Blame - net/netfilter/nf_conntrack_ecache.c - kernel/msm-4.9

blob: 1df176146567aba5fbf922794022e04c0f93a83f [file] [log] [blame]

Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	1	/* Event cache for netfilter. */
				2
Patrick McHardy	f229f6c	2013-04-06 15:24:29 +0200	[diff] [blame]	3	/*
				4	* (C) 2005 Harald Welte <laforge@gnumonks.org>
				5	* (C) 2005 Patrick McHardy <kaber@trash.net>
				6	* (C) 2005-2006 Netfilter Core Team <coreteam@netfilter.org>
				7	* (C) 2005 USAGI/WIDE Project <http://www.linux-ipv6.org>
Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	8	*
				9	* This program is free software; you can redistribute it and/or modify
				10	* it under the terms of the GNU General Public License version 2 as
				11	* published by the Free Software Foundation.
				12	*/
				13
				14	#include <linux/types.h>
				15	#include <linux/netfilter.h>
				16	#include <linux/skbuff.h>
				17	#include <linux/vmalloc.h>
				18	#include <linux/stddef.h>
				19	#include <linux/err.h>
				20	#include <linux/percpu.h>
Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	21	#include <linux/kernel.h>
				22	#include <linux/netdevice.h>
Tejun Heo	5a0e3ad	2010-03-24 17:04:11 +0900	[diff] [blame]	23	#include <linux/slab.h>
Paul Gortmaker	bc3b2d7	2011-07-15 11:47:34 -0400	[diff] [blame]	24	#include <linux/export.h>
Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	25
				26	#include <net/netfilter/nf_conntrack.h>
Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	27	#include <net/netfilter/nf_conntrack_core.h>
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	28	#include <net/netfilter/nf_conntrack_extend.h>
Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	29
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	30	static DEFINE_MUTEX(nf_ct_ecache_mutex);
Patrick McHardy	13b1833	2006-12-02 22:11:25 -0800	[diff] [blame]	31
Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	32	/* deliver cached events and clear cache entry - must be called with locally
				33	* disabled softirqs */
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	34	void nf_ct_deliver_cached_events(struct nf_conn *ct)
Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	35	{
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	36	struct net *net = nf_ct_net(ct);
Tony Zelenoff	58020f7	2012-02-22 10:48:01 +0400	[diff] [blame]	37	unsigned long events, missed;
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	38	struct nf_ct_event_notifier *notify;
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	39	struct nf_conntrack_ecache *e;
Tony Zelenoff	58020f7	2012-02-22 10:48:01 +0400	[diff] [blame]	40	struct nf_ct_event item;
				41	int ret;
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	42
				43	rcu_read_lock();
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	44	notify = rcu_dereference(net->ct.nf_conntrack_event_cb);
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	45	if (notify == NULL)
				46	goto out_unlock;
				47
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	48	e = nf_ct_ecache_find(ct);
				49	if (e == NULL)
				50	goto out_unlock;
				51
				52	events = xchg(&e->cache, 0);
				53
Tony Zelenoff	58020f7	2012-02-22 10:48:01 +0400	[diff] [blame]	54	if (!nf_ct_is_confirmed(ct) \|\| nf_ct_is_dying(ct) \|\| !events)
				55	goto out_unlock;
Pablo Neira Ayuso	19abb7b	2008-11-18 11:56:20 +0100	[diff] [blame]	56
Tony Zelenoff	58020f7	2012-02-22 10:48:01 +0400	[diff] [blame]	57	/* We make a copy of the missed event cache without taking
				58	* the lock, thus we may send missed events twice. However,
				59	* this does not harm and it happens very rarely. */
				60	missed = e->missed;
Pablo Neira Ayuso	3db7e93	2011-02-01 16:06:30 +0100	[diff] [blame]	61
Tony Zelenoff	58020f7	2012-02-22 10:48:01 +0400	[diff] [blame]	62	if (!((events \| missed) & e->ctmask))
				63	goto out_unlock;
				64
				65	item.ct = ct;
Eric W. Biederman	15e4730	2012-09-07 20:12:54 +0000	[diff] [blame]	66	item.portid = 0;
Tony Zelenoff	58020f7	2012-02-22 10:48:01 +0400	[diff] [blame]	67	item.report = 0;
				68
				69	ret = notify->fcn(events \| missed, &item);
				70
				71	if (likely(ret >= 0 && !missed))
				72	goto out_unlock;
				73
				74	spin_lock_bh(&ct->lock);
				75	if (ret < 0)
				76	e->missed \|= events;
				77	else
				78	e->missed &= ~missed;
				79	spin_unlock_bh(&ct->lock);
Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	80
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	81	out_unlock:
				82	rcu_read_unlock();
Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	83	}
Patrick McHardy	13b1833	2006-12-02 22:11:25 -0800	[diff] [blame]	84	EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events);
Martin Josefsson	f618012	2006-11-29 02:35:01 +0100	[diff] [blame]	85
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	86	int nf_conntrack_register_notifier(struct net *net,
				87	struct nf_ct_event_notifier *new)
Patrick McHardy	010c7d6	2007-03-14 16:40:10 -0700	[diff] [blame]	88	{
Tony Zelenoff	031d770	2012-03-08 23:35:39 +0000	[diff] [blame]	89	int ret;
Patrick McHardy	b56f2d5	2010-05-10 18:47:57 +0200	[diff] [blame]	90	struct nf_ct_event_notifier *notify;
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	91
				92	mutex_lock(&nf_ct_ecache_mutex);
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	93	notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb,
Patrick McHardy	b56f2d5	2010-05-10 18:47:57 +0200	[diff] [blame]	94	lockdep_is_held(&nf_ct_ecache_mutex));
				95	if (notify != NULL) {
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	96	ret = -EBUSY;
				97	goto out_unlock;
				98	}
Eric Dumazet	cf778b0	2012-01-12 04:41:32 +0000	[diff] [blame]	99	rcu_assign_pointer(net->ct.nf_conntrack_event_cb, new);
Tony Zelenoff	031d770	2012-03-08 23:35:39 +0000	[diff] [blame]	100	ret = 0;
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	101
				102	out_unlock:
				103	mutex_unlock(&nf_ct_ecache_mutex);
				104	return ret;
Patrick McHardy	010c7d6	2007-03-14 16:40:10 -0700	[diff] [blame]	105	}
				106	EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier);
				107
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	108	void nf_conntrack_unregister_notifier(struct net *net,
				109	struct nf_ct_event_notifier *new)
Patrick McHardy	010c7d6	2007-03-14 16:40:10 -0700	[diff] [blame]	110	{
Patrick McHardy	b56f2d5	2010-05-10 18:47:57 +0200	[diff] [blame]	111	struct nf_ct_event_notifier *notify;
				112
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	113	mutex_lock(&nf_ct_ecache_mutex);
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	114	notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb,
Patrick McHardy	b56f2d5	2010-05-10 18:47:57 +0200	[diff] [blame]	115	lockdep_is_held(&nf_ct_ecache_mutex));
				116	BUG_ON(notify != new);
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	117	RCU_INIT_POINTER(net->ct.nf_conntrack_event_cb, NULL);
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	118	mutex_unlock(&nf_ct_ecache_mutex);
Patrick McHardy	010c7d6	2007-03-14 16:40:10 -0700	[diff] [blame]	119	}
				120	EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier);
				121
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	122	int nf_ct_expect_register_notifier(struct net *net,
				123	struct nf_exp_event_notifier *new)
Patrick McHardy	010c7d6	2007-03-14 16:40:10 -0700	[diff] [blame]	124	{
Tony Zelenoff	031d770	2012-03-08 23:35:39 +0000	[diff] [blame]	125	int ret;
Patrick McHardy	b56f2d5	2010-05-10 18:47:57 +0200	[diff] [blame]	126	struct nf_exp_event_notifier *notify;
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	127
				128	mutex_lock(&nf_ct_ecache_mutex);
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	129	notify = rcu_dereference_protected(net->ct.nf_expect_event_cb,
Patrick McHardy	b56f2d5	2010-05-10 18:47:57 +0200	[diff] [blame]	130	lockdep_is_held(&nf_ct_ecache_mutex));
				131	if (notify != NULL) {
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	132	ret = -EBUSY;
				133	goto out_unlock;
				134	}
Eric Dumazet	cf778b0	2012-01-12 04:41:32 +0000	[diff] [blame]	135	rcu_assign_pointer(net->ct.nf_expect_event_cb, new);
Tony Zelenoff	031d770	2012-03-08 23:35:39 +0000	[diff] [blame]	136	ret = 0;
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	137
				138	out_unlock:
				139	mutex_unlock(&nf_ct_ecache_mutex);
				140	return ret;
Patrick McHardy	010c7d6	2007-03-14 16:40:10 -0700	[diff] [blame]	141	}
Patrick McHardy	6823645	2007-07-07 22:30:49 -0700	[diff] [blame]	142	EXPORT_SYMBOL_GPL(nf_ct_expect_register_notifier);
Patrick McHardy	010c7d6	2007-03-14 16:40:10 -0700	[diff] [blame]	143
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	144	void nf_ct_expect_unregister_notifier(struct net *net,
				145	struct nf_exp_event_notifier *new)
Patrick McHardy	010c7d6	2007-03-14 16:40:10 -0700	[diff] [blame]	146	{
Patrick McHardy	b56f2d5	2010-05-10 18:47:57 +0200	[diff] [blame]	147	struct nf_exp_event_notifier *notify;
				148
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	149	mutex_lock(&nf_ct_ecache_mutex);
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	150	notify = rcu_dereference_protected(net->ct.nf_expect_event_cb,
Patrick McHardy	b56f2d5	2010-05-10 18:47:57 +0200	[diff] [blame]	151	lockdep_is_held(&nf_ct_ecache_mutex));
				152	BUG_ON(notify != new);
Pablo Neira Ayuso	70e9942	2011-11-22 00:16:51 +0100	[diff] [blame]	153	RCU_INIT_POINTER(net->ct.nf_expect_event_cb, NULL);
Pablo Neira Ayuso	e34d5c1	2009-06-03 10:32:06 +0200	[diff] [blame]	154	mutex_unlock(&nf_ct_ecache_mutex);
Patrick McHardy	010c7d6	2007-03-14 16:40:10 -0700	[diff] [blame]	155	}
Patrick McHardy	6823645	2007-07-07 22:30:49 -0700	[diff] [blame]	156	EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier);
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	157
				158	#define NF_CT_EVENTS_DEFAULT 1
				159	static int nf_ct_events __read_mostly = NF_CT_EVENTS_DEFAULT;
Pablo Neira Ayuso	dd7669a	2009-06-13 12:30:52 +0200	[diff] [blame]	160	static int nf_ct_events_retry_timeout __read_mostly = 15*HZ;
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	161
				162	#ifdef CONFIG_SYSCTL
				163	static struct ctl_table event_sysctl_table[] = {
				164	{
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	165	.procname = "nf_conntrack_events",
				166	.data = &init_net.ct.sysctl_events,
				167	.maxlen = sizeof(unsigned int),
				168	.mode = 0644,
				169	.proc_handler = proc_dointvec,
				170	},
Pablo Neira Ayuso	dd7669a	2009-06-13 12:30:52 +0200	[diff] [blame]	171	{
Pablo Neira Ayuso	dd7669a	2009-06-13 12:30:52 +0200	[diff] [blame]	172	.procname = "nf_conntrack_events_retry_timeout",
				173	.data = &init_net.ct.sysctl_events_retry_timeout,
				174	.maxlen = sizeof(unsigned int),
				175	.mode = 0644,
				176	.proc_handler = proc_dointvec_jiffies,
				177	},
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	178	{}
				179	};
				180	#endif /* CONFIG_SYSCTL */
