Skip to content

Commit

Permalink
netfilter: conntrack: include ecache dying list in dumps
Browse files Browse the repository at this point in the history 
The new pernet dying list includes conntrack entries that await
delivery of the 'destroy' event via ctnetlink.

The old percpu dying list will be removed soon.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Florian Westphal authored and Pablo Neira Ayuso committed May 13, 2022
1 parent 2ed3bf1 commit 0d3cc50
Show file tree
Hide file tree
Showing 3 changed files with 55 additions and 0 deletions.
2 changes: 2 additions & 0 deletions include/net/netfilter/nf_conntrack_ecache.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,8 @@ void nf_conntrack_ecache_work(struct net *net, enum nf_ct_ecache_state state);
void nf_conntrack_ecache_pernet_init(struct net *net);
void nf_conntrack_ecache_pernet_fini(struct net *net);

struct nf_conntrack_net_ecache *nf_conn_pernet_ecache(const struct net *net);

static inline bool nf_conntrack_ecache_dwork_pending(const struct net *net)
{
return net->ct.ecache_dwork_pending;
Expand Down
10 changes: 10 additions & 0 deletions net/netfilter/nf_conntrack_ecache.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,16 @@ enum retry_state {
STATE_DONE,
};

struct nf_conntrack_net_ecache *nf_conn_pernet_ecache(const struct net *net)
{
struct nf_conntrack_net *cnet = nf_ct_pernet(net);

return &cnet->ecache;
}
#if IS_MODULE(CONFIG_NF_CT_NETLINK)
EXPORT_SYMBOL_GPL(nf_conn_pernet_ecache);
#endif

static enum retry_state ecache_work_evict_list(struct nf_conntrack_net *cnet)
{
unsigned long stop = jiffies + ECACHE_MAX_JIFFIES;
Expand Down
43 changes: 43 additions & 0 deletions net/netfilter/nf_conntrack_netlink.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ struct ctnetlink_list_dump_ctx {
struct nf_conn *last;
unsigned int cpu;
bool done;
bool retrans_done;
};

static int ctnetlink_dump_tuples_proto(struct sk_buff *skb,
Expand Down Expand Up @@ -1802,6 +1803,48 @@ ctnetlink_dump_list(struct sk_buff *skb, struct netlink_callback *cb, bool dying
static int
ctnetlink_dump_dying(struct sk_buff *skb, struct netlink_callback *cb)
{
struct ctnetlink_list_dump_ctx *ctx = (void *)cb->ctx;
struct nf_conn *last = ctx->last;
#ifdef CONFIG_NF_CONNTRACK_EVENTS
const struct net *net = sock_net(skb->sk);
struct nf_conntrack_net_ecache *ecache_net;
struct nf_conntrack_tuple_hash *h;
struct hlist_nulls_node *n;
#endif

if (ctx->retrans_done)
return ctnetlink_dump_list(skb, cb, true);

ctx->last = NULL;

#ifdef CONFIG_NF_CONNTRACK_EVENTS
ecache_net = nf_conn_pernet_ecache(net);
spin_lock_bh(&ecache_net->dying_lock);

hlist_nulls_for_each_entry(h, n, &ecache_net->dying_list, hnnode) {
struct nf_conn *ct;
int res;

ct = nf_ct_tuplehash_to_ctrack(h);
if (last && last != ct)
continue;

res = ctnetlink_dump_one_entry(skb, cb, ct, true);
if (res < 0) {
spin_unlock_bh(&ecache_net->dying_lock);
nf_ct_put(last);
return skb->len;
}

nf_ct_put(last);
last = NULL;
}

spin_unlock_bh(&ecache_net->dying_lock);
#endif
nf_ct_put(last);
ctx->retrans_done = true;

return ctnetlink_dump_list(skb, cb, true);
}

Expand Down

0 comments on commit 0d3cc50

Please sign in to comment.