diff options
| author | Gao feng <gaofeng@cn.fujitsu.com> | 2013-01-21 17:10:25 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-01-23 06:55:00 -0500 |
| commit | 83b4dbe19844b5472a8f44b6cf1d88693c080ef7 (patch) | |
| tree | d02bf69fd9692f9ba62abb9f3d311b59f9318ad8 /net | |
| parent | f94161c1bbdf7af11729cf106b4452f2432448e0 (diff) | |
netfilter: nf_ct_expect: move initialization out of pernet_operations
Move the global initial codes to the module_init/exit context.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 14 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 53 |
2 files changed, 36 insertions, 31 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index fb3e514c461e..a3cca572412c 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -1348,6 +1348,7 @@ void nf_conntrack_cleanup_end(void) | |||
| 1348 | #ifdef CONFIG_NF_CONNTRACK_ZONES | 1348 | #ifdef CONFIG_NF_CONNTRACK_ZONES |
| 1349 | nf_ct_extend_unregister(&nf_ct_zone_extend); | 1349 | nf_ct_extend_unregister(&nf_ct_zone_extend); |
| 1350 | #endif | 1350 | #endif |
| 1351 | nf_conntrack_expect_fini(); | ||
| 1351 | } | 1352 | } |
| 1352 | 1353 | ||
| 1353 | /* | 1354 | /* |
| @@ -1378,7 +1379,7 @@ void nf_conntrack_cleanup_net(struct net *net) | |||
| 1378 | nf_conntrack_ecache_fini(net); | 1379 | nf_conntrack_ecache_fini(net); |
| 1379 | nf_conntrack_tstamp_fini(net); | 1380 | nf_conntrack_tstamp_fini(net); |
| 1380 | nf_conntrack_acct_fini(net); | 1381 | nf_conntrack_acct_fini(net); |
| 1381 | nf_conntrack_expect_fini(net); | 1382 | nf_conntrack_expect_pernet_fini(net); |
| 1382 | kmem_cache_destroy(net->ct.nf_conntrack_cachep); | 1383 | kmem_cache_destroy(net->ct.nf_conntrack_cachep); |
| 1383 | kfree(net->ct.slabname); | 1384 | kfree(net->ct.slabname); |
| 1384 | free_percpu(net->ct.stat); | 1385 | free_percpu(net->ct.stat); |
| @@ -1501,6 +1502,11 @@ int nf_conntrack_init_start(void) | |||
| 1501 | printk(KERN_INFO "nf_conntrack version %s (%u buckets, %d max)\n", | 1502 | printk(KERN_INFO "nf_conntrack version %s (%u buckets, %d max)\n", |
| 1502 | NF_CONNTRACK_VERSION, nf_conntrack_htable_size, | 1503 | NF_CONNTRACK_VERSION, nf_conntrack_htable_size, |
| 1503 | nf_conntrack_max); | 1504 | nf_conntrack_max); |
| 1505 | |||
| 1506 | ret = nf_conntrack_expect_init(); | ||
| 1507 | if (ret < 0) | ||
| 1508 | goto err_expect; | ||
| 1509 | |||
| 1504 | #ifdef CONFIG_NF_CONNTRACK_ZONES | 1510 | #ifdef CONFIG_NF_CONNTRACK_ZONES |
| 1505 | ret = nf_ct_extend_register(&nf_ct_zone_extend); | 1511 | ret = nf_ct_extend_register(&nf_ct_zone_extend); |
| 1506 | if (ret < 0) | 1512 | if (ret < 0) |
| @@ -1518,7 +1524,9 @@ int nf_conntrack_init_start(void) | |||
| 1518 | 1524 | ||
| 1519 | #ifdef CONFIG_NF_CONNTRACK_ZONES | 1525 | #ifdef CONFIG_NF_CONNTRACK_ZONES |
| 1520 | err_extend: | 1526 | err_extend: |
| 1527 | nf_conntrack_expect_fini(); | ||
| 1521 | #endif | 1528 | #endif |
| 1529 | err_expect: | ||
| 1522 | return ret; | 1530 | return ret; |
| 1523 | } | 1531 | } |
| 1524 | 1532 | ||
| @@ -1575,7 +1583,7 @@ int nf_conntrack_init_net(struct net *net) | |||
| 1575 | printk(KERN_ERR "Unable to create nf_conntrack_hash\n"); | 1583 | printk(KERN_ERR "Unable to create nf_conntrack_hash\n"); |
| 1576 | goto err_hash; | 1584 | goto err_hash; |
| 1577 | } | 1585 | } |
| 1578 | ret = nf_conntrack_expect_init(net); | 1586 | ret = nf_conntrack_expect_pernet_init(net); |
| 1579 | if (ret < 0) | 1587 | if (ret < 0) |
| 1580 | goto err_expect; | 1588 | goto err_expect; |
| 1581 | ret = nf_conntrack_acct_init(net); | 1589 | ret = nf_conntrack_acct_init(net); |
| @@ -1616,7 +1624,7 @@ err_ecache: | |||
| 1616 | err_tstamp: | 1624 | err_tstamp: |
| 1617 | nf_conntrack_acct_fini(net); | 1625 | nf_conntrack_acct_fini(net); |
| 1618 | err_acct: | 1626 | err_acct: |
