netfilter: conntrack: simplify nf_conntrack_alter_reply

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

nf_conntrack_alter_reply doesn't do helper reassignment anymore.
Remove the comments that make this claim.

Furthermore, remove dead code from the function and place ot
in nf_conntrack.h.

Signed-off-by: Florian Westphal <fw@strlen.de>

Florian Westphal 2 years ago 8a23f4ab 99ab9f84

+11 -28

3 changed files

expand all

include

net

netfilter

nf_conntrack.h

net

netfilter

nf_conntrack_core.c

nf_conntrack_helper.c

+10 -4

include/net/netfilter/nf_conntrack.h

··· 160 160 return read_pnet(&ct->ct_net); 161 161 } 162 162 163 - /* Alter reply tuple (maybe alter helper). */ 164 - void nf_conntrack_alter_reply(struct nf_conn *ct, 165 - const struct nf_conntrack_tuple *newreply); 166 - 167 163 /* Is this tuple taken? (ignoring any belonging to the given 168 164 conntrack). */ 169 165 int nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple, ··· 278 282 static inline bool nf_is_loopback_packet(const struct sk_buff *skb) 279 283 { 280 284 return skb->dev && skb->skb_iif && skb->dev->flags & IFF_LOOPBACK; 285 + } 286 + 287 + static inline void nf_conntrack_alter_reply(struct nf_conn *ct, 288 + const struct nf_conntrack_tuple *newreply) 289 + { 290 + /* Must be unconfirmed, so not in hash table yet */ 291 + if (WARN_ON(nf_ct_is_confirmed(ct))) 292 + return; 293 + 294 + ct->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply; 281 295 } 282 296 283 297 #define nfct_time_stamp ((u32)(jiffies))

-18

net/netfilter/nf_conntrack_core.c

··· 2042 2042 } 2043 2043 EXPORT_SYMBOL_GPL(nf_conntrack_in); 2044 2044 2045 - /* Alter reply tuple (maybe alter helper). This is for NAT, and is 2046 - implicitly racy: see __nf_conntrack_confirm */ 2047 - void nf_conntrack_alter_reply(struct nf_conn *ct, 2048 - const struct nf_conntrack_tuple *newreply) 2049 - { 2050 - struct nf_conn_help *help = nfct_help(ct); 2051 - 2052 - /* Should be unconfirmed, so not in hash table yet */ 2053 - WARN_ON(nf_ct_is_confirmed(ct)); 2054 - 2055 - nf_ct_dump_tuple(newreply); 2056 - 2057 - ct->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply; 2058 - if (ct->master || (help && !hlist_empty(&help->expectations))) 2059 - return; 2060 - } 2061 - EXPORT_SYMBOL_GPL(nf_conntrack_alter_reply); 2062 - 2063 2045 /* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */ 2064 2046 void __nf_ct_refresh_acct(struct nf_conn *ct, 2065 2047 enum ip_conntrack_info ctinfo,

+1 -6

net/netfilter/nf_conntrack_helper.c

··· 194 194 struct nf_conntrack_helper *helper = NULL; 195 195 struct nf_conn_help *help; 196 196 197 - /* We already got a helper explicitly attached. The function 198 - * nf_conntrack_alter_reply - in case NAT is in use - asks for looking 199 - * the helper up again. Since now the user is in full control of 200 - * making consistent helper configurations, skip this automatic 201 - * re-lookup, otherwise we'll lose the helper. 202 - */ 197 + /* We already got a helper explicitly attached (e.g. nft_ct) */ 203 198 if (test_bit(IPS_HELPER_BIT, &ct->status)) 204 199 return 0; 205 200