[NETFILTER]: nf_conntrack: sysctl compatibility with old connection tracking
This patch adds an option to keep the connection tracking sysctls visible under their old names. Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
parent
933a41e7e1
commit
a999e68376
10 changed files with 332 additions and 1 deletions
|
@ -80,7 +80,11 @@ struct nf_conntrack_l4proto
|
||||||
struct ctl_table_header **ctl_table_header;
|
struct ctl_table_header **ctl_table_header;
|
||||||
struct ctl_table *ctl_table;
|
struct ctl_table *ctl_table;
|
||||||
unsigned int *ctl_table_users;
|
unsigned int *ctl_table_users;
|
||||||
#endif /* CONFIG_SYSCTL */
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
struct ctl_table_header *ctl_compat_table_header;
|
||||||
|
struct ctl_table *ctl_compat_table;
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Module (if any) which this is connected to. */
|
/* Module (if any) which this is connected to. */
|
||||||
struct module *me;
|
struct module *me;
|
||||||
|
|
|
@ -19,6 +19,17 @@ config NF_CONNTRACK_IPV4
|
||||||
|
|
||||||
To compile it as a module, choose M here. If unsure, say N.
|
To compile it as a module, choose M here. If unsure, say N.
|
||||||
|
|
||||||
|
config NF_CONNTRACK_PROC_COMPAT
|
||||||
|
bool "proc/sysctl compatibility with old connection tracking"
|
||||||
|
depends on NF_CONNTRACK
|
||||||
|
default y
|
||||||
|
help
|
||||||
|
This option enables /proc and sysctl compatibility with the old
|
||||||
|
layer 3 dependant connection tracking. This is needed to keep
|
||||||
|
old programs that have not been adapted to the new names working.
|
||||||
|
|
||||||
|
If unsure, say Y.
|
||||||
|
|
||||||
# connection tracking, helpers and protocols
|
# connection tracking, helpers and protocols
|
||||||
config IP_NF_CONNTRACK
|
config IP_NF_CONNTRACK
|
||||||
tristate "Connection tracking (required for masq/NAT)"
|
tristate "Connection tracking (required for masq/NAT)"
|
||||||
|
|
|
@ -266,6 +266,60 @@ static struct nf_hook_ops ipv4_conntrack_ops[] = {
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
|
||||||
|
static int log_invalid_proto_min = 0;
|
||||||
|
static int log_invalid_proto_max = 255;
|
||||||
|
|
||||||
|
static ctl_table ip_ct_sysctl_table[] = {
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_MAX,
|
||||||
|
.procname = "ip_conntrack_max",
|
||||||
|
.data = &nf_conntrack_max,
|
||||||
|
.maxlen = sizeof(int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_COUNT,
|
||||||
|
.procname = "ip_conntrack_count",
|
||||||
|
.data = &nf_conntrack_count,
|
||||||
|
.maxlen = sizeof(int),
|
||||||
|
.mode = 0444,
|
||||||
|
.proc_handler = &proc_dointvec,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_BUCKETS,
|
||||||
|
.procname = "ip_conntrack_buckets",
|
||||||
|
.data = &nf_conntrack_htable_size,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0444,
|
||||||
|
.proc_handler = &proc_dointvec,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_CHECKSUM,
|
||||||
|
.procname = "ip_conntrack_checksum",
|
||||||
|
.data = &nf_conntrack_checksum,
|
||||||
|
.maxlen = sizeof(int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_LOG_INVALID,
|
||||||
|
.procname = "ip_conntrack_log_invalid",
|
||||||
|
.data = &nf_ct_log_invalid,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_minmax,
|
||||||
|
.strategy = &sysctl_intvec,
|
||||||
|
.extra1 = &log_invalid_proto_min,
|
||||||
|
.extra2 = &log_invalid_proto_max,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = 0
|
||||||
|
}
|
||||||
|
};
|
||||||
|
#endif /* CONFIG_SYSCTL && CONFIG_NF_CONNTRACK_PROC_COMPAT */
|
||||||
|
|
||||||
/* Fast function for those who don't want to parse /proc (and I don't
|
/* Fast function for those who don't want to parse /proc (and I don't
|
||||||
blame them). */
|
blame them). */
|
||||||
/* Reversing the socket's dst/src point of view gives us the reply
|
/* Reversing the socket's dst/src point of view gives us the reply
|
||||||
|
@ -385,6 +439,10 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 = {
|
||||||
defined(CONFIG_NF_CT_NETLINK_MODULE)
|
defined(CONFIG_NF_CT_NETLINK_MODULE)
|
||||||
.tuple_to_nfattr = ipv4_tuple_to_nfattr,
|
.tuple_to_nfattr = ipv4_tuple_to_nfattr,
|
||||||
.nfattr_to_tuple = ipv4_nfattr_to_tuple,
|
.nfattr_to_tuple = ipv4_nfattr_to_tuple,
|
||||||
|
#endif
|
||||||
|
#if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
|
||||||
|
.ctl_table_path = nf_net_ipv4_netfilter_sysctl_path,
|
||||||
|
.ctl_table = ip_ct_sysctl_table,
|
||||||
#endif
|
#endif
|
||||||
.me = THIS_MODULE,
|
.me = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
|
@ -336,6 +336,21 @@ static struct ctl_table icmp_sysctl_table[] = {
|
||||||
.ctl_name = 0
|
.ctl_name = 0
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
static struct ctl_table icmp_compat_sysctl_table[] = {
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_ICMP_TIMEOUT,
|
||||||
|
.procname = "ip_conntrack_icmp_timeout",
|
||||||
|
.data = &nf_ct_icmp_timeout,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = 0
|
||||||
|
}
|
||||||
|
};
|
||||||
|
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
|
||||||
#endif /* CONFIG_SYSCTL */
|
#endif /* CONFIG_SYSCTL */
|
||||||
|
|
||||||
struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
|
struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
|
||||||
|
@ -360,6 +375,9 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
|
||||||
#ifdef CONFIG_SYSCTL
|
#ifdef CONFIG_SYSCTL
|
||||||
.ctl_table_header = &icmp_sysctl_header,
|
.ctl_table_header = &icmp_sysctl_header,
|
||||||
.ctl_table = icmp_sysctl_table,
|
.ctl_table = icmp_sysctl_table,
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
.ctl_compat_table = icmp_compat_sysctl_table,
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -66,10 +66,12 @@ DEFINE_RWLOCK(nf_conntrack_lock);
|
||||||
|
|
||||||
/* nf_conntrack_standalone needs this */
|
/* nf_conntrack_standalone needs this */
|
||||||
atomic_t nf_conntrack_count = ATOMIC_INIT(0);
|
atomic_t nf_conntrack_count = ATOMIC_INIT(0);
|
||||||
|
EXPORT_SYMBOL_GPL(nf_conntrack_count);
|
||||||
|
|
||||||
void (*nf_conntrack_destroyed)(struct nf_conn *conntrack) = NULL;
|
void (*nf_conntrack_destroyed)(struct nf_conn *conntrack) = NULL;
|
||||||
unsigned int nf_conntrack_htable_size __read_mostly;
|
unsigned int nf_conntrack_htable_size __read_mostly;
|
||||||
int nf_conntrack_max __read_mostly;
|
int nf_conntrack_max __read_mostly;
|
||||||
|
EXPORT_SYMBOL_GPL(nf_conntrack_max);
|
||||||
struct list_head *nf_conntrack_hash __read_mostly;
|
struct list_head *nf_conntrack_hash __read_mostly;
|
||||||
struct nf_conn nf_conntrack_untracked __read_mostly;
|
struct nf_conn nf_conntrack_untracked __read_mostly;
|
||||||
unsigned int nf_ct_log_invalid __read_mostly;
|
unsigned int nf_ct_log_invalid __read_mostly;
|
||||||
|
|
|
@ -250,7 +250,22 @@ static int nf_ct_l4proto_register_sysctl(struct nf_conntrack_l4proto *l4proto)
|
||||||
nf_net_netfilter_sysctl_path,
|
nf_net_netfilter_sysctl_path,
|
||||||
l4proto->ctl_table,
|
l4proto->ctl_table,
|
||||||
l4proto->ctl_table_users);
|
l4proto->ctl_table_users);
|
||||||
|
if (err < 0)
|
||||||
|
goto out;
|
||||||
}
|
}
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
if (l4proto->ctl_compat_table != NULL) {
|
||||||
|
err = nf_ct_register_sysctl(&l4proto->ctl_compat_table_header,
|
||||||
|
nf_net_ipv4_netfilter_sysctl_path,
|
||||||
|
l4proto->ctl_compat_table, NULL);
|
||||||
|
if (err == 0)
|
||||||
|
goto out;
|
||||||
|
nf_ct_unregister_sysctl(l4proto->ctl_table_header,
|
||||||
|
l4proto->ctl_table,
|
||||||
|
l4proto->ctl_table_users);
|
||||||
|
}
|
||||||
|
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
|
||||||
|
out:
|
||||||
mutex_unlock(&nf_ct_proto_sysctl_mutex);
|
mutex_unlock(&nf_ct_proto_sysctl_mutex);
|
||||||
#endif /* CONFIG_SYSCTL */
|
#endif /* CONFIG_SYSCTL */
|
||||||
return err;
|
return err;
|
||||||
|
@ -265,6 +280,11 @@ static void nf_ct_l4proto_unregister_sysctl(struct nf_conntrack_l4proto *l4proto
|
||||||
nf_ct_unregister_sysctl(l4proto->ctl_table_header,
|
nf_ct_unregister_sysctl(l4proto->ctl_table_header,
|
||||||
l4proto->ctl_table,
|
l4proto->ctl_table,
|
||||||
l4proto->ctl_table_users);
|
l4proto->ctl_table_users);
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
if (l4proto->ctl_compat_table_header != NULL)