| 1619 | nf_conntrack_expect_fini(net); | 1627 | nf_conntrack_expect_pernet_fini(net); |
| 1620 | err_expect: | 1628 | err_expect: |
| 1621 | nf_ct_free_hashtable(net->ct.hash, net->ct.htable_size); | 1629 | nf_ct_free_hashtable(net->ct.hash, net->ct.htable_size); |
| 1622 | err_hash: | 1630 | err_hash: |
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 527651a53a45..bdd341899ed3 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
| @@ -587,53 +587,50 @@ static void exp_proc_remove(struct net *net) | |||
| 587 | 587 | ||
| 588 | module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400); | 588 | module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400); |
| 589 | 589 | ||
| 590 | int nf_conntrack_expect_init(struct net *net) | 590 | int nf_conntrack_expect_pernet_init(struct net *net) |
| 591 | { | 591 | { |
| 592 | int err = -ENOMEM; | 592 | int err = -ENOMEM; |
| 593 | 593 | ||
| 594 | if (net_eq(net, &init_net)) { | ||
| 595 | if (!nf_ct_expect_hsize) { | ||
| 596 | nf_ct_expect_hsize = net->ct.htable_size / 256; | ||
| 597 | if (!nf_ct_expect_hsize) | ||
| 598 | nf_ct_expect_hsize = 1; | ||
| 599 | } | ||
| 600 | nf_ct_expect_max = nf_ct_expect_hsize * 4; | ||
| 601 | } | ||
| 602 | |||
| 603 | net->ct.expect_count = 0; | 594 | net->ct.expect_count = 0; |
| 604 | net->ct.expect_hash = nf_ct_alloc_hashtable(&nf_ct_expect_hsize, 0); | 595 | net->ct.expect_hash = nf_ct_alloc_hashtable(&nf_ct_expect_hsize, 0); |
| 605 | if (net->ct.expect_hash == NULL) | 596 | if (net->ct.expect_hash == NULL) |
| 606 | goto err1; | 597 | goto err1; |
| 607 | 598 | ||
| 608 | if (net_eq(net, &init_net)) { | ||
| 609 | nf_ct_expect_cachep = kmem_cache_create("nf_conntrack_expect", | ||
| 610 | sizeof(struct nf_conntrack_expect), | ||
| 611 | 0, 0, NULL); | ||
| 612 | if (!nf_ct_expect_cachep) | ||
| 613 | goto err2; | ||
| 614 | } | ||
| 615 | |||
| 616 | err = exp_proc_init(net); | 599 | err = exp_proc_init(net); |
| 617 | if (err < 0) | 600 | if (err < 0) |
| 618 | goto err3; | 601 | goto err2; |
| 619 | 602 | ||
| 620 | return 0; | 603 | return 0; |
| 621 | |||
| 622 | err3: | ||
| 623 | if (net_eq(net, &init_net)) | ||
| 624 | kmem_cache_destroy(nf_ct_expect_cachep); | ||
| 625 | err2: | 604 | err2: |
| 626 | nf_ct_free_hashtable(net->ct.expect_hash, nf_ct_expect_hsize); | 605 | nf_ct_free_hashtable(net->ct.expect_hash, nf_ct_expect_hsize); |
| 627 | err1: | 606 | err1: |
| 628 | return err; | 607 | return err; |
| 629 | } | 608 | } |
| 630 | 609 | ||
| 631 | void nf_conntrack_expect_fini(struct net *net) | 610 | void nf_conntrack_expect_pernet_fini(struct net *net) |
| 632 | { | 611 | { |
| 633 | exp_proc_remove(net); | 612 | exp_proc_remove(net); |
| 634 | if (net_eq(net, &init_net)) { | ||
| 635 | rcu_barrier(); /* Wait for call_rcu() before destroy */ | ||
| 636 | kmem_cache_destroy(nf_ct_expect_cachep); | ||
| 637 | } | ||
| 638 | nf_ct_free_hashtable(net->ct.expect_hash, nf_ct_expect_hsize); | 613 | nf_ct_free_hashtable(net->ct.expect_hash, nf_ct_expect_hsize); |
| 639 | } | 614 | } |
| 615 | |||
| 616 | int nf_conntrack_expect_init(void) | ||
| 617 | { | ||
| 618 | if (!nf_ct_expect_hsize) { | ||
| 619 | nf_ct_expect_hsize = nf_conntrack_htable_size / 256; | ||
| 620 | if (!nf_ct_expect_hsize) | ||
| 621 | nf_ct_expect_hsize = 1; | ||
| 622 | } | ||
| 623 | nf_ct_expect_max = nf_ct_expect_hsize * 4; | ||
| 624 | nf_ct_expect_cachep = kmem_cache_create("nf_conntrack_expect", | ||
| 625 | sizeof(struct nf_conntrack_expect), | ||
| 626 | 0, 0, NULL); | ||
| 627 | if (!nf_ct_expect_cachep) | ||
| 628 | return -ENOMEM; | ||
| 629 | return 0; | ||
| 630 | } | ||
| 631 | |||
| 632 | void nf_conntrack_expect_fini(void) | ||
| 633 | { | ||
| 634 | rcu_barrier(); /* Wait for call_rcu() before destroy */ | ||
| 635 | kmem_cache_destroy(nf_ct_expect_cachep); | ||
| 636 | } | ||