/branches/18.06.1/target/linux/generic/backport-4.14/291-v4.16-netfilter-core-remove-synchronize_net-call-if-nfqueu.patch |
@@ -0,0 +1,116 @@ |
From 26888dfd7e7454686b8d3ea9ba5045d5f236e4d7 Mon Sep 17 00:00:00 2001 |
From: Florian Westphal <fw@strlen.de> |
Date: Fri, 1 Dec 2017 00:21:03 +0100 |
Subject: [PATCH 03/11] netfilter: core: remove synchronize_net call if nfqueue |
is used |
|
since commit 960632ece6949b ("netfilter: convert hook list to an array") |
nfqueue no longer stores a pointer to the hook that caused the packet |
to be queued. Therefore no extra synchronize_net() call is needed after |
dropping the packets enqueued by the old rule blob. |
|
Signed-off-by: Florian Westphal <fw@strlen.de> |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
--- |
include/net/netfilter/nf_queue.h | 2 +- |
net/netfilter/core.c | 6 +----- |
net/netfilter/nf_internals.h | 2 +- |
net/netfilter/nf_queue.c | 7 ++----- |
net/netfilter/nfnetlink_queue.c | 9 ++------- |
5 files changed, 7 insertions(+), 19 deletions(-) |
|
--- a/include/net/netfilter/nf_queue.h |
+++ b/include/net/netfilter/nf_queue.h |
@@ -25,7 +25,7 @@ struct nf_queue_entry { |
struct nf_queue_handler { |
int (*outfn)(struct nf_queue_entry *entry, |
unsigned int queuenum); |
- unsigned int (*nf_hook_drop)(struct net *net); |
+ void (*nf_hook_drop)(struct net *net); |
}; |
|
void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); |
--- a/net/netfilter/core.c |
+++ b/net/netfilter/core.c |
@@ -341,7 +341,6 @@ void nf_unregister_net_hook(struct net * |
{ |
struct nf_hook_entries __rcu **pp; |
struct nf_hook_entries *p; |
- unsigned int nfq; |
|
pp = nf_hook_entry_head(net, reg); |
if (!pp) |
@@ -364,10 +363,7 @@ void nf_unregister_net_hook(struct net * |
|
synchronize_net(); |
|
- /* other cpu might still process nfqueue verdict that used reg */ |
- nfq = nf_queue_nf_hook_drop(net); |
- if (nfq) |
- synchronize_net(); |
+ nf_queue_nf_hook_drop(net); |
kvfree(p); |
} |
EXPORT_SYMBOL(nf_unregister_net_hook); |
--- a/net/netfilter/nf_internals.h |
+++ b/net/netfilter/nf_internals.h |
@@ -10,7 +10,7 @@ |
int nf_queue(struct sk_buff *skb, struct nf_hook_state *state, |
const struct nf_hook_entries *entries, unsigned int index, |
unsigned int verdict); |
-unsigned int nf_queue_nf_hook_drop(struct net *net); |
+void nf_queue_nf_hook_drop(struct net *net); |
|
/* nf_log.c */ |
int __init netfilter_log_init(void); |
--- a/net/netfilter/nf_queue.c |
+++ b/net/netfilter/nf_queue.c |
@@ -96,18 +96,15 @@ void nf_queue_entry_get_refs(struct nf_q |
} |
EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs); |
|
-unsigned int nf_queue_nf_hook_drop(struct net *net) |
+void nf_queue_nf_hook_drop(struct net *net) |
{ |
const struct nf_queue_handler *qh; |
- unsigned int count = 0; |
|
rcu_read_lock(); |
qh = rcu_dereference(net->nf.queue_handler); |
if (qh) |
- count = qh->nf_hook_drop(net); |
+ qh->nf_hook_drop(net); |
rcu_read_unlock(); |
- |
- return count; |
} |
EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop); |
|
--- a/net/netfilter/nfnetlink_queue.c |
+++ b/net/netfilter/nfnetlink_queue.c |
@@ -941,23 +941,18 @@ static struct notifier_block nfqnl_dev_n |
.notifier_call = nfqnl_rcv_dev_event, |
}; |
|
-static unsigned int nfqnl_nf_hook_drop(struct net *net) |
+static void nfqnl_nf_hook_drop(struct net *net) |
{ |
struct nfnl_queue_net *q = nfnl_queue_pernet(net); |
- unsigned int instances = 0; |
int i; |
|
for (i = 0; i < INSTANCE_BUCKETS; i++) { |
struct nfqnl_instance *inst; |
struct hlist_head *head = &q->instance_table[i]; |
|
- hlist_for_each_entry_rcu(inst, head, hlist) { |
+ hlist_for_each_entry_rcu(inst, head, hlist) |
nfqnl_flush(inst, NULL, 0); |
- instances++; |
- } |
} |
- |
- return instances; |
} |
|
static int |