netfilter: nf_ct_ext: invoke destroy even when ext is not attached

Liping Zhang · ummakynes · commit 8eeef2350453 · 2017-05-01T11:48:49.000+02:00
For NF_NAT_MANIP_SRC, we will insert the ct to the nat_bysource_table, then remove it from the nat_bysource_table via nat_extend->destroy. But now, the nat extension is attached on demand, so if the nat extension is not attached, we will not be notified when the ct is destroyed, i.e. we may fail to remove ct from the nat_bysource_table. So just keep it simple, even if the extension is not attached, we will still invoke the related ext->destroy. And this will also preserve the flexibility for the future extension. Fixes: 9a08ecf ("netfilter: don't attach a nat extension by default") Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
@@ -69,12 +69,7 @@ static inline void *__nf_ct_ext_find(const struct nf_conn *ct, u8 id)
 	((id##_TYPE *)__nf_ct_ext_find((ext), (id)))
 
 /* Destroy all relationships */
-void __nf_ct_ext_destroy(struct nf_conn *ct);
-static inline void nf_ct_ext_destroy(struct nf_conn *ct)
-{
-	if (ct->ext)
-		__nf_ct_ext_destroy(ct);
-}
+void nf_ct_ext_destroy(struct nf_conn *ct);
 
 /* Free operation. If you want to free a object referred from private area,
  * please implement __nf_ct_ext_free() and call it.
diff --git a/net/netfilter/nf_conntrack_extend.c b/net/netfilter/nf_conntrack_extend.c
@@ -20,16 +20,12 @@ static struct nf_ct_ext_type __rcu *nf_ct_ext_types[NF_CT_EXT_NUM];
 static DEFINE_MUTEX(nf_ct_ext_type_mutex);
 #define NF_CT_EXT_PREALLOC	128u /* conntrack events are on by default */
 
-void __nf_ct_ext_destroy(struct nf_conn *ct)
+void nf_ct_ext_destroy(struct nf_conn *ct)
 {
 	unsigned int i;
 	struct nf_ct_ext_type *t;
-	struct nf_ct_ext *ext = ct->ext;
 
 	for (i = 0; i < NF_CT_EXT_NUM; i++) {
-		if (!__nf_ct_ext_exist(ext, i))
-			continue;
-
 		rcu_read_lock();
 		t = rcu_dereference(nf_ct_ext_types[i]);
 
@@ -42,7 +38,7 @@ void __nf_ct_ext_destroy(struct nf_conn *ct)
 		rcu_read_unlock();
 	}
 }
-EXPORT_SYMBOL(__nf_ct_ext_destroy);
+EXPORT_SYMBOL(nf_ct_ext_destroy);
 
 void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
 {

Original file line number	Diff line number	Diff line change
`@@ -20,16 +20,12 @@ static struct nf_ct_ext_type __rcu *nf_ct_ext_types[NF_CT_EXT_NUM];`
`20`	`20`	`static DEFINE_MUTEX(nf_ct_ext_type_mutex);`
`21`	`21`	`#define NF_CT_EXT_PREALLOC 128u /* conntrack events are on by default */`
`22`	`22`
`23`		`-void __nf_ct_ext_destroy(struct nf_conn *ct)`
	`23`	`+void nf_ct_ext_destroy(struct nf_conn *ct)`
`24`	`24`	`{`
`25`	`25`	`unsigned int i;`
`26`	`26`	`struct nf_ct_ext_type *t;`
`27`		`- struct nf_ct_ext *ext = ct->ext;`
`28`	`27`
`29`	`28`	`for (i = 0; i < NF_CT_EXT_NUM; i++) {`
`30`		`- if (!__nf_ct_ext_exist(ext, i))`
`31`		`- continue;`
`32`		`-`
`33`	`29`	`rcu_read_lock();`
`34`	`30`	`t = rcu_dereference(nf_ct_ext_types[i]);`
`35`	`31`
`@@ -42,7 +38,7 @@ void __nf_ct_ext_destroy(struct nf_conn *ct)`
`42`	`38`	`rcu_read_unlock();`
`43`	`39`	`}`
`44`	`40`	`}`
`45`		`-EXPORT_SYMBOL(__nf_ct_ext_destroy);`
	`41`	`+EXPORT_SYMBOL(nf_ct_ext_destroy);`
`46`	`42`
`47`	`43`	`void nf_ct_ext_add(struct nf_conn ct, enum nf_ct_ext_id id, gfp_t gfp)`
`48`	`44`	`{`