netfilter: conntrack: move nf_ct_netns_{get,put}() to core

So we can call this from other expression that need conntrack in place to work. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Florian Westphal <fw@strlen.de>
2024-11-26 12:20:50 +07:00 · 2017-11-03 16:26:32 +01:00 · 2017-11-03 16:26:32 +01:00 · 7e35ec0e80
commit 7e35ec0e80
parent 5caaed151a
2 changed files with 38 additions and 38 deletions
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@ -172,7 +172,7 @@ void nf_ct_l3proto_module_put(unsigned short l3proto)
 }
 EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);
-int nf_ct_netns_get(struct net *net, u8 nfproto)
+static int nf_ct_netns_do_get(struct net *net, u8 nfproto)
 {
 	const struct nf_conntrack_l3proto *l3proto;
 	int ret;
@ -197,9 +197,33 @@ int nf_ct_netns_get(struct net *net, u8 nfproto)
 	return ret;
 }
 int nf_ct_netns_get(struct net *net, u8 nfproto)
 {
 	int err;
 	if (nfproto == NFPROTO_INET) {
 		err = nf_ct_netns_do_get(net, NFPROTO_IPV4);
 		if (err < 0)
 			goto err1;
 		err = nf_ct_netns_do_get(net, NFPROTO_IPV6);
 		if (err < 0)
 			goto err2;
 	} else {
 		err = nf_ct_netns_do_get(net, nfproto);
 		if (err < 0)
 			goto err1;
 	}
 	return 0;
 err2:
 	nf_ct_netns_put(net, NFPROTO_IPV4);
 err1:
 	return err;
 }
 EXPORT_SYMBOL_GPL(nf_ct_netns_get);
-void nf_ct_netns_put(struct net *net, u8 nfproto)
+static void nf_ct_netns_do_put(struct net *net, u8 nfproto)
 {
 	const struct nf_conntrack_l3proto *l3proto;
@ -218,6 +242,15 @@ void nf_ct_netns_put(struct net *net, u8 nfproto)
 	nf_ct_l3proto_module_put(nfproto);
 }
 void nf_ct_netns_put(struct net *net, uint8_t nfproto)
 {
 	if (nfproto == NFPROTO_INET) {
 		nf_ct_netns_do_put(net, NFPROTO_IPV4);
 		nf_ct_netns_do_put(net, NFPROTO_IPV6);
 	} else
 		nf_ct_netns_do_put(net, nfproto);
 }
 EXPORT_SYMBOL_GPL(nf_ct_netns_put);
 const struct nf_conntrack_l4proto *
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@ -312,39 +312,6 @@ static const struct nla_policy nft_ct_policy[NFTA_CT_MAX + 1] = {
 	[NFTA_CT_SREG]		= { .type = NLA_U32 },
 };
 static int nft_ct_netns_get(struct net *net, uint8_t family)
 {
 	int err;
 	if (family == NFPROTO_INET) {
 		err = nf_ct_netns_get(net, NFPROTO_IPV4);
 		if (err < 0)
 			goto err1;
 		err = nf_ct_netns_get(net, NFPROTO_IPV6);
 		if (err < 0)
 			goto err2;
 	} else {
 		err = nf_ct_netns_get(net, family);
 		if (err < 0)
 			goto err1;
 	}
 	return 0;
 err2:
 	nf_ct_netns_put(net, NFPROTO_IPV4);
 err1:
 	return err;
 }
 static void nft_ct_netns_put(struct net *net, uint8_t family)
 {
 	if (family == NFPROTO_INET) {
 		nf_ct_netns_put(net, NFPROTO_IPV4);
 		nf_ct_netns_put(net, NFPROTO_IPV6);
 	} else
 		nf_ct_netns_put(net, family);
 }
 #ifdef CONFIG_NF_CONNTRACK_ZONES
 static void nft_ct_tmpl_put_pcpu(void)
 {
@ -489,7 +456,7 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
 	if (err < 0)
 		return err;
-	err = nft_ct_netns_get(ctx->net, ctx->afi->family);
+	err = nf_ct_netns_get(ctx->net, ctx->afi->family);
 	if (err < 0)
 		return err;
@ -583,7 +550,7 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
 	if (err < 0)
 		goto err1;
-	err = nft_ct_netns_get(ctx->net, ctx->afi->family);
+	err = nf_ct_netns_get(ctx->net, ctx->afi->family);
 	if (err < 0)
 		goto err1;
@ -606,7 +573,7 @@ static void nft_ct_set_destroy(const struct nft_ctx *ctx,
 	struct nft_ct *priv = nft_expr_priv(expr);
 	__nft_ct_set_destroy(ctx, priv);
-	nft_ct_netns_put(ctx->net, ctx->afi->family);
+	nf_ct_netns_put(ctx->net, ctx->afi->family);
 }
 static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr)