netfilter: netns nf_conntrack: pass conntrack to nf_conntrack_event_cache() not skb
authorAlexey Dobriyan <adobriyan@gmail.com>
Wed, 8 Oct 2008 09:35:07 +0000 (11:35 +0200)
committerPatrick McHardy <kaber@trash.net>
Wed, 8 Oct 2008 09:35:07 +0000 (11:35 +0200)
This is cleaner, we already know conntrack to which event is relevant.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
13 files changed:
include/net/netfilter/nf_conntrack_ecache.h
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
net/ipv4/netfilter/nf_nat_helper.c
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_ftp.c
net/netfilter/nf_conntrack_proto_gre.c
net/netfilter/nf_conntrack_proto_sctp.c
net/netfilter/nf_conntrack_proto_tcp.c
net/netfilter/nf_conntrack_proto_udp.c
net/netfilter/nf_conntrack_proto_udplite.c
net/netfilter/xt_CONNMARK.c
net/netfilter/xt_CONNSECMARK.c

index f0b9078235c9f0ac88570c3094204bf2258691d7..c1b406cecf9b6df11c8f428a342d00b975995ff5 100644 (file)
@@ -28,10 +28,8 @@ extern void __nf_ct_event_cache_init(struct nf_conn *ct);
 extern void nf_ct_event_cache_flush(void);
 
 static inline void
-nf_conntrack_event_cache(enum ip_conntrack_events event,
-                        const struct sk_buff *skb)
+nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct)
 {
-       struct nf_conn *ct = (struct nf_conn *)skb->nfct;
        struct nf_conntrack_ecache *ecache;
 
        local_bh_disable();
index 8c7ed5bc9590acab3f58104a92a7ee5780d1a2fa..205ba399d4a3ff9d34065d187998c8abc105b969 100644 (file)
@@ -91,7 +91,7 @@ static int icmp_packet(struct nf_conn *ct,
                        nf_ct_kill_acct(ct, ctinfo, skb);
        } else {
                atomic_inc(&ct->proto.icmp.count);
-               nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
+               nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, ct);
                nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_icmp_timeout);
        }
 
index 112dcfa12900709e28cbe94591528932fda04c7e..cf7a42bf9820d7433631966d4dd88fb7470f2bcb 100644 (file)
@@ -193,7 +193,7 @@ nf_nat_mangle_tcp_packet(struct sk_buff *skb,
                nf_conntrack_tcp_update(skb, ip_hdrlen(skb),
                                        ct, CTINFO2DIR(ctinfo));
 
-               nf_conntrack_event_cache(IPCT_NATSEQADJ, skb);
+               nf_conntrack_event_cache(IPCT_NATSEQADJ, ct);
        }
        return 1;
 }
index aabddfe212788ecf87bc4aed7e0280ac028a228c..df04de91e6efb8645f48d644c607b041ad763eab 100644 (file)
@@ -93,7 +93,7 @@ static int icmpv6_packet(struct nf_conn *ct,
                        nf_ct_kill_acct(ct, ctinfo, skb);
        } else {
                atomic_inc(&ct->proto.icmp.count);
-               nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
+               nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, ct);
                nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_icmpv6_timeout);
        }
 
index 251f020c7c1045ef8eca38ffa5dc6878f49f23a9..01f59c57730a5d244ea80b1d404a6c07736ead2a 100644 (file)
@@ -370,14 +370,14 @@ __nf_conntrack_confirm(struct sk_buff *skb)
        spin_unlock_bh(&nf_conntrack_lock);
        help = nfct_help(ct);
        if (help && help->helper)
-               nf_conntrack_event_cache(IPCT_HELPER, skb);
+               nf_conntrack_event_cache(IPCT_HELPER, ct);
 #ifdef CONFIG_NF_NAT_NEEDED
        if (test_bit(IPS_SRC_NAT_DONE_BIT, &ct->status) ||
            test_bit(IPS_DST_NAT_DONE_BIT, &ct->status))
-               nf_conntrack_event_cache(IPCT_NATINFO, skb);
+               nf_conntrack_event_cache(IPCT_NATINFO, ct);
 #endif
        nf_conntrack_event_cache(master_ct(ct) ?
-                                IPCT_RELATED : IPCT_NEW, skb);
+                                IPCT_RELATED : IPCT_NEW, ct);
        return NF_ACCEPT;
 
 out:
@@ -740,7 +740,7 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
        }
 
        if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status))
-               nf_conntrack_event_cache(IPCT_STATUS, skb);
+               nf_conntrack_event_cache(IPCT_STATUS, ct);
 
        return ret;
 }
@@ -853,7 +853,7 @@ acct:
 
        /* must be unlocked when calling event cache */
        if (event)
-               nf_conntrack_event_cache(event, skb);
+               nf_conntrack_event_cache(event, ct);
 }
 EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct);
 
index bb20672fe03616edc8294f6611f2cb1fb102a02d..4f7107107e9974655a47fa7715615774a2259bc1 100644 (file)
@@ -318,7 +318,8 @@ static int find_nl_seq(u32 seq, const struct nf_ct_ftp_master *info, int dir)
 }
 
 /* We don't update if it's older than what we have. */
-static void update_nl_seq(u32 nl_seq, struct nf_ct_ftp_master *info, int dir,
+static void update_nl_seq(struct nf_conn *ct, u32 nl_seq,
+                         struct nf_ct_ftp_master *info, int dir,
                          struct sk_buff *skb)
 {
        unsigned int i, oldest = NUM_SEQ_TO_REMEMBER;
@@ -336,11 +337,11 @@ static void update_nl_seq(u32 nl_seq, struct nf_ct_ftp_master *info, int dir,
 
        if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) {
                info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq;
-               nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, skb);
+               nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, ct);
        } else if (oldest != NUM_SEQ_TO_REMEMBER &&
                   after(nl_seq, info->seq_aft_nl[dir][oldest])) {
                info->seq_aft_nl[dir][oldest] = nl_seq;
-               nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, skb);
+               nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, ct);
        }
 }
 
@@ -509,7 +510,7 @@ out_update_nl:
        /* Now if this ends in \n, update ftp info.  Seq may have been
         * adjusted by NAT code. */
        if (ends_in_nl)
-               update_nl_seq(seq, ct_ftp_info, dir, skb);
+               update_nl_seq(ct, seq, ct_ftp_info, dir, skb);
  out:
        spin_unlock_bh(&nf_ftp_lock);
        return ret;
index c5a78220fa38ef93594b9892c48ad9fb79ed8bf9..5b1273a01fe38772ba6948d89cac00ff83c3cbe5 100644 (file)
@@ -229,7 +229,7 @@ static int gre_packet(struct nf_conn *ct,
                                   ct->proto.gre.stream_timeout);
                /* Also, more likely to be important, and not a probe. */
                set_bit(IPS_ASSURED_BIT, &ct->status);
-               nf_conntrack_event_cache(IPCT_STATUS, skb);
+               nf_conntrack_event_cache(IPCT_STATUS, ct);
        } else
                nf_ct_refresh_acct(ct, ctinfo, skb,
                                   ct->proto.gre.timeout);
index b5a90596d3f49914eb936a5152b4b94dbe6872d3..ae8c2609e230b6323598521f8cc606bac7c5074e 100644 (file)
@@ -369,7 +369,7 @@ static int sctp_packet(struct nf_conn *ct,
 
                ct->proto.sctp.state = new_state;
                if (old_state != new_state)
-                       nf_conntrack_event_cache(IPCT_PROTOINFO, skb);
+                       nf_conntrack_event_cache(IPCT_PROTOINFO, ct);
        }
        write_unlock_bh(&sctp_lock);
 
@@ -380,7 +380,7 @@ static int sctp_packet(struct nf_conn *ct,
            new_state == SCTP_CONNTRACK_ESTABLISHED) {
                pr_debug("Setting assured bit\n");
                set_bit(IPS_ASSURED_BIT, &ct->status);
-               nf_conntrack_event_cache(IPCT_STATUS, skb);
+               nf_conntrack_event_cache(IPCT_STATUS, ct);
        }
 
        return NF_ACCEPT;
index 4e71de2405fb5c6d3fe31d1450e167c3177f26a6..b5d62d66e02c4480d360172c199280dcd7d9a5ac 100644 (file)
@@ -969,9 +969,9 @@ static int tcp_packet(struct nf_conn *ct,
                timeout = tcp_timeouts[new_state];
        write_unlock_bh(&tcp_lock);
 
-       nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
+       nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, ct);
        if (new_state != old_state)
-               nf_conntrack_event_cache(IPCT_PROTOINFO, skb);
+               nf_conntrack_event_cache(IPCT_PROTOINFO, ct);
 
        if (!test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
                /* If only reply is a RST, we can consider ourselves not to
@@ -990,7 +990,7 @@ static int tcp_packet(struct nf_conn *ct,
                   after SYN_RECV or a valid answer for a picked up
                   connection. */
                set_bit(IPS_ASSURED_BIT, &ct->status);
-               nf_conntrack_event_cache(IPCT_STATUS, skb);
+               nf_conntrack_event_cache(IPCT_STATUS, ct);
        }
        nf_ct_refresh_acct(ct, ctinfo, skb, timeout);
 
index 8a245beb2c9e9a2490c2f674c6081be12a5c897b..e0ee89e179c148b64e74bb81c8a33b46bbd4dc5a 100644 (file)
@@ -75,7 +75,7 @@ static int udp_packet(struct nf_conn *ct,
                nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udp_timeout_stream);
                /* Also, more likely to be important, and not a probe */
                if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
-                       nf_conntrack_event_cache(IPCT_STATUS, skb);
+                       nf_conntrack_event_cache(IPCT_STATUS, ct);
        } else
                nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udp_timeout);
 
index 981701919a754c0f271e6fe92d3a6c7633e554b7..c5b77c8f86c2f0f49170a853ac9e7b1d00b6f1ef 100644 (file)
@@ -75,7 +75,7 @@ static int udplite_packet(struct nf_conn *ct,
                                   nf_ct_udplite_timeout_stream);
                /* Also, more likely to be important, and not a probe */
                if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
-                       nf_conntrack_event_cache(IPCT_STATUS, skb);
+                       nf_conntrack_event_cache(IPCT_STATUS, ct);
        } else
                nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udplite_timeout);
 
index e72e5d0175253ff1168a140e9adeef4c3366dea6..e1415c3f5c9122f72e12e32c1e3ff362c643d5c9 100644 (file)
@@ -54,7 +54,7 @@ connmark_tg_v0(struct sk_buff *skb, const struct net_device *in,
                        newmark = (ct->mark & ~markinfo->mask) | markinfo->mark;
                        if (newmark != ct->mark) {
                                ct->mark = newmark;
-                               nf_conntrack_event_cache(IPCT_MARK, skb);
+                               nf_conntrack_event_cache(IPCT_MARK, ct);
                        }
                        break;
                case XT_CONNMARK_SAVE:
@@ -62,7 +62,7 @@ connmark_tg_v0(struct sk_buff *skb, const struct net_device *in,
                                  (skb->mark & markinfo->mask);
                        if (ct->mark != newmark) {
                                ct->mark = newmark;
-                               nf_conntrack_event_cache(IPCT_MARK, skb);
+                               nf_conntrack_event_cache(IPCT_MARK, ct);
                        }
                        break;
                case XT_CONNMARK_RESTORE:
@@ -95,7 +95,7 @@ connmark_tg(struct sk_buff *skb, const struct net_device *in,
                newmark = (ct->mark & ~info->ctmask) ^ info->ctmark;
                if (ct->mark != newmark) {
                        ct->mark = newmark;
-                       nf_conntrack_event_cache(IPCT_MARK, skb);
+                       nf_conntrack_event_cache(IPCT_MARK, ct);
                }
                break;
        case XT_CONNMARK_SAVE:
@@ -103,7 +103,7 @@ connmark_tg(struct sk_buff *skb, const struct net_device *in,
                          (skb->mark & info->nfmask);
                if (ct->mark != newmark) {
                        ct->mark = newmark;
-                       nf_conntrack_event_cache(IPCT_MARK, skb);
+                       nf_conntrack_event_cache(IPCT_MARK, ct);
                }
                break;
        case XT_CONNMARK_RESTORE:
index ae939e54dfaad573c6f8f11bfbabcb7ee20e6a4c..5f221c3bd35c808af69f56938e46b6790b858afb 100644 (file)
@@ -43,7 +43,7 @@ static void secmark_save(const struct sk_buff *skb)
                ct = nf_ct_get(skb, &ctinfo);
                if (ct && !ct->secmark) {
                        ct->secmark = skb->secmark;
-                       nf_conntrack_event_cache(IPCT_SECMARK, skb);
+                       nf_conntrack_event_cache(IPCT_SECMARK, ct);
                }
        }
 }