From 3ee3529e5a31e6183f3ea7f7624533bd582432fc Mon Sep 17 00:00:00 2001
From: W_Y_CPP <383152993@qq.com>
Date: Tue, 18 Jan 2022 21:45:34 -0500
Subject: [PATCH] add net-conntrack-events-support-multiple-registrant for 5.15

---
 include/net/netfilter/nf_conntrack_ecache.h |  15 ++-
 include/net/netns/conntrack.h               |   3 +
 net/netfilter/Kconfig                       |   8 ++
 net/netfilter/nf_conntrack_core.c           |   4 +
 net/netfilter/nf_conntrack_ecache.c         | 103 +++++++++++++++++++-
 net/netfilter/nf_conntrack_netlink.c        |  17 ++++
 6 files changed, 146 insertions(+), 4 deletions(-)

diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h
index d932e22ed..c45657013 100644
--- a/include/net/netfilter/nf_conntrack_ecache.h
+++ b/include/net/netfilter/nf_conntrack_ecache.h
@@ -83,9 +83,14 @@ struct nf_ct_event_notifier {
 	int (*exp_event)(unsigned int events, const struct nf_exp_event *item);
 };
 
-void nf_conntrack_register_notifier(struct net *net,
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+extern int nf_conntrack_register_notifier(struct net *net, struct notifier_block *nb);
+extern int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb);
+#else
+int nf_conntrack_register_notifier(struct net *net,
 				   const struct nf_ct_event_notifier *nb);
 void nf_conntrack_unregister_notifier(struct net *net);
+#endif
 
 void nf_ct_deliver_cached_events(struct nf_conn *ct);
 int nf_conntrack_eventmask_report(unsigned int eventmask, struct nf_conn *ct,
@@ -111,11 +116,13 @@ static inline void
 nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct)
 {
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
-	struct net *net = nf_ct_net(ct);
 	struct nf_conntrack_ecache *e;
+#ifndef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+	struct net *net = nf_ct_net(ct);
 
 	if (!rcu_access_pointer(net->ct.nf_conntrack_event_cb))
 		return;
+#endif
 
 	e = nf_ct_ecache_find(ct);
 	if (e == NULL)
@@ -130,10 +137,12 @@ nf_conntrack_event_report(enum ip_conntrack_events event, struct nf_conn *ct,
 			  u32 portid, int report)
 {
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
+#ifndef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
 	const struct net *net = nf_ct_net(ct);
 
 	if (!rcu_access_pointer(net->ct.nf_conntrack_event_cb))
 		return 0;
+#endif
 
 	return nf_conntrack_eventmask_report(1 << event, ct, portid, report);
 #else
@@ -145,10 +154,12 @@ static inline int
 nf_conntrack_event(enum ip_conntrack_events event, struct nf_conn *ct)
 {
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
+#ifndef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
 	const struct net *net = nf_ct_net(ct);
 
 	if (!rcu_access_pointer(net->ct.nf_conntrack_event_cb))
 		return 0;
+#endif
 
 	return nf_conntrack_eventmask_report(1 << event, ct, 0, 0);
 #else
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index 0294f3d47..9bc2a1eba 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -112,6 +112,9 @@ struct netns_ct {
 
 	struct ct_pcpu __percpu *pcpu_lists;
 	struct ip_conntrack_stat __percpu *stat;
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+	struct atomic_notifier_head nf_conntrack_chain;
+#endif
 	struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb;
 	struct nf_ip_net	nf_ct_proto;
 #if defined(CONFIG_NF_CONNTRACK_LABELS)
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 92a747896..258bdeac9 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -151,6 +151,14 @@ config NF_CONNTRACK_EVENTS
 
 	  If unsure, say `N'.
 
+config NF_CONNTRACK_CHAIN_EVENTS
+	bool "Register multiple callbacks to ct events"
+	depends on NF_CONNTRACK_EVENTS
+	help
+	  Support multiple registrations.
+
+	  If unsure, say `N'.
+
 config NF_CONNTRACK_TIMEOUT
 	bool  'Connection tracking timeout'
 	depends on NETFILTER_ADVANCED
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 4712a90a1..ac05af611 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2825,6 +2825,10 @@ int nf_conntrack_init_net(struct net *net)
 	nf_conntrack_helper_pernet_init(net);
 	nf_conntrack_proto_pernet_init(net);
 
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+	ATOMIC_INIT_NOTIFIER_HEAD(&net->ct.nf_conntrack_chain);
+#endif
+
 	return 0;
 
 err_expect:
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
index 41768ff19..9d8075db0 100644
--- a/net/netfilter/nf_conntrack_ecache.c
+++ b/net/netfilter/nf_conntrack_ecache.c
@@ -18,6 +18,9 @@
 #include <linux/err.h>
 #include <linux/percpu.h>
 #include <linux/kernel.h>
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+#include <linux/notifier.h>
+#endif
 #include <linux/netdevice.h>
 #include <linux/slab.h>
 #include <linux/export.h>
@@ -167,6 +170,35 @@ static int __nf_conntrack_eventmask_report(struct nf_conntrack_ecache *e,
 	return ret;
 }
 
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+int nf_conntrack_eventmask_report(unsigned int eventmask, struct nf_conn *ct,
+				  u32 portid, int report)
+{
+	struct nf_conntrack_ecache *e;
+	struct net *net = nf_ct_net(ct);
+
+	e = nf_ct_ecache_find(ct);
+	if (e == NULL)
+		return 0;
+
+	if (nf_ct_is_confirmed(ct)) {
+		struct nf_ct_event item = {
+			.ct = ct,
+			.portid	= e->portid ? e->portid : portid,
+			.report = report
+		};
+		/* This is a resent of a destroy event? If so, skip missed */
+		unsigned long missed = e->portid ? 0 : e->missed;
+
+		if (!((eventmask | missed) & e->ctmask))
+			return 0;
+
+		atomic_notifier_call_chain(&net->ct.nf_conntrack_chain, eventmask | missed, &item);
+	}
+
+	return 0;
+}
+#else
 int nf_conntrack_eventmask_report(unsigned int events, struct nf_conn *ct,
 				  u32 portid, int report)
 {
@@ -203,10 +235,52 @@ int nf_conntrack_eventmask_report(unsigned int events, struct nf_conn *ct,
 
 	return ret;
 }
+#endif
 EXPORT_SYMBOL_GPL(nf_conntrack_eventmask_report);
 
 /* deliver cached events and clear cache entry - must be called with locally
  * disabled softirqs */
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+void nf_ct_deliver_cached_events(struct nf_conn *ct)
+{
+	unsigned long events, missed;
+	struct nf_conntrack_ecache *e;
+	struct nf_ct_event item;
+	struct net *net = nf_ct_net(ct);
+
+	e = nf_ct_ecache_find(ct);
+	if (e == NULL)
+		return;
+
+	events = xchg(&e->cache, 0);
+
+	if (!nf_ct_is_confirmed(ct) || nf_ct_is_dying(ct) || !events)
+		return;
+
+	/* We make a copy of the missed event cache without taking
+	 * the lock, thus we may send missed events twice. However,
+	 * this does not harm and it happens very rarely. */
+	missed = e->missed;
+
+	if (!((events | missed) & e->ctmask))
+		return;
+
+	item.ct = ct;
+	item.portid = 0;
+	item.report = 0;
+
+	atomic_notifier_call_chain(&net->ct.nf_conntrack_chain,
+			events | missed,
+			&item);
+
+	if (likely(!missed))
+		return;
+
+	spin_lock_bh(&ct->lock);
+		e->missed &= ~missed;
+	spin_unlock_bh(&ct->lock);
+}
+#else
 void nf_ct_deliver_cached_events(struct nf_conn *ct)
 {
 	struct nf_conntrack_ecache *e;
@@ -232,6 +306,7 @@ void nf_ct_deliver_cached_events(struct nf_conn *ct)
 	 */
 	__nf_conntrack_eventmask_report(e, events, e->missed, &item);
 }
+#endif
 EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events);
 
 void nf_ct_expect_event_report(enum ip_conntrack_expect_events event,
@@ -264,20 +339,43 @@ out_unlock:
 	rcu_read_unlock();
 }
 
-void nf_conntrack_register_notifier(struct net *net,
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+int nf_conntrack_register_notifier(struct net *net,
+				   struct notifier_block *nb)
+{
+	return atomic_notifier_chain_register(&net->ct.nf_conntrack_chain, nb);
+}
+#else
+int nf_conntrack_register_notifier(struct net *net,
 				    const struct nf_ct_event_notifier *new)
 {
+	int ret;
 	struct nf_ct_event_notifier *notify;
 
 	mutex_lock(&nf_ct_ecache_mutex);
 	notify = rcu_dereference_protected(net->ct.nf_conntrack_event_cb,
 					   lockdep_is_held(&nf_ct_ecache_mutex));
 	WARN_ON_ONCE(notify);
+	if (notify != NULL) {
+		ret = -EBUSY;
+		goto out_unlock;
+	}
+
 	rcu_assign_pointer(net->ct.nf_conntrack_event_cb, new);
-	mutex_unlock(&nf_ct_ecache_mutex);
+	ret = 0;
+out_unlock:
+ 	mutex_unlock(&nf_ct_ecache_mutex);
+	return ret;
 }
+#endif
 EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier);
 
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+int nf_conntrack_unregister_notifier(struct net *net, struct notifier_block *nb)
+{
+	return atomic_notifier_chain_unregister(&net->ct.nf_conntrack_chain, nb);
+}
+#else
 void nf_conntrack_unregister_notifier(struct net *net)
 {
 	mutex_lock(&nf_ct_ecache_mutex);
@@ -285,6 +383,7 @@ void nf_conntrack_unregister_notifier(struct net *net)
 	mutex_unlock(&nf_ct_ecache_mutex);
 	/* synchronize_rcu() is called after netns pre_exit */
 }
+#endif
 EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier);
 
 void nf_conntrack_ecache_work(struct net *net, enum nf_ct_ecache_state state)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 81d03acf6..f99de87c1 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -706,12 +706,19 @@ static size_t ctnetlink_nlmsg_size(const struct nf_conn *ct)
 }
 
 static int
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+ctnetlink_conntrack_event(struct notifier_block *this, unsigned long events, void *ptr)
+#else
 ctnetlink_conntrack_event(unsigned int events, const struct nf_ct_event *item)
+#endif
 {
 	const struct nf_conntrack_zone *zone;
 	struct net *net;
 	struct nlmsghdr *nlh;
 	struct nlattr *nest_parms;
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+	struct nf_ct_event *item = (struct nf_ct_event *)ptr;
+#endif
 	struct nf_conn *ct = item->ct;
 	struct sk_buff *skb;
 	unsigned int type;
@@ -3760,11 +3767,17 @@ static int ctnetlink_stat_exp_cpu(struct sk_buff *skb,
 }
 
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+static struct notifier_block ctnl_notifier = {
+	.notifier_call = ctnetlink_conntrack_event
+};
+#else
 static struct nf_ct_event_notifier ctnl_notifier = {
 	.ct_event = ctnetlink_conntrack_event,
 	.exp_event = ctnetlink_expect_event,
 };
 #endif
+#endif
 
 static const struct nfnl_callback ctnl_cb[IPCTNL_MSG_MAX] = {
 	[IPCTNL_MSG_CT_NEW]	= {
@@ -3863,8 +3876,12 @@ static int __net_init ctnetlink_net_init(struct net *net)
 static void ctnetlink_net_pre_exit(struct net *net)
 {
 #ifdef CONFIG_NF_CONNTRACK_EVENTS
+#ifdef CONFIG_NF_CONNTRACK_CHAIN_EVENTS
+	nf_conntrack_unregister_notifier(net,&ctnl_notifier);
+#else
 	nf_conntrack_unregister_notifier(net);
 #endif
+#endif
 }
 
 static struct pernet_operations ctnetlink_net_ops = {
-- 
2.17.1