1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org> 4 * (C) 2012 by Vyatta Inc. <http://www.vyatta.com> 5 */ 6 7 #include <linux/types.h> 8 #include <linux/netfilter.h> 9 #include <linux/skbuff.h> 10 #include <linux/vmalloc.h> 11 #include <linux/stddef.h> 12 #include <linux/err.h> 13 #include <linux/percpu.h> 14 #include <linux/kernel.h> 15 #include <linux/netdevice.h> 16 #include <linux/slab.h> 17 #include <linux/export.h> 18 19 #include <net/netfilter/nf_conntrack.h> 20 #include <net/netfilter/nf_conntrack_core.h> 21 #include <net/netfilter/nf_conntrack_extend.h> 22 #include <net/netfilter/nf_conntrack_l4proto.h> 23 #include <net/netfilter/nf_conntrack_timeout.h> 24 25 const struct nf_ct_timeout_hooks *nf_ct_timeout_hook __read_mostly; 26 EXPORT_SYMBOL_GPL(nf_ct_timeout_hook); 27 28 static int untimeout(struct nf_conn *ct, void *timeout) 29 { 30 struct nf_conn_timeout *timeout_ext = nf_ct_timeout_find(ct); 31 32 if (timeout_ext && (!timeout || timeout_ext->timeout == timeout)) 33 RCU_INIT_POINTER(timeout_ext->timeout, NULL); 34 35 /* We are not intended to delete this conntrack. */ 36 return 0; 37 } 38 39 void nf_ct_untimeout(struct net *net, struct nf_ct_timeout *timeout) 40 { 41 nf_ct_iterate_cleanup_net(net, untimeout, timeout, 0, 0); 42 } 43 EXPORT_SYMBOL_GPL(nf_ct_untimeout); 44 45 static void __nf_ct_timeout_put(struct nf_ct_timeout *timeout) 46 { 47 const struct nf_ct_timeout_hooks *h = rcu_dereference(nf_ct_timeout_hook); 48 49 if (h) 50 h->timeout_put(timeout); 51 } 52 53 int nf_ct_set_timeout(struct net *net, struct nf_conn *ct, 54 u8 l3num, u8 l4num, const char *timeout_name) 55 { 56 const struct nf_ct_timeout_hooks *h; 57 struct nf_ct_timeout *timeout; 58 struct nf_conn_timeout *timeout_ext; 59 const char *errmsg = NULL; 60 int ret = 0; 61 62 rcu_read_lock(); 63 h = rcu_dereference(nf_ct_timeout_hook); 64 if (!h) { 65 ret = -ENOENT; 66 errmsg = "Timeout policy base is empty"; 67 goto out; 68 } 69 70 timeout = h->timeout_find_get(net, timeout_name); 71 if (!timeout) { 72 ret = -ENOENT; 73 pr_info_ratelimited("No such timeout policy \"%s\"\n", 74 timeout_name); 75 goto out; 76 } 77 78 if (timeout->l3num != l3num) { 79 ret = -EINVAL; 80 pr_info_ratelimited("Timeout policy `%s' can only be used by " 81 "L%d protocol number %d\n", 82 timeout_name, 3, timeout->l3num); 83 goto err_put_timeout; 84 } 85 /* Make sure the timeout policy matches any existing protocol tracker, 86 * otherwise default to generic. 87 */ 88 if (timeout->l4proto->l4proto != l4num) { 89 ret = -EINVAL; 90 pr_info_ratelimited("Timeout policy `%s' can only be used by " 91 "L%d protocol number %d\n", 92 timeout_name, 4, timeout->l4proto->l4proto); 93 goto err_put_timeout; 94 } 95 timeout_ext = nf_ct_timeout_ext_add(ct, timeout, GFP_ATOMIC); 96 if (!timeout_ext) { 97 ret = -ENOMEM; 98 goto err_put_timeout; 99 } 100 101 rcu_read_unlock(); 102 return ret; 103 104 err_put_timeout: 105 __nf_ct_timeout_put(timeout); 106 out: 107 rcu_read_unlock(); 108 if (errmsg) 109 pr_info_ratelimited("%s\n", errmsg); 110 return ret; 111 } 112 EXPORT_SYMBOL_GPL(nf_ct_set_timeout); 113 114 void nf_ct_destroy_timeout(struct nf_conn *ct) 115 { 116 struct nf_conn_timeout *timeout_ext; 117 const struct nf_ct_timeout_hooks *h; 118 119 rcu_read_lock(); 120 h = rcu_dereference(nf_ct_timeout_hook); 121 122 if (h) { 123 timeout_ext = nf_ct_timeout_find(ct); 124 if (timeout_ext) { 125 h->timeout_put(timeout_ext->timeout); 126 RCU_INIT_POINTER(timeout_ext->timeout, NULL); 127 } 128 } 129 rcu_read_unlock(); 130 } 131 EXPORT_SYMBOL_GPL(nf_ct_destroy_timeout); 132