|
||||||
|
nf_ct_unregister_sysctl(&l4proto->ctl_compat_table_header,
|
||||||
|
l4proto->ctl_compat_table, NULL);
|
||||||
|
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
|
||||||
mutex_unlock(&nf_ct_proto_sysctl_mutex);
|
mutex_unlock(&nf_ct_proto_sysctl_mutex);
|
||||||
#endif /* CONFIG_SYSCTL */
|
#endif /* CONFIG_SYSCTL */
|
||||||
}
|
}
|
||||||
|
|
|
@ -86,6 +86,21 @@ static struct ctl_table generic_sysctl_table[] = {
|
||||||
.ctl_name = 0
|
.ctl_name = 0
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
static struct ctl_table generic_compat_sysctl_table[] = {
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_GENERIC_TIMEOUT,
|
||||||
|
.procname = "ip_conntrack_generic_timeout",
|
||||||
|
.data = &nf_ct_generic_timeout,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = 0
|
||||||
|
}
|
||||||
|
};
|
||||||
|
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
|
||||||
#endif /* CONFIG_SYSCTL */
|
#endif /* CONFIG_SYSCTL */
|
||||||
|
|
||||||
struct nf_conntrack_l4proto nf_conntrack_l4proto_generic =
|
struct nf_conntrack_l4proto nf_conntrack_l4proto_generic =
|
||||||
|
@ -102,5 +117,8 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_generic =
|
||||||
#ifdef CONFIG_SYSCTL
|
#ifdef CONFIG_SYSCTL
|
||||||
.ctl_table_header = &generic_sysctl_header,
|
.ctl_table_header = &generic_sysctl_header,
|
||||||
.ctl_table = generic_sysctl_table,
|
.ctl_table = generic_sysctl_table,
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
.ctl_compat_table = generic_compat_sysctl_table,
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
|
@ -573,6 +573,70 @@ static struct ctl_table sctp_sysctl_table[] = {
|
||||||
.ctl_name = 0
|
.ctl_name = 0
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
static struct ctl_table sctp_compat_sysctl_table[] = {
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED,
|
||||||
|
.procname = "ip_conntrack_sctp_timeout_closed",
|
||||||
|
.data = &nf_ct_sctp_timeout_closed,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_WAIT,
|
||||||
|
.procname = "ip_conntrack_sctp_timeout_cookie_wait",
|
||||||
|
.data = &nf_ct_sctp_timeout_cookie_wait,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_ECHOED,
|
||||||
|
.procname = "ip_conntrack_sctp_timeout_cookie_echoed",
|
||||||
|
.data = &nf_ct_sctp_timeout_cookie_echoed,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_ESTABLISHED,
|
||||||
|
.procname = "ip_conntrack_sctp_timeout_established",
|
||||||
|
.data = &nf_ct_sctp_timeout_established,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_SENT,
|
||||||
|
.procname = "ip_conntrack_sctp_timeout_shutdown_sent",
|
||||||
|
.data = &nf_ct_sctp_timeout_shutdown_sent,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD,
|
||||||
|
.procname = "ip_conntrack_sctp_timeout_shutdown_recd",
|
||||||
|
.data = &nf_ct_sctp_timeout_shutdown_recd,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT,
|
||||||
|
.procname = "ip_conntrack_sctp_timeout_shutdown_ack_sent",
|
||||||
|
.data = &nf_ct_sctp_timeout_shutdown_ack_sent,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = 0
|
||||||
|
}
|
||||||
|
};
|
||||||
|
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = {
|
struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = {
|
||||||
|
@ -590,6 +654,9 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_sctp4 = {
|
||||||
.ctl_table_users = &sctp_sysctl_table_users,
|
.ctl_table_users = &sctp_sysctl_table_users,
|
||||||
.ctl_table_header = &sctp_sysctl_header,
|
.ctl_table_header = &sctp_sysctl_header,
|
||||||
.ctl_table = sctp_sysctl_table,
|
.ctl_table = sctp_sysctl_table,
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
.ctl_compat_table = sctp_compat_sysctl_table,
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1273,6 +1273,110 @@ static struct ctl_table tcp_sysctl_table[] = {
|
||||||
.ctl_name = 0
|
.ctl_name = 0
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
static struct ctl_table tcp_compat_sysctl_table[] = {
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT,
|
||||||
|
.procname = "ip_conntrack_tcp_timeout_syn_sent",
|
||||||
|
.data = &nf_ct_tcp_timeout_syn_sent,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV,
|
||||||
|
.procname = "ip_conntrack_tcp_timeout_syn_recv",
|
||||||
|
.data = &nf_ct_tcp_timeout_syn_recv,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED,
|
||||||
|
.procname = "ip_conntrack_tcp_timeout_established",
|
||||||
|
.data = &nf_ct_tcp_timeout_established,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT,
|
||||||
|
.procname = "ip_conntrack_tcp_timeout_fin_wait",
|
||||||
|
.data = &nf_ct_tcp_timeout_fin_wait,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT,
|
||||||
|
.procname = "ip_conntrack_tcp_timeout_close_wait",
|
||||||
|
.data = &nf_ct_tcp_timeout_close_wait,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK,
|
||||||
|
.procname = "ip_conntrack_tcp_timeout_last_ack",
|
||||||
|
.data = &nf_ct_tcp_timeout_last_ack,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT,
|
||||||
|
.procname = "ip_conntrack_tcp_timeout_time_wait",
|
||||||
|
.data = &nf_ct_tcp_timeout_time_wait,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_CLOSE,
|
||||||
|
.procname = "ip_conntrack_tcp_timeout_close",
|
||||||
|
.data = &nf_ct_tcp_timeout_close,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_MAX_RETRANS,
|
||||||
|
.procname = "ip_conntrack_tcp_timeout_max_retrans",
|
||||||
|
.data = &nf_ct_tcp_timeout_max_retrans,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_LOOSE,
|
||||||
|
.procname = "ip_conntrack_tcp_loose",
|
||||||
|
.data = &nf_ct_tcp_loose,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_BE_LIBERAL,
|
||||||
|
.procname = "ip_conntrack_tcp_be_liberal",
|
||||||
|
.data = &nf_ct_tcp_be_liberal,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_MAX_RETRANS,
|
||||||
|
.procname = "ip_conntrack_tcp_max_retrans",
|
||||||
|
.data = &nf_ct_tcp_max_retrans,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = 0
|
||||||
|
}
|
||||||
|
};
|
||||||
|
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
|
||||||
#endif /* CONFIG_SYSCTL */
|
#endif /* CONFIG_SYSCTL */
|
||||||
|
|
||||||
struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 =
|
struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 =
|
||||||
|
@ -1298,6 +1402,9 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 =
|
||||||
.ctl_table_users = &tcp_sysctl_table_users,
|
.ctl_table_users = &tcp_sysctl_table_users,
|
||||||
.ctl_table_header = &tcp_sysctl_header,
|
.ctl_table_header = &tcp_sysctl_header,
|
||||||
.ctl_table = tcp_sysctl_table,
|
.ctl_table = tcp_sysctl_table,
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
.ctl_compat_table = tcp_compat_sysctl_table,
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -172,6 +172,29 @@ static struct ctl_table udp_sysctl_table[] = {
|
||||||
.ctl_name = 0
|
.ctl_name = 0
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
static struct ctl_table udp_compat_sysctl_table[] = {
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_UDP_TIMEOUT,
|
||||||
|
.procname = "ip_conntrack_udp_timeout",
|
||||||
|
.data = &nf_ct_udp_timeout,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = NET_IPV4_NF_CONNTRACK_UDP_TIMEOUT_STREAM,
|
||||||
|
.procname = "ip_conntrack_udp_timeout_stream",
|
||||||
|
.data = &nf_ct_udp_timeout_stream,
|
||||||
|
.maxlen = sizeof(unsigned int),
|
||||||
|
.mode = 0644,
|
||||||
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
.ctl_name = 0
|
||||||
|
}
|
||||||
|
};
|
||||||
|
#endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
|
||||||
#endif /* CONFIG_SYSCTL */
|
#endif /* CONFIG_SYSCTL */
|
||||||
|
|
||||||
struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 =
|
struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 =
|
||||||
|
@ -195,6 +218,9 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 =
|
||||||
.ctl_table_users = &udp_sysctl_table_users,
|
.ctl_table_users = &udp_sysctl_table_users,
|
||||||
.ctl_table_header = &udp_sysctl_header,
|
.ctl_table_header = &udp_sysctl_header,
|
||||||
.ctl_table = udp_sysctl_table,
|
.ctl_table = udp_sysctl_table,
|
||||||
|
#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
|
||||||
|
.ctl_compat_table = udp_compat_sysctl_table,
|
||||||
|
#endif
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue