Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
nfnetlink_cthelper.c
Go to the documentation of this file.
1 /*
2  * (C) 2012 Pablo Neira Ayuso <[email protected]>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License version 2 as
6  * published by the Free Software Foundation (or any later at your option).
7  *
8  * This software has been sponsored by Vyatta Inc. <http://www.vyatta.com>
9  */
10 #include <linux/init.h>
11 #include <linux/module.h>
12 #include <linux/kernel.h>
13 #include <linux/skbuff.h>
14 #include <linux/netlink.h>
15 #include <linux/rculist.h>
16 #include <linux/slab.h>
17 #include <linux/types.h>
18 #include <linux/list.h>
19 #include <linux/errno.h>
20 #include <net/netlink.h>
21 #include <net/sock.h>
22 
23 #include <net/netfilter/nf_conntrack_helper.h>
24 #include <net/netfilter/nf_conntrack_expect.h>
25 #include <net/netfilter/nf_conntrack_ecache.h>
26 
27 #include <linux/netfilter/nfnetlink.h>
28 #include <linux/netfilter/nfnetlink_conntrack.h>
29 #include <linux/netfilter/nfnetlink_cthelper.h>
30 
31 MODULE_LICENSE("GPL");
32 MODULE_AUTHOR("Pablo Neira Ayuso <[email protected]>");
33 MODULE_DESCRIPTION("nfnl_cthelper: User-space connection tracking helpers");
34 
35 static int
36 nfnl_userspace_cthelper(struct sk_buff *skb, unsigned int protoff,
37  struct nf_conn *ct, enum ip_conntrack_info ctinfo)
38 {
39  const struct nf_conn_help *help;
40  struct nf_conntrack_helper *helper;
41 
42  help = nfct_help(ct);
43  if (help == NULL)
44  return NF_DROP;
45 
46  /* rcu_read_lock()ed by nf_hook_slow */
47  helper = rcu_dereference(help->helper);
48  if (helper == NULL)
49  return NF_DROP;
50 
51  /* This is an user-space helper not yet configured, skip. */
52  if ((helper->flags &
53  (NF_CT_HELPER_F_USERSPACE | NF_CT_HELPER_F_CONFIGURED)) ==
54  NF_CT_HELPER_F_USERSPACE)
55  return NF_ACCEPT;
56 
57  /* If the user-space helper is not available, don't block traffic. */
58  return NF_QUEUE_NR(helper->queue_num) | NF_VERDICT_FLAG_QUEUE_BYPASS;
59 }
60 
61 static const struct nla_policy nfnl_cthelper_tuple_pol[NFCTH_TUPLE_MAX+1] = {
62  [NFCTH_TUPLE_L3PROTONUM] = { .type = NLA_U16, },
63  [NFCTH_TUPLE_L4PROTONUM] = { .type = NLA_U8, },
64 };
65 
66 static int
67 nfnl_cthelper_parse_tuple(struct nf_conntrack_tuple *tuple,
68  const struct nlattr *attr)
69 {
70  struct nlattr *tb[NFCTH_TUPLE_MAX+1];
71 
72  nla_parse_nested(tb, NFCTH_TUPLE_MAX, attr, nfnl_cthelper_tuple_pol);
73 
74  if (!tb[NFCTH_TUPLE_L3PROTONUM] || !tb[NFCTH_TUPLE_L4PROTONUM])
75  return -EINVAL;
76 
77  tuple->src.l3num = ntohs(nla_get_be16(tb[NFCTH_TUPLE_L3PROTONUM]));
78  tuple->dst.protonum = nla_get_u8(tb[NFCTH_TUPLE_L4PROTONUM]);
79 
80  return 0;
81 }
82 
83 static int
84 nfnl_cthelper_from_nlattr(struct nlattr *attr, struct nf_conn *ct)
85 {
86  const struct nf_conn_help *help = nfct_help(ct);
87 
88  if (attr == NULL)
89  return -EINVAL;
90 
91  if (help->helper->data_len == 0)
92  return -EINVAL;
93 
94  memcpy(&help->data, nla_data(attr), help->helper->data_len);
95  return 0;
96 }
97 
98 static int
99 nfnl_cthelper_to_nlattr(struct sk_buff *skb, const struct nf_conn *ct)
100 {
101  const struct nf_conn_help *help = nfct_help(ct);
102 
103  if (help->helper->data_len &&
104  nla_put(skb, CTA_HELP_INFO, help->helper->data_len, &help->data))
105  goto nla_put_failure;
106 
107  return 0;
108 
109 nla_put_failure:
110  return -ENOSPC;
111 }
112 
113 static const struct nla_policy nfnl_cthelper_expect_pol[NFCTH_POLICY_MAX+1] = {
114  [NFCTH_POLICY_NAME] = { .type = NLA_NUL_STRING,
115  .len = NF_CT_HELPER_NAME_LEN-1 },
116  [NFCTH_POLICY_EXPECT_MAX] = { .type = NLA_U32, },
117  [NFCTH_POLICY_EXPECT_TIMEOUT] = { .type = NLA_U32, },
118 };
119 
120 static int
121 nfnl_cthelper_expect_policy(struct nf_conntrack_expect_policy *expect_policy,
122  const struct nlattr *attr)
123 {
124  struct nlattr *tb[NFCTH_POLICY_MAX+1];
125 
126  nla_parse_nested(tb, NFCTH_POLICY_MAX, attr, nfnl_cthelper_expect_pol);
127 
128  if (!tb[NFCTH_POLICY_NAME] ||
129  !tb[NFCTH_POLICY_EXPECT_MAX] ||
130  !tb[NFCTH_POLICY_EXPECT_TIMEOUT])
131  return -EINVAL;
132 
133  strncpy(expect_policy->name,
134  nla_data(tb[NFCTH_POLICY_NAME]), NF_CT_HELPER_NAME_LEN);
135  expect_policy->max_expected =
136  ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_MAX]));
137  expect_policy->timeout =
138  ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_TIMEOUT]));
139 
140  return 0;
141 }
142 
143 static const struct nla_policy
144 nfnl_cthelper_expect_policy_set[NFCTH_POLICY_SET_MAX+1] = {
145  [NFCTH_POLICY_SET_NUM] = { .type = NLA_U32, },
146 };
147 
148 static int
149 nfnl_cthelper_parse_expect_policy(struct nf_conntrack_helper *helper,
150  const struct nlattr *attr)
151 {
152  int i, ret;
153  struct nf_conntrack_expect_policy *expect_policy;
154  struct nlattr *tb[NFCTH_POLICY_SET_MAX+1];
155 
156  nla_parse_nested(tb, NFCTH_POLICY_SET_MAX, attr,
157  nfnl_cthelper_expect_policy_set);
158 
159  if (!tb[NFCTH_POLICY_SET_NUM])
160  return -EINVAL;
161 
162  helper->expect_class_max =
163  ntohl(nla_get_be32(tb[NFCTH_POLICY_SET_NUM]));
164 
165  if (helper->expect_class_max != 0 &&
166  helper->expect_class_max > NF_CT_MAX_EXPECT_CLASSES)
167  return -EOVERFLOW;
168 
169  expect_policy = kzalloc(sizeof(struct nf_conntrack_expect_policy) *
170  helper->expect_class_max, GFP_KERNEL);
171  if (expect_policy == NULL)
172  return -ENOMEM;
173 
174  for (i=0; i<helper->expect_class_max; i++) {
175  if (!tb[NFCTH_POLICY_SET+i])
176  goto err;
177 
178  ret = nfnl_cthelper_expect_policy(&expect_policy[i],
179  tb[NFCTH_POLICY_SET+i]);
180  if (ret < 0)
181  goto err;
182  }
183  helper->expect_policy = expect_policy;
184  return 0;
185 err:
186  kfree(expect_policy);
187  return -EINVAL;
188 }
189 
190 static int
191 nfnl_cthelper_create(const struct nlattr * const tb[],
192  struct nf_conntrack_tuple *tuple)
193 {
194  struct nf_conntrack_helper *helper;
195  int ret;
196 
197  if (!tb[NFCTH_TUPLE] || !tb[NFCTH_POLICY] || !tb[NFCTH_PRIV_DATA_LEN])
198  return -EINVAL;
199 
200  helper = kzalloc(sizeof(struct nf_conntrack_helper), GFP_KERNEL);
201  if (helper == NULL)
202  return -ENOMEM;
203 
204  ret = nfnl_cthelper_parse_expect_policy(helper, tb[NFCTH_POLICY]);
205  if (ret < 0)
206  goto err;
207 
208  strncpy(helper->name, nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN);
209  helper->data_len = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN]));
210  helper->flags |= NF_CT_HELPER_F_USERSPACE;
211  memcpy(&helper->tuple, tuple, sizeof(struct nf_conntrack_tuple));
212 
213  helper->me = THIS_MODULE;
214  helper->help = nfnl_userspace_cthelper;
215  helper->from_nlattr = nfnl_cthelper_from_nlattr;
216  helper->to_nlattr = nfnl_cthelper_to_nlattr;
217 
218  /* Default to queue number zero, this can be updated at any time. */
219  if (tb[NFCTH_QUEUE_NUM])
220  helper->queue_num = ntohl(nla_get_be32(tb[NFCTH_QUEUE_NUM]));
221 
222  if (tb[NFCTH_STATUS]) {
223  int status = ntohl(nla_get_be32(tb[NFCTH_STATUS]));
224 
225  switch(status) {
226  case NFCT_HELPER_STATUS_ENABLED:
227  helper->flags |= NF_CT_HELPER_F_CONFIGURED;
228  break;
229  case NFCT_HELPER_STATUS_DISABLED:
230  helper->flags &= ~NF_CT_HELPER_F_CONFIGURED;
231  break;
232  }
233  }
234 
235  ret = nf_conntrack_helper_register(helper);
236  if (ret < 0)
237  goto err;
238 
239  return 0;
240 err:
241  kfree(helper);
242  return ret;
243 }
244 
245 static int
246 nfnl_cthelper_update(const struct nlattr * const tb[],
247  struct nf_conntrack_helper *helper)
248 {
249  int ret;
250 
251  if (tb[NFCTH_PRIV_DATA_LEN])
252  return -EBUSY;
253 
254  if (tb[NFCTH_POLICY]) {
255  ret = nfnl_cthelper_parse_expect_policy(helper,
256  tb[NFCTH_POLICY]);
257  if (ret < 0)
258  return ret;
259  }
260  if (tb[NFCTH_QUEUE_NUM])
261  helper->queue_num = ntohl(nla_get_be32(tb[NFCTH_QUEUE_NUM]));
262 
263  if (tb[NFCTH_STATUS]) {
264  int status = ntohl(nla_get_be32(tb[NFCTH_STATUS]));
265 
266  switch(status) {
267  case NFCT_HELPER_STATUS_ENABLED:
268  helper->flags |= NF_CT_HELPER_F_CONFIGURED;
269  break;
270  case NFCT_HELPER_STATUS_DISABLED:
271  helper->flags &= ~NF_CT_HELPER_F_CONFIGURED;
272  break;
273  }
274  }
275  return 0;
276 }
277 
278 static int
279 nfnl_cthelper_new(struct sock *nfnl, struct sk_buff *skb,
280  const struct nlmsghdr *nlh, const struct nlattr * const tb[])
281 {
282  const char *helper_name;
283  struct nf_conntrack_helper *cur, *helper = NULL;
284  struct nf_conntrack_tuple tuple;
285  struct hlist_node *n;
286  int ret = 0, i;
287 
288  if (!tb[NFCTH_NAME] || !tb[NFCTH_TUPLE])
289  return -EINVAL;
290 
291  helper_name = nla_data(tb[NFCTH_NAME]);
292 
293  ret = nfnl_cthelper_parse_tuple(&tuple, tb[NFCTH_TUPLE]);
294  if (ret < 0)
295  return ret;
296 
297  rcu_read_lock();
298  for (i = 0; i < nf_ct_helper_hsize && !helper; i++) {
299  hlist_for_each_entry_rcu(cur, n, &nf_ct_helper_hash[i], hnode) {
300 
301  /* skip non-userspace conntrack helpers. */
302  if (!(cur->flags & NF_CT_HELPER_F_USERSPACE))
303  continue;
304 
305  if (strncmp(cur->name, helper_name,
306  NF_CT_HELPER_NAME_LEN) != 0)
307  continue;
308 
309  if ((tuple.src.l3num != cur->tuple.src.l3num ||
310  tuple.dst.protonum != cur->tuple.dst.protonum))
311  continue;
312 
313  if (nlh->nlmsg_flags & NLM_F_EXCL) {
314  ret = -EEXIST;
315  goto err;
316  }
317  helper = cur;
318  break;
319  }
320  }
321  rcu_read_unlock();
322 
323  if (helper == NULL)
324  ret = nfnl_cthelper_create(tb, &tuple);
325  else
326  ret = nfnl_cthelper_update(tb, helper);
327 
328  return ret;
329 err:
330  rcu_read_unlock();
331  return ret;
332 }
333 
334 static int
335 nfnl_cthelper_dump_tuple(struct sk_buff *skb,
336  struct nf_conntrack_helper *helper)
337 {
338  struct nlattr *nest_parms;
339 
340  nest_parms = nla_nest_start(skb, NFCTH_TUPLE | NLA_F_NESTED);
341  if (nest_parms == NULL)
342  goto nla_put_failure;
343 
344  if (nla_put_be16(skb, NFCTH_TUPLE_L3PROTONUM,
345  htons(helper->tuple.src.l3num)))
346  goto nla_put_failure;
347 
348  if (nla_put_u8(skb, NFCTH_TUPLE_L4PROTONUM, helper->tuple.dst.protonum))
349  goto nla_put_failure;
350 
351  nla_nest_end(skb, nest_parms);
352  return 0;
353 
354 nla_put_failure:
355  return -1;
356 }
357 
358 static int
359 nfnl_cthelper_dump_policy(struct sk_buff *skb,
360  struct nf_conntrack_helper *helper)
361 {
362  int i;
363  struct nlattr *nest_parms1, *nest_parms2;
364 
365  nest_parms1 = nla_nest_start(skb, NFCTH_POLICY | NLA_F_NESTED);
366  if (nest_parms1 == NULL)
367  goto nla_put_failure;
368 
369  if (nla_put_be32(skb, NFCTH_POLICY_SET_NUM,
370  htonl(helper->expect_class_max)))
371  goto nla_put_failure;
372 
373  for (i=0; i<helper->expect_class_max; i++) {
374  nest_parms2 = nla_nest_start(skb,
375  (NFCTH_POLICY_SET+i) | NLA_F_NESTED);
376  if (nest_parms2 == NULL)
377  goto nla_put_failure;
378 
379  if (nla_put_string(skb, NFCTH_POLICY_NAME,
380  helper->expect_policy[i].name))
381  goto nla_put_failure;
382 
383  if (nla_put_be32(skb, NFCTH_POLICY_EXPECT_MAX,
384  htonl(helper->expect_policy[i].max_expected)))
385  goto nla_put_failure;
386 
387  if (nla_put_be32(skb, NFCTH_POLICY_EXPECT_TIMEOUT,
388  htonl(helper->expect_policy[i].timeout)))
389  goto nla_put_failure;
390 
391  nla_nest_end(skb, nest_parms2);
392  }
393  nla_nest_end(skb, nest_parms1);
394  return 0;
395 
396 nla_put_failure:
397  return -1;
398 }
399 
400 static int
401 nfnl_cthelper_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type,
402  int event, struct nf_conntrack_helper *helper)
403 {
404  struct nlmsghdr *nlh;
405  struct nfgenmsg *nfmsg;
406  unsigned int flags = portid ? NLM_F_MULTI : 0;
407  int status;
408 
409  event |= NFNL_SUBSYS_CTHELPER << 8;
410  nlh = nlmsg_put(skb, portid, seq, event, sizeof(*nfmsg), flags);
411  if (nlh == NULL)
412  goto nlmsg_failure;
413 
414  nfmsg = nlmsg_data(nlh);
415  nfmsg->nfgen_family = AF_UNSPEC;
416  nfmsg->version = NFNETLINK_V0;
417  nfmsg->res_id = 0;
418 
419  if (nla_put_string(skb, NFCTH_NAME, helper->name))
420  goto nla_put_failure;
421 
422  if (nla_put_be32(skb, NFCTH_QUEUE_NUM, htonl(helper->queue_num)))
423  goto nla_put_failure;
424 
425  if (nfnl_cthelper_dump_tuple(skb, helper) < 0)
426  goto nla_put_failure;
427 
428  if (nfnl_cthelper_dump_policy(skb, helper) < 0)
429  goto nla_put_failure;
430 
431  if (nla_put_be32(skb, NFCTH_PRIV_DATA_LEN, htonl(helper->data_len)))
432  goto nla_put_failure;
433 
434  if (helper->flags & NF_CT_HELPER_F_CONFIGURED)
435  status = NFCT_HELPER_STATUS_ENABLED;
436  else
437  status = NFCT_HELPER_STATUS_DISABLED;
438 
439  if (nla_put_be32(skb, NFCTH_STATUS, htonl(status)))
440  goto nla_put_failure;
441 
442  nlmsg_end(skb, nlh);
443  return skb->len;
444 
445 nlmsg_failure:
446 nla_put_failure:
447  nlmsg_cancel(skb, nlh);
448  return -1;
449 }
450 
451 static int
452 nfnl_cthelper_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
453 {
454  struct nf_conntrack_helper *cur, *last;
455  struct hlist_node *n;
456 
457  rcu_read_lock();
458  last = (struct nf_conntrack_helper *)cb->args[1];
459  for (; cb->args[0] < nf_ct_helper_hsize; cb->args[0]++) {
460 restart:
461  hlist_for_each_entry_rcu(cur, n,
462  &nf_ct_helper_hash[cb->args[0]], hnode) {
463 
464  /* skip non-userspace conntrack helpers. */
465  if (!(cur->flags & NF_CT_HELPER_F_USERSPACE))
466  continue;
467 
468  if (cb->args[1]) {
469  if (cur != last)
470  continue;
471  cb->args[1] = 0;
472  }
473  if (nfnl_cthelper_fill_info(skb,
474  NETLINK_CB(cb->skb).portid,
475  cb->nlh->nlmsg_seq,
476  NFNL_MSG_TYPE(cb->nlh->nlmsg_type),
477  NFNL_MSG_CTHELPER_NEW, cur) < 0) {
478  cb->args[1] = (unsigned long)cur;
479  goto out;
480  }
481  }
482  }
483  if (cb->args[1]) {
484  cb->args[1] = 0;
485  goto restart;
486  }
487 out:
488  rcu_read_unlock();
489  return skb->len;
490 }
491 
492 static int
493 nfnl_cthelper_get(struct sock *nfnl, struct sk_buff *skb,
494  const struct nlmsghdr *nlh, const struct nlattr * const tb[])
495 {
496  int ret = -ENOENT, i;
497  struct nf_conntrack_helper *cur;
498  struct hlist_node *n;
499  struct sk_buff *skb2;
500  char *helper_name = NULL;
501  struct nf_conntrack_tuple tuple;
502  bool tuple_set = false;
503 
504  if (nlh->nlmsg_flags & NLM_F_DUMP) {
505  struct netlink_dump_control c = {
506  .dump = nfnl_cthelper_dump_table,
507  };
508  return netlink_dump_start(nfnl, skb, nlh, &c);
509  }
510 
511  if (tb[NFCTH_NAME])
512  helper_name = nla_data(tb[NFCTH_NAME]);
513 
514  if (tb[NFCTH_TUPLE]) {
515  ret = nfnl_cthelper_parse_tuple(&tuple, tb[NFCTH_TUPLE]);
516  if (ret < 0)
517  return ret;
518 
519  tuple_set = true;
520  }
521 
522  for (i = 0; i < nf_ct_helper_hsize; i++) {
523  hlist_for_each_entry_rcu(cur, n, &nf_ct_helper_hash[i], hnode) {
524 
525  /* skip non-userspace conntrack helpers. */
526  if (!(cur->flags & NF_CT_HELPER_F_USERSPACE))
527  continue;
528 
529  if (helper_name && strncmp(cur->name, helper_name,
530  NF_CT_HELPER_NAME_LEN) != 0) {
531  continue;
532  }
533  if (tuple_set &&
534  (tuple.src.l3num != cur->tuple.src.l3num ||
535  tuple.dst.protonum != cur->tuple.dst.protonum))
536  continue;
537 
538  skb2 = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
539  if (skb2 == NULL) {
540  ret = -ENOMEM;
541  break;
542  }
543 
544  ret = nfnl_cthelper_fill_info(skb2, NETLINK_CB(skb).portid,
545  nlh->nlmsg_seq,
546  NFNL_MSG_TYPE(nlh->nlmsg_type),
547  NFNL_MSG_CTHELPER_NEW, cur);
548  if (ret <= 0) {
549  kfree_skb(skb2);
550  break;
551  }
552 
553  ret = netlink_unicast(nfnl, skb2, NETLINK_CB(skb).portid,
554  MSG_DONTWAIT);
555  if (ret > 0)
556  ret = 0;
557 
558  /* this avoids a loop in nfnetlink. */
559  return ret == -EAGAIN ? -ENOBUFS : ret;
560  }
561  }
562  return ret;
563 }
564 
565 static int
566 nfnl_cthelper_del(struct sock *nfnl, struct sk_buff *skb,
567  const struct nlmsghdr *nlh, const struct nlattr * const tb[])
568 {
569  char *helper_name = NULL;
570  struct nf_conntrack_helper *cur;
571  struct hlist_node *n, *tmp;
572  struct nf_conntrack_tuple tuple;
573  bool tuple_set = false, found = false;
574  int i, j = 0, ret;
575 
576  if (tb[NFCTH_NAME])
577  helper_name = nla_data(tb[NFCTH_NAME]);
578 
579  if (tb[NFCTH_TUPLE]) {
580  ret = nfnl_cthelper_parse_tuple(&tuple, tb[NFCTH_TUPLE]);
581  if (ret < 0)
582  return ret;
583 
584  tuple_set = true;
585  }
586 
587  for (i = 0; i < nf_ct_helper_hsize; i++) {
588  hlist_for_each_entry_safe(cur, n, tmp, &nf_ct_helper_hash[i],
589  hnode) {
590  /* skip non-userspace conntrack helpers. */
591  if (!(cur->flags & NF_CT_HELPER_F_USERSPACE))
592  continue;
593 
594  j++;
595 
596  if (helper_name && strncmp(cur->name, helper_name,
597  NF_CT_HELPER_NAME_LEN) != 0) {
598  continue;
599  }
600  if (tuple_set &&
601  (tuple.src.l3num != cur->tuple.src.l3num ||
602  tuple.dst.protonum != cur->tuple.dst.protonum))
603  continue;
604 
605  found = true;
606  nf_conntrack_helper_unregister(cur);
607  }
608  }
609  /* Make sure we return success if we flush and there is no helpers */
610  return (found || j == 0) ? 0 : -ENOENT;
611 }
612 
613 static const struct nla_policy nfnl_cthelper_policy[NFCTH_MAX+1] = {
614  [NFCTH_NAME] = { .type = NLA_NUL_STRING,
615  .len = NF_CT_HELPER_NAME_LEN-1 },
616  [NFCTH_QUEUE_NUM] = { .type = NLA_U32, },
617 };
618 
619 static const struct nfnl_callback nfnl_cthelper_cb[NFNL_MSG_CTHELPER_MAX] = {
620  [NFNL_MSG_CTHELPER_NEW] = { .call = nfnl_cthelper_new,
621  .attr_count = NFCTH_MAX,
622  .policy = nfnl_cthelper_policy },
623  [NFNL_MSG_CTHELPER_GET] = { .call = nfnl_cthelper_get,
624  .attr_count = NFCTH_MAX,
625  .policy = nfnl_cthelper_policy },
626  [NFNL_MSG_CTHELPER_DEL] = { .call = nfnl_cthelper_del,
627  .attr_count = NFCTH_MAX,
628  .policy = nfnl_cthelper_policy },
629 };
630 
631 static const struct nfnetlink_subsystem nfnl_cthelper_subsys = {
632  .name = "cthelper",
633  .subsys_id = NFNL_SUBSYS_CTHELPER,
634  .cb_count = NFNL_MSG_CTHELPER_MAX,
635  .cb = nfnl_cthelper_cb,
636 };
637 
638 MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTHELPER);
639 
640 static int __init nfnl_cthelper_init(void)
641 {
642  int ret;
643 
644  ret = nfnetlink_subsys_register(&nfnl_cthelper_subsys);
645  if (ret < 0) {
646  pr_err("nfnl_cthelper: cannot register with nfnetlink.\n");
647  goto err_out;
648  }
649  return 0;
650 err_out:
651  return ret;
652 }
653 
654 static void __exit nfnl_cthelper_exit(void)
655 {
656  struct nf_conntrack_helper *cur;
657  struct hlist_node *n, *tmp;
658  int i;
659 
660  nfnetlink_subsys_unregister(&nfnl_cthelper_subsys);
661 
662  for (i=0; i<nf_ct_helper_hsize; i++) {
663  hlist_for_each_entry_safe(cur, n, tmp, &nf_ct_helper_hash[i],
664  hnode) {
665  /* skip non-userspace conntrack helpers. */
666  if (!(cur->flags & NF_CT_HELPER_F_USERSPACE))
667  continue;
668 
669  nf_conntrack_helper_unregister(cur);
670  }
671  }
672 }
673 
674 module_init(nfnl_cthelper_init);
675 module_exit(nfnl_cthelper_exit);
Generated on Thu Jan 10 2013 15:00:43 for Linux Kernel by   doxygen 1.8.2