Commit 7afa3883 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: cttimeout: use option structure 



Instead of two exported functions, export a single option structure.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 8dd8678e

include/net/netfilter/nf_conntrack_timeout.h

+6 −2
Original line number Original line Diff line number Diff line
@@ -108,8 +108,12 @@ static inline void nf_ct_destroy_timeout(struct nf_conn *ct) 
#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */

#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */





#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

extern struct nf_ct_timeout *(*nf_ct_timeout_find_get_hook)(struct net *net, const char *name);

struct nf_ct_timeout_hooks {

extern void (*nf_ct_timeout_put_hook)(struct nf_ct_timeout *timeout);

	struct nf_ct_timeout *(*timeout_find_get)(struct net *net, const char *name);

	void (*timeout_put)(struct nf_ct_timeout *timeout);

};



extern const struct nf_ct_timeout_hooks *nf_ct_timeout_hook;

#endif

#endif





#endif /* _NF_CONNTRACK_TIMEOUT_H */
 
#endif /* _NF_CONNTRACK_TIMEOUT_H */

net/netfilter/nf_conntrack_timeout.c

+13 −18
Original line number Original line Diff line number Diff line
@@ -22,12 +22,8 @@ 
#include <net/netfilter/nf_conntrack_l4proto.h>

#include <net/netfilter/nf_conntrack_l4proto.h>

#include <net/netfilter/nf_conntrack_timeout.h>

#include <net/netfilter/nf_conntrack_timeout.h>





struct nf_ct_timeout *

const struct nf_ct_timeout_hooks *nf_ct_timeout_hook __read_mostly;

(*nf_ct_timeout_find_get_hook)(struct net *net, const char *name) __read_mostly;

EXPORT_SYMBOL_GPL(nf_ct_timeout_hook);

EXPORT_SYMBOL_GPL(nf_ct_timeout_find_get_hook);



void (*nf_ct_timeout_put_hook)(struct nf_ct_timeout *timeout) __read_mostly;

EXPORT_SYMBOL_GPL(nf_ct_timeout_put_hook);





static int untimeout(struct nf_conn *ct, void *timeout)

static int untimeout(struct nf_conn *ct, void *timeout)

{

{
@@ -48,31 +44,30 @@ EXPORT_SYMBOL_GPL(nf_ct_untimeout); 




static void __nf_ct_timeout_put(struct nf_ct_timeout *timeout)

static void __nf_ct_timeout_put(struct nf_ct_timeout *timeout)

{

{

	typeof(nf_ct_timeout_put_hook) timeout_put;

	const struct nf_ct_timeout_hooks *h = rcu_dereference(nf_ct_timeout_hook);





	timeout_put = rcu_dereference(nf_ct_timeout_put_hook);

	if (h)

	if (timeout_put)

		h->timeout_put(timeout);

		timeout_put(timeout);

}

}





int nf_ct_set_timeout(struct net *net, struct nf_conn *ct,

int nf_ct_set_timeout(struct net *net, struct nf_conn *ct,

		      u8 l3num, u8 l4num, const char *timeout_name)

		      u8 l3num, u8 l4num, const char *timeout_name)

{

{

	typeof(nf_ct_timeout_find_get_hook) timeout_find_get;

	const struct nf_ct_timeout_hooks *h;

	struct nf_ct_timeout *timeout;

	struct nf_ct_timeout *timeout;

	struct nf_conn_timeout *timeout_ext;

	struct nf_conn_timeout *timeout_ext;

	const char *errmsg = NULL;

	const char *errmsg = NULL;

	int ret = 0;

	int ret = 0;





	rcu_read_lock();

	rcu_read_lock();

	timeout_find_get = rcu_dereference(nf_ct_timeout_find_get_hook);

	h = rcu_dereference(nf_ct_timeout_hook);

	if (!timeout_find_get) {

	if (!h) {

		ret = -ENOENT;

		ret = -ENOENT;

		errmsg = "Timeout policy base is empty";

		errmsg = "Timeout policy base is empty";

		goto out;

		goto out;

	}

	}





	timeout = timeout_find_get(net, timeout_name);

	timeout = h->timeout_find_get(net, timeout_name);

	if (!timeout) {

	if (!timeout) {

		ret = -ENOENT;

		ret = -ENOENT;

		pr_info_ratelimited("No such timeout policy \"%s\"\n",

		pr_info_ratelimited("No such timeout policy \"%s\"\n",
@@ -119,15 +114,15 @@ EXPORT_SYMBOL_GPL(nf_ct_set_timeout); 
void nf_ct_destroy_timeout(struct nf_conn *ct)

void nf_ct_destroy_timeout(struct nf_conn *ct)

{

{

	struct nf_conn_timeout *timeout_ext;

	struct nf_conn_timeout *timeout_ext;

	typeof(nf_ct_timeout_put_hook) timeout_put;

	const struct nf_ct_timeout_hooks *h;





	rcu_read_lock();

	rcu_read_lock();

	timeout_put = rcu_dereference(nf_ct_timeout_put_hook);

	h = rcu_dereference(nf_ct_timeout_hook);





	if (timeout_put) {

	if (h) {

		timeout_ext = nf_ct_timeout_find(ct);

		timeout_ext = nf_ct_timeout_find(ct);

		if (timeout_ext) {

		if (timeout_ext) {

			timeout_put(timeout_ext->timeout);

			h->timeout_put(timeout_ext->timeout);

			RCU_INIT_POINTER(timeout_ext->timeout, NULL);

			RCU_INIT_POINTER(timeout_ext->timeout, NULL);

		}

		}

	}

	}

net/netfilter/nfnetlink_cttimeout.c

+7 −4
Original line number Original line Diff line number Diff line
@@ -605,6 +605,11 @@ static struct pernet_operations cttimeout_ops = { 
	.size   = sizeof(struct nfct_timeout_pernet),

	.size   = sizeof(struct nfct_timeout_pernet),

};

};





static const struct nf_ct_timeout_hooks hooks = {

	.timeout_find_get = ctnl_timeout_find_get,

	.timeout_put = ctnl_timeout_put,

};



static int __init cttimeout_init(void)

static int __init cttimeout_init(void)

{

{

	int ret;

	int ret;
@@ -619,8 +624,7 @@ static int __init cttimeout_init(void) 
			"nfnetlink.\n");

			"nfnetlink.\n");

		goto err_out;

		goto err_out;

	}

	}

	RCU_INIT_POINTER(nf_ct_timeout_find_get_hook, ctnl_timeout_find_get);

	RCU_INIT_POINTER(nf_ct_timeout_hook, &hooks);

	RCU_INIT_POINTER(nf_ct_timeout_put_hook, ctnl_timeout_put);

	return 0;

	return 0;





err_out:

err_out:
@@ -633,8 +637,7 @@ static void __exit cttimeout_exit(void) 
	nfnetlink_subsys_unregister(&cttimeout_subsys);

	nfnetlink_subsys_unregister(&cttimeout_subsys);





	unregister_pernet_subsys(&cttimeout_ops);

	unregister_pernet_subsys(&cttimeout_ops);

	RCU_INIT_POINTER(nf_ct_timeout_find_get_hook, NULL);

	RCU_INIT_POINTER(nf_ct_timeout_hook, NULL);

	RCU_INIT_POINTER(nf_ct_timeout_put_hook, NULL);

	synchronize_rcu();

	synchronize_rcu();

}

}