tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: conntrack: remove extension register api

These no longer register/unregister a meaningful structure so remove it.

Cc: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso 1015c3de 1bc91a5d

+7 -292
-1
include/net/netfilter/nf_conntrack_acct.h
··· 78 78 79 79 void nf_conntrack_acct_pernet_init(struct net *net); 80 80 81 - int nf_conntrack_acct_init(void); 82 81 void nf_conntrack_acct_fini(void); 83 82 84 83 #endif /* _NF_CONNTRACK_ACCT_H */
-13
include/net/netfilter/nf_conntrack_ecache.h
··· 166 166 void nf_conntrack_ecache_pernet_init(struct net *net); 167 167 void nf_conntrack_ecache_pernet_fini(struct net *net); 168 168 169 - int nf_conntrack_ecache_init(void); 170 - void nf_conntrack_ecache_fini(void); 171 - 172 169 static inline bool nf_conntrack_ecache_dwork_pending(const struct net *net) 173 170 { 174 171 return net->ct.ecache_dwork_pending; ··· 191 194 static inline void nf_conntrack_ecache_pernet_fini(struct net *net) 192 195 { 193 196 } 194 - 195 - static inline int nf_conntrack_ecache_init(void) 196 - { 197 - return 0; 198 - } 199 - 200 - static inline void nf_conntrack_ecache_fini(void) 201 - { 202 - } 203 - 204 197 static inline bool nf_conntrack_ecache_dwork_pending(const struct net *net) { return false; } 205 198 #endif /* CONFIG_NF_CONNTRACK_EVENTS */ 206 199 #endif /*_NF_CONNTRACK_ECACHE_H*/
-9
include/net/netfilter/nf_conntrack_extend.h
··· 72 72 #define nf_ct_ext_find(ext, id) \ 73 73 ((id##_TYPE *)__nf_ct_ext_find((ext), (id))) 74 74 75 - /* Destroy all relationships */ 76 - void nf_ct_ext_destroy(struct nf_conn *ct); 77 - 78 75 /* Add this type, returns pointer to data or NULL. */ 79 76 void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp); 80 77 81 - struct nf_ct_ext_type { 82 - enum nf_ct_ext_id id; 83 - }; 84 - 85 - int nf_ct_extend_register(const struct nf_ct_ext_type *type); 86 - void nf_ct_extend_unregister(const struct nf_ct_ext_type *type); 87 78 #endif /* _NF_CONNTRACK_EXTEND_H */
-3
include/net/netfilter/nf_conntrack_labels.h
··· 45 45 46 46 #ifdef CONFIG_NF_CONNTRACK_LABELS 47 47 int nf_conntrack_labels_init(void); 48 - void nf_conntrack_labels_fini(void); 49 48 int nf_connlabels_get(struct net *net, unsigned int bit); 50 49 void nf_connlabels_put(struct net *net); 51 50 #else 52 - static inline int nf_conntrack_labels_init(void) { return 0; } 53 - static inline void nf_conntrack_labels_fini(void) {} 54 51 static inline int nf_connlabels_get(struct net *net, unsigned int bit) { return 0; } 55 52 static inline void nf_connlabels_put(struct net *net) {} 56 53 #endif
-3
include/net/netfilter/nf_conntrack_seqadj.h
··· 42 42 enum ip_conntrack_info ctinfo, unsigned int protoff); 43 43 s32 nf_ct_seq_offset(const struct nf_conn *ct, enum ip_conntrack_dir, u32 seq); 44 44 45 - int nf_conntrack_seqadj_init(void); 46 - void nf_conntrack_seqadj_fini(void); 47 - 48 45 #endif /* _NF_CONNTRACK_SEQADJ_H */
-12
include/net/netfilter/nf_conntrack_timeout.h
··· 89 89 } 90 90 91 91 #ifdef CONFIG_NF_CONNTRACK_TIMEOUT 92 - int nf_conntrack_timeout_init(void); 93 - void nf_conntrack_timeout_fini(void); 94 92 void nf_ct_untimeout(struct net *net, struct nf_ct_timeout *timeout); 95 93 int nf_ct_set_timeout(struct net *net, struct nf_conn *ct, u8 l3num, u8 l4num, 96 94 const char *timeout_name); 97 95 void nf_ct_destroy_timeout(struct nf_conn *ct); 98 96 #else 99 - static inline int nf_conntrack_timeout_init(void) 100 - { 101 - return 0; 102 - } 103 - 104 - static inline void nf_conntrack_timeout_fini(void) 105 - { 106 - return; 107 - } 108 - 109 97 static inline int nf_ct_set_timeout(struct net *net, struct nf_conn *ct, 110 98 u8 l3num, u8 l4num, 111 99 const char *timeout_name)
-13
include/net/netfilter/nf_conntrack_timestamp.h
··· 40 40 41 41 #ifdef CONFIG_NF_CONNTRACK_TIMESTAMP 42 42 void nf_conntrack_tstamp_pernet_init(struct net *net); 43 - 44 - int nf_conntrack_tstamp_init(void); 45 - void nf_conntrack_tstamp_fini(void); 46 43 #else 47 44 static inline void nf_conntrack_tstamp_pernet_init(struct net *net) {} 48 - 49 - static inline int nf_conntrack_tstamp_init(void) 50 - { 51 - return 0; 52 - } 53 - 54 - static inline void nf_conntrack_tstamp_fini(void) 55 - { 56 - return; 57 - } 58 45 #endif /* CONFIG_NF_CONNTRACK_TIMESTAMP */ 59 46 60 47 #endif /* _NF_CONNTRACK_TSTAMP_H */
-17
net/netfilter/nf_conntrack_acct.c
··· 22 22 module_param_named(acct, nf_ct_acct, bool, 0644); 23 23 MODULE_PARM_DESC(acct, "Enable connection tracking flow accounting."); 24 24 25 - static const struct nf_ct_ext_type acct_extend = { 26 - .id = NF_CT_EXT_ACCT, 27 - }; 28 - 29 25 void nf_conntrack_acct_pernet_init(struct net *net) 30 26 { 31 27 net->ct.sysctl_acct = nf_ct_acct; 32 - } 33 - 34 - int nf_conntrack_acct_init(void) 35 - { 36 - int ret = nf_ct_extend_register(&acct_extend); 37 - if (ret < 0) 38 - pr_err("Unable to register extension\n"); 39 - return ret; 40 - } 41 - 42 - void nf_conntrack_acct_fini(void) 43 - { 44 - nf_ct_extend_unregister(&acct_extend); 45 28 }
-43
net/netfilter/nf_conntrack_core.c
··· 38 38 #include <net/netfilter/nf_conntrack_l4proto.h> 39 39 #include <net/netfilter/nf_conntrack_expect.h> 40 40 #include <net/netfilter/nf_conntrack_helper.h> 41 - #include <net/netfilter/nf_conntrack_seqadj.h> 42 41 #include <net/netfilter/nf_conntrack_core.h> 43 42 #include <net/netfilter/nf_conntrack_extend.h> 44 43 #include <net/netfilter/nf_conntrack_acct.h> ··· 2476 2477 kvfree(nf_conntrack_hash); 2477 2478 2478 2479 nf_conntrack_proto_fini(); 2479 - nf_conntrack_seqadj_fini(); 2480 - nf_conntrack_labels_fini(); 2481 2480 nf_conntrack_helper_fini(); 2482 - nf_conntrack_timeout_fini(); 2483 - nf_conntrack_ecache_fini(); 2484 - nf_conntrack_tstamp_fini(); 2485 - nf_conntrack_acct_fini(); 2486 2481 nf_conntrack_expect_fini(); 2487 2482 2488 2483 kmem_cache_destroy(nf_conntrack_cachep); ··· 2682 2689 if (ret < 0) 2683 2690 goto err_expect; 2684 2691 2685 - ret = nf_conntrack_acct_init(); 2686 - if (ret < 0) 2687 - goto err_acct; 2688 - 2689 - ret = nf_conntrack_tstamp_init(); 2690 - if (ret < 0) 2691 - goto err_tstamp; 2692 - 2693 - ret = nf_conntrack_ecache_init(); 2694 - if (ret < 0) 2695 - goto err_ecache; 2696 - 2697 - ret = nf_conntrack_timeout_init(); 2698 - if (ret < 0) 2699 - goto err_timeout; 2700 - 2701 2692 ret = nf_conntrack_helper_init(); 2702 2693 if (ret < 0) 2703 2694 goto err_helper; 2704 - 2705 - ret = nf_conntrack_labels_init(); 2706 - if (ret < 0) 2707 - goto err_labels; 2708 - 2709 - ret = nf_conntrack_seqadj_init(); 2710 - if (ret < 0) 2711 - goto err_seqadj; 2712 2695 2713 2696 ret = nf_conntrack_proto_init(); 2714 2697 if (ret < 0) ··· 2703 2734 cancel_delayed_work_sync(&conntrack_gc_work.dwork); 2704 2735 nf_conntrack_proto_fini(); 2705 2736 err_proto: 2706 - nf_conntrack_seqadj_fini(); 2707 - err_seqadj: 2708 - nf_conntrack_labels_fini(); 2709 - err_labels: 2710 2737 nf_conntrack_helper_fini(); 2711 2738 err_helper: 2712 - nf_conntrack_timeout_fini(); 2713 - err_timeout: 2714 - nf_conntrack_ecache_fini(); 2715 - err_ecache: 2716 - nf_conntrack_tstamp_fini(); 2717 - err_tstamp: 2718 - nf_conntrack_acct_fini(); 2719 - err_acct: 2720 2739 nf_conntrack_expect_fini(); 2721 2740 err_expect: 2722 2741 kmem_cache_destroy(nf_conntrack_cachep);
+2 -20
net/netfilter/nf_conntrack_ecache.c
··· 304 304 #define NF_CT_EVENTS_DEFAULT 1 305 305 static int nf_ct_events __read_mostly = NF_CT_EVENTS_DEFAULT; 306 306 307 - static const struct nf_ct_ext_type event_extend = { 308 - .id = NF_CT_EXT_ECACHE, 309 - }; 310 - 311 307 void nf_conntrack_ecache_pernet_init(struct net *net) 312 308 { 313 309 struct nf_conntrack_net *cnet = nf_ct_pernet(net); ··· 311 315 net->ct.sysctl_events = nf_ct_events; 312 316 cnet->ct_net = &net->ct; 313 317 INIT_DELAYED_WORK(&cnet->ecache_dwork, ecache_work); 318 + 319 + BUILD_BUG_ON(__IPCT_MAX >= 16); /* ctmask, missed use u16 */ 314 320 } 315 321 316 322 void nf_conntrack_ecache_pernet_fini(struct net *net) ··· 320 322 struct nf_conntrack_net *cnet = nf_ct_pernet(net); 321 323 322 324 cancel_delayed_work_sync(&cnet->ecache_dwork); 323 - } 324 - 325 - int nf_conntrack_ecache_init(void) 326 - { 327 - int ret = nf_ct_extend_register(&event_extend); 328 - if (ret < 0) 329 - pr_err("Unable to register event extension\n"); 330 - 331 - BUILD_BUG_ON(__IPCT_MAX >= 16); /* ctmask, missed use u16 */ 332 - 333 - return ret; 334 - } 335 - 336 - void nf_conntrack_ecache_fini(void) 337 - { 338 - nf_ct_extend_unregister(&event_extend); 339 325 }
+2 -33
net/netfilter/nf_conntrack_extend.c
··· 25 25 #include <net/netfilter/nf_conntrack_act_ct.h> 26 26 #include <net/netfilter/nf_nat.h> 27 27 28 - static struct nf_ct_ext_type __rcu *nf_ct_ext_types[NF_CT_EXT_NUM]; 29 - static DEFINE_MUTEX(nf_ct_ext_type_mutex); 30 28 #define NF_CT_EXT_PREALLOC 128u /* conntrack events are on by default */ 31 29 32 30 static const u8 nf_ct_ext_type_len[NF_CT_EXT_NUM] = { ··· 95 97 /* Conntrack must not be confirmed to avoid races on reallocation. */ 96 98 WARN_ON(nf_ct_is_confirmed(ct)); 97 99 100 + /* struct nf_ct_ext uses u8 to store offsets/size */ 101 + BUILD_BUG_ON(total_extension_size() > 255u); 98 102 99 103 if (ct->ext) { 100 104 const struct nf_ct_ext *old = ct->ext; ··· 127 127 return (void *)new + newoff; 128 128 } 129 129 EXPORT_SYMBOL(nf_ct_ext_add); 130 - 131 - /* This MUST be called in process context. */ 132 - int nf_ct_extend_register(const struct nf_ct_ext_type *type) 133 - { 134 - int ret = 0; 135 - 136 - /* struct nf_ct_ext uses u8 to store offsets/size */ 137 - BUILD_BUG_ON(total_extension_size() > 255u); 138 - 139 - mutex_lock(&nf_ct_ext_type_mutex); 140 - if (nf_ct_ext_types[type->id]) { 141 - ret = -EBUSY; 142 - goto out; 143 - } 144 - 145 - rcu_assign_pointer(nf_ct_ext_types[type->id], type); 146 - out: 147 - mutex_unlock(&nf_ct_ext_type_mutex); 148 - return ret; 149 - } 150 - EXPORT_SYMBOL_GPL(nf_ct_extend_register); 151 - 152 - /* This MUST be called in process context. */ 153 - void nf_ct_extend_unregister(const struct nf_ct_ext_type *type) 154 - { 155 - mutex_lock(&nf_ct_ext_type_mutex); 156 - RCU_INIT_POINTER(nf_ct_ext_types[type->id], NULL); 157 - mutex_unlock(&nf_ct_ext_type_mutex); 158 - synchronize_rcu(); 159 - } 160 - EXPORT_SYMBOL_GPL(nf_ct_extend_unregister);
-15
net/netfilter/nf_conntrack_helper.c
··· 550 550 } 551 551 EXPORT_SYMBOL_GPL(nf_nat_helper_unregister); 552 552 553 - static const struct nf_ct_ext_type helper_extend = { 554 - .id = NF_CT_EXT_HELPER, 555 - }; 556 - 557 553 void nf_conntrack_helper_pernet_init(struct net *net) 558 554 { 559 555 struct nf_conntrack_net *cnet = nf_ct_pernet(net); ··· 559 563 560 564 int nf_conntrack_helper_init(void) 561 565 { 562 - int ret; 563 566 nf_ct_helper_hsize = 1; /* gets rounded up to use one page */ 564 567 nf_ct_helper_hash = 565 568 nf_ct_alloc_hashtable(&nf_ct_helper_hsize, 0); 566 569 if (!nf_ct_helper_hash) 567 570 return -ENOMEM; 568 571 569 - ret = nf_ct_extend_register(&helper_extend); 570 - if (ret < 0) { 571 - pr_err("nf_ct_helper: Unable to register helper extension.\n"); 572 - goto out_extend; 573 - } 574 - 575 572 INIT_LIST_HEAD(&nf_ct_nat_helpers); 576 573 return 0; 577 - out_extend: 578 - kvfree(nf_ct_helper_hash); 579 - return ret; 580 574 } 581 575 582 576 void nf_conntrack_helper_fini(void) 583 577 { 584 - nf_ct_extend_unregister(&helper_extend); 585 578 kvfree(nf_ct_helper_hash); 586 579 }
+2 -16
net/netfilter/nf_conntrack_labels.c
··· 67 67 net->ct.labels_used++; 68 68 spin_unlock(&nf_connlabels_lock); 69 69 70 + BUILD_BUG_ON(NF_CT_LABELS_MAX_SIZE / sizeof(long) >= U8_MAX); 71 + 70 72 return 0; 71 73 } 72 74 EXPORT_SYMBOL_GPL(nf_connlabels_get); ··· 80 78 spin_unlock(&nf_connlabels_lock); 81 79 } 82 80 EXPORT_SYMBOL_GPL(nf_connlabels_put); 83 - 84 - static const struct nf_ct_ext_type labels_extend = { 85 - .id = NF_CT_EXT_LABELS, 86 - }; 87 - 88 - int nf_conntrack_labels_init(void) 89 - { 90 - BUILD_BUG_ON(NF_CT_LABELS_MAX_SIZE / sizeof(long) >= U8_MAX); 91 - 92 - return nf_ct_extend_register(&labels_extend); 93 - } 94 - 95 - void nf_conntrack_labels_fini(void) 96 - { 97 - nf_ct_extend_unregister(&labels_extend); 98 - }
-14
net/netfilter/nf_conntrack_seqadj.c
··· 232 232 this_way->offset_after : this_way->offset_before; 233 233 } 234 234 EXPORT_SYMBOL_GPL(nf_ct_seq_offset); 235 - 236 - static const struct nf_ct_ext_type nf_ct_seqadj_extend = { 237 - .id = NF_CT_EXT_SEQADJ, 238 - }; 239 - 240 - int nf_conntrack_seqadj_init(void) 241 - { 242 - return nf_ct_extend_register(&nf_ct_seqadj_extend); 243 - } 244 - 245 - void nf_conntrack_seqadj_fini(void) 246 - { 247 - nf_ct_extend_unregister(&nf_ct_seqadj_extend); 248 - }
-17
net/netfilter/nf_conntrack_timeout.c
··· 134 134 rcu_read_unlock(); 135 135 } 136 136 EXPORT_SYMBOL_GPL(nf_ct_destroy_timeout); 137 - 138 - static const struct nf_ct_ext_type timeout_extend = { 139 - .id = NF_CT_EXT_TIMEOUT, 140 - }; 141 - 142 - int nf_conntrack_timeout_init(void) 143 - { 144 - int ret = nf_ct_extend_register(&timeout_extend); 145 - if (ret < 0) 146 - pr_err("nf_ct_timeout: Unable to register timeout extension.\n"); 147 - return ret; 148 - } 149 - 150 - void nf_conntrack_timeout_fini(void) 151 - { 152 - nf_ct_extend_unregister(&timeout_extend); 153 - }
-18
net/netfilter/nf_conntrack_timestamp.c
··· 19 19 module_param_named(tstamp, nf_ct_tstamp, bool, 0644); 20 20 MODULE_PARM_DESC(tstamp, "Enable connection tracking flow timestamping."); 21 21 22 - static const struct nf_ct_ext_type tstamp_extend = { 23 - .id = NF_CT_EXT_TSTAMP, 24 - }; 25 - 26 22 void nf_conntrack_tstamp_pernet_init(struct net *net) 27 23 { 28 24 net->ct.sysctl_tstamp = nf_ct_tstamp; 29 - } 30 - 31 - int nf_conntrack_tstamp_init(void) 32 - { 33 - int ret; 34 - ret = nf_ct_extend_register(&tstamp_extend); 35 - if (ret < 0) 36 - pr_err("Unable to register extension\n"); 37 - return ret; 38 - } 39 - 40 - void nf_conntrack_tstamp_fini(void) 41 - { 42 - nf_ct_extend_unregister(&tstamp_extend); 43 25 }
-13
net/netfilter/nf_nat_core.c
··· 868 868 return 0; 869 869 } 870 870 871 - static struct nf_ct_ext_type nat_extend __read_mostly = { 872 - .id = NF_CT_EXT_NAT, 873 - }; 874 - 875 871 #if IS_ENABLED(CONFIG_NF_CT_NETLINK) 876 872 877 873 #include <linux/netfilter/nfnetlink.h> ··· 1175 1179 if (!nf_nat_bysource) 1176 1180 return -ENOMEM; 1177 1181 1178 - ret = nf_ct_extend_register(&nat_extend); 1179 - if (ret < 0) { 1180 - kvfree(nf_nat_bysource); 1181 - pr_err("Unable to register extension\n"); 1182 - return ret; 1183 - } 1184 - 1185 1182 for (i = 0; i < CONNTRACK_LOCKS; i++) 1186 1183 spin_lock_init(&nf_nat_locks[i]); 1187 1184 1188 1185 ret = register_pernet_subsys(&nat_net_ops); 1189 1186 if (ret < 0) { 1190 - nf_ct_extend_unregister(&nat_extend); 1191 1187 kvfree(nf_nat_bysource); 1192 1188 return ret; 1193 1189 } ··· 1198 1210 1199 1211 nf_ct_iterate_destroy(nf_nat_proto_clean, &clean); 1200 1212 1201 - nf_ct_extend_unregister(&nat_extend); 1202 1213 nf_ct_helper_expectfn_unregister(&follow_master_nat); 1203 1214 RCU_INIT_POINTER(nf_nat_hook, NULL); 1204 1215
+1 -21
net/netfilter/nf_synproxy_core.c
··· 236 236 return 1; 237 237 } 238 238 239 - static struct nf_ct_ext_type nf_ct_synproxy_extend __read_mostly = { 240 - .id = NF_CT_EXT_SYNPROXY, 241 - }; 242 - 243 239 #ifdef CONFIG_PROC_FS 244 240 static void *synproxy_cpu_seq_start(struct seq_file *seq, loff_t *pos) 245 241 { ··· 381 385 382 386 static int __init synproxy_core_init(void) 383 387 { 384 - int err; 385 - 386 - err = nf_ct_extend_register(&nf_ct_synproxy_extend); 387 - if (err < 0) 388 - goto err1; 389 - 390 - err = register_pernet_subsys(&synproxy_net_ops); 391 - if (err < 0) 392 - goto err2; 393 - 394 - return 0; 395 - 396 - err2: 397 - nf_ct_extend_unregister(&nf_ct_synproxy_extend); 398 - err1: 399 - return err; 388 + return register_pernet_subsys(&synproxy_net_ops); 400 389 } 401 390 402 391 static void __exit synproxy_core_exit(void) 403 392 { 404 393 unregister_pernet_subsys(&synproxy_net_ops); 405 - nf_ct_extend_unregister(&nf_ct_synproxy_extend); 406 394 } 407 395 408 396 module_init(synproxy_core_init);
-11
net/sched/act_ct.c
··· 57 57 .automatic_shrinking = true, 58 58 }; 59 59 60 - static struct nf_ct_ext_type act_ct_extend __read_mostly = { 61 - .id = NF_CT_EXT_ACT_CT, 62 - }; 63 - 64 60 static struct flow_action_entry * 65 61 tcf_ct_flow_table_flow_action_get_next(struct flow_action *flow_action) 66 62 { ··· 1602 1606 if (err) 1603 1607 goto err_register; 1604 1608 1605 - err = nf_ct_extend_register(&act_ct_extend); 1606 - if (err) 1607 - goto err_register_extend; 1608 - 1609 1609 static_branch_inc(&tcf_frag_xmit_count); 1610 1610 1611 1611 return 0; 1612 1612 1613 - err_register_extend: 1614 - tcf_unregister_action(&act_ct_ops, &ct_net_ops); 1615 1613 err_register: 1616 1614 tcf_ct_flow_tables_uninit(); 1617 1615 err_tbl_init: ··· 1616 1626 static void __exit ct_cleanup_module(void) 1617 1627 { 1618 1628 static_branch_dec(&tcf_frag_xmit_count); 1619 - nf_ct_extend_unregister(&act_ct_extend); 1620 1629 tcf_unregister_action(&act_ct_ops, &ct_net_ops); 1621 1630 tcf_ct_flow_tables_uninit(); 1622 1631 destroy_workqueue(act_ct_wq);