7f6e90470afe41990488dc20dae7606c8017a37a
[openwrt/staging/zorun.git] /
1 From: Pablo Neira Ayuso <pablo@netfilter.org>
2 Date: Fri, 3 Nov 2017 16:26:32 +0100
3 Subject: [PATCH] netfilter: conntrack: move nf_ct_netns_{get,put}() to core
4
5 So we can call this from other expression that need conntrack in place
6 to work.
7
8 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
9 Acked-by: Florian Westphal <fw@strlen.de>
10 ---
11
12 --- a/net/netfilter/nf_conntrack_proto.c
13 +++ b/net/netfilter/nf_conntrack_proto.c
14 @@ -125,7 +125,7 @@ void nf_ct_l3proto_module_put(unsigned s
15 }
16 EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);
17
18 -int nf_ct_netns_get(struct net *net, u8 nfproto)
19 +static int nf_ct_netns_do_get(struct net *net, u8 nfproto)
20 {
21 const struct nf_conntrack_l3proto *l3proto;
22 int ret;
23 @@ -150,9 +150,33 @@ int nf_ct_netns_get(struct net *net, u8
24
25 return ret;
26 }
27 +
28 +int nf_ct_netns_get(struct net *net, u8 nfproto)
29 +{
30 + int err;
31 +
32 + if (nfproto == NFPROTO_INET) {
33 + err = nf_ct_netns_do_get(net, NFPROTO_IPV4);
34 + if (err < 0)
35 + goto err1;
36 + err = nf_ct_netns_do_get(net, NFPROTO_IPV6);
37 + if (err < 0)
38 + goto err2;
39 + } else {
40 + err = nf_ct_netns_do_get(net, nfproto);
41 + if (err < 0)
42 + goto err1;
43 + }
44 + return 0;
45 +
46 +err2:
47 + nf_ct_netns_put(net, NFPROTO_IPV4);
48 +err1:
49 + return err;
50 +}
51 EXPORT_SYMBOL_GPL(nf_ct_netns_get);
52
53 -void nf_ct_netns_put(struct net *net, u8 nfproto)
54 +static void nf_ct_netns_do_put(struct net *net, u8 nfproto)
55 {
56 const struct nf_conntrack_l3proto *l3proto;
57
58 @@ -171,6 +195,15 @@ void nf_ct_netns_put(struct net *net, u8
59
60 nf_ct_l3proto_module_put(nfproto);
61 }
62 +
63 +void nf_ct_netns_put(struct net *net, uint8_t nfproto)
64 +{
65 + if (nfproto == NFPROTO_INET) {
66 + nf_ct_netns_do_put(net, NFPROTO_IPV4);
67 + nf_ct_netns_do_put(net, NFPROTO_IPV6);
68 + } else
69 + nf_ct_netns_do_put(net, nfproto);
70 +}
71 EXPORT_SYMBOL_GPL(nf_ct_netns_put);
72
73 const struct nf_conntrack_l4proto *
74 --- a/net/netfilter/nft_ct.c
75 +++ b/net/netfilter/nft_ct.c
76 @@ -312,39 +312,6 @@ static const struct nla_policy nft_ct_po
77 [NFTA_CT_SREG] = { .type = NLA_U32 },
78 };
79
80 -static int nft_ct_netns_get(struct net *net, uint8_t family)
81 -{
82 - int err;
83 -
84 - if (family == NFPROTO_INET) {
85 - err = nf_ct_netns_get(net, NFPROTO_IPV4);
86 - if (err < 0)
87 - goto err1;
88 - err = nf_ct_netns_get(net, NFPROTO_IPV6);
89 - if (err < 0)
90 - goto err2;
91 - } else {
92 - err = nf_ct_netns_get(net, family);
93 - if (err < 0)
94 - goto err1;
95 - }
96 - return 0;
97 -
98 -err2:
99 - nf_ct_netns_put(net, NFPROTO_IPV4);
100 -err1:
101 - return err;
102 -}
103 -
104 -static void nft_ct_netns_put(struct net *net, uint8_t family)
105 -{
106 - if (family == NFPROTO_INET) {
107 - nf_ct_netns_put(net, NFPROTO_IPV4);
108 - nf_ct_netns_put(net, NFPROTO_IPV6);
109 - } else
110 - nf_ct_netns_put(net, family);
111 -}
112 -
113 #ifdef CONFIG_NF_CONNTRACK_ZONES
114 static void nft_ct_tmpl_put_pcpu(void)
115 {
116 @@ -489,7 +456,7 @@ static int nft_ct_get_init(const struct
117 if (err < 0)
118 return err;
119
120 - err = nft_ct_netns_get(ctx->net, ctx->afi->family);
121 + err = nf_ct_netns_get(ctx->net, ctx->afi->family);
122 if (err < 0)
123 return err;
124
125 @@ -583,7 +550,7 @@ static int nft_ct_set_init(const struct
126 if (err < 0)
127 goto err1;
128
129 - err = nft_ct_netns_get(ctx->net, ctx->afi->family);
130 + err = nf_ct_netns_get(ctx->net, ctx->afi->family);
131 if (err < 0)
132 goto err1;
133
134 @@ -606,7 +573,7 @@ static void nft_ct_set_destroy(const str
135 struct nft_ct *priv = nft_expr_priv(expr);
136
137 __nft_ct_set_destroy(ctx, priv);
138 - nft_ct_netns_put(ctx->net, ctx->afi->family);
139 + nf_ct_netns_put(ctx->net, ctx->afi->family);
140 }
141
142 static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr)