Commit 8a23f4ab authored by Florian Westphal's avatar Florian Westphal
Browse files

netfilter: conntrack: simplify nf_conntrack_alter_reply 



nf_conntrack_alter_reply doesn't do helper reassignment anymore.
Remove the comments that make this claim.

Furthermore, remove dead code from the function and place ot
in nf_conntrack.h.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
parent 99ab9f84

include/net/netfilter/nf_conntrack.h

+10 −4
Original line number Diff line number Diff line
@@ -160,10 +160,6 @@ static inline struct net *nf_ct_net(const struct nf_conn *ct) 
	return read_pnet(&ct->ct_net);

}



/* Alter reply tuple (maybe alter helper). */

void nf_conntrack_alter_reply(struct nf_conn *ct,

			      const struct nf_conntrack_tuple *newreply);



/* Is this tuple taken? (ignoring any belonging to the given

   conntrack). */

int nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
@@ -284,6 +280,16 @@ static inline bool nf_is_loopback_packet(const struct sk_buff *skb) 
	return skb->dev && skb->skb_iif && skb->dev->flags & IFF_LOOPBACK;

}



static inline void nf_conntrack_alter_reply(struct nf_conn *ct,

					    const struct nf_conntrack_tuple *newreply)

{

	/* Must be unconfirmed, so not in hash table yet */

	if (WARN_ON(nf_ct_is_confirmed(ct)))

		return;



	ct->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply;

}



#define nfct_time_stamp ((u32)(jiffies))



/* jiffies until ct expires, 0 if already expired */

net/netfilter/nf_conntrack_core.c

+0 −18
Original line number Diff line number Diff line
@@ -2042,24 +2042,6 @@ nf_conntrack_in(struct sk_buff *skb, const struct nf_hook_state *state) 
}

EXPORT_SYMBOL_GPL(nf_conntrack_in);



/* Alter reply tuple (maybe alter helper).  This is for NAT, and is

   implicitly racy: see __nf_conntrack_confirm */

void nf_conntrack_alter_reply(struct nf_conn *ct,

			      const struct nf_conntrack_tuple *newreply)

{

	struct nf_conn_help *help = nfct_help(ct);



	/* Should be unconfirmed, so not in hash table yet */

	WARN_ON(nf_ct_is_confirmed(ct));



	nf_ct_dump_tuple(newreply);



	ct->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply;

	if (ct->master || (help && !hlist_empty(&help->expectations)))

		return;

}

EXPORT_SYMBOL_GPL(nf_conntrack_alter_reply);



/* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */

void __nf_ct_refresh_acct(struct nf_conn *ct,

			  enum ip_conntrack_info ctinfo,

net/netfilter/nf_conntrack_helper.c

+1 −6
Original line number Diff line number Diff line
@@ -194,12 +194,7 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl, 
	struct nf_conntrack_helper *helper = NULL;

	struct nf_conn_help *help;



	/* We already got a helper explicitly attached. The function

	 * nf_conntrack_alter_reply - in case NAT is in use - asks for looking

	 * the helper up again. Since now the user is in full control of

	 * making consistent helper configurations, skip this automatic

	 * re-lookup, otherwise we'll lose the helper.

	 */

	/* We already got a helper explicitly attached (e.g. nft_ct) */

	if (test_bit(IPS_HELPER_BIT, &ct->status))

		return 0;