lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

netfilter: nf_conntrack: add nf_ct_kill()

Browse Source 
Encapsulate the common

	if (del_timer(&ct->timeout))
		ct->timeout.function((unsigned long)ct)

sequence in a new function.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
2008-06-09 15:59:06 -07:00
committed by David S. Miller
parent 31d8519c9c
commit 51091764f2
7 changed files with 18 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/net/netfilter/nf_conntrack.h
View File

@@ -223,6 +223,8 @@ static inline void nf_ct_refresh(struct nf_conn *ct,
__nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0); __nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0);
} }
extern void nf_ct_kill(struct nf_conn *ct);
/* These are for NAT. Icky. */ /* These are for NAT. Icky. */
/* Update TCP window tracking data when NAT mangles the packet */ /* Update TCP window tracking data when NAT mangles the packet */
extern void nf_conntrack_tcp_update(const struct sk_buff *skb, extern void nf_conntrack_tcp_update(const struct sk_buff *skb,

5
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
View File

@@ -87,9 +87,8 @@ static int icmp_packet(struct nf_conn *ct,
means this will only run once even if count hits zero twice means this will only run once even if count hits zero twice
(theoretically possible with SMP) */ (theoretically possible with SMP) */
if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
if (atomic_dec_and_test(&ct->proto.icmp.count) if (atomic_dec_and_test(&ct->proto.icmp.count))
&& del_timer(&ct->timeout)) nf_ct_kill(ct);
ct->timeout.function((unsigned long)ct);
} else { } else {
atomic_inc(&ct->proto.icmp.count); atomic_inc(&ct->proto.icmp.count);
nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);

5
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
View File

@@ -89,9 +89,8 @@ static int icmpv6_packet(struct nf_conn *ct,
means this will only run once even if count hits zero twice means this will only run once even if count hits zero twice
(theoretically possible with SMP) */ (theoretically possible with SMP) */
if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
if (atomic_dec_and_test(&ct->proto.icmp.count) if (atomic_dec_and_test(&ct->proto.icmp.count))
&& del_timer(&ct->timeout)) nf_ct_kill(ct);
ct->timeout.function((unsigned long)ct);
} else { } else {
atomic_inc(&ct->proto.icmp.count); atomic_inc(&ct->proto.icmp.count);
nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);

7
net/netfilter/nf_conntrack_core.c
View File

@@ -848,6 +848,13 @@ acct:
} }
EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct); EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct);
void nf_ct_kill(struct nf_conn *ct)
{
if (del_timer(&ct->timeout))
ct->timeout.function((unsigned long)ct);
}
EXPORT_SYMBOL_GPL(nf_ct_kill);
#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
#include <linux/netfilter/nfnetlink.h> #include <linux/netfilter/nfnetlink.h>

3
net/netfilter/nf_conntrack_netlink.c
View File

@@ -812,9 +812,8 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
return -ENOENT; return -ENOENT;
} }
} }
if (del_timer(&ct->timeout))
ct->timeout.function((unsigned long)ct);
nf_ct_kill(ct);
nf_ct_put(ct); nf_ct_put(ct);
return 0; return 0;

3
net/netfilter/nf_conntrack_proto_dccp.c
View File

@@ -475,8 +475,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb,
if (type == DCCP_PKT_RESET && if (type == DCCP_PKT_RESET &&
!test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
/* Tear down connection immediately if only reply is a RESET */ /* Tear down connection immediately if only reply is a RESET */
if (del_timer(&ct->timeout)) nf_ct_kill(ct);
ct->timeout.function((unsigned long)ct);
return NF_ACCEPT; return NF_ACCEPT;
} }

9
net/netfilter/nf_conntrack_proto_tcp.c
View File

@@ -843,8 +843,7 @@ static int tcp_packet(struct nf_conn *ct,
/* Attempt to reopen a closed/aborted connection. /* Attempt to reopen a closed/aborted connection.
* Delete this connection and look up again. */ * Delete this connection and look up again. */
write_unlock_bh(&tcp_lock); write_unlock_bh(&tcp_lock);
if (del_timer(&ct->timeout)) nf_ct_kill(ct);
ct->timeout.function((unsigned long)ct);
return -NF_REPEAT; return -NF_REPEAT;
} }
/* Fall through */ /* Fall through */
@@ -877,8 +876,7 @@ static int tcp_packet(struct nf_conn *ct,
if (LOG_INVALID(IPPROTO_TCP)) if (LOG_INVALID(IPPROTO_TCP))
nf_log_packet(pf, 0, skb, NULL, NULL, NULL, nf_log_packet(pf, 0, skb, NULL, NULL, NULL,
"nf_ct_tcp: killing out of sync session "); "nf_ct_tcp: killing out of sync session ");
if (del_timer(&ct->timeout)) nf_ct_kill(ct);
ct->timeout.function((unsigned long)ct);
return -NF_DROP; return -NF_DROP;
} }
ct->proto.tcp.last_index = index; ct->proto.tcp.last_index = index;
@@ -961,8 +959,7 @@ static int tcp_packet(struct nf_conn *ct,
problem case, so we can delete the conntrack problem case, so we can delete the conntrack
immediately. --RR */ immediately. --RR */
if (th->rst) { if (th->rst) {
if (del_timer(&ct->timeout)) nf_ct_kill(ct);
ct->timeout.function((unsigned long)ct);
return NF_ACCEPT; return NF_ACCEPT;
} }
} else if (!test_bit(IPS_ASSURED_BIT, &ct->status) } else if (!test_bit(IPS_ASSURED_BIT, &ct->status)