Commit 5e615b22 authored by Gao feng's avatar Gao feng Committed by Pablo Neira Ayuso

netfilter: nf_ct_helper: move initialization out of pernet_operations

Move the global initial codes to the module_init/exit context.
Signed-off-by: default avatarGao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 8684094c
...@@ -82,8 +82,11 @@ static inline void *nfct_help_data(const struct nf_conn *ct) ...@@ -82,8 +82,11 @@ static inline void *nfct_help_data(const struct nf_conn *ct)
return (void *)help->data; return (void *)help->data;
} }
extern int nf_conntrack_helper_init(struct net *net); extern int nf_conntrack_helper_pernet_init(struct net *net);
extern void nf_conntrack_helper_fini(struct net *net); extern void nf_conntrack_helper_pernet_fini(struct net *net);
extern int nf_conntrack_helper_init(void);
extern void nf_conntrack_helper_fini(void);
extern int nf_conntrack_broadcast_help(struct sk_buff *skb, extern int nf_conntrack_broadcast_help(struct sk_buff *skb,
unsigned int protoff, unsigned int protoff,
......
...@@ -1348,6 +1348,7 @@ void nf_conntrack_cleanup_end(void) ...@@ -1348,6 +1348,7 @@ void nf_conntrack_cleanup_end(void)
#ifdef CONFIG_NF_CONNTRACK_ZONES #ifdef CONFIG_NF_CONNTRACK_ZONES
nf_ct_extend_unregister(&nf_ct_zone_extend); nf_ct_extend_unregister(&nf_ct_zone_extend);
#endif #endif
nf_conntrack_helper_fini();
nf_conntrack_timeout_fini(); nf_conntrack_timeout_fini();
nf_conntrack_ecache_fini(); nf_conntrack_ecache_fini();
nf_conntrack_tstamp_fini(); nf_conntrack_tstamp_fini();
...@@ -1378,7 +1379,7 @@ void nf_conntrack_cleanup_net(struct net *net) ...@@ -1378,7 +1379,7 @@ void nf_conntrack_cleanup_net(struct net *net)
nf_ct_free_hashtable(net->ct.hash, net->ct.htable_size); nf_ct_free_hashtable(net->ct.hash, net->ct.htable_size);
nf_conntrack_proto_fini(net); nf_conntrack_proto_fini(net);
nf_conntrack_labels_fini(net); nf_conntrack_labels_fini(net);
nf_conntrack_helper_fini(net); nf_conntrack_helper_pernet_fini(net);
nf_conntrack_ecache_pernet_fini(net); nf_conntrack_ecache_pernet_fini(net);
nf_conntrack_tstamp_pernet_fini(net); nf_conntrack_tstamp_pernet_fini(net);
nf_conntrack_acct_pernet_fini(net); nf_conntrack_acct_pernet_fini(net);
...@@ -1526,6 +1527,10 @@ int nf_conntrack_init_start(void) ...@@ -1526,6 +1527,10 @@ int nf_conntrack_init_start(void)
if (ret < 0) if (ret < 0)
goto err_timeout; goto err_timeout;
ret = nf_conntrack_helper_init();
if (ret < 0)
goto err_helper;
#ifdef CONFIG_NF_CONNTRACK_ZONES #ifdef CONFIG_NF_CONNTRACK_ZONES
ret = nf_ct_extend_register(&nf_ct_zone_extend); ret = nf_ct_extend_register(&nf_ct_zone_extend);
if (ret < 0) if (ret < 0)
...@@ -1543,8 +1548,10 @@ int nf_conntrack_init_start(void) ...@@ -1543,8 +1548,10 @@ int nf_conntrack_init_start(void)
#ifdef CONFIG_NF_CONNTRACK_ZONES #ifdef CONFIG_NF_CONNTRACK_ZONES
err_extend: err_extend:
nf_conntrack_timeout_fini(); nf_conntrack_helper_fini();
#endif #endif
err_helper:
nf_conntrack_timeout_fini();
err_timeout: err_timeout:
nf_conntrack_ecache_fini(); nf_conntrack_ecache_fini();
err_ecache: err_ecache:
...@@ -1622,7 +1629,7 @@ int nf_conntrack_init_net(struct net *net) ...@@ -1622,7 +1629,7 @@ int nf_conntrack_init_net(struct net *net)
ret = nf_conntrack_ecache_pernet_init(net); ret = nf_conntrack_ecache_pernet_init(net);
if (ret < 0) if (ret < 0)
goto err_ecache; goto err_ecache;
ret = nf_conntrack_helper_init(net); ret = nf_conntrack_helper_pernet_init(net);
if (ret < 0) if (ret < 0)
goto err_helper; goto err_helper;
...@@ -1638,7 +1645,7 @@ int nf_conntrack_init_net(struct net *net) ...@@ -1638,7 +1645,7 @@ int nf_conntrack_init_net(struct net *net)
err_proto: err_proto:
nf_conntrack_labels_fini(net); nf_conntrack_labels_fini(net);
err_labels: err_labels:
nf_conntrack_helper_fini(net); nf_conntrack_helper_pernet_fini(net);
err_helper: err_helper:
nf_conntrack_ecache_pernet_fini(net); nf_conntrack_ecache_pernet_fini(net);
err_ecache: err_ecache:
......
...@@ -423,44 +423,41 @@ static struct nf_ct_ext_type helper_extend __read_mostly = { ...@@ -423,44 +423,41 @@ static struct nf_ct_ext_type helper_extend __read_mostly = {
.id = NF_CT_EXT_HELPER, .id = NF_CT_EXT_HELPER,
}; };
int nf_conntrack_helper_init(struct net *net) int nf_conntrack_helper_pernet_init(struct net *net)
{ {
int err;
net->ct.auto_assign_helper_warned = false; net->ct.auto_assign_helper_warned = false;
net->ct.sysctl_auto_assign_helper = nf_ct_auto_assign_helper; net->ct.sysctl_auto_assign_helper = nf_ct_auto_assign_helper;
return nf_conntrack_helper_init_sysctl(net);
}
if (net_eq(net, &init_net)) { void nf_conntrack_helper_pernet_fini(struct net *net)
{
nf_conntrack_helper_fini_sysctl(net);
}
int nf_conntrack_helper_init(void)
{
int ret;
nf_ct_helper_hsize = 1; /* gets rounded up to use one page */ nf_ct_helper_hsize = 1; /* gets rounded up to use one page */
nf_ct_helper_hash = nf_ct_helper_hash =
nf_ct_alloc_hashtable(&nf_ct_helper_hsize, 0); nf_ct_alloc_hashtable(&nf_ct_helper_hsize, 0);
if (!nf_ct_helper_hash) if (!nf_ct_helper_hash)
return -ENOMEM; return -ENOMEM;
err = nf_ct_extend_register(&helper_extend); ret = nf_ct_extend_register(&helper_extend);
if (err < 0) if (ret < 0) {
goto err1; pr_err("nf_ct_helper: Unable to register helper extension.\n");
goto out_extend;
} }
err = nf_conntrack_helper_init_sysctl(net);
if (err < 0)
goto out_sysctl;
return 0; return 0;
out_extend:
out_sysctl:
if (net_eq(net, &init_net))
nf_ct_extend_unregister(&helper_extend);
err1:
nf_ct_free_hashtable(nf_ct_helper_hash, nf_ct_helper_hsize); nf_ct_free_hashtable(nf_ct_helper_hash, nf_ct_helper_hsize);
return err; return ret;
} }
void nf_conntrack_helper_fini(struct net *net) void nf_conntrack_helper_fini(void)
{ {
nf_conntrack_helper_fini_sysctl(net);
if (net_eq(net, &init_net)) {
nf_ct_extend_unregister(&helper_extend); nf_ct_extend_unregister(&helper_extend);
nf_ct_free_hashtable(nf_ct_helper_hash, nf_ct_helper_hsize); nf_ct_free_hashtable(nf_ct_helper_hash, nf_ct_helper_hsize);
}
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment