146 146 - ecache = &per_cpu(nf_conntrack_ecache, cpu); 147 147 - if (ecache->ct) 148 148 - nf_ct_put(ecache->ct); 149 149 - } 150 150 - } 151 151 - #else 152 152 - static inline void nf_ct_event_cache_flush(void) {} 153 153 - #endif /* CONFIG_NF_CONNTRACK_EVENTS */ 154 154 - 155 88 DEFINE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat); 156 89 EXPORT_PER_CPU_SYMBOL(nf_conntrack_stat); 157 90

+91

net/netfilter/nf_conntrack_ecache.c

reviewed

··· 1 1 + /* Event cache for netfilter. */ 2 2 + 3 3 + /* (C) 1999-2001 Paul `Rusty' Russell 4 4 + * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> 5 5 + * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> 6 6 + * 7 7 + * This program is free software; you can redistribute it and/or modify 8 8 + * it under the terms of the GNU General Public License version 2 as 9 9 + * published by the Free Software Foundation. 10 10 + */ 11 11 + 12 12 + #include <linux/types.h> 13 13 + #include <linux/netfilter.h> 14 14 + #include <linux/skbuff.h> 15 15 + #include <linux/vmalloc.h> 16 16 + #include <linux/stddef.h> 17 17 + #include <linux/err.h> 18 18 + #include <linux/percpu.h> 19 19 + #include <linux/notifier.h> 20 20 + #include <linux/kernel.h> 21 21 + #include <linux/netdevice.h> 22 22 + 23 23 + #include <net/netfilter/nf_conntrack.h> 24 24 + #include <net/netfilter/nf_conntrack_l3proto.h> 25 25 + #include <net/netfilter/nf_conntrack_protocol.h> 26 26 + #include <net/netfilter/nf_conntrack_expect.h> 27 27 + #include <net/netfilter/nf_conntrack_helper.h> 28 28 + #include <net/netfilter/nf_conntrack_core.h> 29 29 + 30 30 + ATOMIC_NOTIFIER_HEAD(nf_conntrack_chain); 31 31 + ATOMIC_NOTIFIER_HEAD(nf_conntrack_expect_chain); 32 32 + 33 33 + DEFINE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache); 34 34 + 35 35 + /* deliver cached events and clear cache entry - must be called with locally 36 36 + * disabled softirqs */ 37 37 + static inline void 38 38 + __nf_ct_deliver_cached_events(struct nf_conntrack_ecache *ecache) 39 39 + { 40 40 + if (nf_ct_is_confirmed(ecache->ct) && !nf_ct_is_dying(ecache->ct) 41 41 + && ecache->events) 42 42 + atomic_notifier_call_chain(&nf_conntrack_chain, ecache->events, 43 43 + ecache->ct); 44 44 + 45 45 + ecache->events = 0; 46 46 + nf_ct_put(ecache->ct); 47 47 + ecache->ct = NULL; 48 48 + } 49 49 + 50 50 + /* Deliver all cached events for a particular conntrack. This is called 51 51 + * by code prior to async packet handling for freeing the skb */ 52 52 + void nf_ct_deliver_cached_events(const struct nf_conn *ct) 53 53 + { 54 54 + struct nf_conntrack_ecache *ecache; 55 55 + 56 56 + local_bh_disable(); 57 57 + ecache = &__get_cpu_var(nf_conntrack_ecache); 58 58 + if (ecache->ct == ct) 59 59 + __nf_ct_deliver_cached_events(ecache); 60 60 + local_bh_enable(); 61 61 + } 62 62 + 63 63 + /* Deliver cached events for old pending events, if current conntrack != old */ 64 64 + void __nf_ct_event_cache_init(struct nf_conn *ct) 65 65 + { 66 66 + struct nf_conntrack_ecache *ecache; 67 67 + 68 68 + /* take care of delivering potentially old events */ 69 69 + ecache = &__get_cpu_var(nf_conntrack_ecache); 70 70 + BUG_ON(ecache->ct == ct); 71 71 + if (ecache->ct) 72 72 + __nf_ct_deliver_cached_events(ecache); 73 73 + /* initialize for this conntrack/packet */ 74 74 + ecache->ct = ct; 75 75 + nf_conntrack_get(&ct->ct_general); 76 76 + } 77 77 + 78 78 + /* flush the event cache - touches other CPU's data and must not be called 79 79 + * while packets are still passing through the code */ 80 80 + void nf_ct_event_cache_flush(void) 81 81 + { 82 82 + struct nf_conntrack_ecache *ecache; 83 83 + int cpu; 84 84 + 85 85 + for_each_possible_cpu(cpu) { 86 86 + ecache = &per_cpu(nf_conntrack_ecache, cpu); 87 87 + if (ecache->ct) 88 88 + nf_ct_put(ecache->ct); 89 89 + } 90 90 + } 91 91 +

