* [PATCH nf-next] netfilter: conntrack: simplify init/uninit of L4 protocol trackers
@ 2016-10-21 14:42 Davide Caratti
2016-10-21 17:12 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Davide Caratti @ 2016-10-21 14:42 UTC (permalink / raw)
To: Pablo Neira Ayuso, Patrick McHardy, Jozsef Kadlecsik,
David S. Miller, Alexey Kuznetsov, James Morris,
Hideaki YOSHIFUJI
Cc: netfilter-devel, coreteam
modify registration and deregistration of layer-4 protocol trackers to
facilitate inclusion of new elements into the current list of built-in
protocols.
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
---
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 93 +++++++++++---------------
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 93 +++++++++++---------------
2 files changed, 78 insertions(+), 108 deletions(-)
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 713c09a..6ffe3dc 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -336,47 +336,44 @@ MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET));
MODULE_ALIAS("ip_conntrack");
MODULE_LICENSE("GPL");
+static struct nf_conntrack_l4proto *nf_conntrack_l4proto4[] = {
+ &nf_conntrack_l4proto_tcp4,
+ &nf_conntrack_l4proto_udp4,
+ &nf_conntrack_l4proto_icmp,
+};
+
static int ipv4_net_init(struct net *net)
{
- int ret = 0;
+ int i, ret = 0;
- ret = nf_ct_l4proto_pernet_register(net, &nf_conntrack_l4proto_tcp4);
- if (ret < 0) {
- pr_err("nf_conntrack_tcp4: pernet registration failed\n");
- goto out_tcp;
- }
- ret = nf_ct_l4proto_pernet_register(net, &nf_conntrack_l4proto_udp4);
- if (ret < 0) {
- pr_err("nf_conntrack_udp4: pernet registration failed\n");
- goto out_udp;
- }
- ret = nf_ct_l4proto_pernet_register(net, &nf_conntrack_l4proto_icmp);
- if (ret < 0) {
- pr_err("nf_conntrack_icmp4: pernet registration failed\n");
- goto out_icmp;
+ for (i = 0; i < ARRAY_SIZE(nf_conntrack_l4proto4); i++) {
+ ret = nf_ct_l4proto_pernet_register(net,
+ nf_conntrack_l4proto4[i]);
+ if (ret < 0)
+ goto cleanup_l4proto;
}
ret = nf_ct_l3proto_pernet_register(net, &nf_conntrack_l3proto_ipv4);
if (ret < 0) {
pr_err("nf_conntrack_ipv4: pernet registration failed\n");
- goto out_ipv4;
+ goto cleanup_l4proto;
}
return 0;
-out_ipv4:
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_icmp);
-out_icmp:
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_udp4);
-out_udp:
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_tcp4);
-out_tcp:
+cleanup_l4proto:
+ if (i < ARRAY_SIZE(nf_conntrack_l4proto4))
+ pr_err("nf_conntrack_%s4: pernet registration failed\n",
+ nf_conntrack_l4proto4[i]->name);
+ while (--i >= 0)
+ nf_ct_l4proto_pernet_unregister(net, nf_conntrack_l4proto4[i]);
return ret;
}
static void ipv4_net_exit(struct net *net)
{
+ int i;
+
nf_ct_l3proto_pernet_unregister(net, &nf_conntrack_l3proto_ipv4);
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_icmp);
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_udp4);
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_tcp4);
+ for (i = ARRAY_SIZE(nf_conntrack_l4proto4) - 1; i >= 0 ; i--)
+ nf_ct_l4proto_pernet_unregister(net, nf_conntrack_l4proto4[i]);
}
static struct pernet_operations ipv4_net_ops = {
@@ -386,7 +383,7 @@ static struct pernet_operations ipv4_net_ops = {
static int __init nf_conntrack_l3proto_ipv4_init(void)
{
- int ret = 0;
+ int ret = 0, i;
need_conntrack();
nf_defrag_ipv4_enable();
@@ -410,38 +407,25 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)
goto cleanup_pernet;
}
- ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_tcp4);
- if (ret < 0) {
- pr_err("nf_conntrack_ipv4: can't register tcp4 proto.\n");
- goto cleanup_hooks;
- }
-
- ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_udp4);
- if (ret < 0) {
- pr_err("nf_conntrack_ipv4: can't register udp4 proto.\n");
- goto cleanup_tcp4;
- }
-
- ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_icmp);
- if (ret < 0) {
- pr_err("nf_conntrack_ipv4: can't register icmpv4 proto.\n");
- goto cleanup_udp4;
+ for (i = 0; i < ARRAY_SIZE(nf_conntrack_l4proto4); i++) {
+ ret = nf_ct_l4proto_register(nf_conntrack_l4proto4[i]);
+ if (ret < 0)
+ goto cleanup_l4proto;
}
ret = nf_ct_l3proto_register(&nf_conntrack_l3proto_ipv4);
if (ret < 0) {
pr_err("nf_conntrack_ipv4: can't register ipv4 proto.\n");
- goto cleanup_icmpv4;
+ goto cleanup_l4proto;
}
return ret;
- cleanup_icmpv4:
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_icmp);
- cleanup_udp4:
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_udp4);
- cleanup_tcp4:
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_tcp4);
- cleanup_hooks:
+cleanup_l4proto:
+ if (i < ARRAY_SIZE(nf_conntrack_l4proto4))
+ pr_err("nf_conntrack_ipv4: can't register %s4 proto.\n",
+ nf_conntrack_l4proto4[i]->name);
+ while (--i >= 0)
+ nf_ct_l4proto_unregister(nf_conntrack_l4proto4[i]);
nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
cleanup_pernet:
unregister_pernet_subsys(&ipv4_net_ops);
@@ -452,11 +436,12 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)
static void __exit nf_conntrack_l3proto_ipv4_fini(void)
{
+ int i;
+
synchronize_net();
nf_ct_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_icmp);
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_udp4);
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_tcp4);
+ for (i = ARRAY_SIZE(nf_conntrack_l4proto4) - 1; i >= 0; i--)
+ nf_ct_l4proto_unregister(nf_conntrack_l4proto4[i]);
nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
unregister_pernet_subsys(&ipv4_net_ops);
nf_unregister_sockopt(&so_getorigdst);
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 963ee38..4e219a1 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -336,47 +336,44 @@ static struct nf_sockopt_ops so_getorigdst6 = {
.owner = THIS_MODULE,
};
+static struct nf_conntrack_l4proto *nf_conntrack_l4proto6[] = {
+ &nf_conntrack_l4proto_tcp6,
+ &nf_conntrack_l4proto_udp6,
+ &nf_conntrack_l4proto_icmpv6,
+};
+
static int ipv6_net_init(struct net *net)
{
- int ret = 0;
+ int i, ret = 0;
- ret = nf_ct_l4proto_pernet_register(net, &nf_conntrack_l4proto_tcp6);
- if (ret < 0) {
- pr_err("nf_conntrack_tcp6: pernet registration failed\n");
- goto out;
- }
- ret = nf_ct_l4proto_pernet_register(net, &nf_conntrack_l4proto_udp6);
- if (ret < 0) {
- pr_err("nf_conntrack_udp6: pernet registration failed\n");
- goto cleanup_tcp6;
- }
- ret = nf_ct_l4proto_pernet_register(net, &nf_conntrack_l4proto_icmpv6);
- if (ret < 0) {
- pr_err("nf_conntrack_icmp6: pernet registration failed\n");
- goto cleanup_udp6;
+ for (i = 0; i < ARRAY_SIZE(nf_conntrack_l4proto6); i++) {
+ ret = nf_ct_l4proto_pernet_register(net,
+ nf_conntrack_l4proto6[i]);
+ if (ret < 0)
+ goto cleanup_l4proto;
}
ret = nf_ct_l3proto_pernet_register(net, &nf_conntrack_l3proto_ipv6);
if (ret < 0) {
pr_err("nf_conntrack_ipv6: pernet registration failed.\n");
- goto cleanup_icmpv6;
+ goto cleanup_l4proto;
}
return 0;
- cleanup_icmpv6:
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_icmpv6);
- cleanup_udp6:
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_udp6);
- cleanup_tcp6:
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_tcp6);
- out:
+cleanup_l4proto:
+ if (i < ARRAY_SIZE(nf_conntrack_l4proto6))
+ pr_err("nf_conntrack_%s6: pernet registration failed.\n",
+ nf_conntrack_l4proto6[i]->name);
+ while (--i >= 0)
+ nf_ct_l4proto_pernet_unregister(net, nf_conntrack_l4proto6[i]);
return ret;
}
static void ipv6_net_exit(struct net *net)
{
+ int i;
+
nf_ct_l3proto_pernet_unregister(net, &nf_conntrack_l3proto_ipv6);
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_icmpv6);
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_udp6);
- nf_ct_l4proto_pernet_unregister(net, &nf_conntrack_l4proto_tcp6);
+ for (i = ARRAY_SIZE(nf_conntrack_l4proto6) - 1; i >= 0; i--)
+ nf_ct_l4proto_pernet_unregister(net, nf_conntrack_l4proto6[i]);
}
static struct pernet_operations ipv6_net_ops = {
@@ -386,7 +383,7 @@ static struct pernet_operations ipv6_net_ops = {
static int __init nf_conntrack_l3proto_ipv6_init(void)
{
- int ret = 0;
+ int ret = 0, i;
need_conntrack();
nf_defrag_ipv6_enable();
@@ -409,38 +406,25 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
goto cleanup_pernet;
}
- ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_tcp6);
- if (ret < 0) {
- pr_err("nf_conntrack_ipv6: can't register tcp6 proto.\n");
- goto cleanup_hooks;
- }
-
- ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_udp6);
- if (ret < 0) {
- pr_err("nf_conntrack_ipv6: can't register udp6 proto.\n");
- goto cleanup_tcp6;
- }
-
- ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_icmpv6);
- if (ret < 0) {
- pr_err("nf_conntrack_ipv6: can't register icmpv6 proto.\n");
- goto cleanup_udp6;
+ for (i = 0; i < ARRAY_SIZE(nf_conntrack_l4proto6); i++) {
+ ret = nf_ct_l4proto_register(nf_conntrack_l4proto6[i]);
+ if (ret < 0)
+ goto cleanup_l4proto;
}
ret = nf_ct_l3proto_register(&nf_conntrack_l3proto_ipv6);
if (ret < 0) {
pr_err("nf_conntrack_ipv6: can't register ipv6 proto.\n");
- goto cleanup_icmpv6;
+ goto cleanup_l4proto;
}
return ret;
- cleanup_icmpv6:
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_icmpv6);
- cleanup_udp6:
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_udp6);
- cleanup_tcp6:
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_tcp6);
- cleanup_hooks:
+cleanup_l4proto:
+ if (i < ARRAY_SIZE(nf_conntrack_l4proto6))
+ pr_err("nf_conntrack_ipv6: can't register %s6 proto.\n",
+ nf_conntrack_l4proto6[i]->name);
+ while (--i >= 0)
+ nf_ct_l4proto_unregister(nf_conntrack_l4proto6[i]);
nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
cleanup_pernet:
unregister_pernet_subsys(&ipv6_net_ops);
@@ -451,11 +435,12 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
static void __exit nf_conntrack_l3proto_ipv6_fini(void)
{
+ int i;
+
synchronize_net();
nf_ct_l3proto_unregister(&nf_conntrack_l3proto_ipv6);
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_tcp6);
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_udp6);
- nf_ct_l4proto_unregister(&nf_conntrack_l4proto_icmpv6);
+ for (i = 0; i < ARRAY_SIZE(nf_conntrack_l4proto6); i++)
+ nf_ct_l4proto_unregister(nf_conntrack_l4proto6[i]);
nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
unregister_pernet_subsys(&ipv6_net_ops);
nf_unregister_sockopt(&so_getorigdst6);
--
2.5.5
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nf-next] netfilter: conntrack: simplify init/uninit of L4 protocol trackers
2016-10-21 14:42 [PATCH nf-next] netfilter: conntrack: simplify init/uninit of L4 protocol trackers Davide Caratti
@ 2016-10-21 17:12 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-10-21 17:12 UTC (permalink / raw)
To: Davide Caratti
Cc: Patrick McHardy, Jozsef Kadlecsik, David S. Miller,
Alexey Kuznetsov, James Morris, Hideaki YOSHIFUJI,
netfilter-devel, coreteam
On Fri, Oct 21, 2016 at 04:42:40PM +0200, Davide Caratti wrote:
> modify registration and deregistration of layer-4 protocol trackers to
> facilitate inclusion of new elements into the current list of built-in
> protocols.
>
> Signed-off-by: Davide Caratti <dcaratti@redhat.com>
> ---
> net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 93 +++++++++++---------------
> net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 93 +++++++++++---------------
> 2 files changed, 78 insertions(+), 108 deletions(-)
>
> diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
> index 713c09a..6ffe3dc 100644
> --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
> +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
> @@ -336,47 +336,44 @@ MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET));
> MODULE_ALIAS("ip_conntrack");
> MODULE_LICENSE("GPL");
>
> +static struct nf_conntrack_l4proto *nf_conntrack_l4proto4[] = {
> + &nf_conntrack_l4proto_tcp4,
> + &nf_conntrack_l4proto_udp4,
> + &nf_conntrack_l4proto_icmp,
> +};
> +
> static int ipv4_net_init(struct net *net)
> {
> - int ret = 0;
> + int i, ret = 0;
>
> - ret = nf_ct_l4proto_pernet_register(net, &nf_conntrack_l4proto_tcp4);
> - if (ret < 0) {
> - pr_err("nf_conntrack_tcp4: pernet registration failed\n");
> - goto out_tcp;
> - }
> - ret = nf_ct_l4proto_pernet_register(net, &nf_conntrack_l4proto_udp4);
> - if (ret < 0) {
> - pr_err("nf_conntrack_udp4: pernet registration failed\n");
> - goto out_udp;
> - }
> - ret = nf_ct_l4proto_pernet_register(net, &nf_conntrack_l4proto_icmp);
> - if (ret < 0) {
> - pr_err("nf_conntrack_icmp4: pernet registration failed\n");
> - goto out_icmp;
> + for (i = 0; i < ARRAY_SIZE(nf_conntrack_l4proto4); i++) {
> + ret = nf_ct_l4proto_pernet_register(net,
> + nf_conntrack_l4proto4[i]);
> + if (ret < 0)
> + goto cleanup_l4proto;
Could you add:
ret = nf_ct_l4proto_pernet_register(net, nf_conntrack_l4proto4,
ARRAY_SIZE(nf_conntrack_l4proto4));
?
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-10-21 17:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-21 14:42 [PATCH nf-next] netfilter: conntrack: simplify init/uninit of L4 protocol trackers Davide Caratti
2016-10-21 17:12 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).