Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7e35ec0e authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: conntrack: move nf_ct_netns_{get,put}() to core 



So we can call this from other expression that need conntrack in place
to work.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Acked-by: default avatarFlorian Westphal <fw@strlen.de>
parent 5caaed15

net/netfilter/nf_conntrack_proto.c

+35 −2
Original line number Diff line number Diff line
@@ -172,7 +172,7 @@ void nf_ct_l3proto_module_put(unsigned short l3proto) 
}

EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);



int nf_ct_netns_get(struct net *net, u8 nfproto)

static int nf_ct_netns_do_get(struct net *net, u8 nfproto)

{

	const struct nf_conntrack_l3proto *l3proto;

	int ret;
@@ -197,9 +197,33 @@ int nf_ct_netns_get(struct net *net, u8 nfproto) 


	return ret;

}



int nf_ct_netns_get(struct net *net, u8 nfproto)

{

	int err;



	if (nfproto == NFPROTO_INET) {

		err = nf_ct_netns_do_get(net, NFPROTO_IPV4);

		if (err < 0)

			goto err1;

		err = nf_ct_netns_do_get(net, NFPROTO_IPV6);

		if (err < 0)

			goto err2;

	} else {

		err = nf_ct_netns_do_get(net, nfproto);

		if (err < 0)

			goto err1;

	}

	return 0;



err2:

	nf_ct_netns_put(net, NFPROTO_IPV4);

err1:

	return err;

}

EXPORT_SYMBOL_GPL(nf_ct_netns_get);



void nf_ct_netns_put(struct net *net, u8 nfproto)

static void nf_ct_netns_do_put(struct net *net, u8 nfproto)

{

	const struct nf_conntrack_l3proto *l3proto;
@@ -218,6 +242,15 @@ void nf_ct_netns_put(struct net *net, u8 nfproto) 


	nf_ct_l3proto_module_put(nfproto);

}



void nf_ct_netns_put(struct net *net, uint8_t nfproto)

{

	if (nfproto == NFPROTO_INET) {

		nf_ct_netns_do_put(net, NFPROTO_IPV4);

		nf_ct_netns_do_put(net, NFPROTO_IPV6);

	} else

		nf_ct_netns_do_put(net, nfproto);

}

EXPORT_SYMBOL_GPL(nf_ct_netns_put);



const struct nf_conntrack_l4proto *

net/netfilter/nft_ct.c

+3 −36
Original line number Diff line number Diff line
@@ -312,39 +312,6 @@ static const struct nla_policy nft_ct_policy[NFTA_CT_MAX + 1] = { 
	[NFTA_CT_SREG]		= { .type = NLA_U32 },

};



static int nft_ct_netns_get(struct net *net, uint8_t family)

{

	int err;



	if (family == NFPROTO_INET) {

		err = nf_ct_netns_get(net, NFPROTO_IPV4);

		if (err < 0)

			goto err1;

		err = nf_ct_netns_get(net, NFPROTO_IPV6);

		if (err < 0)

			goto err2;

	} else {

		err = nf_ct_netns_get(net, family);

		if (err < 0)

			goto err1;

	}

	return 0;



err2:

	nf_ct_netns_put(net, NFPROTO_IPV4);

err1:

	return err;

}



static void nft_ct_netns_put(struct net *net, uint8_t family)

{

	if (family == NFPROTO_INET) {

		nf_ct_netns_put(net, NFPROTO_IPV4);

		nf_ct_netns_put(net, NFPROTO_IPV6);

	} else

		nf_ct_netns_put(net, family);

}



#ifdef CONFIG_NF_CONNTRACK_ZONES

static void nft_ct_tmpl_put_pcpu(void)

{
@@ -489,7 +456,7 @@ static int nft_ct_get_init(const struct nft_ctx *ctx, 
	if (err < 0)

		return err;



	err = nft_ct_netns_get(ctx->net, ctx->afi->family);

	err = nf_ct_netns_get(ctx->net, ctx->afi->family);

	if (err < 0)

		return err;
@@ -583,7 +550,7 @@ static int nft_ct_set_init(const struct nft_ctx *ctx, 
	if (err < 0)

		goto err1;



	err = nft_ct_netns_get(ctx->net, ctx->afi->family);

	err = nf_ct_netns_get(ctx->net, ctx->afi->family);

	if (err < 0)

		goto err1;
@@ -606,7 +573,7 @@ static void nft_ct_set_destroy(const struct nft_ctx *ctx, 
	struct nft_ct *priv = nft_expr_priv(expr);



	__nft_ct_set_destroy(ctx, priv);

	nft_ct_netns_put(ctx->net, ctx->afi->family);

	nf_ct_netns_put(ctx->net, ctx->afi->family);

}



static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr)