tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nf_conntrack: add nf_ct_kill()

Encapsulate the common

if (del_timer(&ct->timeout))
ct->timeout.function((unsigned long)ct)

sequence in a new function.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Patrick McHardy and committed by
David S. Miller 51091764 31d8519c

+18 -16
+2
include/net/netfilter/nf_conntrack.h
··· 223 223 __nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0); 224 224 } 225 225 226 + extern void nf_ct_kill(struct nf_conn *ct); 227 + 226 228 /* These are for NAT. Icky. */ 227 229 /* Update TCP window tracking data when NAT mangles the packet */ 228 230 extern void nf_conntrack_tcp_update(const struct sk_buff *skb,
+2 -3
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
··· 87 87 means this will only run once even if count hits zero twice 88 88 (theoretically possible with SMP) */ 89 89 if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { 90 - if (atomic_dec_and_test(&ct->proto.icmp.count) 91 - && del_timer(&ct->timeout)) 92 - ct->timeout.function((unsigned long)ct); 90 + if (atomic_dec_and_test(&ct->proto.icmp.count)) 91 + nf_ct_kill(ct); 93 92 } else { 94 93 atomic_inc(&ct->proto.icmp.count); 95 94 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
+2 -3
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
··· 89 89 means this will only run once even if count hits zero twice 90 90 (theoretically possible with SMP) */ 91 91 if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { 92 - if (atomic_dec_and_test(&ct->proto.icmp.count) 93 - && del_timer(&ct->timeout)) 94 - ct->timeout.function((unsigned long)ct); 92 + if (atomic_dec_and_test(&ct->proto.icmp.count)) 93 + nf_ct_kill(ct); 95 94 } else { 96 95 atomic_inc(&ct->proto.icmp.count); 97 96 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
+7
net/netfilter/nf_conntrack_core.c
··· 848 848 } 849 849 EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct); 850 850 851 + void nf_ct_kill(struct nf_conn *ct) 852 + { 853 + if (del_timer(&ct->timeout)) 854 + ct->timeout.function((unsigned long)ct); 855 + } 856 + EXPORT_SYMBOL_GPL(nf_ct_kill); 857 + 851 858 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE) 852 859 853 860 #include <linux/netfilter/nfnetlink.h>
+1 -2
net/netfilter/nf_conntrack_netlink.c
··· 812 812 return -ENOENT; 813 813 } 814 814 } 815 - if (del_timer(&ct->timeout)) 816 - ct->timeout.function((unsigned long)ct); 817 815 816 + nf_ct_kill(ct); 818 817 nf_ct_put(ct); 819 818 820 819 return 0;
+1 -2
net/netfilter/nf_conntrack_proto_dccp.c
··· 475 475 if (type == DCCP_PKT_RESET && 476 476 !test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { 477 477 /* Tear down connection immediately if only reply is a RESET */ 478 - if (del_timer(&ct->timeout)) 479 - ct->timeout.function((unsigned long)ct); 478 + nf_ct_kill(ct); 480 479 return NF_ACCEPT; 481 480 } 482 481
+3 -6
net/netfilter/nf_conntrack_proto_tcp.c
··· 843 843 /* Attempt to reopen a closed/aborted connection. 844 844 * Delete this connection and look up again. */ 845 845 write_unlock_bh(&tcp_lock); 846 - if (del_timer(&ct->timeout)) 847 - ct->timeout.function((unsigned long)ct); 846 + nf_ct_kill(ct); 848 847 return -NF_REPEAT; 849 848 } 850 849 /* Fall through */ ··· 876 877 if (LOG_INVALID(IPPROTO_TCP)) 877 878 nf_log_packet(pf, 0, skb, NULL, NULL, NULL, 878 879 "nf_ct_tcp: killing out of sync session "); 879 - if (del_timer(&ct->timeout)) 880 - ct->timeout.function((unsigned long)ct); 880 + nf_ct_kill(ct); 881 881 return -NF_DROP; 882 882 } 883 883 ct->proto.tcp.last_index = index; ··· 959 961 problem case, so we can delete the conntrack 960 962 immediately. --RR */ 961 963 if (th->rst) { 962 - if (del_timer(&ct->timeout)) 963 - ct->timeout.function((unsigned long)ct); 964 + nf_ct_kill(ct); 964 965 return NF_ACCEPT; 965 966 } 966 967 } else if (!test_bit(IPS_ASSURED_BIT, &ct->status)