1 /* Connection tracking via netlink socket. Allows for user space
2 * protocol helpers and general trouble making from userspace.
4 * (C) 2001 by Jay Schulist <jschlst@samba.org>
5 * (C) 2002-2005 by Harald Welte <laforge@gnumonks.org>
6 * (C) 2003 by Patrick Mchardy <kaber@trash.net>
7 * (C) 2005 by Pablo Neira Ayuso <pablo@eurodev.net>
9 * I've reworked this stuff to use attributes instead of conntrack
10 * structures. 5.44 am. I need more tea. --pablo 05/07/11.
12 * Initial connection tracking via netlink development funded and
13 * generally made possible by Network Robots, Inc. (www.networkrobots.com)
15 * Further development of this code funded by Astaro AG (http://www.astaro.com)
17 * This software may be used and distributed according to the terms
18 * of the GNU General Public License, incorporated herein by reference.
21 #include <linux/init.h>
22 #include <linux/module.h>
23 #include <linux/kernel.h>
24 #include <linux/types.h>
25 #include <linux/timer.h>
26 #include <linux/skbuff.h>
27 #include <linux/errno.h>
28 #include <linux/netlink.h>
29 #include <linux/spinlock.h>
30 #include <linux/interrupt.h>
31 #include <linux/notifier.h>
33 #include <linux/netfilter.h>
34 #include <linux/netfilter_ipv4/ip_conntrack.h>
35 #include <linux/netfilter_ipv4/ip_conntrack_core.h>
36 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
37 #include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
38 #include <linux/netfilter_ipv4/ip_nat_protocol.h>
40 #include <linux/netfilter/nfnetlink.h>
41 #include <linux/netfilter/nfnetlink_conntrack.h>
43 MODULE_LICENSE("GPL");
45 static char __initdata version[] = "0.90";
50 #define DEBUGP(format, args...)
55 ctnetlink_dump_tuples_proto(struct sk_buff *skb,
56 const struct ip_conntrack_tuple *tuple)
58 struct ip_conntrack_protocol *proto;
61 NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);
63 /* If no protocol helper is found, this function will return the
64 * generic protocol helper, so proto won't *ever* be NULL */
65 proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
66 if (likely(proto->tuple_to_nfattr))
67 ret = proto->tuple_to_nfattr(skb, tuple);
69 ip_conntrack_proto_put(proto);
78 ctnetlink_dump_tuples(struct sk_buff *skb,
79 const struct ip_conntrack_tuple *tuple)
81 struct nfattr *nest_parms;
84 nest_parms = NFA_NEST(skb, CTA_TUPLE_IP);
85 NFA_PUT(skb, CTA_IP_V4_SRC, sizeof(u_int32_t), &tuple->src.ip);
86 NFA_PUT(skb, CTA_IP_V4_DST, sizeof(u_int32_t), &tuple->dst.ip);
87 NFA_NEST_END(skb, nest_parms);
89 nest_parms = NFA_NEST(skb, CTA_TUPLE_PROTO);
90 ret = ctnetlink_dump_tuples_proto(skb, tuple);
91 NFA_NEST_END(skb, nest_parms);
100 ctnetlink_dump_status(struct sk_buff *skb, const struct ip_conntrack *ct)
102 u_int32_t status = htonl((u_int32_t) ct->status);
103 NFA_PUT(skb, CTA_STATUS, sizeof(status), &status);
111 ctnetlink_dump_timeout(struct sk_buff *skb, const struct ip_conntrack *ct)
113 long timeout_l = ct->timeout.expires - jiffies;
119 timeout = htonl(timeout_l / HZ);
121 NFA_PUT(skb, CTA_TIMEOUT, sizeof(timeout), &timeout);
129 ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct ip_conntrack *ct)
131 struct ip_conntrack_protocol *proto = ip_conntrack_proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum);
133 struct nfattr *nest_proto;
136 if (!proto->to_nfattr) {
137 ip_conntrack_proto_put(proto);
141 nest_proto = NFA_NEST(skb, CTA_PROTOINFO);
143 ret = proto->to_nfattr(skb, nest_proto, ct);
145 ip_conntrack_proto_put(proto);
147 NFA_NEST_END(skb, nest_proto);
156 ctnetlink_dump_helpinfo(struct sk_buff *skb, const struct ip_conntrack *ct)
158 struct nfattr *nest_helper;
163 nest_helper = NFA_NEST(skb, CTA_HELP);
164 NFA_PUT(skb, CTA_HELP_NAME, strlen(ct->helper->name), ct->helper->name);
166 if (ct->helper->to_nfattr)
167 ct->helper->to_nfattr(skb, ct);
169 NFA_NEST_END(skb, nest_helper);
177 #ifdef CONFIG_IP_NF_CT_ACCT
179 ctnetlink_dump_counters(struct sk_buff *skb, const struct ip_conntrack *ct,
180 enum ip_conntrack_dir dir)
182 enum ctattr_type type = dir ? CTA_COUNTERS_REPLY: CTA_COUNTERS_ORIG;
183 struct nfattr *nest_count = NFA_NEST(skb, type);
186 tmp = htonl(ct->counters[dir].packets);
187 NFA_PUT(skb, CTA_COUNTERS32_PACKETS, sizeof(u_int32_t), &tmp);
189 tmp = htonl(ct->counters[dir].bytes);
190 NFA_PUT(skb, CTA_COUNTERS32_BYTES, sizeof(u_int32_t), &tmp);
192 NFA_NEST_END(skb, nest_count);
200 #define ctnetlink_dump_counters(a, b, c) (0)
203 #ifdef CONFIG_IP_NF_CONNTRACK_MARK
205 ctnetlink_dump_mark(struct sk_buff *skb, const struct ip_conntrack *ct)
207 u_int32_t mark = htonl(ct->mark);
209 NFA_PUT(skb, CTA_MARK, sizeof(u_int32_t), &mark);
216 #define ctnetlink_dump_mark(a, b) (0)
220 ctnetlink_dump_id(struct sk_buff *skb, const struct ip_conntrack *ct)
222 u_int32_t id = htonl(ct->id);
223 NFA_PUT(skb, CTA_ID, sizeof(u_int32_t), &id);
231 ctnetlink_dump_use(struct sk_buff *skb, const struct ip_conntrack *ct)
233 u_int32_t use = htonl(atomic_read(&ct->ct_general.use));
235 NFA_PUT(skb, CTA_USE, sizeof(u_int32_t), &use);
242 #define tuple(ct, dir) (&(ct)->tuplehash[dir].tuple)
245 ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
246 int event, int nowait,
247 const struct ip_conntrack *ct)
249 struct nlmsghdr *nlh;
250 struct nfgenmsg *nfmsg;
251 struct nfattr *nest_parms;
256 event |= NFNL_SUBSYS_CTNETLINK << 8;
257 nlh = NLMSG_PUT(skb, pid, seq, event, sizeof(struct nfgenmsg));
258 nfmsg = NLMSG_DATA(nlh);
260 nlh->nlmsg_flags = (nowait && pid) ? NLM_F_MULTI : 0;
261 nfmsg->nfgen_family = AF_INET;
262 nfmsg->version = NFNETLINK_V0;
265 nest_parms = NFA_NEST(skb, CTA_TUPLE_ORIG);
266 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
268 NFA_NEST_END(skb, nest_parms);
270 nest_parms = NFA_NEST(skb, CTA_TUPLE_REPLY);
271 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0)
273 NFA_NEST_END(skb, nest_parms);
275 if (ctnetlink_dump_status(skb, ct) < 0 ||
276 ctnetlink_dump_timeout(skb, ct) < 0 ||
277 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
278 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0 ||
279 ctnetlink_dump_protoinfo(skb, ct) < 0 ||
280 ctnetlink_dump_helpinfo(skb, ct) < 0 ||
281 ctnetlink_dump_mark(skb, ct) < 0 ||
282 ctnetlink_dump_id(skb, ct) < 0 ||
283 ctnetlink_dump_use(skb, ct) < 0)
286 nlh->nlmsg_len = skb->tail - b;
291 skb_trim(skb, b - skb->data);
295 #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
296 static int ctnetlink_conntrack_event(struct notifier_block *this,
297 unsigned long events, void *ptr)
299 struct nlmsghdr *nlh;
300 struct nfgenmsg *nfmsg;
301 struct nfattr *nest_parms;
302 struct ip_conntrack *ct = (struct ip_conntrack *)ptr;
306 unsigned int flags = 0, group;
308 /* ignore our fake conntrack entry */
309 if (ct == &ip_conntrack_untracked)
312 if (events & IPCT_DESTROY) {
313 type = IPCTNL_MSG_CT_DELETE;
314 group = NFNLGRP_CONNTRACK_DESTROY;
315 } else if (events & (IPCT_NEW | IPCT_RELATED)) {
316 type = IPCTNL_MSG_CT_NEW;
317 flags = NLM_F_CREATE|NLM_F_EXCL;
318 /* dump everything */
320 group = NFNLGRP_CONNTRACK_NEW;
321 } else if (events & (IPCT_STATUS |
326 type = IPCTNL_MSG_CT_NEW;
327 group = NFNLGRP_CONNTRACK_UPDATE;
331 /* FIXME: Check if there are any listeners before, don't hurt performance */
333 skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
339 type |= NFNL_SUBSYS_CTNETLINK << 8;
340 nlh = NLMSG_PUT(skb, 0, 0, type, sizeof(struct nfgenmsg));
341 nfmsg = NLMSG_DATA(nlh);
343 nlh->nlmsg_flags = flags;
344 nfmsg->nfgen_family = AF_INET;
345 nfmsg->version = NFNETLINK_V0;
348 nest_parms = NFA_NEST(skb, CTA_TUPLE_ORIG);
349 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
351 NFA_NEST_END(skb, nest_parms);
353 nest_parms = NFA_NEST(skb, CTA_TUPLE_REPLY);
354 if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0)
356 NFA_NEST_END(skb, nest_parms);
358 /* NAT stuff is now a status flag */
359 if ((events & IPCT_STATUS || events & IPCT_NATINFO)
360 && ctnetlink_dump_status(skb, ct) < 0)
362 if (events & IPCT_REFRESH
363 && ctnetlink_dump_timeout(skb, ct) < 0)
365 if (events & IPCT_PROTOINFO
366 && ctnetlink_dump_protoinfo(skb, ct) < 0)
368 if (events & IPCT_HELPINFO
369 && ctnetlink_dump_helpinfo(skb, ct) < 0)
372 if (ctnetlink_dump_counters(skb, ct, IP_CT_DIR_ORIGINAL) < 0 ||
373 ctnetlink_dump_counters(skb, ct, IP_CT_DIR_REPLY) < 0)
376 nlh->nlmsg_len = skb->tail - b;
377 nfnetlink_send(skb, 0, group, 0);
385 #endif /* CONFIG_IP_NF_CONNTRACK_EVENTS */
387 static int ctnetlink_done(struct netlink_callback *cb)
389 DEBUGP("entered %s\n", __FUNCTION__);
394 ctnetlink_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
396 struct ip_conntrack *ct = NULL;
397 struct ip_conntrack_tuple_hash *h;
399 u_int32_t *id = (u_int32_t *) &cb->args[1];
401 DEBUGP("entered %s, last bucket=%lu id=%u\n", __FUNCTION__,
404 read_lock_bh(&ip_conntrack_lock);
405 for (; cb->args[0] < ip_conntrack_htable_size; cb->args[0]++, *id = 0) {
406 list_for_each_prev(i, &ip_conntrack_hash[cb->args[0]]) {
407 h = (struct ip_conntrack_tuple_hash *) i;
408 if (DIRECTION(h) != IP_CT_DIR_ORIGINAL)
410 ct = tuplehash_to_ctrack(h);
413 if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
422 read_unlock_bh(&ip_conntrack_lock);
424 DEBUGP("leaving, last bucket=%lu id=%u\n", cb->args[0], *id);
429 #ifdef CONFIG_IP_NF_CT_ACCT
431 ctnetlink_dump_table_w(struct sk_buff *skb, struct netlink_callback *cb)
433 struct ip_conntrack *ct = NULL;
434 struct ip_conntrack_tuple_hash *h;
436 u_int32_t *id = (u_int32_t *) &cb->args[1];
438 DEBUGP("entered %s, last bucket=%u id=%u\n", __FUNCTION__,
441 write_lock_bh(&ip_conntrack_lock);
442 for (; cb->args[0] < ip_conntrack_htable_size; cb->args[0]++, *id = 0) {
443 list_for_each_prev(i, &ip_conntrack_hash[cb->args[0]]) {
444 h = (struct ip_conntrack_tuple_hash *) i;
445 if (DIRECTION(h) != IP_CT_DIR_ORIGINAL)
447 ct = tuplehash_to_ctrack(h);
450 if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
457 memset(&ct->counters, 0, sizeof(ct->counters));
461 write_unlock_bh(&ip_conntrack_lock);
463 DEBUGP("leaving, last bucket=%lu id=%u\n", cb->args[0], *id);
469 static const size_t cta_min_ip[CTA_IP_MAX] = {
470 [CTA_IP_V4_SRC-1] = sizeof(u_int32_t),
471 [CTA_IP_V4_DST-1] = sizeof(u_int32_t),
475 ctnetlink_parse_tuple_ip(struct nfattr *attr, struct ip_conntrack_tuple *tuple)
477 struct nfattr *tb[CTA_IP_MAX];
479 DEBUGP("entered %s\n", __FUNCTION__);
481 nfattr_parse_nested(tb, CTA_IP_MAX, attr);
483 if (nfattr_bad_size(tb, CTA_IP_MAX, cta_min_ip))
486 if (!tb[CTA_IP_V4_SRC-1])
488 tuple->src.ip = *(u_int32_t *)NFA_DATA(tb[CTA_IP_V4_SRC-1]);
490 if (!tb[CTA_IP_V4_DST-1])
492 tuple->dst.ip = *(u_int32_t *)NFA_DATA(tb[CTA_IP_V4_DST-1]);
499 static const size_t cta_min_proto[CTA_PROTO_MAX] = {
500 [CTA_PROTO_NUM-1] = sizeof(u_int8_t),
501 [CTA_PROTO_SRC_PORT-1] = sizeof(u_int16_t),
502 [CTA_PROTO_DST_PORT-1] = sizeof(u_int16_t),
503 [CTA_PROTO_ICMP_TYPE-1] = sizeof(u_int8_t),
504 [CTA_PROTO_ICMP_CODE-1] = sizeof(u_int8_t),
505 [CTA_PROTO_ICMP_ID-1] = sizeof(u_int16_t),
509 ctnetlink_parse_tuple_proto(struct nfattr *attr,
510 struct ip_conntrack_tuple *tuple)
512 struct nfattr *tb[CTA_PROTO_MAX];
513 struct ip_conntrack_protocol *proto;
516 DEBUGP("entered %s\n", __FUNCTION__);
518 nfattr_parse_nested(tb, CTA_PROTO_MAX, attr);
520 if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto))
523 if (!tb[CTA_PROTO_NUM-1])
525 tuple->dst.protonum = *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_NUM-1]);
527 proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
529 if (likely(proto->nfattr_to_tuple))
530 ret = proto->nfattr_to_tuple(tb, tuple);
532 ip_conntrack_proto_put(proto);
538 ctnetlink_parse_tuple(struct nfattr *cda[], struct ip_conntrack_tuple *tuple,
539 enum ctattr_tuple type)
541 struct nfattr *tb[CTA_TUPLE_MAX];
544 DEBUGP("entered %s\n", __FUNCTION__);
546 memset(tuple, 0, sizeof(*tuple));
548 nfattr_parse_nested(tb, CTA_TUPLE_MAX, cda[type-1]);
550 if (!tb[CTA_TUPLE_IP-1])
553 err = ctnetlink_parse_tuple_ip(tb[CTA_TUPLE_IP-1], tuple);
557 if (!tb[CTA_TUPLE_PROTO-1])
560 err = ctnetlink_parse_tuple_proto(tb[CTA_TUPLE_PROTO-1], tuple);
564 /* orig and expect tuples get DIR_ORIGINAL */
565 if (type == CTA_TUPLE_REPLY)
566 tuple->dst.dir = IP_CT_DIR_REPLY;
568 tuple->dst.dir = IP_CT_DIR_ORIGINAL;
577 #ifdef CONFIG_IP_NF_NAT_NEEDED
578 static const size_t cta_min_protonat[CTA_PROTONAT_MAX] = {
579 [CTA_PROTONAT_PORT_MIN-1] = sizeof(u_int16_t),
580 [CTA_PROTONAT_PORT_MAX-1] = sizeof(u_int16_t),
583 static int ctnetlink_parse_nat_proto(struct nfattr *attr,
584 const struct ip_conntrack *ct,
585 struct ip_nat_range *range)
587 struct nfattr *tb[CTA_PROTONAT_MAX];
588 struct ip_nat_protocol *npt;
590 DEBUGP("entered %s\n", __FUNCTION__);
592 nfattr_parse_nested(tb, CTA_PROTONAT_MAX, attr);
594 if (nfattr_bad_size(tb, CTA_PROTONAT_MAX, cta_min_protonat))
