hak5
/
openwrt
mirror of https://github.com/hak5/openwrt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

netfilter: add support for flushing conntrack via /proc 

SVN-Revision: 35330
lede-17.01
Felix Fietkau 2013-01-27 19:02:38 +00:00
parent 156a6e7999
commit 8193bbe59a
4 changed files with 184 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
target/linux/generic/patches-3.3/604-netfilter_conntrack_flush.patch Normal file
View File

@ -0,0 +1,46 @@
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -267,10 +267,34 @@ static int ct_open(struct inode *inode,
sizeof(struct ct_iter_state));
}
+static int kill_all(struct nf_conn *i, void *data)
+{
+ return 1;
+}
+
+static ssize_t ct_file_write(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+{
+ struct seq_file *seq = file->private_data;
+ struct net *net = seq_file_net(seq);
+
+ if (count) {
+ char c;
+
+ if (get_user(c, buf))
+ return -EFAULT;
+
+ if (c == 'f')
+ nf_ct_iterate_cleanup(net, kill_all, NULL);
+ }
+ return count;
+}
+
static const struct file_operations ct_file_ops = {
.owner = THIS_MODULE,
.open = ct_open,
.read = seq_read,
+ .write = ct_file_write,
.llseek = seq_lseek,
.release = seq_release_net,
};
@@ -372,7 +396,7 @@ static int nf_conntrack_standalone_init_
{
struct proc_dir_entry *pde;
- pde = proc_net_fops_create(net, "nf_conntrack", 0440, &ct_file_ops);
+ pde = proc_net_fops_create(net, "nf_conntrack", 0660, &ct_file_ops);
if (!pde)
goto out_nf_conntrack;

46
target/linux/generic/patches-3.6/604-netfilter_conntrack_flush.patch Normal file
View File

@ -0,0 +1,46 @@
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -267,10 +267,34 @@ static int ct_open(struct inode *inode,
sizeof(struct ct_iter_state));
}
+static int kill_all(struct nf_conn *i, void *data)
+{
+ return 1;
+}
+
+static ssize_t ct_file_write(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+{
+ struct seq_file *seq = file->private_data;
+ struct net *net = seq_file_net(seq);
+
+ if (count) {
+ char c;
+
+ if (get_user(c, buf))
+ return -EFAULT;
+
+ if (c == 'f')
+ nf_ct_iterate_cleanup(net, kill_all, NULL);
+ }
+ return count;
+}
+
static const struct file_operations ct_file_ops = {
.owner = THIS_MODULE,
.open = ct_open,
.read = seq_read,
+ .write = ct_file_write,
.llseek = seq_lseek,
.release = seq_release_net,
};
@@ -372,7 +396,7 @@ static int nf_conntrack_standalone_init_
{
struct proc_dir_entry *pde;
- pde = proc_net_fops_create(net, "nf_conntrack", 0440, &ct_file_ops);
+ pde = proc_net_fops_create(net, "nf_conntrack", 0660, &ct_file_ops);
if (!pde)
goto out_nf_conntrack;

46
target/linux/generic/patches-3.7/604-netfilter_conntrack_flush.patch Normal file
View File

@ -0,0 +1,46 @@
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -267,10 +267,34 @@ static int ct_open(struct inode *inode,
sizeof(struct ct_iter_state));
}
+static int kill_all(struct nf_conn *i, void *data)
+{
+ return 1;
+}
+
+static ssize_t ct_file_write(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+{
+ struct seq_file *seq = file->private_data;
+ struct net *net = seq_file_net(seq);
+
+ if (count) {
+ char c;
+
+ if (get_user(c, buf))
+ return -EFAULT;
+
+ if (c == 'f')
+ nf_ct_iterate_cleanup(net, kill_all, NULL);
+ }
+ return count;
+}
+
static const struct file_operations ct_file_ops = {
.owner = THIS_MODULE,
.open = ct_open,
.read = seq_read,
+ .write = ct_file_write,
.llseek = seq_lseek,
.release = seq_release_net,
};
@@ -372,7 +396,7 @@ static int nf_conntrack_standalone_init_
{
struct proc_dir_entry *pde;
- pde = proc_net_fops_create(net, "nf_conntrack", 0440, &ct_file_ops);
+ pde = proc_net_fops_create(net, "nf_conntrack", 0660, &ct_file_ops);
if (!pde)
goto out_nf_conntrack;

46
target/linux/generic/patches-3.8/604-netfilter_conntrack_flush.patch Normal file
View File

@ -0,0 +1,46 @@
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -261,10 +261,34 @@ static int ct_open(struct inode *inode,
sizeof(struct ct_iter_state));
}
+static int kill_all(struct nf_conn *i, void *data)
+{
+ return 1;
+}
+
+static ssize_t ct_file_write(struct file *file, const char __user *buf,
+ size_t count, loff_t *ppos)
+{
+ struct seq_file *seq = file->private_data;
+ struct net *net = seq_file_net(seq);
+
+ if (count) {
+ char c;
+
+ if (get_user(c, buf))
+ return -EFAULT;
+
+ if (c == 'f')
+ nf_ct_iterate_cleanup(net, kill_all, NULL);
+ }
+ return count;
+}
+
static const struct file_operations ct_file_ops = {
.owner = THIS_MODULE,
.open = ct_open,
.read = seq_read,
+ .write = ct_file_write,
.llseek = seq_lseek,
.release = seq_release_net,
};
@@ -366,7 +390,7 @@ static int nf_conntrack_standalone_init_
{
struct proc_dir_entry *pde;
- pde = proc_net_fops_create(net, "nf_conntrack", 0440, &ct_file_ops);
+ pde = proc_net_fops_create(net, "nf_conntrack", 0660, &ct_file_ops);
if (!pde)
goto out_nf_conntrack;