* It's just the time to write you a letter, I thought
From: Bertie Cosner @ 2012-06-16 13:00 UTC (permalink / raw)
To: psyrk@univ.gda.pl
Hey, honey! How are you? What's new?
I am Bertie.
So, I do not know from what to start. Maybe from this...
One of friends of mine demonstrated me your pictures and I loved them very much!
I search for intelligent, sedate man for a long but there are a lot idiots who're just seducing me to go to bedroom and then staying me alone.
I hope that you are one of them!
So, if u r a good male then I'm waiting for your mail.
^ permalink raw reply
* Re: [PATCH net-next v2 06/12] netfilter: merge udpv[4,6]_net_init into udp_net_init
From: Pablo Neira Ayuso @ 2012-06-16 11:22 UTC (permalink / raw)
To: Gao feng; +Cc: netdev, netfilter-devel
In-Reply-To: <1339818083-31356-6-git-send-email-gaofeng@cn.fujitsu.com>
On Sat, Jun 16, 2012 at 11:41:17AM +0800, Gao feng wrote:
> merge udpv4_net_init and udpv6_net_init into udp_net_init to
> reduce the redundancy codes.
>
> and use nf_proto_net.users to identify if it's the first time
> we use the nf_proto_net. when it's the first time,we will
> initialized it.
>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
> net/netfilter/nf_conntrack_proto_udp.c | 56 ++++++++++---------------------
> 1 files changed, 18 insertions(+), 38 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
> index 2b978e6..61bca4f 100644
> --- a/net/netfilter/nf_conntrack_proto_udp.c
> +++ b/net/netfilter/nf_conntrack_proto_udp.c
> @@ -270,52 +270,32 @@ static int udp_kmemdup_compat_sysctl_table(struct nf_proto_net *pn)
> return 0;
> }
>
> -static void udp_init_net_data(struct nf_udp_net *un)
> +static int udp_init_net(struct net *net, u_int16_t proto)
> {
> - int i;
> -#ifdef CONFIG_SYSCTL
> - if (!un->pn.ctl_table) {
> -#else
> - if (!un->pn.users++) {
> -#endif
> + int ret;
> + struct nf_udp_net *un = udp_pernet(net);
> + struct nf_proto_net *pn = &un->pn;
> +
> + if (!pn->users) {
> + int i;
> for (i = 0; i < UDP_CT_MAX; i++)
> un->timeouts[i] = udp_timeouts[i];
> }
> -}
> -
> -static int udpv4_init_net(struct net *net, u_int16_t proto)
> -{
> - int ret;
> - struct nf_udp_net *un = udp_pernet(net);
> - struct nf_proto_net *pn = (struct nf_proto_net *)un;
>
> - udp_init_net_data(un);
> + if (proto == AF_INET) {
I think we can remove that u_int16_t proto that I proposed to make
something like:
static int udp_kmemdup_compat_sysctl_table(struct nf_proto_net *pn)
{
#ifdef CONFIG_SYSCTL
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
struct nf_udp_net *un = (struct nf_udp_net *)pn;
+
+ if (pn->ctl_compat_table)
+ return 0;
+
pn->ctl_compat_table = kmemdup(udp_compat_sysctl_table,
sizeof(udp_compat_sysctl_table),
GFP_KERNEL);
if (!pn->ctl_compat_table)
return -ENOMEM;
That should be enough to ensure that the compat is registered once. No
matter if it's done by the IPv4 or IPv6 invocation of udp_init_net.
Thus, it will look consistent with udp_kmemdup_sysctl_table.
> + ret = udp_kmemdup_compat_sysctl_table(pn);
> + if (ret < 0)
> + return ret;
>
> - ret = udp_kmemdup_compat_sysctl_table(pn);
> - if (ret < 0)
> - return ret;
> + ret = udp_kmemdup_sysctl_table(pn);
> + if (ret < 0)
> + nf_ct_kfree_compat_sysctl_table(pn);
> + } else
> + ret = udp_kmemdup_sysctl_table(pn);
>
> - ret = udp_kmemdup_sysctl_table(pn);
> -#ifdef CONFIG_SYSCTL
> -#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
> - if (ret < 0) {
> - kfree(pn->ctl_compat_table);
> - pn->ctl_compat_table = NULL;
> - }
> -#endif
> -#endif
> return ret;
> }
>
> -static int udpv6_init_net(struct net *net, u_int16_t proto)
> -{
> - struct nf_udp_net *un = udp_pernet(net);
> - struct nf_proto_net *pn = (struct nf_proto_net *)un;
> -
> - udp_init_net_data(un);
> - return udp_kmemdup_sysctl_table(pn);
> -}
> -
> struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly =
> {
> .l3proto = PF_INET,
> @@ -343,7 +323,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly =
> .nla_policy = udp_timeout_nla_policy,
> },
> #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
> - .init_net = udpv4_init_net,
> + .init_net = udp_init_net,
> };
> EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp4);
>
> @@ -374,6 +354,6 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 __read_mostly =
> .nla_policy = udp_timeout_nla_policy,
> },
> #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
> - .init_net = udpv6_init_net,
> + .init_net = udp_init_net,
> };
> EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp6);
> --
> 1.7.7.6
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* Re: [PATCH net-next v2 03/12] netfilter: add nf_ct_kfree_compat_sysctl_table to make codes clear
From: Pablo Neira Ayuso @ 2012-06-16 11:10 UTC (permalink / raw)
To: Gao feng; +Cc: netdev, netfilter-devel
In-Reply-To: <1339818083-31356-3-git-send-email-gaofeng@cn.fujitsu.com>
On Sat, Jun 16, 2012 at 11:41:14AM +0800, Gao feng wrote:
> add function nf_ct_kfree_compat_sysctl_table to kfree l4proto's
> compat sysctl table and set the sysctl table point to NULL.
>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
> include/net/netfilter/nf_conntrack_l4proto.h | 2 ++
> net/netfilter/nf_conntrack_proto.c | 12 ++++++++++--
> 2 files changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
> index 5dd60f2..11fcf27 100644
> --- a/include/net/netfilter/nf_conntrack_l4proto.h
> +++ b/include/net/netfilter/nf_conntrack_l4proto.h
> @@ -124,6 +124,8 @@ extern int nf_conntrack_l4proto_register(struct net *net,
> extern void nf_conntrack_l4proto_unregister(struct net *net,
> struct nf_conntrack_l4proto *proto);
>
> +extern void nf_ct_kfree_compat_sysctl_table(struct nf_proto_net *pn);
> +
> /* Generic netlink helpers */
> extern int nf_ct_port_tuple_to_nlattr(struct sk_buff *skb,
> const struct nf_conntrack_tuple *tuple);
> diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
> index 5ea2d71..1033ee6 100644
> --- a/net/netfilter/nf_conntrack_proto.c
> +++ b/net/netfilter/nf_conntrack_proto.c
> @@ -327,6 +327,15 @@ static struct nf_proto_net *nf_ct_l4proto_net(struct net *net,
> return NULL;
> }
>
> +void nf_ct_kfree_compat_sysctl_table(struct nf_proto_net *pn)
> +{
> +#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
> + kfree(pn->ctl_compat_table);
> + pn->ctl_compat_table = NULL;
> +#endif
> +}
> +EXPORT_SYMBOL_GPL(nf_ct_kfree_compat_sysctl_table);
I know, I told you to export this symbol instead of inlining it. But I
overlooked that this will be an empty symbol if systcl is disabled.
So, please recover the ancient patch that you sent that inlines this.
Sorry.
> +
> static
> int nf_ct_l4proto_register_sysctl(struct net *net,
> struct nf_conntrack_l4proto *l4proto)
> @@ -361,8 +370,7 @@ int nf_ct_l4proto_register_sysctl(struct net *net,
> if (err == 0)
> goto out;
>
> - kfree(pn->ctl_compat_table);
> - pn->ctl_compat_table = NULL;
> + nf_ct_kfree_compat_sysctl_table(pn);
> nf_ct_unregister_sysctl(&pn->ctl_table_header,
> &pn->ctl_table,
> &pn->users);
> --
> 1.7.7.6
>
^ permalink raw reply
* Re: [PATCH net-next v2 11/12] netfilter: nf_conntrack_l4proto_icmp cleanup
From: Pablo Neira Ayuso @ 2012-06-16 11:08 UTC (permalink / raw)
To: Gao feng; +Cc: netdev, netfilter-devel
In-Reply-To: <1339818083-31356-11-git-send-email-gaofeng@cn.fujitsu.com>
On Sat, Jun 16, 2012 at 11:41:22AM +0800, Gao feng wrote:
> add two functions icmp_kmemdup_sysctl_table and
> icmp_kmemdup_compat_sysctl_table to make codes more
> clearer.
>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
> net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 44 ++++++++++++++++++++-----
> 1 files changed, 35 insertions(+), 9 deletions(-)
>
> diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
> index 76f7a2f..be7ae4c 100644
> --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
> +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
> @@ -337,34 +337,60 @@ static struct ctl_table icmp_compat_sysctl_table[] = {
> #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
> #endif /* CONFIG_SYSCTL */
>
> -static int icmp_init_net(struct net *net, u_int16_t proto)
> +static int icmp_kmemdup_sysctl_table(struct nf_proto_net *pn)
> {
> - struct nf_icmp_net *in = icmp_pernet(net);
> - struct nf_proto_net *pn = (struct nf_proto_net *)in;
> - in->timeout = nf_ct_icmp_timeout;
> -
> #ifdef CONFIG_SYSCTL
> + struct nf_icmp_net *in = (struct nf_icmp_net *)pn;
> +
> pn->ctl_table = kmemdup(icmp_sysctl_table,
> sizeof(icmp_sysctl_table),
> GFP_KERNEL);
> if (!pn->ctl_table)
> return -ENOMEM;
> +
> pn->ctl_table[0].data = &in->timeout;
> +#endif
> + return 0;
> +}
> +
> +static int icmp_kmemdup_compat_sysctl_table(struct nf_proto_net *pn)
> +{
> +#ifdef CONFIG_SYSCTL
> #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
> + struct nf_icmp_net *in = (struct nf_icmp_net *)pn;
> +
> pn->ctl_compat_table = kmemdup(icmp_compat_sysctl_table,
> sizeof(icmp_compat_sysctl_table),
> GFP_KERNEL);
> - if (!pn->ctl_compat_table) {
> - kfree(pn->ctl_table);
> - pn->ctl_table = NULL;
> + if (!pn->ctl_compat_table)
> return -ENOMEM;
> - }
> +
> pn->ctl_compat_table[0].data = &in->timeout;
> #endif
> #endif
> return 0;
> }
>
> +
extra line unrequiered.
I'm sorry, I'm stressing a lot on this because I don't like abusing
follow-up patches that clean up extra lines / missing lines and that
sort of nitpicks...
> +static int icmp_init_net(struct net *net, u_int16_t proto)
> +{
> + int ret;
> + struct nf_icmp_net *in = icmp_pernet(net);
> + struct nf_proto_net *pn = &in->pn;
> +
> + in->timeout = nf_ct_icmp_timeout;
> +
> + ret = icmp_kmemdup_compat_sysctl_table(pn);
> + if (ret < 0)
> + return ret;
> +
> + ret = icmp_kmemdup_sysctl_table(pn);
> + if (ret < 0)
> + nf_ct_kfree_compat_sysctl_table(pn);
> +
> + return ret;
> +}
> +
> struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly =
> {
> .l3proto = PF_INET,
> --
> 1.7.7.6
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* Re: [PATCH net-next v2 09/12] netfilter: nf_conntrack_l4proto_generic cleanup
From: Pablo Neira Ayuso @ 2012-06-16 11:05 UTC (permalink / raw)
To: Gao feng; +Cc: netdev, netfilter-devel
In-Reply-To: <1339818083-31356-9-git-send-email-gaofeng@cn.fujitsu.com>
On Sat, Jun 16, 2012 at 11:41:20AM +0800, Gao feng wrote:
> some cleanup of nf_conntrack_l4proto_generic,
> split the code to make it more clearer.
>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
> net/netfilter/nf_conntrack_proto_generic.c | 41 ++++++++++++++++++++++-----
> 1 files changed, 33 insertions(+), 8 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
> index d1ed7b4..c8487d1 100644
> --- a/net/netfilter/nf_conntrack_proto_generic.c
> +++ b/net/netfilter/nf_conntrack_proto_generic.c
> @@ -135,34 +135,59 @@ static struct ctl_table generic_compat_sysctl_table[] = {
> #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
> #endif /* CONFIG_SYSCTL */
>
> -static int generic_init_net(struct net *net, u_int16_t proto)
> +static int generic_kmemdup_sysctl_table(struct nf_proto_net *pn)
> {
> - struct nf_generic_net *gn = generic_pernet(net);
> - struct nf_proto_net *pn = (struct nf_proto_net *)gn;
> - gn->timeout = nf_ct_generic_timeout;
> #ifdef CONFIG_SYSCTL
> + struct nf_generic_net *gn = (struct nf_generic_net *)pn;
> +
> pn->ctl_table = kmemdup(generic_sysctl_table,
> sizeof(generic_sysctl_table),
> GFP_KERNEL);
> if (!pn->ctl_table)
> return -ENOMEM;
> +
> pn->ctl_table[0].data = &gn->timeout;
> +#endif
> + return 0;
> +}
>
> +static int generic_kmemdup_compat_sysctl_table(struct nf_proto_net *pn)
> +{
> +#ifdef CONFIG_SYSCTL
> #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
> + struct nf_generic_net *gn = (struct nf_generic_net *)pn;
> +
> pn->ctl_compat_table = kmemdup(generic_compat_sysctl_table,
> sizeof(generic_compat_sysctl_table),
> GFP_KERNEL);
> - if (!pn->ctl_compat_table) {
> - kfree(pn->ctl_table);
> - pn->ctl_table = NULL;
> + if (!pn->ctl_compat_table)
> return -ENOMEM;
> - }
> +
> pn->ctl_compat_table[0].data = &gn->timeout;
> #endif
> #endif
> return 0;
> }
>
> +static int generic_init_net(struct net *net, u_int16_t proto)
> +{
> + int ret;
> + struct nf_generic_net *gn = generic_pernet(net);
> + struct nf_proto_net *pn = &gn->pn;
> +
> + gn->timeout = nf_ct_generic_timeout;
> +
> + ret = generic_kmemdup_compat_sysctl_table(pn);
> + if (ret < 0)
> + return ret;
> +
> + ret = generic_kmemdup_sysctl_table(pn);
better pass generic_kmemdup_sysctl(pn, gn) so we can avoid the casting
above in generic_kmemdup_compat_sysctl_table to obtain gn again.
> + if (ret < 0)
> + nf_ct_kfree_compat_sysctl_table(pn);
> +
> + return ret;
> +}
> +
> struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly =
> {
> .l3proto = PF_UNSPEC,
> --
> 1.7.7.6
>
^ permalink raw reply
* Re: [PATCH net-next v2 05/12] netfilter: merge tcpv[4,6]_net_init into tcp_net_init
From: Pablo Neira Ayuso @ 2012-06-16 10:55 UTC (permalink / raw)
To: Gao feng; +Cc: netdev, netfilter-devel
In-Reply-To: <1339818083-31356-5-git-send-email-gaofeng@cn.fujitsu.com>
On Sat, Jun 16, 2012 at 11:41:16AM +0800, Gao feng wrote:
> merge tcpv4_net_init and tcpv6_net_init into tcp_net_init to
> reduce the redundancy codes.
>
> and use nf_proto_net.users to identify if it's the first time
> we use the nf_proto_net. when it's the first time,we will
> initialized it.
>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
> net/netfilter/nf_conntrack_proto_tcp.c | 61 ++++++++-----------------------
> 1 files changed, 16 insertions(+), 45 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
> index 6db9d3c..f2dda9e 100644
> --- a/net/netfilter/nf_conntrack_proto_tcp.c
> +++ b/net/netfilter/nf_conntrack_proto_tcp.c
> @@ -1593,18 +1593,14 @@ static int tcp_kmemdup_compat_sysctl_table(struct nf_proto_net *pn)
> return 0;
> }
>
> -static int tcpv4_init_net(struct net *net, u_int16_t proto)
> +static int tcp_init_net(struct net *net, u_int16_t proto)
> {
> - int i;
> - int ret = 0;
> + int ret;
> struct nf_tcp_net *tn = tcp_pernet(net);
> - struct nf_proto_net *pn = (struct nf_proto_net *)tn;
> + struct nf_proto_net *pn = &tn->pn;
>
> -#ifdef CONFIG_SYSCTL
> - if (!pn->ctl_table) {
> -#else
> - if (!pn->users++) {
> -#endif
> + if (!pn->users) {
> + int i;
Extra line missing after int i;
> for (i = 0; i < TCP_CONNTRACK_TIMEOUT_MAX; i++)
> tn->timeouts[i] = tcp_timeouts[i];
>
> @@ -1613,45 +1609,20 @@ static int tcpv4_init_net(struct net *net, u_int16_t proto)
> tn->tcp_max_retrans = nf_ct_tcp_max_retrans;
> }
>
> - ret = tcp_kmemdup_compat_sysctl_table(pn);
> + if (proto == AF_INET) {
> + ret = tcp_kmemdup_compat_sysctl_table(pn);
> + if (ret < 0)
> + return ret;
>
> - if (ret < 0)
> - return ret;
> + ret = tcp_kmemdup_sysctl_table(pn);
> + if (ret < 0)
> + nf_ct_kfree_compat_sysctl_table(pn);
> + } else
> + ret = tcp_kmemdup_sysctl_table(pn);
>
> - ret = tcp_kmemdup_sysctl_table(pn);
> -
> -#ifdef CONFIG_SYSCTL
> -#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
> - if (ret < 0) {
> - kfree(pn->ctl_compat_table);
> - pn->ctl_compat_table = NULL;
> - }
> -#endif
> -#endif
> return ret;
> }
>
> -static int tcpv6_init_net(struct net *net, u_int16_t proto)
> -{
> - int i;
> - struct nf_tcp_net *tn = tcp_pernet(net);
> - struct nf_proto_net *pn = (struct nf_proto_net *)tn;
> -
> -#ifdef CONFIG_SYSCTL
> - if (!pn->ctl_table) {
> -#else
> - if (!pn->users++) {
> -#endif
> - for (i = 0; i < TCP_CONNTRACK_TIMEOUT_MAX; i++)
> - tn->timeouts[i] = tcp_timeouts[i];
> - tn->tcp_loose = nf_ct_tcp_loose;
> - tn->tcp_be_liberal = nf_ct_tcp_be_liberal;
> - tn->tcp_max_retrans = nf_ct_tcp_max_retrans;
> - }
> -
> - return tcp_kmemdup_sysctl_table(pn);
> -}
> -
> struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 __read_mostly =
> {
> .l3proto = PF_INET,
> @@ -1684,7 +1655,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 __read_mostly =
> .nla_policy = tcp_timeout_nla_policy,
> },
> #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
> - .init_net = tcpv4_init_net,
> + .init_net = tcp_init_net,
> };
> EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp4);
>
> @@ -1720,6 +1691,6 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 __read_mostly =
> .nla_policy = tcp_timeout_nla_policy,
> },
> #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
> - .init_net = tcpv6_init_net,
> + .init_net = tcp_init_net,
> };
> EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp6);
> --
> 1.7.7.6
>
^ permalink raw reply
* Re: [PATCH net-next v2 04/12] netfilter: regard users as refcount for l4proto's per-net data
From: Pablo Neira Ayuso @ 2012-06-16 10:54 UTC (permalink / raw)
To: Gao feng; +Cc: netdev, netfilter-devel
In-Reply-To: <1339818083-31356-4-git-send-email-gaofeng@cn.fujitsu.com>
On Sat, Jun 16, 2012 at 11:41:15AM +0800, Gao feng wrote:
> Now, nf_proto_net's users is confusing.
> we should regard it as the refcount for l4proto's per-net data,
> because maybe there are two l4protos use the same per-net data.
>
> so increment pn->users when nf_conntrack_l4proto_register
> success, and decrement it for nf_conntrack_l4_unregister case.
>
> because nf_conntrack_l3proto_ipv[4|6] don't use the same per-net
> data,so we don't need to add a refcnt for their per-net data.
>
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
> net/netfilter/nf_conntrack_proto.c | 71 +++++++++++++++++++++++-------------
> 1 files changed, 46 insertions(+), 25 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
> index 1033ee6..86dbf9d 100644
> --- a/net/netfilter/nf_conntrack_proto.c
> +++ b/net/netfilter/nf_conntrack_proto.c
> @@ -39,16 +39,13 @@ static int
> nf_ct_register_sysctl(struct net *net,
> struct ctl_table_header **header,
> const char *path,
> - struct ctl_table *table,
> - unsigned int *users)
> + struct ctl_table *table)
> {
> if (*header == NULL) {
> *header = register_net_sysctl(net, path, table);
> if (*header == NULL)
> return -ENOMEM;
> }
> - if (users != NULL)
> - (*users)++;
>
> return 0;
> }
> @@ -58,7 +55,7 @@ nf_ct_unregister_sysctl(struct ctl_table_header **header,
> struct ctl_table **table,
> unsigned int *users)
> {
> - if (users != NULL && --*users > 0)
> + if (users != NULL && *users > 0)
We're not decrementing users anymore. Use unsigned int users instead.
Pass 0 for the layer 3 case to emulate the users refcnt.
> return;
>
> unregister_net_sysctl_table(*header);
> @@ -191,8 +188,8 @@ static int nf_ct_l3proto_register_sysctl(struct net *net,
> err = nf_ct_register_sysctl(net,
> &in->ctl_table_header,
> l3proto->ctl_table_path,
> - in->ctl_table,
> - NULL);
> + in->ctl_table);
> +
> if (err < 0) {
> kfree(in->ctl_table);
> in->ctl_table = NULL;
> @@ -338,20 +335,17 @@ EXPORT_SYMBOL_GPL(nf_ct_kfree_compat_sysctl_table);
>
> static
> int nf_ct_l4proto_register_sysctl(struct net *net,
> + struct nf_proto_net *pn,
> struct nf_conntrack_l4proto *l4proto)
> {
> int err = 0;
> - struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto);
> - if (pn == NULL)
> - return 0;
>
> #ifdef CONFIG_SYSCTL
> if (pn->ctl_table != NULL) {
> err = nf_ct_register_sysctl(net,
> &pn->ctl_table_header,
> "net/netfilter",
> - pn->ctl_table,
> - &pn->users);
> + pn->ctl_table);
> if (err < 0) {
> if (!pn->users) {
> kfree(pn->ctl_table);
> @@ -365,8 +359,7 @@ int nf_ct_l4proto_register_sysctl(struct net *net,
> err = nf_ct_register_sysctl(net,
> &pn->ctl_compat_header,
> "net/ipv4/netfilter",
> - pn->ctl_compat_table,
> - NULL);
> + pn->ctl_compat_table);
> if (err == 0)
> goto out;
>
> @@ -383,11 +376,9 @@ out:
>
> static
> void nf_ct_l4proto_unregister_sysctl(struct net *net,
> + struct nf_proto_net *pn,
> struct nf_conntrack_l4proto *l4proto)
> {
> - struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto);
> - if (pn == NULL)
> - return;
> #ifdef CONFIG_SYSCTL
> if (pn->ctl_table_header != NULL)
> nf_ct_unregister_sysctl(&pn->ctl_table_header,
> @@ -400,8 +391,6 @@ void nf_ct_l4proto_unregister_sysctl(struct net *net,
> &pn->ctl_compat_table,
> NULL);
> #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
> -#else
> - pn->users--;
> #endif /* CONFIG_SYSCTL */
> }
>
> @@ -467,22 +456,33 @@ int nf_conntrack_l4proto_register(struct net *net,
> struct nf_conntrack_l4proto *l4proto)
> {
> int ret = 0;
> +
why this extra line above?
> + struct nf_proto_net *pn = NULL;
> +
> if (l4proto->init_net) {
> ret = l4proto->init_net(net, l4proto->l3proto);
> if (ret < 0)
> - return ret;
> + goto out;
> }
>
> - ret = nf_ct_l4proto_register_sysctl(net, l4proto);
> + pn = nf_ct_l4proto_net(net, l4proto);
> + if (pn == NULL)
> + goto out;
> +
> + ret = nf_ct_l4proto_register_sysctl(net, pn, l4proto);
> if (ret < 0)
> - return ret;
> + goto out;
>
> if (net == &init_net) {
> ret = nf_conntrack_l4proto_register_net(l4proto);
> - if (ret < 0)
> - nf_ct_l4proto_unregister_sysctl(net, l4proto);
> + if (ret < 0) {
> + nf_ct_l4proto_unregister_sysctl(net, pn, l4proto);
> + goto out;
> + }
> }
>
> + pn->users++;
> +out:
> return ret;
> }
> EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_register);
> @@ -507,10 +507,17 @@ nf_conntrack_l4proto_unregister_net(struct nf_conntrack_l4proto *l4proto)
> void nf_conntrack_l4proto_unregister(struct net *net,
> struct nf_conntrack_l4proto *l4proto)
> {
> + struct nf_proto_net *pn = NULL;
> if (net == &init_net)
> nf_conntrack_l4proto_unregister_net(l4proto);
>
> - nf_ct_l4proto_unregister_sysctl(net, l4proto);
> + pn = nf_ct_l4proto_net(net, l4proto);
> + if (pn == NULL)
> + return;
> +
> + pn->users--;
> + nf_ct_l4proto_unregister_sysctl(net, pn, l4proto);
> +
> /* Remove all contrack entries for this protocol */
> rtnl_lock();
> nf_ct_iterate_cleanup(net, kill_l4proto, l4proto);
> @@ -522,11 +529,15 @@ int nf_conntrack_proto_init(struct net *net)
> {
> unsigned int i;
> int err;
> + struct nf_proto_net *pn = nf_ct_l4proto_net(net,
> + &nf_conntrack_l4proto_generic);
> +
> err = nf_conntrack_l4proto_generic.init_net(net,
> nf_conntrack_l4proto_generic.l3proto);
> if (err < 0)
> return err;
> err = nf_ct_l4proto_register_sysctl(net,
> + pn,
> &nf_conntrack_l4proto_generic);
> if (err < 0)
> return err;
> @@ -536,13 +547,23 @@ int nf_conntrack_proto_init(struct net *net)
> rcu_assign_pointer(nf_ct_l3protos[i],
> &nf_conntrack_l3proto_generic);
> }
> +
> + /* increase generic proto's nf_proto_net refcnt */
> + pn->users++;
> +
> return 0;
> }
>
> void nf_conntrack_proto_fini(struct net *net)
> {
> unsigned int i;
> + struct nf_proto_net *pn = nf_ct_l4proto_net(net,
> + &nf_conntrack_l4proto_generic);
> +
> + /* decrease generic proto's nf_proto_net refcnt */
I asked you to remove this comment, it's superfluous.
> + pn->users--;
> nf_ct_l4proto_unregister_sysctl(net,
> + pn,
> &nf_conntrack_l4proto_generic);
> if (net == &init_net) {
> /* free l3proto protocol tables */
> --
> 1.7.7.6
>
^ permalink raw reply
* Re: [PATCH net-next v2 01/12] netfilter: fix problem with proto register
From: Pablo Neira Ayuso @ 2012-06-16 10:50 UTC (permalink / raw)
To: Gao feng; +Cc: netdev, netfilter-devel
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
On Sat, Jun 16, 2012 at 11:41:12AM +0800, Gao feng wrote:
> commit 2c352f444ccfa966a1aa4fd8e9ee29381c467448
> (netfilter: nf_conntrack: prepare namespace support for
> l4 protocol trackers) register proto before register sysctl.
>
> it changes the behavior that when register sysctl failed, the
> proto should not be registered too.
>
> so change to register sysctl before register protos.
Could you explain why we need to change the order in the registration?
ie. now first proto->init_net then sysctl things.
> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
> net/netfilter/nf_conntrack_proto.c | 37 ++++++++++++++++++++++-------------
> 1 files changed, 23 insertions(+), 14 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
> index 1ea9194..a434dd7 100644
> --- a/net/netfilter/nf_conntrack_proto.c
> +++ b/net/netfilter/nf_conntrack_proto.c
> @@ -253,18 +253,23 @@ int nf_conntrack_l3proto_register(struct net *net,
> {
> int ret = 0;
>
> - if (net == &init_net)
> - ret = nf_conntrack_l3proto_register_net(proto);
> + if (proto->init_net) {
> + ret = proto->init_net(net);
> + if (ret < 0)
> + return ret;
> + }
>
> + ret = nf_ct_l3proto_register_sysctl(net, proto);
> if (ret < 0)
> return ret;
>
> - if (proto->init_net) {
> - ret = proto->init_net(net);
> + if (net == &init_net) {
> + ret = nf_conntrack_l3proto_register_net(proto);
> if (ret < 0)
> - return ret;
> + nf_ct_l3proto_unregister_sysctl(net, proto);
> }
> - return nf_ct_l3proto_register_sysctl(net, proto);
> +
> + return ret;
> }
> EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_register);
>
> @@ -454,19 +459,23 @@ int nf_conntrack_l4proto_register(struct net *net,
> struct nf_conntrack_l4proto *l4proto)
> {
> int ret = 0;
> - if (net == &init_net)
> - ret = nf_conntrack_l4proto_register_net(l4proto);
> -
> - if (ret < 0)
> - return ret;
> -
> - if (l4proto->init_net)
> + if (l4proto->init_net) {
> ret = l4proto->init_net(net);
> + if (ret < 0)
> + return ret;
> + }
>
> + ret = nf_ct_l4proto_register_sysctl(net, l4proto);
> if (ret < 0)
> return ret;
>
> - return nf_ct_l4proto_register_sysctl(net, l4proto);
> + if (net == &init_net) {
> + ret = nf_conntrack_l4proto_register_net(l4proto);
> + if (ret < 0)
> + nf_ct_l4proto_unregister_sysctl(net, l4proto);
> + }
> +
> + return ret;
> }
> EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_register);
>
> --
> 1.7.7.6
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* Re: [PATCH] ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route
From: Sedat Dilek @ 2012-06-16 9:46 UTC (permalink / raw)
To: David Miller; +Cc: netdev, Thomas Graf
Hi,
I pulled net.git#master on top of latest Linus upstream GIT.
The revert [1] fixes machine's kernel-panic.
Thanks.
Regards,
- Sedat -
[1] http://git.kernel.org/?p=linux/kernel/git/davem/net.git;a=commitdiff;h=e8803b6c387129059e04d9e14d49efda250a7361
^ permalink raw reply
* Re: [PATCH 02.5] mm: sl[au]b: first remove PFMEMALLOC flag then SLAB flag
From: Cong Wang @ 2012-06-16 8:14 UTC (permalink / raw)
To: linux-mm; +Cc: netdev, linux-kernel
In-Reply-To: <20120615155432.GA5498@breakpoint.cc>
On Fri, 15 Jun 2012 at 15:54 GMT, Sebastian Andrzej Siewior <sebastian@breakpoint.cc> wrote:
> From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
>
> If we first remove the SLAB flag followed by the PFMEMALLOC flag then the
> removal of the latter will trigger the VM_BUG_ON() as it can be seen in
>| kernel BUG at include/linux/page-flags.h:474!
>| invalid opcode: 0000 [#1] PREEMPT SMP
>| Call Trace:
>| [<c10e2d77>] slab_destroy+0x27/0x70
>| [<c10e3285>] drain_freelist+0x55/0x90
>| [<c10e344e>] __cache_shrink+0x6e/0x90
>| [<c14e3211>] ? acpi_sleep_init+0xcf/0xcf
>| [<c10e349d>] kmem_cache_shrink+0x2d/0x40
>
> because the SLAB flag is gone. This patch simply changes the order.
>
It would be nicer if we add some comments in the code. ;)
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
^ permalink raw reply
* Re: [PATCH] ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route
From: David Miller @ 2012-06-16 8:13 UTC (permalink / raw)
To: nhorman; +Cc: tgraf, netdev
In-Reply-To: <20120615.221502.1196734470412725503.davem@davemloft.net>
From: David Miller <davem@davemloft.net>
Date: Fri, 15 Jun 2012 22:15:02 -0700 (PDT)
> We will now initialize fib6_init() before ip6_net_route_net_ops is registerd.
>
> This causes fib6_net_init() to run before net->ipv6.ip6_null_entry it
> initialized.
>
> Any route lookup will crash when we dereference a root's ->leaf
> because it will be NULL.
I've decided to revert this change for now.
^ permalink raw reply
* RE: [PATCH] bnx2x: fix panic when TX ring is full
From: Dmitry Kravkov @ 2012-06-16 7:40 UTC (permalink / raw)
To: 'David Miller', eric.dumazet@gmail.com
Cc: netdev@vger.kernel.org, therbert@google.com, evansr@google.com,
Eilon Greenstein, Merav Sicron, Yaniv Rosner, willemb@google.com,
thruby@google.com
In-Reply-To: <20120615.153049.103988387813257203.davem@davemloft.net>
Hi Eric and Tomas
> From: netdev-owner@vger.kernel.org [mailto:netdev-
> owner@vger.kernel.org] On Behalf Of David Miller
> Sent: Saturday, June 16, 2012 1:31 AM
> To: eric.dumazet@gmail.com
> Cc: netdev@vger.kernel.org; therbert@google.com; evansr@google.com;
> Eilon Greenstein; Merav Sicron; Yaniv Rosner; willemb@google.com;
> thruby@google.com
> Subject: Re: [PATCH] bnx2x: fix panic when TX ring is full
>
> From: Eric Dumazet <eric.dumazet@gmail.com>
> Date: Wed, 13 Jun 2012 21:45:16 +0200
>
> > From: Eric Dumazet <edumazet@google.com>
> >
> > There is a off by one error in the minimal number of BD in
> > bnx2x_start_xmit() and bnx2x_tx_int() before stopping/resuming tx
> queue.
> >
> > A full size GSO packet, with data included in skb->head really needs
> > (MAX_SKB_FRAGS + 4) BDs, because of bnx2x_tx_split()
> >
> > This error triggers if BQL is disabled and heavy TCP transmit traffic
> > occurs.
> >
> > bnx2x_tx_split() definitely can be called, remove a wrong comment.
> >
> > Reported-by: Tomas Hruby <thruby@google.com>
> > Signed-off-by: Eric Dumazet <edumazet@google.com>
Theoretically a can't see how we can reach the case with 4 BDs required apart of frags,
Usually we need 2, when split invoked 3:
1.Start
2.Start(split)
3.Parsing
+ Frags
Next pages descriptors and 2 extras for full indication are not counted as available.
Practically I'm running the traffic for more then a day without hitting the panic.
Can you describe the scenario you reproduced this in details? And which code has paniced?
Thanks
> I got tired of waiting for the Broadcom "maintainers" to review this, so I just
> applied it to 'net', thanks Eric.
^ permalink raw reply
* Re: [PATCH] ipv6: Prevent access to uninitialized fib_table_hash via /proc/net/ipv6_route
From: David Miller @ 2012-06-16 5:15 UTC (permalink / raw)
To: nhorman; +Cc: tgraf, netdev
In-Reply-To: <20120615.153240.1699971156820399680.davem@davemloft.net>
From: David Miller <davem@davemloft.net>
Date: Fri, 15 Jun 2012 15:32:40 -0700 (PDT)
> From: Neil Horman <nhorman@tuxdriver.com>
> Date: Fri, 15 Jun 2012 06:56:55 -0400
>
>> On Fri, Jun 15, 2012 at 11:00:17AM +0200, Thomas Graf wrote:
>>> /proc/net/ipv6_route reflects the contents of fib_table_hash. The proc
>>> handler is installed in ip6_route_net_init() whereas fib_table_hash is
>>> allocated in fib6_net_init() _after_ the proc handler has been installed.
>>>
>>> This opens up a short time frame to access fib_table_hash with its pants
>>> down.
>>>
>>> fib6_init() as a whole can't be moved to an earlier position as it also
>>> registers the rtnetlink message handlers which should be registered at
>>> the end. Therefore split it into fib6_init() which is run early and
>>> fib6_init_late() to register the rtnetlink message handlers.
>>>
>>> Signed-off-by: Thomas Graf <tgraf@suug.ch>
>> Reviewed-by: Neil Horman <nhorman@tuxdriver.com>
>
> Applied.
>
> Since you're snooping around in here, you might notice that on network
> namespace shutdown, we leak all user configured ipv6 FIB rules.
Thomas, this patch is buggy.
We will now initialize fib6_init() before ip6_net_route_net_ops is registerd.
This causes fib6_net_init() to run before net->ipv6.ip6_null_entry it
initialized.
Any route lookup will crash when we dereference a root's ->leaf
because it will be NULL.
Please test your changes more thoroughly.
