netfilter: conntrack: use a single expectation table for all namespaces

extern unsigned int nf_ct_expect_hsize;

extern unsigned int nf_ct_expect_max;

extern struct hlist_head *nf_ct_expect_hash;

struct nf_conntrack_expect {

	/* Conntrack expectation list member */

	int			sysctl_checksum;

	struct kmem_cache	*nf_conntrack_cachep;

	struct hlist_head	*expect_hash;

	struct ct_pcpu __percpu *pcpu_lists;

	struct ip_conntrack_stat __percpu *stat;

	struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb;

static struct hlist_node *ct_expect_get_first(struct seq_file *seq)

{

	struct net *net = seq_file_net(seq);

	struct ct_expect_iter_state *st = seq->private;

	struct hlist_node *n;

	for (st->bucket = 0; st->bucket < nf_ct_expect_hsize; st->bucket++) {

		n = rcu_dereference(

			hlist_first_rcu(&net->ct.expect_hash[st->bucket]));

			hlist_first_rcu(&nf_ct_expect_hash[st->bucket]));

		if (n)

			return n;

	}

static struct hlist_node *ct_expect_get_next(struct seq_file *seq,

					     struct hlist_node *head)

{

	struct net *net = seq_file_net(seq);

	struct ct_expect_iter_state *st = seq->private;

	head = rcu_dereference(hlist_next_rcu(head));

		if (++st->bucket >= nf_ct_expect_hsize)

			return NULL;

		head = rcu_dereference(

			hlist_first_rcu(&net->ct.expect_hash[st->bucket]));

			hlist_first_rcu(&nf_ct_expect_hash[st->bucket]));

	}

	return head;

}

unsigned int nf_ct_expect_hsize __read_mostly;

EXPORT_SYMBOL_GPL(nf_ct_expect_hsize);

struct hlist_head *nf_ct_expect_hash __read_mostly;

EXPORT_SYMBOL_GPL(nf_ct_expect_hash);

unsigned int nf_ct_expect_max __read_mostly;

static struct kmem_cache *nf_ct_expect_cachep __read_mostly;

		return NULL;

	h = nf_ct_expect_dst_hash(net, tuple);

	hlist_for_each_entry_rcu(i, &net->ct.expect_hash[h], hnode) {

	hlist_for_each_entry_rcu(i, &nf_ct_expect_hash[h], hnode) {

		if (nf_ct_exp_equal(tuple, i, zone, net))

			return i;

	}

		return NULL;

	h = nf_ct_expect_dst_hash(net, tuple);

	hlist_for_each_entry(i, &net->ct.expect_hash[h], hnode) {

	hlist_for_each_entry(i, &nf_ct_expect_hash[h], hnode) {

		if (!(i->flags & NF_CT_EXPECT_INACTIVE) &&

		    nf_ct_exp_equal(tuple, i, zone, net)) {

			exp = i;

	hlist_add_head(&exp->lnode, &master_help->expectations);

	master_help->expecting[exp->class]++;

	hlist_add_head_rcu(&exp->hnode, &net->ct.expect_hash[h]);

	hlist_add_head_rcu(&exp->hnode, &nf_ct_expect_hash[h]);

	net->ct.expect_count++;

	setup_timer(&exp->timeout, nf_ct_expectation_timed_out,

		goto out;

	}

	h = nf_ct_expect_dst_hash(net, &expect->tuple);

	hlist_for_each_entry_safe(i, next, &net->ct.expect_hash[h], hnode) {

	hlist_for_each_entry_safe(i, next, &nf_ct_expect_hash[h], hnode) {

		if (expect_matches(i, expect)) {

			if (del_timer(&i->timeout)) {

				nf_ct_unlink_expect(i);

static struct hlist_node *ct_expect_get_first(struct seq_file *seq)

{

	struct net *net = seq_file_net(seq);

	struct ct_expect_iter_state *st = seq->private;

	struct hlist_node *n;

	for (st->bucket = 0; st->bucket < nf_ct_expect_hsize; st->bucket++) {

		n = rcu_dereference(hlist_first_rcu(&net->ct.expect_hash[st->bucket]));

		n = rcu_dereference(hlist_first_rcu(&nf_ct_expect_hash[st->bucket]));

		if (n)

			return n;

	}

static struct hlist_node *ct_expect_get_next(struct seq_file *seq,

					     struct hlist_node *head)

{

	struct net *net = seq_file_net(seq);

	struct ct_expect_iter_state *st = seq->private;

	head = rcu_dereference(hlist_next_rcu(head));

	while (head == NULL) {

		if (++st->bucket >= nf_ct_expect_hsize)

			return NULL;

		head = rcu_dereference(hlist_first_rcu(&net->ct.expect_hash[st->bucket]));

		head = rcu_dereference(hlist_first_rcu(&nf_ct_expect_hash[st->bucket]));

	}

	return head;

}

int nf_conntrack_expect_pernet_init(struct net *net)

{

	int err = -ENOMEM;

	net->ct.expect_count = 0;

	net->ct.expect_hash = nf_ct_alloc_hashtable(&nf_ct_expect_hsize, 0);

	if (net->ct.expect_hash == NULL)

		goto err1;

	err = exp_proc_init(net);

	if (err < 0)

		goto err2;

	return 0;

err2:

	nf_ct_free_hashtable(net->ct.expect_hash, nf_ct_expect_hsize);

err1:

	return err;

	return exp_proc_init(net);

}

void nf_conntrack_expect_pernet_fini(struct net *net)

{

	exp_proc_remove(net);

	nf_ct_free_hashtable(net->ct.expect_hash, nf_ct_expect_hsize);

}

int nf_conntrack_expect_init(void)

				0, 0, NULL);

	if (!nf_ct_expect_cachep)

		return -ENOMEM;

	nf_ct_expect_hash = nf_ct_alloc_hashtable(&nf_ct_expect_hsize, 0);

	if (!nf_ct_expect_hash) {

		kmem_cache_destroy(nf_ct_expect_cachep);

		return -ENOMEM;

	}

	return 0;

}

{

	rcu_barrier(); /* Wait for call_rcu() before destroy */

	kmem_cache_destroy(nf_ct_expect_cachep);

	nf_ct_free_hashtable(nf_ct_expect_hash, nf_ct_expect_hsize);

}

	spin_lock_bh(&nf_conntrack_expect_lock);

	for (i = 0; i < nf_ct_expect_hsize; i++) {

		hlist_for_each_entry_safe(exp, next,

					  &net->ct.expect_hash[i], hnode) {

					  &nf_ct_expect_hash[i], hnode) {

			struct nf_conn_help *help = nfct_help(exp->master);

			if ((rcu_dereference_protected(

					help->helper,