[deliverable/linux.git] / net / netfilter / nf_conntrack_proto.c

/* L3/L4 protocol support for nf_conntrack. */

/* (C) 1999-2001 Paul `Rusty' Russell
 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/types.h>
#include <linux/netfilter.h>
#include <linux/module.h>
#include <linux/slab.h>
#include <linux/mutex.h>
#include <linux/vmalloc.h>
#include <linux/stddef.h>
#include <linux/err.h>
#include <linux/percpu.h>
#include <linux/notifier.h>
#include <linux/kernel.h>
#include <linux/netdevice.h>
#include <linux/rtnetlink.h>

#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_l3proto.h>
#include <net/netfilter/nf_conntrack_l4proto.h>
#include <net/netfilter/nf_conntrack_core.h>

static struct nf_conntrack_l4proto __rcu **nf_ct_protos[PF_MAX] __read_mostly;
struct nf_conntrack_l3proto __rcu *nf_ct_l3protos[AF_MAX] __read_mostly;
EXPORT_SYMBOL_GPL(nf_ct_l3protos);

static DEFINE_MUTEX(nf_ct_proto_mutex);

#ifdef CONFIG_SYSCTL
static int
nf_ct_register_sysctl(struct net *net,
		      struct ctl_table_header **header,
		      const char *path,
		      struct ctl_table *table,
		      unsigned int *users)
{
	if (*header == NULL) {
		*header = register_net_sysctl(net, path, table);
		if (*header == NULL)
			return -ENOMEM;
	}
	if (users != NULL)
		(*users)++;

	return 0;
}

static void
nf_ct_unregister_sysctl(struct ctl_table_header **header,
			struct ctl_table **table,
			unsigned int *users)
{
	if (users != NULL && --*users > 0)
		return;

	unregister_net_sysctl_table(*header);
	kfree(*table);
	*header = NULL;
	*table = NULL;
}
#endif

struct nf_conntrack_l4proto *
__nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto)
{
	if (unlikely(l3proto >= AF_MAX || nf_ct_protos[l3proto] == NULL))
		return &nf_conntrack_l4proto_generic;

	return rcu_dereference(nf_ct_protos[l3proto][l4proto]);
}
EXPORT_SYMBOL_GPL(__nf_ct_l4proto_find);

/* this is guaranteed to always return a valid protocol helper, since
 * it falls back to generic_protocol */
struct nf_conntrack_l3proto *
nf_ct_l3proto_find_get(u_int16_t l3proto)
{
	struct nf_conntrack_l3proto *p;

	rcu_read_lock();
	p = __nf_ct_l3proto_find(l3proto);
	if (!try_module_get(p->me))
		p = &nf_conntrack_l3proto_generic;
	rcu_read_unlock();

	return p;
}
EXPORT_SYMBOL_GPL(nf_ct_l3proto_find_get);

void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p)
{
	module_put(p->me);
}
EXPORT_SYMBOL_GPL(nf_ct_l3proto_put);

int
nf_ct_l3proto_try_module_get(unsigned short l3proto)
{
	int ret;
	struct nf_conntrack_l3proto *p;

retry:	p = nf_ct_l3proto_find_get(l3proto);
	if (p == &nf_conntrack_l3proto_generic) {
		ret = request_module("nf_conntrack-%d", l3proto);
		if (!ret)
			goto retry;

		return -EPROTOTYPE;
	}

	return 0;
}
EXPORT_SYMBOL_GPL(nf_ct_l3proto_try_module_get);

void nf_ct_l3proto_module_put(unsigned short l3proto)
{
	struct nf_conntrack_l3proto *p;

	/* rcu_read_lock not necessary since the caller holds a reference, but
	 * taken anyways to avoid lockdep warnings in __nf_ct_l3proto_find()
	 */
	rcu_read_lock();
	p = __nf_ct_l3proto_find(l3proto);
	module_put(p->me);
	rcu_read_unlock();
}
EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);

struct nf_conntrack_l4proto *
nf_ct_l4proto_find_get(u_int16_t l3num, u_int8_t l4num)
{
	struct nf_conntrack_l4proto *p;

	rcu_read_lock();
	p = __nf_ct_l4proto_find(l3num, l4num);
	if (!try_module_get(p->me))
		p = &nf_conntrack_l4proto_generic;
	rcu_read_unlock();

	return p;
}
EXPORT_SYMBOL_GPL(nf_ct_l4proto_find_get);

void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p)
{
	module_put(p->me);
}
EXPORT_SYMBOL_GPL(nf_ct_l4proto_put);

static int kill_l3proto(struct nf_conn *i, void *data)
{
	return nf_ct_l3num(i) == ((struct nf_conntrack_l3proto *)data)->l3proto;
}

static int kill_l4proto(struct nf_conn *i, void *data)
{
	struct nf_conntrack_l4proto *l4proto;
	l4proto = (struct nf_conntrack_l4proto *)data;
	return nf_ct_protonum(i) == l4proto->l4proto &&
	       nf_ct_l3num(i) == l4proto->l3proto;
}

static struct nf_ip_net *nf_ct_l3proto_net(struct net *net,
					   struct nf_conntrack_l3proto *l3proto)
{
	if (l3proto->l3proto == PF_INET)
		return &net->ct.nf_ct_proto;
	else
		return NULL;
}

static int nf_ct_l3proto_register_sysctl(struct net *net,
					 struct nf_conntrack_l3proto *l3proto)
{
	int err = 0;
	struct nf_ip_net *in = nf_ct_l3proto_net(net, l3proto);
	/* nf_conntrack_l3proto_ipv6 doesn't support sysctl */
	if (in == NULL)
		return 0;

#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
	if (in->ctl_table != NULL) {
		err = nf_ct_register_sysctl(net,
					    &in->ctl_table_header,
					    l3proto->ctl_table_path,
					    in->ctl_table,
					    NULL);
		if (err < 0) {
			kfree(in->ctl_table);
			in->ctl_table = NULL;
		}
	}
#endif
	return err;
}

static void nf_ct_l3proto_unregister_sysctl(struct net *net,
					    struct nf_conntrack_l3proto *l3proto)
{
	struct nf_ip_net *in = nf_ct_l3proto_net(net, l3proto);

	if (in == NULL)
		return;
#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
	if (in->ctl_table_header != NULL)
		nf_ct_unregister_sysctl(&in->ctl_table_header,
					&in->ctl_table,
					NULL);
#endif
}

static int
nf_conntrack_l3proto_register_net(struct nf_conntrack_l3proto *proto)
{
	int ret = 0;
	struct nf_conntrack_l3proto *old;

	if (proto->l3proto >= AF_MAX)
		return -EBUSY;

	if (proto->tuple_to_nlattr && !proto->nlattr_tuple_size)
		return -EINVAL;

	mutex_lock(&nf_ct_proto_mutex);
	old = rcu_dereference_protected(nf_ct_l3protos[proto->l3proto],
					lockdep_is_held(&nf_ct_proto_mutex));
	if (old != &nf_conntrack_l3proto_generic) {
		ret = -EBUSY;
		goto out_unlock;
	}

	if (proto->nlattr_tuple_size)
		proto->nla_size = 3 * proto->nlattr_tuple_size();

	rcu_assign_pointer(nf_ct_l3protos[proto->l3proto], proto);

out_unlock:
	mutex_unlock(&nf_ct_proto_mutex);
	return ret;

}

int nf_conntrack_l3proto_register(struct net *net,
				  struct nf_conntrack_l3proto *proto)
{
	int ret = 0;

	if (net == &init_net)
		ret = nf_conntrack_l3proto_register_net(proto);

	if (ret < 0)
		return ret;

	if (proto->init_net) {
		ret = proto->init_net(net);
		if (ret < 0)
			return ret;
	}
	return nf_ct_l3proto_register_sysctl(net, proto);
}
EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_register);

static void
nf_conntrack_l3proto_unregister_net(struct nf_conntrack_l3proto *proto)
{
	BUG_ON(proto->l3proto >= AF_MAX);

	mutex_lock(&nf_ct_proto_mutex);
	BUG_ON(rcu_dereference_protected(nf_ct_l3protos[proto->l3proto],
					 lockdep_is_held(&nf_ct_proto_mutex)
					 ) != proto);
	rcu_assign_pointer(nf_ct_l3protos[proto->l3proto],
			   &nf_conntrack_l3proto_generic);
	mutex_unlock(&nf_ct_proto_mutex);

	synchronize_rcu();
}

void nf_conntrack_l3proto_unregister(struct net *net,
				     struct nf_conntrack_l3proto *proto)
{
	if (net == &init_net)
		nf_conntrack_l3proto_unregister_net(proto);

	nf_ct_l3proto_unregister_sysctl(net, proto);

	/* Remove all contrack entries for this protocol */
	rtnl_lock();
	nf_ct_iterate_cleanup(net, kill_l3proto, proto);
	rtnl_unlock();
}
EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_unregister);

static struct nf_proto_net *nf_ct_l4proto_net(struct net *net,
					      struct nf_conntrack_l4proto *l4proto)
{
	if (l4proto->net_id)
		return net_generic(net, *l4proto->net_id);
	else
		return NULL;
}

static
int nf_ct_l4proto_register_sysctl(struct net *net,
				  struct nf_conntrack_l4proto *l4proto)
{
	int err = 0;
	struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto);
	if (pn == NULL)
		return 0;

#ifdef CONFIG_SYSCTL
	if (pn->ctl_table != NULL) {
		err = nf_ct_register_sysctl(net,
					    &pn->ctl_table_header,
					    "net/netfilter",
					    pn->ctl_table,
					    &pn->users);
		if (err < 0) {
			if (!pn->users) {
				kfree(pn->ctl_table);
				pn->ctl_table = NULL;
			}
			goto out;
		}
	}
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
	if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_table != NULL) {
		err = nf_ct_register_sysctl(net,
					    &pn->ctl_compat_header,
					    "net/ipv4/netfilter",
					    pn->ctl_compat_table,
					    NULL);
		if (err == 0)
			goto out;

		kfree(pn->ctl_compat_table);
		pn->ctl_compat_table = NULL;
		nf_ct_unregister_sysctl(&pn->ctl_table_header,
					&pn->ctl_table,
					&pn->users);
	}
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
out:
#endif /* CONFIG_SYSCTL */
	return err;
}

static
void nf_ct_l4proto_unregister_sysctl(struct net *net,
				     struct nf_conntrack_l4proto *l4proto)
{
	struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto);
	if (pn == NULL)
		return;
#ifdef CONFIG_SYSCTL
	if (pn->ctl_table_header != NULL)
		nf_ct_unregister_sysctl(&pn->ctl_table_header,
					&pn->ctl_table,
					&pn->users);

#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
	if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_header != NULL)
		nf_ct_unregister_sysctl(&pn->ctl_compat_header,
					&pn->ctl_compat_table,
					NULL);
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
#else
	pn->users--;
#endif /* CONFIG_SYSCTL */
}

/* FIXME: Allow NULL functions and sub in pointers to generic for
   them. --RR */
static int
nf_conntrack_l4proto_register_net(struct nf_conntrack_l4proto *l4proto)
{
	int ret = 0;

	if (l4proto->l3proto >= PF_MAX)
		return -EBUSY;

	if ((l4proto->to_nlattr && !l4proto->nlattr_size)
		|| (l4proto->tuple_to_nlattr && !l4proto->nlattr_tuple_size))
		return -EINVAL;

	mutex_lock(&nf_ct_proto_mutex);
	if (!nf_ct_protos[l4proto->l3proto]) {
		/* l3proto may be loaded latter. */
		struct nf_conntrack_l4proto __rcu **proto_array;
		int i;

		proto_array = kmalloc(MAX_NF_CT_PROTO *
				      sizeof(struct nf_conntrack_l4proto *),
				      GFP_KERNEL);
		if (proto_array == NULL) {
			ret = -ENOMEM;
			goto out_unlock;
		}

		for (i = 0; i < MAX_NF_CT_PROTO; i++)
			RCU_INIT_POINTER(proto_array[i], &nf_conntrack_l4proto_generic);

		/* Before making proto_array visible to lockless readers,
		 * we must make sure its content is committed to memory.
		 */
		smp_wmb();

		nf_ct_protos[l4proto->l3proto] = proto_array;
	} else if (rcu_dereference_protected(
			nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
			lockdep_is_held(&nf_ct_proto_mutex)
			) != &nf_conntrack_l4proto_generic) {
		ret = -EBUSY;
		goto out_unlock;
	}

	l4proto->nla_size = 0;
	if (l4proto->nlattr_size)
		l4proto->nla_size += l4proto->nlattr_size();
	if (l4proto->nlattr_tuple_size)
		l4proto->nla_size += 3 * l4proto->nlattr_tuple_size();

	rcu_assign_pointer(nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
			   l4proto);
out_unlock:
	mutex_unlock(&nf_ct_proto_mutex);
	return ret;
}

int nf_conntrack_l4proto_register(struct net *net,
				  struct nf_conntrack_l4proto *l4proto)
{
	int ret = 0;
	if (net == &init_net)
		ret = nf_conntrack_l4proto_register_net(l4proto);

	if (ret < 0)
		return ret;

	if (l4proto->init_net)
		ret = l4proto->init_net(net);

	if (ret < 0)
		return ret;

	return nf_ct_l4proto_register_sysctl(net, l4proto);
}
EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_register);

static void
nf_conntrack_l4proto_unregister_net(struct nf_conntrack_l4proto *l4proto)
{
	BUG_ON(l4proto->l3proto >= PF_MAX);

	mutex_lock(&nf_ct_proto_mutex);
	BUG_ON(rcu_dereference_protected(
			nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
			lockdep_is_held(&nf_ct_proto_mutex)
			) != l4proto);
	rcu_assign_pointer(nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
			   &nf_conntrack_l4proto_generic);
	mutex_unlock(&nf_ct_proto_mutex);

	synchronize_rcu();
}

void nf_conntrack_l4proto_unregister(struct net *net,
				     struct nf_conntrack_l4proto *l4proto)
{
	if (net == &init_net)
		nf_conntrack_l4proto_unregister_net(l4proto);

