aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>2007-07-08 01:26:16 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-07-11 01:17:36 -0400
commitd8a0509a696de60296a66ba4fe4f9eaade497103 (patch)
tree6aa00195176f8cd05221e356877ec83d0aa0536c
parentdacd2a1a5cf621288833aa3c6e815b86a1536538 (diff)
[NETFILTER]: nf_nat: kill global 'destroy' operation
This kills the global 'destroy' operation which was used by NAT. Instead it uses the extension infrastructure so that multiple extensions can register own operations. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--include/net/netfilter/nf_conntrack.h3
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c46
-rw-r--r--net/netfilter/nf_conntrack_core.c8
3 files changed, 22 insertions, 35 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 71386e5c4bb7..ef4a403878a3 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -213,9 +213,6 @@ extern void nf_conntrack_tcp_update(struct sk_buff *skb,
213 struct nf_conn *conntrack, 213 struct nf_conn *conntrack,
214 int dir); 214 int dir);
215 215
216/* Call me when a conntrack is destroyed. */
217extern void (*nf_conntrack_destroyed)(struct nf_conn *conntrack);
218
219/* Fake conntrack entry for untracked connections */ 216/* Fake conntrack entry for untracked connections */
220extern struct nf_conn nf_conntrack_untracked; 217extern struct nf_conn nf_conntrack_untracked;
221 218
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 4ce82d7014ff..e370d1568001 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -87,20 +87,6 @@ hash_by_src(const struct nf_conntrack_tuple *tuple)
87 tuple->dst.protonum, 0) % nf_nat_htable_size; 87 tuple->dst.protonum, 0) % nf_nat_htable_size;
88} 88}
89 89
90/* Noone using conntrack by the time this called. */
91static void nf_nat_cleanup_conntrack(struct nf_conn *conn)
92{
93 struct nf_conn_nat *nat;
94 if (!(conn->status & IPS_NAT_DONE_MASK))
95 return;
96
97 nat = nfct_nat(conn);
98 write_lock_bh(&nf_nat_lock);
99 list_del(&nat->info.bysource);
100 nat->info.ct = NULL;
101 write_unlock_bh(&nf_nat_lock);
102}
103
104/* Is this tuple already taken? (not by us) */ 90/* Is this tuple already taken? (not by us) */
105int 91int
106nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, 92nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
@@ -604,6 +590,22 @@ nf_nat_port_nfattr_to_range(struct nfattr *tb[], struct nf_nat_range *range)
604EXPORT_SYMBOL_GPL(nf_nat_port_range_to_nfattr); 590EXPORT_SYMBOL_GPL(nf_nat_port_range_to_nfattr);
605#endif 591#endif
606 592
593/* Noone using conntrack by the time this called. */
594static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
595{
596 struct nf_conn_nat *nat = nf_ct_ext_find(ct, NF_CT_EXT_NAT);
597
598 if (nat == NULL || nat->info.ct == NULL)
599 return;
600
601 NF_CT_ASSERT(nat->info.ct->status & IPS_NAT_DONE_MASK);
602
603 write_lock_bh(&nf_nat_lock);
604 list_del(&nat->info.bysource);
605 nat->info.ct = NULL;
606 write_unlock_bh(&nf_nat_lock);
607}
608
607static void nf_nat_move_storage(struct nf_conn *conntrack, void *old) 609static void nf_nat_move_storage(struct nf_conn *conntrack, void *old)
608{ 610{
609 struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT); 611 struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT);
@@ -623,11 +625,12 @@ static void nf_nat_move_storage(struct nf_conn *conntrack, void *old)
623} 625}
624 626
625struct nf_ct_ext_type nat_extend = { 627struct nf_ct_ext_type nat_extend = {
626 .len = sizeof(struct nf_conn_nat), 628 .len = sizeof(struct nf_conn_nat),
627 .align = __alignof__(struct nf_conn_nat), 629 .align = __alignof__(struct nf_conn_nat),
628 .move = nf_nat_move_storage, 630 .destroy = nf_nat_cleanup_conntrack,
629 .id = NF_CT_EXT_NAT, 631 .move = nf_nat_move_storage,
630 .flags = NF_CT_EXT_F_PREALLOC, 632 .id = NF_CT_EXT_NAT,
633 .flags = NF_CT_EXT_F_PREALLOC,
631}; 634};
632 635
633static int __init nf_nat_init(void) 636static int __init nf_nat_init(void)
@@ -664,10 +667,6 @@ static int __init nf_nat_init(void)
664 INIT_LIST_HEAD(&bysource[i]); 667 INIT_LIST_HEAD(&bysource[i]);
665 } 668 }
666 669
667 /* FIXME: Man, this is a hack. <SIGH> */
668 NF_CT_ASSERT(rcu_dereference(nf_conntrack_destroyed) == NULL);
669 rcu_assign_pointer(nf_conntrack_destroyed, nf_nat_cleanup_conntrack);
670
671 /* Initialize fake conntrack so that NAT will skip it */ 670 /* Initialize fake conntrack so that NAT will skip it */
672 nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK; 671 nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK;
673 672
@@ -694,7 +693,6 @@ static int clean_nat(struct nf_conn *i, void *data)
694static void __exit nf_nat_cleanup(void) 693static void __exit nf_nat_cleanup(void)
695{ 694{
696 nf_ct_iterate_cleanup(&clean_nat, NULL); 695 nf_ct_iterate_cleanup(&clean_nat, NULL);
697 rcu_assign_pointer(nf_conntrack_destroyed, NULL);
698 synchronize_rcu(); 696 synchronize_rcu();
699 vfree(bysource); 697 vfree(bysource);
700 nf_ct_l3proto_put(l3proto); 698 nf_ct_l3proto_put(l3proto);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index a71366652938..035eb9f4a61e 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -53,9 +53,6 @@ EXPORT_SYMBOL_GPL(nf_conntrack_lock);
53atomic_t nf_conntrack_count = ATOMIC_INIT(0); 53atomic_t nf_conntrack_count = ATOMIC_INIT(0);
54EXPORT_SYMBOL_GPL(nf_conntrack_count); 54EXPORT_SYMBOL_GPL(nf_conntrack_count);
55 55
56void (*nf_conntrack_destroyed)(struct nf_conn *conntrack);
57EXPORT_SYMBOL_GPL(nf_conntrack_destroyed);
58
59unsigned int nf_conntrack_htable_size __read_mostly; 56unsigned int nf_conntrack_htable_size __read_mostly;
60EXPORT_SYMBOL_GPL(nf_conntrack_htable_size); 57EXPORT_SYMBOL_GPL(nf_conntrack_htable_size);
61 58
@@ -157,7 +154,6 @@ destroy_conntrack(struct nf_conntrack *nfct)
157{ 154{
158 struct nf_conn *ct = (struct nf_conn *)nfct; 155 struct nf_conn *ct = (struct nf_conn *)nfct;
159 struct nf_conntrack_l4proto *l4proto; 156 struct nf_conntrack_l4proto *l4proto;
160 typeof(nf_conntrack_destroyed) destroyed;
161 157
162 DEBUGP("destroy_conntrack(%p)\n", ct); 158 DEBUGP("destroy_conntrack(%p)\n", ct);
163 NF_CT_ASSERT(atomic_read(&nfct->use) == 0); 159 NF_CT_ASSERT(atomic_read(&nfct->use) == 0);
@@ -177,10 +173,6 @@ destroy_conntrack(struct nf_conntrack *nfct)
177 173
178 nf_ct_ext_destroy(ct); 174 nf_ct_ext_destroy(ct);
179 175
180 destroyed = rcu_dereference(nf_conntrack_destroyed);
181 if (destroyed)
182 destroyed(ct);
183
184 rcu_read_unlock(); 176 rcu_read_unlock();
185 177
186 write_lock_bh(&nf_conntrack_lock); 178 write_lock_bh(&nf_conntrack_lock);