18f03dea5SMartin Josefsson /* L3/L4 protocol support for nf_conntrack. */ 28f03dea5SMartin Josefsson 38f03dea5SMartin Josefsson /* (C) 1999-2001 Paul `Rusty' Russell 48f03dea5SMartin Josefsson * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org> 58f03dea5SMartin Josefsson * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org> 68f03dea5SMartin Josefsson * 78f03dea5SMartin Josefsson * This program is free software; you can redistribute it and/or modify 88f03dea5SMartin Josefsson * it under the terms of the GNU General Public License version 2 as 98f03dea5SMartin Josefsson * published by the Free Software Foundation. 108f03dea5SMartin Josefsson */ 118f03dea5SMartin Josefsson 128f03dea5SMartin Josefsson #include <linux/types.h> 138f03dea5SMartin Josefsson #include <linux/netfilter.h> 148f03dea5SMartin Josefsson #include <linux/module.h> 155a0e3ad6STejun Heo #include <linux/slab.h> 16d62f9ed4SPatrick McHardy #include <linux/mutex.h> 178f03dea5SMartin Josefsson #include <linux/vmalloc.h> 188f03dea5SMartin Josefsson #include <linux/stddef.h> 198f03dea5SMartin Josefsson #include <linux/err.h> 208f03dea5SMartin Josefsson #include <linux/percpu.h> 218f03dea5SMartin Josefsson #include <linux/notifier.h> 228f03dea5SMartin Josefsson #include <linux/kernel.h> 238f03dea5SMartin Josefsson #include <linux/netdevice.h> 24efb9a8c2SAlexey Dobriyan #include <linux/rtnetlink.h> 258f03dea5SMartin Josefsson 268f03dea5SMartin Josefsson #include <net/netfilter/nf_conntrack.h> 278f03dea5SMartin Josefsson #include <net/netfilter/nf_conntrack_l3proto.h> 28605dcad6SMartin Josefsson #include <net/netfilter/nf_conntrack_l4proto.h> 298f03dea5SMartin Josefsson #include <net/netfilter/nf_conntrack_core.h> 308f03dea5SMartin Josefsson 310906a372SArnd Bergmann static struct nf_conntrack_l4proto __rcu **nf_ct_protos[PF_MAX] __read_mostly; 320906a372SArnd Bergmann struct nf_conntrack_l3proto __rcu *nf_ct_l3protos[AF_MAX] __read_mostly; 3313b18339SPatrick McHardy EXPORT_SYMBOL_GPL(nf_ct_l3protos); 348f03dea5SMartin Josefsson 35b19caa0cSPatrick McHardy static DEFINE_MUTEX(nf_ct_proto_mutex); 36d62f9ed4SPatrick McHardy 37b19caa0cSPatrick McHardy #ifdef CONFIG_SYSCTL 38d62f9ed4SPatrick McHardy static int 392c352f44SGao feng nf_ct_register_sysctl(struct net *net, 402c352f44SGao feng struct ctl_table_header **header, 412c352f44SGao feng const char *path, 422c352f44SGao feng struct ctl_table *table, 432c352f44SGao feng unsigned int *users) 44d62f9ed4SPatrick McHardy { 45d62f9ed4SPatrick McHardy if (*header == NULL) { 462c352f44SGao feng *header = register_net_sysctl(net, path, table); 47d62f9ed4SPatrick McHardy if (*header == NULL) 48d62f9ed4SPatrick McHardy return -ENOMEM; 49d62f9ed4SPatrick McHardy } 50d62f9ed4SPatrick McHardy if (users != NULL) 51d62f9ed4SPatrick McHardy (*users)++; 522c352f44SGao feng 53d62f9ed4SPatrick McHardy return 0; 54d62f9ed4SPatrick McHardy } 55d62f9ed4SPatrick McHardy 56d62f9ed4SPatrick McHardy static void 57d62f9ed4SPatrick McHardy nf_ct_unregister_sysctl(struct ctl_table_header **header, 582c352f44SGao feng struct ctl_table **table, 592c352f44SGao feng unsigned int *users) 60d62f9ed4SPatrick McHardy { 61d62f9ed4SPatrick McHardy if (users != NULL && --*users > 0) 62d62f9ed4SPatrick McHardy return; 63b3fd3ffeSPavel Emelyanov 645dd3df10SEric W. Biederman unregister_net_sysctl_table(*header); 652c352f44SGao feng kfree(*table); 66d62f9ed4SPatrick McHardy *header = NULL; 672c352f44SGao feng *table = NULL; 68d62f9ed4SPatrick McHardy } 69d62f9ed4SPatrick McHardy #endif 70d62f9ed4SPatrick McHardy 71605dcad6SMartin Josefsson struct nf_conntrack_l4proto * 72605dcad6SMartin Josefsson __nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto) 738f03dea5SMartin Josefsson { 748f03dea5SMartin Josefsson if (unlikely(l3proto >= AF_MAX || nf_ct_protos[l3proto] == NULL)) 75605dcad6SMartin Josefsson return &nf_conntrack_l4proto_generic; 768f03dea5SMartin Josefsson 77923f4902SPatrick McHardy return rcu_dereference(nf_ct_protos[l3proto][l4proto]); 788f03dea5SMartin Josefsson } 7913b18339SPatrick McHardy EXPORT_SYMBOL_GPL(__nf_ct_l4proto_find); 808f03dea5SMartin Josefsson 818f03dea5SMartin Josefsson /* this is guaranteed to always return a valid protocol helper, since 828f03dea5SMartin Josefsson * it falls back to generic_protocol */ 838f03dea5SMartin Josefsson struct nf_conntrack_l3proto * 848f03dea5SMartin Josefsson nf_ct_l3proto_find_get(u_int16_t l3proto) 858f03dea5SMartin Josefsson { 868f03dea5SMartin Josefsson struct nf_conntrack_l3proto *p; 878f03dea5SMartin Josefsson 88923f4902SPatrick McHardy rcu_read_lock(); 898f03dea5SMartin Josefsson p = __nf_ct_l3proto_find(l3proto); 908f03dea5SMartin Josefsson if (!try_module_get(p->me)) 91605dcad6SMartin Josefsson p = &nf_conntrack_l3proto_generic; 92923f4902SPatrick McHardy rcu_read_unlock(); 938f03dea5SMartin Josefsson 948f03dea5SMartin Josefsson return p; 958f03dea5SMartin Josefsson } 9613b18339SPatrick McHardy EXPORT_SYMBOL_GPL(nf_ct_l3proto_find_get); 978f03dea5SMartin Josefsson 988f03dea5SMartin Josefsson void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p) 998f03dea5SMartin Josefsson { 1008f03dea5SMartin Josefsson module_put(p->me); 1018f03dea5SMartin Josefsson } 10213b18339SPatrick McHardy EXPORT_SYMBOL_GPL(nf_ct_l3proto_put); 1038f03dea5SMartin Josefsson 1048f03dea5SMartin Josefsson int 1058f03dea5SMartin Josefsson nf_ct_l3proto_try_module_get(unsigned short l3proto) 1068f03dea5SMartin Josefsson { 1078f03dea5SMartin Josefsson int ret; 1088f03dea5SMartin Josefsson struct nf_conntrack_l3proto *p; 1098f03dea5SMartin Josefsson 1108f03dea5SMartin Josefsson retry: p = nf_ct_l3proto_find_get(l3proto); 111605dcad6SMartin Josefsson if (p == &nf_conntrack_l3proto_generic) { 1128f03dea5SMartin Josefsson ret = request_module("nf_conntrack-%d", l3proto); 1138f03dea5SMartin Josefsson if (!ret) 1148f03dea5SMartin Josefsson goto retry; 1158f03dea5SMartin Josefsson 1168f03dea5SMartin Josefsson return -EPROTOTYPE; 1178f03dea5SMartin Josefsson } 1188f03dea5SMartin Josefsson 1198f03dea5SMartin Josefsson return 0; 1208f03dea5SMartin Josefsson } 12113b18339SPatrick McHardy EXPORT_SYMBOL_GPL(nf_ct_l3proto_try_module_get); 1228f03dea5SMartin Josefsson 1238f03dea5SMartin Josefsson void nf_ct_l3proto_module_put(unsigned short l3proto) 1248f03dea5SMartin Josefsson { 1258f03dea5SMartin Josefsson struct nf_conntrack_l3proto *p; 1268f03dea5SMartin Josefsson 1273b254c54SPatrick McHardy /* rcu_read_lock not necessary since the caller holds a reference, but 1283b254c54SPatrick McHardy * taken anyways to avoid lockdep warnings in __nf_ct_l3proto_find() 1293b254c54SPatrick McHardy */ 1303b254c54SPatrick McHardy rcu_read_lock(); 1318f03dea5SMartin Josefsson p = __nf_ct_l3proto_find(l3proto); 1328f03dea5SMartin Josefsson module_put(p->me); 1333b254c54SPatrick McHardy rcu_read_unlock(); 1348f03dea5SMartin Josefsson } 13513b18339SPatrick McHardy EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put); 1368f03dea5SMartin Josefsson 137c1ebd7dfSPablo Neira Ayuso struct nf_conntrack_l4proto * 138c1ebd7dfSPablo Neira Ayuso nf_ct_l4proto_find_get(u_int16_t l3num, u_int8_t l4num) 139c1ebd7dfSPablo Neira Ayuso { 140c1ebd7dfSPablo Neira Ayuso struct nf_conntrack_l4proto *p; 141c1ebd7dfSPablo Neira Ayuso 142c1ebd7dfSPablo Neira Ayuso rcu_read_lock(); 143c1ebd7dfSPablo Neira Ayuso p = __nf_ct_l4proto_find(l3num, l4num); 144c1ebd7dfSPablo Neira Ayuso if (!try_module_get(p->me)) 145c1ebd7dfSPablo Neira Ayuso p = &nf_conntrack_l4proto_generic; 146c1ebd7dfSPablo Neira Ayuso rcu_read_unlock(); 147c1ebd7dfSPablo Neira Ayuso 148c1ebd7dfSPablo Neira Ayuso return p; 149c1ebd7dfSPablo Neira Ayuso } 150c1ebd7dfSPablo Neira Ayuso EXPORT_SYMBOL_GPL(nf_ct_l4proto_find_get); 151c1ebd7dfSPablo Neira Ayuso 152c1ebd7dfSPablo Neira Ayuso void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p) 153c1ebd7dfSPablo Neira Ayuso { 154c1ebd7dfSPablo Neira Ayuso module_put(p->me); 155c1ebd7dfSPablo Neira Ayuso } 156c1ebd7dfSPablo Neira Ayuso EXPORT_SYMBOL_GPL(nf_ct_l4proto_put); 157c1ebd7dfSPablo Neira Ayuso 1588f03dea5SMartin Josefsson static int kill_l3proto(struct nf_conn *i, void *data) 1598f03dea5SMartin Josefsson { 1605e8fbe2aSPatrick McHardy return nf_ct_l3num(i) == ((struct nf_conntrack_l3proto *)data)->l3proto; 1618f03dea5SMartin Josefsson } 1628f03dea5SMartin Josefsson 163605dcad6SMartin Josefsson static int kill_l4proto(struct nf_conn *i, void *data) 1648f03dea5SMartin Josefsson { 165605dcad6SMartin Josefsson struct nf_conntrack_l4proto *l4proto; 166605dcad6SMartin Josefsson l4proto = (struct nf_conntrack_l4proto *)data; 1675e8fbe2aSPatrick McHardy return nf_ct_protonum(i) == l4proto->l4proto && 1685e8fbe2aSPatrick McHardy nf_ct_l3num(i) == l4proto->l3proto; 1698f03dea5SMartin Josefsson } 1708f03dea5SMartin Josefsson 171524a53e5SGao feng static struct nf_ip_net *nf_ct_l3proto_net(struct net *net, 172524a53e5SGao feng struct nf_conntrack_l3proto *l3proto) 173524a53e5SGao feng { 174524a53e5SGao feng if (l3proto->l3proto == PF_INET) 175524a53e5SGao feng return &net->ct.nf_ct_proto; 176524a53e5SGao feng else 177524a53e5SGao feng return NULL; 178524a53e5SGao feng } 179524a53e5SGao feng 180524a53e5SGao feng static int nf_ct_l3proto_register_sysctl(struct net *net, 181524a53e5SGao feng struct nf_conntrack_l3proto *l3proto) 182d62f9ed4SPatrick McHardy { 183d62f9ed4SPatrick McHardy int err = 0; 184524a53e5SGao feng struct nf_ip_net *in = nf_ct_l3proto_net(net, l3proto); 185524a53e5SGao feng /* nf_conntrack_l3proto_ipv6 doesn't support sysctl */ 186524a53e5SGao feng if (in == NULL) 187524a53e5SGao feng return 0; 188d62f9ed4SPatrick McHardy 189524a53e5SGao feng #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) 190524a53e5SGao feng if (in->ctl_table != NULL) { 191524a53e5SGao feng err = nf_ct_register_sysctl(net, 192524a53e5SGao feng &in->ctl_table_header, 193d62f9ed4SPatrick McHardy l3proto->ctl_table_path, 194524a53e5SGao feng in->ctl_table, 195524a53e5SGao feng NULL); 196524a53e5SGao feng if (err < 0) { 197524a53e5SGao feng kfree(in->ctl_table); 198524a53e5SGao feng in->ctl_table = NULL; 199524a53e5SGao feng } 200d62f9ed4SPatrick McHardy } 201d62f9ed4SPatrick McHardy #endif 202d62f9ed4SPatrick McHardy return err; 203d62f9ed4SPatrick McHardy } 204d62f9ed4SPatrick McHardy 205524a53e5SGao feng static void nf_ct_l3proto_unregister_sysctl(struct net *net, 206524a53e5SGao feng struct nf_conntrack_l3proto *l3proto) 207d62f9ed4SPatrick McHardy { 208524a53e5SGao feng struct nf_ip_net *in = nf_ct_l3proto_net(net, l3proto); 209524a53e5SGao feng 210524a53e5SGao feng if (in == NULL) 211524a53e5SGao feng return; 212524a53e5SGao feng #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) 213524a53e5SGao feng if (in->ctl_table_header != NULL) 214524a53e5SGao feng nf_ct_unregister_sysctl(&in->ctl_table_header, 215524a53e5SGao feng &in->ctl_table, 216524a53e5SGao feng NULL); 217d62f9ed4SPatrick McHardy #endif 218d62f9ed4SPatrick McHardy } 219d62f9ed4SPatrick McHardy 220524a53e5SGao feng static int 221524a53e5SGao feng nf_conntrack_l3proto_register_net(struct nf_conntrack_l3proto *proto) 2228f03dea5SMartin Josefsson { 2238f03dea5SMartin Josefsson int ret = 0; 2240e60ebe0SEric Dumazet struct nf_conntrack_l3proto *old; 2258f03dea5SMartin Josefsson 2260661cca9SPatrick McHardy if (proto->l3proto >= AF_MAX) 2270661cca9SPatrick McHardy return -EBUSY; 2288f03dea5SMartin Josefsson 229d0dba725SHolger Eitzenberger if (proto->tuple_to_nlattr && !proto->nlattr_tuple_size) 230d0dba725SHolger Eitzenberger return -EINVAL; 231d0dba725SHolger Eitzenberger 232b19caa0cSPatrick McHardy mutex_lock(&nf_ct_proto_mutex); 2330e60ebe0SEric Dumazet old = rcu_dereference_protected(nf_ct_l3protos[proto->l3proto], 2340e60ebe0SEric Dumazet lockdep_is_held(&nf_ct_proto_mutex)); 2350e60ebe0SEric Dumazet if (old != &nf_conntrack_l3proto_generic) { 236ae5718fbSMartin Josefsson ret = -EBUSY; 237ae5718fbSMartin Josefsson goto out_unlock; 238ae5718fbSMartin Josefsson } 239d62f9ed4SPatrick McHardy 240d0dba725SHolger Eitzenberger if (proto->nlattr_tuple_size) 241d0dba725SHolger Eitzenberger proto->nla_size = 3 * proto->nlattr_tuple_size(); 242d0dba725SHolger Eitzenberger 2430661cca9SPatrick McHardy rcu_assign_pointer(nf_ct_l3protos[proto->l3proto], proto); 244ae5718fbSMartin Josefsson 245ae5718fbSMartin Josefsson out_unlock: 246b19caa0cSPatrick McHardy mutex_unlock(&nf_ct_proto_mutex); 2478f03dea5SMartin Josefsson return ret; 248524a53e5SGao feng 249524a53e5SGao feng } 250524a53e5SGao feng 251524a53e5SGao feng int nf_conntrack_l3proto_register(struct net *net, 252524a53e5SGao feng struct nf_conntrack_l3proto *proto) 253524a53e5SGao feng { 254524a53e5SGao feng int ret = 0; 255524a53e5SGao feng 256524a53e5SGao feng if (proto->init_net) { 257524a53e5SGao feng ret = proto->init_net(net); 258524a53e5SGao feng if (ret < 0) 259524a53e5SGao feng return ret; 260524a53e5SGao feng } 261fa0f61f0SGao feng 262fa0f61f0SGao feng ret = nf_ct_l3proto_register_sysctl(net, proto); 263fa0f61f0SGao feng if (ret < 0) 264fa0f61f0SGao feng return ret; 265fa0f61f0SGao feng 266fa0f61f0SGao feng if (net == &init_net) { 267fa0f61f0SGao feng ret = nf_conntrack_l3proto_register_net(proto); 268fa0f61f0SGao feng if (ret < 0) 269fa0f61f0SGao feng nf_ct_l3proto_unregister_sysctl(net, proto); 270fa0f61f0SGao feng } 271fa0f61f0SGao feng 