From 4aca87515a5083ae0e31ce3177189fd43b6d05ac Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sat, 3 Jan 2015 13:58:15 +0100 Subject: patch to Vanilla Tomato 1.28 --- .../net/ipv4/netfilter/ip_conntrack_standalone.c | 550 +-------------------- 1 file changed, 26 insertions(+), 524 deletions(-) (limited to 'release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_standalone.c') diff --git a/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_standalone.c b/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_standalone.c index c7e31931..78c3062c 100644 --- a/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_standalone.c @@ -32,503 +32,6 @@ struct module *ip_conntrack_module = THIS_MODULE; MODULE_LICENSE("GPL"); -#define CLEAR_IP_CONNTRACK -#define DEL_IP_CONNTRACK_ENTRY 1 -#ifdef DEL_IP_CONNTRACK_ENTRY -/* - * - *This part of code add for delete an entry in ip_conntrack table. - * - */ - - -#define DEL_LIST_PATH "/tmp/.del_ip_conntrack" -#define printkerrline() printk("del_ip_conntrack error : %s %s %d\n", __FILE__, __func__, __LINE__) - -struct del_list -{ - unsigned short proto; - unsigned int begin_port; - unsigned int end_port; - unsigned int ip; - struct del_list *next; -}; - -void free_del_list(struct del_list *head); -void print_del_list(struct del_list *head); -static struct del_list * malloc_new_node(const char *buf, struct del_list * head); -struct del_list * init_del_list(const char *buf, size_t size); -static int read_del_file(char * buf, unsigned int size, char *path); -static int del_match_method(const struct ip_conntrack_tuple_hash *pConn, const struct del_list * pList); -static int del_conntrack_check(const struct ip_conntrack_tuple_hash *pConn, const struct del_list * head); -void pf_del_ip_conntrack(void); -static int proc_read_del_ip_conntrack(char *page, char **start, off_t off, int count, int *eof, void *context); -static int proc_write_del_ip_conntrack(struct file *file, const char *buffer, unsigned long count, void *data); -static int end_proc_read(const char *p, char *page, off_t off, int count, char **start, int *eof); - -void pf_del_ip_conntrack(void) -{ -#define MAX_BUF_SIZE 1024*2 - int i; - char buf[MAX_BUF_SIZE]; - struct del_list * del_head = NULL; - struct list_head *head, *temp_head; - struct ip_conntrack_tuple_hash *tuple_hash; - - //printk("pf_del_ip_conntrack---------------------------------------1\n"); - memset(buf, 0, MAX_BUF_SIZE); - - if(read_del_file(buf, MAX_BUF_SIZE, DEL_LIST_PATH) == -1) - { - goto final_return; - } - - buf[MAX_BUF_SIZE - 1] = '\0'; - del_head = init_del_list(buf, MAX_BUF_SIZE - 1); - //print_del_list(del_head); - READ_LOCK(&ip_conntrack_lock); - for (i = 0; i < ip_conntrack_htable_size; i++) - { - head = &ip_conntrack_hash[i]; - temp_head = head; - while(1) - { - temp_head = temp_head->next; - if(temp_head == head) - { - head = NULL; - temp_head = NULL; - break; - } - tuple_hash = (struct ip_conntrack_tuple_hash *)temp_head; - if(del_conntrack_check(tuple_hash, del_head) == 1) - { - del_selected_conntrack(tuple_hash); - } - } - } - READ_UNLOCK(&ip_conntrack_lock); - free_del_list(del_head); - -final_return: - - //printk("pf_del_ip_conntrack---------------------------------------2\n"); - return; -#undef MAX_BUF_SIZE -} - -static int del_conntrack_check(const struct ip_conntrack_tuple_hash *pConn, const struct del_list * head) -{ - int ret; - const struct del_list * p; - - ret = 0; - - if(pConn == NULL || head == NULL) - { - ret = -1; - goto