OpenWrt – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | From 26888dfd7e7454686b8d3ea9ba5045d5f236e4d7 Mon Sep 17 00:00:00 2001 |
2 | From: Florian Westphal <fw@strlen.de> |
||
3 | Date: Fri, 1 Dec 2017 00:21:03 +0100 |
||
4 | Subject: [PATCH 03/11] netfilter: core: remove synchronize_net call if nfqueue |
||
5 | is used |
||
6 | |||
7 | since commit 960632ece6949b ("netfilter: convert hook list to an array") |
||
8 | nfqueue no longer stores a pointer to the hook that caused the packet |
||
9 | to be queued. Therefore no extra synchronize_net() call is needed after |
||
10 | dropping the packets enqueued by the old rule blob. |
||
11 | |||
12 | Signed-off-by: Florian Westphal <fw@strlen.de> |
||
13 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
14 | --- |
||
15 | include/net/netfilter/nf_queue.h | 2 +- |
||
16 | net/netfilter/core.c | 6 +----- |
||
17 | net/netfilter/nf_internals.h | 2 +- |
||
18 | net/netfilter/nf_queue.c | 7 ++----- |
||
19 | net/netfilter/nfnetlink_queue.c | 9 ++------- |
||
20 | 5 files changed, 7 insertions(+), 19 deletions(-) |
||
21 | |||
22 | --- a/include/net/netfilter/nf_queue.h |
||
23 | +++ b/include/net/netfilter/nf_queue.h |
||
24 | @@ -25,7 +25,7 @@ struct nf_queue_entry { |
||
25 | struct nf_queue_handler { |
||
26 | int (*outfn)(struct nf_queue_entry *entry, |
||
27 | unsigned int queuenum); |
||
28 | - unsigned int (*nf_hook_drop)(struct net *net); |
||
29 | + void (*nf_hook_drop)(struct net *net); |
||
30 | }; |
||
31 | |||
32 | void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); |
||
33 | --- a/net/netfilter/core.c |
||
34 | +++ b/net/netfilter/core.c |
||
35 | @@ -341,7 +341,6 @@ void nf_unregister_net_hook(struct net * |
||
36 | { |
||
37 | struct nf_hook_entries __rcu **pp; |
||
38 | struct nf_hook_entries *p; |
||
39 | - unsigned int nfq; |
||
40 | |||
41 | pp = nf_hook_entry_head(net, reg); |
||
42 | if (!pp) |
||
43 | @@ -364,10 +363,7 @@ void nf_unregister_net_hook(struct net * |
||
44 | |||
45 | synchronize_net(); |
||
46 | |||
47 | - /* other cpu might still process nfqueue verdict that used reg */ |
||
48 | - nfq = nf_queue_nf_hook_drop(net); |
||
49 | - if (nfq) |
||
50 | - synchronize_net(); |
||
51 | + nf_queue_nf_hook_drop(net); |
||
52 | kvfree(p); |
||
53 | } |
||
54 | EXPORT_SYMBOL(nf_unregister_net_hook); |
||
55 | --- a/net/netfilter/nf_internals.h |
||
56 | +++ b/net/netfilter/nf_internals.h |
||
57 | @@ -10,7 +10,7 @@ |
||
58 | int nf_queue(struct sk_buff *skb, struct nf_hook_state *state, |
||
59 | const struct nf_hook_entries *entries, unsigned int index, |
||
60 | unsigned int verdict); |
||
61 | -unsigned int nf_queue_nf_hook_drop(struct net *net); |
||
62 | +void nf_queue_nf_hook_drop(struct net *net); |
||
63 | |||
64 | /* nf_log.c */ |
||
65 | int __init netfilter_log_init(void); |
||
66 | --- a/net/netfilter/nf_queue.c |
||
67 | +++ b/net/netfilter/nf_queue.c |
||
68 | @@ -96,18 +96,15 @@ void nf_queue_entry_get_refs(struct nf_q |
||
69 | } |
||
70 | EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs); |
||
71 | |||
72 | -unsigned int nf_queue_nf_hook_drop(struct net *net) |
||
73 | +void nf_queue_nf_hook_drop(struct net *net) |
||
74 | { |
||
75 | const struct nf_queue_handler *qh; |
||
76 | - unsigned int count = 0; |
||
77 | |||
78 | rcu_read_lock(); |
||
79 | qh = rcu_dereference(net->nf.queue_handler); |
||
80 | if (qh) |
||
81 | - count = qh->nf_hook_drop(net); |
||
82 | + qh->nf_hook_drop(net); |
||
83 | rcu_read_unlock(); |
||
84 | - |
||
85 | - return count; |
||
86 | } |
||
87 | EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop); |
||
88 | |||
89 | --- a/net/netfilter/nfnetlink_queue.c |
||
90 | +++ b/net/netfilter/nfnetlink_queue.c |
||
91 | @@ -941,23 +941,18 @@ static struct notifier_block nfqnl_dev_n |
||
92 | .notifier_call = nfqnl_rcv_dev_event, |
||
93 | }; |
||
94 | |||
95 | -static unsigned int nfqnl_nf_hook_drop(struct net *net) |
||
96 | +static void nfqnl_nf_hook_drop(struct net *net) |
||
97 | { |
||
98 | struct nfnl_queue_net *q = nfnl_queue_pernet(net); |
||
99 | - unsigned int instances = 0; |
||
100 | int i; |
||
101 | |||
102 | for (i = 0; i < INSTANCE_BUCKETS; i++) { |
||
103 | struct nfqnl_instance *inst; |
||
104 | struct hlist_head *head = &q->instance_table[i]; |
||
105 | |||
106 | - hlist_for_each_entry_rcu(inst, head, hlist) { |
||
107 | + hlist_for_each_entry_rcu(inst, head, hlist) |
||
108 | nfqnl_flush(inst, NULL, 0); |
||
109 | - instances++; |
||
110 | - } |
||
111 | } |
||
112 | - |
||
113 | - return instances; |
||
114 | } |
||
115 | |||
116 | static int |