tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: conntrack: use nf_ct_key_equal() in more places

This prepares for upcoming change that places all conntracks into a
single, global table. For this to work we will need to also compare
net pointer during lookup. To avoid open-coding such check use the
nf_ct_key_equal helper and then later extend it to also consider net_eq.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso 86804348 88b68bc5

+11 -18
+11 -18
net/netfilter/nf_conntrack_core.c
··· 572 572 573 573 /* See if there's one in the list already, including reverse */ 574 574 hlist_nulls_for_each_entry(h, n, &net->ct.hash[hash], hnnode) 575 - if (nf_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, 576 - &h->tuple) && 577 - nf_ct_zone_equal(nf_ct_tuplehash_to_ctrack(h), zone, 578 - NF_CT_DIRECTION(h))) 575 + if (nf_ct_key_equal(h, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, 576 + zone)) 579 577 goto out; 578 + 580 579 hlist_nulls_for_each_entry(h, n, &net->ct.hash[reply_hash], hnnode) 581 - if (nf_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_REPLY].tuple, 582 - &h->tuple) && 583 - nf_ct_zone_equal(nf_ct_tuplehash_to_ctrack(h), zone, 584 - NF_CT_DIRECTION(h))) 580 + if (nf_ct_key_equal(h, &ct->tuplehash[IP_CT_DIR_REPLY].tuple, 581 + zone)) 585 582 goto out; 586 583 587 584 add_timer(&ct->timeout); ··· 662 665 NAT could have grabbed it without realizing, since we're 663 666 not in the hash. If there is, we lost race. */ 664 667 hlist_nulls_for_each_entry(h, n, &net->ct.hash[hash], hnnode) 665 - if (nf_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, 666 - &h->tuple) && 667 - nf_ct_zone_equal(nf_ct_tuplehash_to_ctrack(h), zone, 668 - NF_CT_DIRECTION(h))) 668 + if (nf_ct_key_equal(h, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, 669 + zone)) 669 670 goto out; 671 + 670 672 hlist_nulls_for_each_entry(h, n, &net->ct.hash[reply_hash], hnnode) 671 - if (nf_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_REPLY].tuple, 672 - &h->tuple) && 673 - nf_ct_zone_equal(nf_ct_tuplehash_to_ctrack(h), zone, 674 - NF_CT_DIRECTION(h))) 673 + if (nf_ct_key_equal(h, &ct->tuplehash[IP_CT_DIR_REPLY].tuple, 674 + zone)) 675 675 goto out; 676 676 677 677 /* Timer relative to confirmation time, not original ··· 740 746 hlist_nulls_for_each_entry_rcu(h, n, &ct_hash[hash], hnnode) { 741 747 ct = nf_ct_tuplehash_to_ctrack(h); 742 748 if (ct != ignored_conntrack && 743 - nf_ct_tuple_equal(tuple, &h->tuple) && 744 - nf_ct_zone_equal(ct, zone, NF_CT_DIRECTION(h))) { 749 + nf_ct_key_equal(h, tuple, zone)) { 745 750 NF_CT_STAT_INC_ATOMIC(net, found); 746 751 rcu_read_unlock(); 747 752 return 1;