From: Jeremy Sowden <jeremy@azazel.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: [PATCH nf-next v3 14/18] netfilter: move nf_conntrack code to linux/nf_conntrack_common.h.
Date: Fri, 13 Sep 2019 09:13:14 +0100 [thread overview]
Message-ID: <20190913081318.16071-15-jeremy@azazel.net> (raw)
In-Reply-To: <20190913081318.16071-1-jeremy@azazel.net>
Move some `struct nf_conntrack` code from linux/skbuff.h to
linux/nf_conntrack_common.h. Together with a couple of helpers for
getting and setting skb->_nfct, it allows us to remove
CONFIG_NF_CONNTRACK checks from net/netfilter/nf_conntrack.h.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
include/linux/netfilter/nf_conntrack_common.h | 20 ++++++++++++
include/linux/skbuff.h | 32 +++++++++----------
include/net/netfilter/nf_conntrack.h | 24 +++-----------
net/netfilter/nf_conntrack_standalone.c | 1 -
4 files changed, 40 insertions(+), 37 deletions(-)
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index e142b2b5f1ea..1db83c931d9c 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -2,6 +2,7 @@
#ifndef _NF_CONNTRACK_COMMON_H
#define _NF_CONNTRACK_COMMON_H
+#include <linux/atomic.h>
#include <uapi/linux/netfilter/nf_conntrack_common.h>
struct ip_conntrack_stat {
@@ -19,4 +20,23 @@ struct ip_conntrack_stat {
unsigned int search_restart;
};
+#define NFCT_INFOMASK 7UL
+#define NFCT_PTRMASK ~(NFCT_INFOMASK)
+
+struct nf_conntrack {
+ atomic_t use;
+};
+
+void nf_conntrack_destroy(struct nf_conntrack *nfct);
+static inline void nf_conntrack_put(struct nf_conntrack *nfct)
+{
+ if (nfct && atomic_dec_and_test(&nfct->use))
+ nf_conntrack_destroy(nfct);
+}
+static inline void nf_conntrack_get(struct nf_conntrack *nfct)
+{
+ if (nfct)
+ atomic_inc(&nfct->use);
+}
+
#endif /* _NF_CONNTRACK_COMMON_H */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 028e684fa974..907209c0794e 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -37,6 +37,9 @@
#include <linux/in6.h>
#include <linux/if_packet.h>
#include <net/flow.h>
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
+#include <linux/netfilter/nf_conntrack_common.h>
+#endif
/* The interface for checksum offload between the stack and networking drivers
* is as follows...
@@ -244,12 +247,6 @@ struct bpf_prog;
union bpf_attr;
struct skb_ext;
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-struct nf_conntrack {
- atomic_t use;
-};
-#endif
-
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
struct nf_bridge_info {
enum {
@@ -914,7 +911,6 @@ static inline bool skb_pfmemalloc(const struct sk_buff *skb)
#define SKB_DST_NOREF 1UL
#define SKB_DST_PTRMASK ~(SKB_DST_NOREF)
-#define SKB_NFCT_PTRMASK ~(7UL)
/**
* skb_dst - returns skb dst_entry
* @skb: buffer
@@ -4040,25 +4036,27 @@ static inline void skb_remcsum_process(struct sk_buff *skb, void *ptr,
static inline struct nf_conntrack *skb_nfct(const struct sk_buff *skb)
{
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
- return (void *)(skb->_nfct & SKB_NFCT_PTRMASK);
+ return (void *)(skb->_nfct & NFCT_PTRMASK);
#else
return NULL;
#endif
}
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-void nf_conntrack_destroy(struct nf_conntrack *nfct);
-static inline void nf_conntrack_put(struct nf_conntrack *nfct)
+static inline unsigned long skb_get_nfct(const struct sk_buff *skb)
{
- if (nfct && atomic_dec_and_test(&nfct->use))
- nf_conntrack_destroy(nfct);
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
+ return skb->_nfct;
+#else
+ return 0UL;
+#endif
}
-static inline void nf_conntrack_get(struct nf_conntrack *nfct)
+
+static inline void skb_set_nfct(struct sk_buff *skb, unsigned long nfct)
{
- if (nfct)
- atomic_inc(&nfct->use);
-}
+#if IS_ENABLED(CONFIG_NF_CONNTRACK)
+ skb->_nfct = nfct;
#endif
+}
#ifdef CONFIG_SKB_EXTENSIONS
enum skb_ext_id {
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 22275f42f0bb..9f551f3b69c6 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -13,12 +13,10 @@
#ifndef _NF_CONNTRACK_H
#define _NF_CONNTRACK_H
-#include <linux/netfilter/nf_conntrack_common.h>
-
#include <linux/bitops.h>
#include <linux/compiler.h>
-#include <linux/atomic.h>
+#include <linux/netfilter/nf_conntrack_common.h>
#include <linux/netfilter/nf_conntrack_tcp.h>
#include <linux/netfilter/nf_conntrack_dccp.h>
#include <linux/netfilter/nf_conntrack_sctp.h>
@@ -58,7 +56,6 @@ struct nf_conntrack_net {
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
struct nf_conn {
-#if IS_ENABLED(CONFIG_NF_CONNTRACK)
/* Usage count in here is 1 for hash table, 1 per skb,
* plus 1 for any connection(s) we are `master' for
*
@@ -68,7 +65,6 @@ struct nf_conn {
* beware nf_ct_get() is different and don't inc refcnt.
*/
struct nf_conntrack ct_general;
-#endif
spinlock_t lock;
/* jiffies32 when this ct is considered dead */
@@ -149,18 +145,14 @@ void nf_conntrack_alter_reply(struct nf_conn *ct,
int nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
const struct nf_conn *ignored_conntrack);
-#if IS_ENABLED(CONFIG_NF_CONNTRACK)
-
-#define NFCT_INFOMASK 7UL
-#define NFCT_PTRMASK ~(NFCT_INFOMASK)
-
/* Return conntrack_info and tuple hash for given skb. */
static inline struct nf_conn *
nf_ct_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo)
{
- *ctinfo = skb->_nfct & NFCT_INFOMASK;
+ unsigned long nfct = skb_get_nfct(skb);
- return (struct nf_conn *)(skb->_nfct & NFCT_PTRMASK);
+ *ctinfo = nfct & NFCT_INFOMASK;
+ return (struct nf_conn *)(nfct & NFCT_PTRMASK);
}
/* decrement reference count on a conntrack */
@@ -170,8 +162,6 @@ static inline void nf_ct_put(struct nf_conn *ct)
nf_conntrack_put(&ct->ct_general);
}
-#endif
-
/* Protocol module loading */
int nf_ct_l3proto_try_module_get(unsigned short l3proto);
void nf_ct_l3proto_module_put(unsigned short l3proto);
@@ -323,16 +313,12 @@ void nf_ct_tmpl_free(struct nf_conn *tmpl);
u32 nf_ct_get_id(const struct nf_conn *ct);
-#if IS_ENABLED(CONFIG_NF_CONNTRACK)
-
static inline void
nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info)
{
- skb->_nfct = (unsigned long)ct | info;
+ skb_set_nfct(skb, (unsigned long)ct | info);
}
-#endif
-
#define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count)
#define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count)
#define NF_CT_STAT_ADD_ATOMIC(net, count, v) this_cpu_add((net)->ct.stat->count, (v))
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 88d4127df863..410809c669e1 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -1167,7 +1167,6 @@ static int __init nf_conntrack_standalone_init(void)
if (ret < 0)
goto out_start;
- BUILD_BUG_ON(SKB_NFCT_PTRMASK != NFCT_PTRMASK);
BUILD_BUG_ON(NFCT_INFOMASK <= IP_CT_NUMBER);
#ifdef CONFIG_SYSCTL
--
2.23.0
next prev parent reply other threads:[~2019-09-13 8:17 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-13 8:13 [PATCH nf-next v3 00/18] Remove config option checks from netfilter headers Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 01/18] netfilter: fix include guards Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 02/18] netfilter: fix coding-style errors Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 03/18] netfilter: remove unused function declarations Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 04/18] netfilter: inline three headers Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 05/18] netfilter: update include directives Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 06/18] netfilter: remove nf_conntrack_icmpv6.h header Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 07/18] netfilter: move inline function to a more appropriate header Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 08/18] netfilter: move code between synproxy headers Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 09/18] netfilter: move struct definition function to a more appropriate header Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 10/18] netfilter: use consistent style when defining inline functions in nf_conntrack_ecache.h Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 11/18] netfilter: replace defined(CONFIG...) || defined(CONFIG...MODULE) with IS_ENABLED(CONFIG...) Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 12/18] netfilter: wrap two inline functions in config checks Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 13/18] netfilter: update stub br_nf_pre_routing_ipv6 parameter to `void *priv` Jeremy Sowden
2019-09-13 8:13 ` Jeremy Sowden [this message]
2019-09-13 9:27 ` [PATCH nf-next v3 14/18] netfilter: move nf_conntrack code to linux/nf_conntrack_common.h Pablo Neira Ayuso
2019-09-13 10:30 ` Pablo Neira Ayuso
2019-09-13 8:13 ` [PATCH nf-next v3 15/18] netfilter: remove CONFIG_NF_CONNTRACK check from nf_conntrack_acct.h Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 16/18] netfilter: remove CONFIG_NETFILTER checks from headers Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 17/18] netfilter: remove CONFIG_NF_CONNTRACK checks from nf_conntrack_zones.h Jeremy Sowden
2019-09-13 8:13 ` [PATCH nf-next v3 18/18] netfilter: remove two unused functions from nf_conntrack_timestamp.h Jeremy Sowden
2019-09-13 9:27 ` [PATCH nf-next v3 00/18] Remove config option checks from netfilter headers Pablo Neira Ayuso
2019-09-13 10:57 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190913081318.16071-15-jeremy@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).