Commit 8eeef235 authored by Liping Zhang's avatar Liping Zhang Committed by Pablo Neira Ayuso

netfilter: nf_ct_ext: invoke destroy even when ext is not attached

For NF_NAT_MANIP_SRC, we will insert the ct to the nat_bysource_table,
then remove it from the nat_bysource_table via nat_extend->destroy.

But now, the nat extension is attached on demand, so if the nat extension
is not attached, we will not be notified when the ct is destroyed, i.e.
we may fail to remove ct from the nat_bysource_table.

So just keep it simple, even if the extension is not attached, we will
still invoke the related ext->destroy. And this will also preserve the
flexibility for the future extension.

Fixes: 9a08ecfe ("netfilter: don't attach a nat extension by default")
Signed-off-by: default avatarLiping Zhang <zlpnobody@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent d1908ca8
...@@ -69,12 +69,7 @@ static inline void *__nf_ct_ext_find(const struct nf_conn *ct, u8 id) ...@@ -69,12 +69,7 @@ static inline void *__nf_ct_ext_find(const struct nf_conn *ct, u8 id)
((id##_TYPE *)__nf_ct_ext_find((ext), (id))) ((id##_TYPE *)__nf_ct_ext_find((ext), (id)))
/* Destroy all relationships */ /* Destroy all relationships */
void __nf_ct_ext_destroy(struct nf_conn *ct); void nf_ct_ext_destroy(struct nf_conn *ct);
static inline void nf_ct_ext_destroy(struct nf_conn *ct)
{
if (ct->ext)
__nf_ct_ext_destroy(ct);
}
/* Free operation. If you want to free a object referred from private area, /* Free operation. If you want to free a object referred from private area,
* please implement __nf_ct_ext_free() and call it. * please implement __nf_ct_ext_free() and call it.
......
...@@ -20,16 +20,12 @@ static struct nf_ct_ext_type __rcu *nf_ct_ext_types[NF_CT_EXT_NUM]; ...@@ -20,16 +20,12 @@ static struct nf_ct_ext_type __rcu *nf_ct_ext_types[NF_CT_EXT_NUM];
static DEFINE_MUTEX(nf_ct_ext_type_mutex); static DEFINE_MUTEX(nf_ct_ext_type_mutex);
#define NF_CT_EXT_PREALLOC 128u /* conntrack events are on by default */ #define NF_CT_EXT_PREALLOC 128u /* conntrack events are on by default */
void __nf_ct_ext_destroy(struct nf_conn *ct) void nf_ct_ext_destroy(struct nf_conn *ct)
{ {
unsigned int i; unsigned int i;
struct nf_ct_ext_type *t; struct nf_ct_ext_type *t;
struct nf_ct_ext *ext = ct->ext;
for (i = 0; i < NF_CT_EXT_NUM; i++) { for (i = 0; i < NF_CT_EXT_NUM; i++) {
if (!__nf_ct_ext_exist(ext, i))
continue;
rcu_read_lock(); rcu_read_lock();
t = rcu_dereference(nf_ct_ext_types[i]); t = rcu_dereference(nf_ct_ext_types[i]);
...@@ -42,7 +38,7 @@ void __nf_ct_ext_destroy(struct nf_conn *ct) ...@@ -42,7 +38,7 @@ void __nf_ct_ext_destroy(struct nf_conn *ct)
rcu_read_unlock(); rcu_read_unlock();
} }
} }
EXPORT_SYMBOL(__nf_ct_ext_destroy); EXPORT_SYMBOL(nf_ct_ext_destroy);
void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp) void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment