target/linux/generic/backport-4.14/341-v4.16-netfilter-nft_flow_offload-move-flowtable-cleanup-ro.patch

   1 From: Pablo Neira Ayuso <pablo@netfilter.org>
   2 Date: Tue, 23 Jan 2018 17:46:09 +0100
   3 Subject: [PATCH] netfilter: nft_flow_offload: move flowtable cleanup
   4  routines to nf_flow_table
   5
   6 Move the flowtable cleanup routines to nf_flow_table and expose the
   7 nf_flow_table_cleanup() helper function.
   8
   9 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  10 ---
  11
  12 --- a/include/net/netfilter/nf_flow_table.h
  13 +++ b/include/net/netfilter/nf_flow_table.h
  14 @@ -95,6 +95,9 @@ struct flow_offload_tuple_rhash *flow_of
  15  int nf_flow_table_iterate(struct nf_flowtable *flow_table,
  16                           void (*iter)(struct flow_offload *flow, void *data),
  17                           void *data);
  18 +
  19 +void nf_flow_table_cleanup(struct net *net, struct net_device *dev);
  20 +
  21  void nf_flow_offload_work_gc(struct work_struct *work);
  22  extern const struct rhashtable_params nf_flow_offload_rhash_params;
  23
  24 --- a/net/netfilter/nf_flow_table.c
  25 +++ b/net/netfilter/nf_flow_table.c
  26 @@ -4,6 +4,7 @@
  27  #include <linux/netfilter.h>
  28  #include <linux/rhashtable.h>
  29  #include <linux/netdevice.h>
  30 +#include <net/netfilter/nf_tables.h>
  31  #include <net/netfilter/nf_flow_table.h>
  32  #include <net/netfilter/nf_conntrack.h>
  33  #include <net/netfilter/nf_conntrack_core.h>
  34 @@ -425,5 +426,28 @@ int nf_flow_dnat_port(const struct flow_
  35  }
  36  EXPORT_SYMBOL_GPL(nf_flow_dnat_port);
  37
  38 +static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data)
  39 +{
  40 +       struct net_device *dev = data;
  41 +
  42 +       if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex)
  43 +               return;
  44 +
  45 +       flow_offload_dead(flow);
  46 +}
  47 +
  48 +static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable,
  49 +                                         void *data)
  50 +{
  51 +       nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, data);
  52 +       flush_delayed_work(&flowtable->gc_work);
  53 +}
  54 +
  55 +void nf_flow_table_cleanup(struct net *net, struct net_device *dev)
  56 +{
  57 +       nft_flow_table_iterate(net, nf_flow_table_iterate_cleanup, dev);
  58 +}
  59 +EXPORT_SYMBOL_GPL(nf_flow_table_cleanup);
  60 +
  61  MODULE_LICENSE("GPL");
  62  MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
  63 --- a/net/netfilter/nft_flow_offload.c
  64 +++ b/net/netfilter/nft_flow_offload.c
  65 @@ -194,23 +194,6 @@ static struct nft_expr_type nft_flow_off
  66         .owner          = THIS_MODULE,
  67  };
  68
  69 -static void flow_offload_iterate_cleanup(struct flow_offload *flow, void *data)
  70 -{
  71 -       struct net_device *dev = data;
  72 -
  73 -       if (dev && flow->tuplehash[0].tuple.iifidx != dev->ifindex)
  74 -               return;
  75 -
  76 -       flow_offload_dead(flow);
  77 -}
  78 -
  79 -static void nft_flow_offload_iterate_cleanup(struct nf_flowtable *flowtable,
  80 -                                            void *data)
  81 -{
  82 -       nf_flow_table_iterate(flowtable, flow_offload_iterate_cleanup, data);
  83 -       flush_delayed_work(&flowtable->gc_work);
  84 -}
  85 -
  86  static int flow_offload_netdev_event(struct notifier_block *this,
  87                                      unsigned long event, void *ptr)
  88  {
  89 @@ -219,7 +202,7 @@ static int flow_offload_netdev_event(str
  90         if (event != NETDEV_DOWN)
  91                 return NOTIFY_DONE;
  92
  93 -       nft_flow_table_iterate(dev_net(dev), nft_flow_offload_iterate_cleanup, dev);
  94 +       nf_flow_table_cleanup(dev_net(dev), dev);
  95
  96         return NOTIFY_DONE;
  97  }