1 files changed, 7 insertions, 33 deletions
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 8d5769c6d16e..ad24be070e53 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -467,33 +467,22 @@ EXPORT_SYMBOL_GPL(nf_nat_packet);
 struct nf_nat_proto_clean {
        u8      l3proto;
        u8      l4proto;
-        bool    hash;
 };
-/* Clear NAT section of all conntracks, in case we're loaded again. */
+/* kill conntracks with affected NAT section */
-static int nf_nat_proto_clean(struct nf_conn *i, void *data)
+static int nf_nat_proto_remove(struct nf_conn *i, void *data)
 {
        const struct nf_nat_proto_clean *clean = data;
        struct nf_conn_nat *nat = nfct_nat(i);
        if (!nat)
                return 0;
-        if (!(i->status & IPS_SRC_NAT_DONE))
-                return 0;
        if ((clean->l3proto && nf_ct_l3num(i) != clean->l3proto) ||
            (clean->l4proto && nf_ct_protonum(i) != clean->l4proto))
                return 0;
-        if (clean->hash) {
+        return i->status & IPS_NAT_MASK ? 1 : 0;
-                spin_lock_bh(&nf_nat_lock);
-                hlist_del_rcu(&nat->bysource);
-                spin_unlock_bh(&nf_nat_lock);
-        } else {
-                memset(nat, 0, sizeof(*nat));
-                i->status &= ~(IPS_NAT_MASK | IPS_NAT_DONE_MASK |
-                               IPS_SEQ_ADJUST);
-        }
-        return 0;
 }
 static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto)
@@ -505,16 +494,8 @@ static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto)
        struct net *net;
        rtnl_lock();
-        /* Step 1 - remove from bysource hash */
-        clean.hash = true;
        for_each_net(net)
-                nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean);
+                nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean);
-        synchronize_rcu();
-        /* Step 2 - clean NAT section */
-        clean.hash = false;
-        for_each_net(net)
-                nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean);
        rtnl_unlock();
 }
@@ -526,16 +507,9 @@ static void nf_nat_l3proto_clean(u8 l3proto)
        struct net *net;
        rtnl_lock();
-        /* Step 1 - remove from bysource hash */
-        clean.hash = true;
-        for_each_net(net)
-                nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean);
-        synchronize_rcu();
-        /* Step 2 - clean NAT section */
-        clean.hash = false;
        for_each_net(net)
-                nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean);
+                nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean);
        rtnl_unlock();
 }
@@ -773,7 +747,7 @@ static void __net_exit nf_nat_net_exit(struct net *net)
 {
        struct nf_nat_proto_clean clean = {};
-        nf_ct_iterate_cleanup(net, &nf_nat_proto_clean, &clean);
+        nf_ct_iterate_cleanup(net, &nf_nat_proto_remove, &clean);
        synchronize_rcu();
        nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size);
 }

diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c index 8d5769c6d16e..ad24be070e53 100644 --- a/net/netfilter/nf_nat_core.c +++ b/net/netfilter/nf_nat_core.c
@@ -467,33 +467,22 @@ EXPORT_SYMBOL_GPL(nf_nat_packet);
467	struct nf_nat_proto_clean {	467	struct nf_nat_proto_clean {
468	u8 l3proto;	468	u8 l3proto;
469	u8 l4proto;	469	u8 l4proto;
470	bool hash;
471	};	470	};
472		471
473	/* Clear NAT section of all conntracks, in case we're loaded again. */	472	/* kill conntracks with affected NAT section */
474	static int nf_nat_proto_clean(struct nf_conn i, void data)	473	static int nf_nat_proto_remove(struct nf_conn i, void data)
475	{	474	{
476	const struct nf_nat_proto_clean *clean = data;	475	const struct nf_nat_proto_clean *clean = data;
477	struct nf_conn_nat *nat = nfct_nat(i);	476	struct nf_conn_nat *nat = nfct_nat(i);
478		477
479	if (!nat)	478	if (!nat)
480	return 0;	479	return 0;
481	if (!(i->status & IPS_SRC_NAT_DONE))	480
482	return 0;
483	if ((clean->l3proto && nf_ct_l3num(i) != clean->l3proto) \|\|	481	if ((clean->l3proto && nf_ct_l3num(i) != clean->l3proto) \|\|
484	(clean->l4proto && nf_ct_protonum(i) != clean->l4proto))	482	(clean->l4proto && nf_ct_protonum(i) != clean->l4proto))
485	return 0;	483	return 0;
486		484
487	if (clean->hash) {	485	return i->status & IPS_NAT_MASK ? 1 : 0;
488	spin_lock_bh(&nf_nat_lock);
489	hlist_del_rcu(&nat->bysource);
490	spin_unlock_bh(&nf_nat_lock);
491	} else {
492	memset(nat, 0, sizeof(*nat));
493	i->status &= ~(IPS_NAT_MASK \| IPS_NAT_DONE_MASK \|
494	IPS_SEQ_ADJUST);
495	}
496	return 0;
497	}	486	}
498		487
499	static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto)	488	static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto)
@@ -505,16 +494,8 @@ static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto)
505	struct net *net;	494	struct net *net;
506		495
507	rtnl_lock();	496	rtnl_lock();
508	/* Step 1 - remove from bysource hash */
509	clean.hash = true;
510	for_each_net(net)	497	for_each_net(net)
511	nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean);	498	nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean);
512	synchronize_rcu();
513
514	/* Step 2 - clean NAT section */
515	clean.hash = false;
516	for_each_net(net)
517	nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean);
518	rtnl_unlock();	499	rtnl_unlock();
519	}	500	}
520		501
@@ -526,16 +507,9 @@ static void nf_nat_l3proto_clean(u8 l3proto)
526	struct net *net;	507	struct net *net;
527		508
528	rtnl_lock();	509	rtnl_lock();
529	/* Step 1 - remove from bysource hash */
530	clean.hash = true;
531	for_each_net(net)
532	nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean);
533	synchronize_rcu();
534		510
535	/* Step 2 - clean NAT section */
536	clean.hash = false;
537	for_each_net(net)	511	for_each_net(net)
538	nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean);	512	nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean);
539	rtnl_unlock();	513	rtnl_unlock();
540	}	514	}
541		515
@@ -773,7 +747,7 @@ static void __net_exit nf_nat_net_exit(struct net *net)
773	{	747	{
774	struct nf_nat_proto_clean clean = {};	748	struct nf_nat_proto_clean clean = {};
775		749
776	nf_ct_iterate_cleanup(net, &nf_nat_proto_clean, &clean);	750	nf_ct_iterate_cleanup(net, &nf_nat_proto_remove, &clean);
777	synchronize_rcu();	751	synchronize_rcu();
778	nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size);	752	nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size);
779	}	753	}