[NETFILTER]: xt_helper: use RCU

MODULE_ALIAS("ipt_helper");

MODULE_ALIAS("ip6t_helper");

#if 0

#define DEBUGP printk

#else

#define DEBUGP(format, args...)

#endif

static bool

match(const struct sk_buff *skb,

	const struct xt_helper_info *info = matchinfo;

	const struct nf_conn *ct;

	const struct nf_conn_help *master_help;

	const struct nf_conntrack_helper *helper;

	enum ip_conntrack_info ctinfo;

	bool ret = info->invert;

	ct = nf_ct_get(skb, &ctinfo);

	if (!ct) {

		DEBUGP("xt_helper: Eek! invalid conntrack?\n");

	if (!ct || !ct->master)

		return ret;

	}

	if (!ct->master) {

		DEBUGP("xt_helper: conntrack %p has no master\n", ct);

		return ret;

	}

	read_lock_bh(&nf_conntrack_lock);

	master_help = nfct_help(ct->master);

	if (!master_help || !master_help->helper) {

		DEBUGP("xt_helper: master ct %p has no helper\n",

			exp->expectant);

		goto out_unlock;

	}

	if (!master_help)

		return ret;

	DEBUGP("master's name = %s , info->name = %s\n",

		ct->master->helper->name, info->name);

	/* rcu_read_lock()ed by nf_hook_slow */

	helper = rcu_dereference(master_help->helper);

	if (!helper)

		return ret;

	if (info->name[0] == '\0')

		ret = !ret;

	else

		ret ^= !strncmp(master_help->helper->name, info->name,

				strlen(master_help->helper->name));

out_unlock:

	read_unlock_bh(&nf_conntrack_lock);

	return ret;

}