final_return; - } - - for(p = head; p; p = p->next) - { - if(del_match_method(pConn, p) == 1) - { - //Match,jump out - ret = 1; - break; - } - } - -final_return: - return ret; -} - -static int del_match_method(const struct ip_conntrack_tuple_hash *pConn, const struct del_list * pList) -{ - int ret; - typedef enum - { - TCP_PROTO = 0x06, - UDP_PROTO = 0x11, - }proto_type; - proto_type pt[2] = {TCP_PROTO, UDP_PROTO}; - - ret = 0; - //Check tcp and udp only - if(pConn->tuple.dst.protonum == TCP_PROTO || pConn->tuple.dst.protonum == UDP_PROTO) - { - //Check proto match - if((pList->proto == 3) || - ((pList->proto == 0 || pList->proto == 1) && (pConn->tuple.dst.protonum == pt[pList->proto]))) - { - //Chcek ip address match - if(pConn->ctrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip == pList->ip) - { - //Check port match - unsigned int tport; - if(pConn->tuple.dst.protonum == TCP_PROTO) - { - //TCP - tport = pConn->ctrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.tcp.port; - } - else - { - //UDP - tport = pConn->ctrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.udp.port; - } - tport = htons(tport); - if(tport >= pList->begin_port && tport <= pList->end_port) - { - ret = 1; - } - } - } - } - return ret; -} - -static int read_del_file(char * buf, unsigned int size, char *path) -{ - int retval, orgfsuid, orgfsgid; - mm_segment_t orgfs; - struct file *srcf; - - // Save uid and gid used for filesystem access. - // Set user and group to 0 (root) - orgfsuid = current->fsuid; - orgfsgid = current->fsgid; - current->fsuid=current->fsgid = 0; - orgfs = get_fs(); - set_fs(KERNEL_DS); - - if(path && *path) - { - srcf = filp_open(path, O_RDONLY, 0); - if(IS_ERR(srcf)) - { - printkerrline(); - retval = -1; - goto final_return; - } - else - { - if(srcf->f_op && srcf->f_op->read) - { - memset(buf, 0x00, size); - retval=srcf->f_op->read(srcf, buf, size, &srcf->f_pos); - if(retval < 0) - { - printkerrline(); - retval = -1; - goto final_return; - } - else - { - //Success,go! - retval = 0; - goto final_return; - } - } - else - { - printkerrline(); - retval = -1; - goto final_return; - } - } - } - else - { - printkerrline(); - retval = -1; - goto final_return; - } - -final_return: - if(!IS_ERR(srcf)) - { - retval=filp_close(srcf,NULL); - if(retval) - { - printkerrline(); - retval = -1; - } - } - set_fs(orgfs); - current->fsuid = orgfsuid; - current->fsgid = orgfsgid; - - return retval; -} - -struct del_list * init_del_list(const char *buf, size_t size) -{ -#define LINE_FEED "\n" -#define TMP_BUF_SIZE 100 - const char *begin, *end; - char tmpbuf[TMP_BUF_SIZE]; - struct del_list * head = NULL, *tmp_p; - - if(buf == NULL || size <= 0 || buf[size] != '\0') - { - head = NULL; - goto final_return; - } - - for(begin = end = buf; begin && (begin - buf < size); begin = end + strlen(LINE_FEED)) - { - end = strstr(begin, LINE_FEED); - if(end) - { - if((end - begin) > (TMP_BUF_SIZE - 1)) - { - //Too large,go on - continue; - } - else - { - memcpy(tmpbuf, begin, end - begin); - tmpbuf[end - begin] = '\0'; - //printk("obtain string : %s\n", tmpbuf); - if((tmp_p = malloc_new_node(tmpbuf, head)) == NULL) - { - //Invalid format or malloc fail,go on - continue; - } - else - { - head = tmp_p; - } - } - } - else - { - //printk("Last string : %s\n", begin); - if((tmp_p = malloc_new_node(begin, head)) == NULL) - { - //Invalid format or malloc fail,jump out - break; - } - else - { - head = tmp_p; - } - } - } - -final_return: - return head; - -#undef TMP_BUF_SIZE -#undef LINE_FEED -} - -static struct del_list * malloc_new_node(const char *buf, struct del_list * head) -{ -#define SSCANF_MATCH_NUM 7 - int i, j, k, c1, c2, c3, c4; - struct del_list *p = NULL; - - if(sscanf(buf, "%d %d.