[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 03072) [Patch] Port nf_conntrack to seq_file API
- To: usagi-users@xxxxxxxxxxxxxx
- Subject: (usagi-users 03072) [Patch] Port nf_conntrack to seq_file API
- From: Michal Rokos <michal@xxxxxxxxxx>
- Date: Thu, 14 Oct 2004 10:34:54 +0200
- Cc: yasuyuki.kozakai@xxxxxxxxxxxxx
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Resent-date: Fri, 15 Oct 2004 17:24:10 +0900
- Resent-from: sekiya@xxxxxxxxxxxxxx
- Resent-message-id: <200410151724.FMLAAB24252.usagi-users@linux-ipv6.org>
- Resent-to: usagi-users@xxxxxxxxxxxxxx (moderated)
- User-agent: Mozilla Thunderbird 0.8 (Windows/20040913)
Hello,
this patch does ${SUBJ}.
It's against current bk with applied usagi-ipv6-statefull-netfilter and
latest (08-2004) nf_conntrack from bCONNTRACK branch.
I reflect nf_conntrack to nf_ct_info before.
Confused? :)
So it's against nf_conntrack from bCONNTRACK 08-2004 branch + nf_ct_info
removed.
I hope it helps to somebody.
Michal
PS: I'm still off-the-list (so please CC to me as well)
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/10/14 10:06:43+02:00 michal@xxxxxxxxxxxxxxxxx
# Port nf_conntrack to seq_file interface and C99 initializers
#
# net/netfilter/nf_conntrack_standalone.c
# 2004/10/14 10:06:30+02:00 michal@xxxxxxxxxxxxxxxxx +194 -122
# Port nf_conntrack to seq_file interface and C99 initializers
#
# net/netfilter/nf_conntrack_proto_udp.c
# 2004/10/14 10:06:30+02:00 michal@xxxxxxxxxxxxxxxxx +21 -9
# Port nf_conntrack to seq_file interface and C99 initializers
#
# net/netfilter/nf_conntrack_proto_tcp.c
# 2004/10/14 10:06:30+02:00 michal@xxxxxxxxxxxxxxxxx +24 -12
# Port nf_conntrack to seq_file interface and C99 initializers
#
# net/ipv6/netfilter/nf_conntrack_proto_frag6.c
# 2004/10/14 10:06:30+02:00 michal@xxxxxxxxxxxxxxxxx +21 -9
# Port nf_conntrack to seq_file interface and C99 initializers
#
# net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
# 2004/10/14 10:06:30+02:00 michal@xxxxxxxxxxxxxxxxx +20 -24
# Port nf_conntrack to seq_file interface and C99 initializers
#
# net/ipv4/netfilter/nf_conntrack_proto_icmp.c
# 2004/10/14 10:06:30+02:00 michal@xxxxxxxxxxxxxxxxx +24 -12
# Port nf_conntrack to seq_file interface and C99 initializers
#
# net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
# 2004/10/14 10:06:30+02:00 michal@xxxxxxxxxxxxxxxxx +7 -10
# Port nf_conntrack to seq_file interface and C99 initializers
#
# include/net/icmp.h
# 2004/10/14 10:06:30+02:00 michal@xxxxxxxxxxxxxxxxx +1 -0
# Port nf_conntrack to seq_file interface and C99 initializers
#
# include/linux/netfilter/nf_conntrack_protocol.h
# 2004/10/14 10:06:30+02:00 michal@xxxxxxxxxxxxxxxxx +4 -4
# Port nf_conntrack to seq_file interface and C99 initializers
#
# include/linux/netfilter/nf_conntrack_l3proto.h
# 2004/10/14 10:06:30+02:00 michal@xxxxxxxxxxxxxxxxx +4 -4
# Port nf_conntrack to seq_file interface and C99 initializers
#
diff -Nru a/include/linux/netfilter/nf_conntrack_l3proto.h b/include/linux/netfilter/nf_conntrack_l3proto.h
--- a/include/linux/netfilter/nf_conntrack_l3proto.h 2004-10-14 10:09:50 +02:00
+++ b/include/linux/netfilter/nf_conntrack_l3proto.h 2004-10-14 10:09:50 +02:00
@@ -54,12 +54,12 @@
const struct nf_conntrack_tuple *orig);
/* Print out the per-protocol part of the tuple. */
- unsigned int (*print_tuple)(char *buffer,
- const struct nf_conntrack_tuple *);
+ int (*print_tuple)(struct seq_file *s,
+ const struct nf_conntrack_tuple *);
/* Print out the private part of the conntrack. */
- unsigned int (*print_conntrack)(char *buffer,
- const struct nf_conn *);
+ int (*print_conntrack)(struct seq_file *s,
+ const struct nf_conn *);
/* Returns verdict for packet, or -1 for invalid. */
int (*packet)(struct nf_conn *conntrack,
diff -Nru a/include/linux/netfilter/nf_conntrack_protocol.h b/include/linux/netfilter/nf_conntrack_protocol.h
--- a/include/linux/netfilter/nf_conntrack_protocol.h 2004-10-14 10:09:50 +02:00
+++ b/include/linux/netfilter/nf_conntrack_protocol.h 2004-10-14 10:09:50 +02:00
@@ -41,12 +41,12 @@
const struct nf_conntrack_tuple *orig);
/* Print out the per-protocol part of the tuple. */
- unsigned int (*print_tuple)(char *buffer,
- const struct nf_conntrack_tuple *);
+ int (*print_tuple)(struct seq_file *s,
+ const struct nf_conntrack_tuple *);
/* Print out the private part of the conntrack. */
- unsigned int (*print_conntrack)(char *buffer,
- const struct nf_conn *);
+ int (*print_conntrack)(struct seq_file *s,
+ const struct nf_conn *);
/* Returns verdict for packet, or -1 for invalid. */
int (*packet)(struct nf_conn *conntrack,
diff -Nru a/include/net/icmp.h b/include/net/icmp.h
--- a/include/net/icmp.h 2004-10-14 10:09:50 +02:00
+++ b/include/net/icmp.h 2004-10-14 10:09:50 +02:00
@@ -26,6 +26,7 @@
#include <net/protocol.h>
#include <net/snmp.h>
#include <linux/ip.h>
+#include <linux/seq_file.h>
struct icmp_err {
int errno;
diff -Nru a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c 2004-10-14 10:09:50 +02:00
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c 2004-10-14 10:09:50 +02:00
@@ -61,19 +61,16 @@
return 1;
}
-static unsigned int
-ipv4_print_tuple(char *buffer, const struct nf_conntrack_tuple *tuple)
+static int ipv4_print_tuple(struct seq_file *s,
+ const struct nf_conntrack_tuple *tuple)
{
- int len;
-
- len = sprintf(buffer, "src=%u.%u.%u.%u dst=%u.%u.%u.%u ",
- NIPQUAD(tuple->src.u3.ip), NIPQUAD(tuple->dst.u3.ip));
-
- return len;
+ return seq_printf(s, "src=%u.%u.%u.%u dst=%u.%u.%u.%u ",
+ NIPQUAD(tuple->src.u3.ip),
+ NIPQUAD(tuple->dst.u3.ip));
}
-static unsigned int
-ipv4_print_conntrack(char *buffer, const struct nf_conn *conntrack)
+static int ipv4_print_conntrack(struct seq_file *s,
+ const struct nf_conn *conntrack)
{
return 0;
}
diff -Nru a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c 2004-10-14 10:09:50 +02:00
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c 2004-10-14 10:09:50 +02:00
@@ -71,18 +71,18 @@
}
/* Print out the per-protocol part of the tuple. */
-static unsigned int icmp_print_tuple(char *buffer,
- const struct nf_conntrack_tuple *tuple)
+static int icmp_print_tuple(struct seq_file *s,
+ const struct nf_conntrack_tuple *tuple)
{
- return sprintf(buffer, "type=%u code=%u id=%u ",
- tuple->dst.u.icmp.type,
- tuple->dst.u.icmp.code,
- ntohs(tuple->src.u.icmp.id));
+ return seq_printf(s, "type=%u code=%u id=%u ",
+ tuple->dst.u.icmp.type,
+ tuple->dst.u.icmp.code,
+ ntohs(tuple->src.u.icmp.id));
}
/* Print out the private part of the conntrack. */
-static unsigned int icmp_print_conntrack(char *buffer,
- const struct nf_conn *conntrack)
+static int icmp_print_conntrack(struct seq_file *s,
+ const struct nf_conn *conntrack)
{
return 0;
}
@@ -132,9 +132,21 @@
return 1;
}
-struct nf_conntrack_protocol nf_conntrack_protocol_icmp
-= { { NULL, NULL }, PF_INET, IPPROTO_ICMP, "icmp",
- icmp_pkt_to_tuple, icmp_invert_tuple, icmp_print_tuple,
- icmp_print_conntrack, icmp_packet, icmp_new, NULL, NULL, NULL };
+struct nf_conntrack_protocol nf_conntrack_protocol_icmp =
+{
+ .list = { NULL, NULL },
+ .l3proto = PF_INET,
+ .proto = IPPROTO_ICMP,
+ .name = "icmp",
+ .pkt_to_tuple = icmp_pkt_to_tuple,
+ .invert_tuple = icmp_invert_tuple,
+ .print_tuple = icmp_print_tuple,
+ .print_conntrack = icmp_print_conntrack,
+ .packet = icmp_packet,
+ .new = icmp_new,
+ .destroy = NULL,
+ .exp_matches_pkt = NULL,
+ .me = NULL
+};
EXPORT_SYMBOL(nf_conntrack_protocol_icmp);
diff -Nru a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c 2004-10-14 10:09:50 +02:00
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c 2004-10-14 10:09:50 +02:00
@@ -72,20 +72,16 @@
return 1;
}
-static unsigned int
-ipv6_print_tuple(char *buffer, const struct nf_conntrack_tuple *tuple)
+static int ipv6_print_tuple(struct seq_file *s,
+ const struct nf_conntrack_tuple *tuple)
{
- int len;
-
- len = sprintf(buffer, "src=%x:%x:%x:%x:%x:%x:%x:%x dst=%x:%x:%x:%x:%x:%x:%x:%x ",
- NIP6(*((struct in6_addr *)tuple->src.u3.ip6)),
- NIP6(*((struct in6_addr *)tuple->dst.u3.ip6)));
-
- return len;
+ return seq_printf(s, "src=%x:%x:%x:%x:%x:%x:%x:%x dst=%x:%x:%x:%x:%x:%x:%x:%x ",
+ NIP6(*((struct in6_addr *)tuple->src.u3.ip6)),
+ NIP6(*((struct in6_addr *)tuple->dst.u3.ip6)));
}
-static unsigned int
-ipv6_print_conntrack(char *buffer, const struct nf_conn *conntrack)
+static int ipv6_print_conntrack(struct seq_file *s,
+ const struct nf_conn *conntrack)
{
return 0;
}
@@ -433,19 +429,19 @@
#endif
struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6 = {
- { NULL, NULL }, /* list */
- PF_INET6, /* l3proto */
- "ipv6", /* name */
- ipv6_pkt_to_tuple, /* pkt_to_tuple */
- ipv6_invert_tuple, /* invert_tuple */
- ipv6_print_tuple, /* print_tuple */
- ipv6_print_conntrack, /* print_conntrack */
- NULL, /* packet */
- NULL, /* new */
- NULL, /* destroy */
- ipv6_prepare, /* prepare */
- ipv6_get_features, /* get_features */
- THIS_MODULE /* me */
+ .list = { NULL, NULL },
+ .l3proto = PF_INET6,
+ .name = "ipv6",
+ .pkt_to_tuple = ipv6_pkt_to_tuple,
+ .invert_tuple = ipv6_invert_tuple,
+ .print_tuple = ipv6_print_tuple,
+ .print_conntrack = ipv6_print_conntrack,
+ .packet = NULL,
+ .new = NULL,
+ .destroy = NULL,
+ .prepare = ipv6_prepare,
+ .get_features = ipv6_get_features,
+ .me = THIS_MODULE
};
static struct nf_conntrack_protocol tcp, udp, icmpv6, frag6;
diff -Nru a/net/ipv6/netfilter/nf_conntrack_proto_frag6.c b/net/ipv6/netfilter/nf_conntrack_proto_frag6.c
--- a/net/ipv6/netfilter/nf_conntrack_proto_frag6.c 2004-10-14 10:09:50 +02:00
+++ b/net/ipv6/netfilter/nf_conntrack_proto_frag6.c 2004-10-14 10:09:50 +02:00
@@ -611,18 +611,18 @@
}
/* Print out the per-protocol part of the tuple. */
-static unsigned int
-frag6_print_tuple(char *buffer, const struct nf_conntrack_tuple *tuple)
+static int frag6_print_tuple(struct seq_file *s,
+ const struct nf_conntrack_tuple *tuple)
{
if (tuple->dst.u.frag6.orig)
- return sprintf(buffer, "id=%08x", tuple->src.u.frag6.id);
+ return seq_printf(s, "id=%08x", tuple->src.u.frag6.id);
else
return 0;
}
/* Print out the private part of the conntrack. */
-static unsigned int
-frag6_print_conntrack(char *buffer, const struct nf_conn *conntrack)
+static int frag6_print_conntrack(struct seq_file *s,
+ const struct nf_conn *conntrack)
{
return 0;
}
@@ -835,10 +835,22 @@
kfree_skb(fq->reasm);
}
-struct nf_conntrack_protocol nf_conntrack_protocol_frag6
-= { { NULL, NULL }, PF_UNSPEC, NEXTHDR_FRAGMENT, "fragment",
- frag6_pkt_to_tuple, frag6_invert_tuple, frag6_print_tuple,
- frag6_print_conntrack, frag6_packet, frag6_new, frag6_destroy, NULL, NULL };
+struct nf_conntrack_protocol nf_conntrack_protocol_frag6 =
+{
+ .list = { NULL, NULL },
+ .l3proto = PF_UNSPEC,
+ .proto = NEXTHDR_FRAGMENT,
+ .name = "fragment",
+ .pkt_to_tuple = frag6_pkt_to_tuple,
+ .invert_tuple = frag6_invert_tuple,
+ .print_tuple = frag6_print_tuple,
+ .print_conntrack = frag6_print_conntrack,
+ .packet = frag6_packet,
+ .new = frag6_new,
+ .destroy = frag6_destroy,
+ .exp_matches_pkt = NULL,
+ .me = NULL
+};
EXPORT_SYMBOL(nf_conntrack_protocol_frag6);
EXPORT_SYMBOL(nf_ct_frag6_get_reasm);
diff -Nru a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
--- a/net/netfilter/nf_conntrack_proto_tcp.c 2004-10-14 10:09:50 +02:00
+++ b/net/netfilter/nf_conntrack_proto_tcp.c 2004-10-14 10:09:50 +02:00
@@ -141,17 +141,17 @@
}
/* Print out the per-protocol part of the tuple. */
-static unsigned int tcp_print_tuple(char *buffer,
- const struct nf_conntrack_tuple *tuple)
+static int tcp_print_tuple(struct seq_file *s,
+ const struct nf_conntrack_tuple *tuple)
{
- return sprintf(buffer, "sport=%hu dport=%hu ",
- ntohs(tuple->src.u.tcp.port),
- ntohs(tuple->dst.u.tcp.port));
+ return seq_printf(s, "sport=%hu dport=%hu ",
+ ntohs(tuple->src.u.tcp.port),
+ ntohs(tuple->dst.u.tcp.port));
}
/* Print out the private part of the conntrack. */
-static unsigned int tcp_print_conntrack(char *buffer,
- const struct nf_conn *conntrack)
+static int tcp_print_conntrack(struct seq_file *s,
+ const struct nf_conn *conntrack)
{
enum tcp_conntrack state;
@@ -159,7 +159,7 @@
state = conntrack->proto.tcp.state;
READ_UNLOCK(&tcp_lock);
- return sprintf(buffer, "%s ", tcp_conntrack_names[state]);
+ return seq_printf(s, "%s ", tcp_conntrack_names[state]);
}
static unsigned int get_conntrack_index(const struct tcphdr *tcph)
@@ -274,9 +274,21 @@
return between(exp->seq, ntohl(tcph.seq), ntohl(tcph.seq) + datalen);
}
-struct nf_conntrack_protocol nf_conntrack_protocol_tcp
-= { { NULL, NULL }, PF_UNSPEC, IPPROTO_TCP, "tcp",
- tcp_pkt_to_tuple, tcp_invert_tuple, tcp_print_tuple, tcp_print_conntrack,
- tcp_packet, tcp_new, NULL, tcp_exp_matches_pkt, NULL };
+struct nf_conntrack_protocol nf_conntrack_protocol_tcp =
+{
+ .list = { NULL, NULL },
+ .l3proto = PF_UNSPEC,
+ .proto = IPPROTO_TCP,
+ .name = "tcp",
+ .pkt_to_tuple = tcp_pkt_to_tuple,
+ .invert_tuple = tcp_invert_tuple,
+ .print_tuple = tcp_print_tuple,
+ .print_conntrack = tcp_print_conntrack,
+ .packet = tcp_packet,
+ .new = tcp_new,
+ .destroy = NULL,
+ .exp_matches_pkt = tcp_exp_matches_pkt,
+ .me = NULL
+};
EXPORT_SYMBOL(nf_conntrack_protocol_tcp);
diff -Nru a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
--- a/net/netfilter/nf_conntrack_proto_udp.c 2004-10-14 10:09:50 +02:00
+++ b/net/netfilter/nf_conntrack_proto_udp.c 2004-10-14 10:09:50 +02:00
@@ -48,17 +48,17 @@
}
/* Print out the per-protocol part of the tuple. */
-static unsigned int udp_print_tuple(char *buffer,
- const struct nf_conntrack_tuple *tuple)
+static int udp_print_tuple(struct seq_file *s,
+ const struct nf_conntrack_tuple *tuple)
{
- return sprintf(buffer, "sport=%hu dport=%hu ",
+ return seq_printf(s, "sport=%hu dport=%hu ",
ntohs(tuple->src.u.udp.port),
ntohs(tuple->dst.u.udp.port));
}
/* Print out the private part of the conntrack. */
-static unsigned int udp_print_conntrack(char *buffer,
- const struct nf_conn *conntrack)
+static int udp_print_conntrack(struct seq_file *s,
+ const struct nf_conn *conntrack)
{
return 0;
}
@@ -89,9 +89,21 @@
return 1;
}
-struct nf_conntrack_protocol nf_conntrack_protocol_udp
-= { { NULL, NULL }, PF_UNSPEC, IPPROTO_UDP, "udp",
- udp_pkt_to_tuple, udp_invert_tuple, udp_print_tuple, udp_print_conntrack,
- udp_packet, udp_new, NULL, NULL, NULL };
+struct nf_conntrack_protocol nf_conntrack_protocol_udp =
+{
+ .list = { NULL, NULL },
+ .l3proto = PF_UNSPEC,
+ .proto = IPPROTO_UDP,
+ .name = "udp",
+ .pkt_to_tuple = udp_pkt_to_tuple,
+ .invert_tuple = udp_invert_tuple,
+ .print_tuple = udp_print_tuple,
+ .print_conntrack = udp_print_conntrack,
+ .packet = udp_packet,
+ .new = udp_new,
+ .destroy = NULL,
+ .exp_matches_pkt = NULL,
+ .me = NULL
+};
EXPORT_SYMBOL(nf_conntrack_protocol_udp);
diff -Nru a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
--- a/net/netfilter/nf_conntrack_standalone.c 2004-10-14 10:09:50 +02:00
+++ b/net/netfilter/nf_conntrack_standalone.c 2004-10-14 10:09:50 +02:00
@@ -24,6 +24,7 @@
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/proc_fs.h>
+#include <linux/seq_file.h>
#include <linux/netdevice.h>
#ifdef CONFIG_SYSCTL
#include <linux/sysctl.h>
@@ -59,53 +60,53 @@
*((u_int8_t *) data));
}
-static unsigned int
-print_tuple(char *buffer, const struct nf_conntrack_tuple *tuple,
+#ifdef CONFIG_PROC_FS
+static int
+print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
struct nf_conntrack_l3proto *l3proto,
struct nf_conntrack_protocol *proto)
{
- unsigned int len;
+ l3proto->print_tuple(s, tuple);
+ return proto->print_tuple(s, tuple);
+}
- len = l3proto->print_tuple(buffer, tuple);
- len += proto->print_tuple(buffer + len, tuple);
+static void *ct_seq_start(struct seq_file *s, loff_t *pos)
+{
+ if (*pos >= nf_conntrack_htable_size)
+ return NULL;
+ return &nf_conntrack_hash[*pos];
