Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[NETFILTER]: nf_nat: kill global 'destroy' operation

This kills the global 'destroy' operation which was used by NAT.
Instead it uses the extension infrastructure so that multiple
extensions can register own operations.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yasuyuki Kozakai 18 years ago
parent
dacd2a1a5c
commit
d8a0509a69
3 changed files with 22 additions and 35 deletions
Split View Show Diff Stats
  1. 0 3
      include/net/netfilter/nf_conntrack.h
  2. 22 24
      net/ipv4/netfilter/nf_nat_core.c
  3. 0 8
      net/netfilter/nf_conntrack_core.c

+ 0 - 3
include/net/netfilter/nf_conntrack.h
View File 

@@ -213,9 +213,6 @@ extern void nf_conntrack_tcp_update(struct sk_buff *skb,
 
 				    struct nf_conn *conntrack,
 
 				    int dir);
 
 
-/* Call me when a conntrack is destroyed. */
 
-extern void (*nf_conntrack_destroyed)(struct nf_conn *conntrack);
 
-
 
 /* Fake conntrack entry for untracked connections */
 
 extern struct nf_conn nf_conntrack_untracked;

+ 22 - 24
net/ipv4/netfilter/nf_nat_core.c
View File 

@@ -87,20 +87,6 @@ hash_by_src(const struct nf_conntrack_tuple *tuple)
 
 			    tuple->dst.protonum, 0) % nf_nat_htable_size;
 
 }
 
 
-/* Noone using conntrack by the time this called. */
 
-static void nf_nat_cleanup_conntrack(struct nf_conn *conn)
 
-{
 
-	struct nf_conn_nat *nat;
 
-	if (!(conn->status & IPS_NAT_DONE_MASK))
 
-		return;
 
-
 
-	nat = nfct_nat(conn);
 
-	write_lock_bh(&nf_nat_lock);
 
-	list_del(&nat->info.bysource);
 
-	nat->info.ct = NULL;
 
-	write_unlock_bh(&nf_nat_lock);
 
-}
 
-
 
 /* Is this tuple already taken? (not by us) */
 
 int
 
 nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
 
@@ -604,6 +590,22 @@ nf_nat_port_nfattr_to_range(struct nfattr *tb[], struct nf_nat_range *range)
 
 EXPORT_SYMBOL_GPL(nf_nat_port_range_to_nfattr);
 
 #endif
 
 
+/* Noone using conntrack by the time this called. */
 
+static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
 
+{
 
+	struct nf_conn_nat *nat = nf_ct_ext_find(ct, NF_CT_EXT_NAT);
 
+
 
+	if (nat == NULL || nat->info.ct == NULL)
 
+		return;
 
+
 
+	NF_CT_ASSERT(nat->info.ct->status & IPS_NAT_DONE_MASK);
 
+
 
+	write_lock_bh(&nf_nat_lock);
 
+	list_del(&nat->info.bysource);
 
+	nat->info.ct = NULL;
 
+	write_unlock_bh(&nf_nat_lock);
 
+}
 
+
 
 static void nf_nat_move_storage(struct nf_conn *conntrack, void *old)
 
 {
 
 	struct nf_conn_nat *new_nat = nf_ct_ext_find(conntrack, NF_CT_EXT_NAT);
 
@@ -623,11 +625,12 @@ static void nf_nat_move_storage(struct nf_conn *conntrack, void *old)
 
 }
 
 
 struct nf_ct_ext_type nat_extend = {
 
-	.len	= sizeof(struct nf_conn_nat),
 
-	.align	= __alignof__(struct nf_conn_nat),
 
-	.move	= nf_nat_move_storage,
 
-	.id	= NF_CT_EXT_NAT,
 
-	.flags	= NF_CT_EXT_F_PREALLOC,
 
+	.len		= sizeof(struct nf_conn_nat),
 
+	.align		= __alignof__(struct nf_conn_nat),
 
+	.destroy	= nf_nat_cleanup_conntrack,
 
+	.move		= nf_nat_move_storage,
 
+	.id		= NF_CT_EXT_NAT,
 
+	.flags		= NF_CT_EXT_F_PREALLOC,
 
 };
 
 
 static int __init nf_nat_init(void)
 
@@ -664,10 +667,6 @@ static int __init nf_nat_init(void)
 
 		INIT_LIST_HEAD(&bysource[i]);
 
 	}
 
 
-	/* FIXME: Man, this is a hack.  <SIGH> */
 
-	NF_CT_ASSERT(rcu_dereference(nf_conntrack_destroyed) == NULL);
 
-	rcu_assign_pointer(nf_conntrack_destroyed, nf_nat_cleanup_conntrack);
 
-
 
 	/* Initialize fake conntrack so that NAT will skip it */
 
 	nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK;
 
 
@@ -694,7 +693,6 @@ static int clean_nat(struct nf_conn *i, void *data)
 
 static void __exit nf_nat_cleanup(void)
 
 {
 
 	nf_ct_iterate_cleanup(&clean_nat, NULL);
 
-	rcu_assign_pointer(nf_conntrack_destroyed, NULL);
 
 	synchronize_rcu();
 
 	vfree(bysource);
 
 	nf_ct_l3proto_put(l3proto);

+ 0 - 8
net/netfilter/nf_conntrack_core.c
View File 

@@ -53,9 +53,6 @@ EXPORT_SYMBOL_GPL(nf_conntrack_lock);
 
 atomic_t nf_conntrack_count = ATOMIC_INIT(0);
 
 EXPORT_SYMBOL_GPL(nf_conntrack_count);
 
 
-void (*nf_conntrack_destroyed)(struct nf_conn *conntrack);
 
-EXPORT_SYMBOL_GPL(nf_conntrack_destroyed);
 
-
 
 unsigned int nf_conntrack_htable_size __read_mostly;
 
 EXPORT_SYMBOL_GPL(nf_conntrack_htable_size);
 
 
@@ -157,7 +154,6 @@ destroy_conntrack(struct nf_conntrack *nfct)
 
 {
 
 	struct nf_conn *ct = (struct nf_conn *)nfct;
 
 	struct nf_conntrack_l4proto *l4proto;
 
-	typeof(nf_conntrack_destroyed) destroyed;
 
 
 	DEBUGP("destroy_conntrack(%p)\n", ct);
 
 	NF_CT_ASSERT(atomic_read(&nfct->use) == 0);
 
@@ -177,10 +173,6 @@ destroy_conntrack(struct nf_conntrack *nfct)
 
 
 	nf_ct_ext_destroy(ct);
 
 
-	destroyed = rcu_dereference(nf_conntrack_destroyed);
 
-	if (destroyed)
 
-		destroyed(ct);
 
-
 
 	rcu_read_unlock();
 
 
 	write_lock_bh(&nf_conntrack_lock);