diff --git a/net/netfilter/core.c b/net/netfilter/core.c index ef4e76e5aef9..e5415ba18652 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -59,8 +59,10 @@ static struct nf_hook_entries *allocate_hook_entries_size(u16 num) return NULL; e = kvzalloc(alloc, GFP_KERNEL_ACCOUNT); - if (e) + if (e) { + printk("%p, %d, %s\n", e, num, __func__); e->num_hook_entries = num; + } return e; } @@ -117,7 +119,7 @@ nf_hook_entries_grow(const struct nf_hook_entries *old, orig_ops = nf_hook_entries_get_hook_ops(old); for (i = 0; i < old_entries; i++) { - if (orig_ops[i] != &dummy_ops) + if (orig_ops[i] && orig_ops[i] != &dummy_ops) alloc_entries++; /* Restrict BPF hook type to force a unique priority, not @@ -151,6 +153,7 @@ nf_hook_entries_grow(const struct nf_hook_entries *old, continue; } + printk("n %p, o %p, %p, %s\n", new, old, orig_ops[i], __func__); if (inserted || reg->priority > orig_ops[i]->priority) { new_ops[nhooks] = (void *)orig_ops[i]; new->hooks[nhooks] = old->hooks[i]; @@ -201,6 +204,7 @@ int nf_hook_entries_insert_raw(struct nf_hook_entries __rcu **pp, struct nf_hook_entries *p; p = rcu_dereference_raw(*pp); + printk("%p, %s\n",p, __func__); new_hooks = nf_hook_entries_grow(p, reg); if (IS_ERR(new_hooks)) return PTR_ERR(new_hooks); @@ -244,7 +248,7 @@ static void *__nf_hook_entries_try_shrink(struct nf_hook_entries *old, orig_ops = nf_hook_entries_get_hook_ops(old); for (i = 0; i < old->num_hook_entries; i++) { - if (orig_ops[i] == &dummy_ops) + if (!orig_ops[i] || orig_ops[i] == &dummy_ops) skip++; } @@ -261,12 +265,15 @@ static void *__nf_hook_entries_try_shrink(struct nf_hook_entries *old, if (!new) return NULL; + printk("old ents: %p, new ents: %p, %s\n", old, new, __func__); new_ops = nf_hook_entries_get_hook_ops(new); for (i = 0, j = 0; i < old->num_hook_entries; i++) { - if (orig_ops[i] == &dummy_ops) + if (!orig_ops[i] || orig_ops[i] == &dummy_ops) continue; new->hooks[j] = old->hooks[i]; new_ops[j] = (void *)orig_ops[i]; + printk("new ents: %p, new uo h: %p, new ops: %p, %s\n", + new, new->hooks[j], new_ops[j], __func__); j++; } hooks_validate(new); @@ -279,6 +286,9 @@ static struct nf_hook_entries __rcu ** nf_hook_entry_head(struct net *net, int pf, unsigned int hooknum, struct net_device *dev) { + printk("pf: %d, ipv4 size: %d, hooknum: %d, %s\n", pf, + ARRAY_SIZE(net->nf.hooks_ipv4), + hooknum, __func__); switch (pf) { case NFPROTO_NETDEV: break; @@ -432,6 +442,7 @@ static int __nf_register_net_hook(struct net *net, int pf, mutex_lock(&nf_hook_mutex); p = nf_entry_dereference(*pp); + printk("%p, %s\n",p, __func__); new_hooks = nf_hook_entries_grow(p, reg); if (!IS_ERR(new_hooks)) { @@ -473,12 +484,16 @@ static bool nf_remove_net_hook(struct nf_hook_entries *old, struct nf_hook_ops **orig_ops; unsigned int i; + printk("ents: %p, del ops: %p, num: %d, %s\n", old, unreg, old->num_hook_entries, __func__); orig_ops = nf_hook_entries_get_hook_ops(old); for (i = 0; i < old->num_hook_entries; i++) { - if (orig_ops[i] != unreg) + if (orig_ops[i] != unreg) { + printk("%p, %d, %s\n", orig_ops[i], i, __func__); continue; + } WRITE_ONCE(old->hooks[i].hook, accept_all); WRITE_ONCE(orig_ops[i], (void *)&dummy_ops); + printk("ents: %p, del ops: %p, i: %d, %s\n", old, orig_ops[i], i, __func__); return true; } @@ -558,6 +573,7 @@ int nf_register_net_hook(struct net *net, const struct nf_hook_ops *reg) { int err; + printk("%p, %p, %s\n", net, reg, __func__); if (reg->pf == NFPROTO_INET) { if (reg->hooknum == NF_INET_INGRESS) { err = __nf_register_net_hook(net, NFPROTO_INET, reg); diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index a72b6aeefb1b..a5fb9b1de917 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -10001,6 +10001,7 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb) nft_chain_del(trans->ctx.chain); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN, NULL); + printk("destroy chain %p, %s\n", &trans->ctx.chain, __func__); nf_tables_unregister_hook(trans->ctx.net, trans->ctx.table, trans->ctx.chain);