[PATCH 0/2]

[PATCH 0/2]

[dmitry pervushin]

Hello all,

These patches update idletimer extension to reflect changes in the kernel

[PATCH 1/2] netfilter: idletimers, synchronize headers
[PATCH 2/2] netfilter: idletimers, add v1 structures

[PATCH 1/2] netfilter: idletimers, synchronize headers

[dmitry pervushin]

Synchronize include/linux/netfilter/xt_IDLETIMER.h with kernel

Cc: Ashish Sharma <ashishsharma@google.com>
Cc: JP Abgrall <jpa@google.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: dmitry pervushin <dmitry.pervushin@linaro.org>
---
 include/linux/netfilter/xt_IDLETIMER.h |   14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/include/linux/netfilter/xt_IDLETIMER.h b/include/linux/netfilter/xt_IDLETIMER.h
index 208ae93..96ed520 100644
--- a/include/linux/netfilter/xt_IDLETIMER.h
+++ b/include/linux/netfilter/xt_IDLETIMER.h
@@ -42,4 +42,18 @@ struct idletimer_tg_info {
 	struct idletimer_tg *timer __attribute__((aligned(8)));
 };
 
+#define NL_EVENT_TYPE_INACTIVE 0
+#define NL_EVENT_TYPE_ACTIVE 1
+
+struct idletimer_tg_info_v1 {
+	__u32 timeout;
+
+	char label[MAX_IDLETIMER_LABEL_SIZE];
+
+	/* Use netlink messages for notification in addition to sysfs */
+	__u8 send_nl_msg;
+
+	/* for kernel module internal use only */
+	struct idletimer_tg *timer __attribute__((aligned(8)));
+};
 #endif
-- 
1.7.10.4

[PATCH 2/2] netfilter: idletimers, add v1 structures

[dmitry pervushin]

Add command-line options to handle --send-nl-msg

Cc: Ashish Sharma <ashishsharma@google.com>
Cc: JP Abgrall <jpa@google.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: dmitry pervushin <dpervushin@gmail.com>
---
 extensions/libxt_IDLETIMER.c |   44 +++++++++++++++++++++++++++++++++++++++---
 1 file changed, 41 insertions(+), 3 deletions(-)

diff --git a/extensions/libxt_IDLETIMER.c b/extensions/libxt_IDLETIMER.c
index 21004a4..4ef7f36 100644
--- a/extensions/libxt_IDLETIMER.c
+++ b/extensions/libxt_IDLETIMER.c
@@ -27,14 +27,17 @@
 enum {
 	O_TIMEOUT = 0,
 	O_LABEL,
+	O_SEND_NLMSG,
 };
 
-#define s struct idletimer_tg_info
+#define s struct idletimer_tg_info_v1
 static const struct xt_option_entry idletimer_tg_opts[] = {
 	{.name = "timeout", .id = O_TIMEOUT, .type = XTTYPE_UINT32,
 	 .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, timeout)},
 	{.name = "label", .id = O_LABEL, .type = XTTYPE_STRING,
 	 .flags = XTOPT_MAND | XTOPT_PUT, XTOPT_POINTER(s, label)},
+	{.name = "send_nl_msg", .id = O_SEND_NLMSG, .type = XTTYPE_UINT8,
+	 .flags = XTOPT_PUT, XTOPT_POINTER(s, send_nl_msg), .min = 0, .max = 1, },
 	XTOPT_TABLEEND,
 };
 #undef s
@@ -45,6 +48,7 @@ static void idletimer_tg_help(void)
 "IDLETIMER target options:\n"
 " --timeout time	Timeout until the notification is sent (in seconds)\n"
 " --label string	Unique rule identifier\n"
+" --send_nl_msg 0|1	Send netlink message when timer expires\n"
 "\n");
 }
 
@@ -57,6 +61,11 @@ static void idletimer_tg_print(const void *ip,
 
 	printf(" timeout:%u", info->timeout);
 	printf(" label:%s", info->label);
+	if (target->u.user.revision > 0) {
+		struct idletimer_tg_info_v1 *info_v1 =
+			(struct idletimer_tg_info_v1 *) target->data;
+		printf(" send_nl_msg:%d", info_v1->send_nl_msg ? 1 : 0);
+	}
 }
 
 static void idletimer_tg_save(const void *ip,
@@ -67,9 +76,23 @@ static void idletimer_tg_save(const void *ip,
 
 	printf(" --timeout %u", info->timeout);
 	printf(" --label %s", info->label);
+	if (target->u.user.revision > 0) {
+		struct idletimer_tg_info_v1 *info_v1 =
+			(struct idletimer_tg_info_v1 *) target->data;
+		printf(" --send_nl_msg %d", info_v1->send_nl_msg ? 1 : 0);
+	}
 }
 
-static struct xtables_target idletimer_tg_reg = {
+static void idletimer_tg_init_v1(struct xt_entry_target *target)
+{
+	struct idletimer_tg_info_v1 *info =
+		(struct idletimer_tg_info_v1 *)target->data;
+
+	info->send_nl_msg = 0;
+}
+
+static struct xtables_target idletimer_tg_reg[] = { 
+{
 	.family	       = NFPROTO_UNSPEC,
 	.name	       = "IDLETIMER",
 	.version       = XTABLES_VERSION,
@@ -81,9 +104,24 @@ static struct xtables_target idletimer_tg_reg = {
 	.print	       = idletimer_tg_print,
 	.save	       = idletimer_tg_save,
 	.x6_options    = idletimer_tg_opts,
+},
+{
+	.family	       = NFPROTO_UNSPEC,
+	.name	       = "IDLETIMER",
+	.version       = XTABLES_VERSION,
+	.revision      = 1,
+	.size	       = XT_ALIGN(sizeof(struct idletimer_tg_info_v1)),
+	.userspacesize = offsetof(struct idletimer_tg_info_v1, timer),
+	.help	       = idletimer_tg_help,
+	.x6_parse      = xtables_option_parse,
+	.print	       = idletimer_tg_print,
+	.save	       = idletimer_tg_save,
+	.x6_options    = idletimer_tg_opts,
+	.init	       = idletimer_tg_init_v1,
+}
 };
 
 void _init(void)
 {
-	xtables_register_target(&idletimer_tg_reg);
+	xtables_register_targets(idletimer_tg_reg, ARRAY_SIZE(idletimer_tg_reg));
 }
-- 
1.7.10.4

[PATCH 0/2]

[Pablo Neira Ayuso]

Hi Patrick,

The first patch here re-works the conntrack event cache to use the
extension infrastructure so there is an event cache per-conntrack.
This is used by the second patch, which aims to improve ctnetlink
reliability.

Please, have a look at the patch descriptions for more details.
If you like them, you can pull them from:

git://1984.lsi.us.es/nf-next-2.6 master

Wait for your comments!

---

Pablo Neira Ayuso (2):
      netfilter: conntrack: optional reliable conntrack event delivery
      netfilter: conntrack: move event cache to conntrack extension infrastructure


 include/net/netfilter/nf_conntrack.h        |    2 
 include/net/netfilter/nf_conntrack_ecache.h |  133 +++++++++--------
 include/net/netfilter/nf_conntrack_extend.h |    2 
 include/net/netfilter/nf_conntrack_helper.h |    2 
 include/net/netns/conntrack.h               |    7 +
 net/netfilter/nf_conntrack_core.c           |  106 ++++++++++---
 net/netfilter/nf_conntrack_ecache.c         |  216 ++++++++++++++++++---------
 net/netfilter/nf_conntrack_helper.c         |   15 ++
 net/netfilter/nf_conntrack_netlink.c        |   94 +++++++-----
 9 files changed, 379 insertions(+), 198 deletions(-)