From 13d51a00c19571339cbb96721f676122dd2f9d58 Mon Sep 17 00:00:00 2001 From: "John W. Linville" Date: Fri, 10 Oct 2008 14:16:46 -0400 Subject: [PATCH] --- yaml --- r: 115018 b: refs/heads/master c: 746db510395e32ff57b9f8582e520df6b3fac618 h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/Documentation/networking/phonet.txt | 4 +- trunk/drivers/net/wireless/rtl8187_dev.c | 1 + trunk/include/linux/netfilter/nfnetlink.h | 3 - trunk/include/net/netfilter/nf_nat_core.h | 8 -- trunk/net/bridge/netfilter/Kconfig | 1 - trunk/net/core/net_namespace.c | 2 +- trunk/net/ipv4/netfilter/nf_defrag_ipv4.c | 3 +- trunk/net/ipv4/netfilter/nf_nat_core.c | 97 ------------- trunk/net/ipv6/netfilter.c | 6 +- trunk/net/netfilter/nf_conntrack_core.c | 7 - trunk/net/netfilter/nf_conntrack_netlink.c | 151 ++++++++++++--------- trunk/net/netfilter/nfnetlink.c | 12 +- 13 files changed, 102 insertions(+), 195 deletions(-) diff --git a/[refs] b/[refs] index 481dd9bbebf4..aaae63eba01a 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: eef9d90dcde7bb4d029b67ed36457efc4970d5a2 +refs/heads/master: 746db510395e32ff57b9f8582e520df6b3fac618 diff --git a/trunk/Documentation/networking/phonet.txt b/trunk/Documentation/networking/phonet.txt index 6a07e45d4a93..0e6e592f4f55 100644 --- a/trunk/Documentation/networking/phonet.txt +++ b/trunk/Documentation/networking/phonet.txt @@ -146,8 +146,8 @@ WARNING: When polling a connected pipe socket for writability, there is an intrinsic race condition whereby writability might be lost between the polling and the writing system calls. In this case, the socket will -block until write becomes possible again, unless non-blocking mode -is enabled. +block until write because possible again, unless non-blocking mode +becomes enabled. The pipe protocol provides two socket options at the SOL_PNPIPE level: diff --git a/trunk/drivers/net/wireless/rtl8187_dev.c b/trunk/drivers/net/wireless/rtl8187_dev.c index e9902613e2ee..782327767278 100644 --- a/trunk/drivers/net/wireless/rtl8187_dev.c +++ b/trunk/drivers/net/wireless/rtl8187_dev.c @@ -37,6 +37,7 @@ static struct usb_device_id rtl8187_table[] __devinitdata = { {USB_DEVICE(0x0bda, 0x8187), .driver_info = DEVICE_RTL8187}, {USB_DEVICE(0x0bda, 0x8189), .driver_info = DEVICE_RTL8187B}, {USB_DEVICE(0x0bda, 0x8197), .driver_info = DEVICE_RTL8187B}, + {USB_DEVICE(0x0bda, 0x8198), .driver_info = DEVICE_RTL8187B}, /* Netgear */ {USB_DEVICE(0x0846, 0x6100), .driver_info = DEVICE_RTL8187}, {USB_DEVICE(0x0846, 0x6a00), .driver_info = DEVICE_RTL8187}, diff --git a/trunk/include/linux/netfilter/nfnetlink.h b/trunk/include/linux/netfilter/nfnetlink.h index 7d8e0455ccac..0d8424f76899 100644 --- a/trunk/include/linux/netfilter/nfnetlink.h +++ b/trunk/include/linux/netfilter/nfnetlink.h @@ -78,9 +78,6 @@ extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, int echo); extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags); -extern void nfnl_lock(void); -extern void nfnl_unlock(void); - #define MODULE_ALIAS_NFNL_SUBSYS(subsys) \ MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys)) diff --git a/trunk/include/net/netfilter/nf_nat_core.h b/trunk/include/net/netfilter/nf_nat_core.h index 58684066388c..f29eeb9777e0 100644 --- a/trunk/include/net/netfilter/nf_nat_core.h +++ b/trunk/include/net/netfilter/nf_nat_core.h @@ -25,12 +25,4 @@ static inline int nf_nat_initialized(struct nf_conn *ct, else return test_bit(IPS_DST_NAT_DONE_BIT, &ct->status); } - -struct nlattr; - -extern int -(*nfnetlink_parse_nat_setup_hook)(struct nf_conn *ct, - enum nf_nat_manip_type manip, - struct nlattr *attr); - #endif /* _NF_NAT_CORE_H */ diff --git a/trunk/net/bridge/netfilter/Kconfig b/trunk/net/bridge/netfilter/Kconfig index ba6f73eb06c6..366d3e9d51f8 100644 --- a/trunk/net/bridge/netfilter/Kconfig +++ b/trunk/net/bridge/netfilter/Kconfig @@ -4,7 +4,6 @@ menuconfig BRIDGE_NF_EBTABLES tristate "Ethernet Bridge tables (ebtables) support" - depends on BRIDGE && BRIDGE_NETFILTER select NETFILTER_XTABLES help ebtables is a general, extensible frame/packet identification diff --git a/trunk/net/core/net_namespace.c b/trunk/net/core/net_namespace.c index f1d07b5c1e17..b0dc818a91d7 100644 --- a/trunk/net/core/net_namespace.c +++ b/trunk/net/core/net_namespace.c @@ -96,7 +96,7 @@ static void net_free(struct net *net) return; } #endif - kfree(net->gen); + kmem_cache_free(net_cachep, net); } diff --git a/trunk/net/ipv4/netfilter/nf_defrag_ipv4.c b/trunk/net/ipv4/netfilter/nf_defrag_ipv4.c index fa2d6b6fc3e5..aa2c50a180f7 100644 --- a/trunk/net/ipv4/netfilter/nf_defrag_ipv4.c +++ b/trunk/net/ipv4/netfilter/nf_defrag_ipv4.c @@ -41,13 +41,12 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, int (*okfn)(struct sk_buff *)) { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) -#if !defined(CONFIG_NF_NAT) && !defined(CONFIG_NF_NAT_MODULE) /* Previously seen (loopback)? Ignore. Do this before fragment check. */ if (skb->nfct) return NF_ACCEPT; #endif -#endif + /* Gather fragments. */ if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { if (nf_ct_ipv4_gather_frags(skb, diff --git a/trunk/net/ipv4/netfilter/nf_nat_core.c b/trunk/net/ipv4/netfilter/nf_nat_core.c index a65cf692359f..2ac9eaf1a8c9 100644 --- a/trunk/net/ipv4/netfilter/nf_nat_core.c +++ b/trunk/net/ipv4/netfilter/nf_nat_core.c @@ -584,98 +584,6 @@ static struct nf_ct_ext_type nat_extend __read_mostly = { .flags = NF_CT_EXT_F_PREALLOC, }; -#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) - -#include -#include - -static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = { - [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 }, - [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 }, -}; - -static int nfnetlink_parse_nat_proto(struct nlattr *attr, - const struct nf_conn *ct, - struct nf_nat_range *range) -{ - struct nlattr *tb[CTA_PROTONAT_MAX+1]; - const struct nf_nat_protocol *npt; - int err; - - err = nla_parse_nested(tb, CTA_PROTONAT_MAX, attr, protonat_nla_policy); - if (err < 0) - return err; - - npt = nf_nat_proto_find_get(nf_ct_protonum(ct)); - if (npt->nlattr_to_range) - err = npt->nlattr_to_range(tb, range); - nf_nat_proto_put(npt); - return err; -} - -static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = { - [CTA_NAT_MINIP] = { .type = NLA_U32 }, - [CTA_NAT_MAXIP] = { .type = NLA_U32 }, -}; - -static int -nfnetlink_parse_nat(struct nlattr *nat, - const struct nf_conn *ct, struct nf_nat_range *range) -{ - struct nlattr *tb[CTA_NAT_MAX+1]; - int err; - - memset(range, 0, sizeof(*range)); - - err = nla_parse_nested(tb, CTA_NAT_MAX, nat, nat_nla_policy); - if (err < 0) - return err; - - if (tb[CTA_NAT_MINIP]) - range->min_ip = nla_get_be32(tb[CTA_NAT_MINIP]); - - if (!tb[CTA_NAT_MAXIP]) - range->max_ip = range->min_ip; - else - range->max_ip = nla_get_be32(tb[CTA_NAT_MAXIP]); - - if (range->min_ip) - range->flags |= IP_NAT_RANGE_MAP_IPS; - - if (!tb[CTA_NAT_PROTO]) - return 0; - - err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range); - if (err < 0) - return err; - - return 0; -} - -static int -nfnetlink_parse_nat_setup(struct nf_conn *ct, - enum nf_nat_manip_type manip, - struct nlattr *attr) -{ - struct nf_nat_range range; - - if (nfnetlink_parse_nat(attr, ct, &range) < 0) - return -EINVAL; - if (nf_nat_initialized(ct, manip)) - return -EEXIST; - - return nf_nat_setup_info(ct, &range, manip); -} -#else -static int -nfnetlink_parse_nat_setup(struct nf_conn *ct, - enum nf_nat_manip_type manip, - struct nlattr *attr) -{ - return -EOPNOTSUPP; -} -#endif - static int __net_init nf_nat_net_init(struct net *net) { net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size, @@ -746,9 +654,6 @@ static int __init nf_nat_init(void) BUG_ON(nf_nat_seq_adjust_hook != NULL); rcu_assign_pointer(nf_nat_seq_adjust_hook, nf_nat_seq_adjust); - BUG_ON(nfnetlink_parse_nat_setup_hook != NULL); - rcu_assign_pointer(nfnetlink_parse_nat_setup_hook, - nfnetlink_parse_nat_setup); return 0; cleanup_extend: @@ -762,12 +667,10 @@ static void __exit nf_nat_cleanup(void) nf_ct_l3proto_put(l3proto); nf_ct_extend_unregister(&nat_extend); rcu_assign_pointer(nf_nat_seq_adjust_hook, NULL); - rcu_assign_pointer(nfnetlink_parse_nat_setup_hook, NULL); synchronize_net(); } MODULE_LICENSE("GPL"); -MODULE_ALIAS("nf-nat-ipv4"); module_init(nf_nat_init); module_exit(nf_nat_cleanup); diff --git a/trunk/net/ipv6/netfilter.c b/trunk/net/ipv6/netfilter.c index fd5b3a4e3329..6b29b03925f1 100644 --- a/trunk/net/ipv6/netfilter.c +++ b/trunk/net/ipv6/netfilter.c @@ -12,7 +12,6 @@ int ip6_route_me_harder(struct sk_buff *skb) { - struct net *net = dev_net(skb->dst->dev); struct ipv6hdr *iph = ipv6_hdr(skb); struct dst_entry *dst; struct flowi fl = { @@ -24,7 +23,7 @@ int ip6_route_me_harder(struct sk_buff *skb) .saddr = iph->saddr, } }, }; - dst = ip6_route_output(net, skb->sk, &fl); + dst = ip6_route_output(dev_net(skb->dst->dev), skb->sk, &fl); #ifdef CONFIG_XFRM if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && @@ -34,7 +33,8 @@ int ip6_route_me_harder(struct sk_buff *skb) #endif if (dst->error) { - IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); + IP6_INC_STATS(&init_net, ip6_dst_idev(dst), + IPSTATS_MIB_OUTNOROUTES); LIMIT_NETDEBUG(KERN_DEBUG "ip6_route_me_harder: No more route.\n"); dst_release(dst); return -EINVAL; diff --git a/trunk/net/netfilter/nf_conntrack_core.c b/trunk/net/netfilter/nf_conntrack_core.c index 622d7c671cb7..27de3c7b006e 100644 --- a/trunk/net/netfilter/nf_conntrack_core.c +++ b/trunk/net/netfilter/nf_conntrack_core.c @@ -38,16 +38,9 @@ #include #include #include -#include #define NF_CONNTRACK_VERSION "0.5.0" -unsigned int -(*nfnetlink_parse_nat_setup_hook)(struct nf_conn *ct, - enum nf_nat_manip_type manip, - struct nlattr *attr) __read_mostly; -EXPORT_SYMBOL_GPL(nfnetlink_parse_nat_setup_hook); - DEFINE_SPINLOCK(nf_conntrack_lock); EXPORT_SYMBOL_GPL(nf_conntrack_lock); diff --git a/trunk/net/netfilter/nf_conntrack_netlink.c b/trunk/net/netfilter/nf_conntrack_netlink.c index 08e82d64eb6f..cadfd15b44f6 100644 --- a/trunk/net/netfilter/nf_conntrack_netlink.c +++ b/trunk/net/netfilter/nf_conntrack_netlink.c @@ -689,6 +689,71 @@ ctnetlink_parse_tuple(struct nlattr *cda[], struct nf_conntrack_tuple *tuple, return 0; } +#ifdef CONFIG_NF_NAT_NEEDED +static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = { + [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 }, + [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 }, +}; + +static int nfnetlink_parse_nat_proto(struct nlattr *attr, + const struct nf_conn *ct, + struct nf_nat_range *range) +{ + struct nlattr *tb[CTA_PROTONAT_MAX+1]; + const struct nf_nat_protocol *npt; + int err; + + err = nla_parse_nested(tb, CTA_PROTONAT_MAX, attr, protonat_nla_policy); + if (err < 0) + return err; + + npt = nf_nat_proto_find_get(nf_ct_protonum(ct)); + if (npt->nlattr_to_range) + err = npt->nlattr_to_range(tb, range); + nf_nat_proto_put(npt); + return err; +} + +static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = { + [CTA_NAT_MINIP] = { .type = NLA_U32 }, + [CTA_NAT_MAXIP] = { .type = NLA_U32 }, +}; + +static inline int +nfnetlink_parse_nat(struct nlattr *nat, + const struct nf_conn *ct, struct nf_nat_range *range) +{ + struct nlattr *tb[CTA_NAT_MAX+1]; + int err; + + memset(range, 0, sizeof(*range)); + + err = nla_parse_nested(tb, CTA_NAT_MAX, nat, nat_nla_policy); + if (err < 0) + return err; + + if (tb[CTA_NAT_MINIP]) + range->min_ip = nla_get_be32(tb[CTA_NAT_MINIP]); + + if (!tb[CTA_NAT_MAXIP]) + range->max_ip = range->min_ip; + else + range->max_ip = nla_get_be32(tb[CTA_NAT_MAXIP]); + + if (range->min_ip) + range->flags |= IP_NAT_RANGE_MAP_IPS; + + if (!tb[CTA_NAT_PROTO]) + return 0; + + err = nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range); + if (err < 0) + return err; + + return 0; +} +#endif + static inline int ctnetlink_parse_help(struct nlattr *attr, char **helper_name) { @@ -813,34 +878,6 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb, return err; } -static int -ctnetlink_parse_nat_setup(struct nf_conn *ct, - enum nf_nat_manip_type manip, - struct nlattr *attr) -{ - typeof(nfnetlink_parse_nat_setup_hook) parse_nat_setup; - - parse_nat_setup = rcu_dereference(nfnetlink_parse_nat_setup_hook); - if (!parse_nat_setup) { -#ifdef CONFIG_KMOD - rcu_read_unlock(); - nfnl_unlock(); - if (request_module("nf-nat-ipv4") < 0) { - nfnl_lock(); - rcu_read_lock(); - return -EOPNOTSUPP; - } - nfnl_lock(); - rcu_read_lock(); - if (nfnetlink_parse_nat_setup_hook) - return -EAGAIN; -#endif - return -EOPNOTSUPP; - } - - return parse_nat_setup(ct, manip, attr); -} - static int ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[]) { @@ -860,6 +897,31 @@ ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[]) /* ASSURED bit can only be set */ return -EBUSY; + if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { +#ifndef CONFIG_NF_NAT_NEEDED + return -EOPNOTSUPP; +#else + struct nf_nat_range range; + + if (cda[CTA_NAT_DST]) { + if (nfnetlink_parse_nat(cda[CTA_NAT_DST], ct, + &range) < 0) + return -EINVAL; + if (nf_nat_initialized(ct, IP_NAT_MANIP_DST)) + return -EEXIST; + nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST); + } + if (cda[CTA_NAT_SRC]) { + if (nfnetlink_parse_nat(cda[CTA_NAT_SRC], ct, + &range) < 0) + return -EINVAL; + if (nf_nat_initialized(ct, IP_NAT_MANIP_SRC)) + return -EEXIST; + nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC); + } +#endif + } + /* Be careful here, modifying NAT bits can screw up things, * so don't let users modify them directly if they don't pass * nf_nat_range. */ @@ -867,31 +929,6 @@ ctnetlink_change_status(struct nf_conn *ct, struct nlattr *cda[]) return 0; } -static int -ctnetlink_change_nat(struct nf_conn *ct, struct nlattr *cda[]) -{ -#ifdef CONFIG_NF_NAT_NEEDED - int ret; - - if (cda[CTA_NAT_DST]) { - ret = ctnetlink_parse_nat_setup(ct, - IP_NAT_MANIP_DST, - cda[CTA_NAT_DST]); - if (ret < 0) - return ret; - } - if (cda[CTA_NAT_SRC]) { - ret = ctnetlink_parse_nat_setup(ct, - IP_NAT_MANIP_SRC, - cda[CTA_NAT_SRC]); - if (ret < 0) - return ret; - } - return 0; -#else - return -EOPNOTSUPP; -#endif -} static inline int ctnetlink_change_helper(struct nf_conn *ct, struct nlattr *cda[]) @@ -1120,14 +1157,6 @@ ctnetlink_create_conntrack(struct nlattr *cda[], } } - if (cda[CTA_NAT_SRC] || cda[CTA_NAT_DST]) { - err = ctnetlink_change_nat(ct, cda); - if (err < 0) { - rcu_read_unlock(); - goto err; - } - } - if (cda[CTA_PROTOINFO]) { err = ctnetlink_change_protoinfo(ct, cda); if (err < 0) { diff --git a/trunk/net/netfilter/nfnetlink.c b/trunk/net/netfilter/nfnetlink.c index 4739f9f961d8..b75c9c4a995d 100644 --- a/trunk/net/netfilter/nfnetlink.c +++ b/trunk/net/netfilter/nfnetlink.c @@ -44,17 +44,15 @@ static struct sock *nfnl = NULL; static const struct nfnetlink_subsystem *subsys_table[NFNL_SUBSYS_COUNT]; static DEFINE_MUTEX(nfnl_mutex); -void nfnl_lock(void) +static inline void nfnl_lock(void) { mutex_lock(&nfnl_mutex); } -EXPORT_SYMBOL_GPL(nfnl_lock); -void nfnl_unlock(void) +static inline void nfnl_unlock(void) { mutex_unlock(&nfnl_mutex); } -EXPORT_SYMBOL_GPL(nfnl_unlock); int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n) { @@ -134,7 +132,6 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) return 0; type = nlh->nlmsg_type; -replay: ss = nfnetlink_get_subsys(type); if (!ss) { #ifdef CONFIG_KMOD @@ -168,10 +165,7 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } else return -EINVAL; - err = nc->call(nfnl, skb, nlh, cda); - if (err == -EAGAIN) - goto replay; - return err; + return nc->call(nfnl, skb, nlh, cda); } }