diff options
author | Patrick McHardy <kaber@trash.net> | 2011-12-23 08:00:49 -0500 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-12-23 08:36:45 -0500 |
commit | d70308f78bb8192a76a7dc38f5f9de6c2695532b (patch) | |
tree | 0fbecee36fdc252cf0be5630395e684b6521d302 | |
parent | 329fb58a93b25f0f5ee9d80c0e0e6a6c1a0192b4 (diff) |
netfilter: nat: remove module reference counting from NAT protocols
The only remaining user of NAT protocol module reference counting is NAT
ctnetlink support. Since this is a fairly short sequence of code, convert
over to use RCU and remove module reference counting.
Module unregistration is already protected by RCU using synchronize_rcu(),
so no further changes are necessary.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | include/net/netfilter/nf_nat_protocol.h | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_core.c | 25 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_dccp.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_gre.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_icmp.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_sctp.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_tcp.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_udp.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_udplite.c | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_proto_unknown.c | 1 |
10 files changed, 3 insertions, 32 deletions
diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h index 7156c002b59c..eaad0ac741cd 100644 --- a/include/net/netfilter/nf_nat_protocol.h +++ b/include/net/netfilter/nf_nat_protocol.h | |||
@@ -10,8 +10,6 @@ struct nf_nat_protocol { | |||
10 | /* Protocol number. */ | 10 | /* Protocol number. */ |
11 | unsigned int protonum; | 11 | unsigned int protonum; |
12 | 12 | ||
13 | struct module *me; | ||
14 | |||
15 | /* Translate a packet to the target according to manip type. | 13 | /* Translate a packet to the target according to manip type. |
16 | Return true if succeeded. */ | 14 | Return true if succeeded. */ |
17 | bool (*manip_pkt)(struct sk_buff *skb, | 15 | bool (*manip_pkt)(struct sk_buff *skb, |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 610eb4499a1a..5e1bd85182e7 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
@@ -575,26 +575,6 @@ static struct nf_ct_ext_type nat_extend __read_mostly = { | |||
575 | #include <linux/netfilter/nfnetlink.h> | 575 | #include <linux/netfilter/nfnetlink.h> |
576 | #include <linux/netfilter/nfnetlink_conntrack.h> | 576 | #include <linux/netfilter/nfnetlink_conntrack.h> |
577 | 577 | ||
578 | static const struct nf_nat_protocol * | ||
579 | nf_nat_proto_find_get(u_int8_t protonum) | ||
580 | { | ||
581 | const struct nf_nat_protocol *p; | ||
582 | |||
583 | rcu_read_lock(); | ||
584 | p = __nf_nat_proto_find(protonum); | ||
585 | if (!try_module_get(p->me)) | ||
586 | p = &nf_nat_unknown_protocol; | ||
587 | rcu_read_unlock(); | ||
588 | |||
589 | return p; | ||
590 | } | ||
591 | |||
592 | static void | ||
593 | nf_nat_proto_put(const struct nf_nat_protocol *p) | ||
594 | { | ||
595 | module_put(p->me); | ||
596 | } | ||
597 | |||
598 | static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = { | 578 | static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = { |
599 | [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 }, | 579 | [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 }, |
600 | [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 }, | 580 | [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 }, |
@@ -612,10 +592,11 @@ static int nfnetlink_parse_nat_proto(struct nlattr *attr, | |||
612 | if (err < 0) | 592 | if (err < 0) |
613 | return err; | 593 | return err; |
614 | 594 | ||
615 | npt = nf_nat_proto_find_get(nf_ct_protonum(ct)); | 595 | rcu_read_lock(); |
596 | npt = __nf_nat_proto_find(nf_ct_protonum(ct)); | ||
616 | if (npt->nlattr_to_range) | 597 | if (npt->nlattr_to_range) |
617 | err = npt->nlattr_to_range(tb, range); | 598 | err = npt->nlattr_to_range(tb, range); |
618 | nf_nat_proto_put(npt); | 599 | rcu_read_unlock(); |
619 | return err; | 600 | return err; |
620 | } | 601 | } |
621 | 602 | ||
diff --git a/net/ipv4/netfilter/nf_nat_proto_dccp.c b/net/ipv4/netfilter/nf_nat_proto_dccp.c index c43d5b366d0d..466d63de2f77 100644 --- a/net/ipv4/netfilter/nf_nat_proto_dccp.c +++ b/net/ipv4/netfilter/nf_nat_proto_dccp.c | |||
@@ -80,7 +80,6 @@ dccp_manip_pkt(struct sk_buff *skb, | |||
80 | 80 | ||
81 | static const struct nf_nat_protocol nf_nat_protocol_dccp = { | 81 | static const struct nf_nat_protocol nf_nat_protocol_dccp = { |
82 | .protonum = IPPROTO_DCCP, | 82 | .protonum = IPPROTO_DCCP, |
83 | .me = THIS_MODULE, | ||
84 | .manip_pkt = dccp_manip_pkt, | 83 | .manip_pkt = dccp_manip_pkt, |
85 | .in_range = nf_nat_proto_in_range, | 84 | .in_range = nf_nat_proto_in_range, |
86 | .unique_tuple = dccp_unique_tuple, | 85 | .unique_tuple = dccp_unique_tuple, |
diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c index 9b1c629d7a00..35cd158d4675 100644 --- a/net/ipv4/netfilter/nf_nat_proto_gre.c +++ b/net/ipv4/netfilter/nf_nat_proto_gre.c | |||
@@ -119,7 +119,6 @@ gre_manip_pkt(struct sk_buff *skb, unsigned int iphdroff, | |||
119 | 119 | ||
120 | static const struct nf_nat_protocol gre = { | 120 | static const struct nf_nat_protocol gre = { |
121 | .protonum = IPPROTO_GRE, | 121 | .protonum = IPPROTO_GRE, |
122 | .me = THIS_MODULE, | ||
123 | .manip_pkt = gre_manip_pkt, | 122 | .manip_pkt = gre_manip_pkt, |
124 | .in_range = nf_nat_proto_in_range, | 123 | .in_range = nf_nat_proto_in_range, |
125 | .unique_tuple = gre_unique_tuple, | 124 | .unique_tuple = gre_unique_tuple, |
diff --git a/net/ipv4/netfilter/nf_nat_proto_icmp.c b/net/ipv4/netfilter/nf_nat_proto_icmp.c index 8f87b4bebf2b..036c00952c11 100644 --- a/net/ipv4/netfilter/nf_nat_proto_icmp.c +++ b/net/ipv4/netfilter/nf_nat_proto_icmp.c | |||
@@ -74,7 +74,6 @@ icmp_manip_pkt(struct sk_buff *skb, | |||
74 | 74 | ||
75 | const struct nf_nat_protocol nf_nat_protocol_icmp = { | 75 | const struct nf_nat_protocol nf_nat_protocol_icmp = { |
76 | .protonum = IPPROTO_ICMP, | 76 | .protonum = IPPROTO_ICMP, |
77 | .me = THIS_MODULE, | ||
78 | .manip_pkt = icmp_manip_pkt, | 77 | .manip_pkt = icmp_manip_pkt, |
79 | .in_range = icmp_in_range, | 78 | .in_range = icmp_in_range, |
80 | .unique_tuple = icmp_unique_tuple, | 79 | .unique_tuple = icmp_unique_tuple, |
diff --git a/net/ipv4/netfilter/nf_nat_proto_sctp.c b/net/ipv4/netfilter/nf_nat_proto_sctp.c index 4e70dc6fad21..50283abc594b 100644 --- a/net/ipv4/netfilter/nf_nat_proto_sctp.c +++ b/net/ipv4/netfilter/nf_nat_proto_sctp.c | |||
@@ -70,7 +70,6 @@ sctp_manip_pkt(struct sk_buff *skb, | |||
70 | 70 | ||
71 | static const struct nf_nat_protocol nf_nat_protocol_sctp = { | 71 | static const struct nf_nat_protocol nf_nat_protocol_sctp = { |
72 | .protonum = IPPROTO_SCTP, | 72 | .protonum = IPPROTO_SCTP, |
73 | .me = THIS_MODULE, | ||
74 | .manip_pkt = sctp_manip_pkt, | 73 | .manip_pkt = sctp_manip_pkt, |
75 | .in_range = nf_nat_proto_in_range, | 74 | .in_range = nf_nat_proto_in_range, |
76 | .unique_tuple = sctp_unique_tuple, | 75 | .unique_tuple = sctp_unique_tuple, |
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c index 6fcc865dc2ee..e0e2ba8b5254 100644 --- a/net/ipv4/netfilter/nf_nat_proto_tcp.c +++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c | |||
@@ -82,7 +82,6 @@ tcp_manip_pkt(struct sk_buff *skb, | |||
82 | 82 | ||
83 | const struct nf_nat_protocol nf_nat_protocol_tcp = { | 83 | const struct nf_nat_protocol nf_nat_protocol_tcp = { |
84 | .protonum = IPPROTO_TCP, | 84 | .protonum = IPPROTO_TCP, |
85 | .me = THIS_MODULE, | ||
86 | .manip_pkt = tcp_manip_pkt, | 85 | .manip_pkt = tcp_manip_pkt, |
87 | .in_range = nf_nat_proto_in_range, | 86 | .in_range = nf_nat_proto_in_range, |
88 | .unique_tuple = tcp_unique_tuple, | 87 | .unique_tuple = tcp_unique_tuple, |
diff --git a/net/ipv4/netfilter/nf_nat_proto_udp.c b/net/ipv4/netfilter/nf_nat_proto_udp.c index 18ea44ebfff7..bde94cde6b15 100644 --- a/net/ipv4/netfilter/nf_nat_proto_udp.c +++ b/net/ipv4/netfilter/nf_nat_proto_udp.c | |||
@@ -73,7 +73,6 @@ udp_manip_pkt(struct sk_buff *skb, | |||
73 | 73 | ||
74 | const struct nf_nat_protocol nf_nat_protocol_udp = { | 74 | const struct nf_nat_protocol nf_nat_protocol_udp = { |
75 | .protonum = IPPROTO_UDP, | 75 | .protonum = IPPROTO_UDP, |
76 | .me = THIS_MODULE, | ||
77 | .manip_pkt = udp_manip_pkt, | 76 | .manip_pkt = udp_manip_pkt, |
78 | .in_range = nf_nat_proto_in_range, | 77 | .in_range = nf_nat_proto_in_range, |
79 | .unique_tuple = udp_unique_tuple, | 78 | .unique_tuple = udp_unique_tuple, |
diff --git a/net/ipv4/netfilter/nf_nat_proto_udplite.c b/net/ipv4/netfilter/nf_nat_proto_udplite.c index a17b75b9e2a7..58e9a3a1c8db 100644 --- a/net/ipv4/netfilter/nf_nat_proto_udplite.c +++ b/net/ipv4/netfilter/nf_nat_proto_udplite.c | |||
@@ -72,7 +72,6 @@ udplite_manip_pkt(struct sk_buff *skb, | |||
72 | 72 | ||
73 | static const struct nf_nat_protocol nf_nat_protocol_udplite = { | 73 | static const struct nf_nat_protocol nf_nat_protocol_udplite = { |
74 | .protonum = IPPROTO_UDPLITE, | 74 | .protonum = IPPROTO_UDPLITE, |
75 | .me = THIS_MODULE, | ||
76 | .manip_pkt = udplite_manip_pkt, | 75 | .manip_pkt = udplite_manip_pkt, |
77 | .in_range = nf_nat_proto_in_range, | 76 | .in_range = nf_nat_proto_in_range, |
78 | .unique_tuple = udplite_unique_tuple, | 77 | .unique_tuple = udplite_unique_tuple, |
diff --git a/net/ipv4/netfilter/nf_nat_proto_unknown.c b/net/ipv4/netfilter/nf_nat_proto_unknown.c index ab8e8c132168..e0afe8112b1c 100644 --- a/net/ipv4/netfilter/nf_nat_proto_unknown.c +++ b/net/ipv4/netfilter/nf_nat_proto_unknown.c | |||
@@ -46,7 +46,6 @@ unknown_manip_pkt(struct sk_buff *skb, | |||
46 | } | 46 | } |
47 | 47 | ||
48 | const struct nf_nat_protocol nf_nat_unknown_protocol = { | 48 | const struct nf_nat_protocol nf_nat_unknown_protocol = { |
49 | /* .me isn't set: getting a ref to this cannot fail. */ | ||
50 | .manip_pkt = unknown_manip_pkt, | 49 | .manip_pkt = unknown_manip_pkt, |
51 | .in_range = unknown_in_range, | 50 | .in_range = unknown_in_range, |
52 | .unique_tuple = unknown_unique_tuple, | 51 | .unique_tuple = unknown_unique_tuple, |