	nf_ct_l4proto_unregister_sysctl(net, l4proto);
	/* Remove all contrack entries for this protocol */
	rtnl_lock();
	nf_ct_iterate_cleanup(net, kill_l4proto, l4proto);
	rtnl_unlock();
}
EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_unregister);

int nf_conntrack_proto_init(void)
{
	unsigned int i;
	int err;

	err = nf_ct_l4proto_register_sysctl(&init_net, &nf_conntrack_l4proto_generic);
	if (err < 0)
		return err;

	for (i = 0; i < AF_MAX; i++)
		rcu_assign_pointer(nf_ct_l3protos[i],
				   &nf_conntrack_l3proto_generic);
	return 0;
}

void nf_conntrack_proto_fini(void)
{
	unsigned int i;

	nf_ct_l4proto_unregister_sysctl(&init_net, &nf_conntrack_l4proto_generic);

	/* free l3proto protocol tables */
	for (i = 0; i < PF_MAX; i++)
		kfree(nf_ct_protos[i]);
}
Commit	Line	Data
8f03dea5 MJ	1	/* L3/L4 protocol support for nf_conntrack. */
	2
	3	/* (C) 1999-2001 Paul `Rusty' Russell
	4	* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
	5	* (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
	6	*
	7	* This program is free software; you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License version 2 as
	9	* published by the Free Software Foundation.
	10	*/
	11
	12	#include <linux/types.h>
	13	#include <linux/netfilter.h>
	14	#include <linux/module.h>
5a0e3ad6	15	#include <linux/slab.h>
d62f9ed4	16	#include <linux/mutex.h>
8f03dea5 MJ	17	#include <linux/vmalloc.h>
	18	#include <linux/stddef.h>
	19	#include <linux/err.h>
	20	#include <linux/percpu.h>
8f03dea5 MJ	21	#include <linux/notifier.h>
	22	#include <linux/kernel.h>
	23	#include <linux/netdevice.h>
efb9a8c2	24	#include <linux/rtnetlink.h>
8f03dea5 MJ	25
	26	#include <net/netfilter/nf_conntrack.h>
	27	#include <net/netfilter/nf_conntrack_l3proto.h>
605dcad6	28	#include <net/netfilter/nf_conntrack_l4proto.h>
8f03dea5 MJ	29	#include <net/netfilter/nf_conntrack_core.h>
8f03dea5 MJ	30
0906a372 AB	31	static struct nf_conntrack_l4proto __rcu **nf_ct_protos[PF_MAX] __read_mostly;
0906a372 AB	32	struct nf_conntrack_l3proto __rcu *nf_ct_l3protos[AF_MAX] __read_mostly;
13b18339	33	EXPORT_SYMBOL_GPL(nf_ct_l3protos);
8f03dea5	34
b19caa0c	35	static DEFINE_MUTEX(nf_ct_proto_mutex);
d62f9ed4	36
b19caa0c	37	#ifdef CONFIG_SYSCTL
d62f9ed4	38	static int
2c352f44 G	39	nf_ct_register_sysctl(struct net *net,
	40	struct ctl_table_header **header,
	41	const char *path,
	42	struct ctl_table *table,
	43	unsigned int *users)
d62f9ed4 PM	44	{
d62f9ed4 PM	45	if (*header == NULL) {
2c352f44	46	*header = register_net_sysctl(net, path, table);
d62f9ed4 PM	47	if (*header == NULL)
	48	return -ENOMEM;
	49	}
	50	if (users != NULL)
	51	(*users)++;
2c352f44	52
d62f9ed4 PM	53	return 0;
	54	}
	55
	56	static void
	57	nf_ct_unregister_sysctl(struct ctl_table_header **header,
2c352f44 G	58	struct ctl_table **table,
2c352f44 G	59	unsigned int *users)
d62f9ed4 PM	60	{
	61	if (users != NULL && --*users > 0)
	62	return;
b3fd3ffe	63
5dd3df10	64	unregister_net_sysctl_table(*header);
2c352f44	65	kfree(*table);
d62f9ed4	66	*header = NULL;
2c352f44	67	*table = NULL;
d62f9ed4 PM	68	}
	69	#endif
	70
605dcad6 MJ	71	struct nf_conntrack_l4proto *
605dcad6 MJ	72	__nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto)
8f03dea5 MJ	73	{
8f03dea5 MJ	74	if (unlikely(l3proto >= AF_MAX \|\| nf_ct_protos[l3proto] == NULL))
605dcad6	75	return &nf_conntrack_l4proto_generic;
8f03dea5	76
923f4902	77	return rcu_dereference(nf_ct_protos[l3proto][l4proto]);
8f03dea5	78	}
13b18339	79	EXPORT_SYMBOL_GPL(__nf_ct_l4proto_find);
8f03dea5 MJ	80
	81	/* this is guaranteed to always return a valid protocol helper, since
	82	* it falls back to generic_protocol */
8f03dea5 MJ	83	struct nf_conntrack_l3proto *
	84	nf_ct_l3proto_find_get(u_int16_t l3proto)
	85	{
	86	struct nf_conntrack_l3proto *p;
	87
923f4902	88	rcu_read_lock();
8f03dea5 MJ	89	p = __nf_ct_l3proto_find(l3proto);
8f03dea5 MJ	90	if (!try_module_get(p->me))
605dcad6	91	p = &nf_conntrack_l3proto_generic;
923f4902	92	rcu_read_unlock();
8f03dea5 MJ	93
	94	return p;
	95	}
13b18339	96	EXPORT_SYMBOL_GPL(nf_ct_l3proto_find_get);
8f03dea5 MJ	97
	98	void nf_ct_l3proto_put(struct nf_conntrack_l3proto *p)
	99	{
	100	module_put(p->me);
	101	}
13b18339	102	EXPORT_SYMBOL_GPL(nf_ct_l3proto_put);
8f03dea5 MJ	103
	104	int
	105	nf_ct_l3proto_try_module_get(unsigned short l3proto)
	106	{
	107	int ret;
	108	struct nf_conntrack_l3proto *p;
	109
	110	retry: p = nf_ct_l3proto_find_get(l3proto);
605dcad6	111	if (p == &nf_conntrack_l3proto_generic) {
8f03dea5 MJ	112	ret = request_module("nf_conntrack-%d", l3proto);
	113	if (!ret)
	114	goto retry;
	115
	116	return -EPROTOTYPE;
	117	}
	118
	119	return 0;
	120	}
13b18339	121	EXPORT_SYMBOL_GPL(nf_ct_l3proto_try_module_get);
8f03dea5 MJ	122
	123	void nf_ct_l3proto_module_put(unsigned short l3proto)
	124	{
	125	struct nf_conntrack_l3proto *p;
	126
3b254c54 PM	127	/* rcu_read_lock not necessary since the caller holds a reference, but
	128	* taken anyways to avoid lockdep warnings in __nf_ct_l3proto_find()
	129	*/
	130	rcu_read_lock();
8f03dea5	131	p = __nf_ct_l3proto_find(l3proto);
8f03dea5	132	module_put(p->me);
3b254c54	133	rcu_read_unlock();
8f03dea5	134	}
13b18339	135	EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);
8f03dea5	136
c1ebd7df PNA	137	struct nf_conntrack_l4proto *
	138	nf_ct_l4proto_find_get(u_int16_t l3num, u_int8_t l4num)
	139	{
	140	struct nf_conntrack_l4proto *p;
	141
	142	rcu_read_lock();
	143	p = __nf_ct_l4proto_find(l3num, l4num);
	144	if (!try_module_get(p->me))
	145	p = &nf_conntrack_l4proto_generic;
	146	rcu_read_unlock();
	147
	148	return p;
	149	}
	150	EXPORT_SYMBOL_GPL(nf_ct_l4proto_find_get);
	151
	152	void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p)
	153	{
	154	module_put(p->me);
	155	}
	156	EXPORT_SYMBOL_GPL(nf_ct_l4proto_put);
	157
8f03dea5 MJ	158	static int kill_l3proto(struct nf_conn i, void data)
8f03dea5 MJ	159	{
5e8fbe2a	160	return nf_ct_l3num(i) == ((struct nf_conntrack_l3proto *)data)->l3proto;
8f03dea5 MJ	161	}
8f03dea5 MJ	162
605dcad6	163	static int kill_l4proto(struct nf_conn i, void data)
8f03dea5	164	{
605dcad6 MJ	165	struct nf_conntrack_l4proto *l4proto;
605dcad6 MJ	166	l4proto = (struct nf_conntrack_l4proto *)data;
5e8fbe2a PM	167	return nf_ct_protonum(i) == l4proto->l4proto &&
5e8fbe2a PM	168	nf_ct_l3num(i) == l4proto->l3proto;
8f03dea5 MJ	169	}
8f03dea5 MJ	170
524a53e5 G	171	static struct nf_ip_net nf_ct_l3proto_net(struct net net,
524a53e5 G	172	struct nf_conntrack_l3proto *l3proto)
d62f9ed4	173	{
524a53e5 G	174	if (l3proto->l3proto == PF_INET)
	175	return &net->ct.nf_ct_proto;
	176	else
	177	return NULL;
	178	}
d62f9ed4	179
524a53e5 G	180	static int nf_ct_l3proto_register_sysctl(struct net *net,
	181	struct nf_conntrack_l3proto *l3proto)
	182	{
	183	int err = 0;
	184	struct nf_ip_net *in = nf_ct_l3proto_net(net, l3proto);
	185	/* nf_conntrack_l3proto_ipv6 doesn't support sysctl */
	186	if (in == NULL)
	187	return 0;
	188
	189	#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
	190	if (in->ctl_table != NULL) {
