diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index 4744084..30b090c 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig @@ -1164,9 +1164,7 @@ config NETFILTER_XT_MATCH_L2TP config NETFILTER_XT_MATCH_LAYER7 tristate '"layer7" match support' - depends on EXPERIMENTAL depends on NETFILTER_XTABLES - depends on NETFILTER_ADVANCED depends on NF_CONNTRACK help Say Y if you want to be able to classify connections (and their diff --git a/net/netfilter/xt_layer7.c b/net/netfilter/xt_layer7.c index f600c88..1cd188a 100644 --- a/net/netfilter/xt_layer7.c +++ b/net/netfilter/xt_layer7.c @@ -69,13 +69,15 @@ static int total_acct_packets(struct nf_conn *ct) BUG_ON(ct == NULL); return (ct->counters[IP_CT_DIR_ORIGINAL].packets + ct->counters[IP_CT_DIR_REPLY].packets); #else - struct nf_conn_counter *acct; + struct nf_conn_acct *acct; + struct nf_conn_counter *counter; - BUG_ON(ct == NULL); - acct = nf_conn_acct_find(ct); - if (!acct) - return 0; - return (atomic64_read(&acct[IP_CT_DIR_ORIGINAL].packets) + atomic64_read(&acct[IP_CT_DIR_REPLY].packets)); + BUG_ON(ct == NULL); + acct = nf_conn_acct_find(ct); + if (!acct) + return 0; + counter = acct->counter; + return (atomic64_read(&counter[IP_CT_DIR_ORIGINAL].packets) + atomic64_read(&counter[IP_CT_DIR_REPLY].packets)); #endif } @@ -363,6 +365,45 @@ static int my_atoi(const char *s) } } +static int layer7_proc_show(struct seq_file *m, void *data) +{ + return seq_printf(m, "%02d\n",num_packets > 99 ? 99:num_packets); +} + +static int layer7_proc_open(struct inode *inode, struct file *file) +{ + return single_open(file, layer7_proc_show, NULL); +} + +static ssize_t +layer7_proc_write(struct file *file, const char __user *buffer, + size_t length, loff_t *loff) +{ + if (length > 0) { + char foo[64]; + foo[0] = '\0'; + if (strncpy_from_user(foo, buffer,min(sizeof(foo)-1,length)) != 0) + return -EFAULT; + num_packets = my_atoi(foo); + if(num_packets > 99) { + printk(KERN_WARNING "layer7: num_packets can't be > 99.\n"); + num_packets = 99; + } else if(num_packets < 1) { + printk(KERN_WARNING "layer7: num_packets can't be < 1.\n"); + num_packets = 1; + } + } + return length; +} + +static const struct file_operations layer7_proc_fops = { + .open = layer7_proc_open, + .read = seq_read, + .llseek = seq_lseek, + .write = layer7_proc_write, + .release = single_release, +}; +#if 0 /* write out num_packets to userland. */ static int layer7_read_proc(char* page, char ** start, off_t off, int count, int* eof, void * data) @@ -413,6 +454,7 @@ static int layer7_write_proc(struct file* file, const char* buffer, return count; } +#endif static bool #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 35) @@ -622,10 +664,6 @@ check(const char *tablename, const void *inf, #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 35) return -EINVAL; } - if (!nf_ct_acct_enabled(par->net)) { - pr_warning("Forcing CT accounting to be enabled\n"); - nf_ct_set_acct(par->net, true); - } return 0; #else return 0; @@ -667,10 +705,12 @@ static void layer7_cleanup_proc(void) /* register the proc file */ static void layer7_init_proc(void) { - struct proc_dir_entry* entry; +/* struct proc_dir_entry* entry; entry = create_proc_entry("layer7_numpackets", 0644, init_net.proc_net); entry->read_proc = layer7_read_proc; - entry->write_proc = layer7_write_proc; + entry->write_proc = layer7_write_proc;*/ + proc_create_data("layer7_numpackets", 0644, init_net.proc_net, + &layer7_proc_fops, NULL); } static int __init xt_layer7_init(void)