^ permalink raw reply
* Re: [PATCH 0/8] dcbnl: Major simplifications
From: John Fastabend @ 2012-06-16 3:53 UTC (permalink / raw)
To: Thomas Graf; +Cc: alexander.h.duyck, David Miller, netdev, lucy.liu
In-Reply-To: <20120615072659.GD29738@canuck.infradead.org>
On 6/15/2012 12:26 AM, Thomas Graf wrote:
> On Thu, Jun 14, 2012 at 09:06:20AM -0700, John Fastabend wrote:
>> On 6/14/2012 12:54 AM, Thomas Graf wrote:
>>> On Wed, Jun 13, 2012 at 03:55:41PM -0700, David Miller wrote:
>>>> Lots of deleted code, I like it :-)
>>>>
>>>> Applied, but could you send a follow-on patch to use BUG_ON() instead
>>>> of that "if (!ptr) { /* ... */ BUG(); }" construct?
>>>
>>> Sure, I must have had a weak moment right there :)
>>>
>>
>> Nice! I'm a bit late but dumped this into my dcbnl netlink test kit
>> and everything looks good so...
>
> Thank you for testing John. Are you referring to lldp/test/nltest.c?
> I only discovered it after you mentioned a test kit. I've been feeding
> a list of commands through dcbtool for testing so far.
>
nltest works OK, I've got a variant here that I use to send/read
messages and also check the hardware registers on 82599. 'dcbtool'
works fine as well.
If I get some time I'll update nltest on open-lldp.
> BTW, I believe you mentioned at some point, that there is a patch
> available allowing non net_device based DCB users to use dcbnl.
> Otherwise I would start with the effort :)
>
Nope patch doesn't exist. I've been threatening to do it for awhile
now but haven't got to it. Yes please start it :)
I talked about it here once although it might be a bit out dated
now and I think if you have a lookup function then other things
besides scsci_hosts could be added easily,
http://www.linuxplumbersconf.org/2011/ocw/system/presentations/561/original/Plumbers2011.pdf
Thanks!
John
^ permalink raw reply
* [PATCH net-next v2 07/12] netfilter: nf_conntrack_l4proto_udplite[4,6] cleanup
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
some cleanup for nf_conntrack_l4proto_udplite[4,6],
make codes more clearer and ready for moving the
sysctl code to nf_conntrack_proto_*_sysctl.c to
reduce the ifdef pollution.
and use nf_proto_net.users to identify if it's the first time
we use the nf_proto_net. when it's the first time,we will
initialized it.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/netfilter/nf_conntrack_proto_udplite.c | 43 +++++++++++++++++-----------
1 files changed, 26 insertions(+), 17 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_udplite.c b/net/netfilter/nf_conntrack_proto_udplite.c
index d33e511..00bb3f6 100644
--- a/net/netfilter/nf_conntrack_proto_udplite.c
+++ b/net/netfilter/nf_conntrack_proto_udplite.c
@@ -234,29 +234,38 @@ static struct ctl_table udplite_sysctl_table[] = {
};
#endif /* CONFIG_SYSCTL */
-static int udplite_init_net(struct net *net, u_int16_t proto)
+static int udplite_kmemdup_sysctl_table(struct nf_proto_net *pn)
{
- int i;
- struct udplite_net *un = udplite_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)un;
#ifdef CONFIG_SYSCTL
- if (!pn->ctl_table) {
-#else
- if (!pn->users++) {
+ struct udplite_net *un = (struct udplite_net *)pn;
+
+ if (pn->ctl_table)
+ return 0;
+
+ pn->ctl_table = kmemdup(udplite_sysctl_table,
+ sizeof(udplite_sysctl_table),
+ GFP_KERNEL);
+ if (!pn->ctl_table)
+ return -ENOMEM;
+
+ pn->ctl_table[0].data = &un->timeouts[UDPLITE_CT_UNREPLIED];
+ pn->ctl_table[1].data = &un->timeouts[UDPLITE_CT_REPLIED];
#endif
+ return 0;
+}
+
+static int udplite_init_net(struct net *net, u_int16_t proto)
+{
+ struct udplite_net *un = udplite_pernet(net);
+ struct nf_proto_net *pn = &un->pn;
+
+ if (!pn->users) {
+ int i;
for (i = 0 ; i < UDPLITE_CT_MAX; i++)
un->timeouts[i] = udplite_timeouts[i];
-#ifdef CONFIG_SYSCTL
- pn->ctl_table = kmemdup(udplite_sysctl_table,
- sizeof(udplite_sysctl_table),
- GFP_KERNEL);
- if (!pn->ctl_table)
- return -ENOMEM;
- pn->ctl_table[0].data = &un->timeouts[UDPLITE_CT_UNREPLIED];
- pn->ctl_table[1].data = &un->timeouts[UDPLITE_CT_REPLIED];
-#endif
}
- return 0;
+
+ return udplite_kmemdup_sysctl_table(pn);
}
static struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite4 __read_mostly =
--
1.7.7.6
^ permalink raw reply related
* [PATCH net-next v2 01/12] netfilter: fix problem with proto register
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
commit 2c352f444ccfa966a1aa4fd8e9ee29381c467448
(netfilter: nf_conntrack: prepare namespace support for
l4 protocol trackers) register proto before register sysctl.
it changes the behavior that when register sysctl failed, the
proto should not be registered too.
so change to register sysctl before register protos.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/netfilter/nf_conntrack_proto.c | 37 ++++++++++++++++++++++-------------
1 files changed, 23 insertions(+), 14 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 1ea9194..a434dd7 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -253,18 +253,23 @@ int nf_conntrack_l3proto_register(struct net *net,
{
int ret = 0;
- if (net == &init_net)
- ret = nf_conntrack_l3proto_register_net(proto);
+ if (proto->init_net) {
+ ret = proto->init_net(net);
+ if (ret < 0)
+ return ret;
+ }
+ ret = nf_ct_l3proto_register_sysctl(net, proto);
if (ret < 0)
return ret;
- if (proto->init_net) {
- ret = proto->init_net(net);
+ if (net == &init_net) {
+ ret = nf_conntrack_l3proto_register_net(proto);
if (ret < 0)
- return ret;
+ nf_ct_l3proto_unregister_sysctl(net, proto);
}
- return nf_ct_l3proto_register_sysctl(net, proto);
+
+ return ret;
}
EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_register);
@@ -454,19 +459,23 @@ int nf_conntrack_l4proto_register(struct net *net,
struct nf_conntrack_l4proto *l4proto)
{
int ret = 0;
- if (net == &init_net)
- ret = nf_conntrack_l4proto_register_net(l4proto);
-
- if (ret < 0)
- return ret;
-
- if (l4proto->init_net)
+ if (l4proto->init_net) {
ret = l4proto->init_net(net);
+ if (ret < 0)
+ return ret;
+ }
+ ret = nf_ct_l4proto_register_sysctl(net, l4proto);
if (ret < 0)
return ret;
- return nf_ct_l4proto_register_sysctl(net, l4proto);
+ if (net == &init_net) {
+ ret = nf_conntrack_l4proto_register_net(l4proto);
+ if (ret < 0)
+ nf_ct_l4proto_unregister_sysctl(net, l4proto);
+ }
+
+ return ret;
}
EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_register);
--
1.7.7.6
^ permalink raw reply related
* [PATCH net-next v2 10/12] netfilter: nf_conntrack_l4proto_dccp[4,6] cleanup
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
some cleanup of nf_conntrack_l4proto_dccp[4,6],
make codes more clearer and ready for moving the
sysctl code to nf_conntrack_proto_*_sysctl.c to
reduce the ifdef pollution.
