tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: conntrack: move code to linux/nf_conntrack_common.h.
Move some `struct nf_conntrack` code from linux/skbuff.h to
linux/nf_conntrack_common.h. Together with a couple of helpers for
getting and setting skb->_nfct, it allows us to remove
CONFIG_NF_CONNTRACK checks from net/netfilter/nf_conntrack.h.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
authored by
Jeremy Sowden
and committed by
Pablo Neira Ayuso
261db6c2
f1815650
+42
-39
+20
include/linux/netfilter/nf_conntrack_common.h
+20
include/linux/netfilter/nf_conntrack_common.h
···
2
2
#ifndef _NF_CONNTRACK_COMMON_H
3
3
#define _NF_CONNTRACK_COMMON_H
4
4
5
+
#include <linux/atomic.h>
5
6
#include <uapi/linux/netfilter/nf_conntrack_common.h>
6
7
7
8
struct ip_conntrack_stat {
···
19
18
unsigned int expect_delete;
20
19
unsigned int search_restart;
21
20
};
21
+
22
+
#define NFCT_INFOMASK 7UL
23
+
#define NFCT_PTRMASK ~(NFCT_INFOMASK)
24
+
25
+
struct nf_conntrack {
26
+
atomic_t use;
27
+
};
28
+
29
+
void nf_conntrack_destroy(struct nf_conntrack *nfct);
30
+
static inline void nf_conntrack_put(struct nf_conntrack *nfct)
31
+
{
32
+
if (nfct && atomic_dec_and_test(&nfct->use))
33
+
nf_conntrack_destroy(nfct);
34
+
}
35
+
static inline void nf_conntrack_get(struct nf_conntrack *nfct)
36
+
{
37
+
if (nfct)
38
+
atomic_inc(&nfct->use);
39
+
}
22
40
23
41
#endif /* _NF_CONNTRACK_COMMON_H */
+17
-19
include/linux/skbuff.h
+17
-19
include/linux/skbuff.h
···
37
37
#include <linux/in6.h>
38
38
#include <linux/if_packet.h>
39
39
#include <net/flow.h>
40
+
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
41
+
#include <linux/netfilter/nf_conntrack_common.h>
42
+
#endif
40
43
41
44
/* The interface for checksum offload between the stack and networking drivers
42
45
* is as follows...
···
246
243
struct bpf_prog;
247
244
union bpf_attr;
248
245
struct skb_ext;
249
-
250
-
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
251
-
struct nf_conntrack {
252
-
atomic_t use;
253
-
};
254
-
#endif
255
246
256
247
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
257
248
struct nf_bridge_info {
···
911
914
#define SKB_DST_NOREF 1UL
912
915
#define SKB_DST_PTRMASK ~(SKB_DST_NOREF)
913
916
914
-
#define SKB_NFCT_PTRMASK ~(7UL)
915
917
/**
916
918
* skb_dst - returns skb dst_entry
917
919
* @skb: buffer
···
4036
4040
static inline struct nf_conntrack *skb_nfct(const struct sk_buff *skb)
4037
4041
{
4038
4042
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
4039
-
return (void *)(skb->_nfct & SKB_NFCT_PTRMASK);
4043
+
return (void *)(skb->_nfct & NFCT_PTRMASK);
4040
4044
#else
4041
4045
return NULL;
4042
4046
#endif
4043
4047
}
4044
4048
4045
-
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
4046
-
void nf_conntrack_destroy(struct nf_conntrack *nfct);
4047
-
static inline void nf_conntrack_put(struct nf_conntrack *nfct)
4049
+
static inline unsigned long skb_get_nfct(const struct sk_buff *skb)
4048
4050
{
4049
-
if (nfct && atomic_dec_and_test(&nfct->use))
4050
-
nf_conntrack_destroy(nfct);
4051
-
}
4052
-
static inline void nf_conntrack_get(struct nf_conntrack *nfct)
4053
-
{
4054
-
if (nfct)
4055
-
atomic_inc(&nfct->use);
4056
-
}
4051
+
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
4052
+
return skb->_nfct;
4053
+
#else
4054
+
return 0UL;
4057
4055
#endif
4056
+
}
4057
+
4058
+
static inline void skb_set_nfct(struct sk_buff *skb, unsigned long nfct)
4059
+
{
4060
+
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
4061
+
skb->_nfct = nfct;
4062
+
#endif
4063
+
}
4058
4064
4059
4065
#ifdef CONFIG_SKB_EXTENSIONS
4060
4066
enum skb_ext_id {
+5
-19
include/net/netfilter/nf_conntrack.h
+5
-19
include/net/netfilter/nf_conntrack.h
···
13
13
#ifndef _NF_CONNTRACK_H
14
14
#define _NF_CONNTRACK_H
15
15
16
-
#include <linux/netfilter/nf_conntrack_common.h>
17
-
18
16
#include <linux/bitops.h>
19
17
#include <linux/compiler.h>
20
-
#include <linux/atomic.h>
21
18
19
+
#include <linux/netfilter/nf_conntrack_common.h>
22
20
#include <linux/netfilter/nf_conntrack_tcp.h>
23
21
#include <linux/netfilter/nf_conntrack_dccp.h>
24
22
#include <linux/netfilter/nf_conntrack_sctp.h>
···
56
58
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
57
59
58
60
struct nf_conn {
59
-
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
60
61
/* Usage count in here is 1 for hash table, 1 per skb,
61
62
* plus 1 for any connection(s) we are `master' for
62
63
*
···
65
68
* beware nf_ct_get() is different and don't inc refcnt.
66
69
*/
67
70
struct nf_conntrack ct_general;
68
-
#endif
69
71
70
72
spinlock_t lock;
71
73
/* jiffies32 when this ct is considered dead */
···
145
149
int nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
146
150
const struct nf_conn *ignored_conntrack);
147
151
148
-
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
149
-
150
-
#define NFCT_INFOMASK 7UL
151
-
#define NFCT_PTRMASK ~(NFCT_INFOMASK)
152
-
153
152
/* Return conntrack_info and tuple hash for given skb. */
154
153
static inline struct nf_conn *
155
154
nf_ct_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo)
156
155
{
157
-
*ctinfo = skb->_nfct & NFCT_INFOMASK;
156
+
unsigned long nfct = skb_get_nfct(skb);
158
157
159
-
return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK);
158
+
*ctinfo = nfct & NFCT_INFOMASK;
159
+
return (struct nf_conn *)(nfct & NFCT_PTRMASK);
160
160
}
161
161
162
162
/* decrement reference count on a conntrack */
···
161
169
WARN_ON(!ct);
162
170
nf_conntrack_put(&ct->ct_general);
163
171
}
164
-
165
-
#endif
166
172
167
173
/* Protocol module loading */
168
174
int nf_ct_l3proto_try_module_get(unsigned short l3proto);
···
313
323
314
324
u32 nf_ct_get_id(const struct nf_conn *ct);
315
325
316
-
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
317
-
318
326
static inline void
319
327
nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info)
320
328
{
321
-
skb->_nfct = (unsigned long)ct | info;
329
+
skb_set_nfct(skb, (unsigned long)ct | info);
322
330
}
323
-
324
-
#endif
325
331
326
332
#define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count)
327
333
#define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count)