projects
/
linux-2.6-microblaze.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'stable/for-linus-5.13' of git://git.kernel.org/pub/scm/linux/kernel...
[linux-2.6-microblaze.git]
/
net
/
netfilter
/
nf_conntrack_standalone.c
diff --git
a/net/netfilter/nf_conntrack_standalone.c
b/net/netfilter/nf_conntrack_standalone.c
index
c6c0cb4
..
aaa5524
100644
(file)
--- a/
net/netfilter/nf_conntrack_standalone.c
+++ b/
net/netfilter/nf_conntrack_standalone.c
@@
-425,14
+425,16
@@
static void ct_cpu_seq_stop(struct seq_file *seq, void *v)
static int ct_cpu_seq_show(struct seq_file *seq, void *v)
{
struct net *net = seq_file_net(seq);
static int ct_cpu_seq_show(struct seq_file *seq, void *v)
{
struct net *net = seq_file_net(seq);
- unsigned int nr_conntracks = atomic_read(&net->ct.count);
const struct ip_conntrack_stat *st = v;
const struct ip_conntrack_stat *st = v;
+ unsigned int nr_conntracks;
if (v == SEQ_START_TOKEN) {
seq_puts(seq, "entries clashres found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete search_restart\n");
return 0;
}
if (v == SEQ_START_TOKEN) {
seq_puts(seq, "entries clashres found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete search_restart\n");
return 0;
}
+ nr_conntracks = nf_conntrack_count(net);
+
seq_printf(seq, "%08x %08x %08x %08x %08x %08x %08x %08x "
"%08x %08x %08x %08x %08x %08x %08x %08x %08x\n",
nr_conntracks,
seq_printf(seq, "%08x %08x %08x %08x %08x %08x %08x %08x "
"%08x %08x %08x %08x %08x %08x %08x %08x %08x\n",
nr_conntracks,
@@
-508,13
+510,19
@@
static void nf_conntrack_standalone_fini_proc(struct net *net)
}
#endif /* CONFIG_NF_CONNTRACK_PROCFS */
}
#endif /* CONFIG_NF_CONNTRACK_PROCFS */
+u32 nf_conntrack_count(const struct net *net)
+{
+ const struct nf_conntrack_net *cnet;
+
+ cnet = net_generic(net, nf_conntrack_net_id);
+
+ return atomic_read(&cnet->count);
+}
+EXPORT_SYMBOL_GPL(nf_conntrack_count);
+
/* Sysctl support */
#ifdef CONFIG_SYSCTL
/* Sysctl support */
#ifdef CONFIG_SYSCTL
-/* Log invalid packets of a given protocol */
-static int log_invalid_proto_min __read_mostly;
-static int log_invalid_proto_max __read_mostly = 255;
-
/* size the user *wants to set */
static unsigned int nf_conntrack_htable_size_user __read_mostly;
/* size the user *wants to set */
static unsigned int nf_conntrack_htable_size_user __read_mostly;
@@
-615,7
+623,6
@@
static struct ctl_table nf_ct_sysctl_table[] = {
},
[NF_SYSCTL_CT_COUNT] = {
.procname = "nf_conntrack_count",
},
[NF_SYSCTL_CT_COUNT] = {
.procname = "nf_conntrack_count",
- .data = &init_net.ct.count,
.maxlen = sizeof(int),
.mode = 0444,
.proc_handler = proc_dointvec,
.maxlen = sizeof(int),
.mode = 0444,
.proc_handler = proc_dointvec,
@@
-630,20
+637,18
@@
static struct ctl_table nf_ct_sysctl_table[] = {
[NF_SYSCTL_CT_CHECKSUM] = {
.procname = "nf_conntrack_checksum",
.data = &init_net.ct.sysctl_checksum,
[NF_SYSCTL_CT_CHECKSUM] = {
.procname = "nf_conntrack_checksum",
.data = &init_net.ct.sysctl_checksum,
- .maxlen = sizeof(
int
),
+ .maxlen = sizeof(
u8
),
.mode = 0644,
.mode = 0644,
- .proc_handler = proc_do
int
vec_minmax,
+ .proc_handler = proc_do
u8
vec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
[NF_SYSCTL_CT_LOG_INVALID] = {
.procname = "nf_conntrack_log_invalid",
.data = &init_net.ct.sysctl_log_invalid,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
[NF_SYSCTL_CT_LOG_INVALID] = {
.procname = "nf_conntrack_log_invalid",
.data = &init_net.ct.sysctl_log_invalid,
- .maxlen = sizeof(u
nsigned int
),
+ .maxlen = sizeof(u
8
),
.mode = 0644,
.mode = 0644,
- .proc_handler = proc_dointvec_minmax,
- .extra1 = &log_invalid_proto_min,
- .extra2 = &log_invalid_proto_max,
+ .proc_handler = proc_dou8vec_minmax,
},
[NF_SYSCTL_CT_EXPECT_MAX] = {
.procname = "nf_conntrack_expect_max",
},
[NF_SYSCTL_CT_EXPECT_MAX] = {
.procname = "nf_conntrack_expect_max",
@@
-655,18
+660,17
@@
static struct ctl_table nf_ct_sysctl_table[] = {
[NF_SYSCTL_CT_ACCT] = {
.procname = "nf_conntrack_acct",
.data = &init_net.ct.sysctl_acct,
[NF_SYSCTL_CT_ACCT] = {
.procname = "nf_conntrack_acct",
.data = &init_net.ct.sysctl_acct,
- .maxlen = sizeof(
int
),
+ .maxlen = sizeof(
u8
),
.mode = 0644,
.mode = 0644,
- .proc_handler = proc_do
int
vec_minmax,
+ .proc_handler = proc_do
u8
vec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
[NF_SYSCTL_CT_HELPER] = {
.procname = "nf_conntrack_helper",
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
[NF_SYSCTL_CT_HELPER] = {
.procname = "nf_conntrack_helper",
- .data = &init_net.ct.sysctl_auto_assign_helper,
- .maxlen = sizeof(int),
+ .maxlen = sizeof(u8),
.mode = 0644,
.mode = 0644,
- .proc_handler = proc_do
int
vec_minmax,
+ .proc_handler = proc_do
u8
vec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
@@
-674,9
+678,9
@@
static struct ctl_table nf_ct_sysctl_table[] = {
[NF_SYSCTL_CT_EVENTS] = {
.procname = "nf_conntrack_events",
.data = &init_net.ct.sysctl_events,
[NF_SYSCTL_CT_EVENTS] = {
.procname = "nf_conntrack_events",
.data = &init_net.ct.sysctl_events,
- .maxlen = sizeof(
int
),
+ .maxlen = sizeof(
u8
),
.mode = 0644,
.mode = 0644,
- .proc_handler = proc_do
int
vec_minmax,
+ .proc_handler = proc_do
u8
vec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
@@
-685,9
+689,9
@@
static struct ctl_table nf_ct_sysctl_table[] = {
[NF_SYSCTL_CT_TIMESTAMP] = {
.procname = "nf_conntrack_timestamp",
.data = &init_net.ct.sysctl_tstamp,
[NF_SYSCTL_CT_TIMESTAMP] = {
.procname = "nf_conntrack_timestamp",
.data = &init_net.ct.sysctl_tstamp,
- .maxlen = sizeof(
int
),
+ .maxlen = sizeof(
u8
),
.mode = 0644,
.mode = 0644,
- .proc_handler = proc_do
int
vec_minmax,
+ .proc_handler = proc_do
u8
vec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
@@
-760,25
+764,25
@@
static struct ctl_table nf_ct_sysctl_table[] = {
},
[NF_SYSCTL_CT_PROTO_TCP_LOOSE] = {
.procname = "nf_conntrack_tcp_loose",
},
[NF_SYSCTL_CT_PROTO_TCP_LOOSE] = {
.procname = "nf_conntrack_tcp_loose",
- .maxlen = sizeof(
int
),
+ .maxlen = sizeof(
u8
),
.mode = 0644,
.mode = 0644,
- .proc_handler = proc_do
int
vec_minmax,
+ .proc_handler = proc_do
u8
vec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
[NF_SYSCTL_CT_PROTO_TCP_LIBERAL] = {
.procname = "nf_conntrack_tcp_be_liberal",
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
[NF_SYSCTL_CT_PROTO_TCP_LIBERAL] = {
.procname = "nf_conntrack_tcp_be_liberal",
- .maxlen = sizeof(
int
),
+ .maxlen = sizeof(
u8
),
.mode = 0644,
.mode = 0644,
- .proc_handler = proc_do
int
vec_minmax,
+ .proc_handler = proc_do
u8
vec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
[NF_SYSCTL_CT_PROTO_TCP_MAX_RETRANS] = {
.procname = "nf_conntrack_tcp_max_retrans",
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
[NF_SYSCTL_CT_PROTO_TCP_MAX_RETRANS] = {
.procname = "nf_conntrack_tcp_max_retrans",
- .maxlen = sizeof(u
nsigned int
),
+ .maxlen = sizeof(u
8
),
.mode = 0644,
.mode = 0644,
- .proc_handler = proc_do
intvec
,
+ .proc_handler = proc_do
u8vec_minmax
,
},
[NF_SYSCTL_CT_PROTO_TIMEOUT_UDP] = {
.procname = "nf_conntrack_udp_timeout",
},
[NF_SYSCTL_CT_PROTO_TIMEOUT_UDP] = {
.procname = "nf_conntrack_udp_timeout",
@@
-905,9
+909,9
@@
static struct ctl_table nf_ct_sysctl_table[] = {
},
[NF_SYSCTL_CT_PROTO_DCCP_LOOSE] = {
.procname = "nf_conntrack_dccp_loose",
},
[NF_SYSCTL_CT_PROTO_DCCP_LOOSE] = {
.procname = "nf_conntrack_dccp_loose",
- .maxlen = sizeof(
int
),
+ .maxlen = sizeof(
u8
),
.mode = 0644,
.mode = 0644,
- .proc_handler = proc_do
int
vec_minmax,
+ .proc_handler = proc_do
u8
vec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE,
},
@@
-1028,6
+1032,7
@@
static void nf_conntrack_standalone_init_gre_sysctl(struct net *net,
static int nf_conntrack_standalone_init_sysctl(struct net *net)
{
static int nf_conntrack_standalone_init_sysctl(struct net *net)
{
+ struct nf_conntrack_net *cnet = net_generic(net, nf_conntrack_net_id);
struct nf_udp_net *un = nf_udp_pernet(net);
struct ctl_table *table;
struct nf_udp_net *un = nf_udp_pernet(net);
struct ctl_table *table;
@@
-1038,11
+1043,11
@@
static int nf_conntrack_standalone_init_sysctl(struct net *net)
if (!table)
return -ENOMEM;
if (!table)
return -ENOMEM;
- table[NF_SYSCTL_CT_COUNT].data = &
net->ct.
