diff options
| author | Patrick McHardy <kaber@trash.net> | 2008-06-09 18:59:06 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-06-09 18:59:06 -0400 |
| commit | 51091764f26ec36c02e35166f083193a30f426fc (patch) | |
| tree | b7103b8d892d4c4b2138437406e2e4be1be13b16 /net | |
| parent | 31d8519c9cf87e9d8a0cc5b9734fda02af66d7e2 (diff) | |
netfilter: nf_conntrack: add nf_ct_kill()
Encapsulate the common
if (del_timer(&ct->timeout))
ct->timeout.function((unsigned long)ct)
sequence in a new function.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 5 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | 5 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 7 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 3 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_dccp.c | 3 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 9 |
6 files changed, 16 insertions, 16 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index 78ab19accace..0e21a46184fb 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
| @@ -87,9 +87,8 @@ static int icmp_packet(struct nf_conn *ct, | |||
| 87 | means this will only run once even if count hits zero twice | 87 | means this will only run once even if count hits zero twice |
| 88 | (theoretically possible with SMP) */ | 88 | (theoretically possible with SMP) */ |
| 89 | if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { | 89 | if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { |
| 90 | if (atomic_dec_and_test(&ct->proto.icmp.count) | 90 | if (atomic_dec_and_test(&ct->proto.icmp.count)) |
| 91 | && del_timer(&ct->timeout)) | 91 | nf_ct_kill(ct); |
| 92 | ct->timeout.function((unsigned long)ct); | ||
| 93 | } else { | 92 | } else { |
| 94 | atomic_inc(&ct->proto.icmp.count); | 93 | atomic_inc(&ct->proto.icmp.count); |
| 95 | nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); | 94 | nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); |
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c index ee713b03e9ec..fe081b90e05e 100644 --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c | |||
| @@ -89,9 +89,8 @@ static int icmpv6_packet(struct nf_conn *ct, | |||
| 89 | means this will only run once even if count hits zero twice | 89 | means this will only run once even if count hits zero twice |
| 90 | (theoretically possible with SMP) */ | 90 | (theoretically possible with SMP) */ |
| 91 | if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { | 91 | if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { |
| 92 | if (atomic_dec_and_test(&ct->proto.icmp.count) | 92 | if (atomic_dec_and_test(&ct->proto.icmp.count)) |
| 93 | && del_timer(&ct->timeout)) | 93 | nf_ct_kill(ct); |
| 94 | ct->timeout.function((unsigned long)ct); | ||
| 95 | } else { | 94 | } else { |
| 96 | atomic_inc(&ct->proto.icmp.count); | 95 | atomic_inc(&ct->proto.icmp.count); |
| 97 | nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); | 96 | nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index c4b1799da5d7..79b07c35eb87 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -848,6 +848,13 @@ acct: | |||
| 848 | } | 848 | } |
| 849 | EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct); | 849 | EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct); |
| 850 | 850 | ||
| 851 | void nf_ct_kill(struct nf_conn *ct) | ||
| 852 | { | ||
| 853 | if (del_timer(&ct->timeout)) | ||
| 854 | ct->timeout.function((unsigned long)ct); | ||
| 855 | } | ||
| 856 | EXPORT_SYMBOL_GPL(nf_ct_kill); | ||
| 857 | |||
| 851 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) | 858 | #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) |
| 852 | 859 | ||
| 853 | #include <linux/netfilter/nfnetlink.h> | 860 | #include <linux/netfilter/nfnetlink.h> |
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 13918c1fbf66..ab655f660dfa 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -812,9 +812,8 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb, | |||
| 812 | return -ENOENT; | 812 | return -ENOENT; |
| 813 | } | 813 | } |
| 814 | } | 814 | } |
| 815 | if (del_timer(&ct->timeout)) | ||
| 816 | ct->timeout.function((unsigned long)ct); | ||
| 817 | 815 | ||
| 816 | nf_ct_kill(ct); | ||
| 818 | nf_ct_put(ct); | 817 | nf_ct_put(ct); |
| 819 | 818 | ||
| 820 | return 0; | 819 | return 0; |
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c index afb4a1861d2c..223742f371f9 100644 --- a/net/netfilter/nf_conntrack_proto_dccp.c +++ b/net/netfilter/nf_conntrack_proto_dccp.c | |||
| @@ -475,8 +475,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb, | |||
| 475 | if (type == DCCP_PKT_RESET && | 475 | if (type == DCCP_PKT_RESET && |
| 476 | !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { | 476 | !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { |
| 477 | /* Tear down connection immediately if only reply is a RESET */ | 477 | /* Tear down connection immediately if only reply is a RESET */ |
| 478 | if (del_timer(&ct->timeout)) | 478 | nf_ct_kill(ct); |
| 479 | ct->timeout.function((unsigned long)ct); | ||
| 480 | return NF_ACCEPT; | 479 | return NF_ACCEPT; |
| 481 | } | 480 | } |
| 482 | 481 | ||
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index ba94004fe323..c4aa11e01405 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
| @@ -843,8 +843,7 @@ static int tcp_packet(struct nf_conn *ct, | |||
| 843 | /* Attempt to reopen a closed/aborted connection. | 843 | /* Attempt to reopen a closed/aborted connection. |
| 844 | * Delete this connection and look up again. */ | 844 | * Delete this connection and look up again. */ |
| 845 | write_unlock_bh(&tcp_lock); | 845 | write_unlock_bh(&tcp_lock); |
| 846 | if (del_timer(&ct->timeout)) | 846 | nf_ct_kill(ct); |
| 847 | ct->timeout.function((unsigned long)ct); | ||
| 848 | return -NF_REPEAT; | 847 | return -NF_REPEAT; |
| 849 | } | 848 | } |
| 850 | /* Fall through */ | 849 | /* Fall through */ |
| @@ -877,8 +876,7 @@ static int tcp_packet(struct nf_conn *ct, | |||
| 877 | if (LOG_INVALID(IPPROTO_TCP)) | 876 | if (LOG_INVALID(IPPROTO_TCP)) |
| 878 | nf_log_packet(pf, 0, skb, NULL, NULL, NULL, | 877 | nf_log_packet(pf, 0, skb, NULL, NULL, NULL, |
| 879 | "nf_ct_tcp: killing out of sync session "); | 878 | "nf_ct_tcp: killing out of sync session "); |
| 880 | if (del_timer(&ct->timeout)) | 879 | nf_ct_kill(ct); |
| 881 | ct->timeout.function((unsigned long)ct); | ||
| 882 | return -NF_DROP; | 880 | return -NF_DROP; |
| 883 | } | 881 | } |
| 884 | ct->proto.tcp.last_index = index; | 882 | ct->proto.tcp.last_index = index; |
| @@ -961,8 +959,7 @@ static int tcp_packet(struct nf_conn *ct, | |||
| 961 | problem case, so we can delete the conntrack | 959 | problem case, so we can delete the conntrack |
| 962 | immediately. --RR */ | 960 | immediately. --RR */ |
| 963 | if (th->rst) { | 961 | if (th->rst) { |
| 964 | if (del_timer(&ct->timeout)) | 962 | nf_ct_kill(ct); |
| 965 | ct->timeout.function((unsigned long)ct); | ||
| 966 | return NF_ACCEPT; | 963 | return NF_ACCEPT; |
| 967 | } | 964 | } |
| 968 | } else if (!test_bit(IPS_ASSURED_BIT, &ct->status) | 965 | } else if (!test_bit(IPS_ASSURED_BIT, &ct->status) |