+}
+
+static void ct_seq_stop(struct seq_file *s, void *v)
+{
+}
- return len;
+static void *ct_seq_next(struct seq_file *s, void *v, loff_t *pos)
+{
+ (*pos)++;
+ if (*pos >= nf_conntrack_htable_size)
+ return NULL;
+ return &nf_conntrack_hash[*pos];
}
-/* FIXME: Don't print source proto part. --RR */
-static unsigned int
-print_expect(char *buffer, const struct nf_conntrack_expect *expect)
+/* return 0 on success, 1 in case of error */
+static int ct_seq_real_show(const struct nf_conntrack_tuple_hash *hash,
+ struct seq_file *s)
{
- unsigned int len;
+ struct nf_conn *conntrack = hash->ctrack;
+ struct nf_conntrack_l3proto *l3proto;
+ struct nf_conntrack_protocol *proto;
- if (expect->expectant->helper->timeout)
- len = sprintf(buffer, "EXPECTING: %lu ",
- timer_pending(&expect->timeout)
- ? (expect->timeout.expires - jiffies)/HZ : 0);
- else
- len = sprintf(buffer, "EXPECTING: - ");
- len += sprintf(buffer + len, "use=%u proto=%u ",
- atomic_read(&expect->use), expect->tuple.dst.protonum);
- len += print_tuple(buffer + len, &expect->tuple,
- __nf_ct_find_l3proto(expect->tuple.src.l3num),
- __nf_ct_find_proto(expect->tuple.src.l3num,
- expect->tuple.dst.protonum));
- len += sprintf(buffer + len, "\n");
- return len;
-}
-
-static unsigned int
-print_conntrack(char *buffer, struct nf_conn *conntrack)
-{
- unsigned int len;
- struct nf_conntrack_l3proto *l3proto
- = __nf_ct_find_l3proto(conntrack->tuplehash[NF_CT_DIR_ORIGINAL]
+ MUST_BE_READ_LOCKED(&nf_conntrack_lock);
+
+ NF_CT_ASSERT(conntrack);
+
+ /* we only want to print DIR_ORIGINAL */
+ if (NF_CT_DIRECTION(hash))
+ return 0;
+
+ l3proto = __nf_ct_find_l3proto(conntrack->tuplehash[NF_CT_DIR_ORIGINAL]
.tuple.src.l3num);
- struct nf_conntrack_protocol *proto
- = __nf_ct_find_proto(conntrack->tuplehash[NF_CT_DIR_ORIGINAL]
- .tuple.src.l3num,
- conntrack->tuplehash[NF_CT_DIR_ORIGINAL]
- .tuple.dst.protonum);
if (l3proto == NULL) {
DEBUGP("Can't find l3proto. pf == %d\n",
@@ -113,106 +114,166 @@
return 0;
}
- len = sprintf(buffer, "%-8s %u %-8s %u %lu ",
- l3proto->name,
- conntrack->tuplehash[NF_CT_DIR_ORIGINAL]
- .tuple.src.l3num,
- proto->name,
- conntrack->tuplehash[NF_CT_DIR_ORIGINAL]
- .tuple.dst.protonum,
- timer_pending(&conntrack->timeout)
- ? (conntrack->timeout.expires - jiffies)/HZ : 0);
-
- len += l3proto->print_conntrack(buffer + len, conntrack);
- len += proto->print_conntrack(buffer + len, conntrack);
- len += print_tuple(buffer + len,
- &conntrack->tuplehash[NF_CT_DIR_ORIGINAL].tuple,
- l3proto, proto);
+ proto = __nf_ct_find_proto(conntrack->tuplehash[NF_CT_DIR_ORIGINAL]
+ .tuple.src.l3num,
+ conntrack->tuplehash[NF_CT_DIR_ORIGINAL]
+ .tuple.dst.protonum);
+
+ NF_CT_ASSERT(proto);
+
+ if (seq_printf(s, "%-8s %u %-8s %u %lu ",
+ l3proto->name,
+ conntrack->tuplehash[NF_CT_DIR_ORIGINAL]
+ .tuple.src.l3num,
+ proto->name,
+ conntrack->tuplehash[NF_CT_DIR_ORIGINAL]
+ .tuple.dst.protonum,
+ timer_pending(&conntrack->timeout)
+ ? (conntrack->timeout.expires - jiffies)/HZ : 0) != 0)
+ return 1;
+
+ if (l3proto->print_conntrack(s, conntrack))
+ return 1;
+
+ if (proto->print_conntrack(s, conntrack))
+ return 1;
+
+ if (print_tuple(s, &conntrack->tuplehash[NF_CT_DIR_ORIGINAL].tuple,
+ l3proto, proto))
+ return 1;
+
if (!(test_bit(NF_S_SEEN_REPLY_BIT, &conntrack->status)))
- len += sprintf(buffer + len, "[UNREPLIED] ");
- len += print_tuple(buffer + len,
- &conntrack->tuplehash[NF_CT_DIR_REPLY].tuple,
- l3proto, proto);
+ if (seq_printf(s, "[UNREPLIED] "))
+ return 1;
+
+ if (print_tuple(s, &conntrack->tuplehash[NF_CT_DIR_REPLY].tuple,
+ l3proto, proto))
+ return 1;
+
if (test_bit(NF_S_ASSURED_BIT, &conntrack->status))
- len += sprintf(buffer + len, "[ASSURED] ");
- len += sprintf(buffer + len, "use=%u ",
- atomic_read(&conntrack->ct_general.use));
- len += sprintf(buffer + len, "\n");
-
- return len;
-}
-
-/* Returns true when finished. */
-static inline int
-conntrack_iterate(const struct nf_conntrack_tuple_hash *hash,
- char *buffer, off_t offset, off_t *upto,
- unsigned int *len, unsigned int maxlen)
+ if (seq_printf(s, "[ASSURED] "))
+ return 1;
+
+ if (seq_printf(s, "use=%u\n", atomic_read(&conntrack->ct_general.use)))
+ return 1;
+
+ return 0;
+}
+
+static int ct_seq_show(struct seq_file *s, void *v)
{
- unsigned int newlen;
- NF_CT_ASSERT(hash->ctrack);
+ struct list_head *list = v;
+ int ret = 0;
- MUST_BE_READ_LOCKED(&nf_conntrack_lock);
+ /* FIXME: Simply truncates if hash chain too long. */
+ READ_LOCK(&nf_conntrack_lock);
+ if (LIST_FIND(list, ct_seq_real_show,
+ struct nf_conntrack_tuple_hash *, s))
+ ret = -ENOSPC;
+ READ_UNLOCK(&nf_conntrack_lock);
+ return ret;
+}
- /* Only count originals */
- if (NF_CT_DIRECTION(hash))
- return 0;
+static struct seq_operations ct_seq_ops = {
+ .start = ct_seq_start,
+ .next = ct_seq_next,
+ .stop = ct_seq_stop,
+ .show = ct_seq_show
+};
+
+static int ct_open(struct inode *inode, struct file *file)
+{
+ return seq_open(file, &ct_seq_ops);
+}
- if ((*upto)++ < offset)
- return 0;
+static struct file_operations ct_file_ops = {
+ .owner = THIS_MODULE,
+ .open = ct_open,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = seq_release
+};
+
+/* expects */
+static void *exp_seq_start(struct seq_file *s, loff_t *pos)
+{
+ struct list_head *e = &nf_conntrack_expect_list;
+ loff_t i;
- newlen = print_conntrack(buffer + *len, hash->ctrack);
- if (*len + newlen > maxlen)
- return 1;
- else *len += newlen;
+ /* strange seq_file api calls stop even if we fail,
+ * thus we need to grab lock since stop unlocks */
+ READ_LOCK(&nf_conntrack_lock);
+ READ_LOCK(&nf_conntrack_expect_tuple_lock);
- return 0;
+ if (list_empty(e))
+ return NULL;
+
+ for (i = 0; i <= *pos; i++) {
+ e = e->next;
+ if (e == &nf_conntrack_expect_list)
+ return NULL;
+ }
+ return e;
}
-static int
-list_conntracks(char *buffer, char **start, off_t offset, int length)
+static void *exp_seq_next(struct seq_file *s, void *v, loff_t *pos)
{
- unsigned int i;
- unsigned int len = 0;
- off_t upto = 0;
- struct list_head *e;
+ struct list_head *e = v;
- READ_LOCK(&nf_conntrack_lock);
- /* Traverse hash; print originals then reply. */
- for (i = 0; i < nf_conntrack_htable_size; i++) {
- if (LIST_FIND(&nf_conntrack_hash[i], conntrack_iterate,
- struct nf_conntrack_tuple_hash *,
- buffer, offset, &upto, &len, length))
- goto finished;
- }
+ e = e->next;
- /* Now iterate through expecteds. */
- READ_LOCK(&nf_conntrack_expect_tuple_lock);
- list_for_each(e, &nf_conntrack_expect_list) {
- unsigned int last_len;
- struct nf_conntrack_expect *expect
- = (struct nf_conntrack_expect *)e;
- if (upto++ < offset) continue;
-
- last_len = len;
- len += print_expect(buffer + len, expect);
- if (len > length) {
- len = last_len;
- goto finished_expects;
- }
- }
+ if (e == &nf_conntrack_expect_list)
+ return NULL;
- finished_expects:
+ return e;
+}
+
+static void exp_seq_stop(struct seq_file *s, void *v)
+{
READ_UNLOCK(&nf_conntrack_expect_tuple_lock);
- finished:
READ_UNLOCK(&nf_conntrack_lock);
+}
- /* `start' hack - see fs/proc/generic.c line ~165 */
- *start = (char *)((unsigned int)upto - offset);
- return len;
+static int exp_seq_show(struct seq_file *s, void *v)
+{
+ struct nf_conntrack_expect *expect = v;
+
+ if (expect->expectant->helper->timeout)
+ seq_printf(s, "%lu ", timer_pending(&expect->timeout)
+ ? (expect->timeout.expires - jiffies)/HZ : 0);
+ else
+ seq_printf(s, "- ");
+ seq_printf(s, "use=%u proto=%u ", atomic_read(&expect->use),
+ expect->tuple.dst.protonum);
+ print_tuple(s, &expect->tuple,
+ __nf_ct_find_l3proto(expect->tuple.src.l3num),
+ __nf_ct_find_proto(expect->tuple.src.l3num,
+ expect->tuple.dst.protonum));
+ return seq_putc(s, '\n');
}
-/* Sysctl support */
+static struct seq_operations exp_seq_ops = {
+ .start = exp_seq_start,
+ .next = exp_seq_next,
+ .stop = exp_seq_stop,
+ .show = exp_seq_show
+};
+static int exp_open(struct inode *inode, struct file *file)
+{
+ return seq_open(file, &exp_seq_ops);
+}
+
+static struct file_operations exp_file_ops = {
+ .owner = THIS_MODULE,
+ .open = exp_open,
+ .read = seq_read,
+ .llseek = seq_lseek,
+ .release = seq_release
+};
+#endif /* CONFIG_PROC_FS */
+
+/* Sysctl support */
#ifdef CONFIG_SYSCTL
/* From nf_conntrack_core.c */
@@ -376,9 +437,12 @@
{ .ctl_name = 0 }
};
#endif
+
static int init_or_cleanup(int init)
{
- struct proc_dir_entry *proc;
+#ifdef CONFIG_PROC_FS
+ struct proc_dir_entry *proc, *proc_exp;
+#endif
int ret = 0;
if (!init) goto cleanup;
@@ -387,16 +451,20 @@
if (ret < 0)
goto cleanup_nothing;
- proc = proc_net_create("nf_conntrack", 0440, list_conntracks);
+#ifdef CONFIG_PROC_FS
+ proc = proc_net_fops_create("nf_conntrack", 0440, &ct_file_ops);
if (!proc) goto cleanup_init;
- proc->owner = THIS_MODULE;
+ proc_exp = proc_net_fops_create("nf_conntrack_expect", 0440,
+ &exp_file_ops);
+ if (!proc_exp) goto cleanup_proc;
+#endif
#ifdef CONFIG_SYSCTL
nf_ct_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
if (nf_ct_sysctl_header == NULL) {
printk("nf_conntrack: can't register to sysctl.\n");
ret = -ENOMEM;
- goto cleanup_proc;
+ goto cleanup_proc_exp;
}
#endif
@@ -405,10 +473,14 @@
cleanup:
#ifdef CONFIG_SYSCTL
unregister_sysctl_table(nf_ct_sysctl_header);
- cleanup_proc:
#endif
+ cleanup_proc_exp:
+#ifdef CONFIG_PROC_FS
+ proc_net_remove("nf_conntrack_exp");
+ cleanup_proc:
proc_net_remove("nf_conntrack");
cleanup_init:
+#endif
nf_conntrack_cleanup();
cleanup_nothing:
return ret;