Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[NETFILTER]: x_tables: add missing try to load conntrack from match/targets

CLUSTERIP, CONNMARK, CONNSECMARK, and connbytes need ip_conntrack or
layer 3 protocol module of nf_conntrack.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yasuyuki Kozakai 18 years ago
parent
fe0b9294c9
commit
11078c371e
4 changed files with 48 additions and 2 deletions
Split View Show Diff Stats
  1. 8 0
      net/ipv4/netfilter/ipt_CLUSTERIP.c
  2. 13 1
      net/netfilter/xt_CONNMARK.c
  3. 13 1
      net/netfilter/xt_CONNSECMARK.c
  4. 14 0
      net/netfilter/xt_connbytes.c

+ 8 - 0
net/ipv4/netfilter/ipt_CLUSTERIP.c
View File 

@@ -447,6 +447,12 @@ checkentry(const char *tablename,
 
 		cipinfo->config = config;
 
 	}
 
 
+	if (nf_ct_l3proto_try_module_get(target->family) < 0) {
 
+		printk(KERN_WARNING "can't load conntrack support for "
 
+				    "proto=%d\n", target->family);
 
+		return 0;
 
+	}
 
+
 
 	return 1;
 
 }
 
 
@@ -460,6 +466,8 @@ static void destroy(const struct xt_target *target, void *targinfo)
 
 	clusterip_config_entry_put(cipinfo->config);
 
 
 	clusterip_config_put(cipinfo->config);
 
+
 
+	nf_ct_l3proto_module_put(target->family);
 
 }
 
 
 static struct ipt_target clusterip_tgt = {

+ 13 - 1
net/netfilter/xt_CONNMARK.c
View File 

@@ -96,6 +96,11 @@ checkentry(const char *tablename,
 
 {
 
 	struct xt_connmark_target_info *matchinfo = targinfo;
 
 
+	if (nf_ct_l3proto_try_module_get(target->family) < 0) {
 
+		printk(KERN_WARNING "can't load conntrack support for "
 
+				    "proto=%d\n", target->family);
 
+		return 0;
 
+	}
 
 	if (matchinfo->mode == XT_CONNMARK_RESTORE) {
 
 		if (strcmp(tablename, "mangle") != 0) {
 
 			printk(KERN_WARNING "CONNMARK: restore can only be "
 
@@ -111,6 +116,12 @@ checkentry(const char *tablename,
 
 	return 1;
 
 }
 
 
+static void
 
+destroy(const struct xt_target *target, void *targinfo)
 
+{
 
+	nf_ct_l3proto_module_put(target->family);
 
+}
 
+
 
 #ifdef CONFIG_COMPAT
 
 struct compat_xt_connmark_target_info {
 
 	compat_ulong_t	mark, mask;
 
@@ -147,6 +158,7 @@ static struct xt_target xt_connmark_target[] = {
 
 		.name		= "CONNMARK",
 
 		.family		= AF_INET,
 
 		.checkentry	= checkentry,
 
+		.destroy	= destroy,
 
 		.target		= target,
 
 		.targetsize	= sizeof(struct xt_connmark_target_info),
 
 #ifdef CONFIG_COMPAT
 
@@ -160,6 +172,7 @@ static struct xt_target xt_connmark_target[] = {
 
 		.name		= "CONNMARK",
 
 		.family		= AF_INET6,
 
 		.checkentry	= checkentry,
 
+		.destroy	= destroy,
 
 		.target		= target,
 
 		.targetsize	= sizeof(struct xt_connmark_target_info),
 
 		.me		= THIS_MODULE
 
@@ -168,7 +181,6 @@ static struct xt_target xt_connmark_target[] = {
 
 
 static int __init xt_connmark_init(void)
 
 {
 
-	need_conntrack();
 
 	return xt_register_targets(xt_connmark_target,
 
 				   ARRAY_SIZE(xt_connmark_target));
 
 }

+ 13 - 1
net/netfilter/xt_CONNSECMARK.c
View File 

@@ -93,6 +93,11 @@ static int checkentry(const char *tablename, const void *entry,
 
 {
 
 	struct xt_connsecmark_target_info *info = targinfo;
 
 
+	if (nf_ct_l3proto_try_module_get(target->family) < 0) {
 
+		printk(KERN_WARNING "can't load conntrack support for "
 
+				    "proto=%d\n", target->family);
 
+		return 0;
 
+	}
 
 	switch (info->mode) {
 
 	case CONNSECMARK_SAVE:
 
 	case CONNSECMARK_RESTORE:
 
@@ -106,11 +111,18 @@ static int checkentry(const char *tablename, const void *entry,
 
 	return 1;
 
 }
 
 
+static void
 
+destroy(const struct xt_target *target, void *targinfo)
 
+{
 
+	nf_ct_l3proto_module_put(target->family);
 
+}
 
+
 
 static struct xt_target xt_connsecmark_target[] = {
 
 	{
 
 		.name		= "CONNSECMARK",
 
 		.family		= AF_INET,
 
 		.checkentry	= checkentry,
 
+		.destroy	= destroy,
 
 		.target		= target,
 
 		.targetsize	= sizeof(struct xt_connsecmark_target_info),
 
 		.table		= "mangle",
 
@@ -120,6 +132,7 @@ static struct xt_target xt_connsecmark_target[] = {
 
 		.name		= "CONNSECMARK",
 
 		.family		= AF_INET6,
 
 		.checkentry	= checkentry,
 
+		.destroy	= destroy,
 
 		.target		= target,
 
 		.targetsize	= sizeof(struct xt_connsecmark_target_info),
 
 		.table		= "mangle",
 
@@ -129,7 +142,6 @@ static struct xt_target xt_connsecmark_target[] = {
 
 
 static int __init xt_connsecmark_init(void)
 
 {
 
-	need_conntrack();
 
 	return xt_register_targets(xt_connsecmark_target,
 
 				   ARRAY_SIZE(xt_connsecmark_target));
 
 }

+ 14 - 0
net/netfilter/xt_connbytes.c
View File 

@@ -139,15 +139,28 @@ static int check(const char *tablename,
 
 	    sinfo->direction != XT_CONNBYTES_DIR_BOTH)
 
 		return 0;
 
 
+	if (nf_ct_l3proto_try_module_get(match->family) < 0) {
 
+		printk(KERN_WARNING "can't load conntrack support for "
 
+				    "proto=%d\n", match->family);
 
+		return 0;
 
+	}
 
+
 
 	return 1;
 
 }
 
 
+static void
 
+destroy(const struct xt_match *match, void *matchinfo)
 
+{
 
+	nf_ct_l3proto_module_put(match->family);
 
+}
 
+
 
 static struct xt_match xt_connbytes_match[] = {
 
 	{
 
 		.name		= "connbytes",
 
 		.family		= AF_INET,
 
 		.checkentry	= check,
 
 		.match		= match,
 
+		.destroy	= destroy,
 
 		.matchsize	= sizeof(struct xt_connbytes_info),
 
 		.me		= THIS_MODULE
 
 	},
 
@@ -156,6 +169,7 @@ static struct xt_match xt_connbytes_match[] = {
 
 		.family		= AF_INET6,
 
 		.checkentry	= check,
 
 		.match		= match,
 
+		.destroy	= destroy,
 
 		.matchsize	= sizeof(struct xt_connbytes_info),
 
 		.me		= THIS_MODULE
 
 	},