and use nf_proto_net.users to identify if it's the first time
we use the nf_proto_net. when it's the first time,we will
initialized it.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/netfilter/nf_conntrack_proto_dccp.c | 55 +++++++++++++++++-------------
1 files changed, 31 insertions(+), 24 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
index 52da8f0..962a145 100644
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
@@ -387,7 +387,7 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] =
/* this module per-net specifics */
static int dccp_net_id __read_mostly;
struct dccp_net {
- struct nf_proto_net np;
+ struct nf_proto_net pn;
int dccp_loose;
unsigned int dccp_timeout[CT_DCCP_MAX + 1];
};
@@ -815,16 +815,38 @@ static struct ctl_table dccp_sysctl_table[] = {
};
#endif /* CONFIG_SYSCTL */
+static int dccp_kmemdup_sysctl_table(struct nf_proto_net *pn)
+{
+#ifdef CONFIG_SYSCTL
+ struct dccp_net *dn = (struct dccp_net *)pn;
+
+ if (pn->ctl_table)
+ return 0;
+
+ pn->ctl_table = kmemdup(dccp_sysctl_table,
+ sizeof(dccp_sysctl_table),
+ GFP_KERNEL);
+ if (!pn->ctl_table)
+ return -ENOMEM;
+
+ pn->ctl_table[0].data = &dn->dccp_timeout[CT_DCCP_REQUEST];
+ pn->ctl_table[1].data = &dn->dccp_timeout[CT_DCCP_RESPOND];
+ pn->ctl_table[2].data = &dn->dccp_timeout[CT_DCCP_PARTOPEN];
+ pn->ctl_table[3].data = &dn->dccp_timeout[CT_DCCP_OPEN];
+ pn->ctl_table[4].data = &dn->dccp_timeout[CT_DCCP_CLOSEREQ];
+ pn->ctl_table[5].data = &dn->dccp_timeout[CT_DCCP_CLOSING];
+ pn->ctl_table[6].data = &dn->dccp_timeout[CT_DCCP_TIMEWAIT];
+ pn->ctl_table[7].data = &dn->dccp_loose;
+#endif
+ return 0;
+}
+
static int dccp_init_net(struct net *net, u_int16_t proto)
{
struct dccp_net *dn = dccp_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)dn;
+ struct nf_proto_net *pn = &dn->pn;
-#ifdef CONFIG_SYSCTL
- if (!pn->ctl_table) {
-#else
- if (!pn->users++) {
-#endif
+ if (!pn->users) {
/* default values */
dn->dccp_loose = 1;
dn->dccp_timeout[CT_DCCP_REQUEST] = 2 * DCCP_MSL;
@@ -834,24 +856,9 @@ static int dccp_init_net(struct net *net, u_int16_t proto)
dn->dccp_timeout[CT_DCCP_CLOSEREQ] = 64 * HZ;
dn->dccp_timeout[CT_DCCP_CLOSING] = 64 * HZ;
dn->dccp_timeout[CT_DCCP_TIMEWAIT] = 2 * DCCP_MSL;
-#ifdef CONFIG_SYSCTL
- pn->ctl_table = kmemdup(dccp_sysctl_table,
- sizeof(dccp_sysctl_table),
- GFP_KERNEL);
- if (!pn->ctl_table)
- return -ENOMEM;
-
- pn->ctl_table[0].data = &dn->dccp_timeout[CT_DCCP_REQUEST];
- pn->ctl_table[1].data = &dn->dccp_timeout[CT_DCCP_RESPOND];
- pn->ctl_table[2].data = &dn->dccp_timeout[CT_DCCP_PARTOPEN];
- pn->ctl_table[3].data = &dn->dccp_timeout[CT_DCCP_OPEN];
- pn->ctl_table[4].data = &dn->dccp_timeout[CT_DCCP_CLOSEREQ];
- pn->ctl_table[5].data = &dn->dccp_timeout[CT_DCCP_CLOSING];
- pn->ctl_table[6].data = &dn->dccp_timeout[CT_DCCP_TIMEWAIT];
- pn->ctl_table[7].data = &dn->dccp_loose;
-#endif
}
- return 0;
+
+ return dccp_kmemdup_sysctl_table(pn);
}
static struct nf_conntrack_l4proto dccp_proto4 __read_mostly = {
--
1.7.7.6
^ permalink raw reply related
* [PATCH net-next v2 11/12] netfilter: nf_conntrack_l4proto_icmp cleanup
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
add two functions icmp_kmemdup_sysctl_table and
icmp_kmemdup_compat_sysctl_table to make codes more
clearer.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 44 ++++++++++++++++++++-----
1 files changed, 35 insertions(+), 9 deletions(-)
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 76f7a2f..be7ae4c 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -337,34 +337,60 @@ static struct ctl_table icmp_compat_sysctl_table[] = {
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
#endif /* CONFIG_SYSCTL */
-static int icmp_init_net(struct net *net, u_int16_t proto)
+static int icmp_kmemdup_sysctl_table(struct nf_proto_net *pn)
{
- struct nf_icmp_net *in = icmp_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)in;
- in->timeout = nf_ct_icmp_timeout;
-
#ifdef CONFIG_SYSCTL
+ struct nf_icmp_net *in = (struct nf_icmp_net *)pn;
+
pn->ctl_table = kmemdup(icmp_sysctl_table,
sizeof(icmp_sysctl_table),
GFP_KERNEL);
if (!pn->ctl_table)
return -ENOMEM;
+
pn->ctl_table[0].data = &in->timeout;
+#endif
+ return 0;
+}
+
+static int icmp_kmemdup_compat_sysctl_table(struct nf_proto_net *pn)
+{
+#ifdef CONFIG_SYSCTL
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
+ struct nf_icmp_net *in = (struct nf_icmp_net *)pn;
+
pn->ctl_compat_table = kmemdup(icmp_compat_sysctl_table,
sizeof(icmp_compat_sysctl_table),
GFP_KERNEL);
- if (!pn->ctl_compat_table) {
- kfree(pn->ctl_table);
- pn->ctl_table = NULL;
+ if (!pn->ctl_compat_table)
return -ENOMEM;
- }
+
pn->ctl_compat_table[0].data = &in->timeout;
#endif
#endif
return 0;
}
+
+static int icmp_init_net(struct net *net, u_int16_t proto)
+{
+ int ret;
+ struct nf_icmp_net *in = icmp_pernet(net);
+ struct nf_proto_net *pn = &in->pn;
+
+ in->timeout = nf_ct_icmp_timeout;
+
+ ret = icmp_kmemdup_compat_sysctl_table(pn);
+ if (ret < 0)
+ return ret;
+
+ ret = icmp_kmemdup_sysctl_table(pn);
+ if (ret < 0)
+ nf_ct_kfree_compat_sysctl_table(pn);
+
+ return ret;
+}
+
struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly =
{
.l3proto = PF_INET,
--
1.7.7.6
^ permalink raw reply related
* [PATCH net-next v2 12/12] netfilter: nf_conntrack_l4proto_icmpv6 cleanup
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
add function icmpv6_kmemdup_sysctl_table to make codes
more clearer.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 18 ++++++++++++++----
1 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index 807ae09..5ef2c9d 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -333,22 +333,32 @@ static struct ctl_table icmpv6_sysctl_table[] = {
};
#endif /* CONFIG_SYSCTL */
-static int icmpv6_init_net(struct net *net, u_int16_t proto)
+static int icmpv6_kmemdup_sysctl_table(struct nf_proto_net *pn)
{
- struct nf_icmp_net *in = icmpv6_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)in;
- in->timeout = nf_ct_icmpv6_timeout;
#ifdef CONFIG_SYSCTL
+ struct nf_icmp_net *in = (struct nf_icmp_net *)pn;
+
pn->ctl_table = kmemdup(icmpv6_sysctl_table,
sizeof(icmpv6_sysctl_table),
GFP_KERNEL);
if (!pn->ctl_table)
return -ENOMEM;
+
pn->ctl_table[0].data = &in->timeout;
#endif
return 0;
}
+static int icmpv6_init_net(struct net *net, u_int16_t proto)
+{
+ struct nf_icmp_net *in = icmpv6_pernet(net);
+ struct nf_proto_net *pn = &in->pn;
+
+ in->timeout = nf_ct_icmpv6_timeout;
+
+ return icmpv6_kmemdup_sysctl_table(pn);
+}
+
struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly =
{
.l3proto = PF_INET6,
--
1.7.7.6
^ permalink raw reply related
* [PATCH net-next v2 08/12] netfilter: merge sctpv[4,6]_net_init into sctp_net_init
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
merge sctpv4_net_init and sctpv6_net_init into sctp_net_init to
reduce the redundancy codes.
and use nf_proto_net.users to identify if it's the first time
we use the nf_proto_net. when it's the first time,we will
initialized it.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/netfilter/nf_conntrack_proto_sctp.c | 58 +++++++++---------------------
1 files changed, 18 insertions(+), 40 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index 1e7836c..dfad67e 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -707,19 +707,6 @@ static struct ctl_table sctp_compat_sysctl_table[] = {
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
#endif
-static void sctp_init_net_data(struct sctp_net *sn)
-{
- int i;
-#ifdef CONFIG_SYSCTL
- if (!sn->pn.ctl_table) {
-#else
- if (!sn->pn.users++) {
-#endif
- for (i = 0; i < SCTP_CONNTRACK_MAX; i++)
- sn->timeouts[i] = sctp_timeouts[i];
- }
-}
-
static int sctp_kmemdup_sysctl_table(struct nf_proto_net *pn)
{
#ifdef CONFIG_SYSCTL
@@ -767,41 +754,32 @@ static int sctp_kmemdup_compat_sysctl_table(struct nf_proto_net *pn)
return 0;
}
-static int sctpv4_init_net(struct net *net, u_int16_t proto)
+static int sctp_init_net(struct net *net, u_int16_t proto)
{
int ret;
struct sctp_net *sn = sctp_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)sn;
+ struct nf_proto_net *pn = &sn->pn;
- sctp_init_net_data(sn);
-
- ret = sctp_kmemdup_compat_sysctl_table(pn);
- if (ret < 0)
- return ret;
+ if (!pn->users) {
+ int i;
+ for (i = 0; i < SCTP_CONNTRACK_MAX; i++)
+ sn->timeouts[i] = sctp_timeouts[i];
+ }
- ret = sctp_kmemdup_sysctl_table(pn);
+ if (proto == AF_INET) {
+ ret = sctp_kmemdup_compat_sysctl_table(pn);
+ if (ret < 0)
+ return ret;
-#ifdef CONFIG_SYSCTL
-#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
- if (ret < 0) {
+ ret = sctp_kmemdup_sysctl_table(pn);
+ if (ret < 0)
+ nf_ct_kfree_compat_sysctl_table(pn);
+ } else
+ ret = sctp_kmemdup_sysctl_table(pn);
- kfree(pn->ctl_compat_table);
- pn->ctl_compat_table = NULL;
- }
-#endif
-#endif
return ret;
}
-static int sctpv6_init_net(struct net *net, u_int16_t proto)
-{
- struct sctp_net *sn = sctp_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)sn;
-
- sctp_init_net_data(sn);
- return sctp_kmemdup_sysctl_table(pn);
-}
-
static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 __read_mostly = {
.l3proto = PF_INET,
.l4proto = IPPROTO_SCTP,
@@ -833,7 +811,7 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 __read_mostly = {
},
#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
.net_id = &sctp_net_id,
- .init_net = sctpv4_init_net,
+ .init_net = sctp_init_net,
};
static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 __read_mostly = {
@@ -867,7 +845,7 @@ static struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp6 __read_mostly = {
#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
#endif
.net_id = &sctp_net_id,
- .init_net = sctpv6_init_net,
+ .init_net = sctp_init_net,
};
static int sctp_net_init(struct net *net)
--
1.7.7.6
^ permalink raw reply related
* [PATCH net-next v2 03/12] netfilter: add nf_ct_kfree_compat_sysctl_table to make codes clear
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
add function nf_ct_kfree_compat_sysctl_table to kfree l4proto's
compat sysctl table and set the sysctl table point to NULL.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
include/net/netfilter/nf_conntrack_l4proto.h | 2 ++
net/netfilter/nf_conntrack_proto.c | 12 ++++++++++--
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index 5dd60f2..11fcf27 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -124,6 +124,8 @@ extern int nf_conntrack_l4proto_register(struct net *net,
extern void nf_conntrack_l4proto_unregister(struct net *net,
struct nf_conntrack_l4proto *proto);
+extern void nf_ct_kfree_compat_sysctl_table(struct nf_proto_net *pn);
+
/* Generic netlink helpers */
extern int nf_ct_port_tuple_to_nlattr(struct sk_buff *skb,
const struct nf_conntrack_tuple *tuple);
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 5ea2d71..1033ee6 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -327,6 +327,15 @@ static struct nf_proto_net *nf_ct_l4proto_net(struct net *net,
return NULL;
}
+void nf_ct_kfree_compat_sysctl_table(struct nf_proto_net *pn)
+{
+#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
+ kfree(pn->ctl_compat_table);
+ pn->ctl_compat_table = NULL;
+#endif
+}
+EXPORT_SYMBOL_GPL(nf_ct_kfree_compat_sysctl_table);
+
static
int nf_ct_l4proto_register_sysctl(struct net *net,
struct nf_conntrack_l4proto *l4proto)
@@ -361,8 +370,7 @@ int nf_ct_l4proto_register_sysctl(struct net *net,
if (err == 0)
goto out;
- kfree(pn->ctl_compat_table);
- pn->ctl_compat_table = NULL;
+ nf_ct_kfree_compat_sysctl_table(pn);
nf_ct_unregister_sysctl(&pn->ctl_table_header,
&pn->ctl_table,
&pn->users);
--
1.7.7.6
^ permalink raw reply related
* [PATCH net-next v2 04/12] netfilter: regard users as refcount for l4proto's per-net data
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
Now, nf_proto_net's users is confusing.
