Chion82/001-device-notifier.patch

## 001-device-notifier.patch
diff --git a/xt_FULLCONENAT.c b/xt_FULLCONENAT.c
index 8555b54..8edaf7b 100644
--- a/xt_FULLCONENAT.c
+++ b/xt_FULLCONENAT.c
@@ -21,6 +21,7 @@
 #include <linux/netfilter.h>
 #include <linux/netfilter_ipv4.h>
 #include <linux/netfilter/x_tables.h>
+#include <linux/notifier.h>
 #include <net/netfilter/nf_nat.h>
 #include <net/netfilter/nf_conntrack.h>
 #include <net/netfilter/nf_conntrack_zones.h>
@@ -468,6 +469,8 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
   enum ip_conntrack_info ctinfo;
   struct nf_conntrack_tuple *ct_tuple, *ct_tuple_origin;

+  struct nf_conn_nat *nat;
+
   struct net_device *net_dev;

   struct nat_mapping *mapping, *src_mapping;
@@ -494,6 +497,7 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
   ret = XT_CONTINUE;

   ct = nf_ct_get(skb, &ctinfo);
+  nat = nfct_nat(ct);
   net = nf_ct_net(ct);
   zone = nf_ct_zone(ct);

@@ -599,6 +603,8 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
       newrange.max_addr.ip = new_ip;
     }

+    nat->masq_index = ifindex;
+
     /* do SNAT now */
     ret = nf_nat_setup_info(ct, &newrange, HOOK2MANIP(xt_hooknum(par)));

@@ -700,6 +706,73 @@ static struct xt_target tg_reg[] __read_mostly = {
  },
 };

+static int device_cmp(struct nf_conn *i, void *ifindex)
+{
+  const struct nf_conn_nat *nat = nfct_nat(i);
+
+  if (!nat)
+    return 0;
+
+  return nat->masq_index == (int)(long)ifindex;
+}
+
+static int fullconenat_device_event(struct notifier_block *this,
+           unsigned long event,
+           void *ptr)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 11, 0)
+  const struct net_device *dev = netdev_notifier_info_to_dev(ptr);
+#else
+  const struct net_device *dev = ptr;
+#endif
+  struct net *net = dev_net(dev);
+
+  if (event == NETDEV_DOWN) {
+    /* Device was downed.  Search entire table for
+       conntracks which were associated with that device,
+       and forget them. */
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
+    NF_CT_ASSERT(dev->ifindex != 0);
+#endif
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
+    nf_ct_iterate_cleanup_net(net, device_cmp,
+              (void *)(long)dev->ifindex, 0, 0);
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 12, 0)
+    nf_ct_iterate_cleanup(net, device_cmp,
+              (void *)(long)dev->ifindex, 0, 0);
+#else
+    nf_ct_iterate_cleanup(net, device_cmp,
+              (void *)(long)dev->ifindex);
+#endif
+  }
+
+  return NOTIFY_DONE;
+}
+
+static int fullconenat_inet_event(struct notifier_block *this,
+         unsigned long event,
+         void *ptr)
+{
+  struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 11, 0)
+  struct netdev_notifier_info info;
+
+  netdev_notifier_info_init(&info, dev);
+  return fullconenat_device_event(this, event, &info);
+#else
+  return fullconenat_device_event(this, event, dev);
+#endif
+}
+
+static struct notifier_block fullconenat_dev_notifier = {
+  .notifier_call  = fullconenat_device_event,
+};
+
+static struct notifier_block fullconenat_inet_notifier = {
+  .notifier_call  = fullconenat_inet_event,
+};
+
 static int __init fullconenat_tg_init(void)
 {
   wq = create_singlethread_workqueue("xt_FULLCONENAT");
@@ -707,6 +780,9 @@ static int __init fullconenat_tg_init(void)
     printk("xt_FULLCONENAT: warning: failed to create workqueue\n");
   }

+  register_netdevice_notifier(&fullconenat_dev_notifier);
+  register_inetaddr_notifier(&fullconenat_inet_notifier);
+
   return xt_register_targets(tg_reg, ARRAY_SIZE(tg_reg));
 }

