96acb6887e6dac65d2ab7ad17c689a062c1caeaf
[openwrt/staging/981213.git] /
1 From: Felix Fietkau <nbd@nbd.name>
2 Date: Sun, 18 Feb 2018 18:16:31 +0100
3 Subject: [PATCH] netfilter: nf_flow_table: move init code to
4 nf_flow_table_core.c
5
6 Reduces duplication of .gc and .params in flowtable type definitions and
7 makes the API clearer
8
9 Signed-off-by: Felix Fietkau <nbd@nbd.name>
10 ---
11
12 --- a/include/net/netfilter/nf_flow_table.h
13 +++ b/include/net/netfilter/nf_flow_table.h
14 @@ -14,9 +14,8 @@ struct nf_flowtable;
15 struct nf_flowtable_type {
16 struct list_head list;
17 int family;
18 - void (*gc)(struct work_struct *work);
19 + int (*init)(struct nf_flowtable *ft);
20 void (*free)(struct nf_flowtable *ft);
21 - const struct rhashtable_params *params;
22 nf_hookfn *hook;
23 struct module *owner;
24 };
25 @@ -100,9 +99,8 @@ int nf_flow_table_iterate(struct nf_flow
26
27 void nf_flow_table_cleanup(struct net *net, struct net_device *dev);
28
29 +int nf_flow_table_init(struct nf_flowtable *flow_table);
30 void nf_flow_table_free(struct nf_flowtable *flow_table);
31 -void nf_flow_offload_work_gc(struct work_struct *work);
32 -extern const struct rhashtable_params nf_flow_offload_rhash_params;
33
34 void flow_offload_dead(struct flow_offload *flow);
35
36 --- a/net/ipv4/netfilter/nf_flow_table_ipv4.c
37 +++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c
38 @@ -7,8 +7,7 @@
39
40 static struct nf_flowtable_type flowtable_ipv4 = {
41 .family = NFPROTO_IPV4,
42 - .params = &nf_flow_offload_rhash_params,
43 - .gc = nf_flow_offload_work_gc,
44 + .init = nf_flow_table_init,
45 .free = nf_flow_table_free,
46 .hook = nf_flow_offload_ip_hook,
47 .owner = THIS_MODULE,
48 --- a/net/ipv6/netfilter/nf_flow_table_ipv6.c
49 +++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c
50 @@ -8,8 +8,7 @@
51
52 static struct nf_flowtable_type flowtable_ipv6 = {
53 .family = NFPROTO_IPV6,
54 - .params = &nf_flow_offload_rhash_params,
55 - .gc = nf_flow_offload_work_gc,
56 + .init = nf_flow_table_init,
57 .free = nf_flow_table_free,
58 .hook = nf_flow_offload_ipv6_hook,
59 .owner = THIS_MODULE,
60 --- a/net/netfilter/nf_flow_table_core.c
61 +++ b/net/netfilter/nf_flow_table_core.c
62 @@ -116,16 +116,50 @@ void flow_offload_dead(struct flow_offlo
63 }
64 EXPORT_SYMBOL_GPL(flow_offload_dead);
65
66 +static u32 flow_offload_hash(const void *data, u32 len, u32 seed)
67 +{
68 + const struct flow_offload_tuple *tuple = data;
69 +
70 + return jhash(tuple, offsetof(struct flow_offload_tuple, dir), seed);
71 +}
72 +
73 +static u32 flow_offload_hash_obj(const void *data, u32 len, u32 seed)
74 +{
75 + const struct flow_offload_tuple_rhash *tuplehash = data;
76 +
77 + return jhash(&tuplehash->tuple, offsetof(struct flow_offload_tuple, dir), seed);
78 +}
79 +
80 +static int flow_offload_hash_cmp(struct rhashtable_compare_arg *arg,
81 + const void *ptr)
82 +{
83 + const struct flow_offload_tuple *tuple = arg->key;
84 + const struct flow_offload_tuple_rhash *x = ptr;
85 +
86 + if (memcmp(&x->tuple, tuple, offsetof(struct flow_offload_tuple, dir)))
87 + return 1;
88 +
89 + return 0;
90 +}
91 +
92 +static const struct rhashtable_params nf_flow_offload_rhash_params = {
93 + .head_offset = offsetof(struct flow_offload_tuple_rhash, node),
94 + .hashfn = flow_offload_hash,
95 + .obj_hashfn = flow_offload_hash_obj,
96 + .obj_cmpfn = flow_offload_hash_cmp,
97 + .automatic_shrinking = true,
98 +};
99 +
100 int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow)
101 {
102 flow->timeout = (u32)jiffies;
103
104 rhashtable_insert_fast(&flow_table->rhashtable,
105 &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node,
106 - *flow_table->type->params);
107 + nf_flow_offload_rhash_params);
108 rhashtable_insert_fast(&flow_table->rhashtable,
109 &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node,
110 - *flow_table->type->params);
111 + nf_flow_offload_rhash_params);
112 return 0;
113 }
114 EXPORT_SYMBOL_GPL(flow_offload_add);
115 @@ -135,10 +169,10 @@ static void flow_offload_del(struct nf_f
116 {
117 rhashtable_remove_fast(&flow_table->rhashtable,
118 &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node,
119 - *flow_table->type->params);
120 + nf_flow_offload_rhash_params);
121 rhashtable_remove_fast(&flow_table->rhashtable,
122 &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node,
123 - *flow_table->type->params);
124 + nf_flow_offload_rhash_params);
125
126 flow_offload_free(flow);
127 }
128 @@ -148,7 +182,7 @@ flow_offload_lookup(struct nf_flowtable
129 struct flow_offload_tuple *tuple)
130 {
131 return rhashtable_lookup_fast(&flow_table->rhashtable, tuple,
132 - *flow_table->type->params);
133 + nf_flow_offload_rhash_params);
134 }
135 EXPORT_SYMBOL_GPL(flow_offload_lookup);
136
137 @@ -237,7 +271,7 @@ out:
138 return 1;
139 }
140
141 -void nf_flow_offload_work_gc(struct work_struct *work)
142 +static void nf_flow_offload_work_gc(struct work_struct *work)
143 {
144 struct nf_flowtable *flow_table;
145
146 @@ -245,42 +279,6 @@ void nf_flow_offload_work_gc(struct work
147 nf_flow_offload_gc_step(flow_table);
148 queue_delayed_work(system_power_efficient_wq, &flow_table->gc_work, HZ);
149 }
150 -EXPORT_SYMBOL_GPL(nf_flow_offload_work_gc);
151 -
152 -static u32 flow_offload_hash(const void *data, u32 len, u32 seed)
153 -{
154 - const struct flow_offload_tuple *tuple = data;
155 -
156 - return jhash(tuple, offsetof(struct flow_offload_tuple, dir), seed);
157 -}
158 -
159 -static u32 flow_offload_hash_obj(const void *data, u32 len, u32 seed)
160 -{
161 - const struct flow_offload_tuple_rhash *tuplehash = data;
162 -
163 - return jhash(&tuplehash->tuple, offsetof(struct flow_offload_tuple, dir), seed);
164 -}
165 -
166 -static int flow_offload_hash_cmp(struct rhashtable_compare_arg *arg,
167 - const void *ptr)
168 -{
169 - const struct flow_offload_tuple *tuple = arg->key;
170 - const struct flow_offload_tuple_rhash *x = ptr;
171 -
172 - if (memcmp(&x->tuple, tuple, offsetof(struct flow_offload_tuple, dir)))
173 - return 1;
174 -
175 - return 0;
176 -}
177 -
178 -const struct rhashtable_params nf_flow_offload_rhash_params = {
179 - .head_offset = offsetof(struct flow_offload_tuple_rhash, node),
180 - .hashfn = flow_offload_hash,
181 - .obj_hashfn = flow_offload_hash_obj,
182 - .obj_cmpfn = flow_offload_hash_cmp,
183 - .automatic_shrinking = true,
184 -};
185 -EXPORT_SYMBOL_GPL(nf_flow_offload_rhash_params);
186
187 static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff,
188 __be16 port, __be16 new_port)
189 @@ -398,6 +396,24 @@ int nf_flow_dnat_port(const struct flow_
190 }
191 EXPORT_SYMBOL_GPL(nf_flow_dnat_port);
192
193 +int nf_flow_table_init(struct nf_flowtable *flowtable)
194 +{
195 + int err;
196 +
197 + INIT_DEFERRABLE_WORK(&flowtable->gc_work, nf_flow_offload_work_gc);
198 +
199 + err = rhashtable_init(&flowtable->rhashtable,
200 + &nf_flow_offload_rhash_params);
201 + if (err < 0)
202 + return err;
203 +
204 + queue_delayed_work(system_power_efficient_wq,
205 + &flowtable->gc_work, HZ);
206 +
207 + return 0;
208 +}
209 +EXPORT_SYMBOL_GPL(nf_flow_table_init);
210 +
211 static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data)
212 {
213 struct net_device *dev = data;
214 @@ -423,8 +439,10 @@ EXPORT_SYMBOL_GPL(nf_flow_table_cleanup)
215
216 void nf_flow_table_free(struct nf_flowtable *flow_table)
217 {
218 + cancel_delayed_work_sync(&flow_table->gc_work);
219 nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL);
220 WARN_ON(!nf_flow_offload_gc_step(flow_table));
221 + rhashtable_destroy(&flow_table->rhashtable);
222 }
223 EXPORT_SYMBOL_GPL(nf_flow_table_free);
224
225 --- a/net/netfilter/nf_flow_table_inet.c
226 +++ b/net/netfilter/nf_flow_table_inet.c
227 @@ -22,8 +22,7 @@ nf_flow_offload_inet_hook(void *priv, st
228
229 static struct nf_flowtable_type flowtable_inet = {
230 .family = NFPROTO_INET,
231 - .params = &nf_flow_offload_rhash_params,
232 - .gc = nf_flow_offload_work_gc,
233 + .init = nf_flow_table_init,
234 .free = nf_flow_table_free,
235 .hook = nf_flow_offload_inet_hook,
236 .owner = THIS_MODULE,
237 --- a/net/netfilter/nf_tables_api.c
238 +++ b/net/netfilter/nf_tables_api.c
239 @@ -5108,40 +5108,38 @@ static int nf_tables_newflowtable(struct
240 }
241
242 flowtable->data.type = type;
243 - err = rhashtable_init(&flowtable->data.rhashtable, type->params);
244 + err = type->init(&flowtable->data);
245 if (err < 0)
246 goto err3;
247
248 err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
249 flowtable);
250 if (err < 0)
251 - goto err3;
252 + goto err4;
253
254 for (i = 0; i < flowtable->ops_len; i++) {
255 err = nf_register_net_hook(net, &flowtable->ops[i]);
256 if (err < 0)
257 - goto err4;
258 + goto err5;
259 }
260
261 err = nft_trans_flowtable_add(&ctx, NFT_MSG_NEWFLOWTABLE, flowtable);
262 if (err < 0)
263 - goto err5;
264 -
265 - INIT_DEFERRABLE_WORK(&flowtable->data.gc_work, type->gc);
266 - queue_delayed_work(system_power_efficient_wq,
267 - &flowtable->data.gc_work, HZ);
268 + goto err6;
269
270 list_add_tail_rcu(&flowtable->list, &table->flowtables);
271 table->use++;
272
273 return 0;
274 -err5:
275 +err6:
276 i = flowtable->ops_len;
277 -err4:
278 +err5:
279 for (k = i - 1; k >= 0; k--)
280 nf_unregister_net_hook(net, &flowtable->ops[i]);
281
282 kfree(flowtable->ops);
283 +err4:
284 + flowtable->data.type->free(&flowtable->data);
285 err3:
286 module_put(type->owner);
287 err2:
288 @@ -5422,10 +5420,8 @@ err:
289
290 static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
291 {
292 - cancel_delayed_work_sync(&flowtable->data.gc_work);
293 kfree(flowtable->name);
294 flowtable->data.type->free(&flowtable->data);
295 - rhashtable_destroy(&flowtable->data.rhashtable);
296 module_put(flowtable->data.type->owner);
297 }
298