1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
4 * (C) 2012 by Vyatta Inc. <http://www.vyatta.com>
7 #include <linux/types.h>
8 #include <linux/netfilter.h>
9 #include <linux/skbuff.h>
10 #include <linux/vmalloc.h>
11 #include <linux/stddef.h>
12 #include <linux/err.h>
13 #include <linux/percpu.h>
14 #include <linux/kernel.h>
15 #include <linux/netdevice.h>
16 #include <linux/slab.h>
17 #include <linux/export.h>
19 #include <net/netfilter/nf_conntrack.h>
20 #include <net/netfilter/nf_conntrack_core.h>
21 #include <net/netfilter/nf_conntrack_extend.h>
22 #include <net/netfilter/nf_conntrack_l4proto.h>
23 #include <net/netfilter/nf_conntrack_timeout.h>
25 struct nf_ct_timeout
*
26 (*nf_ct_timeout_find_get_hook
)(struct net
*net
, const char *name
) __read_mostly
;
27 EXPORT_SYMBOL_GPL(nf_ct_timeout_find_get_hook
);
29 void (*nf_ct_timeout_put_hook
)(struct nf_ct_timeout
*timeout
) __read_mostly
;
30 EXPORT_SYMBOL_GPL(nf_ct_timeout_put_hook
);
32 static int untimeout(struct nf_conn
*ct
, void *timeout
)
34 struct nf_conn_timeout
*timeout_ext
= nf_ct_timeout_find(ct
);
36 if (timeout_ext
&& (!timeout
|| timeout_ext
->timeout
== timeout
))
37 RCU_INIT_POINTER(timeout_ext
->timeout
, NULL
);
39 /* We are not intended to delete this conntrack. */
43 void nf_ct_untimeout(struct net
*net
, struct nf_ct_timeout
*timeout
)
45 nf_ct_iterate_cleanup_net(net
, untimeout
, timeout
, 0, 0);
47 EXPORT_SYMBOL_GPL(nf_ct_untimeout
);
49 static void __nf_ct_timeout_put(struct nf_ct_timeout
*timeout
)
51 typeof(nf_ct_timeout_put_hook
) timeout_put
;
53 timeout_put
= rcu_dereference(nf_ct_timeout_put_hook
);
58 int nf_ct_set_timeout(struct net
*net
, struct nf_conn
*ct
,
59 u8 l3num
, u8 l4num
, const char *timeout_name
)
61 typeof(nf_ct_timeout_find_get_hook
) timeout_find_get
;
62 struct nf_ct_timeout
*timeout
;
63 struct nf_conn_timeout
*timeout_ext
;
64 const char *errmsg
= NULL
;
68 timeout_find_get
= rcu_dereference(nf_ct_timeout_find_get_hook
);
69 if (!timeout_find_get
) {
71 errmsg
= "Timeout policy base is empty";
75 timeout
= timeout_find_get(net
, timeout_name
);
78 pr_info_ratelimited("No such timeout policy \"%s\"\n",
83 if (timeout
->l3num
!= l3num
) {
85 pr_info_ratelimited("Timeout policy `%s' can only be used by "
86 "L%d protocol number %d\n",
87 timeout_name
, 3, timeout
->l3num
);
90 /* Make sure the timeout policy matches any existing protocol tracker,
91 * otherwise default to generic.
93 if (timeout
->l4proto
->l4proto
!= l4num
) {
95 pr_info_ratelimited("Timeout policy `%s' can only be used by "
96 "L%d protocol number %d\n",
97 timeout_name
, 4, timeout
->l4proto
->l4proto
);
100 timeout_ext
= nf_ct_timeout_ext_add(ct
, timeout
, GFP_ATOMIC
);
103 goto err_put_timeout
;
110 __nf_ct_timeout_put(timeout
);
114 pr_info_ratelimited("%s\n", errmsg
);
117 EXPORT_SYMBOL_GPL(nf_ct_set_timeout
);
119 void nf_ct_destroy_timeout(struct nf_conn
*ct
)
121 struct nf_conn_timeout
*timeout_ext
;
122 typeof(nf_ct_timeout_put_hook
) timeout_put
;
125 timeout_put
= rcu_dereference(nf_ct_timeout_put_hook
);
128 timeout_ext
= nf_ct_timeout_find(ct
);
130 timeout_put(timeout_ext
->timeout
);
131 RCU_INIT_POINTER(timeout_ext
->timeout
, NULL
);
136 EXPORT_SYMBOL_GPL(nf_ct_destroy_timeout
);
138 static const struct nf_ct_ext_type timeout_extend
= {
139 .len
= sizeof(struct nf_conn_timeout
),
140 .align
= __alignof__(struct nf_conn_timeout
),
141 .id
= NF_CT_EXT_TIMEOUT
,
144 int nf_conntrack_timeout_init(void)
146 int ret
= nf_ct_extend_register(&timeout_extend
);
148 pr_err("nf_ct_timeout: Unable to register timeout extension.\n");
152 void nf_conntrack_timeout_fini(void)
154 nf_ct_extend_unregister(&timeout_extend
);