@@ -722,6 +798,9 @@ static void fullconenat_tg_exit(void)

   handle_dying_tuples();
   destroy_mappings();
+
+  unregister_netdevice_notifier(&fullconenat_dev_notifier);
+  unregister_inetaddr_notifier(&fullconenat_inet_notifier);
 }

 module_init(fullconenat_tg_init);
	diff --git a/xt_FULLCONENAT.c b/xt_FULLCONENAT.c
	index 8555b54..8edaf7b 100644
	--- a/xt_FULLCONENAT.c
	+++ b/xt_FULLCONENAT.c
	@@ -21,6 +21,7 @@
	#include <linux/netfilter.h>
	#include <linux/netfilter_ipv4.h>
	#include <linux/netfilter/x_tables.h>
	+#include <linux/notifier.h>
	#include <net/netfilter/nf_nat.h>
	#include <net/netfilter/nf_conntrack.h>
	#include <net/netfilter/nf_conntrack_zones.h>
	@@ -468,6 +469,8 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
	enum ip_conntrack_info ctinfo;
	struct nf_conntrack_tuple ct_tuple, ct_tuple_origin;

	+ struct nf_conn_nat *nat;
	+
	struct net_device *net_dev;

	struct nat_mapping mapping, src_mapping;
	@@ -494,6 +497,7 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
	ret = XT_CONTINUE;

	ct = nf_ct_get(skb, &ctinfo);
	+ nat = nfct_nat(ct);
	net = nf_ct_net(ct);
	zone = nf_ct_zone(ct);

	@@ -599,6 +603,8 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
	newrange.max_addr.ip = new_ip;
	}

	+ nat->masq_index = ifindex;
	+
	/* do SNAT now */
	ret = nf_nat_setup_info(ct, &newrange, HOOK2MANIP(xt_hooknum(par)));

	@@ -700,6 +706,73 @@ static struct xt_target tg_reg[] __read_mostly = {
	},
	};

	+static int device_cmp(struct nf_conn i, void ifindex)
	+{
	+ const struct nf_conn_nat *nat = nfct_nat(i);
	+
	+ if (!nat)
	+ return 0;
	+
	+ return nat->masq_index == (int)(long)ifindex;
	+}
	+
	+static int fullconenat_device_event(struct notifier_block *this,
	+ unsigned long event,
	+ void *ptr)
	+{
	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 11, 0)
	+ const struct net_device *dev = netdev_notifier_info_to_dev(ptr);
	+#else
	+ const struct net_device *dev = ptr;
	+#endif
	+ struct net *net = dev_net(dev);
	+
	+ if (event == NETDEV_DOWN) {
	+ /* Device was downed. Search entire table for
	+ conntracks which were associated with that device,
	+ and forget them. */
	+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
	+ NF_CT_ASSERT(dev->ifindex != 0);
	+#endif
	+
	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
	+ nf_ct_iterate_cleanup_net(net, device_cmp,
	+ (void *)(long)dev->ifindex, 0, 0);
	+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 12, 0)
	+ nf_ct_iterate_cleanup(net, device_cmp,
	+ (void *)(long)dev->ifindex, 0, 0);
	+#else
	+ nf_ct_iterate_cleanup(net, device_cmp,
	+ (void *)(long)dev->ifindex);
	+#endif
	+ }
	+
	+ return NOTIFY_DONE;
	+}
	+
	+static int fullconenat_inet_event(struct notifier_block *this,
	+ unsigned long event,
	+ void *ptr)
	+{
	+ struct net_device dev = ((struct in_ifaddr )ptr)->ifa_dev->dev;
	+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 11, 0)
	+ struct netdev_notifier_info info;
	+
	+ netdev_notifier_info_init(&info, dev);
	+ return fullconenat_device_event(this, event, &info);
	+#else
	+ return fullconenat_device_event(this, event, dev);
	+#endif
	+}
	+
	+static struct notifier_block fullconenat_dev_notifier = {
	+ .notifier_call = fullconenat_device_event,
	+};
	+
	+static struct notifier_block fullconenat_inet_notifier = {
	+ .notifier_call = fullconenat_inet_event,
	+};
	+
	static int __init fullconenat_tg_init(void)
	{
	wq = create_singlethread_workqueue("xt_FULLCONENAT");
	@@ -707,6 +780,9 @@ static int __init fullconenat_tg_init(void)
	printk("xt_FULLCONENAT: warning: failed to create workqueue\n");
	}

	+ register_netdevice_notifier(&fullconenat_dev_notifier);
	+ register_inetaddr_notifier(&fullconenat_inet_notifier);
	+
	return xt_register_targets(tg_reg, ARRAY_SIZE(tg_reg));
	}

	@@ -722,6 +798,9 @@ static void fullconenat_tg_exit(void)

	handle_dying_tuples();
	destroy_mappings();
	+
	+ unregister_netdevice_notifier(&fullconenat_dev_notifier);
	+ unregister_inetaddr_notifier(&fullconenat_inet_notifier);
	}

	module_init(fullconenat_tg_init);