diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/core.c | 17 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 4 |
2 files changed, 19 insertions, 2 deletions
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index fe5f22df620c..a84478ee2ded 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c | |||
@@ -260,7 +260,22 @@ void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) | |||
260 | } | 260 | } |
261 | } | 261 | } |
262 | EXPORT_SYMBOL(nf_ct_attach); | 262 | EXPORT_SYMBOL(nf_ct_attach); |
263 | #endif | 263 | |
264 | void (*nf_ct_destroy)(struct nf_conntrack *); | ||
265 | EXPORT_SYMBOL(nf_ct_destroy); | ||
266 | |||
267 | void nf_conntrack_destroy(struct nf_conntrack *nfct) | ||
268 | { | ||
269 | void (*destroy)(struct nf_conntrack *); | ||
270 | |||
271 | rcu_read_lock(); | ||
272 | destroy = rcu_dereference(nf_ct_destroy); | ||
273 | BUG_ON(destroy == NULL); | ||
274 | destroy(nfct); | ||
275 | rcu_read_unlock(); | ||
276 | } | ||
277 | EXPORT_SYMBOL(nf_conntrack_destroy); | ||
278 | #endif /* CONFIG_NF_CONNTRACK */ | ||
264 | 279 | ||
265 | #ifdef CONFIG_PROC_FS | 280 | #ifdef CONFIG_PROC_FS |
266 | struct proc_dir_entry *proc_net_netfilter; | 281 | struct proc_dir_entry *proc_net_netfilter; |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 6f2aac1d01af..e132c8ae8784 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -616,7 +616,6 @@ __nf_conntrack_alloc(const struct nf_conntrack_tuple *orig, | |||
616 | memset(conntrack, 0, nf_ct_cache[features].size); | 616 | memset(conntrack, 0, nf_ct_cache[features].size); |
617 | conntrack->features = features; | 617 | conntrack->features = features; |
618 | atomic_set(&conntrack->ct_general.use, 1); | 618 | atomic_set(&conntrack->ct_general.use, 1); |
619 | conntrack->ct_general.destroy = destroy_conntrack; | ||
620 | conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; | 619 | conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig; |
621 | conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *repl; | 620 | conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *repl; |
622 | /* Don't set timer yet: wait for confirmation */ | 621 | /* Don't set timer yet: wait for confirmation */ |
@@ -1122,6 +1121,8 @@ void nf_conntrack_cleanup(void) | |||
1122 | while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1) | 1121 | while (atomic_read(&nf_conntrack_untracked.ct_general.use) > 1) |
1123 | schedule(); | 1122 | schedule(); |
1124 | 1123 | ||
1124 | rcu_assign_pointer(nf_ct_destroy, NULL); | ||
1125 | |||
1125 | for (i = 0; i < NF_CT_F_NUM; i++) { | 1126 | for (i = 0; i < NF_CT_F_NUM; i++) { |
1126 | if (nf_ct_cache[i].use == 0) | 1127 | if (nf_ct_cache[i].use == 0) |
1127 | continue; | 1128 | continue; |
@@ -1259,6 +1260,7 @@ int __init nf_conntrack_init(void) | |||
1259 | 1260 | ||
1260 | /* For use by REJECT target */ | 1261 | /* For use by REJECT target */ |
1261 | rcu_assign_pointer(ip_ct_attach, __nf_conntrack_attach); | 1262 | rcu_assign_pointer(ip_ct_attach, __nf_conntrack_attach); |
1263 | rcu_assign_pointer(nf_ct_destroy, destroy_conntrack); | ||
1262 | 1264 | ||
1263 | /* Set up fake conntrack: | 1265 | /* Set up fake conntrack: |
1264 | - to never be deleted, not in any hashes */ | 1266 | - to never be deleted, not in any hashes */ |