+1

net/netfilter/nf_conntrack_ftp.c

reviewed

··· 27 27 28 28 #include <net/netfilter/nf_conntrack.h> 29 29 #include <net/netfilter/nf_conntrack_expect.h> 30 30 + #include <net/netfilter/nf_conntrack_ecache.h> 30 31 #include <net/netfilter/nf_conntrack_helper.h> 31 32 #include <linux/netfilter/nf_conntrack_ftp.h> 32 33

+1

net/netfilter/nf_conntrack_proto_sctp.c

reviewed

··· 33 33 34 34 #include <net/netfilter/nf_conntrack.h> 35 35 #include <net/netfilter/nf_conntrack_protocol.h> 36 36 + #include <net/netfilter/nf_conntrack_ecache.h> 36 37 37 38 #if 0 38 39 #define DEBUGP(format, ...) printk(format, ## __VA_ARGS__)

+1

net/netfilter/nf_conntrack_proto_tcp.c

reviewed

··· 43 43 #include <linux/netfilter_ipv6.h> 44 44 #include <net/netfilter/nf_conntrack.h> 45 45 #include <net/netfilter/nf_conntrack_protocol.h> 46 46 + #include <net/netfilter/nf_conntrack_ecache.h> 46 47 47 48 #if 0 48 49 #define DEBUGP printk

+2

net/netfilter/nf_conntrack_proto_udp.c

reviewed

··· 22 22 #include <linux/ipv6.h> 23 23 #include <net/ip6_checksum.h> 24 24 #include <net/checksum.h> 25 25 + 25 26 #include <linux/netfilter.h> 26 27 #include <linux/netfilter_ipv4.h> 27 28 #include <linux/netfilter_ipv6.h> 28 29 #include <net/netfilter/nf_conntrack_protocol.h> 30 30 + #include <net/netfilter/nf_conntrack_ecache.h> 29 31 30 32 unsigned int nf_ct_udp_timeout __read_mostly = 30*HZ; 31 33 unsigned int nf_ct_udp_timeout_stream __read_mostly = 180*HZ;

+1 -1

net/netfilter/nf_conntrack_standalone.c

reviewed

··· 33 33 #define ASSERT_WRITE_LOCK(x) 34 34 35 35 #include <net/netfilter/nf_conntrack.h> 36 36 + #include <net/netfilter/nf_conntrack_core.h> 36 37 #include <net/netfilter/nf_conntrack_l3proto.h> 37 38 #include <net/netfilter/nf_conntrack_protocol.h> 38 38 - #include <net/netfilter/nf_conntrack_core.h> 39 39 #include <net/netfilter/nf_conntrack_expect.h> 40 40 #include <net/netfilter/nf_conntrack_helper.h> 41 41

+3

net/netfilter/xt_CONNMARK.c

reviewed

··· 31 31 #include <linux/netfilter/x_tables.h> 32 32 #include <linux/netfilter/xt_CONNMARK.h> 33 33 #include <net/netfilter/nf_conntrack_compat.h> 34 34 + #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 35 35 + #include <net/netfilter/nf_conntrack_ecache.h> 36 36 + #endif 34 37 35 38 static unsigned int 36 39 target(struct sk_buff **pskb,