+2

include/net/netfilter/nf_nat.h

reviewed

··· 48 48 extern unsigned int nf_nat_alloc_null_binding(struct nf_conn *ct, 49 49 unsigned int hooknum); 50 50 51 51 + struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct); 52 52 + 51 53 /* Is this tuple already taken? (not by us)*/ 52 54 int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple, 53 55 const struct nf_conn *ignored_conntrack);

+3 -11

net/ipv4/netfilter/iptable_nat.c

reviewed

··· 91 91 if (nf_ct_is_untracked(ct)) 92 92 return NF_ACCEPT; 93 93 94 94 - nat = nfct_nat(ct); 95 95 - if (!nat) { 96 96 - /* NAT module was loaded late. */ 97 97 - if (nf_ct_is_confirmed(ct)) 98 98 - return NF_ACCEPT; 99 99 - nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC); 100 100 - if (nat == NULL) { 101 101 - pr_debug("failed to add NAT extension\n"); 102 102 - return NF_ACCEPT; 103 103 - } 104 104 - } 94 94 + nat = nf_ct_nat_ext_add(ct); 95 95 + if (nat == NULL) 96 96 + return NF_ACCEPT; 105 97 106 98 switch (ctinfo) { 107 99 case IP_CT_RELATED:

+3 -9

net/ipv4/netfilter/nft_chain_nat_ipv4.c

reviewed

··· 48 48 49 49 NF_CT_ASSERT(!(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET))); 50 50 51 51 - nat = nfct_nat(ct); 52 52 - if (nat == NULL) { 53 53 - /* Conntrack module was loaded late, can't add extension. */ 54 54 - if (nf_ct_is_confirmed(ct)) 55 55 - return NF_ACCEPT; 56 56 - nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC); 57 57 - if (nat == NULL) 58 58 - return NF_ACCEPT; 59 59 - } 51 51 + nat = nf_ct_nat_ext_add(ct); 52 52 + if (nat == NULL) 53 53 + return NF_ACCEPT; 60 54 61 55 switch (ctinfo) { 62 56 case IP_CT_RELATED:

+3 -11

net/ipv6/netfilter/ip6table_nat.c

reviewed

··· 90 90 if (nf_ct_is_untracked(ct)) 91 91 return NF_ACCEPT; 92 92 93 93 - nat = nfct_nat(ct); 94 94 - if (!nat) { 95 95 - /* NAT module was loaded late. */ 96 96 - if (nf_ct_is_confirmed(ct)) 97 97 - return NF_ACCEPT; 98 98 - nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC); 99 99 - if (nat == NULL) { 100 100 - pr_debug("failed to add NAT extension\n"); 101 101 - return NF_ACCEPT; 102 102 - } 103 103 - } 93 93 + nat = nf_ct_nat_ext_add(ct); 94 94 + if (nat == NULL) 95 95 + return NF_ACCEPT; 104 96 105 97 switch (ctinfo) { 106 98 case IP_CT_RELATED:

+3 -9

net/ipv6/netfilter/nft_chain_nat_ipv6.c

reviewed

··· 47 47 if (ct == NULL || nf_ct_is_untracked(ct)) 48 48 return NF_ACCEPT; 49 49 50 50 - nat = nfct_nat(ct); 51 51 - if (nat == NULL) { 52 52 - /* Conntrack module was loaded late, can't add extension. */ 53 53 - if (nf_ct_is_confirmed(ct)) 54 54 - return NF_ACCEPT; 55 55 - nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC); 56 56 - if (nat == NULL) 57 57 - return NF_ACCEPT; 58 58 - } 50 50 + nat = nf_ct_nat_ext_add(ct); 51 51 + if (nat == NULL) 52 52 + return NF_ACCEPT; 59 53 60 54 switch (ctinfo) { 61 55 case IP_CT_RELATED:

+16 -8

net/netfilter/nf_nat_core.c

reviewed

··· 358 358 rcu_read_unlock(); 359 359 } 360 360 361 361 + struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct) 362 362 + { 363 363 + struct nf_conn_nat *nat = nfct_nat(ct); 364 364 + if (nat) 365 365 + return nat; 366 366 + 367 367 + if (!nf_ct_is_confirmed(ct)) 368 368 + nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC); 369 369 + 370 370 + return nat; 371 371 + } 372 372 + EXPORT_SYMBOL_GPL(nf_ct_nat_ext_add); 373 373 + 361 374 unsigned int 362 375 nf_nat_setup_info(struct nf_conn *ct, 363 376 const struct nf_nat_range *range, ··· 381 368 struct nf_conn_nat *nat; 382 369 383 370 /* nat helper or nfctnetlink also setup binding */ 384 384 - nat = nfct_nat(ct); 385 385 - if (!nat) { 386 386 - nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC); 387 387 - if (nat == NULL) { 388 388 - pr_debug("failed to add NAT extension\n"); 389 389 - return NF_ACCEPT; 390 390 - } 391 391 - } 371 371 + nat = nf_ct_nat_ext_add(ct); 372 372 + if (nat == NULL) 373 373 + return NF_ACCEPT; 392 374 393 375 NF_CT_ASSERT(maniptype == NF_NAT_MANIP_SRC || 394 376 maniptype == NF_NAT_MANIP_DST);