we should regard it as the refcount for l4proto's per-net data,
because maybe there are two l4protos use the same per-net data.
so increment pn->users when nf_conntrack_l4proto_register
success, and decrement it for nf_conntrack_l4_unregister case.
because nf_conntrack_l3proto_ipv[4|6] don't use the same per-net
data,so we don't need to add a refcnt for their per-net data.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/netfilter/nf_conntrack_proto.c | 71 +++++++++++++++++++++++-------------
1 files changed, 46 insertions(+), 25 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 1033ee6..86dbf9d 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -39,16 +39,13 @@ static int
nf_ct_register_sysctl(struct net *net,
struct ctl_table_header **header,
const char *path,
- struct ctl_table *table,
- unsigned int *users)
+ struct ctl_table *table)
{
if (*header == NULL) {
*header = register_net_sysctl(net, path, table);
if (*header == NULL)
return -ENOMEM;
}
- if (users != NULL)
- (*users)++;
return 0;
}
@@ -58,7 +55,7 @@ nf_ct_unregister_sysctl(struct ctl_table_header **header,
struct ctl_table **table,
unsigned int *users)
{
- if (users != NULL && --*users > 0)
+ if (users != NULL && *users > 0)
return;
unregister_net_sysctl_table(*header);
@@ -191,8 +188,8 @@ static int nf_ct_l3proto_register_sysctl(struct net *net,
err = nf_ct_register_sysctl(net,
&in->ctl_table_header,
l3proto->ctl_table_path,
- in->ctl_table,
- NULL);
+ in->ctl_table);
+
if (err < 0) {
kfree(in->ctl_table);
in->ctl_table = NULL;
@@ -338,20 +335,17 @@ EXPORT_SYMBOL_GPL(nf_ct_kfree_compat_sysctl_table);
static
int nf_ct_l4proto_register_sysctl(struct net *net,
+ struct nf_proto_net *pn,
struct nf_conntrack_l4proto *l4proto)
{
int err = 0;
- struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto);
- if (pn == NULL)
- return 0;
#ifdef CONFIG_SYSCTL
if (pn->ctl_table != NULL) {
err = nf_ct_register_sysctl(net,
&pn->ctl_table_header,
"net/netfilter",
- pn->ctl_table,
- &pn->users);
+ pn->ctl_table);
if (err < 0) {
if (!pn->users) {
kfree(pn->ctl_table);
@@ -365,8 +359,7 @@ int nf_ct_l4proto_register_sysctl(struct net *net,
err = nf_ct_register_sysctl(net,
&pn->ctl_compat_header,
"net/ipv4/netfilter",
- pn->ctl_compat_table,
- NULL);
+ pn->ctl_compat_table);
if (err == 0)
goto out;
@@ -383,11 +376,9 @@ out:
static
void nf_ct_l4proto_unregister_sysctl(struct net *net,
+ struct nf_proto_net *pn,
struct nf_conntrack_l4proto *l4proto)
{
- struct nf_proto_net *pn = nf_ct_l4proto_net(net, l4proto);
- if (pn == NULL)
- return;
#ifdef CONFIG_SYSCTL
if (pn->ctl_table_header != NULL)
nf_ct_unregister_sysctl(&pn->ctl_table_header,
@@ -400,8 +391,6 @@ void nf_ct_l4proto_unregister_sysctl(struct net *net,
&pn->ctl_compat_table,
NULL);
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
-#else
- pn->users--;
#endif /* CONFIG_SYSCTL */
}
@@ -467,22 +456,33 @@ int nf_conntrack_l4proto_register(struct net *net,
struct nf_conntrack_l4proto *l4proto)
{
int ret = 0;
+
+ struct nf_proto_net *pn = NULL;
+
if (l4proto->init_net) {
ret = l4proto->init_net(net, l4proto->l3proto);
if (ret < 0)
- return ret;
+ goto out;
}
- ret = nf_ct_l4proto_register_sysctl(net, l4proto);
+ pn = nf_ct_l4proto_net(net, l4proto);
+ if (pn == NULL)
+ goto out;
+
+ ret = nf_ct_l4proto_register_sysctl(net, pn, l4proto);
if (ret < 0)
- return ret;
+ goto out;
if (net == &init_net) {
ret = nf_conntrack_l4proto_register_net(l4proto);
- if (ret < 0)
- nf_ct_l4proto_unregister_sysctl(net, l4proto);
+ if (ret < 0) {
+ nf_ct_l4proto_unregister_sysctl(net, pn, l4proto);
+ goto out;
+ }
}
+ pn->users++;
+out:
return ret;
}
EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_register);
@@ -507,10 +507,17 @@ nf_conntrack_l4proto_unregister_net(struct nf_conntrack_l4proto *l4proto)
void nf_conntrack_l4proto_unregister(struct net *net,
struct nf_conntrack_l4proto *l4proto)
{
+ struct nf_proto_net *pn = NULL;
if (net == &init_net)
nf_conntrack_l4proto_unregister_net(l4proto);
- nf_ct_l4proto_unregister_sysctl(net, l4proto);
+ pn = nf_ct_l4proto_net(net, l4proto);
+ if (pn == NULL)
+ return;
+
+ pn->users--;
+ nf_ct_l4proto_unregister_sysctl(net, pn, l4proto);
+
/* Remove all contrack entries for this protocol */
rtnl_lock();
nf_ct_iterate_cleanup(net, kill_l4proto, l4proto);
@@ -522,11 +529,15 @@ int nf_conntrack_proto_init(struct net *net)
{
unsigned int i;
int err;
+ struct nf_proto_net *pn = nf_ct_l4proto_net(net,
+ &nf_conntrack_l4proto_generic);
+
err = nf_conntrack_l4proto_generic.init_net(net,
nf_conntrack_l4proto_generic.l3proto);
if (err < 0)
return err;
err = nf_ct_l4proto_register_sysctl(net,
+ pn,
&nf_conntrack_l4proto_generic);
if (err < 0)
return err;
@@ -536,13 +547,23 @@ int nf_conntrack_proto_init(struct net *net)
rcu_assign_pointer(nf_ct_l3protos[i],
&nf_conntrack_l3proto_generic);
}
+
+ /* increase generic proto's nf_proto_net refcnt */
+ pn->users++;
+
return 0;
}
void nf_conntrack_proto_fini(struct net *net)
{
unsigned int i;
+ struct nf_proto_net *pn = nf_ct_l4proto_net(net,
+ &nf_conntrack_l4proto_generic);
+
+ /* decrease generic proto's nf_proto_net refcnt */
+ pn->users--;
nf_ct_l4proto_unregister_sysctl(net,
+ pn,
&nf_conntrack_l4proto_generic);
if (net == &init_net) {
/* free l3proto protocol tables */
--
1.7.7.6
^ permalink raw reply related
* [PATCH net-next v2 05/12] netfilter: merge tcpv[4,6]_net_init into tcp_net_init
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
merge tcpv4_net_init and tcpv6_net_init into tcp_net_init to
reduce the redundancy codes.
and use nf_proto_net.users to identify if it's the first time
we use the nf_proto_net. when it's the first time,we will
initialized it.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/netfilter/nf_conntrack_proto_tcp.c | 61 ++++++++-----------------------
1 files changed, 16 insertions(+), 45 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 6db9d3c..f2dda9e 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -1593,18 +1593,14 @@ static int tcp_kmemdup_compat_sysctl_table(struct nf_proto_net *pn)
return 0;
}
-static int tcpv4_init_net(struct net *net, u_int16_t proto)
+static int tcp_init_net(struct net *net, u_int16_t proto)
{
- int i;
- int ret = 0;
+ int ret;
struct nf_tcp_net *tn = tcp_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)tn;
+ struct nf_proto_net *pn = &tn->pn;
-#ifdef CONFIG_SYSCTL
- if (!pn->ctl_table) {
-#else
- if (!pn->users++) {
-#endif
+ if (!pn->users) {
+ int i;
for (i = 0; i < TCP_CONNTRACK_TIMEOUT_MAX; i++)
tn->timeouts[i] = tcp_timeouts[i];
@@ -1613,45 +1609,20 @@ static int tcpv4_init_net(struct net *net, u_int16_t proto)
tn->tcp_max_retrans = nf_ct_tcp_max_retrans;
}
- ret = tcp_kmemdup_compat_sysctl_table(pn);
+ if (proto == AF_INET) {
+ ret = tcp_kmemdup_compat_sysctl_table(pn);
+ if (ret < 0)
+ return ret;
- if (ret < 0)
- return ret;
+ ret = tcp_kmemdup_sysctl_table(pn);
+ if (ret < 0)
+ nf_ct_kfree_compat_sysctl_table(pn);
+ } else
+ ret = tcp_kmemdup_sysctl_table(pn);
- ret = tcp_kmemdup_sysctl_table(pn);
-
-#ifdef CONFIG_SYSCTL
-#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
- if (ret < 0) {
- kfree(pn->ctl_compat_table);
- pn->ctl_compat_table = NULL;
- }
-#endif
-#endif
return ret;
}
-static int tcpv6_init_net(struct net *net, u_int16_t proto)
-{
- int i;
- struct nf_tcp_net *tn = tcp_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)tn;
-
-#ifdef CONFIG_SYSCTL
- if (!pn->ctl_table) {
-#else
- if (!pn->users++) {
-#endif
- for (i = 0; i < TCP_CONNTRACK_TIMEOUT_MAX; i++)
- tn->timeouts[i] = tcp_timeouts[i];
- tn->tcp_loose = nf_ct_tcp_loose;
- tn->tcp_be_liberal = nf_ct_tcp_be_liberal;
- tn->tcp_max_retrans = nf_ct_tcp_max_retrans;
- }
-
- return tcp_kmemdup_sysctl_table(pn);
-}
-
struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 __read_mostly =
{
.l3proto = PF_INET,
@@ -1684,7 +1655,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 __read_mostly =
.nla_policy = tcp_timeout_nla_policy,
},
#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
- .init_net = tcpv4_init_net,
+ .init_net = tcp_init_net,
};
EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp4);
@@ -1720,6 +1691,6 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 __read_mostly =
.nla_policy = tcp_timeout_nla_policy,
},
#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
- .init_net = tcpv6_init_net,
+ .init_net = tcp_init_net,
};
EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp6);
--
1.7.7.6
^ permalink raw reply related
* [PATCH net-next v2 06/12] netfilter: merge udpv[4,6]_net_init into udp_net_init
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
merge udpv4_net_init and udpv6_net_init into udp_net_init to
reduce the redundancy codes.
and use nf_proto_net.users to identify if it's the first time
we use the nf_proto_net. when it's the first time,we will
initialized it.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/netfilter/nf_conntrack_proto_udp.c | 56 ++++++++++---------------------
1 files changed, 18 insertions(+), 38 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 2b978e6..61bca4f 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -270,52 +270,32 @@ static int udp_kmemdup_compat_sysctl_table(struct nf_proto_net *pn)
return 0;
}
-static void udp_init_net_data(struct nf_udp_net *un)
+static int udp_init_net(struct net *net, u_int16_t proto)
{
- int i;
-#ifdef CONFIG_SYSCTL
- if (!un->pn.ctl_table) {
-#else
- if (!un->pn.users++) {
-#endif
+ int ret;
+ struct nf_udp_net *un = udp_pernet(net);
+ struct nf_proto_net *pn = &un->pn;
+
+ if (!pn->users) {
+ int i;
for (i = 0; i < UDP_CT_MAX; i++)
un->timeouts[i] = udp_timeouts[i];
}
-}
-
-static int udpv4_init_net(struct net *net, u_int16_t proto)
-{
- int ret;
- struct nf_udp_net *un = udp_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)un;
- udp_init_net_data(un);
+ if (proto == AF_INET) {
+ ret = udp_kmemdup_compat_sysctl_table(pn);
+ if (ret < 0)
+ return ret;
- ret = udp_kmemdup_compat_sysctl_table(pn);
- if (ret < 0)
- return ret;
+ ret = udp_kmemdup_sysctl_table(pn);
+ if (ret < 0)
+ nf_ct_kfree_compat_sysctl_table(pn);
+ } else
+ ret = udp_kmemdup_sysctl_table(pn);
- ret = udp_kmemdup_sysctl_table(pn);
-#ifdef CONFIG_SYSCTL
-#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
- if (ret < 0) {
- kfree(pn->ctl_compat_table);
- pn->ctl_compat_table = NULL;
- }
-#endif
-#endif
return ret;
}
-static int udpv6_init_net(struct net *net, u_int16_t proto)
-{
- struct nf_udp_net *un = udp_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)un;
-
- udp_init_net_data(un);
- return udp_kmemdup_sysctl_table(pn);
-}
-
struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly =
{
.l3proto = PF_INET,
@@ -343,7 +323,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly =
.nla_policy = udp_timeout_nla_policy,
},
#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
- .init_net = udpv4_init_net,
+ .init_net = udp_init_net,
};
EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp4);
@@ -374,6 +354,6 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 __read_mostly =
.nla_policy = udp_timeout_nla_policy,
},
#endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
- .init_net = udpv6_init_net,
+ .init_net = udp_init_net,
};
EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp6);
--
1.7.7.6
^ permalink raw reply related
* [PATCH net-next v2 09/12] netfilter: nf_conntrack_l4proto_generic cleanup
From: Gao feng @ 2012-06-16 3:41 UTC (permalink / raw)
To: pablo; +Cc: netdev, netfilter-devel, Gao feng
In-Reply-To: <1339818083-31356-1-git-send-email-gaofeng@cn.fujitsu.com>
some cleanup of nf_conntrack_l4proto_generic,
split the code to make it more clearer.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
net/netfilter/nf_conntrack_proto_generic.c | 41 ++++++++++++++++++++++-----
1 files changed, 33 insertions(+), 8 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
index d1ed7b4..c8487d1 100644
--- a/net/netfilter/nf_conntrack_proto_generic.c
+++ b/net/netfilter/nf_conntrack_proto_generic.c
@@ -135,34 +135,59 @@ static struct ctl_table generic_compat_sysctl_table[] = {
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
#endif /* CONFIG_SYSCTL */
-static int generic_init_net(struct net *net, u_int16_t proto)
+static int generic_kmemdup_sysctl_table(struct nf_proto_net *pn)
{
- struct nf_generic_net *gn = generic_pernet(net);
- struct nf_proto_net *pn = (struct nf_proto_net *)gn;
- gn->timeout = nf_ct_generic_timeout;
#ifdef CONFIG_SYSCTL
+ struct nf_generic_net *gn = (struct nf_generic_net *)pn;
+
pn->ctl_table = kmemdup(generic_sysctl_table,
sizeof(generic_sysctl_table),
GFP_KERNEL);
if (!pn->ctl_table)
return -ENOMEM;
+
pn->ctl_table[0].data = &gn->timeout;
+#endif
+ return 0;
+}
+static int generic_kmemdup_compat_sysctl_table(struct nf_proto_net *pn)
+{
+#ifdef CONFIG_SYSCTL
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
+ struct nf_generic_net *gn = (struct nf_generic_net *)pn;
+
pn->ctl_compat_table = kmemdup(generic_compat_sysctl_table,
sizeof(generic_compat_sysctl_table),
GFP_KERNEL);
- if (!pn->ctl_compat_table) {
- kfree(pn->ctl_table);
- pn->ctl_table = NULL;
+ if (!pn->ctl_compat_table)
return -ENOMEM;
- }
+
pn->ctl_compat_table[0].data = &gn->timeout;
#endif
#endif
return 0;
}
+static int generic_init_net(struct net *net, u_int16_t proto)
+{
+ int ret;
+ struct nf_generic_net *gn = generic_pernet(net);
+ struct nf_proto_net *pn = &gn->pn;
+
+ gn->timeout = nf_ct_generic_timeout;
+
+ ret = generic_kmemdup_compat_sysctl_table(pn);
+ if (ret < 0)
+ return ret;
+
+ ret = generic_kmemdup_sysctl_table(pn);
+ if (ret < 0)
+ nf_ct_kfree_compat_sysctl_table(pn);
+
+ return ret;
+}
+
struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly =
{
.l3proto = PF_UNSPEC,
--
1.7.7.6
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox