On Tue, Apr 17, 2012 at 06:22:42PM +0800, Gao feng wrote:
> 于 2012年04月17日 16:58, Pablo Neira Ayuso 写道:
> > On Tue, Apr 17, 2012 at 10:56:14AM +0800, Gao feng wrote:
> >> register the generic proto's sysctl in pernet_operations.init.
> >> and use net->ct.proto.sysctl_generic_timeout replaces nf_ct_generic_timeout.
> >>
> >> in the after patch,the timeout_nlattr_to_obj will be modified too.
> >>
> >> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
> >> ---
> >> net/netfilter/nf_conntrack_core.c | 6 ++
> >> net/netfilter/nf_conntrack_proto_generic.c | 93 +++++++++++++++++++++++++---
> >> 2 files changed, 91 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
> >> index 729f157..bf11dd6 100644
> >> --- a/net/netfilter/nf_conntrack_core.c
> >> +++ b/net/netfilter/nf_conntrack_core.c
> >> @@ -1358,6 +1358,7 @@ static void nf_conntrack_cleanup_net(struct net *net)
> >> nf_conntrack_tstamp_fini(net);
> >> nf_conntrack_acct_fini(net);
> >> nf_conntrack_expect_fini(net);
> >> + nf_conntrack_proto_generic_net_fini(net);
> >> kmem_cache_destroy(net->ct.nf_conntrack_cachep);
> >> kfree(net->ct.slabname);
> >> free_percpu(net->ct.stat);
> >> @@ -1573,6 +1574,9 @@ static int nf_conntrack_init_net(struct net *net)
> >> printk(KERN_ERR "Unable to create nf_conntrack_hash\n");
> >> goto err_hash;
> >> }
> >> + ret = nf_conntrack_proto_generic_net_init(net);
> >> + if (ret < 0)
> >> + goto err_generic;
> >> ret = nf_conntrack_expect_init(net);
> >> if (ret < 0)
> >> goto err_expect;
> >> @@ -1600,6 +1604,8 @@ err_tstamp:
> >> err_acct:
> >> nf_conntrack_expect_fini(net);
> >> err_expect:
> >> + nf_conntrack_proto_generic_net_fini(net);
> >> +err_generic:
> >> nf_ct_free_hashtable(net->ct.hash, net->ct.htable_size);
> >> err_hash:
> >> kmem_cache_destroy(net->ct.nf_conntrack_cachep);
> >> diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
> >> index 835e24c..0d4545b 100644
> >> --- a/net/netfilter/nf_conntrack_proto_generic.c
> >> +++ b/net/netfilter/nf_conntrack_proto_generic.c
> >> @@ -42,7 +42,7 @@ static int generic_print_tuple(struct seq_file *s,
> >>
> >> static unsigned int *generic_get_timeouts(struct net *net)
> >> {
> >> - return &nf_ct_generic_timeout;
> >> + return &(net->ct.proto.sysctl_generic_timeout);
> >> }
> >>
> >> /* Returns verdict for packet, or -1 for invalid. */
> >> @@ -105,11 +105,10 @@ generic_timeout_nla_policy[CTA_TIMEOUT_GENERIC_MAX+1] = {
> >> #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
> >>
> >> #ifdef CONFIG_SYSCTL
> >> -static struct ctl_table_header *generic_sysctl_header;
> >> static struct ctl_table generic_sysctl_table[] = {
> >> {
> >> .procname = "nf_conntrack_generic_timeout",
> >> - .data = &nf_ct_generic_timeout,
> >> + .data = &init_net.ct.proto.sysctl_generic_timeout,
> >> .maxlen = sizeof(unsigned int),
> >> .mode = 0644,
> >> .proc_handler = proc_dointvec_jiffies,
> >> @@ -120,7 +119,7 @@ static struct ctl_table generic_sysctl_table[] = {
> >> static struct ctl_table generic_compat_sysctl_table[] = {
> >> {
> >> .procname = "ip_conntrack_generic_timeout",
> >> - .data = &nf_ct_generic_timeout,
> >> + .data = &init_net.ct.proto.sysctl_generic_timeout,
> >> .maxlen = sizeof(unsigned int),
> >> .mode = 0644,
> >> .proc_handler = proc_dointvec_jiffies,
> >> @@ -150,11 +149,89 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly =
> >> .nla_policy = generic_timeout_nla_policy,
> >> },
> >> #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
> >> +};
> >> +
> >> +int nf_conntrack_proto_generic_net_init(struct net *net)
> >
> > Please, check int nf_conntrack_ecache_init(struct net *net) for
> > instance on how we're doing the per-net registration of netfilter
> > modules.
>
> nf_conntrack_l4proto_generic is registered when loading nf_conntrack module.
> so we should register sysctl in nf_conntrack_init_net.
>
> I don't know what's wrong here...
Nothing wrong, just a comestic change.
I'd like that the protocol and sysctl registration happen in the same
function, like in other part of the code, for consistency.
Probably, you can use http://patchwork.ozlabs.org/patch/152096/ as
reference.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
