android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: nf_ct_ipv6: add namespace support

Browse Source 
This patch adds namespace support for IPv6 protocol tracker.

Acked-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Gao feng 2012-05-28 21:04:17 +00:00 committed by Pablo Neira Ayuso
parent 3ea04dd3a7
commit a7c439d396
1 changed files with 65 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

100
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
View File

@ -333,6 +333,65 @@ MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6));
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
MODULE_AUTHOR("Yasuyuki KOZAKAI @USAGI <yasuyuki.kozakai@toshiba.co.jp>"); MODULE_AUTHOR("Yasuyuki KOZAKAI @USAGI <yasuyuki.kozakai@toshiba.co.jp>");
static int ipv6_net_init(struct net *net)
{
int ret = 0;
ret = nf_conntrack_l4proto_register(net,
&nf_conntrack_l4proto_tcp6);
if (ret < 0) {
printk(KERN_ERR "nf_conntrack_l4proto_tcp6: protocol register failed\n");
goto out;
}
ret = nf_conntrack_l4proto_register(net,
&nf_conntrack_l4proto_udp6);
if (ret < 0) {
printk(KERN_ERR "nf_conntrack_l4proto_udp6: protocol register failed\n");
goto cleanup_tcp6;
}
ret = nf_conntrack_l4proto_register(net,
&nf_conntrack_l4proto_icmpv6);
if (ret < 0) {
printk(KERN_ERR "nf_conntrack_l4proto_icmp6: protocol register failed\n");
goto cleanup_udp6;
}
ret = nf_conntrack_l3proto_register(net,
&nf_conntrack_l3proto_ipv6);
if (ret < 0) {
printk(KERN_ERR "nf_conntrack_l3proto_ipv6: protocol register failed\n");
goto cleanup_icmpv6;
}
return 0;
cleanup_icmpv6:
nf_conntrack_l4proto_unregister(net,
&nf_conntrack_l4proto_icmpv6);
cleanup_udp6:
nf_conntrack_l4proto_unregister(net,
&nf_conntrack_l4proto_udp6);
cleanup_tcp6:
nf_conntrack_l4proto_unregister(net,
&nf_conntrack_l4proto_tcp6);
out:
return ret;
}
static void ipv6_net_exit(struct net *net)
{
nf_conntrack_l3proto_unregister(net,
&nf_conntrack_l3proto_ipv6);
nf_conntrack_l4proto_unregister(net,
&nf_conntrack_l4proto_icmpv6);
nf_conntrack_l4proto_unregister(net,
&nf_conntrack_l4proto_udp6);
nf_conntrack_l4proto_unregister(net,
&nf_conntrack_l4proto_tcp6);
}
static struct pernet_operations ipv6_net_ops = {
.init = ipv6_net_init,
.exit = ipv6_net_exit,
};
static int __init nf_conntrack_l3proto_ipv6_init(void) static int __init nf_conntrack_l3proto_ipv6_init(void)
{ {
int ret = 0; int ret = 0;
@ -340,30 +399,9 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
need_conntrack(); need_conntrack();
nf_defrag_ipv6_enable(); nf_defrag_ipv6_enable();
ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_tcp6); ret = register_pernet_subsys(&ipv6_net_ops);
if (ret < 0) { if (ret < 0)
pr_err("nf_conntrack_ipv6: can't register tcp.\n"); goto cleanup_pernet;
return ret;
}
ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_udp6);
if (ret < 0) {
pr_err("nf_conntrack_ipv6: can't register udp.\n");
goto cleanup_tcp;
}
ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_icmpv6);
if (ret < 0) {
pr_err("nf_conntrack_ipv6: can't register icmpv6.\n");
goto cleanup_udp;
}
ret = nf_conntrack_l3proto_register(&init_net, &nf_conntrack_l3proto_ipv6);
if (ret < 0) {
pr_err("nf_conntrack_ipv6: can't register ipv6\n");
goto cleanup_icmpv6;
}
ret = nf_register_hooks(ipv6_conntrack_ops, ret = nf_register_hooks(ipv6_conntrack_ops,
ARRAY_SIZE(ipv6_conntrack_ops)); ARRAY_SIZE(ipv6_conntrack_ops));
if (ret < 0) { if (ret < 0) {
@ -374,13 +412,8 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
return ret; return ret;
cleanup_ipv6: cleanup_ipv6:
nf_conntrack_l3proto_unregister(&init_net, &nf_conntrack_l3proto_ipv6); unregister_pernet_subsys(&ipv6_net_ops);
cleanup_icmpv6: cleanup_pernet:
nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_icmpv6);
cleanup_udp:
nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_udp6);
cleanup_tcp:
nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_tcp6);
return ret; return ret;
} }
@ -388,10 +421,7 @@ static void __exit nf_conntrack_l3proto_ipv6_fini(void)
{ {
synchronize_net(); synchronize_net();
nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops)); nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
nf_conntrack_l3proto_unregister(&init_net, &nf_conntrack_l3proto_ipv6); unregister_pernet_subsys(&ipv6_net_ops);
nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_icmpv6);
nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_udp6);
nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_tcp6);
} }
module_init(nf_conntrack_l3proto_ipv6_init); module_init(nf_conntrack_l3proto_ipv6_init);