Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 02982c27 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_conntrack: remove duplicate code in ctnetlink 



ctnetlink contains copy-paste code from death_by_timeout.  In order to
avoid changing both places in upcoming event delivery patch,
export death_by_timeout functionality and use it in the ctnetlink code.

Based on earlier patch from Pablo Neira.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 93742cf8

include/net/netfilter/nf_conntrack.h

+1 −2
Original line number Original line Diff line number Diff line
@@ -181,8 +181,7 @@ __nf_conntrack_find(struct net *net, u16 zone, 
		    const struct nf_conntrack_tuple *tuple);

		    const struct nf_conntrack_tuple *tuple);





extern int nf_conntrack_hash_check_insert(struct nf_conn *ct);

extern int nf_conntrack_hash_check_insert(struct nf_conn *ct);

extern void nf_ct_delete_from_lists(struct nf_conn *ct);

bool nf_ct_delete(struct nf_conn *ct, u32 pid, int report);

extern void nf_ct_dying_timeout(struct nf_conn *ct);





extern void nf_conntrack_flush_report(struct net *net, u32 portid, int report);

extern void nf_conntrack_flush_report(struct net *net, u32 portid, int report);

net/netfilter/nf_conntrack_core.c

+16 −13
Original line number Original line Diff line number Diff line
@@ -238,7 +238,7 @@ destroy_conntrack(struct nf_conntrack *nfct) 
	nf_conntrack_free(ct);

	nf_conntrack_free(ct);

}

}





void nf_ct_delete_from_lists(struct nf_conn *ct)

static void nf_ct_delete_from_lists(struct nf_conn *ct)

{

{

	struct net *net = nf_ct_net(ct);

	struct net *net = nf_ct_net(ct);
@@ -253,7 +253,6 @@ void nf_ct_delete_from_lists(struct nf_conn *ct) 
			     &net->ct.dying);

			     &net->ct.dying);

	spin_unlock_bh(&nf_conntrack_lock);

	spin_unlock_bh(&nf_conntrack_lock);

}

}

EXPORT_SYMBOL_GPL(nf_ct_delete_from_lists);





static void death_by_event(unsigned long ul_conntrack)

static void death_by_event(unsigned long ul_conntrack)

{

{
@@ -275,7 +274,7 @@ static void death_by_event(unsigned long ul_conntrack) 
	nf_ct_put(ct);

	nf_ct_put(ct);

}

}





void nf_ct_dying_timeout(struct nf_conn *ct)

static void nf_ct_dying_timeout(struct nf_conn *ct)

{

{

	struct net *net = nf_ct_net(ct);

	struct net *net = nf_ct_net(ct);

	struct nf_conntrack_ecache *ecache = nf_ct_ecache_find(ct);

	struct nf_conntrack_ecache *ecache = nf_ct_ecache_find(ct);
@@ -288,27 +287,33 @@ void nf_ct_dying_timeout(struct nf_conn *ct) 
		(prandom_u32() % net->ct.sysctl_events_retry_timeout);

		(prandom_u32() % net->ct.sysctl_events_retry_timeout);

	add_timer(&ecache->timeout);

	add_timer(&ecache->timeout);

}

}

EXPORT_SYMBOL_GPL(nf_ct_dying_timeout);





static void death_by_timeout(unsigned long ul_conntrack)

bool nf_ct_delete(struct nf_conn *ct, u32 portid, int report)

{

{

	struct nf_conn *ct = (void *)ul_conntrack;

	struct nf_conn_tstamp *tstamp;

	struct nf_conn_tstamp *tstamp;





	tstamp = nf_conn_tstamp_find(ct);

	tstamp = nf_conn_tstamp_find(ct);

	if (tstamp && tstamp->stop == 0)

	if (tstamp && tstamp->stop == 0)

		tstamp->stop = ktime_to_ns(ktime_get_real());

		tstamp->stop = ktime_to_ns(ktime_get_real());





	if (!test_bit(IPS_DYING_BIT, &ct->status) &&

	if (!nf_ct_is_dying(ct) &&

	    unlikely(nf_conntrack_event(IPCT_DESTROY, ct) < 0)) {

	    unlikely(nf_conntrack_event_report(IPCT_DESTROY, ct,

	    portid, report) < 0)) {

		/* destroy event was not delivered */

		/* destroy event was not delivered */

		nf_ct_delete_from_lists(ct);

		nf_ct_delete_from_lists(ct);

		nf_ct_dying_timeout(ct);

		nf_ct_dying_timeout(ct);

		return;

		return false;

	}

	}

	set_bit(IPS_DYING_BIT, &ct->status);

	set_bit(IPS_DYING_BIT, &ct->status);

	nf_ct_delete_from_lists(ct);

	nf_ct_delete_from_lists(ct);

	nf_ct_put(ct);

	nf_ct_put(ct);

	return true;

}

EXPORT_SYMBOL_GPL(nf_ct_delete);



static void death_by_timeout(unsigned long ul_conntrack)

{

	nf_ct_delete((struct nf_conn *)ul_conntrack, 0, 0);

}

}





/*

/*
@@ -643,10 +648,7 @@ static noinline int early_drop(struct net *net, unsigned int hash) 
		return dropped;

		return dropped;





	if (del_timer(&ct->timeout)) {

	if (del_timer(&ct->timeout)) {

		death_by_timeout((unsigned long)ct);

		if (nf_ct_delete(ct, 0, 0)) {

		/* Check if we indeed killed this entry. Reliable event

		   delivery may have inserted it into the dying list. */

		if (test_bit(IPS_DYING_BIT, &ct->status)) {

			dropped = 1;

			dropped = 1;

			NF_CT_STAT_INC_ATOMIC(net, early_drop);

			NF_CT_STAT_INC_ATOMIC(net, early_drop);

		}

		}
@@ -1253,6 +1255,7 @@ void nf_ct_iterate_cleanup(struct net *net, 
		/* Time to push up daises... */

		/* Time to push up daises... */

		if (del_timer(&ct->timeout))

		if (del_timer(&ct->timeout))

			death_by_timeout((unsigned long)ct);

			death_by_timeout((unsigned long)ct);



		/* ... else the timer will get him soon. */

		/* ... else the timer will get him soon. */





		nf_ct_put(ct);

		nf_ct_put(ct);

net/netfilter/nf_conntrack_netlink.c

+3 −15
Original line number Original line Diff line number Diff line
@@ -1038,21 +1038,9 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb, 
		}

		}

	}

	}





	if (del_timer(&ct->timeout)) {

	if (del_timer(&ct->timeout))

		if (nf_conntrack_event_report(IPCT_DESTROY, ct,

		nf_ct_delete(ct, NETLINK_CB(skb).portid, nlmsg_report(nlh));

					      NETLINK_CB(skb).portid,



					      nlmsg_report(nlh)) < 0) {

			nf_ct_delete_from_lists(ct);

			/* we failed to report the event, try later */

			nf_ct_dying_timeout(ct);

			nf_ct_put(ct);

			return 0;

		}

		/* death_by_timeout would report the event again */

		set_bit(IPS_DYING_BIT, &ct->status);

		nf_ct_delete_from_lists(ct);

		nf_ct_put(ct);

	}

	nf_ct_put(ct);

	nf_ct_put(ct);





	return 0;

	return 0;