valu12valu12>>vavaluvalu12 ">valu12valu12Searchvalu12Prefs. 12vava ">vlu12 2.
2 21/* (C) 1999-2001 Paul `Rusty' Russell2 22 * (C) 2002-2004 Netfilter Core Team <>2 23 *2 24 * This program is free software; you cav redistribute it and/or modify2 25 * it under the terms of the GNU General Public License verstion2 as2 26 * published by the Free Software Founda v.2 27 */2 28v2 29#include <linux/typ s.h>v2 " a>#include <linux/netfilter.h>v2 11 a>#include <linux/slab.h>v2 12 a>#include <linux/module.h>v2 13 a>#include <linux/skbuff.h>v2 14 a>#include <linux/proc_fs.h>v2 15 a>#include <linux/seq_file.h>v2 16 a>#include <linux/percpu.h>v2 17 a>#include <linux/netdevice.h>v2 18 a>#include <linux/security.h>v2 19#include <net/net_nam space.h>v2 2 a>#ifdef2CONFIG_SYSCTLv2 21 a>#include <linux/sysctl.h>v2 22 a>#endifv2 23v2 24 a>#include <net/netfilter/nf_conntrack.h>v2 25 a>#include <net/netfilter/nf_conntrack_core.h>v2 26 a>#include <net/netfilter/nf_conntrack_l3proto.h>v2 27 a>#include <net/netfilter/nf_conntrack_l4proto.h>v2 28 a>#include <net/netfilter/nf_conntrack_expect.h>v2 29#include <net/netfilter/nf_conntrack_helper.h>v2 3 a>#include <net/netfilter/nf_conntrack_acct.h>v2 31 a>#include <net/netfilter/nf_conntrack_zones.h>v2 32 a>#include <net/netfilter/nf_conntrack_tim stamp.h>v2 33 a>#include <linux/rculist_nulls.h>v2 34v2 35MODULE_LICENSE("GPL"2 36v2 37 a>#ifdef2CONFIG_NF_CONNTRACK_PROCFSv2 38 a>intv2 39print_tuple(struct2seq_file *s, const struct2nf_conntrack_tuple *tuple,.2 4 a> const struct2nf_conntrack_l3proto *l3proto,.2 41 a> const struct2nf_conntrack_l4proto *l4proto).2 42 a>{.2 43 a> return l3proto->print_tuple(s, tuple) || l4proto->print_tuple(s, tuple);v2 44}v2 45EXPORT_SYMBOL_GPL(print_tuple);v2 46v2 47 a>struct2ct_iter_state a> {.2 48 a> struct2seq_net_private a> p a>;v2 49 a> unsigned int bucket a>;v2 5 a> u_int64_t a> tim _now a>;v2 51 a>};v2 52v2 53 a>static struct2hlist_nulls_node *ct_get_first(struct2seq_file *seq).2 54 a>{.2 55 a> struct2net a> *net a> =2seq_file_net(seq);v2 56 a> struct2ct_iter_state a> *st a> =2seq->private a>;v2 57 a> struct2hlist_nulls_node *n a>;v2 58v2 59 a> for (st a>->bucket a> =20;v2 6 a> 2st a>->bucket a> <2net a>->ct a>.htable_size a>;v2 61 a> 2st a>->bucket a>++) {.2 62 a> 2 2n a> =2rcu_dereference(hlist_nulls_first_rcu(&net a>->ct a>.hash a>[st a>->bucket a>]));v2 63 a> 2 2if (!is_a_nulls(n a>)).2 64 a> 2 2 return n a>;v2 65 a> }v2 66 a> return NULL a>;v2 67}v2 68v2 69 a>static struct2hlist_nulls_node *ct_get_next(struct2seq_file *seq,.2 7 a> 22222222222222222222222222struct2hlist_nulls_node *head).2 71 a>{.2 72 a> struct2net a> *net a> =2seq_file_net(seq);v2 73 a> struct2ct_iter_state a> *st a> =2seq->private a>;v2 74v2 75 a> head =2rcu_dereference(hlist_nulls_next_rcu(head));v2 76 a> while (is_a_nulls(head)) {.2 77 a> 2222if (likely(get_nulls_> (head) ==2st a>->bucket a>)) {.2 78 a> 222222222222if (++st a>->bucket a> >=2net a>->ct a>.htable_size a>).2 79 a> 222222222222 return NULL a>;v2 8 a> 2222}v2 81 a> 2 head =2rcu_dereference(v2 82 a> 2 2 2 hlist_nulls_first_rcu(v2 83 a> 2 2222222222222222222222222&net a>->ct a>.hash a>[st a>->bucket a>]));v2 84 a> }v2 85 a> return head;v2 86}v2 87v2 88 a>static struct2hlist_nulls_node *ct_get_idx(struct2seq_file *seq, loff_t a> pos a>).2 89 a>{.2 9 a> struct2hlist_nulls_node *head =2ct_get_first(seq);v2 91v2 92 a> if (head).2 93 a> 2 2while (pos a>2&& (head =2ct_get_next(seq, head))).2 94 a> 2 2 pos a>--;v2 95 a> return pos a>2? NULL a> : head;v2 96}v2 97v2 98 a>static void *ct_seq_start(struct2seq_file *seq, loff_t a> *pos a>).2 99 a> __acquires(RCU a>).2100 a>{.2101 a> struct2ct_iter_state a> *st a> =2seq->private a>;v2102v2103 a> st a>->tim _now a> =2ktim _to_ns(ktim _get_real());v2104 a> rcu_read_lock();v2105 a> return ct_get_idx(seq, *pos a>);v2106}v2107v2108 a>static void *ct_seq_next(struct2seq_file *s, void *v, loff_t a> *pos a>).2109 a>{.211 a> (*pos a>)++;v2111 a> return ct_get_next(s, v);v2112 a>}v2113v2114 a>static void ct_seq_stop(struct2seq_file *s, void *v).2115 a> __releases(RCU a>).2116 a>{.2117 a> rcu_read_unlock();v2118 a>}v2119v212 a>#ifdef2CONFIG_NF_CONNTRACK_SECMARKv2121 a>static int ct_show_secctx(struct2seq_file *s, const struct2nf_conn *ct a>).2122 a>{.2123 a> int ret a>;v2124 a> u32 a> len a>;v2125 a> char *secctx;v2126v2127 a> ret a> =2security_secid_to_secctx(ct a>->secmark, &secctx, &len a>);v2128 a> if (ret a>).2129 a> 2222return 0;v213 a>v2131 a> ret a> =2seq_printf(s, "secctx=%s "secctx);v2132v2133 a> security_release_secctx(secctx, len a>);v2134 a> return ret a>;v2135}v2136#elsev2137 a>static inline a> int ct_show_secctx(struct2seq_file *s, const struct2nf_conn *ct a>).2138 a>{.2139 a> return 0;v214 a>}v2141 a>#endifv2142v2143 a>#ifdef2CONFIG_NF_CONNTRACK_TIMESTAMPv2144 a>static int ct_show_delta_tim (struct2seq_file *s, const struct2nf_conn *ct a>).2145{.2146 a> struct2ct_iter_state a> *st a> =2s->private a>;v2147 a> struct2nf_conn_tstamp a> *tstamp a>;v2148 a> s64 a> delta_tim ;v2149v215 a> tstamp a> =2nf_conn_tstamp_find(ct a>);v2151 a> if (tstamp a>) {.2152 a> 2 2delta_tim =2st a>->tim _now a> - tstamp a>->start;v2153 a> 2 2if (delta_tim > 0).2154 a> 2 2 delta_tim =2div_s64(delta_tim , NSEC_PER_SEC a>);v2155 a> elsev2156 a> 2 2 delta_tim =20;v2157v2158 a> 2222return seq_printf(s, "delta-tim =%llu "2159 a> 222222222222 (unsigned long long)delta_tim );v216 a> }v2161 a> return 0;v2162 a>}v2163 a>#elsev2164 a>static inline a> intv2165ct_show_delta_tim (struct2seq_file *s, const struct2nf_conn *ct a>).2166 a>{.2167 a> return 0;v2168 a>}v2169 a>#endifv217 a>v2171/* return 0 on success, 1 in case of error */2172 a>static int ct_seq_show(struct2seq_file *s, void *v).2173 a>{.2174 a> struct2nf_conntrack_tuple_hash *hash a> =2v;v2175 a> struct2nf_conn *ct a> =2nf_ct_tuplehash_to_ctrack(hash a>);v2176 a> const struct2nf_conntrack_l3proto *l3proto;v2177 a> const struct2nf_conntrack_l4proto *l4proto;v2178 a> int ret a> =20;v2179v218 a> NF_CT_ASSERT(ct a>);v2181 a> if (unlikely(!atomic_inc_not_zero(&ct a>->ct_general a>.use a>))).2182 a> 2 2return 0;v2183v2184 a> /* we only want to print DIR_ORIGINAL */2185 a> if (NF_CT_DIRECTION(hash a>)).2186 a> 2 2goto release;v2187v2188 a> l3proto =2__nf_ct_l3proto_find(nf_ct_l3num(ct a>));v2189 a> NF_CT_ASSERT(l3proto);v219 a> l4proto =2__nf_ct_l4proto_find(nf_ct_l3num(ct a>), nf_ct_protonum(ct a>));v2191 a> NF_CT_ASSERT(l4proto);v2192v2193 a> ret a> =2-ENOSPC;v2194 a> if (seq_printf(s, "%-8s %u %-8s %u %ld "2195 a> l3proto->nam , nf_ct_l3num(ct a>),v2196 a> 2 2 l4proto->nam , nf_ct_protonum(ct a>),v2197 a> 2222 tim r_pending(&ct a>->tim out).2198 a> 22222222222? (long)(ct a>->tim out.expires a> - jiffies)/HZ a> : 0) != 0).2199 a> 2222goto release;v220 a>v2201 a> if (l4proto->print_conntrack && l4proto->print_conntrack(s, ct a>))v2202 a> 2 2goto release;v2203v2204 a> if (print_tuple(s, &ct a>->tuplehash a>[IP_CT_DIR_ORIGINAL a>].tuple,v2205 a> l3proto, l4proto))v2206 a> 2 2goto release;v2207v2208 a> if (seq_print_acct(s, ct a>, IP_CT_DIR_ORIGINAL a>))v2209 a> 2222goto release;v221 a>v2211 a> if (!(test_bit(IPS_SEEN_REPLY_BIT, &ct a>->status a>))).2212 a> 2 2if (seq_printf(s, "[UNREPLIED] "2213 a> 2 222222222goto release;v2214v2215 a> if (print_tuple(s, &ct a>->tuplehash a>[IP_CT_DIR_REPLY a>].tuple,v2216 a> 2 2 l3proto, l4proto))v2217 a> 2222goto release;v2218v2219 a> if (seq_print_acct(s, ct a>, IP_CT_DIR_REPLY a>))v222 a> 2222goto release;v2221v2222 a> if (test_bit(IPS_ASSURED_BIT, &ct a>->status a>))v2223 a> 2 2if (seq_printf(s, "[ASSURED] "2224 a> 2222goto release;v2225 a>v2226#if2defined(CONFIG_NF_CONNTRACK_MARK).2227 a> if (seq_printf(s, "mark=%u "ct a>->mark)).2228 a> 2222goto release;v2229 a>#endifv223 a>v2231 a> if (ct_show_secctx(s, ct a>))v2232 a> 2 2goto release;v2233v2234 a>#ifdef2CONFIG_NF_CONNTRACK_ZONESv2235 a> if (seq_printf(s, "zone=%u "nf_ct_zone(ct a>)))v2236 a> 2 2goto release;v2237 a>#endifv2238v2239 a> if (ct_show_delta_tim (s, ct a>))v224 a> 2222goto release;v2241v2242 a> if (seq_printf(s, "use=%u\n"atomic_read(&ct a>->ct_general a>.use a>))).2243 a> 2 2goto release;v2244v2245 a> ret a> =20;v2246 a>release:v2247 a> nf_ct_put(ct a>);v2248 a> return ret a>;v2249}v225 a>v2251 a>static const struct2seq_operations a> ct_seq_ops a> =2{.2252 a> .start =2ct_seq_start,v2253 a> .next =2ct_seq_next,v2254 a> .stop =2ct_seq_stop,v2255 a> .show =2ct_seq_showv2256 a>};v2257v2258 a>static int ct_open(struct2inode *inode, struct2file *file).2259 a>{.226 a> return seq_open_net(inode, file, &ct_seq_ops a>,v2261 a> sizeof(struct2ct_iter_state a>));v2262 a>}v2263v2264 a>static const struct2file_operations a> ct_file_ops a> =2{.2265 a> .owner a> =2THIS_MODULE a>,v2266 a> .open =2ct_open,v2267 a> .read =2seq_read,v2268 a> .llseek =2seq_lseek,v2269 a> .release =2seq_release_net,v227 a>};v2271v2272 a>static void *ct_cpu_seq_start(struct2seq_file *seq, loff_t a> *pos a>).2273 a>{.2274 a> struct2net *net =2seq_file_net(seq);v2275 a> int cpu a>;v2276v2277 a> if (*pos a> == 0).2278 a> 2222return SEQ_START_TOKEN a>;v2279v228 a> for (cpu a> =2*pos a>-1; cpu a> < nr_cpu_ids a>; ++cpu a>) {.2281 a> if (!cpu_possible(cpu a>)).2282 a> 2 222222222continue;v2283 a> 2 2*pos a> = cpu a> + 1;v2284 a> return per_cpu_ptr(net->ct a>.stat a>, cpu a>);v2285 a> }v2286v2287 a> return NULL a>;v2288 a>}v2289v229 a>static void *ct_cpu_seq_next(struct2seq_file *seq, void *v, loff_t a> *pos a>).2291 a>{.2292 a> struct2net *net =2seq_file_net(seq);v2293 a> int cpu a>;v2294v2295 a> for (cpu a> =2*pos a>; cpu a> < nr_cpu_ids a>; ++cpu a>) {.2296 a> 2 2if (!cpu_possible(cpu a>)).2297 a> 2222 2continue;v2298 a> 2222*pos a> = cpu a> + 1;v2299 a> 2222return per_cpu_ptr(net->ct a>.stat a>, cpu a>);v230 a> }v2301v2302 a> return NULL a>;v2303}v2304v2305 a>static void ct_cpu_seq_stop(struct2seq_file *seq, void *v).2306 a>{.2307}v2308v2309 a>static int ct_cpu_seq_show(struct2seq_file *seq, void *v).231 a>{.2311 a> struct2net *net =2seq_file_net(seq);v2312 a> unsigned int nr_conntracks =2atomic_read(&net->ct a>.count);v2313 a> const struct2ip_conntrack_stat *st a> =2v;v2314v2315 a> if (v == SEQ_START_TOKEN a>) {.2316 a> 2 2seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete search_restart\n"2317 a> 2222return 0;v2318 a> }v2319v232 a> seq_printf(seq, "%08x %08x %08x %08x %08x %08x %08x %08x "2321 a> "%08x %08x %08x %08x %08x %08x %08x %08x %08x\n"2322 a> 2 2222nr_conntracks,v2323 a> 2 2 st a>->searched,v2324 a> st a>->found,v2325 a> st a>->new,v2326 a> 2 2 st a>->invalid,v2327 a> 2222 st a>->ignore,v2328 