Commit 3fce1649 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook 



ip_ct_attach predates struct nf_ct_hook, we can place it there and
remove the exported symbol.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 71977437

include/linux/netfilter.h

+1 −1
Original line number Diff line number Diff line
@@ -440,7 +440,6 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family) 
#if IS_ENABLED(CONFIG_NF_CONNTRACK)

#include <linux/netfilter/nf_conntrack_zones_common.h>



extern void (*ip_ct_attach)(struct sk_buff *, const struct sk_buff *) __rcu;

void nf_ct_attach(struct sk_buff *, const struct sk_buff *);

struct nf_conntrack_tuple;

bool nf_ct_get_tuple_skb(struct nf_conntrack_tuple *dst_tuple,
@@ -463,6 +462,7 @@ struct nf_ct_hook { 
	void (*destroy)(struct nf_conntrack *);

	bool (*get_tuple_skb)(struct nf_conntrack_tuple *,

			      const struct sk_buff *);

	void (*attach)(struct sk_buff *nskb, const struct sk_buff *skb);

};

extern struct nf_ct_hook __rcu *nf_ct_hook;

net/netfilter/core.c

+8 −11
Original line number Diff line number Diff line
@@ -673,25 +673,22 @@ struct nf_ct_hook __rcu *nf_ct_hook __read_mostly; 
EXPORT_SYMBOL_GPL(nf_ct_hook);



#if IS_ENABLED(CONFIG_NF_CONNTRACK)

/* This does not belong here, but locally generated errors need it if connection

   tracking in use: without this, connection may not be in hash table, and hence

   manufactured ICMP or RST packets will not be associated with it. */

void (*ip_ct_attach)(struct sk_buff *, const struct sk_buff *)

		__rcu __read_mostly;

EXPORT_SYMBOL(ip_ct_attach);



struct nf_nat_hook __rcu *nf_nat_hook __read_mostly;

EXPORT_SYMBOL_GPL(nf_nat_hook);



/* This does not belong here, but locally generated errors need it if connection

 * tracking in use: without this, connection may not be in hash table, and hence

 * manufactured ICMP or RST packets will not be associated with it.

 */

void nf_ct_attach(struct sk_buff *new, const struct sk_buff *skb)

{

	void (*attach)(struct sk_buff *, const struct sk_buff *);

	const struct nf_ct_hook *ct_hook;



	if (skb->_nfct) {

		rcu_read_lock();

		attach = rcu_dereference(ip_ct_attach);

		if (attach)

			attach(new, skb);

		ct_hook = rcu_dereference(nf_ct_hook);

		if (ct_hook)

			ct_hook->attach(new, skb);

		rcu_read_unlock();

	}

}

net/netfilter/nf_conntrack_core.c

+1 −3
Original line number Diff line number Diff line
@@ -2455,7 +2455,6 @@ static int kill_all(struct nf_conn *i, void *data) 
void nf_conntrack_cleanup_start(void)

{

	conntrack_gc_work.exiting = true;

	RCU_INIT_POINTER(ip_ct_attach, NULL);

}



void nf_conntrack_cleanup_end(void)
@@ -2774,12 +2773,11 @@ static struct nf_ct_hook nf_conntrack_hook = { 
	.update		= nf_conntrack_update,

	.destroy	= destroy_conntrack,

	.get_tuple_skb  = nf_conntrack_get_tuple_skb,

	.attach		= nf_conntrack_attach,

};



void nf_conntrack_init_end(void)

{

	/* For use by REJECT target */

	RCU_INIT_POINTER(ip_ct_attach, nf_conntrack_attach);

	RCU_INIT_POINTER(nf_ct_hook, &nf_conntrack_hook);

}