diff options
author | Felix Fietkau <nbd@nbd.name> | 2018-02-05 13:02:34 +0100 |
---|---|---|
committer | Felix Fietkau <nbd@nbd.name> | 2018-02-21 20:12:42 +0100 |
commit | b7265c59ab7dd0ec5dccb96e7b0dc1432404feb7 (patch) | |
tree | 8d777d4971194420cdfa245742e665996f0cf3b6 /target/linux/generic/backport-4.14/315-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch | |
parent | bc3e0f6052547fbffa9fcf1a6c7e340a95aa9f46 (diff) | |
download | upstream-b7265c59ab7dd0ec5dccb96e7b0dc1432404feb7.tar.gz upstream-b7265c59ab7dd0ec5dccb96e7b0dc1432404feb7.tar.bz2 upstream-b7265c59ab7dd0ec5dccb96e7b0dc1432404feb7.zip |
kernel: backport a series of netfilter cleanup patches to 4.14
Preparation for backporting upstream NAT offload support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Diffstat (limited to 'target/linux/generic/backport-4.14/315-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch')
-rw-r--r-- | target/linux/generic/backport-4.14/315-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.14/315-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch b/target/linux/generic/backport-4.14/315-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch new file mode 100644 index 0000000000..7f6e90470a --- /dev/null +++ b/target/linux/generic/backport-4.14/315-netfilter-conntrack-move-nf_ct_netns_-get-put-to-cor.patch @@ -0,0 +1,142 @@ +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Fri, 3 Nov 2017 16:26:32 +0100 +Subject: [PATCH] netfilter: conntrack: move nf_ct_netns_{get,put}() to core + +So we can call this from other expression that need conntrack in place +to work. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +Acked-by: Florian Westphal <fw@strlen.de> +--- + +--- a/net/netfilter/nf_conntrack_proto.c ++++ b/net/netfilter/nf_conntrack_proto.c +@@ -125,7 +125,7 @@ void nf_ct_l3proto_module_put(unsigned s + } + EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put); + +-int nf_ct_netns_get(struct net *net, u8 nfproto) ++static int nf_ct_netns_do_get(struct net *net, u8 nfproto) + { + const struct nf_conntrack_l3proto *l3proto; + int ret; +@@ -150,9 +150,33 @@ int nf_ct_netns_get(struct net *net, u8 + + return ret; + } ++ ++int nf_ct_netns_get(struct net *net, u8 nfproto) ++{ ++ int err; ++ ++ if (nfproto == NFPROTO_INET) { ++ err = nf_ct_netns_do_get(net, NFPROTO_IPV4); ++ if (err < 0) ++ goto err1; ++ err = nf_ct_netns_do_get(net, NFPROTO_IPV6); ++ if (err < 0) ++ goto err2; ++ } else { ++ err = nf_ct_netns_do_get(net, nfproto); ++ if (err < 0) ++ goto err1; ++ } ++ return 0; ++ ++err2: ++ nf_ct_netns_put(net, NFPROTO_IPV4); ++err1: ++ return err; ++} + EXPORT_SYMBOL_GPL(nf_ct_netns_get); + +-void nf_ct_netns_put(struct net *net, u8 nfproto) ++static void nf_ct_netns_do_put(struct net *net, u8 nfproto) + { + const struct nf_conntrack_l3proto *l3proto; + +@@ -171,6 +195,15 @@ void nf_ct_netns_put(struct net *net, u8 + + nf_ct_l3proto_module_put(nfproto); + } ++ ++void nf_ct_netns_put(struct net *net, uint8_t nfproto) ++{ ++ if (nfproto == NFPROTO_INET) { ++ nf_ct_netns_do_put(net, NFPROTO_IPV4); ++ nf_ct_netns_do_put(net, NFPROTO_IPV6); ++ } else ++ nf_ct_netns_do_put(net, nfproto); ++} + EXPORT_SYMBOL_GPL(nf_ct_netns_put); + + const struct nf_conntrack_l4proto * +--- a/net/netfilter/nft_ct.c ++++ b/net/netfilter/nft_ct.c +@@ -312,39 +312,6 @@ static const struct nla_policy nft_ct_po + [NFTA_CT_SREG] = { .type = NLA_U32 }, + }; + +-static int nft_ct_netns_get(struct net *net, uint8_t family) +-{ +- int err; +- +- if (family == NFPROTO_INET) { +- err = nf_ct_netns_get(net, NFPROTO_IPV4); +- if (err < 0) +- goto err1; +- err = nf_ct_netns_get(net, NFPROTO_IPV6); +- if (err < 0) +- goto err2; +- } else { +- err = nf_ct_netns_get(net, family); +- if (err < 0) +- goto err1; +- } +- return 0; +- +-err2: +- nf_ct_netns_put(net, NFPROTO_IPV4); +-err1: +- return err; +-} +- +-static void nft_ct_netns_put(struct net *net, uint8_t family) +-{ +- if (family == NFPROTO_INET) { +- nf_ct_netns_put(net, NFPROTO_IPV4); +- nf_ct_netns_put(net, NFPROTO_IPV6); +- } else +- nf_ct_netns_put(net, family); +-} +- + #ifdef CONFIG_NF_CONNTRACK_ZONES + static void nft_ct_tmpl_put_pcpu(void) + { +@@ -489,7 +456,7 @@ static int nft_ct_get_init(const struct + if (err < 0) + return err; + +- err = nft_ct_netns_get(ctx->net, ctx->afi->family); ++ err = nf_ct_netns_get(ctx->net, ctx->afi->family); + if (err < 0) + return err; + +@@ -583,7 +550,7 @@ static int nft_ct_set_init(const struct + if (err < 0) + goto err1; + +- err = nft_ct_netns_get(ctx->net, ctx->afi->family); ++ err = nf_ct_netns_get(ctx->net, ctx->afi->family); + if (err < 0) + goto err1; + +@@ -606,7 +573,7 @@ static void nft_ct_set_destroy(const str + struct nft_ct *priv = nft_expr_priv(expr); + + __nft_ct_set_destroy(ctx, priv); +- nft_ct_netns_put(ctx->net, ctx->afi->family); ++ nf_ct_netns_put(ctx->net, ctx->afi->family); + } + + static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr) |