597 npt = ip_nat_proto_find_get(ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum);
599 if (!npt->nfattr_to_range) {
600 ip_nat_proto_put(npt);
604 /* nfattr_to_range returns 1 if it parsed, 0 if not, neg. on error */
605 if (npt->nfattr_to_range(tb, range) > 0)
606 range->flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
608 ip_nat_proto_put(npt);
614 static const size_t cta_min_nat[CTA_NAT_MAX] = {
615 [CTA_NAT_MINIP-1] = sizeof(u_int32_t),
616 [CTA_NAT_MAXIP-1] = sizeof(u_int32_t),
620 ctnetlink_parse_nat(struct nfattr *cda[],
621 const struct ip_conntrack *ct, struct ip_nat_range *range)
623 struct nfattr *tb[CTA_NAT_MAX];
626 DEBUGP("entered %s\n", __FUNCTION__);
628 memset(range, 0, sizeof(*range));
630 nfattr_parse_nested(tb, CTA_NAT_MAX, cda[CTA_NAT-1]);
632 if (nfattr_bad_size(tb, CTA_NAT_MAX, cta_min_nat))
635 if (tb[CTA_NAT_MINIP-1])
636 range->min_ip = *(u_int32_t *)NFA_DATA(tb[CTA_NAT_MINIP-1]);
638 if (!tb[CTA_NAT_MAXIP-1])
639 range->max_ip = range->min_ip;
641 range->max_ip = *(u_int32_t *)NFA_DATA(tb[CTA_NAT_MAXIP-1]);
644 range->flags |= IP_NAT_RANGE_MAP_IPS;
646 if (!tb[CTA_NAT_PROTO-1])
649 err = ctnetlink_parse_nat_proto(tb[CTA_NAT_PROTO-1], ct, range);
659 ctnetlink_parse_help(struct nfattr *attr, char **helper_name)
661 struct nfattr *tb[CTA_HELP_MAX];
663 DEBUGP("entered %s\n", __FUNCTION__);
665 nfattr_parse_nested(tb, CTA_HELP_MAX, attr);
667 if (!tb[CTA_HELP_NAME-1])
670 *helper_name = NFA_DATA(tb[CTA_HELP_NAME-1]);
675 static const size_t cta_min[CTA_MAX] = {
676 [CTA_STATUS-1] = sizeof(u_int32_t),
677 [CTA_TIMEOUT-1] = sizeof(u_int32_t),
678 [CTA_MARK-1] = sizeof(u_int32_t),
679 [CTA_USE-1] = sizeof(u_int32_t),
680 [CTA_ID-1] = sizeof(u_int32_t)
684 ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
685 struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
687 struct ip_conntrack_tuple_hash *h;
688 struct ip_conntrack_tuple tuple;
689 struct ip_conntrack *ct;
692 DEBUGP("entered %s\n", __FUNCTION__);
694 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
697 if (cda[CTA_TUPLE_ORIG-1])
698 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG);
699 else if (cda[CTA_TUPLE_REPLY-1])
700 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY);
702 /* Flush the whole table */
703 ip_conntrack_flush();
710 h = ip_conntrack_find_get(&tuple, NULL);
712 DEBUGP("tuple not found in conntrack hash\n");
716 ct = tuplehash_to_ctrack(h);
719 u_int32_t id = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_ID-1]));
721 ip_conntrack_put(ct);
725 if (del_timer(&ct->timeout))
726 ct->timeout.function((unsigned long)ct);
728 ip_conntrack_put(ct);
735 ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
736 struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
738 struct ip_conntrack_tuple_hash *h;
739 struct ip_conntrack_tuple tuple;
740 struct ip_conntrack *ct;
741 struct sk_buff *skb2 = NULL;
744 DEBUGP("entered %s\n", __FUNCTION__);
746 if (nlh->nlmsg_flags & NLM_F_DUMP) {
747 struct nfgenmsg *msg = NLMSG_DATA(nlh);
750 if (msg->nfgen_family != AF_INET)
751 return -EAFNOSUPPORT;
753 if (NFNL_MSG_TYPE(nlh->nlmsg_type) ==
754 IPCTNL_MSG_CT_GET_CTRZERO) {
755 #ifdef CONFIG_IP_NF_CT_ACCT
756 if ((*errp = netlink_dump_start(ctnl, skb, nlh,
757 ctnetlink_dump_table_w,
758 ctnetlink_done)) != 0)
764 if ((*errp = netlink_dump_start(ctnl, skb, nlh,
765 ctnetlink_dump_table,
766 ctnetlink_done)) != 0)
770 rlen = NLMSG_ALIGN(nlh->nlmsg_len);
777 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
780 if (cda[CTA_TUPLE_ORIG-1])
781 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_ORIG);
782 else if (cda[CTA_TUPLE_REPLY-1])
783 err = ctnetlink_parse_tuple(cda, &tuple, CTA_TUPLE_REPLY);
790 h = ip_conntrack_find_get(&tuple, NULL);
792 DEBUGP("tuple not found in conntrack hash");
795 DEBUGP("tuple found\n");
796 ct = tuplehash_to_ctrack(h);
799 skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
801 ip_conntrack_put(ct);
804 NETLINK_CB(skb2).dst_pid = NETLINK_CB(skb).pid;
806 err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq,
807 IPCTNL_MSG_CT_NEW, 1, ct);
808 ip_conntrack_put(ct);
812 err = netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
826 ctnetlink_change_status(struct ip_conntrack *ct, struct nfattr *cda[])
829 unsigned status = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_STATUS-1]));
830 d = ct->status ^ status;
832 if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING))
836 if (d & IPS_SEEN_REPLY && !(status & IPS_SEEN_REPLY))
837 /* SEEN_REPLY bit can only be set */
841 if (d & IPS_ASSURED && !(status & IPS_ASSURED))
842 /* ASSURED bit can only be set */
845 if (cda[CTA_NAT-1]) {
846 #ifndef CONFIG_IP_NF_NAT_NEEDED
849 unsigned int hooknum;
850 struct ip_nat_range range;
852 if (ctnetlink_parse_nat(cda, ct, &range) < 0)
855 DEBUGP("NAT: %u.%u.%u.%u-%u.%u.%u.%u:%u-%u\n",
856 NIPQUAD(range.min_ip), NIPQUAD(range.max_ip),
857 htons(range.min.all), htons(range.max.all));
859 /* This is tricky but it works. ip_nat_setup_info needs the
860 * hook number as parameter, so let's do the correct
861 * conversion and run away */
862 if (status & IPS_SRC_NAT_DONE)
863 hooknum = NF_IP_POST_ROUTING; /* IP_NAT_MANIP_SRC */
864 else if (status & IPS_DST_NAT_DONE)
865 hooknum = NF_IP_PRE_ROUTING; /* IP_NAT_MANIP_DST */
867 return -EINVAL; /* Missing NAT flags */
869 DEBUGP("NAT status: %lu\n",
870 status & (IPS_NAT_MASK | IPS_NAT_DONE_MASK));
872 if (ip_nat_initialized(ct, HOOK2MANIP(hooknum)))
874 ip_nat_setup_info(ct, &range, hooknum);
876 DEBUGP("NAT status after setup_info: %lu\n",
877 ct->status & (IPS_NAT_MASK | IPS_NAT_DONE_MASK));
881 /* Be careful here, modifying NAT bits can screw up things,
882 * so don't let users modify them directly if they don't pass
884 ct->status |= status & ~(IPS_NAT_DONE_MASK | IPS_NAT_MASK);
890 ctnetlink_change_helper(struct ip_conntrack *ct, struct nfattr *cda[])
892 struct ip_conntrack_helper *helper;
896 DEBUGP("entered %s\n", __FUNCTION__);
898 /* don't change helper of sibling connections */
902 err = ctnetlink_parse_help(cda[CTA_HELP-1], &helpname);
906 helper = __ip_conntrack_helper_find_byname(helpname);
908 if (!strcmp(helpname, ""))
916 /* we had a helper before ... */
917 ip_ct_remove_expectations(ct);
920 /* need to zero data of old helper */
921 memset(&ct->help, 0, sizeof(ct->help));
931 ctnetlink_change_timeout(struct ip_conntrack *ct, struct nfattr *cda[])
933 u_int32_t timeout = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_TIMEOUT-1]));
935 if (!del_timer(&ct->timeout))
938 ct->timeout.expires = jiffies + timeout * HZ;
939 add_timer(&ct->timeout);
945 ctnetlink_change_protoinfo(struct ip_conntrack *ct, struct nfattr *cda[])
947 struct nfattr *tb[CTA_PROTOINFO_MAX], *attr = cda[CTA_PROTOINFO-1];
948 struct ip_conntrack_protocol *proto;
949 u_int16_t npt = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum;
952 nfattr_parse_nested(tb, CTA_PROTOINFO_MAX, attr);
954 proto = ip_conntrack_proto_find_get(npt);
956 if (proto->from_nfattr)
957 err = proto->from_nfattr(tb, ct);
958 ip_conntrack_proto_put(proto);
964 ctnetlink_change_conntrack(struct ip_conntrack *ct, struct nfattr *cda[])
968 DEBUGP("entered %s\n", __FUNCTION__);
970 if (cda[CTA_HELP-1]) {
971 err = ctnetlink_change_helper(ct, cda);
976 if (cda[CTA_TIMEOUT-1]) {
977 err = ctnetlink_change_timeout(ct, cda);
982 if (cda[CTA_STATUS-1]) {
983 err = ctnetlink_change_status(ct, cda);
988 if (cda[CTA_PROTOINFO-1]) {
989 err = ctnetlink_change_protoinfo(ct, cda);
994 #if defined(CONFIG_IP_NF_CONNTRACK_MARK)
996 ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
999 DEBUGP("all done\n");
1004 ctnetlink_create_conntrack(struct nfattr *cda[],
1005 struct ip_conntrack_tuple *otuple,
1006 struct ip_conntrack_tuple *rtuple)
1008 struct ip_conntrack *ct;
1011 DEBUGP("entered %s\n", __FUNCTION__);
1013 ct = ip_conntrack_alloc(otuple, rtuple);
1014 if (ct == NULL || IS_ERR(ct))
1017 if (!cda[CTA_TIMEOUT-1])
1019 ct->timeout.expires = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_TIMEOUT-1]));
1021 ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
1022 ct->status |= IPS_CONFIRMED;
1024 err = ctnetlink_change_status(ct, cda);
1028 if (cda[CTA_PROTOINFO-1]) {
1029 err = ctnetlink_change_protoinfo(ct, cda);
1034 #if defined(CONFIG_IP_NF_CONNTRACK_MARK)
1035 if (cda[CTA_MARK-1])
1036 ct->mark = ntohl(*(u_int32_t *)NFA_DATA(cda[CTA_MARK-1]));
1039 ct->helper = ip_conntrack_helper_find_get(rtuple);
1041 add_timer(&ct->timeout);
1042 ip_conntrack_hash_insert(ct);
1045 ip_conntrack_helper_put(ct->helper);
1047 DEBUGP("conntrack with id %u inserted\n", ct->id);
1051 ip_conntrack_free(ct);
1056 ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1057 struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
1059 struct ip_conntrack_tuple otuple, rtuple;
1060 struct ip_conntrack_tuple_hash *h = NULL;
1063 DEBUGP("entered %s\n", __FUNCTION__);
1065 if (nfattr_bad_size(cda, CTA_MAX, cta_min))
1068 if (cda[CTA_TUPLE_ORIG-1]) {
1069 err = ctnetlink_parse_tuple(cda, &otuple, CTA_TUPLE_ORIG);
1074 if (cda[CTA_TUPLE_REPLY-1]) {
1075 err = ctnetlink_parse_tuple(cda, &rtuple, CTA_TUPLE_REPLY);
1080 write_lock_bh(&ip_conntrack_lock);
1081 if (cda[CTA_TUPLE_ORIG-1])
1082 h = __ip_conntrack_find(&otuple, NULL);
1083 else if (cda[CTA_TUPLE_REPLY-1])
1084 h = __ip_conntrack_find(&rtuple, NULL);
1087 write_unlock_bh(&ip_conntrack_lock);
1088 DEBUGP("no such conntrack, create new\n");
1090 if (nlh->nlmsg_flags & NLM_F_CREATE)
1091 err = ctnetlink_create_conntrack(cda, &otuple, &rtuple);
1094 /* implicit 'else' */
1096 /* we only allow nat config for new conntracks */
1097 if (cda[CTA_NAT-1]) {
1102 /* We manipulate the conntrack inside the global conntrack table lock,
1103 * so there's no need to increase the refcount */
1104 DEBUGP("conntrack found\n");
1106 if (!(nlh->nlmsg_flags & NLM_F_EXCL))
1107 err = ctnetlink_change_conntrack(tuplehash_to_ctrack(h), cda);
1110 write_unlock_bh(&ip_conntrack_lock);
1114 /***********************************************************************
1116 ***********************************************************************/
1119 ctnetlink_exp_dump_tuple(struct sk_buff *skb,
1120 const struct ip_conntrack_tuple *tuple,
1121 enum ctattr_expect type)
1123 struct nfattr *nest_parms = NFA_NEST(skb, type);
1125 if (ctnetlink_dump_tuples(skb, tuple) < 0)
1126 goto nfattr_failure;
1128 NFA_NEST_END(skb, nest_parms);
1137 ctnetlink_exp_dump_expect(struct sk_buff *skb,
1138 const struct ip_conntrack_expect *exp)
1140 struct ip_conntrack *master = exp->master;
1141 u_int32_t timeout = htonl((exp->timeout.expires - jiffies) / HZ);
1142 u_int32_t id = htonl(exp->id);
1144 if (ctnetlink_exp_dump_tuple(skb, &exp->tuple, CTA_EXPECT_TUPLE) < 0)
1145 goto nfattr_failure;
1146 if (ctnetlink_exp_dump_tuple(skb, &exp->mask, CTA_EXPECT_MASK) < 0)
1147 goto nfattr_failure;
1148 if (ctnetlink_exp_dump_tuple(skb,
1149 &master->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
1150 CTA_EXPECT_MASTER) < 0)
1151 goto nfattr_failure;
1153 NFA_PUT(skb, CTA_EXPECT_TIMEOUT, sizeof(timeout), &timeout);
1154 NFA_PUT(skb, CTA_EXPECT_ID, sizeof(u_int32_t), &id);
1163 ctnetlink_exp_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
1166 const struct ip_conntrack_expect *exp)
1168 struct nlmsghdr *nlh;
1169 struct nfgenmsg *nfmsg;
1174 event |= NFNL_SUBSYS_CTNETLINK_EXP << 8;
1175 nlh = NLMSG_PUT(skb, pid, seq, event, sizeof(struct nfgenmsg));
1176 nfmsg = NLMSG_DATA(nlh);
1178 nlh->nlmsg_flags = (nowait && pid) ? NLM_F_MULTI : 0;
1179 nfmsg->nfgen_family = AF_INET;
1180 nfmsg->version = NFNETLINK_V0;
1183 if (ctnetlink_exp_dump_expect(skb, exp) < 0)
1184 goto nfattr_failure;
1186 nlh->nlmsg_len = skb->tail - b;
1191 skb_trim(skb, b - skb->data);
1195 #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
1196 static int ctnetlink_expect_event(struct notifier_block *this,
1197 unsigned long events, void *ptr)
1199 struct nlmsghdr *nlh;
1200 struct nfgenmsg *nfmsg;
1201 struct ip_conntrack_expect *exp = (struct ip_conntrack_expect *)ptr;
1202 struct sk_buff *skb;
1207 if (events & IPEXP_NEW) {
1208 type = IPCTNL_MSG_EXP_NEW;
1209 flags = NLM_F_CREATE|NLM_F_EXCL;
1213 skb = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
1219 type |= NFNL_SUBSYS_CTNETLINK_EXP << 8;
1220 nlh = NLMSG_PUT(skb, 0, 0, type, sizeof(struct nfgenmsg));
1221 nfmsg = NLMSG_DATA(nlh);
1223 nlh->nlmsg_flags = flags;
1224 nfmsg->nfgen_family = AF_INET;
1225 nfmsg->version = NFNETLINK_V0;
1228 if (ctnetlink_exp_dump_expect(skb, exp) < 0)
1229 goto nfattr_failure;
1231 nlh->nlmsg_len = skb->tail - b;
1232 nfnetlink_send(skb, 0, NFNLGRP_CONNTRACK_EXP_NEW, 0);
1243 ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
1245 struct ip_conntrack_expect *exp = NULL;
1246 struct list_head *i;
1247 u_int32_t *id = (u_int32_t *) &cb->args[0];
1249 DEBUGP("entered %s, last id=%llu\n", __FUNCTION__, *id);
1251 read_lock_bh(&ip_conntrack_lock);
1252 list_for_each_prev(i, &ip_conntrack_expect_list) {
1253 exp = (struct ip_conntrack_expect *) i;
1256 if (ctnetlink_exp_fill_info(skb, NETLINK_CB(cb->skb).pid,
1264 read_unlock_bh(&ip_conntrack_lock);
1266 DEBUGP("leaving, last id=%llu\n", *id);
1271 static const size_t cta_min_exp[CTA_EXPECT_MAX] = {
1272 [CTA_EXPECT_TIMEOUT-1] = sizeof(u_int32_t),
1273 [CTA_EXPECT_ID-1] = sizeof(u_int32_t)
1277 ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
1278 struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
1280 struct ip_conntrack_tuple tuple;
1281 struct ip_conntrack_expect *exp;
1282 struct sk_buff *skb2;
1285 DEBUGP("entered %s\n", __FUNCTION__);
1287 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1290 if (nlh->nlmsg_flags & NLM_F_DUMP) {
1291 struct nfgenmsg *msg = NLMSG_DATA(nlh);
1294 if (msg->nfgen_family != AF_INET)
1295 return -EAFNOSUPPORT;
1297 if ((*errp = netlink_dump_start(ctnl, skb, nlh,
1298 ctnetlink_exp_dump_table,
1299 ctnetlink_done)) != 0)
1301 rlen = NLMSG_ALIGN(nlh->nlmsg_len);
1302 if (rlen > skb->len)
1304 skb_pull(skb, rlen);
1308 if (cda[CTA_EXPECT_MASTER-1])
1309 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_MASTER);
1316 exp = ip_conntrack_expect_find(&tuple);
1320 if (cda[CTA_EXPECT_ID-1]) {
1321 u_int32_t id = *(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1]);
1322 if (exp->id != ntohl(id)) {
1323 ip_conntrack_expect_put(exp);
1329 skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
1332 NETLINK_CB(skb2).dst_pid = NETLINK_CB(skb).pid;
1334 err = ctnetlink_exp_fill_info(skb2, NETLINK_CB(skb).pid,
1335 nlh->nlmsg_seq, IPCTNL_MSG_EXP_NEW,
1340 ip_conntrack_expect_put(exp);
1342 return netlink_unicast(ctnl, skb2, NETLINK_CB(skb).pid, MSG_DONTWAIT);
1347 ip_conntrack_expect_put(exp);
1352 ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
1353 struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
1355 struct ip_conntrack_expect *exp, *tmp;
1356 struct ip_conntrack_tuple tuple;
1357 struct ip_conntrack_helper *h;
1360 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1363 if (cda[CTA_EXPECT_TUPLE-1]) {
1364 /* delete a single expect by tuple */
1365 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE);
1369 /* bump usage count to 2 */
1370 exp = ip_conntrack_expect_find(&tuple);
1374 if (cda[CTA_EXPECT_ID-1]) {
1376 *(u_int32_t *)NFA_DATA(cda[CTA_EXPECT_ID-1]);
1377 if (exp->id != ntohl(id)) {
1378 ip_conntrack_expect_put(exp);
1383 /* after list removal, usage count == 1 */
1384 ip_conntrack_unexpect_related(exp);
1385 /* have to put what we 'get' above.
1386 * after this line usage count == 0 */
1387 ip_conntrack_expect_put(exp);
1388 } else if (cda[CTA_EXPECT_HELP_NAME-1]) {
1389 char *name = NFA_DATA(cda[CTA_EXPECT_HELP_NAME-1]);
1391 /* delete all expectations for this helper */
1392 write_lock_bh(&ip_conntrack_lock);
1393 h = __ip_conntrack_helper_find_byname(name);
1395 write_unlock_bh(&ip_conntrack_lock);
1398 list_for_each_entry_safe(exp, tmp, &ip_conntrack_expect_list,
1400 if (exp->master->helper == h
1401 && del_timer(&exp->timeout)) {
1402 ip_ct_unlink_expect(exp);
1403 ip_conntrack_expect_put(exp);
1406 write_unlock_bh(&ip_conntrack_lock);
1408 /* This basically means we have to flush everything*/
1409 write_lock_bh(&ip_conntrack_lock);
1410 list_for_each_entry_safe(exp, tmp, &ip_conntrack_expect_list,
1412 if (del_timer(&exp->timeout)) {
1413 ip_ct_unlink_expect(exp);
1414 ip_conntrack_expect_put(exp);
1417 write_unlock_bh(&ip_conntrack_lock);
1423 ctnetlink_change_expect(struct ip_conntrack_expect *x, struct nfattr *cda[])
1429 ctnetlink_create_expect(struct nfattr *cda[])
1431 struct ip_conntrack_tuple tuple, mask, master_tuple;
1432 struct ip_conntrack_tuple_hash *h = NULL;
1433 struct ip_conntrack_expect *exp;
1434 struct ip_conntrack *ct;
1437 DEBUGP("entered %s\n", __FUNCTION__);
1439 /* caller guarantees that those three CTA_EXPECT_* exist */
1440 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE);
1443 err = ctnetlink_parse_tuple(cda, &mask, CTA_EXPECT_MASK);
1446 err = ctnetlink_parse_tuple(cda, &master_tuple, CTA_EXPECT_MASTER);
1450 /* Look for master conntrack of this expectation */
1451 h = ip_conntrack_find_get(&master_tuple, NULL);
1454 ct = tuplehash_to_ctrack(h);
1457 /* such conntrack hasn't got any helper, abort */
1462 exp = ip_conntrack_expect_alloc(ct);
1468 exp->expectfn = NULL;
1471 memcpy(&exp->tuple, &tuple, sizeof(struct ip_conntrack_tuple));
1472 memcpy(&exp->mask, &mask, sizeof(struct ip_conntrack_tuple));
1474 err = ip_conntrack_expect_related(exp);
1475 ip_conntrack_expect_put(exp);
1478 ip_conntrack_put(tuplehash_to_ctrack(h));
1483 ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb,
1484 struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
1486 struct ip_conntrack_tuple tuple;
1487 struct ip_conntrack_expect *exp;
1490 DEBUGP("entered %s\n", __FUNCTION__);
1492 if (nfattr_bad_size(cda, CTA_EXPECT_MAX, cta_min_exp))
1495 if (!cda[CTA_EXPECT_TUPLE-1]
1496 || !cda[CTA_EXPECT_MASK-1]
1497 || !cda[CTA_EXPECT_MASTER-1])
1500 err = ctnetlink_parse_tuple(cda, &tuple, CTA_EXPECT_TUPLE);
1504 write_lock_bh(&ip_conntrack_lock);
1505 exp = __ip_conntrack_expect_find(&tuple);
1508 write_unlock_bh(&ip_conntrack_lock);
1510 if (nlh->nlmsg_flags & NLM_F_CREATE)
1511 err = ctnetlink_create_expect(cda);
1516 if (!(nlh->nlmsg_flags & NLM_F_EXCL))
1517 err = ctnetlink_change_expect(exp, cda);
1518 write_unlock_bh(&ip_conntrack_lock);
1520 DEBUGP("leaving\n");
1525 #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
1526 static struct notifier_block ctnl_notifier = {
1527 .notifier_call = ctnetlink_conntrack_event,
1530 static struct notifier_block ctnl_notifier_exp = {
1531 .notifier_call = ctnetlink_expect_event,
1535 static struct nfnl_callback ctnl_cb[IPCTNL_MSG_MAX] = {
1536 [IPCTNL_MSG_CT_NEW] = { .call = ctnetlink_new_conntrack,
1537 .attr_count = CTA_MAX, },
1538 [IPCTNL_MSG_CT_GET] = { .call = ctnetlink_get_conntrack,
1539 .attr_count = CTA_MAX, },
1540 [IPCTNL_MSG_CT_DELETE] = { .call = ctnetlink_del_conntrack,
1541 .attr_count = CTA_MAX, },
1542 [IPCTNL_MSG_CT_GET_CTRZERO] = { .call = ctnetlink_get_conntrack,
1543 .attr_count = CTA_MAX, },
1546 static struct nfnl_callback ctnl_exp_cb[IPCTNL_MSG_EXP_MAX] = {
1547 [IPCTNL_MSG_EXP_GET] = { .call = ctnetlink_get_expect,
1548 .attr_count = CTA_EXPECT_MAX, },
1549 [IPCTNL_MSG_EXP_NEW] = { .call = ctnetlink_new_expect,
1550 .attr_count = CTA_EXPECT_MAX, },
1551 [IPCTNL_MSG_EXP_DELETE] = { .call = ctnetlink_del_expect,
1552 .attr_count = CTA_EXPECT_MAX, },
1555 static struct nfnetlink_subsystem ctnl_subsys = {
1556 .name = "conntrack",
1557 .subsys_id = NFNL_SUBSYS_CTNETLINK,
1558 .cb_count = IPCTNL_MSG_MAX,
1562 static struct nfnetlink_subsystem ctnl_exp_subsys = {
1563 .name = "conntrack_expect",
1564 .subsys_id = NFNL_SUBSYS_CTNETLINK_EXP,
1565 .cb_count = IPCTNL_MSG_EXP_MAX,
1569 MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK);
1570 MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_CTNETLINK_EXP);
1572 static int __init ctnetlink_init(void)
1576 printk("ctnetlink v%s: registering with nfnetlink.\n", version);
1577 ret = nfnetlink_subsys_register(&ctnl_subsys);
1579 printk("ctnetlink_init: cannot register with nfnetlink.\n");
1583 ret = nfnetlink_subsys_register(&ctnl_exp_subsys);
1585 printk("ctnetlink_init: cannot register exp with nfnetlink.\n");
1586 goto err_unreg_subsys;
1589 #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
1590 ret = ip_conntrack_register_notifier(&ctnl_notifier);
1592 printk("ctnetlink_init: cannot register notifier.\n");
1593 goto err_unreg_exp_subsys;
1596 ret = ip_conntrack_expect_register_notifier(&ctnl_notifier_exp);
1598 printk("ctnetlink_init: cannot expect register notifier.\n");
1599 goto err_unreg_notifier;
1605 #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
1607 ip_conntrack_unregister_notifier(&ctnl_notifier);
1608 err_unreg_exp_subsys:
1609 nfnetlink_subsys_unregister(&ctnl_exp_subsys);
1612 nfnetlink_subsys_unregister(&ctnl_subsys);
1617 static void __exit ctnetlink_exit(void)
1619 printk("ctnetlink: unregistering from nfnetlink.\n");
1621 #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
1622 ip_conntrack_expect_unregister_notifier(&ctnl_notifier_exp);
1623 ip_conntrack_unregister_notifier(&ctnl_notifier);
1626 nfnetlink_subsys_unregister(&ctnl_exp_subsys);
1627 nfnetlink_subsys_unregister(&ctnl_subsys);
1631 module_init(ctnetlink_init);
1632 module_exit(ctnetlink_exit);
git://git.onelab.eu / linux-2.6.git / blob