272fa0f61f0SGao feng return ret; 2738f03dea5SMartin Josefsson } 27413b18339SPatrick McHardy EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_register); 2758f03dea5SMartin Josefsson 276524a53e5SGao feng static void 277524a53e5SGao feng nf_conntrack_l3proto_unregister_net(struct nf_conntrack_l3proto *proto) 2788f03dea5SMartin Josefsson { 279fe3eb20cSPatrick McHardy BUG_ON(proto->l3proto >= AF_MAX); 280ae5718fbSMartin Josefsson 281b19caa0cSPatrick McHardy mutex_lock(&nf_ct_proto_mutex); 2820e60ebe0SEric Dumazet BUG_ON(rcu_dereference_protected(nf_ct_l3protos[proto->l3proto], 2830e60ebe0SEric Dumazet lockdep_is_held(&nf_ct_proto_mutex) 2840e60ebe0SEric Dumazet ) != proto); 285923f4902SPatrick McHardy rcu_assign_pointer(nf_ct_l3protos[proto->l3proto], 286923f4902SPatrick McHardy &nf_conntrack_l3proto_generic); 2870661cca9SPatrick McHardy mutex_unlock(&nf_ct_proto_mutex); 2880661cca9SPatrick McHardy 2890661cca9SPatrick McHardy synchronize_rcu(); 290524a53e5SGao feng } 291524a53e5SGao feng 292524a53e5SGao feng void nf_conntrack_l3proto_unregister(struct net *net, 293524a53e5SGao feng struct nf_conntrack_l3proto *proto) 294524a53e5SGao feng { 295524a53e5SGao feng if (net == &init_net) 296524a53e5SGao feng nf_conntrack_l3proto_unregister_net(proto); 297524a53e5SGao feng 298524a53e5SGao feng nf_ct_l3proto_unregister_sysctl(net, proto); 299d62f9ed4SPatrick McHardy 3008f03dea5SMartin Josefsson /* Remove all contrack entries for this protocol */ 301efb9a8c2SAlexey Dobriyan rtnl_lock(); 302678d6675SAlexey Dobriyan nf_ct_iterate_cleanup(net, kill_l3proto, proto); 303efb9a8c2SAlexey Dobriyan rtnl_unlock(); 3048f03dea5SMartin Josefsson } 30513b18339SPatrick McHardy EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_unregister); 3068f03dea5SMartin Josefsson 3072c352f44SGao feng static struct nf_proto_net *nf_ct_l4proto_net(struct net *net, 3082c352f44SGao feng struct nf_conntrack_l4proto *l4proto) 3092c352f44SGao feng { 31015f585bdSGao feng switch (l4proto->l4proto) { 311d2ba1fdeSGao feng case IPPROTO_TCP: 312d2ba1fdeSGao feng return (struct nf_proto_net *)&net->ct.nf_ct_proto.tcp; 3130ce490adSGao feng case IPPROTO_UDP: 3140ce490adSGao feng return (struct nf_proto_net *)&net->ct.nf_ct_proto.udp; 3154b626b9cSGao feng case IPPROTO_ICMP: 3164b626b9cSGao feng return (struct nf_proto_net *)&net->ct.nf_ct_proto.icmp; 3177080ba09SGao feng case IPPROTO_ICMPV6: 3187080ba09SGao feng return (struct nf_proto_net *)&net->ct.nf_ct_proto.icmpv6; 31915f585bdSGao feng case 255: /* l4proto_generic */ 32015f585bdSGao feng return (struct nf_proto_net *)&net->ct.nf_ct_proto.generic; 32115f585bdSGao feng default: 3222c352f44SGao feng if (l4proto->net_id) 3232c352f44SGao feng return net_generic(net, *l4proto->net_id); 3242c352f44SGao feng else 3252c352f44SGao feng return NULL; 3262c352f44SGao feng } 32715f585bdSGao feng return NULL; 32815f585bdSGao feng } 3292c352f44SGao feng 3302c352f44SGao feng static 3312c352f44SGao feng int nf_ct_l4proto_register_sysctl(struct net *net, 3322c352f44SGao feng struct nf_conntrack_l4proto *l4proto) 333d62f9ed4SPatrick McHardy { 334d62f9ed4SPatrick McHardy int err = 0; 3352c352f44SGao feng struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto); 3362c352f44SGao feng if (pn == NULL) 3372c352f44SGao feng return 0; 338d62f9ed4SPatrick McHardy 339d62f9ed4SPatrick McHardy #ifdef CONFIG_SYSCTL 3402c352f44SGao feng if (pn->ctl_table != NULL) { 3412c352f44SGao feng err = nf_ct_register_sysctl(net, 3422c352f44SGao feng &pn->ctl_table_header, 343f99e8f71SEric W. Biederman "net/netfilter", 3442c352f44SGao feng pn->ctl_table, 3452c352f44SGao feng &pn->users); 3462c352f44SGao feng if (err < 0) { 3472c352f44SGao feng if (!pn->users) { 3482c352f44SGao feng kfree(pn->ctl_table); 3492c352f44SGao feng pn->ctl_table = NULL; 3502c352f44SGao feng } 351a999e683SPatrick McHardy goto out; 352d62f9ed4SPatrick McHardy } 3532c352f44SGao feng } 354a999e683SPatrick McHardy #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT 3552c352f44SGao feng if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_table != NULL) { 3562c352f44SGao feng err = nf_ct_register_sysctl(net, 3572c352f44SGao feng &pn->ctl_compat_header, 358f99e8f71SEric W. Biederman "net/ipv4/netfilter", 3592c352f44SGao feng pn->ctl_compat_table, 3602c352f44SGao feng NULL); 361a999e683SPatrick McHardy if (err == 0) 362a999e683SPatrick McHardy goto out; 3632c352f44SGao feng 3642c352f44SGao feng kfree(pn->ctl_compat_table); 3652c352f44SGao feng pn->ctl_compat_table = NULL; 3662c352f44SGao feng nf_ct_unregister_sysctl(&pn->ctl_table_header, 3672c352f44SGao feng &pn->ctl_table, 3682c352f44SGao feng &pn->users); 369a999e683SPatrick McHardy } 370a999e683SPatrick McHardy #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ 371a999e683SPatrick McHardy out: 372933a41e7SPatrick McHardy #endif /* CONFIG_SYSCTL */ 373d62f9ed4SPatrick McHardy return err; 374d62f9ed4SPatrick McHardy } 375d62f9ed4SPatrick McHardy 3762c352f44SGao feng static 3772c352f44SGao feng void nf_ct_l4proto_unregister_sysctl(struct net *net, 3782c352f44SGao feng struct nf_conntrack_l4proto *l4proto) 379d62f9ed4SPatrick McHardy { 3802c352f44SGao feng struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto); 3812c352f44SGao feng if (pn == NULL) 3822c352f44SGao feng return; 383d62f9ed4SPatrick McHardy #ifdef CONFIG_SYSCTL 3842c352f44SGao feng if (pn->ctl_table_header != NULL) 3852c352f44SGao feng nf_ct_unregister_sysctl(&pn->ctl_table_header, 3862c352f44SGao feng &pn->ctl_table, 3872c352f44SGao feng &pn->users); 3882c352f44SGao feng 389a999e683SPatrick McHardy #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT 3902c352f44SGao feng if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_header != NULL) 3912c352f44SGao feng nf_ct_unregister_sysctl(&pn->ctl_compat_header, 3922c352f44SGao feng &pn->ctl_compat_table, 3932c352f44SGao feng NULL); 394a999e683SPatrick McHardy #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */ 3952c352f44SGao feng #else 3962c352f44SGao feng pn->users--; 397933a41e7SPatrick McHardy #endif /* CONFIG_SYSCTL */ 398d62f9ed4SPatrick McHardy } 399d62f9ed4SPatrick McHardy 4008f03dea5SMartin Josefsson /* FIXME: Allow NULL functions and sub in pointers to generic for 4018f03dea5SMartin Josefsson them. --RR */ 4022c352f44SGao feng static int 4032c352f44SGao feng nf_conntrack_l4proto_register_net(struct nf_conntrack_l4proto *l4proto) 4048f03dea5SMartin Josefsson { 4058f03dea5SMartin Josefsson int ret = 0; 4068f03dea5SMartin Josefsson 4070661cca9SPatrick McHardy if (l4proto->l3proto >= PF_MAX) 4080661cca9SPatrick McHardy return -EBUSY; 409ae5718fbSMartin Josefsson 410d0dba725SHolger Eitzenberger if ((l4proto->to_nlattr && !l4proto->nlattr_size) 411d0dba725SHolger Eitzenberger || (l4proto->tuple_to_nlattr && !l4proto->nlattr_tuple_size)) 412d0dba725SHolger Eitzenberger return -EINVAL; 413d0dba725SHolger Eitzenberger 414b19caa0cSPatrick McHardy mutex_lock(&nf_ct_proto_mutex); 415c6a1e615SPatrick McHardy if (!nf_ct_protos[l4proto->l3proto]) { 4168f03dea5SMartin Josefsson /* l3proto may be loaded latter. */ 417c5d277d2SEric Dumazet struct nf_conntrack_l4proto __rcu **proto_array; 4188f03dea5SMartin Josefsson int i; 4198f03dea5SMartin Josefsson 420c6a1e615SPatrick McHardy proto_array = kmalloc(MAX_NF_CT_PROTO * 421605dcad6SMartin Josefsson sizeof(struct nf_conntrack_l4proto *), 4228f03dea5SMartin Josefsson GFP_KERNEL); 4238f03dea5SMartin Josefsson if (proto_array == NULL) { 4248f03dea5SMartin Josefsson ret = -ENOMEM; 425b19caa0cSPatrick McHardy goto out_unlock; 4268f03dea5SMartin Josefsson } 427c6a1e615SPatrick McHardy 4288f03dea5SMartin Josefsson for (i = 0; i < MAX_NF_CT_PROTO; i++) 429c5d277d2SEric Dumazet RCU_INIT_POINTER(proto_array[i], &nf_conntrack_l4proto_generic); 430d817d29dSEric Dumazet 431d817d29dSEric Dumazet /* Before making proto_array visible to lockless readers, 432d817d29dSEric Dumazet * we must make sure its content is committed to memory. 433d817d29dSEric Dumazet */ 434d817d29dSEric Dumazet smp_wmb(); 435d817d29dSEric Dumazet 436605dcad6SMartin Josefsson nf_ct_protos[l4proto->l3proto] = proto_array; 4370e60ebe0SEric Dumazet } else if (rcu_dereference_protected( 4380e60ebe0SEric Dumazet nf_ct_protos[l4proto->l3proto][l4proto->l4proto], 4390e60ebe0SEric Dumazet lockdep_is_held(&nf_ct_proto_mutex) 4400e60ebe0SEric Dumazet ) != &nf_conntrack_l4proto_generic) { 441c6a1e615SPatrick McHardy ret = -EBUSY; 442c6a1e615SPatrick McHardy goto out_unlock; 4438f03dea5SMartin Josefsson } 4448f03dea5SMartin Josefsson 445d0dba725SHolger Eitzenberger l4proto->nla_size = 0; 446d0dba725SHolger Eitzenberger if (l4proto->nlattr_size) 447d0dba725SHolger Eitzenberger l4proto->nla_size += l4proto->nlattr_size(); 448d0dba725SHolger Eitzenberger if (l4proto->nlattr_tuple_size) 449d0dba725SHolger Eitzenberger l4proto->nla_size += 3 * l4proto->nlattr_tuple_size(); 450d0dba725SHolger Eitzenberger 451c6a1e615SPatrick McHardy rcu_assign_pointer(nf_ct_protos[l4proto->l3proto][l4proto->l4proto], 452c6a1e615SPatrick McHardy l4proto); 4538f03dea5SMartin Josefsson out_unlock: 454b19caa0cSPatrick McHardy mutex_unlock(&nf_ct_proto_mutex); 4558f03dea5SMartin Josefsson return ret; 4568f03dea5SMartin Josefsson } 4572c352f44SGao feng 4582c352f44SGao feng int nf_conntrack_l4proto_register(struct net *net, 4592c352f44SGao feng struct nf_conntrack_l4proto *l4proto) 4602c352f44SGao feng { 4612c352f44SGao feng int ret = 0; 4622c352f44SGao feng 463fa0f61f0SGao feng if (l4proto->init_net) { 4642c352f44SGao feng ret = l4proto->init_net(net); 465fa0f61f0SGao feng if (ret < 0) 466fa0f61f0SGao feng return ret; 467fa0f61f0SGao feng } 4682c352f44SGao feng 469fa0f61f0SGao feng ret = nf_ct_l4proto_register_sysctl(net, l4proto); 4702c352f44SGao feng if (ret < 0) 4712c352f44SGao feng return ret; 4722c352f44SGao feng 473fa0f61f0SGao feng if (net == &init_net) { 474fa0f61f0SGao feng ret = nf_conntrack_l4proto_register_net(l4proto); 475fa0f61f0SGao feng if (ret < 0) 476fa0f61f0SGao feng nf_ct_l4proto_unregister_sysctl(net, l4proto); 477fa0f61f0SGao feng } 478fa0f61f0SGao feng 479fa0f61f0SGao feng return ret; 4802c352f44SGao feng } 48113b18339SPatrick McHardy EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_register); 4828f03dea5SMartin Josefsson 4832c352f44SGao feng static void 4842c352f44SGao feng nf_conntrack_l4proto_unregister_net(struct nf_conntrack_l4proto *l4proto) 4858f03dea5SMartin Josefsson { 486fe3eb20cSPatrick McHardy BUG_ON(l4proto->l3proto >= PF_MAX); 487ae5718fbSMartin Josefsson 488b19caa0cSPatrick McHardy mutex_lock(&nf_ct_proto_mutex); 4890e60ebe0SEric Dumazet BUG_ON(rcu_dereference_protected( 4900e60ebe0SEric Dumazet nf_ct_protos[l4proto->l3proto][l4proto->l4proto], 4910e60ebe0SEric Dumazet lockdep_is_held(&nf_ct_proto_mutex) 4920e60ebe0SEric Dumazet ) != l4proto); 493923f4902SPatrick McHardy rcu_assign_pointer(nf_ct_protos[l4proto->l3proto][l4proto->l4proto], 494923f4902SPatrick McHardy &nf_conntrack_l4proto_generic); 4950661cca9SPatrick McHardy mutex_unlock(&nf_ct_proto_mutex); 4960661cca9SPatrick McHardy 4970661cca9SPatrick McHardy synchronize_rcu(); 4982c352f44SGao feng } 499d62f9ed4SPatrick McHardy 5002c352f44SGao feng void nf_conntrack_l4proto_unregister(struct net *net, 5012c352f44SGao feng struct nf_conntrack_l4proto *l4proto) 5022c352f44SGao feng { 5032c352f44SGao feng if (net == &init_net) 5042c352f44SGao feng nf_conntrack_l4proto_unregister_net(l4proto); 5052c352f44SGao feng 5062c352f44SGao feng nf_ct_l4proto_unregister_sysctl(net, l4proto); 5078f03dea5SMartin Josefsson /* Remove all contrack entries for this protocol */ 508efb9a8c2SAlexey Dobriyan rtnl_lock(); 509678d6675SAlexey Dobriyan nf_ct_iterate_cleanup(net, kill_l4proto, l4proto); 510efb9a8c2SAlexey Dobriyan rtnl_unlock(); 5118f03dea5SMartin Josefsson } 51213b18339SPatrick McHardy EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_unregister); 513ac5357ebSPatrick McHardy 51415f585bdSGao feng int nf_conntrack_proto_init(struct net *net) 515ac5357ebSPatrick McHardy { 516ac5357ebSPatrick McHardy unsigned int i; 517ac5357ebSPatrick McHardy int err; 51815f585bdSGao feng err = nf_conntrack_l4proto_generic.init_net(net); 51915f585bdSGao feng if (err < 0) 52015f585bdSGao feng return err; 52115f585bdSGao feng err = nf_ct_l4proto_register_sysctl(net, 52215f585bdSGao feng &nf_conntrack_l4proto_generic); 523ac5357ebSPatrick McHardy if (err < 0) 524ac5357ebSPatrick McHardy return err; 525ac5357ebSPatrick McHardy 52615f585bdSGao feng if (net == &init_net) { 527ac5357ebSPatrick McHardy for (i = 0; i < AF_MAX; i++) 528ac5357ebSPatrick McHardy rcu_assign_pointer(nf_ct_l3protos[i], 529ac5357ebSPatrick McHardy &nf_conntrack_l3proto_generic); 53015f585bdSGao feng } 531ac5357ebSPatrick McHardy return 0; 532ac5357ebSPatrick McHardy } 533ac5357ebSPatrick McHardy 53415f585bdSGao feng void nf_conntrack_proto_fini(struct net *net) 535ac5357ebSPatrick McHardy { 536ac5357ebSPatrick McHardy unsigned int i; 53715f585bdSGao feng nf_ct_l4proto_unregister_sysctl(net, 53815f585bdSGao feng &nf_conntrack_l4proto_generic); 53915f585bdSGao feng if (net == &init_net) { 540ac5357ebSPatrick McHardy /* free l3proto protocol tables */ 541ac5357ebSPatrick McHardy for (i = 0; i < PF_MAX; i++) 542ac5357ebSPatrick McHardy kfree(nf_ct_protos[i]); 543ac5357ebSPatrick McHardy } 54415f585bdSGao feng } 545