Cross Reference: /net/netfilter/nf_conntrack_proto

History log of /net/netfilter/nf_conntrack_proto_sctp.c
Revision	Date	Author	Comments
f229f6ce481ceb33a966311722b8ef0cb6c25de7	06-Apr-2013	Patrick McHardy <kaber@trash.net>	netfilter: add my copyright statements Add copyright statements to all netfilter files which have had significant changes done by myself in the past. Some notes: - nf_conntrack_ecache.c was incorrectly attributed to Rusty and Netfilter Core Team when it got split out of nf_conntrack_core.c. The copyrights even state a date which lies six years before it was written. It was written in 2005 by Harald and myself. - net/ipv{4,6}/netfilter.c, net/netfitler/nf_queue.c were missing copyright statements. I've added the copyright statement from net/netfilter/core.c, where this code originated - for nf_conntrack_proto_tcp.c I've also added Jozsef, since I didn't want it to give the wrong impression Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
0d98da5d845e0d0293055913ce65c9904b3b902a	07-Mar-2013	Gao feng <gaofeng@cn.fujitsu.com>	netfilter: nf_conntrack: register pernet subsystem before register L4 proto In (c296bb4 netfilter: nf_conntrack: refactor l4proto support for netns) the l4proto gre/dccp/udplite/sctp registration happened before the pernet subsystem, which is wrong. Register pernet subsystem before register L4proto since after register L4proto, init_conntrack may try to access the resources which allocated in register_pernet_subsys. Reported-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
c296bb4d5d417d466c9bcc8afef68a3db5449a64	23-Jan-2013	Gao feng <gaofeng@cn.fujitsu.com>	netfilter: nf_conntrack: refactor l4proto support for netns Move the code that register/unregister l4proto to the module_init/exit context. Given that we have to modify some interfaces to accomodate these changes, it is a good time to use shorter function names for this using the nf_ct_* prefix instead of nf_conntrack_*, that is: nf_ct_l4proto_register nf_ct_l4proto_pernet_register nf_ct_l4proto_unregister nf_ct_l4proto_pernet_unregister We same many line breaks with it. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
f42c4183c781733b1947ae79916849574d86aced	21-Jun-2012	Gao feng <gaofeng@cn.fujitsu.com>	netfilter: nf_ct_sctp: merge sctpv[4,6]_net_init into sctp_net_init Merge sctpv4_net_init and sctpv6_net_init into sctp_net_init to remove redundant code now that we have the u_int16_t proto parameter. And use nf_proto_net.users to identify if it's the first time we use the nf_proto_net, in that case, we initialize i Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
f1caad274515ffd9841ac57ce9a7b5fc35bbf689	21-Jun-2012	Gao feng <gaofeng@cn.fujitsu.com>	netfilter: nf_conntrack: prepare l4proto->init_net cleanup l4proto->init contain quite redundant code. We can simplify this by adding a new parameter l3proto. This patch prepares that code simplification. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8264deb81853462da5cbcfb19b54c4fd9f3d88ba	28-May-2012	Gao feng <gaofeng@cn.fujitsu.com>	netfilter: nf_conntrack: add namespace support for cttimeout This patch adds namespace support for cttimeout. Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
e76d0af5e45f4152e3fdcc103b753a8aff93fcb5	05-Jun-2012	Pablo Neira Ayuso <pablo@netfilter.org>	netfilter: nf_conntrack: remove now unused sysctl for nf_conntrack_l[3\|4]proto Since the sysctl data for l[3\|4]proto now resides in pernet nf_proto_net. We can now remove this unused fields from struct nf_contrack_l[3,4]proto. Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
49d485a30f3058b2633f86f85efae04c824ceffe	28-May-2012	Gao feng <gaofeng@cn.fujitsu.com>	netfilter: nf_ct_sctp: add namespace support This patch adds namespace support for SCTP protocol tracker. Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2c352f444ccfa966a1aa4fd8e9ee29381c467448	28-May-2012	Gao feng <gaofeng@cn.fujitus.com>	netfilter: nf_conntrack: prepare namespace support for l4 protocol trackers This patch prepares the namespace support for layer 4 protocol trackers. Basically, this modifies the following interfaces: * nf_ct_[un]register_sysctl * nf_conntrack_l4proto_[un]register to include the namespace parameter. We still use init_net in this patch to prepare the ground for follow-up patches for each layer 4 protocol tracker. We add a new net_id field to struct nf_conntrack_l4proto that is used to store the pernet_operations id for each layer 4 protocol tracker. Note that AF_INET6's protocols do not need to do sysctl compat. Thus, we only register compat sysctl when l4proto.l3proto != AF_INET6. Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
5e8d1eb5fb51e5b9d266a611133fea808320ab97	02-Apr-2012	David S. Miller <davem@davemloft.net>	nf_conntrack_proto_sctp: Stop using NLA_PUT*(). These macros contain a hidden goto, and are thus extremely error prone and make code hard to audit. Signed-off-by: David S. Miller <davem@davemloft.net>
50978462300f74dc48aea4a38471cb69bdf741a5	28-Feb-2012	Pablo Neira Ayuso <pablo@netfilter.org>	netfilter: add cttimeout infrastructure for fine timeout tuning This patch adds the infrastructure to add fine timeout tuning over nfnetlink. Now you can use the NFNL_SUBSYS_CTNETLINK_TIMEOUT subsystem to create/delete/dump timeout objects that contain some specific timeout policy for one flow. The follow up patches will allow you attach timeout policy object to conntrack via the CT target and the conntrack extension infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2c8503f55fbdfbeff4164f133df804cf4d316290	28-Feb-2012	Pablo Neira Ayuso <pablo@netfilter.org>	netfilter: nf_conntrack: pass timeout array to l4->new and l4->packet This patch defines a new interface for l4 protocol trackers: unsigned int (get_timeouts)(struct net *net); that is used to return the array of unsigned int that contains the timeouts that will be applied for this flow. This is passed to the l4proto->new(...) and l4proto->packet(...) functions to specify the timeout policy. This interface allows per-net global timeout configuration (although only DCCP supports this by now) and it will allow custom custom timeout configuration by means of follow-up patches. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
c0cd115667bcd23c2a31fe2114beaab3608de68c	12-Dec-2011	Igor Maravić <igorm@etf.rs>	net:netfilter: use IS_ENABLED Use IS_ENABLED(CONFIG_FOO) instead of defined(CONFIG_FOO) \|\| defined (CONFIG_FOO_MODULE) Signed-off-by: Igor Maravić <igorm@etf.rs> Signed-off-by: David S. Miller <davem@davemloft.net>
25985edcedea6396277003854657b5f3cb31a628	31-Mar-2011	Lucas De Marchi <lucas.demarchi@profusion.mobi>	Fix common misspellings Fixes generated by 'codespell' and manually reviewed. Signed-off-by: Lucas De Marchi <lucas.demarchi@profusion.mobi>
e5fc9e7a666e5964b60e05903b90aa832354b68c	12-Nov-2010	Changli Gao <xiaosuo@gmail.com>	netfilter: nf_conntrack: don't always initialize ct->proto ct->proto is big(60 bytes) due to structure ip_ct_tcp, and we don't need to initialize the whole for all the other protocols. This patch moves proto to the end of structure nf_conn, and pushes the initialization down to the individual protocols. Signed-off-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
654d0fbdc8fe1041918741ed5b6abc8ad6b4c1d8	13-May-2010	Stephen Hemminger <shemminger@vyatta.com>	netfilter: cleanup printk messages Make sure all printk messages have a severity level. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
858b31330054a9ad259feceea0ad1ce5385c47f0	03-Feb-2010	Patrick McHardy <kaber@trash.net>	netfilter: nf_conntrack: split up IPCT_STATUS event Split up the IPCT_STATUS event into an IPCT_REPLY event, which is generated when the IPS_SEEN_REPLY bit is set, and an IPCT_ASSURED event, which is generated when the IPS_ASSURED bit is set. In combination with a following patch to support selective event delivery, this can be used for "sparse" conntrack replication: start replicating the conntrack entry after it reached the ASSURED state and that way it's SYN-flood resistant. Signed-off-by: Patrick McHardy <kaber@trash.net>
f8572d8f2a2ba75408b97dc24ef47c83671795d7	05-Nov-2009	Eric W. Biederman <ebiederm@xmission.com>	sysctl net: Remove unused binary sysctl code Now that sys_sysctl is a compatiblity wrapper around /proc/sys all sysctl strategy routines, and all ctl_name and strategy entries in the sysctl tables are unused, and can be revmoed. In addition neigh_sysctl_register has been modified to no longer take a strategy argument and it's callers have been modified not to pass one. Cc: "David Miller" <davem@davemloft.net> Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> Cc: netdev@vger.kernel.org Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
440f0d588555892601cfe511728a0fc0c8204063	10-Jun-2009	Patrick McHardy <kaber@trash.net>	netfilter: nf_conntrack: use per-conntrack locks for protocol data Introduce per-conntrack locks and use them instead of the global protocol locks to avoid contention. Especially tcp_lock shows up very high in profiles on larger machines. This will also allow to simplify the upcoming reliable event delivery patches. Signed-off-by: Patrick McHardy <kaber@trash.net>
a400c30edb1958ceb53c4b8ce78989189b36df47	25-Mar-2009	Holger Eitzenberger <holger@eitzenberger.org>	netfilter: nf_conntrack: calculate per-protocol nlattr size Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
328bd8997dbb7184d5389e45c642af44ae6e9043	24-Nov-2008	Patrick McHardy <kaber@trash.net>	netfilter: nf_conntrack_proto_sctp: avoid bogus warning net/netfilter/nf_conntrack_proto_sctp.c: In function 'sctp_packet': net/netfilter/nf_conntrack_proto_sctp.c:376: warning: array subscript is above array bounds gcc doesn't realize that do_basic_checks() guarantees that there is at least one valid chunk and thus new_state is never SCTP_CONNTRACK_MAX after the loop. Initialize to SCTP_CONNTRACK_NONE to avoid the warning. Based on patch by Wu Fengguang <wfg@linux.intel.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
6d9f239a1edb31d6133230f478fd1dc2da338ec5	04-Nov-2008	Alexey Dobriyan <adobriyan@gmail.com>	net: '&' redux I want to compile out proc_* and sysctl_* handlers totally and stub them to NULL depending on config options, however usage of & will prevent this, since taking adress of NULL pointer will break compilation. So, drop & in front of every ->proc_handler and every ->strategy handler, it was never needed in fact. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
a71996fccce4b2086a26036aa3c915365ca36926	08-Oct-2008	Alexey Dobriyan <adobriyan@gmail.com>	netfilter: netns nf_conntrack: pass conntrack to nf_conntrack_event_cache() not skb This is cleaner, we already know conntrack to which event is relevant. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
76108cea065cda58366d16a7eb6ca90d717a1396	08-Oct-2008	Jan Engelhardt <jengelh@medozas.de>	netfilter: Use unsigned types for hooknum and pf vars and (try to) consistently use u_int8_t for the L3 family. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
5547cd0ae8b46db9a084505239294eed9b8c8e2d	21-Jul-2008	Patrick McHardy <kaber@trash.net>	netfilter: nf_conntrack_sctp: fix sparse warnings Introduced by a258860e (netfilter: ctnetlink: add full support for SCTP to ctnetlink): net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: cast from restricted type net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: incorrect type in argument 1 (different base types) net/netfilter/nf_conntrack_proto_sctp.c:483:2: expected unsigned int [unsigned] [usertype] x net/netfilter/nf_conntrack_proto_sctp.c:483:2: got restricted unsigned int const <noident> net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: cast from restricted type net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: cast from restricted type net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: cast from restricted type net/netfilter/nf_conntrack_proto_sctp.c:483:2: warning: cast from restricted type net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: cast from restricted type net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: incorrect type in argument 1 (different base types) net/netfilter/nf_conntrack_proto_sctp.c:487:2: expected unsigned int [unsigned] [usertype] x net/netfilter/nf_conntrack_proto_sctp.c:487:2: got restricted unsigned int const <noident> net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: cast from restricted type net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: cast from restricted type net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: cast from restricted type net/netfilter/nf_conntrack_proto_sctp.c:487:2: warning: cast from restricted type net/netfilter/nf_conntrack_proto_sctp.c:532:42: warning: incorrect type in assignment (different base types) net/netfilter/nf_conntrack_proto_sctp.c:532:42: expected restricted unsigned int <noident> net/netfilter/nf_conntrack_proto_sctp.c:532:42: got unsigned int net/netfilter/nf_conntrack_proto_sctp.c:534:39: warning: incorrect type in assignment (different base types) net/netfilter/nf_conntrack_proto_sctp.c:534:39: expected restricted unsigned int <noident> net/netfilter/nf_conntrack_proto_sctp.c:534:39: got unsigned int Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
a258860e01b80e8f554a4ab1a6c95e6042eb8b73	10-Jun-2008	Pablo Neira Ayuso <pablo@netfilter.org>	netfilter: ctnetlink: add full support for SCTP to ctnetlink This patch adds full support for SCTP to ctnetlink. This includes three new attributes: state, original vtag and reply vtag. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
12c33aa20e1e248ac199d58076fcd4522acbff17	14-Apr-2008	Jan Engelhardt <jengelh@computergmbh.de>	[NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
09f263cd39751cada63dec2dccc71e67c00bc38c	14-Apr-2008	Jan Engelhardt <jengelh@computergmbh.de>	[NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
c88130bcd546e73e66165f9c29113dae9facf1ec	31-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack: naming unification Rename all "conntrack" variables to "ct" for more consistency and avoiding some overly long lines. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2f0d2f10391e190f940da70cbdc8a61e4dad98eb	31-Jan-2008	Stephen Hemminger <shemminger@vyatta.com>	[NETFILTER]: conntrack: get rid of sparse warnings Teach sparse about locking here, and fix signed/unsigned warnings. Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
86c0bf4095b35b978540aa43b12840d138a0b376	15-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack_sctp: remove timeout indirection Instead of keeping pointers to the timeout values in a table, simply put the timeout values in the table directly. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
9b1c2cfd7a8b3840cf5c99d0560e641ff4a3425b	15-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack_sctp: replace magic value by symbolic constant Use SCTP_CHUNK_FLAG_T instead of 0x1. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
4a64830af0fd4dbec908cfbab117def5086acd4a	15-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack_sctp: don't take sctp_lock once per chunk Don't take and release the lock once per SCTP chunk, simply hold it the entire time while iterating through the chunks. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
efe9f68afeaf2ce12636990a8c811fb1cc23b12b	15-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack_sctp: rename "newconntrack" variable The name is misleading, it holds the new connection state, so rename it to "newstate". Also rename "oldsctpstate" to "oldstate" for consistency. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
b37e933ac7bdad2d587a6048babb8db2718460de	15-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack_sctp: consolidate sctp_packet() error paths Consolidate error paths and use proper symbolic return value instead of magic values. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
8528819adc613e0b4bc3e5cb4123b4b33d2b03c4	15-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack_sctp: reduce line length further Eliminate a few lines over 80 characters by using a local variable to hold the conntrack direction instead of using CTINFO2DIR everywhere. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
112f35c9c164e06e038d506dd3eb15e76829ef8a	15-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack_sctp: reduce line length Reduce the length of some overly long lines by renaming all "conntrack" variables to "ct". Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
35c6d3cbe1b97b860087f6082e764ac8da2a12b2	15-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack_sctp: use proper types for bitops Use unsigned long instead of char for the bitmap and removed lots of casts. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
5447d4777c48218e90844fa6f6e544119075faad	15-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack_sctp: basic cleanups Reindent switch cases properly, get rid of weird constructs like "!(x == y)", put logical operations on the end of the line instead of the next line, get rid of superfluous braces. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
a5e73c29d9243cc2e889a9d7155f331923eee655	15-Jan-2008	Patrick McHardy <kaber@trash.net>	[NETFILTER]: nf_conntrack_{tcp,sctp}: shrink state table The TCP and SCTP conntrack state transition tables only holds small numbers, but gcc uses 4 byte per entry for the enum. Switching to an u8 reduces the size from 480 to 120 bytes for TCP and from 576 to 144 bytes for SCTP. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>