netfilter: nf_flow_table: track flow tables in nf_flow_table directly (84453a90) · Commits · 戴 / test

include/net/netfilter/nf_flow_table.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -21,6 +21,7 @@ struct nf_flowtable_type {
		};

		struct nf_flowtable {
		struct list_head list;
		struct rhashtable rhashtable;
		const struct nf_flowtable_type *type;
		struct delayed_work gc_work;

include/net/netfilter/nf_tables.h

+0 −3

Original line number	Diff line number	Diff line
		@@ -1109,9 +1109,6 @@ struct nft_flowtable {
		struct nft_flowtable nf_tables_flowtable_lookup(const struct nft_table table,
		const struct nlattr *nla,
		u8 genmask);
		void nft_flow_table_iterate(struct net *net,
		void (iter)(struct nf_flowtable flowtable, void *data),
		void *data);

		void nft_register_flowtable_type(struct nf_flowtable_type *type);
		void nft_unregister_flowtable_type(struct nf_flowtable_type *type);

net/netfilter/nf_flow_table_core.c

+18 −3

Original line number	Diff line number	Diff line
		@@ -18,6 +18,9 @@ struct flow_offload_entry {
		struct rcu_head rcu_head;
		};

		static DEFINE_MUTEX(flowtable_lock);
		static LIST_HEAD(flowtables);

		static void
		flow_offload_fill_dir(struct flow_offload flow, struct nf_conn ct,
		struct nf_flow_route *route,
		@@ -410,6 +413,10 @@ int nf_flow_table_init(struct nf_flowtable *flowtable)
		queue_delayed_work(system_power_efficient_wq,
		&flowtable->gc_work, HZ);

		mutex_lock(&flowtable_lock);
		list_add(&flowtable->list, &flowtables);
		mutex_unlock(&flowtable_lock);

		return 0;
		}
		EXPORT_SYMBOL_GPL(nf_flow_table_init);
		@@ -425,20 +432,28 @@ static void nf_flow_table_do_cleanup(struct flow_offload flow, void data)
		}

		static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable,
		void *data)
		struct net_device *dev)
		{
		nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, data);
		nf_flow_table_iterate(flowtable, nf_flow_table_do_cleanup, dev);
		flush_delayed_work(&flowtable->gc_work);
		}

		void nf_flow_table_cleanup(struct net net, struct net_device dev)
		{
		nft_flow_table_iterate(net, nf_flow_table_iterate_cleanup, dev);
		struct nf_flowtable *flowtable;

		mutex_lock(&flowtable_lock);
		list_for_each_entry(flowtable, &flowtables, list)
		nf_flow_table_iterate_cleanup(flowtable, dev);
		mutex_unlock(&flowtable_lock);
		}
		EXPORT_SYMBOL_GPL(nf_flow_table_cleanup);

		void nf_flow_table_free(struct nf_flowtable *flow_table)
		{
		mutex_lock(&flowtable_lock);
		list_del(&flow_table->list);
		mutex_unlock(&flowtable_lock);
		cancel_delayed_work_sync(&flow_table->gc_work);
		nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL);
		WARN_ON(!nf_flow_offload_gc_step(flow_table));

net/netfilter/nf_tables_api.c

+0 −17

Original line number	Diff line number	Diff line
		@@ -5060,23 +5060,6 @@ static const struct nf_flowtable_type *nft_flowtable_type_get(u8 family)
		return ERR_PTR(-ENOENT);
		}

		void nft_flow_table_iterate(struct net *net,
		void (iter)(struct nf_flowtable flowtable, void *data),
		void *data)
		{
		struct nft_flowtable *flowtable;
		const struct nft_table *table;

		nfnl_lock(NFNL_SUBSYS_NFTABLES);
		list_for_each_entry(table, &net->nft.tables, list) {
		list_for_each_entry(flowtable, &table->flowtables, list) {
		iter(&flowtable->data, data);
		}
		}
		nfnl_unlock(NFNL_SUBSYS_NFTABLES);
		}
		EXPORT_SYMBOL_GPL(nft_flow_table_iterate);

		static void nft_unregister_flowtable_net_hooks(struct net *net,
		struct nft_flowtable *flowtable)
		{

Admin message