net/netfilter/nf_conntrack_standalone.c

   1 /* This file contains all the functions required for the standalone
   2    nf_conntrack module.
   3
   4    These are not required by the compatibility layer.
   5 */
   6
   7 /* (C) 1999-2001 Paul `Rusty' Russell
   8  * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
   9  *
  10  * This program is free software; you can redistribute it and/or modify
  11  * it under the terms of the GNU General Public License version 2 as
  12  * published by the Free Software Foundation.
  13  *
  14  * 16 Dec 2003: Yasuyuki Kozakai @USAGI <yasuyuki.kozakai@toshiba.co.jp>
  15  *      - generalize L3 protocol dependent part.
  16  *
  17  * Derived from net/ipv4/netfilter/ip_conntrack_standalone.c
  18  */
  19
  20 #include <linux/types.h>
  21 #include <linux/netfilter.h>
  22 #include <linux/module.h>
  23 #include <linux/skbuff.h>
  24 #include <linux/proc_fs.h>
  25 #include <linux/seq_file.h>
  26 #include <linux/percpu.h>
  27 #include <linux/netdevice.h>
  28 #ifdef CONFIG_SYSCTL
  29 #include <linux/sysctl.h>
  30 #endif
  31
  32 #define ASSERT_READ_LOCK(x)
  33 #define ASSERT_WRITE_LOCK(x)
  34
  35 #include <net/netfilter/nf_conntrack.h>
  36 #include <net/netfilter/nf_conntrack_core.h>
  37 #include <net/netfilter/nf_conntrack_l3proto.h>
  38 #include <net/netfilter/nf_conntrack_l4proto.h>
  39 #include <net/netfilter/nf_conntrack_expect.h>
  40 #include <net/netfilter/nf_conntrack_helper.h>
  41
  42 #if 0
  43 #define DEBUGP printk
  44 #else
  45 #define DEBUGP(format, args...)
  46 #endif
  47
  48 MODULE_LICENSE("GPL");
  49
  50 extern atomic_t nf_conntrack_count;
  51 DECLARE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat);
  52
  53 #ifdef CONFIG_PROC_FS
  54 int
  55 print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
  56             struct nf_conntrack_l3proto *l3proto,
  57             struct nf_conntrack_l4proto *l4proto)
  58 {
  59         return l3proto->print_tuple(s, tuple) || l4proto->print_tuple(s, tuple);
  60 }
  61
  62 #ifdef CONFIG_NF_CT_ACCT
  63 static unsigned int
  64 seq_print_counters(struct seq_file *s,
  65                    const struct ip_conntrack_counter *counter)
  66 {
  67         return seq_printf(s, "packets=%llu bytes=%llu ",
  68                           (unsigned long long)counter->packets,
  69                           (unsigned long long)counter->bytes);
  70 }
  71 #else
  72 #define seq_print_counters(x, y)        0
  73 #endif
  74
  75 struct ct_iter_state {
  76         unsigned int bucket;
  77 };
  78
  79 static struct list_head *ct_get_first(struct seq_file *seq)
  80 {
  81         struct ct_iter_state *st = seq->private;
  82
  83         for (st->bucket = 0;
  84              st->bucket < nf_conntrack_htable_size;
  85              st->bucket++) {
  86                 if (!list_empty(&nf_conntrack_hash[st->bucket]))
  87                         return nf_conntrack_hash[st->bucket].next;
  88         }
  89         return NULL;
  90 }
  91
  92 static struct list_head *ct_get_next(struct seq_file *seq, struct list_head *head)
  93 {
  94         struct ct_iter_state *st = seq->private;
  95
  96         head = head->next;
  97         while (head == &nf_conntrack_hash[st->bucket]) {
  98                 if (++st->bucket >= nf_conntrack_htable_size)
  99                         return NULL;
 100                 head = nf_conntrack_hash[st->bucket].next;
 101         }
 102         return head;
 103 }
 104
 105 static struct list_head *ct_get_idx(struct seq_file *seq, loff_t pos)
 106 {
 107         struct list_head *head = ct_get_first(seq);
 108
 109         if (head)
 110                 while (pos && (head = ct_get_next(seq, head)))
 111                         pos--;
 112         return pos ? NULL : head;
 113 }
 114
 115 static void *ct_seq_start(struct seq_file *seq, loff_t *pos)
 116 {
 117         read_lock_bh(&nf_conntrack_lock);
 118         return ct_get_idx(seq, *pos);
 119 }
 120
 121 static void *ct_seq_next(struct seq_file *s, void *v, loff_t *pos)
 122 {
 123         (*pos)++;
 124         return ct_get_next(s, v);
 125 }
 126
 127 static void ct_seq_stop(struct seq_file *s, void *v)
 128 {
 129         read_unlock_bh(&nf_conntrack_lock);
 130 }
 131
 132 /* return 0 on success, 1 in case of error */
 133 static int ct_seq_show(struct seq_file *s, void *v)
 134 {
 135         const struct nf_conntrack_tuple_hash *hash = v;
 136         const struct nf_conn *conntrack = nf_ct_tuplehash_to_ctrack(hash);
 137         struct nf_conntrack_l3proto *l3proto;
 138         struct nf_conntrack_l4proto *l4proto;
 139
 140         ASSERT_READ_LOCK(&nf_conntrack_lock);
 141         NF_CT_ASSERT(conntrack);
 142
 143         /* we only want to print DIR_ORIGINAL */
 144         if (NF_CT_DIRECTION(hash))
 145                 return 0;
 146
 147         l3proto = __nf_ct_l3proto_find(conntrack->tuplehash[IP_CT_DIR_ORIGINAL]
 148                                        .tuple.src.l3num);
 149
 150         NF_CT_ASSERT(l3proto);
 151         l4proto = __nf_ct_l4proto_find(conntrack->tuplehash[IP_CT_DIR_ORIGINAL]
 152                                    .tuple.src.l3num,
 153                                    conntrack->tuplehash[IP_CT_DIR_ORIGINAL]
 154                                    .tuple.dst.protonum);
 155         NF_CT_ASSERT(l4proto);
 156
 157         if (seq_printf(s, "%-8s %u %-8s %u %ld ",
 158                        l3proto->name,
 159                        conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.l3num,
 160                        l4proto->name,
 161                        conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum,
 162                        timer_pending(&conntrack->timeout)
 163                        ? (long)(conntrack->timeout.expires - jiffies)/HZ : 0) != 0)
 164                 return -ENOSPC;
 165
 166         if (l3proto->print_conntrack(s, conntrack))
 167                 return -ENOSPC;
 168
 169         if (l4proto->print_conntrack(s, conntrack))
 170                 return -ENOSPC;
 171
 172         if (print_tuple(s, &conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
 173                         l3proto, l4proto))
 174                 return -ENOSPC;
 175
 176         if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_ORIGINAL]))
 177                 return -ENOSPC;
 178
 179         if (!(test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)))
 180                 if (seq_printf(s, "[UNREPLIED] "))
 181                         return -ENOSPC;
 182
 183         if (print_tuple(s, &conntrack->tuplehash[IP_CT_DIR_REPLY].tuple,
 184                         l3proto, l4proto))
 185                 return -ENOSPC;
 186
 187         if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_REPLY]))
 188                 return -ENOSPC;
 189
 190         if (test_bit(IPS_ASSURED_BIT, &conntrack->status))
 191                 if (seq_printf(s, "[ASSURED] "))
 192                         return -ENOSPC;
 193
 194 #if defined(CONFIG_NF_CONNTRACK_MARK)
 195         if (seq_printf(s, "mark=%u ", conntrack->mark))
 196                 return -ENOSPC;
 197 #endif
 198
 199 #ifdef CONFIG_NF_CONNTRACK_SECMARK
 200         if (seq_printf(s, "secmark=%u ", conntrack->secmark))
 201                 return -ENOSPC;
 202 #endif
 203
 204         if (seq_printf(s, "use=%u\n", atomic_read(&conntrack->ct_general.use)))
 205                 return -ENOSPC;
 206
 207         return 0;
 208 }
 209
 210 static struct seq_operations ct_seq_ops = {
 211         .start = ct_seq_start,
 212         .next  = ct_seq_next,
 213         .stop  = ct_seq_stop,
 214         .show  = ct_seq_show
 215 };
 216
 217 static int ct_open(struct inode *inode, struct file *file)
 218 {
 219         struct seq_file *seq;
 220         struct ct_iter_state *st;
 221         int ret;
 222
 223         st = kmalloc(sizeof(struct ct_iter_state), GFP_KERNEL);
 224         if (st == NULL)
 225                 return -ENOMEM;
 226         ret = seq_open(file, &ct_seq_ops);
 227         if (ret)
 228                 goto out_free;
 229         seq          = file->private_data;
 230         seq->private = st;
 231         memset(st, 0, sizeof(struct ct_iter_state));
 232         return ret;
 233 out_free:
 234         kfree(st);
 235         return ret;
 236 }
 237
 238 static struct file_operations ct_file_ops = {
 239         .owner   = THIS_MODULE,
 240         .open    = ct_open,
 241         .read    = seq_read,
 242         .llseek  = seq_lseek,
 243         .release = seq_release_private,
 244 };
 245
 246 static void *ct_cpu_seq_start(struct seq_file *seq, loff_t *pos)
 247 {
 248         int cpu;
 249
 250         if (*pos == 0)
 251                 return SEQ_START_TOKEN;
 252
 253         for (cpu = *pos-1; cpu < NR_CPUS; ++cpu) {
 254                 if (!cpu_possible(cpu))
 255                         continue;
 256                 *pos = cpu + 1;
 257                 return &per_cpu(nf_conntrack_stat, cpu);
 258         }
 259
 260         return NULL;
 261 }
 262
 263 static void *ct_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
 264 {
 265         int cpu;
 266
 267         for (cpu = *pos; cpu < NR_CPUS; ++cpu) {
 268                 if (!cpu_possible(cpu))
 269                         continue;
 270                 *pos = cpu + 1;
 271                 return &per_cpu(nf_conntrack_stat, cpu);
 272         }
 273
 274         return NULL;
 275 }
 276
 277 static void ct_cpu_seq_stop(struct seq_file *seq, void *v)
 278 {
 279 }
 280
 281 static int ct_cpu_seq_show(struct seq_file *seq, void *v)
 282 {
 283         unsigned int nr_conntracks = atomic_read(&nf_conntrack_count);
 284         struct ip_conntrack_stat *st = v;
 285
 286         if (v == SEQ_START_TOKEN) {
 287                 seq_printf(seq, "entries  searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error  expect_new expect_create expect_delete\n");
 288                 return 0;
 289         }
 290
 291         seq_printf(seq, "%08x  %08x %08x %08x %08x %08x %08x %08x "
 292                         "%08x %08x %08x %08x %08x  %08x %08x %08x \n",
 293                    nr_conntracks,
 294                    st->searched,
 295                    st->found,
 296                    st->new,
 297                    st->invalid,
 298                    st->ignore,
 299                    st->delete,
 300                    st->delete_list,
 301                    st->insert,
 302                    st->insert_failed,
 303                    st->drop,
 304                    st->early_drop,
 305                    st->error,
 306
 307                    st->expect_new,
 308                    st->expect_create,
 309                    st->expect_delete
 310                 );
 311         return 0;
 312 }
 313
 314 static struct seq_operations ct_cpu_seq_ops = {
 315         .start  = ct_cpu_seq_start,
 316         .next   = ct_cpu_seq_next,
 317         .stop   = ct_cpu_seq_stop,
 318         .show   = ct_cpu_seq_show,
 319 };
 320
 321 static int ct_cpu_seq_open(struct inode *inode, struct file *file)
 322 {
 323         return seq_open(file, &ct_cpu_seq_ops);
 324 }
 325
 326 static struct file_operations ct_cpu_seq_fops = {
 327         .owner   = THIS_MODULE,
 328         .open    = ct_cpu_seq_open,
 329         .read    = seq_read,
 330         .llseek  = seq_lseek,
 331         .release = seq_release_private,
 332 };
 333 #endif /* CONFIG_PROC_FS */
 334
 335 /* Sysctl support */
 336
 337 int nf_conntrack_checksum __read_mostly = 1;
 338
 339 #ifdef CONFIG_SYSCTL
 340
 341 /* From nf_conntrack_core.c */
 342 extern int nf_conntrack_max;
 343 extern unsigned int nf_conntrack_htable_size;
 344
 345 /* From nf_conntrack_proto_tcp.c */
 346 extern unsigned int nf_ct_tcp_timeout_syn_sent;
 347 extern unsigned int nf_ct_tcp_timeout_syn_recv;
 348 extern unsigned int nf_ct_tcp_timeout_established;
 349 extern unsigned int nf_ct_tcp_timeout_fin_wait;
 350 extern unsigned int nf_ct_tcp_timeout_close_wait;
 351 extern unsigned int nf_ct_tcp_timeout_last_ack;
 352 extern unsigned int nf_ct_tcp_timeout_time_wait;
 353 extern unsigned int nf_ct_tcp_timeout_close;
 354 extern unsigned int nf_ct_tcp_timeout_max_retrans;
 355 extern int nf_ct_tcp_loose;
 356 extern int nf_ct_tcp_be_liberal;
 357 extern int nf_ct_tcp_max_retrans;
 358
 359 /* From nf_conntrack_proto_udp.c */
 360 extern unsigned int nf_ct_udp_timeout;
 361 extern unsigned int nf_ct_udp_timeout_stream;
 362
 363 /* From nf_conntrack_proto_generic.c */
 364 extern unsigned int nf_ct_generic_timeout;
 365
 366 /* Log invalid packets of a given protocol */
 367 static int log_invalid_proto_min = 0;
 368 static int log_invalid_proto_max = 255;
 369
 370 static struct ctl_table_header *nf_ct_sysctl_header;
 371
 372 static ctl_table nf_ct_sysctl_table[] = {
 373         {
 374                 .ctl_name       = NET_NF_CONNTRACK_MAX,
 375                 .procname       = "nf_conntrack_max",
 376                 .data           = &nf_conntrack_max,
 377                 .maxlen         = sizeof(int),
 378                 .mode           = 0644,
 379                 .proc_handler   = &proc_dointvec,
 380         },
 381         {
 382                 .ctl_name       = NET_NF_CONNTRACK_COUNT,
 383                 .procname       = "nf_conntrack_count",
 384                 .data           = &nf_conntrack_count,
 385                 .maxlen         = sizeof(int),
 386                 .mode           = 0444,
 387                 .proc_handler   = &proc_dointvec,
 388         },
 389         {
 390                 .ctl_name       = NET_NF_CONNTRACK_BUCKETS,
 391                 .procname       = "nf_conntrack_buckets",
 392                 .data           = &nf_conntrack_htable_size,
 393                 .maxlen         = sizeof(unsigned int),
 394                 .mode           = 0444,
 395                 .proc_handler   = &proc_dointvec,
 396         },
 397         {
 398                 .ctl_name       = NET_NF_CONNTRACK_CHECKSUM,
 399                 .procname       = "nf_conntrack_checksum",
 400                 .data           = &nf_conntrack_checksum,
 401                 .maxlen         = sizeof(unsigned int),
 402                 .mode           = 0644,
 403                 .proc_handler   = &proc_dointvec,
 404         },
 405         {
 406                 .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT,
 407                 .procname       = "nf_conntrack_tcp_timeout_syn_sent",
 408                 .data           = &nf_ct_tcp_timeout_syn_sent,
 409                 .maxlen         = sizeof(unsigned int),
 410                 .mode           = 0644,
 411                 .proc_handler   = &proc_dointvec_jiffies,
 412         },
 413         {
 414                 .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV,
 415                 .procname       = "nf_conntrack_tcp_timeout_syn_recv",
 416                 .data           = &nf_ct_tcp_timeout_syn_recv,
 417                 .maxlen         = sizeof(unsigned int),
 418                 .mode           = 0644,
 419                 .proc_handler   = &proc_dointvec_jiffies,
 420         },
 421         {
 422                 .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED,
 423                 .procname       = "nf_conntrack_tcp_timeout_established",
 424                 .data           = &nf_ct_tcp_timeout_established,
 425                 .maxlen         = sizeof(unsigned int),
 426                 .mode           = 0644,
 427                 .proc_handler   = &proc_dointvec_jiffies,
 428         },
 429         {
 430                 .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT,
 431                 .procname       = "nf_conntrack_tcp_timeout_fin_wait",
 432                 .data           = &nf_ct_tcp_timeout_fin_wait,
 433                 .maxlen         = sizeof(unsigned int),
 434                 .mode           = 0644,
 435                 .proc_handler   = &proc_dointvec_jiffies,
 436         },
 437         {
 438                 .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT,
 439                 .procname       = "nf_conntrack_tcp_timeout_close_wait",
 440                 .data           = &nf_ct_tcp_timeout_close_wait,
 441                 .maxlen         = sizeof(unsigned int),
 442                 .mode           = 0644,
 443                 .proc_handler   = &proc_dointvec_jiffies,
 444         },
 445         {
 446                 .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK,
 447                 .procname       = "nf_conntrack_tcp_timeout_last_ack",
 448                 .data           = &nf_ct_tcp_timeout_last_ack,
 449                 .maxlen         = sizeof(unsigned int),
 450                 .mode           = 0644,
 451                 .proc_handler   = &proc_dointvec_jiffies,
 452         },
 453         {
 454                 .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT,
 455                 .procname       = "nf_conntrack_tcp_timeout_time_wait",
 456                 .data           = &nf_ct_tcp_timeout_time_wait,
 457                 .maxlen         = sizeof(unsigned int),
 458                 .mode           = 0644,
 459                 .proc_handler   = &proc_dointvec_jiffies,
 460         },
 461         {
 462                 .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE,
 463                 .procname       = "nf_conntrack_tcp_timeout_close",
 464                 .data           = &nf_ct_tcp_timeout_close,
 465                 .maxlen         = sizeof(unsigned int),
 466                 .mode           = 0644,
 467                 .proc_handler   = &proc_dointvec_jiffies,
 468         },
 469         {
 470                 .ctl_name       = NET_NF_CONNTRACK_UDP_TIMEOUT,
 471                 .procname       = "nf_conntrack_udp_timeout",
 472                 .data           = &nf_ct_udp_timeout,
 473                 .maxlen         = sizeof(unsigned int),
 474                 .mode           = 0644,
 475                 .proc_handler   = &proc_dointvec_jiffies,
 476         },
 477         {
 478                 .ctl_name       = NET_NF_CONNTRACK_UDP_TIMEOUT_STREAM,
 479                 .procname       = "nf_conntrack_udp_timeout_stream",
 480                 .data           = &nf_ct_udp_timeout_stream,
 481                 .maxlen         = sizeof(unsigned int),
 482                 .mode           = 0644,
 483                 .proc_handler   = &proc_dointvec_jiffies,
 484         },
 485         {
 486                 .ctl_name       = NET_NF_CONNTRACK_GENERIC_TIMEOUT,
 487                 .procname       = "nf_conntrack_generic_timeout",
 488                 .data           = &nf_ct_generic_timeout,
 489                 .maxlen         = sizeof(unsigned int),
 490                 .mode           = 0644,
 491                 .proc_handler   = &proc_dointvec_jiffies,
 492         },
 493         {
 494                 .ctl_name       = NET_NF_CONNTRACK_LOG_INVALID,
 495                 .procname       = "nf_conntrack_log_invalid",
 496                 .data           = &nf_ct_log_invalid,
 497                 .maxlen         = sizeof(unsigned int),
 498                 .mode           = 0644,
 499                 .proc_handler   = &proc_dointvec_minmax,
 500                 .strategy       = &sysctl_intvec,
 501                 .extra1         = &log_invalid_proto_min,
 502                 .extra2         = &log_invalid_proto_max,
 503         },
 504         {
 505                 .ctl_name       = NET_NF_CONNTRACK_TCP_TIMEOUT_MAX_RETRANS,
 506                 .procname       = "nf_conntrack_tcp_timeout_max_retrans",
 507                 .data           = &nf_ct_tcp_timeout_max_retrans,
 508                 .maxlen         = sizeof(unsigned int),
 509                 .mode           = 0644,
 510                 .proc_handler   = &proc_dointvec_jiffies,
 511         },
 512         {
 513                 .ctl_name       = NET_NF_CONNTRACK_TCP_LOOSE,
 514                 .procname       = "nf_conntrack_tcp_loose",
 515                 .data           = &nf_ct_tcp_loose,
 516                 .maxlen         = sizeof(unsigned int),
 517                 .mode           = 0644,
 518                 .proc_handler   = &proc_dointvec,
 519         },
 520         {
 521                 .ctl_name       = NET_NF_CONNTRACK_TCP_BE_LIBERAL,
 522                 .procname       = "nf_conntrack_tcp_be_liberal",
 523                 .data           = &nf_ct_tcp_be_liberal,
 524                 .maxlen         = sizeof(unsigned int),
 525                 .mode           = 0644,
 526                 .proc_handler   = &proc_dointvec,
 527         },
 528         {
 529                 .ctl_name       = NET_NF_CONNTRACK_TCP_MAX_RETRANS,
 530                 .procname       = "nf_conntrack_tcp_max_retrans",
 531                 .data           = &nf_ct_tcp_max_retrans,
 532                 .maxlen         = sizeof(unsigned int),
 533                 .mode           = 0644,
 534                 .proc_handler   = &proc_dointvec,
 535         },
 536
 537         { .ctl_name = 0 }
 538 };
 539
 540 #define NET_NF_CONNTRACK_MAX 2089
 541
 542 static ctl_table nf_ct_netfilter_table[] = {
 543         {
 544                 .ctl_name       = NET_NETFILTER,
 545                 .procname       = "netfilter",
 546                 .mode           = 0555,
 547                 .child          = nf_ct_sysctl_table,
 548         },
 549         {
 550                 .ctl_name       = NET_NF_CONNTRACK_MAX,
 551                 .procname       = "nf_conntrack_max",
 552                 .data           = &nf_conntrack_max,
 553                 .maxlen         = sizeof(int),
 554                 .mode           = 0644,
 555                 .proc_handler   = &proc_dointvec,
 556         },
 557         { .ctl_name = 0 }
 558 };
 559
 560 static ctl_table nf_ct_net_table[] = {
 561         {
 562                 .ctl_name       = CTL_NET,
 563                 .procname       = "net",
 564                 .mode           = 0555,
 565                 .child          = nf_ct_netfilter_table,
 566         },
 567         { .ctl_name = 0 }
 568 };
 569 EXPORT_SYMBOL(nf_ct_log_invalid);
 570 #endif /* CONFIG_SYSCTL */
 571
 572 static int __init nf_conntrack_standalone_init(void)
 573 {
 574 #ifdef CONFIG_PROC_FS
 575         struct proc_dir_entry *proc, *proc_exp, *proc_stat;
 576 #endif
 577         int ret = 0;
 578
 579         ret = nf_conntrack_init();
 580         if (ret < 0)
 581                 return ret;
 582
 583 #ifdef CONFIG_PROC_FS
 584         proc = proc_net_fops_create("nf_conntrack", 0440, &ct_file_ops);
 585         if (!proc) goto cleanup_init;
 586
 587         proc_exp = proc_net_fops_create("nf_conntrack_expect", 0440,
 588                                         &exp_file_ops);
 589         if (!proc_exp) goto cleanup_proc;
 590
 591         proc_stat = create_proc_entry("nf_conntrack", S_IRUGO, proc_net_stat);
 592         if (!proc_stat)
 593                 goto cleanup_proc_exp;
 594
 595         proc_stat->proc_fops = &ct_cpu_seq_fops;
 596         proc_stat->owner = THIS_MODULE;
 597 #endif
 598 #ifdef CONFIG_SYSCTL
 599         nf_ct_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
 600         if (nf_ct_sysctl_header == NULL) {
 601                 printk("nf_conntrack: can't register to sysctl.\n");
 602                 ret = -ENOMEM;
 603                 goto cleanup_proc_stat;
 604         }
 605 #endif
 606         return ret;
 607
 608 #ifdef CONFIG_SYSCTL
 609  cleanup_proc_stat:
 610 #endif
 611 #ifdef CONFIG_PROC_FS
 612         remove_proc_entry("nf_conntrack", proc_net_stat);
 613  cleanup_proc_exp:
 614         proc_net_remove("nf_conntrack_expect");
 615  cleanup_proc:
 616         proc_net_remove("nf_conntrack");
 617  cleanup_init:
 618 #endif /* CNFIG_PROC_FS */
 619         nf_conntrack_cleanup();
 620         return ret;
 621 }
 622
 623 static void __exit nf_conntrack_standalone_fini(void)
 624 {
 625 #ifdef CONFIG_SYSCTL
 626         unregister_sysctl_table(nf_ct_sysctl_header);
 627 #endif
 628 #ifdef CONFIG_PROC_FS
 629         remove_proc_entry("nf_conntrack", proc_net_stat);
 630         proc_net_remove("nf_conntrack_expect");
 631         proc_net_remove("nf_conntrack");
 632 #endif /* CNFIG_PROC_FS */
 633         nf_conntrack_cleanup();
 634 }
 635
 636 module_init(nf_conntrack_standalone_init);
 637 module_exit(nf_conntrack_standalone_fini);
 638
 639 /* Some modules need us, but don't depend directly on any symbol.
 640    They should call this. */
 641 void need_conntrack(void)
 642 {
 643 }
 644
 645 #ifdef CONFIG_NF_CONNTRACK_EVENTS
 646 EXPORT_SYMBOL_GPL(nf_conntrack_chain);
 647 EXPORT_SYMBOL_GPL(nf_conntrack_expect_chain);
 648 EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier);
 649 EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier);
 650 EXPORT_SYMBOL_GPL(__nf_ct_event_cache_init);
 651 EXPORT_PER_CPU_SYMBOL_GPL(nf_conntrack_ecache);
 652 EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events);
 653 #endif
 654 EXPORT_SYMBOL(nf_ct_l3proto_try_module_get);
 655 EXPORT_SYMBOL(nf_ct_l3proto_module_put);
 656 EXPORT_SYMBOL(nf_conntrack_l3proto_register);
 657 EXPORT_SYMBOL(nf_conntrack_l3proto_unregister);
 658 EXPORT_SYMBOL(nf_conntrack_l4proto_register);
 659 EXPORT_SYMBOL(nf_conntrack_l4proto_unregister);
 660 EXPORT_SYMBOL(nf_ct_invert_tuplepr);
 661 EXPORT_SYMBOL(nf_conntrack_destroyed);
 662 EXPORT_SYMBOL(need_conntrack);
 663 EXPORT_SYMBOL(nf_conntrack_helper_register);
 664 EXPORT_SYMBOL(nf_conntrack_helper_unregister);
 665 EXPORT_SYMBOL(nf_ct_iterate_cleanup);
 666 EXPORT_SYMBOL(__nf_ct_refresh_acct);
 667 EXPORT_SYMBOL(nf_ct_protos);
 668 EXPORT_SYMBOL(__nf_ct_l4proto_find);
 669 EXPORT_SYMBOL(nf_ct_l4proto_find_get);
 670 EXPORT_SYMBOL(nf_ct_l4proto_put);
 671 EXPORT_SYMBOL(nf_ct_l3proto_find_get);
 672 EXPORT_SYMBOL(nf_ct_l3proto_put);
 673 EXPORT_SYMBOL(nf_ct_l3protos);
 674 EXPORT_SYMBOL_GPL(nf_conntrack_checksum);
 675 EXPORT_SYMBOL(nf_conntrack_expect_alloc);
 676 EXPORT_SYMBOL(nf_conntrack_expect_put);
 677 EXPORT_SYMBOL(nf_conntrack_expect_related);
 678 EXPORT_SYMBOL(nf_conntrack_unexpect_related);
 679 EXPORT_SYMBOL(nf_conntrack_tuple_taken);
 680 EXPORT_SYMBOL(nf_conntrack_htable_size);
 681 EXPORT_SYMBOL(nf_conntrack_lock);
 682 EXPORT_SYMBOL(nf_conntrack_hash);
 683 EXPORT_SYMBOL(nf_conntrack_untracked);
 684 EXPORT_SYMBOL_GPL(nf_conntrack_find_get);
 685 #ifdef CONFIG_IP_NF_NAT_NEEDED
 686 EXPORT_SYMBOL(nf_conntrack_tcp_update);
 687 #endif
 688 EXPORT_SYMBOL(__nf_conntrack_confirm);
 689 EXPORT_SYMBOL(nf_ct_get_tuple);
 690 EXPORT_SYMBOL(nf_ct_invert_tuple);
 691 EXPORT_SYMBOL(nf_conntrack_in);
 692 EXPORT_SYMBOL(__nf_conntrack_attach);
 693 EXPORT_SYMBOL(nf_conntrack_alloc);
 694 EXPORT_SYMBOL(nf_conntrack_free);
 695 EXPORT_SYMBOL(nf_conntrack_flush);
 696 EXPORT_SYMBOL(nf_ct_remove_expectations);
 697 EXPORT_SYMBOL(nf_ct_helper_find_get);
 698 EXPORT_SYMBOL(nf_ct_helper_put);
 699 EXPORT_SYMBOL(__nf_conntrack_helper_find_byname);
 700 EXPORT_SYMBOL(__nf_conntrack_find);
 701 EXPORT_SYMBOL(nf_ct_unlink_expect);
 702 EXPORT_SYMBOL(nf_conntrack_hash_insert);
 703 EXPORT_SYMBOL(__nf_conntrack_expect_find);
 704 EXPORT_SYMBOL(nf_conntrack_expect_find);
 705 EXPORT_SYMBOL(nf_conntrack_expect_list);
 706 #if defined(CONFIG_NF_CT_NETLINK) || \
 707     defined(CONFIG_NF_CT_NETLINK_MODULE)
 708 EXPORT_SYMBOL(nf_ct_port_tuple_to_nfattr);
 709 EXPORT_SYMBOL(nf_ct_port_nfattr_to_tuple);
 710 #endif