Commit d8a0509a authored by Yasuyuki Kozakai's avatar Yasuyuki Kozakai Committed by David S. Miller

[NETFILTER]: nf_nat: kill global 'destroy' operation

This kills the global 'destroy' operation which was used by NAT.
Instead it uses the extension infrastructure so that multiple
extensions can register own operations.
Signed-off-by: default avatarYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent dacd2a1a
...@@ -213,9 +213,6 @@ extern void nf_conntrack_tcp_update(struct sk_buff *skb, ...@@ -213,9 +213,6 @@ extern void nf_conntrack_tcp_update(struct sk_buff *skb,
struct nf_conn *conntrack, struct nf_conn *conntrack,
int dir); int dir);
/* Call me when a conntrack is destroyed. */
extern void (*nf_conntrack_destroyed)(struct nf_conn *conntrack);
/* Fake conntrack entry for untracked connections */ /* Fake conntrack entry for untracked connections */
extern struct nf_conn nf_conntrack_untracked; extern struct nf_conn nf_conntrack_untracked;
......
...@@ -87,20 +87,6 @@ hash_by_src(const struct nf_conntrack_tuple *tuple) ...@@ -87,20 +87,6 @@ hash_by_src(const struct nf_conntrack_tuple *tuple)
tuple->dst.protonum, 0) % nf_nat_htable_size; tuple->dst.protonum, 0) % nf_nat_htable_size;
} }
/* Noone using conntrack by the time this called. */
static void nf_nat_cleanup_conntrack(struct nf_conn *conn)
{
struct nf_conn_nat *nat;
if (!(conn->status & IPS_NAT_DONE_MASK))
return;
nat = nfct_nat(conn);
write_lock_bh(&nf_nat_lock);
list_del(&nat->info.bysource);
nat->info.ct = NULL;
write_unlock_bh(&nf_nat_lock);
}
/* Is this tuple already taken? (not by us) */ /* Is this tuple already taken? (not by us) */
int int
nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
...@@ -604,6 +590,22 @@ nf_nat_port_nfattr_to_range(struct nfattr *tb[], struct nf_nat_range *range) ...@@ -604,6 +590,22 @@ nf_nat_port_nfattr_to_range(struct nfattr *tb[], struct nf_nat_range *range)
EXPORT_SYMBOL_GPL(nf_nat_port_range_to_nfattr); EXPORT_SYMBOL_GPL(nf_nat_port_range_to_nfattr);
#endif #endif
/* Noone using conntrack by the time this called. */
static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
{
struct nf_conn_nat *nat = nf_ct_ext_find(ct, NF_CT_EXT_NAT);
if (nat == NULL || nat->info.ct == NULL)
return;
NF_CT_ASSERT(nat->info.ct->status & IPS_NAT_DONE_MASK);
write_lock_bh(&nf_nat_lock);
list_del(&nat->info.bysource);
nat->info.ct = NULL;
write_unlock_bh(&nf_nat_lock);
}
static void nf_nat_move_storage(struct nf_conn *conntrack, void *old) static void nf_nat_move_storage(struct nf_conn *conntrack, void *old)
{ {
struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT); struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT);
...@@ -623,11 +625,12 @@ static void nf_nat_move_storage(struct nf_conn *conntrack, void *old) ...@@ -623,11 +625,12 @@ static void nf_nat_move_storage(struct nf_conn *conntrack, void *old)
} }
struct nf_ct_ext_type nat_extend = { struct nf_ct_ext_type nat_extend = {
.len = sizeof(struct nf_conn_nat), .len = sizeof(struct nf_conn_nat),
.align = __alignof__(struct nf_conn_nat), .align = __alignof__(struct nf_conn_nat),
.move = nf_nat_move_storage, .destroy = nf_nat_cleanup_conntrack,
.id = NF_CT_EXT_NAT, .move = nf_nat_move_storage,
.flags = NF_CT_EXT_F_PREALLOC, .id = NF_CT_EXT_NAT,
.flags = NF_CT_EXT_F_PREALLOC,
}; };
static int __init nf_nat_init(void) static int __init nf_nat_init(void)
...@@ -664,10 +667,6 @@ static int __init nf_nat_init(void) ...@@ -664,10 +667,6 @@ static int __init nf_nat_init(void)
INIT_LIST_HEAD(&bysource[i]); INIT_LIST_HEAD(&bysource[i]);
} }
/* FIXME: Man, this is a hack. <SIGH> */
NF_CT_ASSERT(rcu_dereference(nf_conntrack_destroyed) == NULL);
rcu_assign_pointer(nf_conntrack_destroyed, nf_nat_cleanup_conntrack);
/* Initialize fake conntrack so that NAT will skip it */ /* Initialize fake conntrack so that NAT will skip it */
nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK; nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK;
...@@ -694,7 +693,6 @@ static int clean_nat(struct nf_conn *i, void *data) ...@@ -694,7 +693,6 @@ static int clean_nat(struct nf_conn *i, void *data)
static void __exit nf_nat_cleanup(void) static void __exit nf_nat_cleanup(void)
{ {
nf_ct_iterate_cleanup(&clean_nat, NULL); nf_ct_iterate_cleanup(&clean_nat, NULL);
rcu_assign_pointer(nf_conntrack_destroyed, NULL);
synchronize_rcu(); synchronize_rcu();
vfree(bysource); vfree(bysource);
nf_ct_l3proto_put(l3proto); nf_ct_l3proto_put(l3proto);
......
...@@ -53,9 +53,6 @@ EXPORT_SYMBOL_GPL(nf_conntrack_lock); ...@@ -53,9 +53,6 @@ EXPORT_SYMBOL_GPL(nf_conntrack_lock);
atomic_t nf_conntrack_count = ATOMIC_INIT(0); atomic_t nf_conntrack_count = ATOMIC_INIT(0);
EXPORT_SYMBOL_GPL(nf_conntrack_count); EXPORT_SYMBOL_GPL(nf_conntrack_count);
void (*nf_conntrack_destroyed)(struct nf_conn *conntrack);
EXPORT_SYMBOL_GPL(nf_conntrack_destroyed);
unsigned int nf_conntrack_htable_size __read_mostly; unsigned int nf_conntrack_htable_size __read_mostly;
EXPORT_SYMBOL_GPL(nf_conntrack_htable_size); EXPORT_SYMBOL_GPL(nf_conntrack_htable_size);
...@@ -157,7 +154,6 @@ destroy_conntrack(struct nf_conntrack *nfct) ...@@ -157,7 +154,6 @@ destroy_conntrack(struct nf_conntrack *nfct)
{ {
struct nf_conn *ct = (struct nf_conn *)nfct; struct nf_conn *ct = (struct nf_conn *)nfct;
struct nf_conntrack_l4proto *l4proto; struct nf_conntrack_l4proto *l4proto;
typeof(nf_conntrack_destroyed) destroyed;
DEBUGP("destroy_conntrack(%p)\n", ct); DEBUGP("destroy_conntrack(%p)\n", ct);
NF_CT_ASSERT(atomic_read(&nfct->use) == 0); NF_CT_ASSERT(atomic_read(&nfct->use) == 0);
...@@ -177,10 +173,6 @@ destroy_conntrack(struct nf_conntrack *nfct) ...@@ -177,10 +173,6 @@ destroy_conntrack(struct nf_conntrack *nfct)
nf_ct_ext_destroy(ct); nf_ct_ext_destroy(ct);
destroyed = rcu_dereference(nf_conntrack_destroyed);
if (destroyed)
destroyed(ct);
rcu_read_unlock(); rcu_read_unlock();
write_lock_bh(&nf_conntrack_lock); write_lock_bh(&nf_conntrack_lock);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment