From patchwork Sat Apr 13 23:17:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flavio Leitner X-Patchwork-Id: 1085230 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44hVzP34Tyz9s70 for ; Sun, 14 Apr 2019 09:17:37 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727201AbfDMXRa (ORCPT ); Sat, 13 Apr 2019 19:17:30 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:32957 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727167AbfDMXRa (ORCPT ); Sat, 13 Apr 2019 19:17:30 -0400 Received: by mail-qt1-f193.google.com with SMTP id k14so15395947qtb.0 for ; Sat, 13 Apr 2019 16:17:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AQp+2Dq6WkavGLWELtQ7+COUoG/u5/ieM+Q6jRMm4L4=; b=D+tjBf5X0TkUTW1KeDE8PRa6HLi4PMzfaR/ztpwVdh3LRzMVrUBcS0f35KeXOliqVw D88J3/XjrcfChspl010zVnr0C+83AE8wpTAW+8cideyWb5XD9H2eRljcNDkhnfgrXL7t YX1ouBXXqq1Bz8txtCRanxdWtQxEBjrFnFRh80vMoY3NMDlWcI49TjoY0P5GaJBAVBxe s14ryd9TGwEVqIojWyVTHsuo2oCQIjU16s+o6d7ojaVS4NVPxchYBvPk7UsEUYeoYsGh Z8jLg1tbOILSGoAhAeWCDvNc8Byb1SQpwrzKD6B+uX7HI9paOZmbPCVbJEzzHle6NmYr gZGQ== X-Gm-Message-State: APjAAAVPl0zj117EHfPhAnPqQ/3pKxLn3XE20i5dzkVNbLVtrQNnZz1Y XW7PAKVA9vr92gAaN3O8pLISB6R/QJ4= X-Google-Smtp-Source: APXvYqwFaXXVMSdBTAmqRDeruGBbBNpmFwWmW4D6ujF1GAnuvquyrUoBTNRh43RpP3Xr30yg4DGOCw== X-Received: by 2002:ac8:4295:: with SMTP id o21mr42528090qtl.101.1555197449315; Sat, 13 Apr 2019 16:17:29 -0700 (PDT) Received: from localhost ([177.183.215.126]) by smtp.gmail.com with ESMTPSA id u3sm19687914qkc.21.2019.04.13.16.17.28 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 16:17:28 -0700 (PDT) From: Flavio Leitner To: netdev@vger.kernel.org Cc: Joe Stringer , Pravin B Shelar , dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH net-next v2 1/8] netfilter: use macros to create module aliases. Date: Sat, 13 Apr 2019 20:17:09 -0300 Message-Id: <20190413231716.28711-2-fbl@redhat.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190413231716.28711-1-fbl@redhat.com> References: <20190413231716.28711-1-fbl@redhat.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Each NAT helper creates a module alias which follows a pattern. Use macros for consistency. Signed-off-by: Flavio Leitner --- include/net/netfilter/nf_conntrack_helper.h | 4 ++++ net/ipv4/netfilter/nf_nat_h323.c | 2 +- net/ipv4/netfilter/nf_nat_pptp.c | 2 +- net/netfilter/nf_nat_amanda.c | 2 +- net/netfilter/nf_nat_ftp.c | 2 +- net/netfilter/nf_nat_irc.c | 2 +- net/netfilter/nf_nat_sip.c | 2 +- net/netfilter/nf_nat_tftp.c | 2 +- 8 files changed, 11 insertions(+), 7 deletions(-) V2 - renamed the defines as suggested by Pablo. diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h index ec52a8dc32fd..28bd4569aa64 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h @@ -15,6 +15,10 @@ #include #include +#define NF_NAT_HELPER_NAME(name) "ip_nat_" name +#define MODULE_ALIAS_NF_NAT_HELPER(name) \ + MODULE_ALIAS(NF_NAT_HELPER_NAME(name)) + struct module; enum nf_ct_helper_flags { diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c index 4e6b53ab6c33..7875c98072eb 100644 --- a/net/ipv4/netfilter/nf_nat_h323.c +++ b/net/ipv4/netfilter/nf_nat_h323.c @@ -631,4 +631,4 @@ module_exit(fini); MODULE_AUTHOR("Jing Min Zhao "); MODULE_DESCRIPTION("H.323 NAT helper"); MODULE_LICENSE("GPL"); -MODULE_ALIAS("ip_nat_h323"); +MODULE_ALIAS_NF_NAT_HELPER("h323"); diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c index 68b4d450391b..e17b4ee7604c 100644 --- a/net/ipv4/netfilter/nf_nat_pptp.c +++ b/net/ipv4/netfilter/nf_nat_pptp.c @@ -37,7 +37,7 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Harald Welte "); MODULE_DESCRIPTION("Netfilter NAT helper module for PPTP"); -MODULE_ALIAS("ip_nat_pptp"); +MODULE_ALIAS_NF_NAT_HELPER("pptp"); static void pptp_nat_expected(struct nf_conn *ct, struct nf_conntrack_expect *exp) diff --git a/net/netfilter/nf_nat_amanda.c b/net/netfilter/nf_nat_amanda.c index e4d61a7a5258..6b729a897c5f 100644 --- a/net/netfilter/nf_nat_amanda.c +++ b/net/netfilter/nf_nat_amanda.c @@ -22,7 +22,7 @@ MODULE_AUTHOR("Brian J. Murrell "); MODULE_DESCRIPTION("Amanda NAT helper"); MODULE_LICENSE("GPL"); -MODULE_ALIAS("ip_nat_amanda"); +MODULE_ALIAS_NF_NAT_HELPER("amanda"); static unsigned int help(struct sk_buff *skb, enum ip_conntrack_info ctinfo, diff --git a/net/netfilter/nf_nat_ftp.c b/net/netfilter/nf_nat_ftp.c index 5063cbf1689c..0e93b1f19432 100644 --- a/net/netfilter/nf_nat_ftp.c +++ b/net/netfilter/nf_nat_ftp.c @@ -24,7 +24,7 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Rusty Russell "); MODULE_DESCRIPTION("ftp NAT helper"); -MODULE_ALIAS("ip_nat_ftp"); +MODULE_ALIAS_NF_NAT_HELPER("ftp"); /* FIXME: Time out? --RR */ diff --git a/net/netfilter/nf_nat_irc.c b/net/netfilter/nf_nat_irc.c index 3aa35a43100d..6c06e997395f 100644 --- a/net/netfilter/nf_nat_irc.c +++ b/net/netfilter/nf_nat_irc.c @@ -26,7 +26,7 @@ MODULE_AUTHOR("Harald Welte "); MODULE_DESCRIPTION("IRC (DCC) NAT helper"); MODULE_LICENSE("GPL"); -MODULE_ALIAS("ip_nat_irc"); +MODULE_ALIAS_NF_NAT_HELPER("irc"); static unsigned int help(struct sk_buff *skb, enum ip_conntrack_info ctinfo, diff --git a/net/netfilter/nf_nat_sip.c b/net/netfilter/nf_nat_sip.c index aa1be643d7a0..f1f007d9484c 100644 --- a/net/netfilter/nf_nat_sip.c +++ b/net/netfilter/nf_nat_sip.c @@ -27,7 +27,7 @@ MODULE_LICENSE("GPL"); MODULE_AUTHOR("Christian Hentschel "); MODULE_DESCRIPTION("SIP NAT helper"); -MODULE_ALIAS("ip_nat_sip"); +MODULE_ALIAS_NF_NAT_HELPER("sip"); static unsigned int mangle_packet(struct sk_buff *skb, unsigned int protoff, diff --git a/net/netfilter/nf_nat_tftp.c b/net/netfilter/nf_nat_tftp.c index 7f67e1d5310d..dd3a835c111d 100644 --- a/net/netfilter/nf_nat_tftp.c +++ b/net/netfilter/nf_nat_tftp.c @@ -16,7 +16,7 @@ MODULE_AUTHOR("Magnus Boden "); MODULE_DESCRIPTION("TFTP NAT helper"); MODULE_LICENSE("GPL"); -MODULE_ALIAS("ip_nat_tftp"); +MODULE_ALIAS_NF_NAT_HELPER("tftp"); static unsigned int help(struct sk_buff *skb, enum ip_conntrack_info ctinfo, From patchwork Sat Apr 13 23:17:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flavio Leitner X-Patchwork-Id: 1085231 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44hVzP6WSmz9s55 for ; Sun, 14 Apr 2019 09:17:37 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727226AbfDMXRe (ORCPT ); Sat, 13 Apr 2019 19:17:34 -0400 Received: from mail-qk1-f195.google.com ([209.85.222.195]:37668 "EHLO mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727167AbfDMXRe (ORCPT ); Sat, 13 Apr 2019 19:17:34 -0400 Received: by mail-qk1-f195.google.com with SMTP id c1so7853920qkk.4 for ; Sat, 13 Apr 2019 16:17:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xOi7aeJt1FF2sBDrr0SMDMT8iqYknCeoUA39/fvflOA=; b=ZPHhw4P3KEgy3RVTrLfEs04PERV//0KRa69I/NrE9R11vT7TxocaODt9MFZ4oJd2zg Q4FKE9mhoK/COruTm3QObUVOTJazpQG0Fa0kB74x/RoAoYU6GGzXrxroh4bcw1y/qU6U RPx/XI9vgSyE6EaitGrpoQbAA8ChEaLcDVWDIVTFXDoD3jswIuTjtBTHpd3JVTZY5LJB KqLXbFdw6eNHzzk9opf4QvFZZDwaF1kq5O9zYjH5BjEsow2eM0tQxlSnM5JeSfchEYLP 1FTM9xNy/lWo8RDys1c7B9N5wEaCasIRCFVOARKsJzlVPCqte8gmTG4Ylvq2Xt6FjNBU 5Prg== X-Gm-Message-State: APjAAAUJ3//rgq+E6k80Sfwkd/u+6rHTIMu04IN+GcHbvxYPa/os0LjK z5CMUyFEQdZWsAHQypGM2GGpQ2Ws9IU= X-Google-Smtp-Source: APXvYqyDRlOicLlZAbdiylPUUhVmbLnLt4ZQIZ7IGU8KorwN5odiuSBffEXAEpRP6XqnGWkV8VJ1PA== X-Received: by 2002:ae9:d881:: with SMTP id u123mr50007832qkf.294.1555197452245; Sat, 13 Apr 2019 16:17:32 -0700 (PDT) Received: from localhost ([177.183.215.126]) by smtp.gmail.com with ESMTPSA id m73sm24706919qke.95.2019.04.13.16.17.31 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 16:17:31 -0700 (PDT) From: Flavio Leitner To: netdev@vger.kernel.org Cc: Joe Stringer , Pravin B Shelar , dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH net-next v2 2/8] netfilter: add API to manage NAT helpers. Date: Sat, 13 Apr 2019 20:17:10 -0300 Message-Id: <20190413231716.28711-3-fbl@redhat.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190413231716.28711-1-fbl@redhat.com> References: <20190413231716.28711-1-fbl@redhat.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The API allows a conntrack helper to indicate its corresponding NAT helper which then can be loaded and reference counted. Signed-off-by: Flavio Leitner --- include/net/netfilter/nf_conntrack_helper.h | 22 ++++- net/netfilter/nf_conntrack_amanda.c | 8 +- net/netfilter/nf_conntrack_ftp.c | 13 +-- net/netfilter/nf_conntrack_helper.c | 97 +++++++++++++++++++++ net/netfilter/nf_conntrack_irc.c | 6 +- net/netfilter/nf_conntrack_sane.c | 12 +-- net/netfilter/nf_conntrack_sip.c | 28 +++--- net/netfilter/nf_conntrack_tftp.c | 18 ++-- 8 files changed, 169 insertions(+), 35 deletions(-) V2 - renamed functions names as suggested by Pablo - renamed structs and other variables accordingly. - replaced the spinlock with mutex as suggested by Pablo. - used structure in C99 as static in the NAT helper module as suggested by Pablo. - defined a HELPER_NAME for consistency on each NAT helper module. diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h index 28bd4569aa64..44b5a00a9c64 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h @@ -15,7 +15,8 @@ #include #include -#define NF_NAT_HELPER_NAME(name) "ip_nat_" name +#define NF_NAT_HELPER_PREFIX "ip_nat_" +#define NF_NAT_HELPER_NAME(name) NF_NAT_HELPER_PREFIX name #define MODULE_ALIAS_NF_NAT_HELPER(name) \ MODULE_ALIAS(NF_NAT_HELPER_NAME(name)) @@ -58,6 +59,8 @@ struct nf_conntrack_helper { unsigned int queue_num; /* length of userspace private data stored in nf_conn_help->data */ u16 data_len; + /* name of NAT helper module */ + char nat_mod_name[NF_CT_HELPER_NAME_LEN]; }; /* Must be kept in sync with the classes defined by helpers */ @@ -157,4 +160,21 @@ nf_ct_helper_expectfn_find_by_symbol(const void *symbol); extern struct hlist_head *nf_ct_helper_hash; extern unsigned int nf_ct_helper_hsize; +struct nf_conntrack_nat_helper { + struct list_head list; + char mod_name[NF_CT_HELPER_NAME_LEN]; /* module name */ + struct module *module; /* pointer to self */ +}; + +#define NF_CT_NAT_HELPER_INIT(name) \ + { \ + .mod_name = NF_NAT_HELPER_NAME(name), \ + .module = THIS_MODULE \ + } + +void nf_nat_helper_register(struct nf_conntrack_nat_helper *nat); +void nf_nat_helper_unregister(struct nf_conntrack_nat_helper *nat); +int nf_nat_helper_try_module_get(const char *name, u16 l3num, + u8 protonum); +void nf_nat_helper_put(struct nf_conntrack_helper *helper); #endif /*_NF_CONNTRACK_HELPER_H*/ diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c index f2681ec5b5f6..dbec6fca0d9e 100644 --- a/net/netfilter/nf_conntrack_amanda.c +++ b/net/netfilter/nf_conntrack_amanda.c @@ -28,11 +28,13 @@ static unsigned int master_timeout __read_mostly = 300; static char *ts_algo = "kmp"; +#define HELPER_NAME "amanda" + MODULE_AUTHOR("Brian J. Murrell "); MODULE_DESCRIPTION("Amanda connection tracking module"); MODULE_LICENSE("GPL"); MODULE_ALIAS("ip_conntrack_amanda"); -MODULE_ALIAS_NFCT_HELPER("amanda"); +MODULE_ALIAS_NFCT_HELPER(HELPER_NAME); module_param(master_timeout, uint, 0600); MODULE_PARM_DESC(master_timeout, "timeout for the master connection"); @@ -179,13 +181,14 @@ static const struct nf_conntrack_expect_policy amanda_exp_policy = { static struct nf_conntrack_helper amanda_helper[2] __read_mostly = { { - .name = "amanda", + .name = HELPER_NAME, .me = THIS_MODULE, .help = amanda_help, .tuple.src.l3num = AF_INET, .tuple.src.u.udp.port = cpu_to_be16(10080), .tuple.dst.protonum = IPPROTO_UDP, .expect_policy = &amanda_exp_policy, + .nat_mod_name = NF_NAT_HELPER_NAME(HELPER_NAME), }, { .name = "amanda", @@ -195,6 +198,7 @@ static struct nf_conntrack_helper amanda_helper[2] __read_mostly = { .tuple.src.u.udp.port = cpu_to_be16(10080), .tuple.dst.protonum = IPPROTO_UDP, .expect_policy = &amanda_exp_policy, + .nat_mod_name = NF_NAT_HELPER_NAME(HELPER_NAME), }, }; diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index a11c304fb771..a76f45fedb7a 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c @@ -29,11 +29,13 @@ #include #include +#define HELPER_NAME "ftp" + MODULE_LICENSE("GPL"); MODULE_AUTHOR("Rusty Russell "); MODULE_DESCRIPTION("ftp connection tracking helper"); MODULE_ALIAS("ip_conntrack_ftp"); -MODULE_ALIAS_NFCT_HELPER("ftp"); +MODULE_ALIAS_NFCT_HELPER(HELPER_NAME); /* This is slow, but it's simple. --RR */ static char *ftp_buffer; @@ -588,12 +590,13 @@ static int __init nf_conntrack_ftp_init(void) /* FIXME should be configurable whether IPv4 and IPv6 FTP connections are tracked or not - YK */ for (i = 0; i < ports_c; i++) { - nf_ct_helper_init(&ftp[2 * i], AF_INET, IPPROTO_TCP, "ftp", - FTP_PORT, ports[i], ports[i], &ftp_exp_policy, - 0, help, nf_ct_ftp_from_nlattr, THIS_MODULE); - nf_ct_helper_init(&ftp[2 * i + 1], AF_INET6, IPPROTO_TCP, "ftp", + nf_ct_helper_init(&ftp[2 * i], AF_INET, IPPROTO_TCP, HELPER_NAME, FTP_PORT, ports[i], ports[i], &ftp_exp_policy, 0, help, nf_ct_ftp_from_nlattr, THIS_MODULE); + nf_ct_helper_init(&ftp[2 * i + 1], AF_INET6, IPPROTO_TCP, + HELPER_NAME, FTP_PORT, ports[i], ports[i], + &ftp_exp_policy, 0, help, nf_ct_ftp_from_nlattr, + THIS_MODULE); } ret = nf_conntrack_helpers_register(ftp, ports_c * 2); diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c index 274baf1dab87..8401bdba3b48 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c @@ -42,6 +42,9 @@ module_param_named(nf_conntrack_helper, nf_ct_auto_assign_helper, bool, 0644); MODULE_PARM_DESC(nf_conntrack_helper, "Enable automatic conntrack helper assignment (default 0)"); +static DEFINE_MUTEX(nf_ct_nat_helpers_mutex); +static struct list_head nf_ct_nat_helpers __read_mostly; + /* Stupid hash, but collision free for the default registrations of the * helpers currently in the kernel. */ static unsigned int helper_hash(const struct nf_conntrack_tuple *tuple) @@ -130,6 +133,75 @@ void nf_conntrack_helper_put(struct nf_conntrack_helper *helper) } EXPORT_SYMBOL_GPL(nf_conntrack_helper_put); +static struct nf_conntrack_nat_helper * +nf_conntrack_nat_helper_find(const char *mod_name) +{ + struct nf_conntrack_nat_helper *cur; + bool found = false; + + list_for_each_entry_rcu(cur, &nf_ct_nat_helpers, list) { + if (!strcmp(cur->mod_name, mod_name)) { + found = true; + break; + } + } + return found ? cur : NULL; +} + +int +nf_nat_helper_try_module_get(const char *name, u16 l3num, u8 protonum) +{ + struct nf_conntrack_helper *h; + struct nf_conntrack_nat_helper *nat; + char mod_name[NF_CT_HELPER_NAME_LEN]; + int ret = 0; + + rcu_read_lock(); + h = __nf_conntrack_helper_find(name, l3num, protonum); + if (h == NULL) { + rcu_read_unlock(); + return -EINVAL; + } + + if (!strlen(h->nat_mod_name)) { + rcu_read_unlock(); + return -EOPNOTSUPP; + } + + nat = nf_conntrack_nat_helper_find(h->nat_mod_name); + if (nat == NULL) { + snprintf(mod_name, sizeof(mod_name), "%s", h->nat_mod_name); + rcu_read_unlock(); + ret = request_module(mod_name); + if (ret != 0) + return ret; + + rcu_read_lock(); + nat = nf_conntrack_nat_helper_find(mod_name); + if (nat == NULL) { + rcu_read_unlock(); + return -EINVAL; + } + } + + if (!try_module_get(nat->module)) + ret = -EINVAL; + + rcu_read_unlock(); + return ret; +} +EXPORT_SYMBOL_GPL(nf_nat_helper_try_module_get); + +void nf_nat_helper_put(struct nf_conntrack_helper *helper) +{ + struct nf_conntrack_nat_helper *nat; + + nat = nf_conntrack_nat_helper_find(helper->nat_mod_name); + BUG_ON(nat == NULL); + module_put(nat->module); +} +EXPORT_SYMBOL_GPL(nf_nat_helper_put); + struct nf_conn_help * nf_ct_helper_ext_add(struct nf_conn *ct, gfp_t gfp) { @@ -430,6 +502,10 @@ void nf_ct_helper_init(struct nf_conntrack_helper *helper, helper->help = help; helper->from_nlattr = from_nlattr; helper->me = module; + helper->nat_mod_name[0] = '\0'; + if (name) + snprintf(helper->nat_mod_name, sizeof(helper->nat_mod_name), + NF_NAT_HELPER_PREFIX"%s", name); if (spec_port == default_port) snprintf(helper->name, sizeof(helper->name), "%s", name); @@ -466,6 +542,26 @@ void nf_conntrack_helpers_unregister(struct nf_conntrack_helper *helper, } EXPORT_SYMBOL_GPL(nf_conntrack_helpers_unregister); +void nf_nat_helper_register(struct nf_conntrack_nat_helper *nat) +{ + BUG_ON(nat->module == NULL); + + mutex_lock(&nf_ct_nat_helpers_mutex); + list_add_rcu(&nat->list, &nf_ct_nat_helpers); + mutex_unlock(&nf_ct_nat_helpers_mutex); +} +EXPORT_SYMBOL_GPL(nf_nat_helper_register); + +void nf_nat_helper_unregister(struct nf_conntrack_nat_helper *nat) +{ + BUG_ON(nat->module == NULL); + + mutex_lock(&nf_ct_nat_helpers_mutex); + list_del_rcu(&nat->list); + mutex_unlock(&nf_ct_nat_helpers_mutex); +} +EXPORT_SYMBOL_GPL(nf_nat_helper_unregister); + static const struct nf_ct_ext_type helper_extend = { .len = sizeof(struct nf_conn_help), .align = __alignof__(struct nf_conn_help), @@ -493,6 +589,7 @@ int nf_conntrack_helper_init(void) goto out_extend; } + INIT_LIST_HEAD(&nf_ct_nat_helpers); return 0; out_extend: kvfree(nf_ct_helper_hash); diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c index 4099f4d79bae..79e5014b3b0d 100644 --- a/net/netfilter/nf_conntrack_irc.c +++ b/net/netfilter/nf_conntrack_irc.c @@ -42,11 +42,13 @@ unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb, struct nf_conntrack_expect *exp) __read_mostly; EXPORT_SYMBOL_GPL(nf_nat_irc_hook); +#define HELPER_NAME "irc" + MODULE_AUTHOR("Harald Welte "); MODULE_DESCRIPTION("IRC (DCC) connection tracking helper"); MODULE_LICENSE("GPL"); MODULE_ALIAS("ip_conntrack_irc"); -MODULE_ALIAS_NFCT_HELPER("irc"); +MODULE_ALIAS_NFCT_HELPER(HELPER_NAME); module_param_array(ports, ushort, &ports_c, 0400); MODULE_PARM_DESC(ports, "port numbers of IRC servers"); @@ -259,7 +261,7 @@ static int __init nf_conntrack_irc_init(void) ports[ports_c++] = IRC_PORT; for (i = 0; i < ports_c; i++) { - nf_ct_helper_init(&irc[i], AF_INET, IPPROTO_TCP, "irc", + nf_ct_helper_init(&irc[i], AF_INET, IPPROTO_TCP, HELPER_NAME, IRC_PORT, ports[i], i, &irc_exp_policy, 0, help, NULL, THIS_MODULE); } diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack_sane.c index 5072ff96ab33..83306648dd0f 100644 --- a/net/netfilter/nf_conntrack_sane.c +++ b/net/netfilter/nf_conntrack_sane.c @@ -30,10 +30,12 @@ #include #include +#define HELPER_NAME "sane" + MODULE_LICENSE("GPL"); MODULE_AUTHOR("Michal Schmidt "); MODULE_DESCRIPTION("SANE connection tracking helper"); -MODULE_ALIAS_NFCT_HELPER("sane"); +MODULE_ALIAS_NFCT_HELPER(HELPER_NAME); static char *sane_buffer; @@ -195,12 +197,12 @@ static int __init nf_conntrack_sane_init(void) /* FIXME should be configurable whether IPv4 and IPv6 connections are tracked or not - YK */ for (i = 0; i < ports_c; i++) { - nf_ct_helper_init(&sane[2 * i], AF_INET, IPPROTO_TCP, "sane", - SANE_PORT, ports[i], ports[i], + nf_ct_helper_init(&sane[2 * i], AF_INET, IPPROTO_TCP, + HELPER_NAME, SANE_PORT, ports[i], ports[i], &sane_exp_policy, 0, help, NULL, THIS_MODULE); - nf_ct_helper_init(&sane[2 * i + 1], AF_INET6, IPPROTO_TCP, "sane", - SANE_PORT, ports[i], ports[i], + nf_ct_helper_init(&sane[2 * i + 1], AF_INET6, IPPROTO_TCP, + HELPER_NAME, SANE_PORT, ports[i], ports[i], &sane_exp_policy, 0, help, NULL, THIS_MODULE); } diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index 39fcc1ed18f3..05f7324f245e 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c @@ -30,11 +30,13 @@ #include #include +#define HELPER_NAME "sip" + MODULE_LICENSE("GPL"); MODULE_AUTHOR("Christian Hentschel "); MODULE_DESCRIPTION("SIP connection tracking helper"); MODULE_ALIAS("ip_conntrack_sip"); -MODULE_ALIAS_NFCT_HELPER("sip"); +MODULE_ALIAS_NFCT_HELPER(HELPER_NAME); #define MAX_PORTS 8 static unsigned short ports[MAX_PORTS]; @@ -1669,21 +1671,21 @@ static int __init nf_conntrack_sip_init(void) ports[ports_c++] = SIP_PORT; for (i = 0; i < ports_c; i++) { - nf_ct_helper_init(&sip[4 * i], AF_INET, IPPROTO_UDP, "sip", - SIP_PORT, ports[i], i, sip_exp_policy, - SIP_EXPECT_MAX, sip_help_udp, + nf_ct_helper_init(&sip[4 * i], AF_INET, IPPROTO_UDP, + HELPER_NAME, SIP_PORT, ports[i], i, + sip_exp_policy, SIP_EXPECT_MAX, sip_help_udp, NULL, THIS_MODULE); - nf_ct_helper_init(&sip[4 * i + 1], AF_INET, IPPROTO_TCP, "sip", - SIP_PORT, ports[i], i, sip_exp_policy, - SIP_EXPECT_MAX, sip_help_tcp, + nf_ct_helper_init(&sip[4 * i + 1], AF_INET, IPPROTO_TCP, + HELPER_NAME, SIP_PORT, ports[i], i, + sip_exp_policy, SIP_EXPECT_MAX, sip_help_tcp, NULL, THIS_MODULE); - nf_ct_helper_init(&sip[4 * i + 2], AF_INET6, IPPROTO_UDP, "sip", - SIP_PORT, ports[i], i, sip_exp_policy, - SIP_EXPECT_MAX, sip_help_udp, + nf_ct_helper_init(&sip[4 * i + 2], AF_INET6, IPPROTO_UDP, + HELPER_NAME, SIP_PORT, ports[i], i, + sip_exp_policy, SIP_EXPECT_MAX, sip_help_udp, NULL, THIS_MODULE); - nf_ct_helper_init(&sip[4 * i + 3], AF_INET6, IPPROTO_TCP, "sip", - SIP_PORT, ports[i], i, sip_exp_policy, - SIP_EXPECT_MAX, sip_help_tcp, + nf_ct_helper_init(&sip[4 * i + 3], AF_INET6, IPPROTO_TCP, + HELPER_NAME, SIP_PORT, ports[i], i, + sip_exp_policy, SIP_EXPECT_MAX, sip_help_tcp, NULL, THIS_MODULE); } diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c index 548b673b3625..6977cb91ae9a 100644 --- a/net/netfilter/nf_conntrack_tftp.c +++ b/net/netfilter/nf_conntrack_tftp.c @@ -20,11 +20,13 @@ #include #include +#define HELPER_NAME "tftp" + MODULE_AUTHOR("Magnus Boden "); MODULE_DESCRIPTION("TFTP connection tracking helper"); MODULE_LICENSE("GPL"); MODULE_ALIAS("ip_conntrack_tftp"); -MODULE_ALIAS_NFCT_HELPER("tftp"); +MODULE_ALIAS_NFCT_HELPER(HELPER_NAME); #define MAX_PORTS 8 static unsigned short ports[MAX_PORTS]; @@ -119,12 +121,14 @@ static int __init nf_conntrack_tftp_init(void) ports[ports_c++] = TFTP_PORT; for (i = 0; i < ports_c; i++) { - nf_ct_helper_init(&tftp[2 * i], AF_INET, IPPROTO_UDP, "tftp", - TFTP_PORT, ports[i], i, &tftp_exp_policy, - 0, tftp_help, NULL, THIS_MODULE); - nf_ct_helper_init(&tftp[2 * i + 1], AF_INET6, IPPROTO_UDP, "tftp", - TFTP_PORT, ports[i], i, &tftp_exp_policy, - 0, tftp_help, NULL, THIS_MODULE); + nf_ct_helper_init(&tftp[2 * i], AF_INET, IPPROTO_UDP, + HELPER_NAME, TFTP_PORT, ports[i], i, + &tftp_exp_policy, 0, tftp_help, NULL, + THIS_MODULE); + nf_ct_helper_init(&tftp[2 * i + 1], AF_INET6, IPPROTO_UDP, + HELPER_NAME, TFTP_PORT, ports[i], i, + &tftp_exp_policy, 0, tftp_help, NULL, + THIS_MODULE); } ret = nf_conntrack_helpers_register(tftp, ports_c * 2); From patchwork Sat Apr 13 23:17:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flavio Leitner X-Patchwork-Id: 1085236 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44hVzT5BhTz9s5c for ; Sun, 14 Apr 2019 09:17:41 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727242AbfDMXRh (ORCPT ); Sat, 13 Apr 2019 19:17:37 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:42930 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727229AbfDMXRg (ORCPT ); Sat, 13 Apr 2019 19:17:36 -0400 Received: by mail-qt1-f193.google.com with SMTP id p20so15317655qtc.9 for ; Sat, 13 Apr 2019 16:17:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7mA+5BJOLfNmgJPuQEwHEEHp7pw0wpbgIJ+UzEsTweU=; b=nVJKfu23VhjapT/8FPMRR2mRetC8OHWQ8Do4JszyRuw9H4sUl8O2YcPQZ/iuO4QWO8 lG82XI4+NjiC6jev3UvD/Lj9ZXMKcjoK48CdFzgPpECkUZP4C2TNq7Zjle2zoeJF8Jer 61jJv8+sqEwvRWVD8aXJRomcBpLBEk9m7lP2ryNxv+iNy2kl0MQzf7F7h3hiyrCwKd+t ZVfLpBtEUssmLk2L2fgkqvNkZTFugI66OJBoeLLGtY/TfFaVJoFiB4ScM7P1GBS5UwlM jkW2OY7AWec4P9VhF/+t76akZJXt517HahzRrGHowUgT1uX6CTT0dSICrEi3vEi8+7OK 7DxA== X-Gm-Message-State: APjAAAVyqKsSCbUcKgovfVrYEkAerHCseivIc/nu5x/5oRpwtqz9jES9 IsJC8tO3y9POnuNL4aD617GaiB+dAwk= X-Google-Smtp-Source: APXvYqxdfu0OvVSLrHNqD1DMxJgybXeoDOhd6PNzk3cJKnMHI8aecE7RKiZwD3rvPSTTyfv2rAvg3Q== X-Received: by 2002:ac8:17f4:: with SMTP id r49mr51660017qtk.213.1555197455240; Sat, 13 Apr 2019 16:17:35 -0700 (PDT) Received: from localhost ([177.183.215.126]) by smtp.gmail.com with ESMTPSA id h29sm29246259qtk.32.2019.04.13.16.17.34 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 16:17:34 -0700 (PDT) From: Flavio Leitner To: netdev@vger.kernel.org Cc: Joe Stringer , Pravin B Shelar , dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH net-next v2 3/8] netfilter: nf_nat: register amanda NAT helper. Date: Sat, 13 Apr 2019 20:17:11 -0300 Message-Id: <20190413231716.28711-4-fbl@redhat.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190413231716.28711-1-fbl@redhat.com> References: <20190413231716.28711-1-fbl@redhat.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Signed-off-by: Flavio Leitner --- net/netfilter/nf_nat_amanda.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) V2 - defined NAT_HELPER_NAME for consistency. - C99 static change. - renamed the variables to be nat_helper.* diff --git a/net/netfilter/nf_nat_amanda.c b/net/netfilter/nf_nat_amanda.c index 6b729a897c5f..4e59416ea709 100644 --- a/net/netfilter/nf_nat_amanda.c +++ b/net/netfilter/nf_nat_amanda.c @@ -19,10 +19,15 @@ #include #include +#define NAT_HELPER_NAME "amanda" + MODULE_AUTHOR("Brian J. Murrell "); MODULE_DESCRIPTION("Amanda NAT helper"); MODULE_LICENSE("GPL"); -MODULE_ALIAS_NF_NAT_HELPER("amanda"); +MODULE_ALIAS_NF_NAT_HELPER(NAT_HELPER_NAME); + +static struct nf_conntrack_nat_helper nat_helper_amanda = + NF_CT_NAT_HELPER_INIT(NAT_HELPER_NAME); static unsigned int help(struct sk_buff *skb, enum ip_conntrack_info ctinfo, @@ -74,6 +79,7 @@ static unsigned int help(struct sk_buff *skb, static void __exit nf_nat_amanda_fini(void) { + nf_nat_helper_unregister(&nat_helper_amanda); RCU_INIT_POINTER(nf_nat_amanda_hook, NULL); synchronize_rcu(); } @@ -81,6 +87,7 @@ static void __exit nf_nat_amanda_fini(void) static int __init nf_nat_amanda_init(void) { BUG_ON(nf_nat_amanda_hook != NULL); + nf_nat_helper_register(&nat_helper_amanda); RCU_INIT_POINTER(nf_nat_amanda_hook, help); return 0; } From patchwork Sat Apr 13 23:17:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flavio Leitner X-Patchwork-Id: 1085239 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44hVzb3bTJz9s55 for ; Sun, 14 Apr 2019 09:17:47 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727267AbfDMXRm (ORCPT ); Sat, 13 Apr 2019 19:17:42 -0400 Received: from mail-qk1-f196.google.com ([209.85.222.196]:37672 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727244AbfDMXRj (ORCPT ); Sat, 13 Apr 2019 19:17:39 -0400 Received: by mail-qk1-f196.google.com with SMTP id c1so7853971qkk.4 for ; Sat, 13 Apr 2019 16:17:38 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4YqoQA1UkymIHs2QggQQy8mZKppILjPtX7G37rkzWK4=; b=XYUsdIigDo2ZpFog7tJQuQzU6aKE3TmlByBq/0U1IokUAAsAlC6p+wxanR4Bqebnwv 9pobcJ0aHC6iagtVOmbV+V1bBIubNogjccn0BGofuTmPrwAB8z86JDBQV1QkCNYsxC5U Ed2XaYC84cwu/R4ZzUXPU0RjpPU9BRUHMbF+AbBI9j3viCb3JDYn+4JY92ArK+EdEXLg 0lu8gAZ+UFLNvCJWwYe2ljo37kZ43TK23kLrSR0dKpi43IlUUfvfj5xPixmrSOZGuGcG FnvJu/6kFOiI5Fd/hgmQQG0yh9Uh0gqgmhquBdKYmdxzffEwuugSouISJ7AX9V3F9Il8 zAnQ== X-Gm-Message-State: APjAAAUBlsDAGStxloHaJ2bq5cS8JKtom3Wfk+Y70xV15Xgq6d8W83sC Nbfu8ZWaKgJ99rBvjiHQzoYS++hWIzM= X-Google-Smtp-Source: APXvYqxCUVTjj3MyqQQ+CsbrfurrUr5+cM+YgM2LfjgSV4sjewVmd4GgES1y5rxSz3tqpd5c7GzKAA== X-Received: by 2002:a05:620a:1646:: with SMTP id c6mr52799759qko.69.1555197458214; Sat, 13 Apr 2019 16:17:38 -0700 (PDT) Received: from localhost ([177.183.215.126]) by smtp.gmail.com with ESMTPSA id t69sm25084650qke.38.2019.04.13.16.17.37 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 16:17:37 -0700 (PDT) From: Flavio Leitner To: netdev@vger.kernel.org Cc: Joe Stringer , Pravin B Shelar , dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH net-next v2 4/8] netfilter: nf_nat: register ftp NAT helper. Date: Sat, 13 Apr 2019 20:17:12 -0300 Message-Id: <20190413231716.28711-5-fbl@redhat.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190413231716.28711-1-fbl@redhat.com> References: <20190413231716.28711-1-fbl@redhat.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Signed-off-by: Flavio Leitner --- net/netfilter/nf_nat_ftp.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) V2 - defined NAT_HELPER_NAME for consistency. - C99 static change. - renamed the variables to be nat_helper.* diff --git a/net/netfilter/nf_nat_ftp.c b/net/netfilter/nf_nat_ftp.c index 0e93b1f19432..0ea6b1bc52de 100644 --- a/net/netfilter/nf_nat_ftp.c +++ b/net/netfilter/nf_nat_ftp.c @@ -21,13 +21,18 @@ #include #include +#define NAT_HELPER_NAME "ftp" + MODULE_LICENSE("GPL"); MODULE_AUTHOR("Rusty Russell "); MODULE_DESCRIPTION("ftp NAT helper"); -MODULE_ALIAS_NF_NAT_HELPER("ftp"); +MODULE_ALIAS_NF_NAT_HELPER(NAT_HELPER_NAME); /* FIXME: Time out? --RR */ +static struct nf_conntrack_nat_helper nat_helper_ftp = + NF_CT_NAT_HELPER_INIT(NAT_HELPER_NAME); + static int nf_nat_ftp_fmt_cmd(struct nf_conn *ct, enum nf_ct_ftp_type type, char *buffer, size_t buflen, union nf_inet_addr *addr, u16 port) @@ -124,6 +129,7 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb, static void __exit nf_nat_ftp_fini(void) { + nf_nat_helper_unregister(&nat_helper_ftp); RCU_INIT_POINTER(nf_nat_ftp_hook, NULL); synchronize_rcu(); } @@ -131,6 +137,7 @@ static void __exit nf_nat_ftp_fini(void) static int __init nf_nat_ftp_init(void) { BUG_ON(nf_nat_ftp_hook != NULL); + nf_nat_helper_register(&nat_helper_ftp); RCU_INIT_POINTER(nf_nat_ftp_hook, nf_nat_ftp); return 0; } From patchwork Sat Apr 13 23:17:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flavio Leitner X-Patchwork-Id: 1085238 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44hVzY5q6bz9s55 for ; Sun, 14 Apr 2019 09:17:45 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727279AbfDMXRn (ORCPT ); Sat, 13 Apr 2019 19:17:43 -0400 Received: from mail-qk1-f195.google.com ([209.85.222.195]:38086 "EHLO mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727263AbfDMXRm (ORCPT ); Sat, 13 Apr 2019 19:17:42 -0400 Received: by mail-qk1-f195.google.com with SMTP id g1so7834972qki.5 for ; Sat, 13 Apr 2019 16:17:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=htlvsUl58UfZNWzgkPeIauIOJmmQeGQkqXTt/EdnjjE=; b=srLjnU0YOBonsWKZ6odFmVB6Ux1z8tczFmN4//Q/TCeUKruiG73nJhHtQbpWS6aumw Z3E4sf+4ma46XOJCful6oohFttmbgydehvL561LbiVdaTyCVphhXmh3SiGC6jcpcwqnc PC1eQ24KEu3zbvQWaaEH6TBwvgeSj+gjJunthJsdvJdhPE8L13hSOv5Qm5tZ9BEjBYg3 rShi406geSL2Om3mOoYrJFiL/x5v8DeGDgUpMpAAlXT/YEhBDnNq68pPnvCFlKoj9JGe njm7n2GOfcMVVjZQYtDyBOUFdbqqzkAYfNJ+p14AJT1XfdIOIbJZLz/+WleTDBzU3EIX nNbg== X-Gm-Message-State: APjAAAXYypXiH9NArv9YH35nJLaRviGnbFNubq5oM+CWFhom7t7t6bKS XBMdYBjPeawxnG32JqYaacow7L+U17M= X-Google-Smtp-Source: APXvYqzpAXr0KeTyldyKJC+0VaDhf8Jh/Cpe3Vxg9V5njSlEgIl0CE3ir/LWLRCbrHEJfJOGpUelAw== X-Received: by 2002:a05:620a:11:: with SMTP id j17mr51585630qki.111.1555197461178; Sat, 13 Apr 2019 16:17:41 -0700 (PDT) Received: from localhost ([177.183.215.126]) by smtp.gmail.com with ESMTPSA id m41sm29828364qtb.58.2019.04.13.16.17.40 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 16:17:40 -0700 (PDT) From: Flavio Leitner To: netdev@vger.kernel.org Cc: Joe Stringer , Pravin B Shelar , dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH net-next v2 5/8] netfilter: nf_nat: register irc NAT helper. Date: Sat, 13 Apr 2019 20:17:13 -0300 Message-Id: <20190413231716.28711-6-fbl@redhat.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190413231716.28711-1-fbl@redhat.com> References: <20190413231716.28711-1-fbl@redhat.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Signed-off-by: Flavio Leitner --- net/netfilter/nf_nat_irc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) V2 - defined NAT_HELPER_NAME for consistency. - C99 static change. - renamed the variables to be nat_helper.* diff --git a/net/netfilter/nf_nat_irc.c b/net/netfilter/nf_nat_irc.c index 6c06e997395f..d87cbe5e03ec 100644 --- a/net/netfilter/nf_nat_irc.c +++ b/net/netfilter/nf_nat_irc.c @@ -23,10 +23,15 @@ #include #include +#define NAT_HELPER_NAME "irc" + MODULE_AUTHOR("Harald Welte "); MODULE_DESCRIPTION("IRC (DCC) NAT helper"); MODULE_LICENSE("GPL"); -MODULE_ALIAS_NF_NAT_HELPER("irc"); +MODULE_ALIAS_NF_NAT_HELPER(NAT_HELPER_NAME); + +static struct nf_conntrack_nat_helper nat_helper_irc = + NF_CT_NAT_HELPER_INIT(NAT_HELPER_NAME); static unsigned int help(struct sk_buff *skb, enum ip_conntrack_info ctinfo, @@ -96,6 +101,7 @@ static unsigned int help(struct sk_buff *skb, static void __exit nf_nat_irc_fini(void) { + nf_nat_helper_unregister(&nat_helper_irc); RCU_INIT_POINTER(nf_nat_irc_hook, NULL); synchronize_rcu(); } @@ -103,6 +109,7 @@ static void __exit nf_nat_irc_fini(void) static int __init nf_nat_irc_init(void) { BUG_ON(nf_nat_irc_hook != NULL); + nf_nat_helper_register(&nat_helper_irc); RCU_INIT_POINTER(nf_nat_irc_hook, help); return 0; } From patchwork Sat Apr 13 23:17:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flavio Leitner X-Patchwork-Id: 1085243 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44hVzh0kNWz9s5c for ; Sun, 14 Apr 2019 09:17:52 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727306AbfDMXRu (ORCPT ); Sat, 13 Apr 2019 19:17:50 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:46713 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727280AbfDMXRp (ORCPT ); Sat, 13 Apr 2019 19:17:45 -0400 Received: by mail-qt1-f194.google.com with SMTP id z17so15276350qts.13 for ; Sat, 13 Apr 2019 16:17:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=cVVlrMtEq71l+ytxp0UxxU7cwoyJxf2POBEVZ+nsxP8=; b=bYUdkOSvS38JIhn/pByH2vDRsH/93Gvf5yPLcQvV0FHaZeb/ejdypungrPSpF5cXsk B4/OsVIWPPYcqvlusUnXuYijO7wDeUzOtudcNaJRsLfJilso5wDLgNd/CJCgkEZlPhce Q6kga5ZtSJzHiQHY7yEE9A4aA+5F1N+4eSR8BLTjWQrN7nqNH50uL6QrUxKXWUkOVV1F K4enBLVmmOzLWN74nBRUU1GCmJr/tqF3escioHZTjcazMXAxIZGGXsBHU+Y7wJa/agDY 8crvmSMsuWaouEwbUQRmTIqOUDcIwNAl259zecaL1n/BkGlA++dY5NdtAb8ydbqRGn9/ iQGw== X-Gm-Message-State: APjAAAXF8o2dNnezHuuqlWBJFWxqIVQTbucjU70Wm1Oo8vZuTgs1guUE 8SdE4+OzI9P6ookcDi1dXWzB2RQHikY= X-Google-Smtp-Source: APXvYqzLe2nPXb4RKFmDL1OYBPtGAFyJUKSnoFo/QXjG4ZG0ZqzD5oeODicQkLoo5aHUmcsAfretJg== X-Received: by 2002:ac8:538c:: with SMTP id x12mr51650438qtp.238.1555197464062; Sat, 13 Apr 2019 16:17:44 -0700 (PDT) Received: from localhost ([177.183.215.126]) by smtp.gmail.com with ESMTPSA id h187sm26689398qkf.97.2019.04.13.16.17.43 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 16:17:43 -0700 (PDT) From: Flavio Leitner To: netdev@vger.kernel.org Cc: Joe Stringer , Pravin B Shelar , dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH net-next v2 6/8] netfilter: nf_nat: register sip NAT helper. Date: Sat, 13 Apr 2019 20:17:14 -0300 Message-Id: <20190413231716.28711-7-fbl@redhat.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190413231716.28711-1-fbl@redhat.com> References: <20190413231716.28711-1-fbl@redhat.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Signed-off-by: Flavio Leitner --- net/netfilter/nf_nat_sip.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) V2 - defined NAT_HELPER_NAME for consistency. - C99 static change. - renamed the variables to be nat_helper.* diff --git a/net/netfilter/nf_nat_sip.c b/net/netfilter/nf_nat_sip.c index f1f007d9484c..464387b3600f 100644 --- a/net/netfilter/nf_nat_sip.c +++ b/net/netfilter/nf_nat_sip.c @@ -24,11 +24,15 @@ #include #include +#define NAT_HELPER_NAME "sip" + MODULE_LICENSE("GPL"); MODULE_AUTHOR("Christian Hentschel "); MODULE_DESCRIPTION("SIP NAT helper"); -MODULE_ALIAS_NF_NAT_HELPER("sip"); +MODULE_ALIAS_NF_NAT_HELPER(NAT_HELPER_NAME); +static struct nf_conntrack_nat_helper nat_helper_sip = + NF_CT_NAT_HELPER_INIT(NAT_HELPER_NAME); static unsigned int mangle_packet(struct sk_buff *skb, unsigned int protoff, unsigned int dataoff, @@ -656,8 +660,8 @@ static struct nf_ct_helper_expectfn sip_nat = { static void __exit nf_nat_sip_fini(void) { + nf_nat_helper_unregister(&nat_helper_sip); RCU_INIT_POINTER(nf_nat_sip_hooks, NULL); - nf_ct_helper_expectfn_unregister(&sip_nat); synchronize_rcu(); } @@ -675,6 +679,7 @@ static const struct nf_nat_sip_hooks sip_hooks = { static int __init nf_nat_sip_init(void) { BUG_ON(nf_nat_sip_hooks != NULL); + nf_nat_helper_register(&nat_helper_sip); RCU_INIT_POINTER(nf_nat_sip_hooks, &sip_hooks); nf_ct_helper_expectfn_register(&sip_nat); return 0; From patchwork Sat Apr 13 23:17:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flavio Leitner X-Patchwork-Id: 1085242 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44hVzg4g4Yz9s55 for ; Sun, 14 Apr 2019 09:17:51 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727263AbfDMXRt (ORCPT ); Sat, 13 Apr 2019 19:17:49 -0400 Received: from mail-qt1-f193.google.com ([209.85.160.193]:45973 "EHLO mail-qt1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727286AbfDMXRr (ORCPT ); Sat, 13 Apr 2019 19:17:47 -0400 Received: by mail-qt1-f193.google.com with SMTP id v20so15299327qtv.12 for ; Sat, 13 Apr 2019 16:17:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=irbwC3lTivW5B2mREALIDAkZHTP4aRfG1KgtR00sTg4=; b=Kh8egbreD2/UUV5l/R65bVynIgch9gycp+MNZYTwmpHzON4vDsX9cvFVmPrVVgP8HJ dXDUELHMJCTi3/FL27ciis2mGgKLIC3uGFHXWkF7zA4D9Nv67TtoeAOkofSm5i3bNLYG vVcg1k1VsyobP+srhaIplA5qvox7Rts6HfSKPK5utJro+fOAxKo0TYY/XFTbNjmX5eh9 +xrQ2G6+cdJ/QXJiO1w2jkITEvgWeX+spbFiBl+gHuPbsNmk6zOze6xVjHKSEY26LPGu oKE4yd20FS/wVG1P8E7Rd1VOZqm6faOORppqCCdLoiPbbuT8tXgS0s4d1lZlJ9yE7p9L FUDg== X-Gm-Message-State: APjAAAVmc2hz2MTuvLkcOw6jHnzpefCkK+dhGT5hni8KU0oVwn4AS6sT oORLOetvcmAbpY1yyY3+kYbsdy7MzOo= X-Google-Smtp-Source: APXvYqy1kiGUq86FAxFGq5uoclmikTJxuueQowyM/sNyrbt7jUWwgpJI8HLUXv+fvZHUWfzmUtuvcw== X-Received: by 2002:ac8:26e7:: with SMTP id 36mr54189752qtp.37.1555197466951; Sat, 13 Apr 2019 16:17:46 -0700 (PDT) Received: from localhost ([177.183.215.126]) by smtp.gmail.com with ESMTPSA id d34sm32905749qta.18.2019.04.13.16.17.46 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 16:17:46 -0700 (PDT) From: Flavio Leitner To: netdev@vger.kernel.org Cc: Joe Stringer , Pravin B Shelar , dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH net-next v2 7/8] netfilter: nf_nat: register tftp NAT helper. Date: Sat, 13 Apr 2019 20:17:15 -0300 Message-Id: <20190413231716.28711-8-fbl@redhat.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190413231716.28711-1-fbl@redhat.com> References: <20190413231716.28711-1-fbl@redhat.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Signed-off-by: Flavio Leitner --- net/netfilter/nf_nat_tftp.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) V2 - defined NAT_HELPER_NAME for consistency. - C99 static change. - renamed the variables to be nat_helper.* diff --git a/net/netfilter/nf_nat_tftp.c b/net/netfilter/nf_nat_tftp.c index dd3a835c111d..e633b3863e33 100644 --- a/net/netfilter/nf_nat_tftp.c +++ b/net/netfilter/nf_nat_tftp.c @@ -13,10 +13,15 @@ #include #include +#define NAT_HELPER_NAME "tftp" + MODULE_AUTHOR("Magnus Boden "); MODULE_DESCRIPTION("TFTP NAT helper"); MODULE_LICENSE("GPL"); -MODULE_ALIAS_NF_NAT_HELPER("tftp"); +MODULE_ALIAS_NF_NAT_HELPER(NAT_HELPER_NAME); + +static struct nf_conntrack_nat_helper nat_helper_tftp = + NF_CT_NAT_HELPER_INIT(NAT_HELPER_NAME); static unsigned int help(struct sk_buff *skb, enum ip_conntrack_info ctinfo, @@ -37,6 +42,7 @@ static unsigned int help(struct sk_buff *skb, static void __exit nf_nat_tftp_fini(void) { + nf_nat_helper_unregister(&nat_helper_tftp); RCU_INIT_POINTER(nf_nat_tftp_hook, NULL); synchronize_rcu(); } @@ -44,6 +50,7 @@ static void __exit nf_nat_tftp_fini(void) static int __init nf_nat_tftp_init(void) { BUG_ON(nf_nat_tftp_hook != NULL); + nf_nat_helper_register(&nat_helper_tftp); RCU_INIT_POINTER(nf_nat_tftp_hook, help); return 0; } From patchwork Sat Apr 13 23:17:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Flavio Leitner X-Patchwork-Id: 1085244 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=redhat.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44hVzj3KJzz9s55 for ; Sun, 14 Apr 2019 09:17:53 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727314AbfDMXRw (ORCPT ); Sat, 13 Apr 2019 19:17:52 -0400 Received: from mail-qt1-f194.google.com ([209.85.160.194]:45976 "EHLO mail-qt1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727298AbfDMXRu (ORCPT ); Sat, 13 Apr 2019 19:17:50 -0400 Received: by mail-qt1-f194.google.com with SMTP id v20so15299369qtv.12 for ; Sat, 13 Apr 2019 16:17:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WrUAfwxZ2mJ3qV2MjFj4BVzVMvakjdsw0TP7GyHfTqY=; b=RP1yZ4NpFsEzdESCKhjlPjrkvu7F+sTgjJLdBaoCsHd6B9Ft/Ce0p5u4LViuLP8cEX tQY8kfoIdysAxpr5reOlgoAFSI+TsDdYo0Iu2rIVyBqTITogFMDKrj79612tiIjwD+8t /xPCpcy0KX9z5ZKpiNE16VxsiiUizoxfp4uSqc1hbm8Ridbfhp/S2QBUlhuQ9TZ9hx8Y ELV17M0rc29cCpJzIeTw/UowQV/Wfp57Ati9X8lTEzz/4GR77Baa+DpgBwvZjZPvMI5m teKL5tJ/aEA/MWT5apWJlUcM9eix4oOyLmuIOzRAgJM1ffVNih/DgjKsSoEsZertMnyV YpeA== X-Gm-Message-State: APjAAAXYVNxwRmeQrn6JUOXHyP8N/lKCC4O10L9chFGqAck2DnPvoCrU 2NFsAVJPy+i1TzNnidlZiTNotM+JXlU= X-Google-Smtp-Source: APXvYqyLpkvsK4sYukxC4AYYUI8gERR+poKeVwALp3lQkI13iE5IPUi6VZYF+GFvAU+EiuH24/Lp1g== X-Received: by 2002:ac8:75ca:: with SMTP id z10mr53782084qtq.224.1555197469793; Sat, 13 Apr 2019 16:17:49 -0700 (PDT) Received: from localhost ([177.183.215.126]) by smtp.gmail.com with ESMTPSA id q75sm25732439qke.17.2019.04.13.16.17.48 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 13 Apr 2019 16:17:49 -0700 (PDT) From: Flavio Leitner To: netdev@vger.kernel.org Cc: Joe Stringer , Pravin B Shelar , dev@openvswitch.org, netfilter-devel@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH net-next v2 8/8] openvswitch: load and reference the NAT helper. Date: Sat, 13 Apr 2019 20:17:16 -0300 Message-Id: <20190413231716.28711-9-fbl@redhat.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190413231716.28711-1-fbl@redhat.com> References: <20190413231716.28711-1-fbl@redhat.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This improves the original commit 17c357efe5ec ("openvswitch: load NAT helper") where it unconditionally tries to load the module for every flow using NAT, so not efficient when loading multiple flows. It also doesn't hold any references to the NAT module while the flow is active. This change fixes those problems. It will try to load the module only if it's not present. It grabs a reference to the NAT module and holds it while the flow is active. Finally, an error message shows up if either actions above fails. Fixes: 17c357efe5ec ("openvswitch: load NAT helper") Signed-off-by: Flavio Leitner --- net/openvswitch/conntrack.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) V2 - updated with new functions names. diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 0be3ab5bde26..c4dad6d8869b 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -1307,6 +1307,7 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, { struct nf_conntrack_helper *helper; struct nf_conn_help *help; + int ret = 0; helper = nf_conntrack_helper_try_module_get(name, info->family, key->ip.proto); @@ -1321,13 +1322,21 @@ static int ovs_ct_add_helper(struct ovs_conntrack_info *info, const char *name, return -ENOMEM; } +#ifdef CONFIG_NF_NAT_NEEDED + if (info->nat) { + ret = nf_nat_helper_try_module_get(name, info->family, + key->ip.proto); + if (ret) { + nf_conntrack_helper_put(helper); + OVS_NLERR(log, "Failed to load \"%s\" NAT helper, err: %d", + name, ret); + return ret; + } + } +#endif rcu_assign_pointer(help->helper, helper); info->helper = helper; - - if (info->nat) - request_module("ip_nat_%s", name); - - return 0; + return ret; } #ifdef CONFIG_NF_NAT_NEEDED @@ -1801,8 +1810,13 @@ void ovs_ct_free_action(const struct nlattr *a) static void __ovs_ct_free_action(struct ovs_conntrack_info *ct_info) { - if (ct_info->helper) + if (ct_info->helper) { +#ifdef CONFIG_NF_NAT_NEEDED + if (ct_info->nat) + nf_nat_helper_put(ct_info->helper); +#endif nf_conntrack_helper_put(ct_info->helper); + } if (ct_info->ct) { if (ct_info->timeout[0]) nf_ct_destroy_timeout(ct_info->ct);