				181
				182	static struct nf_ct_ext_type event_extend __read_mostly = {
				183	.len = sizeof(struct nf_conntrack_ecache),
				184	.align = __alignof__(struct nf_conntrack_ecache),
				185	.id = NF_CT_EXT_ECACHE,
				186	};
				187
				188	#ifdef CONFIG_SYSCTL
				189	static int nf_conntrack_event_init_sysctl(struct net *net)
				190	{
				191	struct ctl_table *table;
				192
				193	table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table),
				194	GFP_KERNEL);
				195	if (!table)
				196	goto out;
				197
				198	table[0].data = &net->ct.sysctl_events;
Pablo Neira Ayuso	dd7669a	2009-06-13 12:30:52 +0200	[diff] [blame]	199	table[1].data = &net->ct.sysctl_events_retry_timeout;
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	200
Eric W. Biederman	464dc80	2012-11-16 03:02:59 +0000	[diff] [blame]	201	/* Don't export sysctls to unprivileged users */
				202	if (net->user_ns != &init_user_ns)
				203	table[0].procname = NULL;
				204
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	205	net->ct.event_sysctl_header =
Eric W. Biederman	ec8f23c	2012-04-19 13:44:49 +0000	[diff] [blame]	206	register_net_sysctl(net, "net/netfilter", table);
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	207	if (!net->ct.event_sysctl_header) {
				208	printk(KERN_ERR "nf_ct_event: can't register to sysctl.\n");
				209	goto out_register;
				210	}
				211	return 0;
				212
				213	out_register:
				214	kfree(table);
				215	out:
				216	return -ENOMEM;
				217	}
				218
				219	static void nf_conntrack_event_fini_sysctl(struct net *net)
				220	{
				221	struct ctl_table *table;
				222
				223	table = net->ct.event_sysctl_header->ctl_table_arg;
				224	unregister_net_sysctl_table(net->ct.event_sysctl_header);
				225	kfree(table);
				226	}
				227	#else
				228	static int nf_conntrack_event_init_sysctl(struct net *net)
				229	{
				230	return 0;
				231	}
				232
				233	static void nf_conntrack_event_fini_sysctl(struct net *net)
				234	{
				235	}
				236	#endif /* CONFIG_SYSCTL */
				237
Gao feng	3fe0f94	2013-01-21 22:10:28 +0000	[diff] [blame]	238	int nf_conntrack_ecache_pernet_init(struct net *net)
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	239	{
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	240	net->ct.sysctl_events = nf_ct_events;
Pablo Neira Ayuso	dd7669a	2009-06-13 12:30:52 +0200	[diff] [blame]	241	net->ct.sysctl_events_retry_timeout = nf_ct_events_retry_timeout;
Gao feng	3fe0f94	2013-01-21 22:10:28 +0000	[diff] [blame]	242	return nf_conntrack_event_init_sysctl(net);
				243	}
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	244
Gao feng	3fe0f94	2013-01-21 22:10:28 +0000	[diff] [blame]	245	void nf_conntrack_ecache_pernet_fini(struct net *net)
				246	{
				247	nf_conntrack_event_fini_sysctl(net);
				248	}
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	249
Gao feng	3fe0f94	2013-01-21 22:10:28 +0000	[diff] [blame]	250	int nf_conntrack_ecache_init(void)
				251	{
				252	int ret = nf_ct_extend_register(&event_extend);
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	253	if (ret < 0)
Gao feng	3fe0f94	2013-01-21 22:10:28 +0000	[diff] [blame]	254	pr_err("nf_ct_event: Unable to register event extension.\n");
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	255	return ret;
				256	}
				257
Gao feng	3fe0f94	2013-01-21 22:10:28 +0000	[diff] [blame]	258	void nf_conntrack_ecache_fini(void)
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	259	{
Gao feng	3fe0f94	2013-01-21 22:10:28 +0000	[diff] [blame]	260	nf_ct_extend_unregister(&event_extend);
Pablo Neira Ayuso	a0891aa	2009-06-13 12:26:29 +0200	[diff] [blame]	261	}