aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter.h1
-rw-r--r--include/linux/skbuff.h4
-rw-r--r--net/netfilter/core.c17
-rw-r--r--net/netfilter/nf_conntrack_core.c4
4 files changed, 22 insertions, 4 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 4777f1b619ce..10b5c6275706 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -393,6 +393,7 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, int family) {}
393#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 393#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
394extern void (*ip_ct_attach)(struct sk_buff *, struct sk_buff *); 394extern void (*ip_ct_attach)(struct sk_buff *, struct sk_buff *);
395extern void nf_ct_attach(struct sk_buff *, struct sk_buff *); 395extern void nf_ct_attach(struct sk_buff *, struct sk_buff *);
396extern void (*nf_ct_destroy)(struct nf_conntrack *);
396#else 397#else
397static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} 398static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
398#endif 399#endif
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 0bedf5384850..37247901ebd2 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -90,7 +90,6 @@ struct net_device;
90#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 90#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
91struct nf_conntrack { 91struct nf_conntrack {
92 atomic_t use; 92 atomic_t use;
93 void (*destroy)(struct nf_conntrack *);
94}; 93};
95#endif 94#endif
96 95
@@ -1556,10 +1555,11 @@ static inline unsigned int skb_checksum_complete(struct sk_buff *skb)
1556} 1555}
1557 1556
1558#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 1557#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
1558extern void nf_conntrack_destroy(struct nf_conntrack *nfct);
1559static inline void nf_conntrack_put(struct nf_conntrack *nfct) 1559static inline void nf_conntrack_put(struct nf_conntrack *nfct)
1560{ 1560{
1561 if (nfct && atomic_dec_and_test(&nfct->use)) 1561 if (nfct && atomic_dec_and_test(&nfct->use))
1562 nfct->destroy(nfct); 1562 nf_conntrack_destroy(nfct);
1563} 1563}
1564static inline void nf_conntrack_get(struct nf_conntrack *nfct) 1564static inline void nf_conntrack_get(struct nf_conntrack *nfct)
1565{ 1565{
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index fe5f22df620c..a84478ee2ded 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -260,7 +260,22 @@ void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb)
260 } 260 }
261} 261}
262EXPORT_SYMBOL(nf_ct_attach); 262EXPORT_SYMBOL(nf_ct_attach);
263#endif 263
264void (*nf_ct_destroy)(struct nf_conntrack *);
265EXPORT_SYMBOL(nf_ct_destroy);
266
267void nf_conntrack_destroy(struct nf_conntrack *nfct)
268{
269 void (*destroy)(struct nf_conntrack *);
270
271 rcu_read_lock();
272 destroy = rcu_dereference(nf_ct_destroy);
273 BUG_ON(destroy == NULL);
274 destroy(nfct);
275 rcu_read_unlock();
276}
277EXPORT_SYMBOL(nf_conntrack_destroy);
278#endif /* CONFIG_NF_CONNTRACK */
264 279
265#ifdef CONFIG_PROC_FS 280#ifdef CONFIG_PROC_FS
266struct proc_dir_entry *proc_net_netfilter; 281struct proc_dir_entry *proc_net_netfilter;
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 6f2aac1d01af..e132c8ae8784 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -616,7 +616,6 @@ __nf_conntrack_alloc(const struct nf_conntrack_tuple *orig,
616 memset(conntrack, 0, nf_ct_cache[features].size); 616 memset(conntrack, 0, nf_ct_cache[features].size);
617 conntrack->features = features; 617 conntrack->features = features;
618 atomic_set(&conntrack->ct_general.use, 1); 618 atomic_set(&conntrack->ct_general.use, 1);
619 conntrack->ct_general.destroy = destroy_conntrack;
620 conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; 619 conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
621 conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *repl; 620 conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *repl;
622 /* Don't set timer yet: wait for confirmation */ 621 /* Don't set timer yet: wait for confirmation */
@@ -1122,6 +1121,8 @@ void nf_conntrack_cleanup(void)
1122 while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1) 1121 while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1)
1123 schedule(); 1122 schedule();
1124 1123
1124 rcu_assign_pointer(nf_ct_destroy, NULL);
1125
1125 for (i = 0; i < NF_CT_F_NUM; i++) { 1126 for (i = 0; i < NF_CT_F_NUM; i++) {
1126 if (nf_ct_cache[i].use == 0) 1127 if (nf_ct_cache[i].use == 0)
1127 continue; 1128 continue;
@@ -1259,6 +1260,7 @@ int __init nf_conntrack_init(void)
1259 1260
1260 /* For use by REJECT target */ 1261 /* For use by REJECT target */
1261 rcu_assign_pointer(ip_ct_attach, __nf_conntrack_attach); 1262 rcu_assign_pointer(ip_ct_attach, __nf_conntrack_attach);
1263 rcu_assign_pointer(nf_ct_destroy, destroy_conntrack);
1262 1264
1263 /* Set up fake conntrack: 1265 /* Set up fake conntrack:
1264 - to never be deleted, not in any hashes */ 1266 - to never be deleted, not in any hashes */