diff options
Diffstat (limited to 'target/linux/generic/backport-4.14/341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch')
| -rw-r--r-- | target/linux/generic/backport-4.14/341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.14/341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch b/target/linux/generic/backport-4.14/341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch new file mode 100644 index 0000000000..9ee0ad5936 --- /dev/null +++ b/target/linux/generic/backport-4.14/341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch @@ -0,0 +1,97 @@ +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Tue, 23 Jan 2018 17:46:09 +0100 +Subject: [PATCH] netfilter: nft_flow_offload: move flowtable cleanup + routines to nf_flow_table + +Move the flowtable cleanup routines to nf_flow_table and expose the +nf_flow_table_cleanup() helper function. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + +--- a/include/net/netfilter/nf_flow_table.h ++++ b/include/net/netfilter/nf_flow_table.h +@@ -95,6 +95,9 @@ struct flow_offload_tuple_rhash *flow_of + int nf_flow_table_iterate(struct nf_flowtable *flow_table, + void (*iter)(struct flow_offload *flow, void *data), + void *data); ++ ++void nf_flow_table_cleanup(struct net *net, struct net_device *dev); ++ + void nf_flow_offload_work_gc(struct work_struct *work); + extern const struct rhashtable_params nf_flow_offload_rhash_params; + +--- a/net/netfilter/nf_flow_table.c ++++ b/net/netfilter/nf_flow_table.c +@@ -4,6 +4,7 @@ + #include <linux/netfilter.h> + #include <linux/rhashtable.h> + #include <linux/netdevice.h> ++#include <net/netfilter/nf_tables.h> + #include <net/netfilter/nf_flow_table.h> + #include <net/netfilter/nf_conntrack.h> + #include <net/netfilter/nf_conntrack_core.h> +@@ -425,5 +426,28 @@ int nf_flow_dnat_port(const struct flow_ + } + EXPORT_SYMBOL_GPL(nf_flow_dnat_port); + ++static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data) ++{ ++ struct net_device *dev = data; ++ ++ if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex) ++ return; ++ ++ flow_offload_dead(flow); ++} ++ ++static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable, ++ void *data) ++{ ++ nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, data); ++ flush_delayed_work(&flowtable->gc_work); ++} ++ ++void nf_flow_table_cleanup(struct net *net, struct net_device *dev) ++{ ++ nft_flow_table_iterate(net, nf_flow_table_iterate_cleanup, dev); ++} ++EXPORT_SYMBOL_GPL(nf_flow_table_cleanup); ++ + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>"); +--- a/net/netfilter/nft_flow_offload.c ++++ b/net/netfilter/nft_flow_offload.c +@@ -194,23 +194,6 @@ static struct nft_expr_type nft_flow_off + .owner = THIS_MODULE, + }; + +-static void flow_offload_iterate_cleanup(struct flow_offload *flow, void *data) +-{ +- struct net_device *dev = data; +- +- if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex) +- return; +- +- flow_offload_dead(flow); +-} +- +-static void nft_flow_offload_iterate_cleanup(struct nf_flowtable *flowtable, +- void *data) +-{ +- nf_flow_table_iterate(flowtable, flow_offload_iterate_cleanup, data); +- flush_delayed_work(&flowtable->gc_work); +-} +- + static int flow_offload_netdev_event(struct notifier_block *this, + unsigned long event, void *ptr) + { +@@ -219,7 +202,7 @@ static int flow_offload_netdev_event(str + if (event != NETDEV_DOWN) + return NOTIFY_DONE; + +- nft_flow_table_iterate(dev_net(dev), nft_flow_offload_iterate_cleanup, dev); ++ nf_flow_table_cleanup(dev_net(dev), dev); + + return NOTIFY_DONE; + } |