diff options
author | Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> | 2007-07-08 01:26:16 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-07-11 01:17:36 -0400 |
commit | d8a0509a696de60296a66ba4fe4f9eaade497103 (patch) | |
tree | 6aa00195176f8cd05221e356877ec83d0aa0536c | |
parent | dacd2a1a5cf621288833aa3c6e815b86a1536538 (diff) |
[NETFILTER]: nf_nat: kill global 'destroy' operation
This kills the global 'destroy' operation which was used by NAT.
Instead it uses the extension infrastructure so that multiple
extensions can register own operations.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_core.c | 46 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 8 |
3 files changed, 22 insertions, 35 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 71386e5c4bb7..ef4a403878a3 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
@@ -213,9 +213,6 @@ extern void nf_conntrack_tcp_update(struct sk_buff *skb, | |||
213 | struct nf_conn *conntrack, | 213 | struct nf_conn *conntrack, |
214 | int dir); | 214 | int dir); |
215 | 215 | ||
216 | /* Call me when a conntrack is destroyed. */ | ||
217 | extern void (*nf_conntrack_destroyed)(struct nf_conn *conntrack); | ||
218 | |||
219 | /* Fake conntrack entry for untracked connections */ | 216 | /* Fake conntrack entry for untracked connections */ |
220 | extern struct nf_conn nf_conntrack_untracked; | 217 | extern struct nf_conn nf_conntrack_untracked; |
221 | 218 | ||
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 4ce82d7014ff..e370d1568001 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
@@ -87,20 +87,6 @@ hash_by_src(const struct nf_conntrack_tuple *tuple) | |||
87 | tuple->dst.protonum, 0) % nf_nat_htable_size; | 87 | tuple->dst.protonum, 0) % nf_nat_htable_size; |
88 | } | 88 | } |
89 | 89 | ||
90 | /* Noone using conntrack by the time this called. */ | ||
91 | static void nf_nat_cleanup_conntrack(struct nf_conn *conn) | ||
92 | { | ||
93 | struct nf_conn_nat *nat; | ||
94 | if (!(conn->status & IPS_NAT_DONE_MASK)) | ||
95 | return; | ||
96 | |||
97 | nat = nfct_nat(conn); | ||
98 | write_lock_bh(&nf_nat_lock); | ||
99 | list_del(&nat->info.bysource); | ||
100 | nat->info.ct = NULL; | ||
101 | write_unlock_bh(&nf_nat_lock); | ||
102 | } | ||
103 | |||
104 | /* Is this tuple already taken? (not by us) */ | 90 | /* Is this tuple already taken? (not by us) */ |
105 | int | 91 | int |
106 | nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, | 92 | nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, |
@@ -604,6 +590,22 @@ nf_nat_port_nfattr_to_range(struct nfattr *tb[], struct nf_nat_range *range) | |||
604 | EXPORT_SYMBOL_GPL(nf_nat_port_range_to_nfattr); | 590 | EXPORT_SYMBOL_GPL(nf_nat_port_range_to_nfattr); |
605 | #endif | 591 | #endif |
606 | 592 | ||
593 | /* Noone using conntrack by the time this called. */ | ||
594 | static void nf_nat_cleanup_conntrack(struct nf_conn *ct) | ||
595 | { | ||
596 | struct nf_conn_nat *nat = nf_ct_ext_find(ct, NF_CT_EXT_NAT); | ||
597 | |||
598 | if (nat == NULL || nat->info.ct == NULL) | ||
599 | return; | ||
600 | |||
601 | NF_CT_ASSERT(nat->info.ct->status & IPS_NAT_DONE_MASK); | ||
602 | |||
603 | write_lock_bh(&nf_nat_lock); | ||
604 | list_del(&nat->info.bysource); | ||
605 | nat->info.ct = NULL; | ||
606 | write_unlock_bh(&nf_nat_lock); | ||
607 | } | ||
608 | |||
607 | static void nf_nat_move_storage(struct nf_conn *conntrack, void *old) | 609 | static void nf_nat_move_storage(struct nf_conn *conntrack, void *old) |
608 | { | 610 | { |
609 | struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT); | 611 | struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT); |
