[NETFILTER]: revert MASQUERADE optimization for mostly static IPs

Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net>

[NETFILTER]: revert MASQUERADE optimization for mostly static IPs
Signed-off-by: Phil Oester <kernel@linuxace.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
b4726e94 · Phil Oester · Patrick McHardy · fbc32bd6 · b4726e94
Commit b4726e94 authored Nov 16, 2004 by Phil Oester Committed by Patrick McHardy Nov 16, 2004
Show whitespace changes
Inline Side-by-side

Showing with 36 additions and 24 deletions

net/ipv4/netfilter/ipt_MASQUERADE.c net/ipv4/netfilter/ipt_MASQUERADE.c +36 -24

No files found.
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -118,49 +118,57 @@ masquerade_target(struct sk_buff **pskb,
 }
 static inline int
-device_cmp(const struct ip_conntrack *i, void *_ina)
+device_cmp(const struct ip_conntrack *i, void *ifindex)
 {
-	int ret = 0;
+	int ret;
-	struct in_ifaddr *ina = _ina;
 	READ_LOCK(&masq_lock);
-	/* If it's masquerading out this interface with a different address,
+	ret = (i->nat.masq_index == (int)(long)ifindex);
-	   or we don't know the new address of this interface. */
-	if (i->nat.masq_index == ina->ifa_dev->dev->ifindex
-	    && i->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip != ina->ifa_address)
-		ret = 1;
 	READ_UNLOCK(&masq_lock);
 	return ret;
 }
-static inline int
+static int masq_device_event(struct notifier_block *this,
-connect_unassure(const struct ip_conntrack *i, void *_ina)
+			     unsigned long event,
+			     void *ptr)
 {
-	struct in_ifaddr *ina = _ina;
+	struct net_device *dev = ptr;
-	/* We reset the ASSURED bit on all connections, so they will
+	if (event == NETDEV_DOWN) {
-	 * get reaped under memory pressure. */
+		/* Device was downed.  Search entire table for
-	if (i->nat.masq_index == ina->ifa_dev->dev->ifindex)
+		   conntracks which were associated with that device,
-		clear_bit(IPS_ASSURED_BIT, (unsigned long *)&i->status);
+		   and forget them. */
-	return 0;
+		IP_NF_ASSERT(dev->ifindex != 0);
+		ip_ct_selective_cleanup(device_cmp, (void *)(long)dev->ifindex);
+	}
+	return NOTIFY_DONE;
 }
 static int masq_inet_event(struct notifier_block *this,
 			   unsigned long event,
 			   void *ptr)
 {
-	/* For some configurations, interfaces often come back with
+	struct net_device *dev = ((struct in_ifaddr *)ptr)->ifa_dev->dev;
-	 * the same address.  If not, clean up old conntrack
-	 * entries. */
+	if (event == NETDEV_DOWN) {
-	if (event == NETDEV_UP)
+		/* IP address was deleted.  Search entire table for
-		ip_ct_selective_cleanup(device_cmp, ptr);
+		   conntracks which were associated with that device,
-	else if (event == NETDEV_DOWN)
+		   and forget them. */
-		ip_ct_selective_cleanup(connect_unassure, ptr);
+		IP_NF_ASSERT(dev->ifindex != 0);
+		ip_ct_selective_cleanup(device_cmp, (void *)(long)dev->ifindex);
+	}
 	return NOTIFY_DONE;
 }
+static struct notifier_block masq_dev_notifier = {
+	.notifier_call	= masq_device_event,
+};
 static struct notifier_block masq_inet_notifier = {
 	.notifier_call	= masq_inet_event,
 };
@@ -178,9 +186,12 @@ static int __init init(void)
 	ret = ipt_register_target(&masquerade);
-	if (ret == 0)
+	if (ret == 0) {
+		/* Register for device down reports */
+		register_netdevice_notifier(&masq_dev_notifier);
 		/* Register IP address change reports */
 		register_inetaddr_notifier(&masq_inet_notifier);
+	}
 	return ret;
 }
@@ -188,6 +199,7 @@ static int __init init(void)
 static void __exit fini(void)
 {
 	ipt_unregister_target(&masquerade);
+	unregister_netdevice_notifier(&masq_dev_notifier);
 	unregister_inetaddr_notifier(&masq_inet_notifier);	
 }