	191	err = nf_ct_register_sysctl(net,
	192	&in->ctl_table_header,
d62f9ed4	193	l3proto->ctl_table_path,
524a53e5 G	194	in->ctl_table,
	195	NULL);
	196	if (err < 0) {
	197	kfree(in->ctl_table);
	198	in->ctl_table = NULL;
	199	}
d62f9ed4	200	}
d62f9ed4 PM	201	#endif
	202	return err;
	203	}
	204
524a53e5 G	205	static void nf_ct_l3proto_unregister_sysctl(struct net *net,
524a53e5 G	206	struct nf_conntrack_l3proto *l3proto)
d62f9ed4	207	{
524a53e5 G	208	struct nf_ip_net *in = nf_ct_l3proto_net(net, l3proto);
	209
	210	if (in == NULL)
	211	return;
	212	#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
	213	if (in->ctl_table_header != NULL)
	214	nf_ct_unregister_sysctl(&in->ctl_table_header,
	215	&in->ctl_table,
	216	NULL);
d62f9ed4 PM	217	#endif
	218	}
	219
524a53e5 G	220	static int
524a53e5 G	221	nf_conntrack_l3proto_register_net(struct nf_conntrack_l3proto *proto)
8f03dea5 MJ	222	{
8f03dea5 MJ	223	int ret = 0;
0e60ebe0	224	struct nf_conntrack_l3proto *old;
8f03dea5	225
0661cca9 PM	226	if (proto->l3proto >= AF_MAX)
0661cca9 PM	227	return -EBUSY;
ae5718fb	228
d0dba725 HE	229	if (proto->tuple_to_nlattr && !proto->nlattr_tuple_size)
	230	return -EINVAL;
	231
b19caa0c	232	mutex_lock(&nf_ct_proto_mutex);
0e60ebe0 ED	233	old = rcu_dereference_protected(nf_ct_l3protos[proto->l3proto],
	234	lockdep_is_held(&nf_ct_proto_mutex));
	235	if (old != &nf_conntrack_l3proto_generic) {
8f03dea5	236	ret = -EBUSY;
ae5718fb	237	goto out_unlock;
8f03dea5	238	}
d62f9ed4	239
d0dba725 HE	240	if (proto->nlattr_tuple_size)
	241	proto->nla_size = 3 * proto->nlattr_tuple_size();
	242
0661cca9	243	rcu_assign_pointer(nf_ct_l3protos[proto->l3proto], proto);
8f03dea5	244
ae5718fb	245	out_unlock:
b19caa0c	246	mutex_unlock(&nf_ct_proto_mutex);
8f03dea5	247	return ret;
524a53e5	248
8f03dea5 MJ	249	}
8f03dea5 MJ	250
524a53e5 G	251	int nf_conntrack_l3proto_register(struct net *net,
524a53e5 G	252	struct nf_conntrack_l3proto *proto)
8f03dea5	253	{
524a53e5 G	254	int ret = 0;
	255
	256	if (net == &init_net)
	257	ret = nf_conntrack_l3proto_register_net(proto);
	258
	259	if (ret < 0)
	260	return ret;
	261
	262	if (proto->init_net) {
	263	ret = proto->init_net(net);
	264	if (ret < 0)
	265	return ret;
	266	}
	267	return nf_ct_l3proto_register_sysctl(net, proto);
	268	}
	269	EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_register);
678d6675	270
524a53e5 G	271	static void
	272	nf_conntrack_l3proto_unregister_net(struct nf_conntrack_l3proto *proto)
	273	{
fe3eb20c	274	BUG_ON(proto->l3proto >= AF_MAX);
ae5718fb	275
b19caa0c	276	mutex_lock(&nf_ct_proto_mutex);
0e60ebe0 ED	277	BUG_ON(rcu_dereference_protected(nf_ct_l3protos[proto->l3proto],
	278	lockdep_is_held(&nf_ct_proto_mutex)
	279	) != proto);
923f4902 PM	280	rcu_assign_pointer(nf_ct_l3protos[proto->l3proto],
923f4902 PM	281	&nf_conntrack_l3proto_generic);
b19caa0c	282	mutex_unlock(&nf_ct_proto_mutex);
8f03dea5	283
0661cca9	284	synchronize_rcu();
524a53e5 G	285	}
	286
	287	void nf_conntrack_l3proto_unregister(struct net *net,
	288	struct nf_conntrack_l3proto *proto)
	289	{
	290	if (net == &init_net)
	291	nf_conntrack_l3proto_unregister_net(proto);
	292
	293	nf_ct_l3proto_unregister_sysctl(net, proto);
d62f9ed4	294
8f03dea5	295	/* Remove all contrack entries for this protocol */
efb9a8c2	296	rtnl_lock();
524a53e5	297	nf_ct_iterate_cleanup(net, kill_l3proto, proto);
efb9a8c2	298	rtnl_unlock();
8f03dea5	299	}
13b18339	300	EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_unregister);
8f03dea5	301
2c352f44 G	302	static struct nf_proto_net nf_ct_l4proto_net(struct net net,
	303	struct nf_conntrack_l4proto *l4proto)
	304	{
	305	if (l4proto->net_id)
	306	return net_generic(net, *l4proto->net_id);
	307	else
	308	return NULL;
	309	}
	310
	311	static
	312	int nf_ct_l4proto_register_sysctl(struct net *net,
	313	struct nf_conntrack_l4proto *l4proto)
d62f9ed4 PM	314	{
d62f9ed4 PM	315	int err = 0;
2c352f44 G	316	struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto);
	317	if (pn == NULL)
	318	return 0;
d62f9ed4 PM	319
d62f9ed4 PM	320	#ifdef CONFIG_SYSCTL
2c352f44 G	321	if (pn->ctl_table != NULL) {
	322	err = nf_ct_register_sysctl(net,
	323	&pn->ctl_table_header,
f99e8f71	324	"net/netfilter",
2c352f44 G	325	pn->ctl_table,
	326	&pn->users);
	327	if (err < 0) {
	328	if (!pn->users) {
	329	kfree(pn->ctl_table);
	330	pn->ctl_table = NULL;
	331	}
a999e683	332	goto out;
2c352f44	333	}
d62f9ed4	334	}
a999e683	335	#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
2c352f44 G	336	if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_table != NULL) {
	337	err = nf_ct_register_sysctl(net,
	338	&pn->ctl_compat_header,
f99e8f71	339	"net/ipv4/netfilter",
2c352f44 G	340	pn->ctl_compat_table,
2c352f44 G	341	NULL);
a999e683 PM	342	if (err == 0)
a999e683 PM	343	goto out;
2c352f44 G	344
	345	kfree(pn->ctl_compat_table);
	346	pn->ctl_compat_table = NULL;
	347	nf_ct_unregister_sysctl(&pn->ctl_table_header,
	348	&pn->ctl_table,
	349	&pn->users);
a999e683 PM	350	}
	351	#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
	352	out:
933a41e7	353	#endif /* CONFIG_SYSCTL */
d62f9ed4 PM	354	return err;
	355	}
	356
2c352f44 G	357	static
	358	void nf_ct_l4proto_unregister_sysctl(struct net *net,
	359	struct nf_conntrack_l4proto *l4proto)
d62f9ed4	360	{
2c352f44 G	361	struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto);
	362	if (pn == NULL)
	363	return;
d62f9ed4	364	#ifdef CONFIG_SYSCTL
2c352f44 G	365	if (pn->ctl_table_header != NULL)
	366	nf_ct_unregister_sysctl(&pn->ctl_table_header,
	367	&pn->ctl_table,
	368	&pn->users);
	369
a999e683	370	#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
2c352f44 G	371	if (l4proto->l3proto != AF_INET6 && pn->ctl_compat_header != NULL)
	372	nf_ct_unregister_sysctl(&pn->ctl_compat_header,
	373	&pn->ctl_compat_table,
	374	NULL);
a999e683	375	#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
2c352f44 G	376	#else
2c352f44 G	377	pn->users--;
933a41e7	378	#endif /* CONFIG_SYSCTL */
d62f9ed4 PM	379	}
d62f9ed4 PM	380
8f03dea5 MJ	381	/* FIXME: Allow NULL functions and sub in pointers to generic for
8f03dea5 MJ	382	them. --RR */
2c352f44 G	383	static int
2c352f44 G	384	nf_conntrack_l4proto_register_net(struct nf_conntrack_l4proto *l4proto)
8f03dea5 MJ	385	{
	386	int ret = 0;
	387
0661cca9 PM	388	if (l4proto->l3proto >= PF_MAX)
0661cca9 PM	389	return -EBUSY;
ae5718fb	390
d0dba725 HE	391	if ((l4proto->to_nlattr && !l4proto->nlattr_size)
	392	\|\| (l4proto->tuple_to_nlattr && !l4proto->nlattr_tuple_size))
	393	return -EINVAL;
	394
b19caa0c	395	mutex_lock(&nf_ct_proto_mutex);
c6a1e615	396	if (!nf_ct_protos[l4proto->l3proto]) {
8f03dea5	397	/* l3proto may be loaded latter. */
c5d277d2	398	struct nf_conntrack_l4proto __rcu **proto_array;
8f03dea5 MJ	399	int i;
8f03dea5 MJ	400
c6a1e615 PM	401	proto_array = kmalloc(MAX_NF_CT_PROTO *
	402	sizeof(struct nf_conntrack_l4proto *),
	403	GFP_KERNEL);
8f03dea5 MJ	404	if (proto_array == NULL) {
8f03dea5 MJ	405	ret = -ENOMEM;
b19caa0c	406	goto out_unlock;
8f03dea5	407	}
c6a1e615	408