@@ -623,11 +625,12 @@ static void nf_nat_move_storage(struct nf_conn *conntrack, void *old) | |||
623 | } | 625 | } |
624 | 626 | ||
625 | struct nf_ct_ext_type nat_extend = { | 627 | struct nf_ct_ext_type nat_extend = { |
626 | .len = sizeof(struct nf_conn_nat), | 628 | .len = sizeof(struct nf_conn_nat), |
627 | .align = __alignof__(struct nf_conn_nat), | 629 | .align = __alignof__(struct nf_conn_nat), |
628 | .move = nf_nat_move_storage, | 630 | .destroy = nf_nat_cleanup_conntrack, |
629 | .id = NF_CT_EXT_NAT, | 631 | .move = nf_nat_move_storage, |
630 | .flags = NF_CT_EXT_F_PREALLOC, | 632 | .id = NF_CT_EXT_NAT, |
633 | .flags = NF_CT_EXT_F_PREALLOC, | ||
631 | }; | 634 | }; |
632 | 635 | ||
633 | static int __init nf_nat_init(void) | 636 | static int __init nf_nat_init(void) |
@@ -664,10 +667,6 @@ static int __init nf_nat_init(void) | |||
664 | INIT_LIST_HEAD(&bysource[i]); | 667 | INIT_LIST_HEAD(&bysource[i]); |
665 | } | 668 | } |
666 | 669 | ||
667 | /* FIXME: Man, this is a hack. <SIGH> */ | ||
668 | NF_CT_ASSERT(rcu_dereference(nf_conntrack_destroyed) == NULL); | ||
669 | rcu_assign_pointer(nf_conntrack_destroyed, nf_nat_cleanup_conntrack); | ||
670 | |||
671 | /* Initialize fake conntrack so that NAT will skip it */ | 670 | /* Initialize fake conntrack so that NAT will skip it */ |
672 | nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK; | 671 | nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK; |
673 | 672 | ||
@@ -694,7 +693,6 @@ static int clean_nat(struct nf_conn *i, void *data) | |||
694 | static void __exit nf_nat_cleanup(void) | 693 | static void __exit nf_nat_cleanup(void) |
695 | { | 694 | { |
696 | nf_ct_iterate_cleanup(&clean_nat, NULL); | 695 | nf_ct_iterate_cleanup(&clean_nat, NULL); |
697 | rcu_assign_pointer(nf_conntrack_destroyed, NULL); | ||
698 | synchronize_rcu(); | 696 | synchronize_rcu(); |
699 | vfree(bysource); | 697 | vfree(bysource); |
700 | nf_ct_l3proto_put(l3proto); | 698 | nf_ct_l3proto_put(l3proto); |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index a71366652938..035eb9f4a61e 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -53,9 +53,6 @@ EXPORT_SYMBOL_GPL(nf_conntrack_lock); | |||
53 | atomic_t nf_conntrack_count = ATOMIC_INIT(0); | 53 | atomic_t nf_conntrack_count = ATOMIC_INIT(0); |
54 | EXPORT_SYMBOL_GPL(nf_conntrack_count); | 54 | EXPORT_SYMBOL_GPL(nf_conntrack_count); |
55 | 55 | ||
56 | void (*nf_conntrack_destroyed)(struct nf_conn *conntrack); | ||
57 | EXPORT_SYMBOL_GPL(nf_conntrack_destroyed); | ||
58 | |||
59 | unsigned int nf_conntrack_htable_size __read_mostly; | 56 | unsigned int nf_conntrack_htable_size __read_mostly; |
60 | EXPORT_SYMBOL_GPL(nf_conntrack_htable_size); | 57 | EXPORT_SYMBOL_GPL(nf_conntrack_htable_size); |
61 | 58 | ||
@@ -157,7 +154,6 @@ destroy_conntrack(struct nf_conntrack *nfct) | |||
157 | { | 154 | { |
158 | struct nf_conn *ct = (struct nf_conn *)nfct; | 155 | struct nf_conn *ct = (struct nf_conn *)nfct; |
159 | struct nf_conntrack_l4proto *l4proto; | 156 | struct nf_conntrack_l4proto *l4proto; |
160 | typeof(nf_conntrack_destroyed) destroyed; | ||
161 | 157 | ||
162 | DEBUGP("destroy_conntrack(%p)\n", ct); | 158 | DEBUGP("destroy_conntrack(%p)\n", ct); |
163 | NF_CT_ASSERT(atomic_read(&nfct->use) == 0); | 159 | NF_CT_ASSERT(atomic_read(&nfct->use) == 0); |
@@ -177,10 +173,6 @@ destroy_conntrack(struct nf_conntrack *nfct) | |||
177 | 173 | ||
178 | nf_ct_ext_destroy(ct); | 174 | nf_ct_ext_destroy(ct); |
179 | 175 | ||
180 | destroyed = rcu_dereference(nf_conntrack_destroyed); | ||
181 | if (destroyed) | ||
182 | destroyed(ct); | ||
183 | |||
184 | rcu_read_unlock(); | 176 | rcu_read_unlock(); |
185 | 177 | ||
186 | write_lock_bh(&nf_conntrack_lock); | 178 | write_lock_bh(&nf_conntrack_lock); |