]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blobdiff - net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
[NETFILTER]: Add ctnetlink port for nf_conntrack
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / netfilter / nf_conntrack_l3proto_ipv6.c
index e2c90b3a807456d96ff12a7abec32a9141ae5e5f..704fbbe748746f0657b41c28bade67ad1ce13b7c 100644 (file)
@@ -339,8 +339,8 @@ extern unsigned long nf_ct_icmpv6_timeout;
 
 /* From nf_conntrack_frag6.c */
 extern unsigned long nf_ct_frag6_timeout;
-extern unsigned long nf_ct_frag6_low_thresh;
-extern unsigned long nf_ct_frag6_high_thresh;
+extern unsigned int nf_ct_frag6_low_thresh;
+extern unsigned int nf_ct_frag6_high_thresh;
 
 static struct ctl_table_header *nf_ct_ipv6_sysctl_header;
 
@@ -367,7 +367,7 @@ static ctl_table nf_ct_sysctl_table[] = {
                .data           = &nf_ct_frag6_low_thresh,
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
-               .proc_handler   = &proc_dointvec_jiffies,
+               .proc_handler   = &proc_dointvec,
        },
        {
                .ctl_name       = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH,
@@ -375,7 +375,7 @@ static ctl_table nf_ct_sysctl_table[] = {
                .data           = &nf_ct_frag6_high_thresh,
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
-               .proc_handler   = &proc_dointvec_jiffies,
+               .proc_handler   = &proc_dointvec,
        },
         { .ctl_name = 0 }
 };
@@ -401,6 +401,48 @@ static ctl_table nf_ct_net_table[] = {
 };
 #endif
 
+#if defined(CONFIG_NF_CT_NETLINK) || \
+    defined(CONFIG_NF_CT_NETLINK_MODULE)
+
+#include <linux/netfilter/nfnetlink.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
+
+static int ipv6_tuple_to_nfattr(struct sk_buff *skb,
+                               const struct nf_conntrack_tuple *tuple)
+{
+       NFA_PUT(skb, CTA_IP_V6_SRC, sizeof(u_int32_t) * 4,
+               &tuple->src.u3.ip6);
+       NFA_PUT(skb, CTA_IP_V6_DST, sizeof(u_int32_t) * 4,
+               &tuple->dst.u3.ip6);
+       return 0;
+
+nfattr_failure:
+       return -1;
+}
+
+static const size_t cta_min_ip[CTA_IP_MAX] = {
+       [CTA_IP_V6_SRC-1]       = sizeof(u_int32_t)*4,
+       [CTA_IP_V6_DST-1]       = sizeof(u_int32_t)*4,
+};
+
+static int ipv6_nfattr_to_tuple(struct nfattr *tb[],
+                               struct nf_conntrack_tuple *t)
+{
+       if (!tb[CTA_IP_V6_SRC-1] || !tb[CTA_IP_V6_DST-1])
+               return -EINVAL;
+
+       if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip))
+               return -EINVAL;
+
+       memcpy(&t->src.u3.ip6, NFA_DATA(tb[CTA_IP_V6_SRC-1]), 
+              sizeof(u_int32_t) * 4);
+       memcpy(&t->dst.u3.ip6, NFA_DATA(tb[CTA_IP_V6_DST-1]),
+              sizeof(u_int32_t) * 4);
+
+       return 0;
+}
+#endif
+
 struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6 = {
        .l3proto                = PF_INET6,
        .name                   = "ipv6",
@@ -409,6 +451,11 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6 = {
        .print_tuple            = ipv6_print_tuple,
        .print_conntrack        = ipv6_print_conntrack,
        .prepare                = ipv6_prepare,
+#if defined(CONFIG_NF_CT_NETLINK) || \
+    defined(CONFIG_NF_CT_NETLINK_MODULE)
+       .tuple_to_nfattr        = ipv6_tuple_to_nfattr,
+       .nfattr_to_tuple        = ipv6_nfattr_to_tuple,
+#endif
        .get_features           = ipv6_get_features,
        .me                     = THIS_MODULE,
 };