count;
+ table[NF_SYSCTL_CT_COUNT].data = &
cnet->
count;
table[NF_SYSCTL_CT_CHECKSUM].data = &net->ct.sysctl_checksum;
table[NF_SYSCTL_CT_LOG_INVALID].data = &net->ct.sysctl_log_invalid;
table[NF_SYSCTL_CT_ACCT].data = &net->ct.sysctl_acct;
table[NF_SYSCTL_CT_CHECKSUM].data = &net->ct.sysctl_checksum;
table[NF_SYSCTL_CT_LOG_INVALID].data = &net->ct.sysctl_log_invalid;
table[NF_SYSCTL_CT_ACCT].data = &net->ct.sysctl_acct;
- table[NF_SYSCTL_CT_HELPER].data = &
net->ct.
sysctl_auto_assign_helper;
+ table[NF_SYSCTL_CT_HELPER].data = &
cnet->
sysctl_auto_assign_helper;
#ifdef CONFIG_NF_CONNTRACK_EVENTS
table[NF_SYSCTL_CT_EVENTS].data = &net->ct.sysctl_events;
#endif
#ifdef CONFIG_NF_CONNTRACK_EVENTS
table[NF_SYSCTL_CT_EVENTS].data = &net->ct.sysctl_events;
#endif
@@
-1060,21
+1065,15
@@
static int nf_conntrack_standalone_init_sysctl(struct net *net)
nf_conntrack_standalone_init_dccp_sysctl(net, table);
nf_conntrack_standalone_init_gre_sysctl(net, table);
nf_conntrack_standalone_init_dccp_sysctl(net, table);
nf_conntrack_standalone_init_gre_sysctl(net, table);
- /* Don't allow
unprivileged users to alter certain
sysctls */
- if (
net->user_ns != &init_user_ns
) {
+ /* Don't allow
non-init_net ns to alter global
sysctls */
+ if (
!net_eq(&init_net, net)
) {
table[NF_SYSCTL_CT_MAX].mode = 0444;
table[NF_SYSCTL_CT_EXPECT_MAX].mode = 0444;
table[NF_SYSCTL_CT_MAX].mode = 0444;
table[NF_SYSCTL_CT_EXPECT_MAX].mode = 0444;
- table[NF_SYSCTL_CT_HELPER].mode = 0444;
-#ifdef CONFIG_NF_CONNTRACK_EVENTS
- table[NF_SYSCTL_CT_EVENTS].mode = 0444;
-#endif
- table[NF_SYSCTL_CT_BUCKETS].mode = 0444;
- } else if (!net_eq(&init_net, net)) {
table[NF_SYSCTL_CT_BUCKETS].mode = 0444;
}
table[NF_SYSCTL_CT_BUCKETS].mode = 0444;
}
-
net->ct.
sysctl_header = register_net_sysctl(net, "net/netfilter", table);
- if (!
net->ct.
sysctl_header)
+
cnet->
sysctl_header = register_net_sysctl(net, "net/netfilter", table);
+ if (!
cnet->
sysctl_header)
goto out_unregister_netfilter;
return 0;
goto out_unregister_netfilter;
return 0;
@@
-1086,10
+1085,11
@@
out_unregister_netfilter:
static void nf_conntrack_standalone_fini_sysctl(struct net *net)
{
static void nf_conntrack_standalone_fini_sysctl(struct net *net)
{
+ struct nf_conntrack_net *cnet = net_generic(net, nf_conntrack_net_id);
struct ctl_table *table;
struct ctl_table *table;
- table =
net->ct.
sysctl_header->ctl_table_arg;
- unregister_net_sysctl_table(
net->ct.
sysctl_header);
+ table =
cnet->
sysctl_header->ctl_table_arg;
+ unregister_net_sysctl_table(
cnet->
sysctl_header);
kfree(table);
}
#else
kfree(table);
}
#else