8f03dea5	409	for (i = 0; i < MAX_NF_CT_PROTO; i++)
c5d277d2	410	RCU_INIT_POINTER(proto_array[i], &nf_conntrack_l4proto_generic);
d817d29d ED	411
	412	/* Before making proto_array visible to lockless readers,
	413	* we must make sure its content is committed to memory.
	414	*/
	415	smp_wmb();
	416
c6a1e615	417	nf_ct_protos[l4proto->l3proto] = proto_array;
0e60ebe0 ED	418	} else if (rcu_dereference_protected(
	419	nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
	420	lockdep_is_held(&nf_ct_proto_mutex)
	421	) != &nf_conntrack_l4proto_generic) {
c6a1e615 PM	422	ret = -EBUSY;
c6a1e615 PM	423	goto out_unlock;
8f03dea5 MJ	424	}
8f03dea5 MJ	425
d0dba725 HE	426	l4proto->nla_size = 0;
	427	if (l4proto->nlattr_size)
	428	l4proto->nla_size += l4proto->nlattr_size();
	429	if (l4proto->nlattr_tuple_size)
	430	l4proto->nla_size += 3 * l4proto->nlattr_tuple_size();
	431
c6a1e615 PM	432	rcu_assign_pointer(nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
c6a1e615 PM	433	l4proto);
8f03dea5	434	out_unlock:
b19caa0c	435	mutex_unlock(&nf_ct_proto_mutex);
8f03dea5 MJ	436	return ret;
	437	}
	438
2c352f44 G	439	int nf_conntrack_l4proto_register(struct net *net,
2c352f44 G	440	struct nf_conntrack_l4proto *l4proto)
8f03dea5	441	{
2c352f44 G	442	int ret = 0;
	443	if (net == &init_net)
	444	ret = nf_conntrack_l4proto_register_net(l4proto);
	445
	446	if (ret < 0)
	447	return ret;
	448
	449	if (l4proto->init_net)
	450	ret = l4proto->init_net(net);
678d6675	451
2c352f44 G	452	if (ret < 0)
	453	return ret;
	454
	455	return nf_ct_l4proto_register_sysctl(net, l4proto);
	456	}
	457	EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_register);
	458
	459	static void
	460	nf_conntrack_l4proto_unregister_net(struct nf_conntrack_l4proto *l4proto)
	461	{
fe3eb20c	462	BUG_ON(l4proto->l3proto >= PF_MAX);
ae5718fb	463
b19caa0c	464	mutex_lock(&nf_ct_proto_mutex);
0e60ebe0 ED	465	BUG_ON(rcu_dereference_protected(
	466	nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
	467	lockdep_is_held(&nf_ct_proto_mutex)
	468	) != l4proto);
923f4902 PM	469	rcu_assign_pointer(nf_ct_protos[l4proto->l3proto][l4proto->l4proto],
923f4902 PM	470	&nf_conntrack_l4proto_generic);
b19caa0c	471	mutex_unlock(&nf_ct_proto_mutex);
8f03dea5	472
0661cca9	473	synchronize_rcu();
2c352f44	474	}
d62f9ed4	475
2c352f44 G	476	void nf_conntrack_l4proto_unregister(struct net *net,
	477	struct nf_conntrack_l4proto *l4proto)
	478	{
	479	if (net == &init_net)
	480	nf_conntrack_l4proto_unregister_net(l4proto);
	481
	482	nf_ct_l4proto_unregister_sysctl(net, l4proto);
8f03dea5	483	/* Remove all contrack entries for this protocol */
efb9a8c2	484	rtnl_lock();
2c352f44	485	nf_ct_iterate_cleanup(net, kill_l4proto, l4proto);
efb9a8c2	486	rtnl_unlock();
8f03dea5	487	}
13b18339	488	EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_unregister);
ac5357eb PM	489
	490	int nf_conntrack_proto_init(void)
	491	{
	492	unsigned int i;
	493	int err;
	494
2c352f44	495	err = nf_ct_l4proto_register_sysctl(&init_net, &nf_conntrack_l4proto_generic);
ac5357eb PM	496	if (err < 0)
	497	return err;
	498
	499	for (i = 0; i < AF_MAX; i++)
	500	rcu_assign_pointer(nf_ct_l3protos[i],
	501	&nf_conntrack_l3proto_generic);
	502	return 0;
	503	}
	504
	505	void nf_conntrack_proto_fini(void)
	506	{
	507	unsigned int i;
	508
2c352f44	509	nf_ct_l4proto_unregister_sysctl(&init_net, &nf_conntrack_l4proto_generic);
ac5357eb PM	510
	511	/* free l3proto protocol tables */
	512	for (i = 0; i < PF_MAX; i++)
	513	kfree(nf_ct_protos[i]);
	514	}