Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7b8002a1 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nfnetlink: pass down netns pointer to call() and call_rcu() 



Adapt callsites to avoid recurrent lookup of the netns pointer.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent f4c756b4

include/linux/netfilter/nfnetlink.h

+4 −4
Original line number Diff line number Diff line
@@ -8,10 +8,10 @@ 
#include <uapi/linux/netfilter/nfnetlink.h>



struct nfnl_callback {

	int (*call)(struct sock *nl, struct sk_buff *skb, 

	int (*call)(struct net *net, struct sock *nl, struct sk_buff *skb,

		    const struct nlmsghdr *nlh,

		    const struct nlattr * const cda[]);

	int (*call_rcu)(struct sock *nl, struct sk_buff *skb, 

	int (*call_rcu)(struct net *net, struct sock *nl, struct sk_buff *skb,

			const struct nlmsghdr *nlh,

			const struct nlattr * const cda[]);

	int (*call_batch)(struct net *net, struct sock *nl, struct sk_buff *skb,

net/netfilter/ipset/ip_set_core.c

+47 −61
Original line number Diff line number Diff line
@@ -825,20 +825,17 @@ find_free_id(struct ip_set_net *inst, const char *name, ip_set_id_t *index, 
	return 0;

}



static int

ip_set_none(struct sock *ctnl, struct sk_buff *skb,

static int ip_set_none(struct net *net, struct sock *ctnl, struct sk_buff *skb,

		       const struct nlmsghdr *nlh,

		       const struct nlattr * const attr[])

{

	return -EOPNOTSUPP;

}



static int

ip_set_create(struct sock *ctnl, struct sk_buff *skb,

	      const struct nlmsghdr *nlh,

static int ip_set_create(struct net *net, struct sock *ctnl,

			 struct sk_buff *skb, const struct nlmsghdr *nlh,

			 const struct nlattr * const attr[])

{

	struct net *net = sock_net(ctnl);

	struct ip_set_net *inst = ip_set_pernet(net);

	struct ip_set *set, *clash = NULL;

	ip_set_id_t index = IPSET_INVALID_ID;
@@ -976,12 +973,11 @@ ip_set_destroy_set(struct ip_set *set) 
	kfree(set);

}



static int

ip_set_destroy(struct sock *ctnl, struct sk_buff *skb,

	       const struct nlmsghdr *nlh,

static int ip_set_destroy(struct net *net, struct sock *ctnl,

			  struct sk_buff *skb, const struct nlmsghdr *nlh,

			  const struct nlattr * const attr[])

{

	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));

	struct ip_set_net *inst = ip_set_pernet(net);

	struct ip_set *s;

	ip_set_id_t i;

	int ret = 0;
@@ -1052,12 +1048,11 @@ ip_set_flush_set(struct ip_set *set) 
	spin_unlock_bh(&set->lock);

}



static int

ip_set_flush(struct sock *ctnl, struct sk_buff *skb,

static int ip_set_flush(struct net *net, struct sock *ctnl, struct sk_buff *skb,

			const struct nlmsghdr *nlh,

			const struct nlattr * const attr[])

{

	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));

	struct ip_set_net *inst = ip_set_pernet(net);

	struct ip_set *s;

	ip_set_id_t i;
@@ -1092,12 +1087,11 @@ ip_set_setname2_policy[IPSET_ATTR_CMD_MAX + 1] = { 
				    .len = IPSET_MAXNAMELEN - 1 },

};



static int

ip_set_rename(struct sock *ctnl, struct sk_buff *skb,

	      const struct nlmsghdr *nlh,

static int ip_set_rename(struct net *net, struct sock *ctnl,

			 struct sk_buff *skb, const struct nlmsghdr *nlh,

			 const struct nlattr * const attr[])

{

	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));

	struct ip_set_net *inst = ip_set_pernet(net);

	struct ip_set *set, *s;

	const char *name2;

	ip_set_id_t i;
@@ -1142,12 +1136,11 @@ ip_set_rename(struct sock *ctnl, struct sk_buff *skb, 
 * so the ip_set_list always contains valid pointers to the sets.

 */



static int

ip_set_swap(struct sock *ctnl, struct sk_buff *skb,

static int ip_set_swap(struct net *net, struct sock *ctnl, struct sk_buff *skb,

		       const struct nlmsghdr *nlh,

		       const struct nlattr * const attr[])

{

	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));

	struct ip_set_net *inst = ip_set_pernet(net);

	struct ip_set *from, *to;

	ip_set_id_t from_id, to_id;

	char from_name[IPSET_MAXNAMELEN];
@@ -1413,8 +1406,7 @@ ip_set_dump_start(struct sk_buff *skb, struct netlink_callback *cb) 
	return ret < 0 ? ret : skb->len;

}



static int

ip_set_dump(struct sock *ctnl, struct sk_buff *skb,

static int ip_set_dump(struct net *net, struct sock *ctnl, struct sk_buff *skb,

		       const struct nlmsghdr *nlh,

		       const struct nlattr * const attr[])

{
@@ -1500,12 +1492,11 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set, 
	return ret;

}



static int

ip_set_uadd(struct sock *ctnl, struct sk_buff *skb,

static int ip_set_uadd(struct net *net, struct sock *ctnl, struct sk_buff *skb,

		       const struct nlmsghdr *nlh,

		       const struct nlattr * const attr[])

{

	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));

	struct ip_set_net *inst = ip_set_pernet(net);

	struct ip_set *set;

	struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};

	const struct nlattr *nla;
@@ -1555,12 +1546,11 @@ ip_set_uadd(struct sock *ctnl, struct sk_buff *skb, 
	return ret;

}



static int

ip_set_udel(struct sock *ctnl, struct sk_buff *skb,

static int ip_set_udel(struct net *net, struct sock *ctnl, struct sk_buff *skb,

		       const struct nlmsghdr *nlh,

		       const struct nlattr * const attr[])

{

	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));

	struct ip_set_net *inst = ip_set_pernet(net);

	struct ip_set *set;

	struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};

	const struct nlattr *nla;
@@ -1610,12 +1600,11 @@ ip_set_udel(struct sock *ctnl, struct sk_buff *skb, 
	return ret;

}



static int

ip_set_utest(struct sock *ctnl, struct sk_buff *skb,

static int ip_set_utest(struct net *net, struct sock *ctnl, struct sk_buff *skb,

			const struct nlmsghdr *nlh,

			const struct nlattr * const attr[])

{

	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));

	struct ip_set_net *inst = ip_set_pernet(net);

	struct ip_set *set;

	struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};

	int ret = 0;
@@ -1646,12 +1635,11 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb, 


/* Get headed data of a set */



static int

ip_set_header(struct sock *ctnl, struct sk_buff *skb,

	      const struct nlmsghdr *nlh,

static int ip_set_header(struct net *net, struct sock *ctnl,

			 struct sk_buff *skb, const struct nlmsghdr *nlh,

			 const struct nlattr * const attr[])

{

	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));

	struct ip_set_net *inst = ip_set_pernet(net);

	const struct ip_set *set;

	struct sk_buff *skb2;

	struct nlmsghdr *nlh2;
@@ -1703,8 +1691,7 @@ static const struct nla_policy ip_set_type_policy[IPSET_ATTR_CMD_MAX + 1] = { 
	[IPSET_ATTR_FAMILY]	= { .type = NLA_U8 },

};



static int

ip_set_type(struct sock *ctnl, struct sk_buff *skb,

static int ip_set_type(struct net *net, struct sock *ctnl, struct sk_buff *skb,

		       const struct nlmsghdr *nlh,

		       const struct nlattr * const attr[])

{
@@ -1762,9 +1749,8 @@ ip_set_protocol_policy[IPSET_ATTR_CMD_MAX + 1] = { 
	[IPSET_ATTR_PROTOCOL]	= { .type = NLA_U8 },

};



static int

ip_set_protocol(struct sock *ctnl, struct sk_buff *skb,

		const struct nlmsghdr *nlh,

static int ip_set_protocol(struct net *net, struct sock *ctnl,

			   struct sk_buff *skb, const struct nlmsghdr *nlh,

			   const struct nlattr * const attr[])

