diff options
-rw-r--r-- | include/linux/netfilter.h | 1 | ||||
-rw-r--r-- | include/linux/skbuff.h | 4 | ||||
-rw-r--r-- | net/netfilter/core.c | 17 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 4 |
4 files changed, 22 insertions, 4 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 4777f1b619ce..10b5c6275706 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
@@ -393,6 +393,7 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) {} | |||
393 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 393 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
394 | extern void (*ip_ct_attach)(struct sk_buff *, struct sk_buff *); | 394 | extern void (*ip_ct_attach)(struct sk_buff *, struct sk_buff *); |
395 | extern void nf_ct_attach(struct sk_buff *, struct sk_buff *); | 395 | extern void nf_ct_attach(struct sk_buff *, struct sk_buff *); |
396 | extern void (*nf_ct_destroy)(struct nf_conntrack *); | ||
396 | #else | 397 | #else |
397 | static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} | 398 | static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} |
398 | #endif | 399 | #endif |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 0bedf5384850..37247901ebd2 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
@@ -90,7 +90,6 @@ struct net_device; | |||
90 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 90 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
91 | struct nf_conntrack { | 91 | struct nf_conntrack { |
92 | atomic_t use; | 92 | atomic_t use; |
93 | void (*destroy)(struct nf_conntrack *); | ||
94 | }; | 93 | }; |
95 | #endif | 94 | #endif |
96 | 95 | ||
@@ -1556,10 +1555,11 @@ static inline unsigned int skb_checksum_complete(struct sk_buff *skb) | |||
1556 | } | 1555 | } |
1557 | 1556 | ||
1558 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 1557 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
1558 | extern void nf_conntrack_destroy(struct nf_conntrack *nfct); | ||
1559 | static inline void nf_conntrack_put(struct nf_conntrack *nfct) | 1559 | static inline void nf_conntrack_put(struct nf_conntrack *nfct) |
1560 | { | 1560 | { |
1561 | if (nfct && atomic_dec_and_test(&nfct->use)) | 1561 | if (nfct && atomic_dec_and_test(&nfct->use)) |
1562 | nfct->destroy(nfct); | 1562 | nf_conntrack_destroy(nfct); |
1563 | } | 1563 | } |
1564 | static inline void nf_conntrack_get(struct nf_conntrack *nfct) | 1564 | static inline void nf_conntrack_get(struct nf_conntrack *nfct) |
1565 | { | 1565 | { |
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index fe5f22df620c..a84478ee2ded 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c | |||
@@ -260,7 +260,22 @@ void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) | |||
260 | } | 260 | } |
261 | } | 261 | } |
262 | EXPORT_SYMBOL(nf_ct_attach); | 262 | EXPORT_SYMBOL(nf_ct_attach); |
263 | #endif | 263 | |
264 | void (*nf_ct_destroy)(struct nf_conntrack *); | ||
265 | EXPORT_SYMBOL(nf_ct_destroy); | ||
266 | |||
267 | void nf_conntrack_destroy(struct nf_conntrack *nfct) | ||
268 | { | ||
269 | void (*destroy)(struct nf_conntrack *); | ||
270 | |||
271 | rcu_read_lock(); | ||
272 | destroy = rcu_dereference(nf_ct_destroy); | ||
273 | BUG_ON(destroy == NULL); | ||
274 | destroy(nfct); | ||
275 | rcu_read_unlock(); | ||
276 | } | ||
277 | EXPORT_SYMBOL(nf_conntrack_destroy); | ||
278 | #endif /* CONFIG_NF_CONNTRACK */ | ||
264 | 279 | ||
265 | #ifdef CONFIG_PROC_FS | 280 | #ifdef CONFIG_PROC_FS |
266 | struct proc_dir_entry *proc_net_netfilter; | 281 | struct proc_dir_entry *proc_net_netfilter; |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 6f2aac1d01af..e132c8ae8784 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -616,7 +616,6 @@ __nf_conntrack_alloc(const struct nf_conntrack_tuple *orig, | |||
616 | memset(conntrack, 0, nf_ct_cache[features].size); | 616 | memset(conntrack, 0, nf_ct_cache[features].size); |
617 | conntrack->features = features; | 617 | conntrack->features = features; |
618 | atomic_set(&conntrack->ct_general.use, 1); | 618 | atomic_set(&conntrack->ct_general.use, 1); |
619 | conntrack->ct_general.destroy = destroy_conntrack; | ||
620 | conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; | 619 | conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; |
621 | conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *repl; | 620 | conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *repl; |
622 | /* Don't set timer yet: wait for confirmation */ | 621 | /* Don't set timer yet: wait for confirmation */ |
@@ -1122,6 +1121,8 @@ void nf_conntrack_cleanup(void) | |||
1122 | while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1) | 1121 | while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1) |
1123 | schedule(); | 1122 | schedule(); |
1124 | 1123 | ||
1124 | rcu_assign_pointer(nf_ct_destroy, NULL); | ||
1125 | |||
1125 | for (i = 0; i < NF_CT_F_NUM; i++) { | 1126 | for (i = 0; i < NF_CT_F_NUM; i++) { |
1126 | if (nf_ct_cache[i].use == 0) | 1127 | if (nf_ct_cache[i].use == 0) |
1127 | continue; | 1128 | continue; |
@@ -1259,6 +1260,7 @@ int __init nf_conntrack_init(void) | |||
1259 | 1260 | ||
1260 | /* For use by REJECT target */ | 1261 | /* For use by REJECT target */ |
1261 | rcu_assign_pointer(ip_ct_attach, __nf_conntrack_attach); | 1262 | rcu_assign_pointer(ip_ct_attach, __nf_conntrack_attach); |
1263 | rcu_assign_pointer(nf_ct_destroy, destroy_conntrack); | ||
1262 | 1264 | ||
1263 | /* Set up fake conntrack: | 1265 | /* Set up fake conntrack: |
1264 | - to never be deleted, not in any hashes */ | 1266 | - to never be deleted, not in any hashes */ |