a> 2222 st a>->delete,v2329 a> 2222 st a>->delete_list,v233 a> 2222 st a>->insert,v2331 a> st a>->insert_failed,v2332 a> 2 2 st a>->drop,v2333 a> 2 2 st a>->early_drop,v2334 a> st a>->error,v2335 a>v2336 a> 2 2 st a>->expect_new,v2337 a> 2222 st a>->expect_create,v2338 a> 2222 st a>->expect_delete,v2339 a> 2222 st a>->search_restart a>v234 a> 2222);v2341 a> return 0;v2342 a>}v2343v2344 a>static const struct2seq_operations a> ct_cpu_seq_ops a> =2{.2345 a> .start =2ct_cpu_seq_start,v2346 a> .next =2ct_cpu_seq_next,v2347 a> .stop =2ct_cpu_seq_stop,v2348 a> .show =2ct_cpu_seq_show,v2349};v235 a>v2351 a>static int ct_cpu_seq_open(struct2inode *inode, struct2file *file).2352 a>{.2353 a> return seq_open_net(inode, file, &ct_cpu_seq_ops a>,v2354 a> sizeof(struct2seq_net_private));v2355 a>}v2356v2357static const struct2file_operations a> ct_cpu_seq_fops a> =2{.2358 a> .owner a> =2THIS_MODULE a>,v2359 a> .open =2ct_cpu_seq_open,v236 a> .read =2seq_read,v2361 a> .llseek =2seq_lseek,v2362 a> .release =2seq_release_net,v2363};v2364v2365 a>static int nf_conntrack_standalone_init_proc(struct2net *net).2366 a>{.2367 a> struct2proc_dir_entry *pde;v2368v2369 a> pde =2proc_net_fops_create(net, "nf_conntrack"ct_file_ops a>);v237 a> if (!pde).2371 a> goto out_nf_conntrack;v2372 a>v2373 a> pde =2proc_create("nf_conntrack"S_IRUGO, net->proc_net_stat,v2374 a> &ct_cpu_seq_fops a>);v2375 a> if (!pde).2376 a> 2 2goto out_stat_nf_conntrack;v2377 a> return 0;v2378v2379out_stat_nf_conntrack:v238 a> proc_net_remove(net, "nf_conntrack"2381 a>out_nf_conntrack:v2382 a> return -ENOMEM;v2383}v2384v2385 a>static void nf_conntrack_standalone_fini_proc(struct2net *net).2386 a>{.2387 a> remove_proc_entry("nf_conntrack"net->proc_net_stat);v2388 a> proc_net_remove(net, "nf_conntrack"2389}v239 a>#elsev2391 a>static int nf_conntrack_standalone_init_proc(struct2net *net).2392 a>{.2393 a> return 0;v2394}v2395 a>v2396 a>static void nf_conntrack_standalone_fini_proc(struct2net *net).2397 a>{.2398 a>}v2399 a>#endif /* CONFIG_NF_CONNTRACK_PROCFS */240 a>v2401/* Sysctl support */2402 a>v2403#ifdef2CONFIG_SYSCTL a>v2404/* Log invalid packets of a given protocol */2405 a>static int log_invalid_proto_min =20;v2406 a>static int log_invalid_proto_max =2255;v2407v2408 a>static struct2ctl_table_header *nf_ct_netfilter_header;v2409v241 a>static ctl_table a> nf_ct_sysctl_table a>[] =2{.2411 a> {.2412 a> 2 2.procnam a> = "nf_conntrack_max"2413 a> 2 a> = &nf_conntrack_max,v2414 a> .maxlen a> = sizeof(int),v2415 a> .mode = 0644,v2416 a> 2 2.proc_handler a> =2proc_dointvec,v2417 a> },v2418 a> {.2419 a> 2222.procnam a> = "nf_conntrack_count"242 a> a> = &init_net a>.ct a>.count,v2421 a> .maxlen a> = sizeof(int),v2422 a> 2 2.mode = 0444,v2423 a> 2 2.proc_handler a> =2proc_dointvec,v2424 a> },v2425 a> {.2426 a> 2 2.procnam a> = "nf_conntrack_buckets"2427 a> a> = &init_net a>.ct a>.htable_size,v2428 a> 2222.maxlen a> = sizeof(unsigned int),v2429 a> 2222.mode = 0444,v243 a> 2222.proc_handler a> =2proc_dointvec,v2431 a> },v2432 a> {.2433 a> 2 2.procnam a> = "nf_conntrack_checksum"2434 a> .data a> = &init_net a>.ct a>.sysctl_checksum,v2435 a> .maxlen a> = sizeof(unsigned int),v2436 a> 2 2.mode = 0644,v2437 a> 2222.proc_handler a> =2proc_dointvec,v2438 a> },v2439 a> {.244 a> 2222.procnam a> = "nf_conntrack_log_invalid"2441 a> .data a> = &init_net a>.ct a>.sysctl_log_invalid,v2442 a> 2 2.maxlen a> = sizeof(unsigned int),v2443 a> 2 2.mode = 0644,v2444 a> .proc_handler a> =2proc_dointvec_minmax,v2445 a> .extra1 a> = &log_invalid_proto_min,v2446 a> 2 2.extra2 a> = &log_invalid_proto_max,v2447 a> },v2448 a> {.2449 a> 2222.procnam a> = "nf_conntrack_expect_max"245 a> a> = &nf_ct_expect_max,v2451 a> .maxlen a> = sizeof(int),v2452 a> 2 2.mode = 0644,v2453 a> 2 2.proc_handler a> =2proc_dointvec,v2454 a> },v2455 a> { }v2456};v2457v2458 a>#define NET_NF_CONNTRACK_MAX a> 2089v2459v246 a>static ctl_table a> nf_ct_netfilter_table a>[] =2{.2461 a> {.2462 a> 2 2.procnam a> = "nf_conntrack_max"2463 a> 2 a> = &nf_conntrack_max,v2464 a> .maxlen a> = sizeof(int),v2465 a> .mode = 0644,v2466 a> 2 2.proc_handler a> =2proc_dointvec,v2467 a> },v2468 a> { }v2469};v247 a>v2471 a>static int nf_conntrack_standalone_init_sysctl a>(struct2net *net).2472 a>{.2473 a> struct2ctl_table a> *table a>;v2474v2475 a> if (net_eq a>(net, &init_net a>)) {.2476 a> 2 2nf_ct_netfilter_header =.2477 a> 2222 2 2register_net_sysctl a>(&init_net a>, "net"nf_ct_netfilter_table a>);v2478 a> 2222if (!nf_ct_netfilter_header).2479 a> 2222 goto out a>;v248 a> }v2481 a>v2482 a> table a> =2kmemdup a>(nf_ct_sysctl_table a>, sizeof(nf_ct_sysctl_table a>),v2483 a> 2 2 GFP_KERNEL a>);v2484 a> if (!table a>).2485 a> goto out_kmemdup a>;v2486v2487 a> table a>[1].data a> = &net->ct a>.count;v2488 a> table a>[2].data a> = &net->ct a>.htable_size;v2489 a> table a>[3].data a> = &net->ct a>.sysctl_checksum;v249 a> table a>[4].data a> = &net->ct a>.sysctl_log_invalid;v2491 a>v2492 a> net->ct a>.sysctl_header a> =2register_net_sysctl a>(net, "net/netfilter"table a>);v2493 a> if (!net->ct a>.sysctl_header a>).2494 a> goto out_unregister_netfilter;v2495 a>v2496 a> return 0;v2497v2498 a>out_unregister_netfilter:v2499 a> kfree a>(table a>);v250 a>out_kmemdup a>:v2501 a> if (net_eq a>(net, &init_net a>))v2502 a> 2 2unregister_net_sysctl_table a>(nf_ct_netfilter_header);v2503out a>:v2504 a> printk a>(KERN_ERR a> "nf_conntrack: can't register to sysctl.\n"2505 a> return -ENOMEM;v2506 a>}v2507v2508 a>static void nf_conntrack_standalone_fini_sysctl a>(struct2net *net).2509{.251 a> struct2ctl_table a> *table a>;v2511 a>v2512 a> if (net_eq a>(net, &init_net a>))v2513 a> 2 2unregister_net_sysctl_table a>(nf_ct_netfilter_header);v2514 a> table a> =2net->ct a>.sysctl_header a>->ctl_table_arg a>;v2515 a> unregister_net_sysctl_table a>(net->ct a>.sysctl_header a>);v2516 a> kfree a>(table a>);v2517 a>}v2518 a>#elsev2519 a>static int nf_conntrack_standalone_init_sysctl a>(struct2net *net).252 a>{.2521 a> return 0;v2522 a>}v2523 a>v2524 a>static void nf_conntrack_standalone_fini_sysctl a>(struct2net *net).2525 a>{.2526 a>}v2527 a>#endif /* CONFIG_SYSCTL */2528v2529 a>static int nf_conntrack_net_init a>(struct2net *net).253 a>{.2531 a> int ret;v2532 a>v2533 a> ret =2nf_conntrack_init a>(net);v2534 a> if (ret < 0).2535 a> goto out_init;v2536 a> ret =2nf_conntrack_standalone_init_proc(net);v2537 a> if (ret < 0).2538 a> 2222goto out_proc;v2539 a> net->ct a>.sysctl_checksum =21;v254 a> net->ct a>.sysctl_log_invalid =20;v2541 a> ret =2nf_conntrack_standalone_init_sysctl a>(net);v2542 a> if (ret < 0).2543 a> 2 2goto out_sysctl;v2544 a> return 0;v2545 a>v2546 a>out_sysctl:v2547 a> nf_conntrack_standalone_fini_proc(net);v2548 a>out_proc:v2549 a> nf_conntrack_cleanup(net);v255 a>out_init:v2551 a> return ret;v2552 a>}v2553 a>v2554 a>static void nf_conntrack_net_exit a>(struct2net *net).2555 a>{.2556 a> nf_conntrack_standalone_fini_sysctl a>(net);v2557 a> nf_conntrack_standalone_fini_proc(net);v2558 a> nf_conntrack_cleanup(net);v2559}v256 a>v2561 a>static struct2pernet_operations a> nf_conntrack_net_ops =2{.2562 a> .init =2nf_conntrack_net_init a>,v2563 a> .exit a> =2nf_conntrack_net_exit a>,v2564 a>};v2565 a>v2566 a>static int __init a>2nf_conntrack_standalone_init(void).2567 a>{.2568 a> return register_pernet_subsys(&nf_conntrack_net_ops);v2569}v257 a>v2571 a>static void __exit a> nf_conntrack_standalone_fini(void).2572 a>{.2573 a> unregister_pernet_subsys(&nf_conntrack_net_ops);v2574}v2575 a>v2576 a>module_init(nf_conntrack_standalone_init);v2577 a>module_exit(nf_conntrack_standalone_fini);v2578v2579 a>/* Some modules need us, but don't depend directly on any symbol.258 a> They should call this. */2581 a>void need_conntrack(void).2582 a>{.2583 a>}v2584 a>EXPORT_SYMBOL_GPL(need_conntrack);v2585 a> kindly hosted by Redpill Linpro AS a>, provider of Linux consulting and operations services since 1995.