1 /* L3/L4 protocol support for nf_conntrack. */
3 /* (C) 1999-2001 Paul `Rusty' Russell
4 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
5 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
12 #include <linux/types.h>
13 #include <linux/netfilter.h>
14 #include <linux/module.h>
15 #include <linux/slab.h>
16 #include <linux/mutex.h>
17 #include <linux/vmalloc.h>
18 #include <linux/stddef.h>
19 #include <linux/err.h>
20 #include <linux/percpu.h>
21 #include <linux/notifier.h>
22 #include <linux/kernel.h>
23 #include <linux/netdevice.h>
24 #include <linux/rtnetlink.h>
26 #include <net/netfilter/nf_conntrack.h>
27 #include <net/netfilter/nf_conntrack_l3proto.h>
28 #include <net/netfilter/nf_conntrack_l4proto.h>
29 #include <net/netfilter/nf_conntrack_core.h>
31 static struct nf_conntrack_l4proto __rcu **nf_ct_protos[PF_MAX] __read_mostly;
32 struct nf_conntrack_l3proto __rcu *nf_ct_l3protos[AF_MAX] __read_mostly;
33 EXPORT_SYMBOL_GPL(nf_ct_l3protos);
35 static DEFINE_MUTEX(nf_ct_proto_mutex);
39 nf_ct_register_sysctl(struct net *net,
40 struct ctl_table_header **header,
42 struct ctl_table *table,
45 if (*header == NULL) {
46 *header = register_net_sysctl(net, path, table);
57 nf_ct_unregister_sysctl(struct ctl_table_header **header,
58 struct ctl_table **table,
61 if (users != NULL && --*users > 0)
64 unregister_net_sysctl_table(*header);
71 struct nf_conntrack_l4proto *
72 __nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto)
74 if (unlikely(l3proto >= AF_MAX || nf_ct_protos[l3proto] == NULL))
75 return &nf_conntrack_l4proto_generic;
77 return rcu_dereference(nf_ct_protos[l3proto][l4proto]);
79 EXPORT_SYMBOL_GPL(__nf_ct_l4proto_find);
81 /* this is guaranteed to always return a valid protocol helper, since
82 * it falls back to generic_protocol */
83 struct nf_conntrack_l3proto *
84 nf_ct_l3proto_find_get(u_int16_t l3proto)
86 struct nf_conntrack_l3proto *p;
89 p = __nf_ct_l3proto_find(l3proto);
90 if (!try_module_get(p->me))
91 p = &nf_conntrack_l3proto_generic;
96 EXPORT_SYMBOL_GPL(nf_ct_l3proto_find_get);
98 void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p)
102 EXPORT_SYMBOL_GPL(nf_ct_l3proto_put);
105 nf_ct_l3proto_try_module_get(unsigned short l3proto)
108 struct nf_conntrack_l3proto *p;
110 retry: p = nf_ct_l3proto_find_get(l3proto);
111 if (p == &nf_conntrack_l3proto_generic) {
112 ret = request_module("nf_conntrack-%d", l3proto);
121 EXPORT_SYMBOL_GPL(nf_ct_l3proto_try_module_get);
123 void nf_ct_l3proto_module_put(unsigned short l3proto)
125 struct nf_conntrack_l3proto *p;
127 /* rcu_read_lock not necessary since the caller holds a reference, but
128 * taken anyways to avoid lockdep warnings in __nf_ct_l3proto_find()
131 p = __nf_ct_l3proto_find(l3proto);
135 EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);
137 struct nf_conntrack_l4proto *
138 nf_ct_l4proto_find_get(u_int16_t l3num, u_int8_t l4num)
140 struct nf_conntrack_l4proto *p;
143 p = __nf_ct_l4proto_find(l3num, l4num);
144 if (!try_module_get(p->me))
145 p = &nf_conntrack_l4proto_generic;
150 EXPORT_SYMBOL_GPL(nf_ct_l4proto_find_get);
152 void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p)
156 EXPORT_SYMBOL_GPL(nf_ct_l4proto_put);
158 static int kill_l3proto(struct nf_conn *i, void *data)
160 return nf_ct_l3num(i) == ((struct nf_conntrack_l3proto *)data)->l3proto;
163 static int kill_l4proto(struct nf_conn *i, void *data)
165 struct nf_conntrack_l4proto *l4proto;
166 l4proto = (struct nf_conntrack_l4proto *)data;
167 return nf_ct_protonum(i) == l4proto->l4proto &&
168 nf_ct_l3num(i) == l4proto->l3proto;
171 static int nf_ct_l3proto_register_sysctl(struct nf_conntrack_l3proto *l3proto)
176 if (l3proto->ctl_table != NULL) {
177 err = nf_ct_register_sysctl(&init_net,
178 &l3proto->ctl_table_header,
179 l3proto->ctl_table_path,
180 l3proto->ctl_table, NULL);
186 static void nf_ct_l3proto_unregister_sysctl(struct nf_conntrack_l3proto *l3proto)
189 if (l3proto->ctl_table_header != NULL)
190 nf_ct_unregister_sysctl(&l3proto->ctl_table_header,
191 &l3proto->ctl_table, NULL);
195 int nf_conntrack_l3proto_register(struct nf_conntrack_l3proto *proto)
198 struct nf_conntrack_l3proto *old;
200 if (proto->l3proto >= AF_MAX)
203 if (proto->tuple_to_nlattr && !proto->nlattr_tuple_size)
206 mutex_lock(&nf_ct_proto_mutex);
207 old = rcu_dereference_protected(nf_ct_l3protos[proto->l3proto],
208 lockdep_is_held(&nf_ct_proto_mutex));
209 if (old != &nf_conntrack_l3proto_generic) {
214 ret = nf_ct_l3proto_register_sysctl(proto);
218 if (proto->nlattr_tuple_size)
219 proto->nla_size = 3 * proto->nlattr_tuple_size();
221 rcu_assign_pointer(nf_ct_l3protos[proto->l3proto], proto);
224 mutex_unlock(&nf_ct_proto_mutex);
227 EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_register);
229 void nf_conntrack_l3proto_unregister(struct nf_conntrack_l3proto *proto)
233 BUG_ON(proto->l3proto >= AF_MAX);
235 mutex_lock(&nf_ct_proto_mutex);
236 BUG_ON(rcu_dereference_protected(nf_ct_l3protos[proto->l3proto],
237 lockdep_is_held(&nf_ct_proto_mutex)
239 rcu_assign_pointer(nf_ct_l3protos[proto->l3proto],
240 &nf_conntrack_l3proto_generic);
241 nf_ct_l3proto_unregister_sysctl(proto);
242 mutex_unlock(&nf_ct_proto_mutex);
246 /* Remove all contrack entries for this protocol */
249 nf_ct_iterate_cleanup(net, kill_l3proto, proto);
252 EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_unregister);
254 static struct nf_proto_net *nf_ct_l4proto_net(struct net *net,
255 struct nf_conntrack_l4proto *l4proto)
258 return net_generic(net, *l4proto->net_id);
264 int nf_ct_l4proto_register_sysctl(struct net *net,
265 struct nf_conntrack_l4proto *l4proto)
268 struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto);
273 if (pn->ctl_table != NULL) {
274 err = nf_ct_register_sysctl(net,
275 &pn->ctl_table_header,
281 kfree(pn->ctl_table);
282 pn->ctl_table = NULL;
287 #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
288 if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_table != NULL) {
289 err = nf_ct_register_sysctl(net,
290 &pn->ctl_compat_header,
291 "net/ipv4/netfilter",
292 pn->ctl_compat_table,
297 kfree(pn->ctl_compat_table);
298 pn->ctl_compat_table = NULL;
299 nf_ct_unregister_sysctl(&pn->ctl_table_header,
303 #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
305 #endif /* CONFIG_SYSCTL */
310 void nf_ct_l4proto_unregister_sysctl(struct net *net,
311 struct nf_conntrack_l4proto *l4proto)
313 struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto);
317 if (pn->ctl_table_header != NULL)
318 nf_ct_unregister_sysctl(&pn->ctl_table_header,
322 #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
323 if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_header != NULL)
324 nf_ct_unregister_sysctl(&pn->ctl_compat_header,
325 &pn->ctl_compat_table,
327 #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
330 #endif /* CONFIG_SYSCTL */
333 /* FIXME: Allow NULL functions and sub in pointers to generic for
336 nf_conntrack_l4proto_register_net(struct nf_conntrack_l4proto *l4proto)
340 if (l4proto->l3proto >= PF_MAX)
343 if ((l4proto->to_nlattr && !l4proto->nlattr_size)
344 || (l4proto->tuple_to_nlattr && !l4proto->nlattr_tuple_size))
347 mutex_lock(&nf_ct_proto_mutex);
348 if (!nf_ct_protos[l4proto->l3proto]) {
349 /* l3proto may be loaded latter. */
350 struct nf_conntrack_l4proto __rcu **proto_array;
353 proto_array = kmalloc(MAX_NF_CT_PROTO *
354 sizeof(struct nf_conntrack_l4proto *),
356 if (proto_array == NULL) {
361 for (i = 0; i < MAX_NF_CT_PROTO; i++)
362 RCU_INIT_POINTER(proto_array[i], &nf_conntrack_l4proto_generic);
364 /* Before making proto_array visible to lockless readers,
365 * we must make sure its content is committed to memory.
369 nf_ct_protos[l4proto->l3proto] = proto_array;
370 } else if (rcu_dereference_protected(
371 nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
372 lockdep_is_held(&nf_ct_proto_mutex)
373 ) != &nf_conntrack_l4proto_generic) {
378 l4proto->nla_size = 0;
379 if (l4proto->nlattr_size)
380 l4proto->nla_size += l4proto->nlattr_size();
381 if (l4proto->nlattr_tuple_size)
382 l4proto->nla_size += 3 * l4proto->nlattr_tuple_size();
384 rcu_assign_pointer(nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
387 mutex_unlock(&nf_ct_proto_mutex);
391 int nf_conntrack_l4proto_register(struct net *net,
392 struct nf_conntrack_l4proto *l4proto)
395 if (net == &init_net)
396 ret = nf_conntrack_l4proto_register_net(l4proto);
401 if (l4proto->init_net)
402 ret = l4proto->init_net(net);
407 return nf_ct_l4proto_register_sysctl(net, l4proto);
409 EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_register);
412 nf_conntrack_l4proto_unregister_net(struct nf_conntrack_l4proto *l4proto)
414 BUG_ON(l4proto->l3proto >= PF_MAX);
416 mutex_lock(&nf_ct_proto_mutex);
417 BUG_ON(rcu_dereference_protected(
418 nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
419 lockdep_is_held(&nf_ct_proto_mutex)
421 rcu_assign_pointer(nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
422 &nf_conntrack_l4proto_generic);
423 mutex_unlock(&nf_ct_proto_mutex);
428 void nf_conntrack_l4proto_unregister(struct net *net,
429 struct nf_conntrack_l4proto *l4proto)
431 if (net == &init_net)
432 nf_conntrack_l4proto_unregister_net(l4proto);
434 nf_ct_l4proto_unregister_sysctl(net, l4proto);
435 /* Remove all contrack entries for this protocol */
437 nf_ct_iterate_cleanup(net, kill_l4proto, l4proto);
440 EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_unregister);
442 int nf_conntrack_proto_init(void)
447 err = nf_ct_l4proto_register_sysctl(&init_net, &nf_conntrack_l4proto_generic);
451 for (i = 0; i < AF_MAX; i++)
452 rcu_assign_pointer(nf_ct_l3protos[i],
453 &nf_conntrack_l3proto_generic);
457 void nf_conntrack_proto_fini(void)
461 nf_ct_l4proto_unregister_sysctl(&init_net, &nf_conntrack_l4proto_generic);
463 /* free l3proto protocol tables */
464 for (i = 0; i < PF_MAX; i++)
465 kfree(nf_ct_protos[i]);
projects / linux-2.6-block.git / blob