~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/netfilter/nf_conntrack_timeout.c

Version: ~ [ linux-5.16-rc3 ] ~ [ linux-5.15.5 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.82 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.162 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.218 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.256 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.291 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.293 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: GPL-2.0-or-later
  2 /*
  3  * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
  4  * (C) 2012 by Vyatta Inc. <http://www.vyatta.com>
  5  */
  6 
  7 #include <linux/types.h>
  8 #include <linux/netfilter.h>
  9 #include <linux/skbuff.h>
 10 #include <linux/vmalloc.h>
 11 #include <linux/stddef.h>
 12 #include <linux/err.h>
 13 #include <linux/percpu.h>
 14 #include <linux/kernel.h>
 15 #include <linux/netdevice.h>
 16 #include <linux/slab.h>
 17 #include <linux/export.h>
 18 
 19 #include <net/netfilter/nf_conntrack.h>
 20 #include <net/netfilter/nf_conntrack_core.h>
 21 #include <net/netfilter/nf_conntrack_extend.h>
 22 #include <net/netfilter/nf_conntrack_l4proto.h>
 23 #include <net/netfilter/nf_conntrack_timeout.h>
 24 
 25 struct nf_ct_timeout *
 26 (*nf_ct_timeout_find_get_hook)(struct net *net, const char *name) __read_mostly;
 27 EXPORT_SYMBOL_GPL(nf_ct_timeout_find_get_hook);
 28 
 29 void (*nf_ct_timeout_put_hook)(struct nf_ct_timeout *timeout) __read_mostly;
 30 EXPORT_SYMBOL_GPL(nf_ct_timeout_put_hook);
 31 
 32 static int untimeout(struct nf_conn *ct, void *timeout)
 33 {
 34         struct nf_conn_timeout *timeout_ext = nf_ct_timeout_find(ct);
 35 
 36         if (timeout_ext && (!timeout || timeout_ext->timeout == timeout))
 37                 RCU_INIT_POINTER(timeout_ext->timeout, NULL);
 38 
 39         /* We are not intended to delete this conntrack. */
 40         return 0;
 41 }
 42 
 43 void nf_ct_untimeout(struct net *net, struct nf_ct_timeout *timeout)
 44 {
 45         nf_ct_iterate_cleanup_net(net, untimeout, timeout, 0, 0);
 46 }
 47 EXPORT_SYMBOL_GPL(nf_ct_untimeout);
 48 
 49 static void __nf_ct_timeout_put(struct nf_ct_timeout *timeout)
 50 {
 51         typeof(nf_ct_timeout_put_hook) timeout_put;
 52 
 53         timeout_put = rcu_dereference(nf_ct_timeout_put_hook);
 54         if (timeout_put)
 55                 timeout_put(timeout);
 56 }
 57 
 58 int nf_ct_set_timeout(struct net *net, struct nf_conn *ct,
 59                       u8 l3num, u8 l4num, const char *timeout_name)
 60 {
 61         typeof(nf_ct_timeout_find_get_hook) timeout_find_get;
 62         struct nf_ct_timeout *timeout;
 63         struct nf_conn_timeout *timeout_ext;
 64         const char *errmsg = NULL;
 65         int ret = 0;
 66 
 67         rcu_read_lock();
 68         timeout_find_get = rcu_dereference(nf_ct_timeout_find_get_hook);
 69         if (!timeout_find_get) {
 70                 ret = -ENOENT;
 71                 errmsg = "Timeout policy base is empty";
 72                 goto out;
 73         }
 74 
 75         timeout = timeout_find_get(net, timeout_name);
 76         if (!timeout) {
 77                 ret = -ENOENT;
 78                 pr_info_ratelimited("No such timeout policy \"%s\"\n",
 79                                     timeout_name);
 80                 goto out;
 81         }
 82 
 83         if (timeout->l3num != l3num) {
 84                 ret = -EINVAL;
 85                 pr_info_ratelimited("Timeout policy `%s' can only be used by "
 86                                     "L%d protocol number %d\n",
 87                                     timeout_name, 3, timeout->l3num);
 88                 goto err_put_timeout;
 89         }
 90         /* Make sure the timeout policy matches any existing protocol tracker,
 91          * otherwise default to generic.
 92          */
 93         if (timeout->l4proto->l4proto != l4num) {
 94                 ret = -EINVAL;
 95                 pr_info_ratelimited("Timeout policy `%s' can only be used by "
 96                                     "L%d protocol number %d\n",
 97                                     timeout_name, 4, timeout->l4proto->l4proto);
 98                 goto err_put_timeout;
 99         }
100         timeout_ext = nf_ct_timeout_ext_add(ct, timeout, GFP_ATOMIC);
101         if (!timeout_ext) {
102                 ret = -ENOMEM;
103                 goto err_put_timeout;
104         }
105 
106         rcu_read_unlock();
107         return ret;
108 
109 err_put_timeout:
110         __nf_ct_timeout_put(timeout);
111 out:
112         rcu_read_unlock();
113         if (errmsg)
114                 pr_info_ratelimited("%s\n", errmsg);
115         return ret;
116 }
117 EXPORT_SYMBOL_GPL(nf_ct_set_timeout);
118 
119 void nf_ct_destroy_timeout(struct nf_conn *ct)
120 {
121         struct nf_conn_timeout *timeout_ext;
122         typeof(nf_ct_timeout_put_hook) timeout_put;
123 
124         rcu_read_lock();
125         timeout_put = rcu_dereference(nf_ct_timeout_put_hook);
126 
127         if (timeout_put) {
128                 timeout_ext = nf_ct_timeout_find(ct);
129                 if (timeout_ext) {
130                         timeout_put(timeout_ext->timeout);
131                         RCU_INIT_POINTER(timeout_ext->timeout, NULL);
132                 }
133         }
134         rcu_read_unlock();
135 }
136 EXPORT_SYMBOL_GPL(nf_ct_destroy_timeout);
137 
138 static const struct nf_ct_ext_type timeout_extend = {
139         .len    = sizeof(struct nf_conn_timeout),
140         .align  = __alignof__(struct nf_conn_timeout),
141         .id     = NF_CT_EXT_TIMEOUT,
142 };
143 
144 int nf_conntrack_timeout_init(void)
145 {
146         int ret = nf_ct_extend_register(&timeout_extend);
147         if (ret < 0)
148                 pr_err("nf_ct_timeout: Unable to register timeout extension.\n");
149         return ret;
150 }
151 
152 void nf_conntrack_timeout_fini(void)
153 {
154         nf_ct_extend_unregister(&timeout_extend);
155 }
156 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp