/branches/18.06.1/target/linux/generic/backport-4.14/315-v4.15-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch |
@@ -0,0 +1,142 @@ |
From: Pablo Neira Ayuso <pablo@netfilter.org> |
Date: Fri, 3 Nov 2017 16:26:32 +0100 |
Subject: [PATCH] netfilter: conntrack: move nf_ct_netns_{get,put}() to core |
|
So we can call this from other expression that need conntrack in place |
to work. |
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
Acked-by: Florian Westphal <fw@strlen.de> |
--- |
|
--- a/net/netfilter/nf_conntrack_proto.c |
+++ b/net/netfilter/nf_conntrack_proto.c |
@@ -125,7 +125,7 @@ void nf_ct_l3proto_module_put(unsigned s |
} |
EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put); |
|
-int nf_ct_netns_get(struct net *net, u8 nfproto) |
+static int nf_ct_netns_do_get(struct net *net, u8 nfproto) |
{ |
const struct nf_conntrack_l3proto *l3proto; |
int ret; |
@@ -150,9 +150,33 @@ int nf_ct_netns_get(struct net *net, u8 |
|
return ret; |
} |
+ |
+int nf_ct_netns_get(struct net *net, u8 nfproto) |
+{ |
+ int err; |
+ |
+ if (nfproto == NFPROTO_INET) { |
+ err = nf_ct_netns_do_get(net, NFPROTO_IPV4); |
+ if (err < 0) |
+ goto err1; |
+ err = nf_ct_netns_do_get(net, NFPROTO_IPV6); |
+ if (err < 0) |
+ goto err2; |
+ } else { |
+ err = nf_ct_netns_do_get(net, nfproto); |
+ if (err < 0) |
+ goto err1; |
+ } |
+ return 0; |
+ |
+err2: |
+ nf_ct_netns_put(net, NFPROTO_IPV4); |
+err1: |
+ return err; |
+} |
EXPORT_SYMBOL_GPL(nf_ct_netns_get); |
|
-void nf_ct_netns_put(struct net *net, u8 nfproto) |
+static void nf_ct_netns_do_put(struct net *net, u8 nfproto) |
{ |
const struct nf_conntrack_l3proto *l3proto; |
|
@@ -171,6 +195,15 @@ void nf_ct_netns_put(struct net *net, u8 |
|
nf_ct_l3proto_module_put(nfproto); |
} |
+ |
+void nf_ct_netns_put(struct net *net, uint8_t nfproto) |
+{ |
+ if (nfproto == NFPROTO_INET) { |
+ nf_ct_netns_do_put(net, NFPROTO_IPV4); |
+ nf_ct_netns_do_put(net, NFPROTO_IPV6); |
+ } else |
+ nf_ct_netns_do_put(net, nfproto); |
+} |
EXPORT_SYMBOL_GPL(nf_ct_netns_put); |
|
const struct nf_conntrack_l4proto * |
--- a/net/netfilter/nft_ct.c |
+++ b/net/netfilter/nft_ct.c |
@@ -312,39 +312,6 @@ static const struct nla_policy nft_ct_po |
[NFTA_CT_SREG] = { .type = NLA_U32 }, |
}; |
|
-static int nft_ct_netns_get(struct net *net, uint8_t family) |
-{ |
- int err; |
- |
- if (family == NFPROTO_INET) { |
- err = nf_ct_netns_get(net, NFPROTO_IPV4); |
- if (err < 0) |
- goto err1; |
- err = nf_ct_netns_get(net, NFPROTO_IPV6); |
- if (err < 0) |
- goto err2; |
- } else { |
- err = nf_ct_netns_get(net, family); |
- if (err < 0) |
- goto err1; |
- } |
- return 0; |
- |
-err2: |
- nf_ct_netns_put(net, NFPROTO_IPV4); |
-err1: |
- return err; |
-} |
- |
-static void nft_ct_netns_put(struct net *net, uint8_t family) |
-{ |
- if (family == NFPROTO_INET) { |
- nf_ct_netns_put(net, NFPROTO_IPV4); |
- nf_ct_netns_put(net, NFPROTO_IPV6); |
- } else |
- nf_ct_netns_put(net, family); |
-} |
- |
#ifdef CONFIG_NF_CONNTRACK_ZONES |
static void nft_ct_tmpl_put_pcpu(void) |
{ |
@@ -489,7 +456,7 @@ static int nft_ct_get_init(const struct |
if (err < 0) |
return err; |
|
- err = nft_ct_netns_get(ctx->net, ctx->afi->family); |
+ err = nf_ct_netns_get(ctx->net, ctx->afi->family); |
if (err < 0) |
return err; |
|
@@ -583,7 +550,7 @@ static int nft_ct_set_init(const struct |
if (err < 0) |
goto err1; |
|
- err = nft_ct_netns_get(ctx->net, ctx->afi->family); |
+ err = nf_ct_netns_get(ctx->net, ctx->afi->family); |
if (err < 0) |
goto err1; |
|
@@ -606,7 +573,7 @@ static void nft_ct_set_destroy(const str |
struct nft_ct *priv = nft_expr_priv(expr); |
|
__nft_ct_set_destroy(ctx, priv); |
- nft_ct_netns_put(ctx->net, ctx->afi->family); |
+ nf_ct_netns_put(ctx->net, ctx->afi->family); |
} |
|
static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr) |