RxRPC: Error handling for rxrpc_alloc_connection()

[safe/jmp/linux-2.6] / net / netfilter / nf_conntrack_proto_dccp.c

diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
index 9376dcd..8e757dd 100644 (file)
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
@@ -16,6 +16,9 @@
 #include <linux/skbuff.h>
 #include <linux/dccp.h>
 
+#include <net/net_namespace.h>
+#include <net/netns/generic.h>
+
 #include <linux/netfilter/nfnetlink_conntrack.h>
 #include <net/netfilter/nf_conntrack.h>
 #include <net/netfilter/nf_conntrack_l4proto.h>
@@ -23,8 +26,6 @@
 
 static DEFINE_RWLOCK(dccp_lock);
 
-static int nf_ct_dccp_loose __read_mostly = 1;
-
 /* Timeouts are based on values from RFC4340:
  *
  * - REQUEST:
@@ -72,16 +73,6 @@ static int nf_ct_dccp_loose __read_mostly = 1;
 
 #define DCCP_MSL (2 * 60 * HZ)
 
-static unsigned int dccp_timeout[CT_DCCP_MAX + 1] __read_mostly = {
-       [CT_DCCP_REQUEST]       = 2 * DCCP_MSL,
-       [CT_DCCP_RESPOND]       = 4 * DCCP_MSL,
-       [CT_DCCP_PARTOPEN]      = 4 * DCCP_MSL,
-       [CT_DCCP_OPEN]          = 12 * 3600 * HZ,
-       [CT_DCCP_CLOSEREQ]      = 64 * HZ,
-       [CT_DCCP_CLOSING]       = 64 * HZ,
-       [CT_DCCP_TIMEWAIT]      = 2 * DCCP_MSL,
-};
-
 static const char * const dccp_state_names[] = {
        [CT_DCCP_NONE]          = "NONE",
        [CT_DCCP_REQUEST]       = "REQUEST",
@@ -393,31 +384,49 @@ dccp_state_table[CT_DCCP_ROLE_MAX + 1][DCCP_PKT_SYNCACK + 1][CT_DCCP_MAX + 1] =
        },
 };
 
-static int dccp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
-                            struct nf_conntrack_tuple *tuple)
+/* this module per-net specifics */
+static int dccp_net_id;
+struct dccp_net {
+       int dccp_loose;
+       unsigned int dccp_timeout[CT_DCCP_MAX + 1];
+#ifdef CONFIG_SYSCTL
+       struct ctl_table_header *sysctl_header;
+       struct ctl_table *sysctl_table;
+#endif
+};
+
+static inline struct dccp_net *dccp_pernet(struct net *net)
+{
+       return net_generic(net, dccp_net_id);
+}
+
+static bool dccp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
+                             struct nf_conntrack_tuple *tuple)
 {
        struct dccp_hdr _hdr, *dh;
 
        dh = skb_header_pointer(skb, dataoff, sizeof(_hdr), &_hdr);
        if (dh == NULL)
-               return 0;
+               return false;
 
        tuple->src.u.dccp.port = dh->dccph_sport;
        tuple->dst.u.dccp.port = dh->dccph_dport;
-       return 1;
+       return true;
 }
 
-static int dccp_invert_tuple(struct nf_conntrack_tuple *inv,
-                            const struct nf_conntrack_tuple *tuple)
+static bool dccp_invert_tuple(struct nf_conntrack_tuple *inv,
+                             const struct nf_conntrack_tuple *tuple)
 {
        inv->src.u.dccp.port = tuple->dst.u.dccp.port;
        inv->dst.u.dccp.port = tuple->src.u.dccp.port;
-       return 1;
+       return true;
 }
 
-static int dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
-                   unsigned int dataoff)
+static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
+                    unsigned int dataoff)
 {
+       struct net *net = nf_ct_net(ct);
+       struct dccp_net *dn;
        struct dccp_hdr _dh, *dh;
        const char *msg;
        u_int8_t state;
@@ -428,7 +437,8 @@ static int dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
        state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE];
        switch (state) {
        default:
-               if (nf_ct_dccp_loose == 0) {
+               dn = dccp_pernet(net);
+               if (dn->dccp_loose == 0) {
                        msg = "nf_ct_dccp: not picking up existing connection ";
                        goto out_invalid;
                }
@@ -442,12 +452,12 @@ static int dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
        ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
        ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
        ct->proto.dccp.state = CT_DCCP_NONE;
-       return 1;
+       return true;
 
 out_invalid:
-       if (LOG_INVALID(IPPROTO_DCCP))
+       if (LOG_INVALID(net, IPPROTO_DCCP))
                nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg);
-       return 0;
+       return false;
 }
 
 static u64 dccp_ack_seq(const struct dccp_hdr *dh)
@@ -461,8 +471,10 @@ static u64 dccp_ack_seq(const struct dccp_hdr *dh)
 
 static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
                       unsigned int dataoff, enum ip_conntrack_info ctinfo,
-                      int pf, unsigned int hooknum)
+                      u_int8_t pf, unsigned int hooknum)
 {
+       struct net *net = nf_ct_net(ct);
+       struct dccp_net *dn;
        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
        struct dccp_hdr _dh, *dh;
        u_int8_t type, old_state, new_state;
@@ -475,8 +487,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
        if (type == DCCP_PKT_RESET &&
            !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
                /* Tear down connection immediately if only reply is a RESET */
-               if (del_timer(&ct->timeout))
-                       ct->timeout.function((unsigned long)ct);
+               nf_ct_kill_acct(ct, ctinfo, skb);
                return NF_ACCEPT;
        }
 
@@ -525,13 +536,13 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
                ct->proto.dccp.last_pkt = type;
 
                write_unlock_bh(&dccp_lock);
-               if (LOG_INVALID(IPPROTO_DCCP))
+               if (LOG_INVALID(net, IPPROTO_DCCP))
                        nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
                                      "nf_ct_dccp: invalid packet ignored ");
                return NF_ACCEPT;
        case CT_DCCP_INVALID:
                write_unlock_bh(&dccp_lock);
-               if (LOG_INVALID(IPPROTO_DCCP))
+               if (LOG_INVALID(net, IPPROTO_DCCP))
                        nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
                                      "nf_ct_dccp: invalid state transition ");
                return -NF_ACCEPT;
@@ -541,14 +552,16 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
        ct->proto.dccp.last_pkt = type;
        ct->proto.dccp.state = new_state;
        write_unlock_bh(&dccp_lock);
-       nf_ct_refresh_acct(ct, ctinfo, skb, dccp_timeout[new_state]);
+
+       dn = dccp_pernet(net);
+       nf_ct_refresh_acct(ct, ctinfo, skb, dn->dccp_timeout[new_state]);
 
        return NF_ACCEPT;
 }
 
-static int dccp_error(struct sk_buff *skb, unsigned int dataoff,
-                     enum ip_conntrack_info *ctinfo, int pf,
-                     unsigned int hooknum)
+static int dccp_error(struct net *net, struct sk_buff *skb,
+                     unsigned int dataoff, enum ip_conntrack_info *ctinfo,
+                     u_int8_t pf, unsigned int hooknum)
 {
        struct dccp_hdr _dh, *dh;
        unsigned int dccp_len = skb->len - dataoff;
@@ -576,7 +589,7 @@ static int dccp_error(struct sk_buff *skb, unsigned int dataoff,
                }
        }
 
-       if (nf_conntrack_checksum && hooknum == NF_INET_PRE_ROUTING &&
+       if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING &&
            nf_checksum_partial(skb, hooknum, dataoff, cscov, IPPROTO_DCCP,
                                pf)) {
                msg = "nf_ct_dccp: bad checksum ";
@@ -591,7 +604,7 @@ static int dccp_error(struct sk_buff *skb, unsigned int dataoff,
        return NF_ACCEPT;
 
 out_invalid:
-       if (LOG_INVALID(IPPROTO_DCCP))
+       if (LOG_INVALID(net, IPPROTO_DCCP))
                nf_log_packet(pf, 0, skb, NULL, NULL, NULL, msg);
        return -NF_ACCEPT;
 }
@@ -620,6 +633,8 @@ static int dccp_to_nlattr(struct sk_buff *skb, struct nlattr *nla,
        if (!nest_parms)
                goto nla_put_failure;
        NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state);
+       NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_ROLE,
+                  ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]);
        nla_nest_end(skb, nest_parms);
        read_unlock_bh(&dccp_lock);
        return 0;
@@ -631,6 +646,7 @@ nla_put_failure:
 
 static const struct nla_policy dccp_nla_policy[CTA_PROTOINFO_DCCP_MAX + 1] = {
        [CTA_PROTOINFO_DCCP_STATE]      = { .type = NLA_U8 },
+       [CTA_PROTOINFO_DCCP_ROLE]       = { .type = NLA_U8 },
 };
 
 static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
@@ -648,24 +664,38 @@ static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)
                return err;
 
        if (!tb[CTA_PROTOINFO_DCCP_STATE] ||
-           nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE)
+           !tb[CTA_PROTOINFO_DCCP_ROLE] ||
+           nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) > CT_DCCP_ROLE_MAX ||
+           nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE) {
                return -EINVAL;
+       }
 
        write_lock_bh(&dccp_lock);
        ct->proto.dccp.state = nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]);
+       if (nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) == CT_DCCP_ROLE_CLIENT) {
+               ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;
+               ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;
+       } else {
+               ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_SERVER;
+               ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_CLIENT;
+       }
        write_unlock_bh(&dccp_lock);
        return 0;
 }
+
+static int dccp_nlattr_size(void)
+{
+       return nla_total_size(0)        /* CTA_PROTOINFO_DCCP */
+               + nla_policy_len(dccp_nla_policy, CTA_PROTOINFO_DCCP_MAX + 1);
+}
 #endif
 
 #ifdef CONFIG_SYSCTL
-static unsigned int dccp_sysctl_table_users;
-static struct ctl_table_header *dccp_sysctl_header;
-static ctl_table dccp_sysctl_table[] = {
+/* template, data assigned later */
+static struct ctl_table dccp_sysctl_table[] = {
        {
                .ctl_name       = CTL_UNNUMBERED,
                .procname       = "nf_conntrack_dccp_timeout_request",
-               .data           = &dccp_timeout[CT_DCCP_REQUEST],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -673,7 +703,6 @@ static ctl_table dccp_sysctl_table[] = {
        {
                .ctl_name       = CTL_UNNUMBERED,
                .procname       = "nf_conntrack_dccp_timeout_respond",
-               .data           = &dccp_timeout[CT_DCCP_RESPOND],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -681,7 +710,6 @@ static ctl_table dccp_sysctl_table[] = {
        {
                .ctl_name       = CTL_UNNUMBERED,
                .procname       = "nf_conntrack_dccp_timeout_partopen",
-               .data           = &dccp_timeout[CT_DCCP_PARTOPEN],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -689,7 +717,6 @@ static ctl_table dccp_sysctl_table[] = {
        {
                .ctl_name       = CTL_UNNUMBERED,
                .procname       = "nf_conntrack_dccp_timeout_open",
-               .data           = &dccp_timeout[CT_DCCP_OPEN],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -697,7 +724,6 @@ static ctl_table dccp_sysctl_table[] = {
        {
                .ctl_name       = CTL_UNNUMBERED,
                .procname       = "nf_conntrack_dccp_timeout_closereq",
-               .data           = &dccp_timeout[CT_DCCP_CLOSEREQ],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -705,7 +731,6 @@ static ctl_table dccp_sysctl_table[] = {
        {
                .ctl_name       = CTL_UNNUMBERED,
                .procname       = "nf_conntrack_dccp_timeout_closing",
-               .data           = &dccp_timeout[CT_DCCP_CLOSING],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -713,7 +738,6 @@ static ctl_table dccp_sysctl_table[] = {
        {
                .ctl_name       = CTL_UNNUMBERED,
                .procname       = "nf_conntrack_dccp_timeout_timewait",
-               .data           = &dccp_timeout[CT_DCCP_TIMEWAIT],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -721,8 +745,7 @@ static ctl_table dccp_sysctl_table[] = {
        {
                .ctl_name       = CTL_UNNUMBERED,
                .procname       = "nf_conntrack_dccp_loose",
-               .data           = &nf_ct_dccp_loose,
-               .maxlen         = sizeof(nf_ct_dccp_loose),
+               .maxlen         = sizeof(int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec,
        },
@@ -745,16 +768,13 @@ static struct nf_conntrack_l4proto dccp_proto4 __read_mostly = {
        .print_conntrack        = dccp_print_conntrack,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
        .to_nlattr              = dccp_to_nlattr,
+       .nlattr_size            = dccp_nlattr_size,
        .from_nlattr            = nlattr_to_dccp,
        .tuple_to_nlattr        = nf_ct_port_tuple_to_nlattr,
+       .nlattr_tuple_size      = nf_ct_port_nlattr_tuple_size,
        .nlattr_to_tuple        = nf_ct_port_nlattr_to_tuple,
        .nla_policy             = nf_ct_port_nla_policy,
 #endif
-#ifdef CONFIG_SYSCTL
-       .ctl_table_users        = &dccp_sysctl_table_users,
-       .ctl_table_header       = &dccp_sysctl_header,
-       .ctl_table              = dccp_sysctl_table,
-#endif
 };
 
 static struct nf_conntrack_l4proto dccp_proto6 __read_mostly = {
@@ -770,39 +790,114 @@ static struct nf_conntrack_l4proto dccp_proto6 __read_mostly = {
        .print_conntrack        = dccp_print_conntrack,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
        .to_nlattr              = dccp_to_nlattr,
+       .nlattr_size            = dccp_nlattr_size,
        .from_nlattr            = nlattr_to_dccp,
        .tuple_to_nlattr        = nf_ct_port_tuple_to_nlattr,
+       .nlattr_tuple_size      = nf_ct_port_nlattr_tuple_size,
        .nlattr_to_tuple        = nf_ct_port_nlattr_to_tuple,
        .nla_policy             = nf_ct_port_nla_policy,
 #endif
+};
+
+static __net_init int dccp_net_init(struct net *net)
+{
+       struct dccp_net *dn;
+       int err;
+
+       dn = kmalloc(sizeof(*dn), GFP_KERNEL);
+       if (!dn)
+               return -ENOMEM;
+
+       /* default values */
+       dn->dccp_loose = 1;
+       dn->dccp_timeout[CT_DCCP_REQUEST]       = 2 * DCCP_MSL;
+       dn->dccp_timeout[CT_DCCP_RESPOND]       = 4 * DCCP_MSL;
+       dn->dccp_timeout[CT_DCCP_PARTOPEN]      = 4 * DCCP_MSL;
+       dn->dccp_timeout[CT_DCCP_OPEN]          = 12 * 3600 * HZ;
+       dn->dccp_timeout[CT_DCCP_CLOSEREQ]      = 64 * HZ;
+       dn->dccp_timeout[CT_DCCP_CLOSING]       = 64 * HZ;
+       dn->dccp_timeout[CT_DCCP_TIMEWAIT]      = 2 * DCCP_MSL;
+
+       err = net_assign_generic(net, dccp_net_id, dn);
+       if (err)
+               goto out;
+
+#ifdef CONFIG_SYSCTL
+       err = -ENOMEM;
+       dn->sysctl_table = kmemdup(dccp_sysctl_table,
+                       sizeof(dccp_sysctl_table), GFP_KERNEL);
+       if (!dn->sysctl_table)
+               goto out;
+
+       dn->sysctl_table[0].data = &dn->dccp_timeout[CT_DCCP_REQUEST];
+       dn->sysctl_table[1].data = &dn->dccp_timeout[CT_DCCP_RESPOND];
+       dn->sysctl_table[2].data = &dn->dccp_timeout[CT_DCCP_PARTOPEN];
+       dn->sysctl_table[3].data = &dn->dccp_timeout[CT_DCCP_OPEN];
+       dn->sysctl_table[4].data = &dn->dccp_timeout[CT_DCCP_CLOSEREQ];
+       dn->sysctl_table[5].data = &dn->dccp_timeout[CT_DCCP_CLOSING];
+       dn->sysctl_table[6].data = &dn->dccp_timeout[CT_DCCP_TIMEWAIT];
+       dn->sysctl_table[7].data = &dn->dccp_loose;
+
+       dn->sysctl_header = register_net_sysctl_table(net,
+                       nf_net_netfilter_sysctl_path, dn->sysctl_table);
+       if (!dn->sysctl_header) {
+               kfree(dn->sysctl_table);
+               goto out;
+       }
+#endif
+
+       return 0;
+
+out:
+       kfree(dn);
+       return err;
+}
+
+static __net_exit void dccp_net_exit(struct net *net)
+{
+       struct dccp_net *dn = dccp_pernet(net);
 #ifdef CONFIG_SYSCTL
-       .ctl_table_users        = &dccp_sysctl_table_users,
-       .ctl_table_header       = &dccp_sysctl_header,
-       .ctl_table              = dccp_sysctl_table,
+       unregister_net_sysctl_table(dn->sysctl_header);
+       kfree(dn->sysctl_table);
 #endif
+       kfree(dn);
+
+       net_assign_generic(net, dccp_net_id, NULL);
+}
+
+static struct pernet_operations dccp_net_ops = {
+       .init = dccp_net_init,
+       .exit = dccp_net_exit,
 };
 
 static int __init nf_conntrack_proto_dccp_init(void)
 {
        int err;
 
-       err = nf_conntrack_l4proto_register(&dccp_proto4);
+       err = register_pernet_gen_subsys(&dccp_net_id, &dccp_net_ops);
        if (err < 0)
                goto err1;
 
-       err = nf_conntrack_l4proto_register(&dccp_proto6);
+       err = nf_conntrack_l4proto_register(&dccp_proto4);
        if (err < 0)
                goto err2;
+
+       err = nf_conntrack_l4proto_register(&dccp_proto6);
+       if (err < 0)
+               goto err3;
        return 0;
 
-err2:
+err3:
        nf_conntrack_l4proto_unregister(&dccp_proto4);
+err2:
+       unregister_pernet_gen_subsys(dccp_net_id, &dccp_net_ops);
 err1:
        return err;
 }
 
 static void __exit nf_conntrack_proto_dccp_fini(void)
 {
+       unregister_pernet_gen_subsys(dccp_net_id, &dccp_net_ops);
        nf_conntrack_l4proto_unregister(&dccp_proto6);
        nf_conntrack_l4proto_unregister(&dccp_proto4);
 }