netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*()

	return nf_ct_delete(ct, 0, 0);

}

struct nf_ct_iter_data {

	struct net *net;

	void *data;

	u32 portid;

	int report;

};

/* Iterate over all conntracks: if iter returns true, it's deleted. */

void nf_ct_iterate_cleanup_net(struct net *net,

			       int (*iter)(struct nf_conn *i, void *data),

			       void *data, u32 portid, int report);

void nf_ct_iterate_cleanup_net(int (*iter)(struct nf_conn *i, void *data),

			       const struct nf_ct_iter_data *iter_data);

/* also set unconfirmed conntracks as dying. Only use in module exit path. */

void nf_ct_iterate_destroy(int (*iter)(struct nf_conn *i, void *data),

/* Bring out ya dead! */

static struct nf_conn *

get_next_corpse(int (*iter)(struct nf_conn *i, void *data),

		void *data, unsigned int *bucket)

		const struct nf_ct_iter_data *iter_data, unsigned int *bucket)

{

	struct nf_conntrack_tuple_hash *h;

	struct nf_conn *ct;

			 * tuple while iterating.

			 */

			ct = nf_ct_tuplehash_to_ctrack(h);

			if (iter(ct, data))

			if (iter_data->net &&

			    !net_eq(iter_data->net, nf_ct_net(ct)))

				continue;

			if (iter(ct, iter_data->data))

				goto found;

		}

		spin_unlock(lockp);

}

static void nf_ct_iterate_cleanup(int (*iter)(struct nf_conn *i, void *data),

				  void *data, u32 portid, int report)

				  const struct nf_ct_iter_data *iter_data)

{

	unsigned int bucket = 0;

	struct nf_conn *ct;

	might_sleep();

	mutex_lock(&nf_conntrack_mutex);

	while ((ct = get_next_corpse(iter, data, &bucket)) != NULL) {

	while ((ct = get_next_corpse(iter, iter_data, &bucket)) != NULL) {

		/* Time to push up daises... */

		nf_ct_delete(ct, portid, report);

		nf_ct_delete(ct, iter_data->portid, iter_data->report);

		nf_ct_put(ct);

		cond_resched();

	}

	mutex_unlock(&nf_conntrack_mutex);

}

struct iter_data {

	int (*iter)(struct nf_conn *i, void *data);

	void *data;

	struct net *net;

};

static int iter_net_only(struct nf_conn *i, void *data)

{

	struct iter_data *d = data;

	if (!net_eq(d->net, nf_ct_net(i)))

		return 0;

	return d->iter(i, d->data);

}

void nf_ct_iterate_cleanup_net(struct net *net,

			       int (*iter)(struct nf_conn *i, void *data),

			       void *data, u32 portid, int report)

void nf_ct_iterate_cleanup_net(int (*iter)(struct nf_conn *i, void *data),

			       const struct nf_ct_iter_data *iter_data)

{

	struct net *net = iter_data->net;

	struct nf_conntrack_net *cnet = nf_ct_pernet(net);

	struct iter_data d;

	might_sleep();

	if (atomic_read(&cnet->count) == 0)

		return;

	d.iter = iter;

	d.data = data;

	d.net = net;

	nf_ct_iterate_cleanup(iter_net_only, &d, portid, report);

	nf_ct_iterate_cleanup(iter, iter_data);

}

EXPORT_SYMBOL_GPL(nf_ct_iterate_cleanup_net);

void

nf_ct_iterate_destroy(int (*iter)(struct nf_conn *i, void *data), void *data)

{

	struct nf_ct_iter_data iter_data = {};

	struct net *net;

	down_read(&net_rwsem);

	synchronize_net();

	nf_ct_ext_bump_genid();

	nf_ct_iterate_cleanup(iter, data, 0, 0);

	iter_data.data = data;

	nf_ct_iterate_cleanup(iter, &iter_data);

	/* Another cpu might be in a rcu read section with

	 * rcu protected pointer cleared in iter callback

static int kill_all(struct nf_conn *i, void *data)

{

	return net_eq(nf_ct_net(i), data);

	return 1;

}

void nf_conntrack_cleanup_start(void)

void nf_conntrack_cleanup_net_list(struct list_head *net_exit_list)

{

	int busy;

	struct nf_ct_iter_data iter_data = {};

	struct net *net;

	int busy;

	/*

	 * This makes sure all current packets have passed through

	list_for_each_entry(net, net_exit_list, exit_list) {

		struct nf_conntrack_net *cnet = nf_ct_pernet(net);

		nf_ct_iterate_cleanup(kill_all, net, 0, 0);

		iter_data.net = net;

		nf_ct_iterate_cleanup_net(kill_all, &iter_data);

		if (atomic_read(&cnet->count) != 0)

			busy = 1;

	}

				     u32 portid, int report, u8 family)

{

	struct ctnetlink_filter *filter = NULL;

	struct nf_ct_iter_data iter = {

		.net		= net,

		.portid		= portid,

		.report		= report,

	};

	if (ctnetlink_needs_filter(family, cda)) {

		if (cda[CTA_FILTER])

		filter = ctnetlink_alloc_filter(cda, family);

		if (IS_ERR(filter))

			return PTR_ERR(filter);

		iter.data = filter;

	}

	nf_ct_iterate_cleanup_net(net, ctnetlink_flush_iterate, filter,

				  portid, report);

	nf_ct_iterate_cleanup_net(ctnetlink_flush_iterate, &iter);

	kfree(filter);

	return 0;

 out_unlock:

	mutex_unlock(&nf_ct_proto_mutex);

	if (fixup_needed)

		nf_ct_iterate_cleanup_net(net, nf_ct_tcp_fixup,

					  (void *)(unsigned long)nfproto, 0, 0);

	if (fixup_needed) {

		struct nf_ct_iter_data iter_data = {

			.net	= net,

			.data	= (void *)(unsigned long)nfproto,

		};

		nf_ct_iterate_cleanup_net(nf_ct_tcp_fixup, &iter_data);

	}

	return err;

}

void nf_ct_untimeout(struct net *net, struct nf_ct_timeout *timeout)

{

	nf_ct_iterate_cleanup_net(net, untimeout, timeout, 0, 0);

	struct nf_ct_iter_data iter_data = {

		.net	= net,

		.data	= timeout,

	};

	nf_ct_iterate_cleanup_net(untimeout, &iter_data);

}

EXPORT_SYMBOL_GPL(nf_ct_untimeout);