%d.%d.%d %d-%d", &i, &c4, &c3, &c2, &c1, &j, &k) != SSCANF_MATCH_NUM) - { - p = NULL; - goto final_return; - } - else - { - if(p = (struct del_list *)kmalloc(sizeof(struct del_list), GFP_ATOMIC)) - { - p->proto = i; - #if 0 - //Big endian - ((char *)&(p->ip))[0] = (char)c1; - ((char *)&(p->ip))[1] = (char)c2; - ((char *)&(p->ip))[2] = (char)c3; - ((char *)&(p->ip))[3] = (char)c4; - #else - //Little endian - ((char *)&(p->ip))[3] = (char)c1; - ((char *)&(p->ip))[2] = (char)c2; - ((char *)&(p->ip))[1] = (char)c3; - ((char *)&(p->ip))[0] = (char)c4; - #endif - p->begin_port = j; - p->end_port = k; - p->next = head; - } - else - { - p = NULL; - goto final_return; - } - } - -final_return: - return p; -#undef SSCANF_MATCH_NUM -} - -void print_del_list(struct del_list *head) -{ - int i; - struct del_list *tmp_p; - - for(i = 1, tmp_p = head; tmp_p; tmp_p = tmp_p->next, i++) - { - printk("Node(%d): proto=%d | ip=%0x | port=[%d-%d]\n", i, tmp_p->proto, tmp_p->ip, tmp_p->begin_port, tmp_p->end_port); - } -} - -void free_del_list(struct del_list *head) -{ - int i; - struct del_list *tmp_p; - - if(head == NULL) - { - goto final_return; - } - for(i = 1, tmp_p = head; head; head = tmp_p, i++) - { - tmp_p = head->next; - //printk("Free@Node(%d):proto=%d | ip=%0x | port=[%d-%d]\n", i, head->proto, head->ip, head->begin_port, head->end_port); - kfree(head); - } - -final_return: - return; -} - -static int proc_read_del_ip_conntrack(char *page, char **start, off_t off, int count, int *eof, void *context) -{ - char *p; - - p = page; - p += sprintf(page, "%s\n", "use echo \"1(0)\" to enable or disbable"); - return end_proc_read(p, page, off, count, start, eof); -} - -static int proc_write_del_ip_conntrack(struct file *file, const char *buffer, unsigned long count, void *data) -{ - unsigned char tmp[2]; - - if(buffer) - { - memset(tmp, 0, sizeof(tmp)); - copy_from_user(tmp, buffer, count); - tmp[1] = 0x00; - switch(*tmp) - { - case '0': - //Do something here - break; - - case '1': - pf_del_ip_conntrack(); - break; - - default: - printk("<1>invalid args\n"); - } - return count; - } - return 0; -} - -static int end_proc_read(const char *p, char *page, off_t off, int count, char **start, int *eof) -{ - int len = p - page; - - if(len < off + count) - { - *eof = 1; - } - - *start = page + off; - len -= off; - if(len > count) - { - len = count; - } - - if(len < 0) - { - len = 0; - } - - return len; -} - -#endif - -#ifdef CLEAR_IP_CONNTRACK -void clear_ip_conntrack(void) -{ - int i; - struct list_head *head, *temp_head; - struct ip_conntrack_tuple_hash *tuple_hash; - - printk("warning : %s %d\n", __func__, __LINE__); - - READ_LOCK(&ip_conntrack_lock); - for (i = 0; i < ip_conntrack_htable_size; i++) - { - head = &ip_conntrack_hash[i]; - temp_head = head; - while(1) - { - temp_head = temp_head->next; - if(temp_head == head) - { - head = NULL; - temp_head = NULL; - break; - } - tuple_hash = (struct ip_conntrack_tuple_hash *)temp_head; - del_selected_conntrack(tuple_hash); - } - } - READ_UNLOCK(&ip_conntrack_lock); -} - -static int proc_read_clear_ip_conntrack(char *page, char **start, off_t off, int count, int *eof, void *context) -{ - char *p; - - p = page; - p += sprintf(page, "%s\n", "use echo \"1(0)\" to enable or disbable"); - return end_proc_read(p, page, off, count, start, eof); -} - -static int proc_write_clear_ip_conntrack(struct file *file, const char *buffer, unsigned long count, void *data) -{ - unsigned char tmp[2]; - - if(buffer) - { - memset(tmp, 0, sizeof(tmp)); - copy_from_user(tmp, buffer, count); - tmp[1] = 0x00; - switch(*tmp) - { - case '0': - //Do something here - break; - - case '1': - clear_ip_conntrack(); - break; - - default: - printk("<1>invalid args\n"); - } - return count; - } - return 0; -} -#endif - static int kill_proto(const struct ip_conntrack *i, void *data) { return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum == @@ -575,7 +78,7 @@ print_expect(char *buffer, const struct ip_conntrack_expect *expect) } static unsigned int -print_conntrack(char *buffer, const struct ip_conntrack *conntrack) +print_conntrack(char *buffer, struct ip_conntrack *conntrack) { unsigned int len; struct ip_conntrack_protocol *proto @@ -593,15 +96,38 @@ print_conntrack(char *buffer, const struct ip_conntrack *conntrack) len += print_tuple(buffer + len, &conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple, proto); - if (!(conntrack->status & IPS_SEEN_REPLY)) + if (!(test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status))) len += sprintf(buffer + len, "[UNREPLIED] "); len += print_tuple(buffer + len, &conntrack->tuplehash[IP_CT_DIR_REPLY].tuple, proto); - if (conntrack->status & IPS_ASSURED) + if (test_bit(IPS_ASSURED_BIT, &conntrack->status)) len += sprintf(buffer + len, "[ASSURED] "); len += sprintf(buffer + len, "use=%u ", atomic_read(&conntrack->ct_general.use)); +#if defined(CONFIG_IP_NF_CONNTRACK_MARK) + len += sprintf(buffer + len, "mark=%ld ", conntrack->mark); +#endif +#if defined(CONFIG_IP_NF_MATCH_LAYER7) || defined(CONFIG_IP_NF_MATCH_LAYER7_MODULE) + if(conntrack->layer7.app_proto) + len += sprintf(buffer + len, "l7proto=%s ", + conntrack->layer7.app_proto); +#endif +#if defined(CONFIG_IP_NF_TARGET_MACSAVE) || defined(CONFIG_IP_NF_TARGET_MACSAVE_MODULE) + if ((*((u32 *)conntrack->macsave) != 0) || (*((u16*)(conntrack->macsave + 4)) != 0)) { + len += sprintf(buffer + len, "macsave=%02X:%02X:%02X:%02X:%02X:%02X ", + conntrack->macsave[0], conntrack->macsave[1], conntrack->macsave[2], + conntrack->macsave[3], conntrack->macsave[4], conntrack->macsave[5]); + } +#endif +#if defined(CONFIG_IP_NF_TARGET_BCOUNT) || defined(CONFIG_IP_NF_TARGET_BCOUNT_MODULE) +#if 0 + if (conntrack->bcount != 0) { +// len += sprintf(buffer + len, "bcount=0x%lx ", conntrack->bcount); + len += sprintf(buffer + len, "bcount=%ldK ", conntrack->bcount / 1024); + } +#endif +#endif len += sprintf(buffer + len, "\n"); return len; @@ -748,30 +274,6 @@ static int init_or_cleanup(int init) if (ret < 0) goto cleanup_nothing; -#ifdef DEL_IP_CONNTRACK_ENTRY - proc = proc_net_create("del_ip_conntrack", S_IFREG | S_IRUGO | S_IWUSR, proc_read_del_ip_conntrack); - if(proc) - { - proc->write_proc = proc_write_del_ip_conntrack; - proc->owner = THIS_MODULE; - } - else - { - //Maybe we can just let it go! - } -#endif -#ifdef CLEAR_IP_CONNTRACK - proc = proc_net_create("clear_ip_conntrack", S_IFREG | S_IRUGO | S_IWUSR, proc_read_clear_ip_conntrack); - if(proc) - { - proc->write_proc = proc_write_clear_ip_conntrack; - proc->owner = THIS_MODULE; - } - else - { - //Maybe we can just let it go! - } -#endif proc = proc_net_create("ip_conntrack",0,list_conntracks); if (!proc) goto cleanup_init; proc->owner = THIS_MODULE; -- cgit v1.2.3-54-g00ecf