Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 26888dfd authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: core: remove synchronize_net call if nfqueue is used 



since commit 960632ec ("netfilter: convert hook list to an array")
nfqueue no longer stores a pointer to the hook that caused the packet
to be queued.  Therefore no extra synchronize_net() call is needed after
dropping the packets enqueued by the old rule blob.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 4e645b47

include/net/netfilter/nf_queue.h

+1 −1
Original line number Diff line number Diff line
@@ -25,7 +25,7 @@ struct nf_queue_entry { 
struct nf_queue_handler {

	int		(*outfn)(struct nf_queue_entry *entry,

				 unsigned int queuenum);

	unsigned int	(*nf_hook_drop)(struct net *net);

	void		(*nf_hook_drop)(struct net *net);

};



void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh);

net/netfilter/core.c

+1 −5
Original line number Diff line number Diff line
@@ -341,7 +341,6 @@ void nf_unregister_net_hook(struct net *net, const struct nf_hook_ops *reg) 
{

	struct nf_hook_entries __rcu **pp;

	struct nf_hook_entries *p;

	unsigned int nfq;



	pp = nf_hook_entry_head(net, reg);

	if (!pp)
@@ -364,10 +363,7 @@ void nf_unregister_net_hook(struct net *net, const struct nf_hook_ops *reg) 


	synchronize_net();



	/* other cpu might still process nfqueue verdict that used reg */

	nfq = nf_queue_nf_hook_drop(net);

	if (nfq)

		synchronize_net();

	nf_queue_nf_hook_drop(net);

	kvfree(p);

}

EXPORT_SYMBOL(nf_unregister_net_hook);

net/netfilter/nf_internals.h

+1 −1
Original line number Diff line number Diff line
@@ -10,7 +10,7 @@ 
int nf_queue(struct sk_buff *skb, struct nf_hook_state *state,

	     const struct nf_hook_entries *entries, unsigned int index,

	     unsigned int verdict);

unsigned int nf_queue_nf_hook_drop(struct net *net);

void nf_queue_nf_hook_drop(struct net *net);



/* nf_log.c */

int __init netfilter_log_init(void);

net/netfilter/nf_queue.c

+2 −5
Original line number Diff line number Diff line
@@ -96,18 +96,15 @@ void nf_queue_entry_get_refs(struct nf_queue_entry *entry) 
}

EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs);



unsigned int nf_queue_nf_hook_drop(struct net *net)

void nf_queue_nf_hook_drop(struct net *net)

{

	const struct nf_queue_handler *qh;

	unsigned int count = 0;



	rcu_read_lock();

	qh = rcu_dereference(net->nf.queue_handler);

	if (qh)

		count = qh->nf_hook_drop(net);

		qh->nf_hook_drop(net);

	rcu_read_unlock();



	return count;

}

EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop);

net/netfilter/nfnetlink_queue.c

+2 −7
Original line number Diff line number Diff line
@@ -941,25 +941,20 @@ static struct notifier_block nfqnl_dev_notifier = { 
	.notifier_call	= nfqnl_rcv_dev_event,

};



static unsigned int nfqnl_nf_hook_drop(struct net *net)

static void nfqnl_nf_hook_drop(struct net *net)

{

	struct nfnl_queue_net *q = nfnl_queue_pernet(net);

	unsigned int instances = 0;

	int i;



	for (i = 0; i < INSTANCE_BUCKETS; i++) {

		struct nfqnl_instance *inst;

		struct hlist_head *head = &q->instance_table[i];



		hlist_for_each_entry_rcu(inst, head, hlist) {

		hlist_for_each_entry_rcu(inst, head, hlist)

			nfqnl_flush(inst, NULL, 0);

			instances++;

	}

}



	return instances;

}



static int

nfqnl_rcv_nl_event(struct notifier_block *this,

		   unsigned long event, void *ptr)