netfilter: nf_conntrack: remove duplicate code in ctnetlink

ctnetlink contains copy-paste code from death_by_timeout.  In order to
avoid changing both places in upcoming event delivery patch,
export death_by_timeout functionality and use it in the ctnetlink code.

Based on earlier patch from Pablo Neira.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 644d9c223d249617291edce40d11c75cec6fd0fd..939aced35a0212a3a9a5cea3feea6353e64047f3 100644 (file)
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -181,8 +181,7 @@ __nf_conntrack_find(struct net *net, u16 zone,
                    const struct nf_conntrack_tuple *tuple);
 
 extern int nf_conntrack_hash_check_insert(struct nf_conn *ct);
-extern void nf_ct_delete_from_lists(struct nf_conn *ct);
-extern void nf_ct_dying_timeout(struct nf_conn *ct);
+bool nf_ct_delete(struct nf_conn *ct, u32 pid, int report);
 
 extern void nf_conntrack_flush_report(struct net *net, u32 portid, int report);
 

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index d32afaff72f858808b62fed0b75db28f174e122b..089e408676fa8a275c96b1387ea4314ba015b7a2 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -238,7 +238,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
        nf_conntrack_free(ct);
 }
 
-void nf_ct_delete_from_lists(struct nf_conn *ct)
+static void nf_ct_delete_from_lists(struct nf_conn *ct)
 {
        struct net *net = nf_ct_net(ct);
 
@@ -253,7 +253,6 @@ void nf_ct_delete_from_lists(struct nf_conn *ct)
                             &net->ct.dying);
        spin_unlock_bh(&nf_conntrack_lock);
 }
-EXPORT_SYMBOL_GPL(nf_ct_delete_from_lists);
 
 static void death_by_event(unsigned long ul_conntrack)
 {
@@ -275,7 +274,7 @@ static void death_by_event(unsigned long ul_conntrack)
        nf_ct_put(ct);
 }
 
-void nf_ct_dying_timeout(struct nf_conn *ct)
+static void nf_ct_dying_timeout(struct nf_conn *ct)
 {
        struct net *net = nf_ct_net(ct);
        struct nf_conntrack_ecache *ecache = nf_ct_ecache_find(ct);
@@ -288,27 +287,33 @@ void nf_ct_dying_timeout(struct nf_conn *ct)
                (prandom_u32() % net->ct.sysctl_events_retry_timeout);
        add_timer(&ecache->timeout);
 }
-EXPORT_SYMBOL_GPL(nf_ct_dying_timeout);
 
-static void death_by_timeout(unsigned long ul_conntrack)
+bool nf_ct_delete(struct nf_conn *ct, u32 portid, int report)
 {
-       struct nf_conn *ct = (void *)ul_conntrack;
        struct nf_conn_tstamp *tstamp;
 
        tstamp = nf_conn_tstamp_find(ct);
        if (tstamp && tstamp->stop == 0)
                tstamp->stop = ktime_to_ns(ktime_get_real());
 
-       if (!test_bit(IPS_DYING_BIT, &ct->status) &&
-           unlikely(nf_conntrack_event(IPCT_DESTROY, ct) < 0)) {
+       if (!nf_ct_is_dying(ct) &&
+           unlikely(nf_conntrack_event_report(IPCT_DESTROY, ct,
+           portid, report) < 0)) {
                /* destroy event was not delivered */
                nf_ct_delete_from_lists(ct);
                nf_ct_dying_timeout(ct);
-               return;
+               return false;
        }
        set_bit(IPS_DYING_BIT, &ct->status);
        nf_ct_delete_from_lists(ct);
        nf_ct_put(ct);
+       return true;
+}
+EXPORT_SYMBOL_GPL(nf_ct_delete);
+
+static void death_by_timeout(unsigned long ul_conntrack)
+{
+       nf_ct_delete((struct nf_conn *)ul_conntrack, 0, 0);
 }
 
 /*
@@ -643,10 +648,7 @@ static noinline int early_drop(struct net *net, unsigned int hash)
                return dropped;
 
        if (del_timer(&ct->timeout)) {
-               death_by_timeout((unsigned long)ct);
-               /* Check if we indeed killed this entry. Reliable event
-                  delivery may have inserted it into the dying list. */
-               if (test_bit(IPS_DYING_BIT, &ct->status)) {
+               if (nf_ct_delete(ct, 0, 0)) {
                        dropped = 1;
                        NF_CT_STAT_INC_ATOMIC(net, early_drop);
                }
@@ -1253,6 +1255,7 @@ void nf_ct_iterate_cleanup(struct net *net,
                /* Time to push up daises... */
                if (del_timer(&ct->timeout))
                        death_by_timeout((unsigned long)ct);
+
                /* ... else the timer will get him soon. */
 
                nf_ct_put(ct);

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index edc410e778f770b7d1bef94cf2de3d0caec0b184..e842c0ded79db3bf4b40cf7d0661d69df35c2fdd 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1038,21 +1038,9 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
                }
        }
 
-       if (del_timer(&ct->timeout)) {
-               if (nf_conntrack_event_report(IPCT_DESTROY, ct,
-                                             NETLINK_CB(skb).portid,
-                                             nlmsg_report(nlh)) < 0) {
-                       nf_ct_delete_from_lists(ct);
-                       /* we failed to report the event, try later */
-                       nf_ct_dying_timeout(ct);
-                       nf_ct_put(ct);
-                       return 0;
-               }
-               /* death_by_timeout would report the event again */
-               set_bit(IPS_DYING_BIT, &ct->status);
-               nf_ct_delete_from_lists(ct);
-               nf_ct_put(ct);
-       }
+       if (del_timer(&ct->timeout))
+               nf_ct_delete(ct, NETLINK_CB(skb).portid, nlmsg_report(nlh));
+
        nf_ct_put(ct);
 
        return 0;