Commit 83b4dbe1 authored by Gao feng's avatar Gao feng Committed by Pablo Neira Ayuso

netfilter: nf_ct_expect: move initialization out of pernet_operations

Move the global initial codes to the module_init/exit context.
Signed-off-by: default avatarGao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent f94161c1
...@@ -69,8 +69,11 @@ struct nf_conntrack_expect_policy { ...@@ -69,8 +69,11 @@ struct nf_conntrack_expect_policy {
#define NF_CT_EXPECT_CLASS_DEFAULT 0 #define NF_CT_EXPECT_CLASS_DEFAULT 0
int nf_conntrack_expect_init(struct net *net); int nf_conntrack_expect_pernet_init(struct net *net);
void nf_conntrack_expect_fini(struct net *net); void nf_conntrack_expect_pernet_fini(struct net *net);
int nf_conntrack_expect_init(void);
void nf_conntrack_expect_fini(void);
struct nf_conntrack_expect * struct nf_conntrack_expect *
__nf_ct_expect_find(struct net *net, u16 zone, __nf_ct_expect_find(struct net *net, u16 zone,
......
...@@ -1348,6 +1348,7 @@ void nf_conntrack_cleanup_end(void) ...@@ -1348,6 +1348,7 @@ void nf_conntrack_cleanup_end(void)
#ifdef CONFIG_NF_CONNTRACK_ZONES #ifdef CONFIG_NF_CONNTRACK_ZONES
nf_ct_extend_unregister(&nf_ct_zone_extend); nf_ct_extend_unregister(&nf_ct_zone_extend);
#endif #endif
nf_conntrack_expect_fini();
} }
/* /*
...@@ -1378,7 +1379,7 @@ void nf_conntrack_cleanup_net(struct net *net) ...@@ -1378,7 +1379,7 @@ void nf_conntrack_cleanup_net(struct net *net)
nf_conntrack_ecache_fini(net); nf_conntrack_ecache_fini(net);
nf_conntrack_tstamp_fini(net); nf_conntrack_tstamp_fini(net);
nf_conntrack_acct_fini(net); nf_conntrack_acct_fini(net);
nf_conntrack_expect_fini(net); nf_conntrack_expect_pernet_fini(net);
kmem_cache_destroy(net->ct.nf_conntrack_cachep); kmem_cache_destroy(net->ct.nf_conntrack_cachep);
kfree(net->ct.slabname); kfree(net->ct.slabname);
free_percpu(net->ct.stat); free_percpu(net->ct.stat);
...@@ -1501,6 +1502,11 @@ int nf_conntrack_init_start(void) ...@@ -1501,6 +1502,11 @@ int nf_conntrack_init_start(void)
printk(KERN_INFO "nf_conntrack version %s (%u buckets, %d max)\n", printk(KERN_INFO "nf_conntrack version %s (%u buckets, %d max)\n",
NF_CONNTRACK_VERSION, nf_conntrack_htable_size, NF_CONNTRACK_VERSION, nf_conntrack_htable_size,
nf_conntrack_max); nf_conntrack_max);
ret = nf_conntrack_expect_init();
if (ret < 0)
goto err_expect;
#ifdef CONFIG_NF_CONNTRACK_ZONES #ifdef CONFIG_NF_CONNTRACK_ZONES
ret = nf_ct_extend_register(&nf_ct_zone_extend); ret = nf_ct_extend_register(&nf_ct_zone_extend);
if (ret < 0) if (ret < 0)
...@@ -1518,7 +1524,9 @@ int nf_conntrack_init_start(void) ...@@ -1518,7 +1524,9 @@ int nf_conntrack_init_start(void)
#ifdef CONFIG_NF_CONNTRACK_ZONES #ifdef CONFIG_NF_CONNTRACK_ZONES
err_extend: err_extend:
nf_conntrack_expect_fini();
#endif #endif
err_expect:
return ret; return ret;
} }
...@@ -1575,7 +1583,7 @@ int nf_conntrack_init_net(struct net *net) ...@@ -1575,7 +1583,7 @@ int nf_conntrack_init_net(struct net *net)
printk(KERN_ERR "Unable to create nf_conntrack_hash\n"); printk(KERN_ERR "Unable to create nf_conntrack_hash\n");
goto err_hash; goto err_hash;
} }
ret = nf_conntrack_expect_init(net); ret = nf_conntrack_expect_pernet_init(net);
if (ret < 0) if (ret < 0)
goto err_expect; goto err_expect;
ret = nf_conntrack_acct_init(net); ret = nf_conntrack_acct_init(net);
...@@ -1616,7 +1624,7 @@ int nf_conntrack_init_net(struct net *net) ...@@ -1616,7 +1624,7 @@ int nf_conntrack_init_net(struct net *net)
err_tstamp: err_tstamp:
nf_conntrack_acct_fini(net); nf_conntrack_acct_fini(net);
err_acct: err_acct:
nf_conntrack_expect_fini(net); nf_conntrack_expect_pernet_fini(net);
err_expect: err_expect:
nf_ct_free_hashtable(net->ct.hash, net->ct.htable_size); nf_ct_free_hashtable(net->ct.hash, net->ct.htable_size);
err_hash: err_hash:
......
...@@ -587,53 +587,50 @@ static void exp_proc_remove(struct net *net) ...@@ -587,53 +587,50 @@ static void exp_proc_remove(struct net *net)
module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400); module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400);
int nf_conntrack_expect_init(struct net *net) int nf_conntrack_expect_pernet_init(struct net *net)
{ {
int err = -ENOMEM; int err = -ENOMEM;
if (net_eq(net, &init_net)) {
if (!nf_ct_expect_hsize) {
nf_ct_expect_hsize = net->ct.htable_size / 256;
if (!nf_ct_expect_hsize)
nf_ct_expect_hsize = 1;
}
nf_ct_expect_max = nf_ct_expect_hsize * 4;
}
net->ct.expect_count = 0; net->ct.expect_count = 0;
net->ct.expect_hash = nf_ct_alloc_hashtable(&nf_ct_expect_hsize, 0); net->ct.expect_hash = nf_ct_alloc_hashtable(&nf_ct_expect_hsize, 0);
if (net->ct.expect_hash == NULL) if (net->ct.expect_hash == NULL)
goto err1; goto err1;
if (net_eq(net, &init_net)) {
nf_ct_expect_cachep = kmem_cache_create("nf_conntrack_expect",
sizeof(struct nf_conntrack_expect),
0, 0, NULL);
if (!nf_ct_expect_cachep)
goto err2;
}
err = exp_proc_init(net); err = exp_proc_init(net);
if (err < 0) if (err < 0)
goto err3; goto err2;
return 0; return 0;
err3:
if (net_eq(net, &init_net))
kmem_cache_destroy(nf_ct_expect_cachep);
err2: err2:
nf_ct_free_hashtable(net->ct.expect_hash, nf_ct_expect_hsize); nf_ct_free_hashtable(net->ct.expect_hash, nf_ct_expect_hsize);
err1: err1:
return err; return err;
} }
void nf_conntrack_expect_fini(struct net *net) void nf_conntrack_expect_pernet_fini(struct net *net)
{ {
exp_proc_remove(net); exp_proc_remove(net);
if (net_eq(net, &init_net)) {
rcu_barrier(); /* Wait for call_rcu() before destroy */
kmem_cache_destroy(nf_ct_expect_cachep);
}
nf_ct_free_hashtable(net->ct.expect_hash, nf_ct_expect_hsize); nf_ct_free_hashtable(net->ct.expect_hash, nf_ct_expect_hsize);
} }
int nf_conntrack_expect_init(void)
{
if (!nf_ct_expect_hsize) {
nf_ct_expect_hsize = nf_conntrack_htable_size / 256;
if (!nf_ct_expect_hsize)
nf_ct_expect_hsize = 1;
}
nf_ct_expect_max = nf_ct_expect_hsize * 4;
nf_ct_expect_cachep = kmem_cache_create("nf_conntrack_expect",
sizeof(struct nf_conntrack_expect),
0, 0, NULL);
if (!nf_ct_expect_cachep)
return -ENOMEM;
return 0;
}
void nf_conntrack_expect_fini(void)
{
rcu_barrier(); /* Wait for call_rcu() before destroy */
kmem_cache_destroy(nf_ct_expect_cachep);
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment