netfilter: conntrack: handle ->destroy hook via nat_ops instead (1bc91a5d) · Commits · EulixOS / Software / Kernel

include/linux/netfilter.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -379,6 +379,7 @@ struct nf_nat_hook {
		unsigned int (manip_pkt)(struct sk_buff skb, struct nf_conn *ct,
		enum nf_nat_manip_type mtype,
		enum ip_conntrack_dir dir);
		void (remove_nat_bysrc)(struct nf_conn ct);
		};

		extern const struct nf_nat_hook __rcu *nf_nat_hook;

+0 −3

Original line number	Diff line number	Diff line
		@@ -79,9 +79,6 @@ void nf_ct_ext_destroy(struct nf_conn *ct);
		void nf_ct_ext_add(struct nf_conn ct, enum nf_ct_ext_id id, gfp_t gfp);

		struct nf_ct_ext_type {
		/* Destroys relationships (can be NULL). */
		void (destroy)(struct nf_conn ct);

		enum nf_ct_ext_id id;
		};

+12 −2

Original line number	Diff line number	Diff line
		@@ -594,7 +594,7 @@ EXPORT_SYMBOL_GPL(nf_ct_tmpl_alloc);

		void nf_ct_tmpl_free(struct nf_conn *tmpl)
		{
		nf_ct_ext_destroy(tmpl);
		kfree(tmpl->ext);

		if (ARCH_KMALLOC_MINALIGN <= NFCT_INFOMASK)
		kfree((char *)tmpl - tmpl->proto.tmpl_padto);
		@@ -1597,7 +1597,17 @@ void nf_conntrack_free(struct nf_conn *ct)
		*/
		WARN_ON(refcount_read(&ct->ct_general.use) != 0);

		nf_ct_ext_destroy(ct);
		if (ct->status & IPS_SRC_NAT_DONE) {
		const struct nf_nat_hook *nat_hook;

		rcu_read_lock();
		nat_hook = rcu_dereference(nf_nat_hook);
		if (nat_hook)
		nat_hook->remove_nat_bysrc(ct);
		rcu_read_unlock();
		}

		kfree(ct->ext);
		kmem_cache_free(nf_conntrack_cachep, ct);
		cnet = nf_ct_pernet(net);

+0 −21

Original line number	Diff line number	Diff line
		@@ -89,27 +89,6 @@ static __always_inline unsigned int total_extension_size(void)
		;
		}

		void nf_ct_ext_destroy(struct nf_conn *ct)
		{
		unsigned int i;
		struct nf_ct_ext_type *t;

		for (i = 0; i < NF_CT_EXT_NUM; i++) {
		rcu_read_lock();
		t = rcu_dereference(nf_ct_ext_types[i]);

		/* Here the nf_ct_ext_type might have been unregisterd.
		* I.e., it has responsible to cleanup private
		* area in all conntracks when it is unregisterd.
		*/
		if (t && t->destroy)
		t->destroy(ct);
		rcu_read_unlock();
		}

		kfree(ct->ext);
		}

		void nf_ct_ext_add(struct nf_conn ct, enum nf_ct_ext_id id, gfp_t gfp)
		{
		unsigned int newlen, newoff, oldlen, alloc;

+3 −10

Original line number	Diff line number	Diff line
		@@ -838,7 +838,7 @@ static int nf_nat_proto_remove(struct nf_conn i, void data)
		return i->status & IPS_NAT_MASK ? 1 : 0;
		}

		static void __nf_nat_cleanup_conntrack(struct nf_conn *ct)
		static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
		{
		unsigned int h;

		@@ -860,7 +860,7 @@ static int nf_nat_proto_clean(struct nf_conn ct, void data)
		* will delete entry from already-freed table.
		*/
		if (test_and_clear_bit(IPS_SRC_NAT_DONE_BIT, &ct->status))
		__nf_nat_cleanup_conntrack(ct);
		nf_nat_cleanup_conntrack(ct);

		/* don't delete conntrack. Although that would make things a lot
		* simpler, we'd end up flushing all conntracks on nat rmmod.
		@@ -868,15 +868,7 @@ static int nf_nat_proto_clean(struct nf_conn ct, void data)
		return 0;
		}

		/* No one using conntrack by the time this called. */
		static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
		{
		if (ct->status & IPS_SRC_NAT_DONE)
		__nf_nat_cleanup_conntrack(ct);
		}

		static struct nf_ct_ext_type nat_extend __read_mostly = {
		.destroy = nf_nat_cleanup_conntrack,
		.id = NF_CT_EXT_NAT,
		};

		@@ -1171,6 +1163,7 @@ static const struct nf_nat_hook nat_hook = {
		.decode_session = __nf_nat_decode_session,
		#endif
		.manip_pkt = nf_nat_manip_pkt,
		.remove_nat_bysrc = nf_nat_cleanup_conntrack,
		};

		static int __init nf_nat_init(void)