mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-12 21:57:43 +00:00
0b35f6031a
This patch removes duplicate rcu_read_lock(). 1. IPVS part: According to Julian Anastasov's mention, contexts of ipvs are described at: http://marc.info/?l=netfilter-devel&m=149562884514072&w=2, in summary: - packet RX/TX: does not need locks because packets come from hooks. - sync msg RX: backup server uses RCU locks while registering new connections. - ip_vs_ctl.c: configuration get/set, RCU locks needed. - xt_ipvs.c: It is a netfilter match, running from hook context. As result, rcu_read_lock and rcu_read_unlock can be removed from: - ip_vs_core.c: all - ip_vs_ctl.c: - only from ip_vs_has_real_service - ip_vs_ftp.c: all - ip_vs_proto_sctp.c: all - ip_vs_proto_tcp.c: all - ip_vs_proto_udp.c: all - ip_vs_xmit.c: all (contains only packet processing) 2. Netfilter part: There are three types of functions that are guaranteed the rcu_read_lock(). First, as result, functions are only called by nf_hook(): - nf_conntrack_broadcast_help(), pptp_expectfn(), set_expected_rtp_rtcp(). - tcpmss_reverse_mtu(), tproxy_laddr4(), tproxy_laddr6(). - match_lookup_rt6(), check_hlist(), hashlimit_mt_common(). - xt_osf_match_packet(). Second, functions that caller already held the rcu_read_lock(). - destroy_conntrack(), ctnetlink_conntrack_event(). - ctnl_timeout_find_get(), nfqnl_nf_hook_drop(). Third, functions that are mixed with type1 and type2. These functions are called by nf_hook() also these are called by ordinary functions that already held the rcu_read_lock(): - __ctnetlink_glue_build(), ctnetlink_expect_event(). - ctnetlink_proto_size(). Applied files are below: - nf_conntrack_broadcast.c, nf_conntrack_core.c, nf_conntrack_netlink.c. - nf_conntrack_pptp.c, nf_conntrack_sip.c, nfnetlink_cttimeout.c. - nfnetlink_queue.c, xt_TCPMSS.c, xt_TPROXY.c, xt_addrtype.c. - xt_connlimit.c, xt_hashlimit.c, xt_osf.c Detailed calltrace can be found at: http://marc.info/?l=netfilter-devel&m=149667610710350&w=2 Signed-off-by: Taehee Yoo <ap420073@gmail.com> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
80 lines
2 KiB
C
80 lines
2 KiB
C
/*
|
|
* broadcast connection tracking helper
|
|
*
|
|
* (c) 2005 Patrick McHardy <kaber@trash.net>
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/ip.h>
|
|
#include <net/route.h>
|
|
#include <linux/inetdevice.h>
|
|
#include <linux/skbuff.h>
|
|
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_conntrack_helper.h>
|
|
#include <net/netfilter/nf_conntrack_expect.h>
|
|
|
|
int nf_conntrack_broadcast_help(struct sk_buff *skb,
|
|
unsigned int protoff,
|
|
struct nf_conn *ct,
|
|
enum ip_conntrack_info ctinfo,
|
|
unsigned int timeout)
|
|
{
|
|
struct nf_conntrack_expect *exp;
|
|
struct iphdr *iph = ip_hdr(skb);
|
|
struct rtable *rt = skb_rtable(skb);
|
|
struct in_device *in_dev;
|
|
struct nf_conn_help *help = nfct_help(ct);
|
|
__be32 mask = 0;
|
|
|
|
/* we're only interested in locally generated packets */
|
|
if (skb->sk == NULL)
|
|
goto out;
|
|
if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST))
|
|
goto out;
|
|
if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL)
|
|
goto out;
|
|
|
|
in_dev = __in_dev_get_rcu(rt->dst.dev);
|
|
if (in_dev != NULL) {
|
|
for_primary_ifa(in_dev) {
|
|
if (ifa->ifa_broadcast == iph->daddr) {
|
|
mask = ifa->ifa_mask;
|
|
break;
|
|
}
|
|
} endfor_ifa(in_dev);
|
|
}
|
|
|
|
if (mask == 0)
|
|
goto out;
|
|
|
|
exp = nf_ct_expect_alloc(ct);
|
|
if (exp == NULL)
|
|
goto out;
|
|
|
|
exp->tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple;
|
|
exp->tuple.src.u.udp.port = help->helper->tuple.src.u.udp.port;
|
|
|
|
exp->mask.src.u3.ip = mask;
|
|
exp->mask.src.u.udp.port = htons(0xFFFF);
|
|
|
|
exp->expectfn = NULL;
|
|
exp->flags = NF_CT_EXPECT_PERMANENT;
|
|
exp->class = NF_CT_EXPECT_CLASS_DEFAULT;
|
|
exp->helper = NULL;
|
|
|
|
nf_ct_expect_related(exp);
|
|
nf_ct_expect_put(exp);
|
|
|
|
nf_ct_refresh(ct, skb, timeout * HZ);
|
|
out:
|
|
return NF_ACCEPT;
|
|
}
|
|
EXPORT_SYMBOL_GPL(nf_conntrack_broadcast_help);
|
|
|
|
MODULE_LICENSE("GPL");
|