tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: remove nf_ct_is_untracked

This function is now obsolete and always returns false.
This change has no effect on generated code.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso ab8bc7ed cc41c84b

+17 -49
+2 -2
include/net/ip_vs.h
··· 1555 1555 enum ip_conntrack_info ctinfo; 1556 1556 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1557 1557 1558 - if (!ct || !nf_ct_is_untracked(ct)) { 1558 + if (ct) { 1559 1559 nf_conntrack_put(&ct->ct_general); 1560 1560 nf_ct_set(skb, NULL, IP_CT_UNTRACKED); 1561 1561 } ··· 1616 1616 if (!(cp->flags & IP_VS_CONN_F_NFCT)) 1617 1617 return false; 1618 1618 ct = nf_ct_get(skb, &ctinfo); 1619 - if (ct && !nf_ct_is_untracked(ct)) 1619 + if (ct) 1620 1620 return true; 1621 1621 #endif 1622 1622 return false;
-5
include/net/netfilter/nf_conntrack.h
··· 273 273 return test_bit(IPS_DYING_BIT, &ct->status); 274 274 } 275 275 276 - static inline int nf_ct_is_untracked(const struct nf_conn *ct) 277 - { 278 - return false; 279 - } 280 - 281 276 /* Packet is received from loopback */ 282 277 static inline bool nf_is_loopback_packet(const struct sk_buff *skb) 283 278 {
+1 -1
include/net/netfilter/nf_conntrack_core.h
··· 65 65 struct nf_conn *ct = (struct nf_conn *)skb_nfct(skb); 66 66 int ret = NF_ACCEPT; 67 67 68 - if (ct && !nf_ct_is_untracked(ct)) { 68 + if (ct) { 69 69 if (!nf_ct_is_confirmed(ct)) 70 70 ret = __nf_conntrack_confirm(skb); 71 71 if (likely(ret == NF_ACCEPT))
-4
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
··· 264 264 if (!ct) 265 265 return NF_ACCEPT; 266 266 267 - /* Don't try to NAT if this packet is not conntracked */ 268 - if (nf_ct_is_untracked(ct)) 269 - return NF_ACCEPT; 270 - 271 267 nat = nf_ct_nat_ext_add(ct); 272 268 if (nat == NULL) 273 269 return NF_ACCEPT;
+1 -1
net/ipv4/netfilter/nf_socket_ipv4.c
··· 139 139 * SNAT-ted connection. 140 140 */ 141 141 ct = nf_ct_get(skb, &ctinfo); 142 - if (ct && !nf_ct_is_untracked(ct) && 142 + if (ct && 143 143 ((iph->protocol != IPPROTO_ICMP && 144 144 ctinfo == IP_CT_ESTABLISHED_REPLY) || 145 145 (iph->protocol == IPPROTO_ICMP &&
-4
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
··· 273 273 if (!ct) 274 274 return NF_ACCEPT; 275 275 276 - /* Don't try to NAT if this packet is not conntracked */ 277 - if (nf_ct_is_untracked(ct)) 278 - return NF_ACCEPT; 279 - 280 276 nat = nf_ct_nat_ext_add(ct); 281 277 if (nat == NULL) 282 278 return NF_ACCEPT;
+1 -2
net/netfilter/ipvs/ip_vs_ftp.c
··· 260 260 buf_len = strlen(buf); 261 261 262 262 ct = nf_ct_get(skb, &ctinfo); 263 - if (ct && !nf_ct_is_untracked(ct) && (ct->status & IPS_NAT_MASK)) { 263 + if (ct && nfct_nat(ct)) { 264 264 bool mangled; 265 - 266 265 /* If mangling fails this function will return 0 267 266 * which will cause the packet to be dropped. 268 267 * Mangling can only fail under memory pressure,
+2 -2
net/netfilter/ipvs/ip_vs_nfct.c
··· 85 85 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 86 86 struct nf_conntrack_tuple new_tuple; 87 87 88 - if (ct == NULL || nf_ct_is_confirmed(ct) || nf_ct_is_untracked(ct) || 88 + if (ct == NULL || nf_ct_is_confirmed(ct) || 89 89 nf_ct_is_dying(ct)) 90 90 return; 91 91 ··· 232 232 { 233 233 struct nf_conntrack_expect *exp; 234 234 235 - if (ct == NULL || nf_ct_is_untracked(ct)) 235 + if (ct == NULL) 236 236 return; 237 237 238 238 exp = nf_ct_expect_alloc(ct);
+4 -4
net/netfilter/ipvs/ip_vs_xmit.c
··· 775 775 enum ip_conntrack_info ctinfo; 776 776 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 777 777 778 - if (ct && !nf_ct_is_untracked(ct)) { 778 + if (ct) { 779 779 IP_VS_DBG_RL_PKT(10, AF_INET, pp, skb, ipvsh->off, 780 780 "ip_vs_nat_xmit(): " 781 781 "stopping DNAT to local address"); ··· 866 866 enum ip_conntrack_info ctinfo; 867 867 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 868 868 869 - if (ct && !nf_ct_is_untracked(ct)) { 869 + if (ct) { 870 870 IP_VS_DBG_RL_PKT(10, AF_INET6, pp, skb, ipvsh->off, 871 871 "ip_vs_nat_xmit_v6(): " 872 872 "stopping DNAT to local address"); ··· 1338 1338 enum ip_conntrack_info ctinfo; 1339 1339 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1340 1340 1341 - if (ct && !nf_ct_is_untracked(ct)) { 1341 + if (ct) { 1342 1342 IP_VS_DBG(10, "%s(): " 1343 1343 "stopping DNAT to local address %pI4\n", 1344 1344 __func__, &cp->daddr.ip); ··· 1429 1429 enum ip_conntrack_info ctinfo; 1430 1430 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1431 1431 1432 - if (ct && !nf_ct_is_untracked(ct)) { 1432 + if (ct) { 1433 1433 IP_VS_DBG(10, "%s(): " 1434 1434 "stopping DNAT to local address %pI6\n", 1435 1435 __func__, &cp->daddr.in6);
+1 -11
net/netfilter/nf_conntrack_netlink.c
··· 627 627 unsigned int flags = 0, group; 628 628 int err; 629 629 630 - /* ignore our fake conntrack entry */ 631 - if (nf_ct_is_untracked(ct)) 632 - return 0; 633 - 634 630 if (events & (1 << IPCT_DESTROY)) { 635 631 type = IPCTNL_MSG_CT_DELETE; 636 632 group = NFNLGRP_CONNTRACK_DESTROY; ··· 2169 2173 static struct nf_conn *ctnetlink_glue_get_ct(const struct sk_buff *skb, 2170 2174 enum ip_conntrack_info *ctinfo) 2171 2175 { 2172 - struct nf_conn *ct; 2173 - 2174 - ct = nf_ct_get(skb, ctinfo); 2175 - if (ct && nf_ct_is_untracked(ct)) 2176 - ct = NULL; 2177 - 2178 - return ct; 2176 + return nf_ct_get(skb, ctinfo); 2179 2177 } 2180 2178 2181 2179 static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
+1 -1
net/netfilter/xt_HMARK.c
··· 84 84 struct nf_conntrack_tuple *otuple; 85 85 struct nf_conntrack_tuple *rtuple; 86 86 87 - if (ct == NULL || nf_ct_is_untracked(ct)) 87 + if (ct == NULL) 88 88 return -1; 89 89 90 90 otuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
-3
net/netfilter/xt_cluster.c
··· 121 121 if (ct == NULL) 122 122 return false; 123 123 124 - if (nf_ct_is_untracked(ct)) 125 - return false; 126 - 127 124 if (ct->master) 128 125 hash = xt_cluster_hash(ct->master, info); 129 126 else
+1 -1
net/netfilter/xt_connlabel.c
··· 29 29 bool invert = info->options & XT_CONNLABEL_OP_INVERT; 30 30 31 31 ct = nf_ct_get(skb, &ctinfo); 32 - if (ct == NULL || nf_ct_is_untracked(ct)) 32 + if (ct == NULL) 33 33 return invert; 34 34 35 35 labels = nf_ct_labels_find(ct);
+2 -2
net/netfilter/xt_connmark.c
··· 44 44 u_int32_t newmark; 45 45 46 46 ct = nf_ct_get(skb, &ctinfo); 47 - if (ct == NULL || nf_ct_is_untracked(ct)) 47 + if (ct == NULL) 48 48 return XT_CONTINUE; 49 49 50 50 switch (info->mode) { ··· 97 97 const struct nf_conn *ct; 98 98 99 99 ct = nf_ct_get(skb, &ctinfo); 100 - if (ct == NULL || nf_ct_is_untracked(ct)) 100 + if (ct == NULL) 101 101 return false; 102 102 103 103 return ((ct->mark & info->mask) == info->mark) ^ info->invert;
+1 -1
net/netfilter/xt_ipvs.c
··· 116 116 enum ip_conntrack_info ctinfo; 117 117 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 118 118 119 - if (ct == NULL || nf_ct_is_untracked(ct)) { 119 + if (ct == NULL) { 120 120 match = false; 121 121 goto out_put_cp; 122 122 }
-5
net/openvswitch/conntrack.c
··· 795 795 enum nf_nat_manip_type maniptype; 796 796 int err; 797 797 798 - if (nf_ct_is_untracked(ct)) { 799 - /* A NAT action may only be performed on tracked packets. */ 800 - return NF_ACCEPT; 801 - } 802 - 803 798 /* Add NAT extension if not confirmed yet. */ 804 799 if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct)) 805 800 return NF_ACCEPT; /* Can't NAT. */