[mirror_ubuntu-bionic-kernel.git] / net / netfilter / nf_conntrack_ecache.c

/* Event cache for netfilter. */

/* (C) 1999-2001 Paul `Rusty' Russell
 * (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
 * (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/types.h>
#include <linux/netfilter.h>
#include <linux/skbuff.h>
#include <linux/vmalloc.h>
#include <linux/stddef.h>
#include <linux/err.h>
#include <linux/percpu.h>
#include <linux/kernel.h>
#include <linux/netdevice.h>

#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_core.h>

static DEFINE_MUTEX(nf_ct_ecache_mutex);

struct nf_ct_event_notifier *nf_conntrack_event_cb __read_mostly;
EXPORT_SYMBOL_GPL(nf_conntrack_event_cb);

struct nf_exp_event_notifier *nf_expect_event_cb __read_mostly;
EXPORT_SYMBOL_GPL(nf_expect_event_cb);

/* deliver cached events and clear cache entry - must be called with locally
 * disabled softirqs */
static inline void
__nf_ct_deliver_cached_events(struct nf_conntrack_ecache *ecache)
{
	struct nf_ct_event_notifier *notify;

	rcu_read_lock();
	notify = rcu_dereference(nf_conntrack_event_cb);
	if (notify == NULL)
		goto out_unlock;

	if (nf_ct_is_confirmed(ecache->ct) && !nf_ct_is_dying(ecache->ct)
	    && ecache->events) {
		struct nf_ct_event item = {
			.ct 	= ecache->ct,
			.pid	= 0,
			.report	= 0
		};

		notify->fcn(ecache->events, &item);
	}

	ecache->events = 0;
	nf_ct_put(ecache->ct);
	ecache->ct = NULL;

out_unlock:
	rcu_read_unlock();
}

/* Deliver all cached events for a particular conntrack. This is called
 * by code prior to async packet handling for freeing the skb */
void nf_ct_deliver_cached_events(const struct nf_conn *ct)
{
	struct net *net = nf_ct_net(ct);
	struct nf_conntrack_ecache *ecache;

	local_bh_disable();
	ecache = per_cpu_ptr(net->ct.ecache, raw_smp_processor_id());
	if (ecache->ct == ct)
		__nf_ct_deliver_cached_events(ecache);
	local_bh_enable();
}
EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events);

/* Deliver cached events for old pending events, if current conntrack != old */
void __nf_ct_event_cache_init(struct nf_conn *ct)
{
	struct net *net = nf_ct_net(ct);
	struct nf_conntrack_ecache *ecache;

	/* take care of delivering potentially old events */
	ecache = per_cpu_ptr(net->ct.ecache, raw_smp_processor_id());
	BUG_ON(ecache->ct == ct);
	if (ecache->ct)
		__nf_ct_deliver_cached_events(ecache);
	/* initialize for this conntrack/packet */
	ecache->ct = ct;
	nf_conntrack_get(&ct->ct_general);
}
EXPORT_SYMBOL_GPL(__nf_ct_event_cache_init);

/* flush the event cache - touches other CPU's data and must not be called
 * while packets are still passing through the code */
void nf_ct_event_cache_flush(struct net *net)
{
	struct nf_conntrack_ecache *ecache;
	int cpu;

	for_each_possible_cpu(cpu) {
		ecache = per_cpu_ptr(net->ct.ecache, cpu);
		if (ecache->ct)
			nf_ct_put(ecache->ct);
	}
}

int nf_conntrack_ecache_init(struct net *net)
{
	net->ct.ecache = alloc_percpu(struct nf_conntrack_ecache);
	if (!net->ct.ecache)
		return -ENOMEM;
	return 0;
}

void nf_conntrack_ecache_fini(struct net *net)
{
	free_percpu(net->ct.ecache);
}

int nf_conntrack_register_notifier(struct nf_ct_event_notifier *new)
{
	int ret = 0;
	struct nf_ct_event_notifier *notify;

	mutex_lock(&nf_ct_ecache_mutex);
	notify = rcu_dereference(nf_conntrack_event_cb);
	if (notify != NULL) {
		ret = -EBUSY;
		goto out_unlock;
	}
	rcu_assign_pointer(nf_conntrack_event_cb, new);
	mutex_unlock(&nf_ct_ecache_mutex);
	return ret;

out_unlock:
	mutex_unlock(&nf_ct_ecache_mutex);
	return ret;
}
EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier);

void nf_conntrack_unregister_notifier(struct nf_ct_event_notifier *new)
{
	struct nf_ct_event_notifier *notify;

	mutex_lock(&nf_ct_ecache_mutex);
	notify = rcu_dereference(nf_conntrack_event_cb);
	BUG_ON(notify != new);
	rcu_assign_pointer(nf_conntrack_event_cb, NULL);
	mutex_unlock(&nf_ct_ecache_mutex);
}
EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier);

int nf_ct_expect_register_notifier(struct nf_exp_event_notifier *new)
{
	int ret = 0;
	struct nf_exp_event_notifier *notify;

	mutex_lock(&nf_ct_ecache_mutex);
	notify = rcu_dereference(nf_expect_event_cb);
	if (notify != NULL) {
		ret = -EBUSY;
		goto out_unlock;
	}
	rcu_assign_pointer(nf_expect_event_cb, new);
	mutex_unlock(&nf_ct_ecache_mutex);
	return ret;

out_unlock:
	mutex_unlock(&nf_ct_ecache_mutex);
	return ret;
}
EXPORT_SYMBOL_GPL(nf_ct_expect_register_notifier);

void nf_ct_expect_unregister_notifier(struct nf_exp_event_notifier *new)
{
	struct nf_exp_event_notifier *notify;

	mutex_lock(&nf_ct_ecache_mutex);
	notify = rcu_dereference(nf_expect_event_cb);
	BUG_ON(notify != new);
	rcu_assign_pointer(nf_expect_event_cb, NULL);
	mutex_unlock(&nf_ct_ecache_mutex);
}
EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier);
Commit	Line	Data
f6180121 MJ	1	/* Event cache for netfilter. */
	2
	3	/* (C) 1999-2001 Paul `Rusty' Russell
	4	* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
	5	* (C) 2003,2004 USAGI/WIDE Project <http://www.linux-ipv6.org>
	6	*
	7	* This program is free software; you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License version 2 as
	9	* published by the Free Software Foundation.
	10	*/
	11
	12	#include <linux/types.h>
	13	#include <linux/netfilter.h>
	14	#include <linux/skbuff.h>
	15	#include <linux/vmalloc.h>
	16	#include <linux/stddef.h>
	17	#include <linux/err.h>
	18	#include <linux/percpu.h>
f6180121 MJ	19	#include <linux/kernel.h>
	20	#include <linux/netdevice.h>
	21
	22	#include <net/netfilter/nf_conntrack.h>
f6180121 MJ	23	#include <net/netfilter/nf_conntrack_core.h>
f6180121 MJ	24
e34d5c1a	25	static DEFINE_MUTEX(nf_ct_ecache_mutex);
13b18339	26
e34d5c1a PNA	27	struct nf_ct_event_notifier *nf_conntrack_event_cb __read_mostly;
	28	EXPORT_SYMBOL_GPL(nf_conntrack_event_cb);
	29
	30	struct nf_exp_event_notifier *nf_expect_event_cb __read_mostly;
	31	EXPORT_SYMBOL_GPL(nf_expect_event_cb);
f6180121	32
f6180121 MJ	33	/* deliver cached events and clear cache entry - must be called with locally
	34	* disabled softirqs */
	35	static inline void
	36	__nf_ct_deliver_cached_events(struct nf_conntrack_ecache *ecache)
	37	{
e34d5c1a PNA	38	struct nf_ct_event_notifier *notify;
	39
	40	rcu_read_lock();
	41	notify = rcu_dereference(nf_conntrack_event_cb);
	42	if (notify == NULL)
	43	goto out_unlock;
	44
f6180121	45	if (nf_ct_is_confirmed(ecache->ct) && !nf_ct_is_dying(ecache->ct)
19abb7b0 PNA	46	&& ecache->events) {
	47	struct nf_ct_event item = {
	48	.ct = ecache->ct,
	49	.pid = 0,
	50	.report = 0
	51	};
	52
e34d5c1a	53	notify->fcn(ecache->events, &item);
19abb7b0	54	}
f6180121 MJ	55
	56	ecache->events = 0;
	57	nf_ct_put(ecache->ct);
	58	ecache->ct = NULL;
e34d5c1a PNA	59
	60	out_unlock:
	61	rcu_read_unlock();
f6180121 MJ	62	}
	63
	64	/* Deliver all cached events for a particular conntrack. This is called
	65	* by code prior to async packet handling for freeing the skb */
	66	void nf_ct_deliver_cached_events(const struct nf_conn *ct)
	67	{
6058fa6b	68	struct net *net = nf_ct_net(ct);
f6180121 MJ	69	struct nf_conntrack_ecache *ecache;
	70
	71	local_bh_disable();
6058fa6b	72	ecache = per_cpu_ptr(net->ct.ecache, raw_smp_processor_id());
f6180121 MJ	73	if (ecache->ct == ct)
	74	__nf_ct_deliver_cached_events(ecache);
	75	local_bh_enable();
	76	}
13b18339	77	EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events);
f6180121 MJ	78
	79	/* Deliver cached events for old pending events, if current conntrack != old */
	80	void __nf_ct_event_cache_init(struct nf_conn *ct)
	81	{
6058fa6b	82	struct net *net = nf_ct_net(ct);
f6180121 MJ	83	struct nf_conntrack_ecache *ecache;
	84
	85	/* take care of delivering potentially old events */
6058fa6b	86	ecache = per_cpu_ptr(net->ct.ecache, raw_smp_processor_id());
f6180121 MJ	87	BUG_ON(ecache->ct == ct);
	88	if (ecache->ct)
	89	__nf_ct_deliver_cached_events(ecache);
	90	/* initialize for this conntrack/packet */
	91	ecache->ct = ct;
	92	nf_conntrack_get(&ct->ct_general);
	93	}
13b18339	94	EXPORT_SYMBOL_GPL(__nf_ct_event_cache_init);
f6180121 MJ	95
	96	/* flush the event cache - touches other CPU's data and must not be called
	97	* while packets are still passing through the code */
6058fa6b	98	void nf_ct_event_cache_flush(struct net *net)
f6180121 MJ	99	{
	100	struct nf_conntrack_ecache *ecache;
	101	int cpu;
	102
	103	for_each_possible_cpu(cpu) {
6058fa6b	104	ecache = per_cpu_ptr(net->ct.ecache, cpu);
f6180121 MJ	105	if (ecache->ct)
	106	nf_ct_put(ecache->ct);
	107	}
	108	}
	109
6058fa6b AD	110	int nf_conntrack_ecache_init(struct net *net)
	111	{
	112	net->ct.ecache = alloc_percpu(struct nf_conntrack_ecache);
	113	if (!net->ct.ecache)
	114	return -ENOMEM;
	115	return 0;
	116	}
	117
	118	void nf_conntrack_ecache_fini(struct net *net)
	119	{
	120	free_percpu(net->ct.ecache);
	121	}
	122
e34d5c1a	123	int nf_conntrack_register_notifier(struct nf_ct_event_notifier *new)
010c7d6f	124	{
e34d5c1a PNA	125	int ret = 0;
	126	struct nf_ct_event_notifier *notify;
	127
	128	mutex_lock(&nf_ct_ecache_mutex);
	129	notify = rcu_dereference(nf_conntrack_event_cb);
	130	if (notify != NULL) {
	131	ret = -EBUSY;
	132	goto out_unlock;
	133	}
	134	rcu_assign_pointer(nf_conntrack_event_cb, new);
	135	mutex_unlock(&nf_ct_ecache_mutex);
	136	return ret;
	137
	138	out_unlock:
	139	mutex_unlock(&nf_ct_ecache_mutex);
	140	return ret;
010c7d6f PM	141	}
	142	EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier);
	143
e34d5c1a	144	void nf_conntrack_unregister_notifier(struct nf_ct_event_notifier *new)
010c7d6f	145	{
e34d5c1a PNA	146	struct nf_ct_event_notifier *notify;
	147
	148	mutex_lock(&nf_ct_ecache_mutex);
	149	notify = rcu_dereference(nf_conntrack_event_cb);
	150	BUG_ON(notify != new);
	151	rcu_assign_pointer(nf_conntrack_event_cb, NULL);
	152	mutex_unlock(&nf_ct_ecache_mutex);
010c7d6f PM	153	}
	154	EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier);
	155
e34d5c1a	156	int nf_ct_expect_register_notifier(struct nf_exp_event_notifier *new)
010c7d6f	157	{
e34d5c1a PNA	158	int ret = 0;
	159	struct nf_exp_event_notifier *notify;
	160
	161	mutex_lock(&nf_ct_ecache_mutex);
	162	notify = rcu_dereference(nf_expect_event_cb);
	163	if (notify != NULL) {
	164	ret = -EBUSY;
	165	goto out_unlock;
	166	}
	167	rcu_assign_pointer(nf_expect_event_cb, new);
	168	mutex_unlock(&nf_ct_ecache_mutex);
	169	return ret;
	170
	171	out_unlock:
	172	mutex_unlock(&nf_ct_ecache_mutex);
	173	return ret;
010c7d6f	174	}
6823645d	175	EXPORT_SYMBOL_GPL(nf_ct_expect_register_notifier);
010c7d6f	176
e34d5c1a	177	void nf_ct_expect_unregister_notifier(struct nf_exp_event_notifier *new)
010c7d6f	178	{
e34d5c1a PNA	179	struct nf_exp_event_notifier *notify;
	180
	181	mutex_lock(&nf_ct_ecache_mutex);
	182	notify = rcu_dereference(nf_expect_event_cb);
	183	BUG_ON(notify != new);
	184	rcu_assign_pointer(nf_expect_event_cb, NULL);
	185	mutex_unlock(&nf_ct_ecache_mutex);
010c7d6f	186	}
6823645d	187	EXPORT_SYMBOL_GPL(nf_ct_expect_unregister_notifier);