{

	struct sk_buff *skb2;

net/netfilter/nf_conntrack_netlink.c

+43 −53
Original line number Diff line number Diff line
@@ -1113,12 +1113,11 @@ static int ctnetlink_flush_conntrack(struct net *net, 
	return 0;

}



static int

ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,

static int ctnetlink_del_conntrack(struct net *net, struct sock *ctnl,

				   struct sk_buff *skb,

				   const struct nlmsghdr *nlh,

				   const struct nlattr * const cda[])

{

	struct net *net = sock_net(ctnl);

	struct nf_conntrack_tuple_hash *h;

	struct nf_conntrack_tuple tuple;

	struct nf_conn *ct;
@@ -1168,12 +1167,11 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb, 
	return 0;

}



static int

ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,

static int ctnetlink_get_conntrack(struct net *net, struct sock *ctnl,

				   struct sk_buff *skb,

				   const struct nlmsghdr *nlh,

				   const struct nlattr * const cda[])

{

	struct net *net = sock_net(ctnl);

	struct nf_conntrack_tuple_hash *h;

	struct nf_conntrack_tuple tuple;

	struct nf_conn *ct;
@@ -1330,8 +1328,8 @@ ctnetlink_dump_dying(struct sk_buff *skb, struct netlink_callback *cb) 
	return ctnetlink_dump_list(skb, cb, true);

}



static int

ctnetlink_get_ct_dying(struct sock *ctnl, struct sk_buff *skb,

static int ctnetlink_get_ct_dying(struct net *net, struct sock *ctnl,

				  struct sk_buff *skb,

				  const struct nlmsghdr *nlh,

				  const struct nlattr * const cda[])

{
@@ -1352,8 +1350,8 @@ ctnetlink_dump_unconfirmed(struct sk_buff *skb, struct netlink_callback *cb) 
	return ctnetlink_dump_list(skb, cb, false);

}



static int

ctnetlink_get_ct_unconfirmed(struct sock *ctnl, struct sk_buff *skb,

static int ctnetlink_get_ct_unconfirmed(struct net *net, struct sock *ctnl,

					struct sk_buff *skb,

					const struct nlmsghdr *nlh,

					const struct nlattr * const cda[])

{
@@ -1865,12 +1863,11 @@ ctnetlink_create_conntrack(struct net *net, 
	return ERR_PTR(err);

}



static int

ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,

static int ctnetlink_new_conntrack(struct net *net, struct sock *ctnl,

				   struct sk_buff *skb,

				   const struct nlmsghdr *nlh,

				   const struct nlattr * const cda[])

{

	struct net *net = sock_net(ctnl);

	struct nf_conntrack_tuple otuple, rtuple;

	struct nf_conntrack_tuple_hash *h = NULL;

	struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@@ -2034,8 +2031,8 @@ ctnetlink_ct_stat_cpu_dump(struct sk_buff *skb, struct netlink_callback *cb) 
	return skb->len;

}



static int

ctnetlink_stat_ct_cpu(struct sock *ctnl, struct sk_buff *skb,

static int ctnetlink_stat_ct_cpu(struct net *net, struct sock *ctnl,

				 struct sk_buff *skb,

				 const struct nlmsghdr *nlh,

				 const struct nlattr * const cda[])

{
@@ -2080,9 +2077,8 @@ ctnetlink_stat_ct_fill_info(struct sk_buff *skb, u32 portid, u32 seq, u32 type, 
	return -1;

}



static int

ctnetlink_stat_ct(struct sock *ctnl, struct sk_buff *skb,

		  const struct nlmsghdr *nlh,

static int ctnetlink_stat_ct(struct net *net, struct sock *ctnl,

			     struct sk_buff *skb, const struct nlmsghdr *nlh,

			     const struct nlattr * const cda[])

{

	struct sk_buff *skb2;
@@ -2729,12 +2725,12 @@ ctnetlink_exp_ct_dump_table(struct sk_buff *skb, struct netlink_callback *cb) 
	return skb->len;

}



static int ctnetlink_dump_exp_ct(struct sock *ctnl, struct sk_buff *skb,

static int ctnetlink_dump_exp_ct(struct net *net, struct sock *ctnl,

				 struct sk_buff *skb,

				 const struct nlmsghdr *nlh,

				 const struct nlattr * const cda[])

{

	int err;

	struct net *net = sock_net(ctnl);

	struct nfgenmsg *nfmsg = nlmsg_data(nlh);

	u_int8_t u3 = nfmsg->nfgen_family;

	struct nf_conntrack_tuple tuple;
@@ -2768,12 +2764,10 @@ static int ctnetlink_dump_exp_ct(struct sock *ctnl, struct sk_buff *skb, 
	return err;

}



static int

ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,

		     const struct nlmsghdr *nlh,

static int ctnetlink_get_expect(struct net *net, struct sock *ctnl,

				struct sk_buff *skb, const struct nlmsghdr *nlh,

				const struct nlattr * const cda[])

{

	struct net *net = sock_net(ctnl);

	struct nf_conntrack_tuple tuple;

	struct nf_conntrack_expect *exp;

	struct sk_buff *skb2;
@@ -2784,7 +2778,7 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, 


	if (nlh->nlmsg_flags & NLM_F_DUMP) {

		if (cda[CTA_EXPECT_MASTER])

			return ctnetlink_dump_exp_ct(ctnl, skb, nlh, cda);

			return ctnetlink_dump_exp_ct(net, ctnl, skb, nlh, cda);

		else {

			struct netlink_dump_control c = {

				.dump = ctnetlink_exp_dump_table,
@@ -2850,12 +2844,10 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, 
	return err == -EAGAIN ? -ENOBUFS : err;

}



static int

ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,

		     const struct nlmsghdr *nlh,

static int ctnetlink_del_expect(struct net *net, struct sock *ctnl,

				struct sk_buff *skb, const struct nlmsghdr *nlh,

				const struct nlattr * const cda[])

{

	struct net *net = sock_net(ctnl);

	struct nf_conntrack_expect *exp;

	struct nf_conntrack_tuple tuple;

	struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@@ -3136,12 +3128,10 @@ ctnetlink_create_expect(struct net *net, 
	return err;

}



static int

ctnetlink_new_expect(struct sock *ctnl, struct sk_buff *skb,

		     const struct nlmsghdr *nlh,

static int ctnetlink_new_expect(struct net *net, struct sock *ctnl,

				struct sk_buff *skb, const struct nlmsghdr *nlh,

				const struct nlattr * const cda[])

{

	struct net *net = sock_net(ctnl);

	struct nf_conntrack_tuple tuple;

	struct nf_conntrack_expect *exp;

	struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@@ -3242,8 +3232,8 @@ ctnetlink_exp_stat_cpu_dump(struct sk_buff *skb, struct netlink_callback *cb) 
	return skb->len;

}



static int

ctnetlink_stat_exp_cpu(struct sock *ctnl, struct sk_buff *skb,

static int ctnetlink_stat_exp_cpu(struct net *net, struct sock *ctnl,

				  struct sk_buff *skb,

				  const struct nlmsghdr *nlh,

				  const struct nlattr * const cda[])

{

net/netfilter/nf_tables_api.c

+12 −18
Original line number Diff line number Diff line
@@ -543,15 +543,14 @@ static int nf_tables_dump_tables(struct sk_buff *skb, 
	return skb->len;

}



static int nf_tables_gettable(struct sock *nlsk, struct sk_buff *skb,

			      const struct nlmsghdr *nlh,

static int nf_tables_gettable(struct net *net, struct sock *nlsk,

			      struct sk_buff *skb, const struct nlmsghdr *nlh,

			      const struct nlattr * const nla[])

{

	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);

	const struct nft_af_info *afi;

	const struct nft_table *table;

	struct sk_buff *skb2;

	struct net *net = sock_net(skb->sk);

	int family = nfmsg->nfgen_family;

	int err;
@@ -1097,8 +1096,8 @@ static int nf_tables_dump_chains(struct sk_buff *skb, 
	return skb->len;

}



static int nf_tables_getchain(struct sock *nlsk, struct sk_buff *skb,

			      const struct nlmsghdr *nlh,

static int nf_tables_getchain(struct net *net, struct sock *nlsk,

			      struct sk_buff *skb, const struct nlmsghdr *nlh,

			      const struct nlattr * const nla[])

{

	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@@ -1106,7 +1105,6 @@ static int nf_tables_getchain(struct sock *nlsk, struct sk_buff *skb, 
	const struct nft_table *table;

	const struct nft_chain *chain;

	struct sk_buff *skb2;

	struct net *net = sock_net(skb->sk);

	int family = nfmsg->nfgen_family;

	int err;
@@ -1923,8 +1921,8 @@ static int nf_tables_dump_rules(struct sk_buff *skb, 
	return skb->len;

}



static int nf_tables_getrule(struct sock *nlsk, struct sk_buff *skb,

			     const struct nlmsghdr *nlh,

static int nf_tables_getrule(struct net *net, struct sock *nlsk,

			     struct sk_buff *skb, const struct nlmsghdr *nlh,

			     const struct nlattr * const nla[])

{

	const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
@@ -1933,7 +1931,6 @@ static int nf_tables_getrule(struct sock *nlsk, struct sk_buff *skb, 
	const struct nft_chain *chain;

	const struct nft_rule *rule;

	struct sk_buff *skb2;

	struct net *net = sock_net(skb->sk);

	int family = nfmsg->nfgen_family;

	int err;
@@ -2604,11 +2601,10 @@ static int nf_tables_dump_sets_done(struct netlink_callback *cb) 
	return 0;

}



static int nf_tables_getset(struct sock *nlsk, struct sk_buff *skb,

			    const struct nlmsghdr *nlh,

static int nf_tables_getset(struct net *net, struct sock *nlsk,

			    struct sk_buff *skb, const struct nlmsghdr *nlh,

			    const struct nlattr * const nla[])

{

	struct net *net = sock_net(skb->sk);

	const struct nft_set *set;

	struct nft_ctx ctx;

	struct sk_buff *skb2;
@@ -3190,11 +3186,10 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb) 
	return -ENOSPC;

}



static int nf_tables_getsetelem(struct sock *nlsk, struct sk_buff *skb,

				const struct nlmsghdr *nlh,

static int nf_tables_getsetelem(struct net *net, struct sock *nlsk,

				struct sk_buff *skb, const struct nlmsghdr *nlh,

				const struct nlattr * const nla[])

{

	struct net *net = sock_net(skb->sk);

	const struct nft_set *set;

	struct nft_ctx ctx;

	int err;
@@ -3723,11 +3718,10 @@ static int nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) 
	return err;

}



static int nf_tables_getgen(struct sock *nlsk, struct sk_buff *skb,

			    const struct nlmsghdr *nlh,

static int nf_tables_getgen(struct net *net, struct sock *nlsk,

			    struct sk_buff *skb, const struct nlmsghdr *nlh,

			    const struct nlattr * const nla[])

{

	struct net *net = sock_net(skb->sk);

	struct sk_buff *skb2;

	int err;

net/netfilter/nfnetlink.c

+3 −3
Original line number Diff line number Diff line
@@ -206,7 +206,7 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 
		}



		if (nc->call_rcu) {

			err = nc->call_rcu(net->nfnl, skb, nlh,

			err = nc->call_rcu(net, net->nfnl, skb, nlh,

					   (const struct nlattr **)cda);

			rcu_read_unlock();

		} else {
@@ -216,7 +216,7 @@ static int nfnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 
			    nfnetlink_find_client(type, ss) != nc)

				err = -EAGAIN;

			else if (nc->call)

				err = nc->call(net->nfnl, skb, nlh,

				err = nc->call(net, net->nfnl, skb, nlh,

					       (const struct nlattr **)cda);

			else

				err = -EINVAL;