Commit 83ace77f authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: ctnetlink: remove get_ct indirection 



Use nf_ct_get() directly, its a small inline helper without dependencies.

Add CONFIG_NF_CONNTRACK guards to elide the relevant part when conntrack
isn't available at all.

v2: add ifdef guard around nf_ct_get call (kernel test robot)
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a61e4b60

include/linux/netfilter.h

+0 −2
Original line number Diff line number Diff line
@@ -463,8 +463,6 @@ extern struct nf_ct_hook __rcu *nf_ct_hook; 
struct nlattr;



struct nfnl_ct_hook {

	struct nf_conn *(*get_ct)(const struct sk_buff *skb,

				  enum ip_conntrack_info *ctinfo);

	size_t (*build_size)(const struct nf_conn *ct);

	int (*build)(struct sk_buff *skb, struct nf_conn *ct,

		     enum ip_conntrack_info ctinfo,

net/netfilter/nf_conntrack_netlink.c

+0 −7
Original line number Diff line number Diff line
@@ -2686,12 +2686,6 @@ ctnetlink_glue_build_size(const struct nf_conn *ct) 
	       ;

}



static struct nf_conn *ctnetlink_glue_get_ct(const struct sk_buff *skb,

					     enum ip_conntrack_info *ctinfo)

{

	return nf_ct_get(skb, ctinfo);

}



static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)

{

	const struct nf_conntrack_zone *zone;
@@ -2925,7 +2919,6 @@ static void ctnetlink_glue_seqadj(struct sk_buff *skb, struct nf_conn *ct, 
}



static struct nfnl_ct_hook ctnetlink_glue_hook = {

	.get_ct		= ctnetlink_glue_get_ct,

	.build_size	= ctnetlink_glue_build_size,

	.build		= ctnetlink_glue_build,

	.parse		= ctnetlink_glue_parse,

net/netfilter/nfnetlink_log.c

+7 −1
Original line number Diff line number Diff line
@@ -43,6 +43,10 @@ 
#include "../bridge/br_private.h"

#endif



#if IS_ENABLED(CONFIG_NF_CONNTRACK)

#include <net/netfilter/nf_conntrack.h>

#endif



#define NFULNL_COPY_DISABLED	0xff

#define NFULNL_NLBUFSIZ_DEFAULT	NLMSG_GOODSIZE

#define NFULNL_TIMEOUT_DEFAULT 	100	/* every second */
@@ -733,14 +737,16 @@ nfulnl_log_packet(struct net *net, 
		size += nla_total_size(sizeof(u_int32_t));

	if (inst->flags & NFULNL_CFG_F_SEQ_GLOBAL)

		size += nla_total_size(sizeof(u_int32_t));

#if IS_ENABLED(CONFIG_NF_CONNTRACK)

	if (inst->flags & NFULNL_CFG_F_CONNTRACK) {

		nfnl_ct = rcu_dereference(nfnl_ct_hook);

		if (nfnl_ct != NULL) {

			ct = nfnl_ct->get_ct(skb, &ctinfo);

			ct = nf_ct_get(skb, &ctinfo);

			if (ct != NULL)

				size += nfnl_ct->build_size(ct);

		}

	}

#endif

	if (pf == NFPROTO_NETDEV || pf == NFPROTO_BRIDGE)

		size += nfulnl_get_bridge_size(skb);

net/netfilter/nfnetlink_queue.c

+8 −2
Original line number Diff line number Diff line
@@ -444,13 +444,15 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, 


	nfnl_ct = rcu_dereference(nfnl_ct_hook);



#if IS_ENABLED(CONFIG_NF_CONNTRACK)

	if (queue->flags & NFQA_CFG_F_CONNTRACK) {

		if (nfnl_ct != NULL) {

			ct = nfnl_ct->get_ct(entskb, &ctinfo);

			ct = nf_ct_get(entskb, &ctinfo);

			if (ct != NULL)

				size += nfnl_ct->build_size(ct);

		}

	}

#endif



	if (queue->flags & NFQA_CFG_F_UID_GID) {

		size += (nla_total_size(sizeof(u_int32_t))	/* uid */
@@ -1104,9 +1106,10 @@ static struct nf_conn *nfqnl_ct_parse(struct nfnl_ct_hook *nfnl_ct, 
				      struct nf_queue_entry *entry,

				      enum ip_conntrack_info *ctinfo)

{

#if IS_ENABLED(CONFIG_NF_CONNTRACK)

	struct nf_conn *ct;



	ct = nfnl_ct->get_ct(entry->skb, ctinfo);

	ct = nf_ct_get(entry->skb, ctinfo);

	if (ct == NULL)

		return NULL;
@@ -1118,6 +1121,9 @@ static struct nf_conn *nfqnl_ct_parse(struct nfnl_ct_hook *nfnl_ct, 
				      NETLINK_CB(entry->skb).portid,

				      nlmsg_report(nlh));

	return ct;

#else

	return NULL;

#endif

}



static int nfqa_parse_bridge(struct nf_queue_entry *entry,