c783884f862c1eae7ef4ccf1ea7652ac0248fc16
[librecmc/librecmc.git] /
1 From: Felix Fietkau <nbd@nbd.name>
2 Date: Sun, 18 Feb 2018 18:16:31 +0100
3 Subject: [PATCH] netfilter: nf_flow_table: move init code to
4  nf_flow_table_core.c
5
6 Reduces duplication of .gc and .params in flowtable type definitions and
7 makes the API clearer
8
9 Signed-off-by: Felix Fietkau <nbd@nbd.name>
10 ---
11
12 --- a/include/net/netfilter/nf_flow_table.h
13 +++ b/include/net/netfilter/nf_flow_table.h
14 @@ -14,9 +14,8 @@ struct nf_flowtable;
15  struct nf_flowtable_type {
16         struct list_head                list;
17         int                             family;
18 -       void                            (*gc)(struct work_struct *work);
19 +       int                             (*init)(struct nf_flowtable *ft);
20         void                            (*free)(struct nf_flowtable *ft);
21 -       const struct rhashtable_params  *params;
22         nf_hookfn                       *hook;
23         struct module                   *owner;
24  };
25 @@ -100,9 +99,8 @@ int nf_flow_table_iterate(struct nf_flow
26  
27  void nf_flow_table_cleanup(struct net *net, struct net_device *dev);
28  
29 +int nf_flow_table_init(struct nf_flowtable *flow_table);
30  void nf_flow_table_free(struct nf_flowtable *flow_table);
31 -void nf_flow_offload_work_gc(struct work_struct *work);
32 -extern const struct rhashtable_params nf_flow_offload_rhash_params;
33  
34  void flow_offload_dead(struct flow_offload *flow);
35  
36 --- a/net/ipv4/netfilter/nf_flow_table_ipv4.c
37 +++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c
38 @@ -7,8 +7,7 @@
39  
40  static struct nf_flowtable_type flowtable_ipv4 = {
41         .family         = NFPROTO_IPV4,
42 -       .params         = &nf_flow_offload_rhash_params,
43 -       .gc             = nf_flow_offload_work_gc,
44 +       .init           = nf_flow_table_init,
45         .free           = nf_flow_table_free,
46         .hook           = nf_flow_offload_ip_hook,
47         .owner          = THIS_MODULE,
48 --- a/net/ipv6/netfilter/nf_flow_table_ipv6.c
49 +++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c
50 @@ -8,8 +8,7 @@
51  
52  static struct nf_flowtable_type flowtable_ipv6 = {
53         .family         = NFPROTO_IPV6,
54 -       .params         = &nf_flow_offload_rhash_params,
55 -       .gc             = nf_flow_offload_work_gc,
56 +       .init           = nf_flow_table_init,
57         .free           = nf_flow_table_free,
58         .hook           = nf_flow_offload_ipv6_hook,
59         .owner          = THIS_MODULE,
60 --- a/net/netfilter/nf_flow_table_core.c
61 +++ b/net/netfilter/nf_flow_table_core.c
62 @@ -116,16 +116,50 @@ void flow_offload_dead(struct flow_offlo
63  }
64  EXPORT_SYMBOL_GPL(flow_offload_dead);
65  
66 +static u32 flow_offload_hash(const void *data, u32 len, u32 seed)
67 +{
68 +       const struct flow_offload_tuple *tuple = data;
69 +
70 +       return jhash(tuple, offsetof(struct flow_offload_tuple, dir), seed);
71 +}
72 +
73 +static u32 flow_offload_hash_obj(const void *data, u32 len, u32 seed)
74 +{
75 +       const struct flow_offload_tuple_rhash *tuplehash = data;
76 +
77 +       return jhash(&tuplehash->tuple, offsetof(struct flow_offload_tuple, dir), seed);
78 +}
79 +
80 +static int flow_offload_hash_cmp(struct rhashtable_compare_arg *arg,
81 +                                       const void *ptr)
82 +{
83 +       const struct flow_offload_tuple *tuple = arg->key;
84 +       const struct flow_offload_tuple_rhash *x = ptr;
85 +
86 +       if (memcmp(&x->tuple, tuple, offsetof(struct flow_offload_tuple, dir)))
87 +               return 1;
88 +
89 +       return 0;
90 +}
91 +
92 +static const struct rhashtable_params nf_flow_offload_rhash_params = {
93 +       .head_offset            = offsetof(struct flow_offload_tuple_rhash, node),
94 +       .hashfn                 = flow_offload_hash,
95 +       .obj_hashfn             = flow_offload_hash_obj,
96 +       .obj_cmpfn              = flow_offload_hash_cmp,
97 +       .automatic_shrinking    = true,
98 +};
99 +
100  int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow)
101  {
102         flow->timeout = (u32)jiffies;
103  
104         rhashtable_insert_fast(&flow_table->rhashtable,
105                                &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node,
106 -                              *flow_table->type->params);
107 +                              nf_flow_offload_rhash_params);
108         rhashtable_insert_fast(&flow_table->rhashtable,
109                                &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node,
110 -                              *flow_table->type->params);
111 +                              nf_flow_offload_rhash_params);
112         return 0;
113  }
114  EXPORT_SYMBOL_GPL(flow_offload_add);
115 @@ -135,10 +169,10 @@ static void flow_offload_del(struct nf_f
116  {
117         rhashtable_remove_fast(&flow_table->rhashtable,
118                                &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node,
119 -                              *flow_table->type->params);
120 +                              nf_flow_offload_rhash_params);
121         rhashtable_remove_fast(&flow_table->rhashtable,
122                                &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node,
123 -                              *flow_table->type->params);
124 +                              nf_flow_offload_rhash_params);
125  
126         flow_offload_free(flow);
127  }
128 @@ -148,7 +182,7 @@ flow_offload_lookup(struct nf_flowtable
129                     struct flow_offload_tuple *tuple)
130  {
131         return rhashtable_lookup_fast(&flow_table->rhashtable, tuple,
132 -                                     *flow_table->type->params);
133 +                                     nf_flow_offload_rhash_params);
134  }
135  EXPORT_SYMBOL_GPL(flow_offload_lookup);
136  
137 @@ -237,7 +271,7 @@ out:
138         return 1;
139  }
140  
141 -void nf_flow_offload_work_gc(struct work_struct *work)
142 +static void nf_flow_offload_work_gc(struct work_struct *work)
143  {
144         struct nf_flowtable *flow_table;
145  
146 @@ -245,42 +279,6 @@ void nf_flow_offload_work_gc(struct work
147         nf_flow_offload_gc_step(flow_table);
148         queue_delayed_work(system_power_efficient_wq, &flow_table->gc_work, HZ);
149  }
150 -EXPORT_SYMBOL_GPL(nf_flow_offload_work_gc);
151 -
152 -static u32 flow_offload_hash(const void *data, u32 len, u32 seed)
153 -{
154 -       const struct flow_offload_tuple *tuple = data;
155 -
156 -       return jhash(tuple, offsetof(struct flow_offload_tuple, dir), seed);
157 -}
158 -
159 -static u32 flow_offload_hash_obj(const void *data, u32 len, u32 seed)
160 -{
161 -       const struct flow_offload_tuple_rhash *tuplehash = data;
162 -
163 -       return jhash(&tuplehash->tuple, offsetof(struct flow_offload_tuple, dir), seed);
164 -}
165 -
166 -static int flow_offload_hash_cmp(struct rhashtable_compare_arg *arg,
167 -                                       const void *ptr)
168 -{
169 -       const struct flow_offload_tuple *tuple = arg->key;
170 -       const struct flow_offload_tuple_rhash *x = ptr;
171 -
172 -       if (memcmp(&x->tuple, tuple, offsetof(struct flow_offload_tuple, dir)))
173 -               return 1;
174 -
175 -       return 0;
176 -}
177 -
178 -const struct rhashtable_params nf_flow_offload_rhash_params = {
179 -       .head_offset            = offsetof(struct flow_offload_tuple_rhash, node),
180 -       .hashfn                 = flow_offload_hash,
181 -       .obj_hashfn             = flow_offload_hash_obj,
182 -       .obj_cmpfn              = flow_offload_hash_cmp,
183 -       .automatic_shrinking    = true,
184 -};
185 -EXPORT_SYMBOL_GPL(nf_flow_offload_rhash_params);
186  
187  static int nf_flow_nat_port_tcp(struct sk_buff *skb, unsigned int thoff,
188                                 __be16 port, __be16 new_port)
189 @@ -398,6 +396,24 @@ int nf_flow_dnat_port(const struct flow_
190  }
191  EXPORT_SYMBOL_GPL(nf_flow_dnat_port);
192  
193 +int nf_flow_table_init(struct nf_flowtable *flowtable)
194 +{
195 +       int err;
196 +
197 +       INIT_DEFERRABLE_WORK(&flowtable->gc_work, nf_flow_offload_work_gc);
198 +
199 +       err = rhashtable_init(&flowtable->rhashtable,
200 +                             &nf_flow_offload_rhash_params);
201 +       if (err < 0)
202 +               return err;
203 +
204 +       queue_delayed_work(system_power_efficient_wq,
205 +                          &flowtable->gc_work, HZ);
206 +
207 +       return 0;
208 +}
209 +EXPORT_SYMBOL_GPL(nf_flow_table_init);
210 +
211  static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data)
212  {
213         struct net_device *dev = data;
214 @@ -423,8 +439,10 @@ EXPORT_SYMBOL_GPL(nf_flow_table_cleanup)
215  
216  void nf_flow_table_free(struct nf_flowtable *flow_table)
217  {
218 +       cancel_delayed_work_sync(&flow_table->gc_work);
219         nf_flow_table_iterate(flow_table, nf_flow_table_do_cleanup, NULL);
220         WARN_ON(!nf_flow_offload_gc_step(flow_table));
221 +       rhashtable_destroy(&flow_table->rhashtable);
222  }
223  EXPORT_SYMBOL_GPL(nf_flow_table_free);
224  
225 --- a/net/netfilter/nf_flow_table_inet.c
226 +++ b/net/netfilter/nf_flow_table_inet.c
227 @@ -22,8 +22,7 @@ nf_flow_offload_inet_hook(void *priv, st
228  
229  static struct nf_flowtable_type flowtable_inet = {
230         .family         = NFPROTO_INET,
231 -       .params         = &nf_flow_offload_rhash_params,
232 -       .gc             = nf_flow_offload_work_gc,
233 +       .init           = nf_flow_table_init,
234         .free           = nf_flow_table_free,
235         .hook           = nf_flow_offload_inet_hook,
236         .owner          = THIS_MODULE,
237 --- a/net/netfilter/nf_tables_api.c
238 +++ b/net/netfilter/nf_tables_api.c
239 @@ -5013,40 +5013,38 @@ static int nf_tables_newflowtable(struct
240         }
241  
242         flowtable->data.type = type;
243 -       err = rhashtable_init(&flowtable->data.rhashtable, type->params);
244 +       err = type->init(&flowtable->data);
245         if (err < 0)
246                 goto err3;
247  
248         err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
249                                              flowtable);
250         if (err < 0)
251 -               goto err3;
252 +               goto err4;
253  
254         for (i = 0; i < flowtable->ops_len; i++) {
255                 err = nf_register_net_hook(net, &flowtable->ops[i]);
256                 if (err < 0)
257 -                       goto err4;
258 +                       goto err5;
259         }
260  
261         err = nft_trans_flowtable_add(&ctx, NFT_MSG_NEWFLOWTABLE, flowtable);
262         if (err < 0)
263 -               goto err5;
264 -
265 -       INIT_DEFERRABLE_WORK(&flowtable->data.gc_work, type->gc);
266 -       queue_delayed_work(system_power_efficient_wq,
267 -                          &flowtable->data.gc_work, HZ);
268 +               goto err6;
269  
270         list_add_tail_rcu(&flowtable->list, &table->flowtables);
271         table->use++;
272  
273         return 0;
274 -err5:
275 +err6:
276         i = flowtable->ops_len;
277 -err4:
278 +err5:
279         for (k = i - 1; k >= 0; k--)
280                 nf_unregister_net_hook(net, &flowtable->ops[i]);
281  
282         kfree(flowtable->ops);
283 +err4:
284 +       flowtable->data.type->free(&flowtable->data);
285  err3:
286         module_put(type->owner);
287  err2:
288 @@ -5327,10 +5325,8 @@ err:
289  
290  static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
291  {
292 -       cancel_delayed_work_sync(&flowtable->data.gc_work);
293         kfree(flowtable->name);
294         flowtable->data.type->free(&flowtable->data);
295 -       rhashtable_destroy(&flowtable->data.rhashtable);
296         module_put(flowtable->data.type->owner);
297  }
298