netfilter: conntrack: remove get_timeout() indirection (c779e849) · Commits · e / devices / android_kernel_fairphone_FP5

include/net/netfilter/nf_conntrack_l4proto.h

+2 −6

Original line number	Diff line number	Diff line
		@@ -45,13 +45,12 @@ struct nf_conntrack_l4proto {
		int (packet)(struct nf_conn ct,
		const struct sk_buff *skb,
		unsigned int dataoff,
		enum ip_conntrack_info ctinfo,
		unsigned int *timeouts);
		enum ip_conntrack_info ctinfo);

		/* Called when a new connection for this protocol found;
		* returns TRUE if it's OK. If so, packet() called next. */
		bool (new)(struct nf_conn ct, const struct sk_buff *skb,
		unsigned int dataoff, unsigned int *timeouts);
		unsigned int dataoff);

		/* Called when a conntrack entry is destroyed */
		void (destroy)(struct nf_conn ct);
		@@ -63,9 +62,6 @@ struct nf_conntrack_l4proto {
		/* called by gc worker if table is full */
		bool (can_early_drop)(const struct nf_conn ct);

		/* Return the array of timeouts for this protocol. */
		unsigned int (get_timeouts)(struct net *net);

		/* convert protoinfo to nfnetink attributes */
		int (to_nlattr)(struct sk_buff skb, struct nlattr *nla,
		struct nf_conn *ct);

include/net/netfilter/nf_conntrack_timeout.h

+4 −14

Original line number	Diff line number	Diff line
		@@ -67,27 +67,17 @@ struct nf_conn_timeout nf_ct_timeout_ext_add(struct nf_conn ct,
		#endif
		};

		static inline unsigned int *
		nf_ct_timeout_lookup(struct net net, struct nf_conn ct,
		const struct nf_conntrack_l4proto *l4proto)
		static inline unsigned int nf_ct_timeout_lookup(const struct nf_conn ct)
		{
		unsigned int *timeouts = NULL;
		#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
		struct nf_conn_timeout *timeout_ext;
		unsigned int *timeouts;

		timeout_ext = nf_ct_timeout_find(ct);
		if (timeout_ext) {
		if (timeout_ext)
		timeouts = nf_ct_timeout_data(timeout_ext);
		if (unlikely(!timeouts))
		timeouts = l4proto->get_timeouts(net);
		} else {
		timeouts = l4proto->get_timeouts(net);
		}

		return timeouts;
		#else
		return l4proto->get_timeouts(net);
		#endif
		return timeouts;
		}

		#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

net/ipv4/netfilter/nf_conntrack_proto_icmp.c

+11 −5

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@
		#include <net/netfilter/nf_conntrack_tuple.h>
		#include <net/netfilter/nf_conntrack_l4proto.h>
		#include <net/netfilter/nf_conntrack_core.h>
		#include <net/netfilter/nf_conntrack_timeout.h>
		#include <net/netfilter/nf_conntrack_zones.h>
		#include <net/netfilter/nf_log.h>

		@@ -80,12 +81,16 @@ static unsigned int icmp_get_timeouts(struct net net)
		static int icmp_packet(struct nf_conn *ct,
		const struct sk_buff *skb,
		unsigned int dataoff,
		enum ip_conntrack_info ctinfo,
		unsigned int *timeout)
		enum ip_conntrack_info ctinfo)
		{
		/* Do not immediately delete the connection after the first
		successful reply to avoid excessive conntrackd traffic
		and also to handle correctly ICMP echo reply duplicates. */
		unsigned int *timeout = nf_ct_timeout_lookup(ct);

		if (!timeout)
		timeout = icmp_get_timeouts(nf_ct_net(ct));

		nf_ct_refresh_acct(ct, ctinfo, skb, *timeout);

		return NF_ACCEPT;
		@@ -93,7 +98,7 @@ static int icmp_packet(struct nf_conn *ct,

		/* Called when a new connection for this protocol found. */
		static bool icmp_new(struct nf_conn ct, const struct sk_buff skb,
		unsigned int dataoff, unsigned int *timeouts)
		unsigned int dataoff)
		{
		static const u_int8_t valid_new[] = {
		[ICMP_ECHO] = 1,
		@@ -280,9 +285,11 @@ static int icmp_timeout_nlattr_to_obj(struct nlattr *tb[],
		struct nf_icmp_net *in = icmp_pernet(net);

		if (tb[CTA_TIMEOUT_ICMP_TIMEOUT]) {
		if (!timeout)
		timeout = &in->timeout;
		*timeout =
		ntohl(nla_get_be32(tb[CTA_TIMEOUT_ICMP_TIMEOUT])) * HZ;
		} else {
		} else if (timeout) {
		/* Set default ICMP timeout. */
		*timeout = in->timeout;
		}
		@@ -357,7 +364,6 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp =
		.pkt_to_tuple = icmp_pkt_to_tuple,
		.invert_tuple = icmp_invert_tuple,
		.packet = icmp_packet,
		.get_timeouts = icmp_get_timeouts,
		.new = icmp_new,
		.error = icmp_error,
		.destroy = NULL,

net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c

+10 −4

Original line number	Diff line number	Diff line
		@@ -23,6 +23,7 @@
		#include <net/netfilter/nf_conntrack_tuple.h>
		#include <net/netfilter/nf_conntrack_l4proto.h>
		#include <net/netfilter/nf_conntrack_core.h>
		#include <net/netfilter/nf_conntrack_timeout.h>
		#include <net/netfilter/nf_conntrack_zones.h>
		#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>
		#include <net/netfilter/nf_log.h>
		@@ -93,9 +94,13 @@ static unsigned int icmpv6_get_timeouts(struct net net)
		static int icmpv6_packet(struct nf_conn *ct,
		const struct sk_buff *skb,
		unsigned int dataoff,
		enum ip_conntrack_info ctinfo,
		unsigned int *timeout)
		enum ip_conntrack_info ctinfo)
		{
		unsigned int *timeout = nf_ct_timeout_lookup(ct);

		if (!timeout)
		timeout = icmpv6_get_timeouts(nf_ct_net(ct));

		/* Do not immediately delete the connection after the first
		successful reply to avoid excessive conntrackd traffic
		and also to handle correctly ICMP echo reply duplicates. */
		@@ -106,7 +111,7 @@ static int icmpv6_packet(struct nf_conn *ct,

		/* Called when a new connection for this protocol found. */
		static bool icmpv6_new(struct nf_conn ct, const struct sk_buff skb,
		unsigned int dataoff, unsigned int *timeouts)
		unsigned int dataoff)
		{
		static const u_int8_t valid_new[] = {
		[ICMPV6_ECHO_REQUEST - 128] = 1,
		@@ -280,6 +285,8 @@ static int icmpv6_timeout_nlattr_to_obj(struct nlattr *tb[],
		unsigned int *timeout = data;
		struct nf_icmp_net *in = icmpv6_pernet(net);

		if (!timeout)
		timeout = icmpv6_get_timeouts(net);
		if (tb[CTA_TIMEOUT_ICMPV6_TIMEOUT]) {
		*timeout =
		ntohl(nla_get_be32(tb[CTA_TIMEOUT_ICMPV6_TIMEOUT])) * HZ;
		@@ -358,7 +365,6 @@ const struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 =
		.pkt_to_tuple = icmpv6_pkt_to_tuple,
		.invert_tuple = icmpv6_invert_tuple,
		.packet = icmpv6_packet,
		.get_timeouts = icmpv6_get_timeouts,
		.new = icmpv6_new,
		.error = icmpv6_error,
		#if IS_ENABLED(CONFIG_NF_CT_NETLINK)

net/netfilter/nf_conntrack_core.c

+2 −14

Original line number	Diff line number	Diff line
		@@ -1337,7 +1337,6 @@ init_conntrack(struct net net, struct nf_conn tmpl,
		const struct nf_conntrack_zone *zone;
		struct nf_conn_timeout *timeout_ext;
		struct nf_conntrack_zone tmp;
		unsigned int *timeouts;

		if (!nf_ct_invert_tuple(&repl_tuple, tuple, l4proto)) {
		pr_debug("Can't invert tuple.\n");
		@@ -1356,15 +1355,8 @@ init_conntrack(struct net net, struct nf_conn tmpl,
		}

		timeout_ext = tmpl ? nf_ct_timeout_find(tmpl) : NULL;
		if (timeout_ext) {
		timeouts = nf_ct_timeout_data(timeout_ext);
		if (unlikely(!timeouts))
		timeouts = l4proto->get_timeouts(net);
		} else {
		timeouts = l4proto->get_timeouts(net);
		}

		if (!l4proto->new(ct, skb, dataoff, timeouts)) {
		if (!l4proto->new(ct, skb, dataoff)) {
		nf_conntrack_free(ct);
		pr_debug("can't track with proto module\n");
		return NULL;
		@@ -1493,7 +1485,6 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
		const struct nf_conntrack_l4proto *l4proto;
		struct nf_conn ct, tmpl;
		enum ip_conntrack_info ctinfo;
		unsigned int *timeouts;
		u_int8_t protonum;
		int dataoff, ret;

		@@ -1552,10 +1543,7 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
		goto out;
		}

		/* Decide what timeout policy we want to apply to this flow. */
		timeouts = nf_ct_timeout_lookup(net, ct, l4proto);

		ret = l4proto->packet(ct, skb, dataoff, ctinfo, timeouts);
		ret = l4proto->packet(ct, skb, dataoff, ctinfo);
		if (ret <= 0) {
		/* Invalid: inverse of the return code tells
		* the netfilter core what to do */