Commit 8f23f35f authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso

netfilter: nat: destroy nat mappings on module exit path only

We don't need pernetns cleanup anymore.  If the netns is being
destroyed, conntrack netns exit will kill all entries in this namespace,
and neither conntrack hash table nor bysource hash are per namespace.

For the rmmod case, we have to make sure we remove all entries from the
nat bysource table, so call the new nf_ct_iterate_destroy in module exit
path.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 0d02d564
...@@ -582,12 +582,8 @@ static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto) ...@@ -582,12 +582,8 @@ static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto)
.l3proto = l3proto, .l3proto = l3proto,
.l4proto = l4proto, .l4proto = l4proto,
}; };
struct net *net;
rtnl_lock(); nf_ct_iterate_destroy(nf_nat_proto_remove, &clean);
for_each_net(net)
nf_ct_iterate_cleanup_net(net, nf_nat_proto_remove, &clean, 0, 0);
rtnl_unlock();
} }
static void nf_nat_l3proto_clean(u8 l3proto) static void nf_nat_l3proto_clean(u8 l3proto)
...@@ -595,13 +591,8 @@ static void nf_nat_l3proto_clean(u8 l3proto) ...@@ -595,13 +591,8 @@ static void nf_nat_l3proto_clean(u8 l3proto)
struct nf_nat_proto_clean clean = { struct nf_nat_proto_clean clean = {
.l3proto = l3proto, .l3proto = l3proto,
}; };
struct net *net;
rtnl_lock(); nf_ct_iterate_destroy(nf_nat_proto_remove, &clean);
for_each_net(net)
nf_ct_iterate_cleanup_net(net, nf_nat_proto_remove, &clean, 0, 0);
rtnl_unlock();
} }
/* Protocol registration. */ /* Protocol registration. */
...@@ -822,17 +813,6 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct, ...@@ -822,17 +813,6 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
} }
#endif #endif
static void __net_exit nf_nat_net_exit(struct net *net)
{
struct nf_nat_proto_clean clean = {};
nf_ct_iterate_cleanup_net(net, nf_nat_proto_clean, &clean, 0, 0);
}
static struct pernet_operations nf_nat_net_ops = {
.exit = nf_nat_net_exit,
};
static struct nf_ct_helper_expectfn follow_master_nat = { static struct nf_ct_helper_expectfn follow_master_nat = {
.name = "nat-follow-master", .name = "nat-follow-master",
.expectfn = nf_nat_follow_master, .expectfn = nf_nat_follow_master,
...@@ -853,10 +833,6 @@ static int __init nf_nat_init(void) ...@@ -853,10 +833,6 @@ static int __init nf_nat_init(void)
return ret; return ret;
} }
ret = register_pernet_subsys(&nf_nat_net_ops);
if (ret < 0)
goto cleanup_extend;
nf_ct_helper_expectfn_register(&follow_master_nat); nf_ct_helper_expectfn_register(&follow_master_nat);
BUG_ON(nfnetlink_parse_nat_setup_hook != NULL); BUG_ON(nfnetlink_parse_nat_setup_hook != NULL);
...@@ -867,18 +843,15 @@ static int __init nf_nat_init(void) ...@@ -867,18 +843,15 @@ static int __init nf_nat_init(void)
RCU_INIT_POINTER(nf_nat_decode_session_hook, __nf_nat_decode_session); RCU_INIT_POINTER(nf_nat_decode_session_hook, __nf_nat_decode_session);
#endif #endif
return 0; return 0;
cleanup_extend:
rhltable_destroy(&nf_nat_bysource_table);
nf_ct_extend_unregister(&nat_extend);
return ret;
} }
static void __exit nf_nat_cleanup(void) static void __exit nf_nat_cleanup(void)
{ {
struct nf_nat_proto_clean clean = {};
unsigned int i; unsigned int i;
unregister_pernet_subsys(&nf_nat_net_ops); nf_ct_iterate_destroy(nf_nat_proto_clean, &clean);
nf_ct_extend_unregister(&nat_extend); nf_ct_extend_unregister(&nat_extend);
nf_ct_helper_expectfn_unregister(&follow_master_nat); nf_ct_helper_expectfn_unregister(&follow_master_nat);
RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook, NULL); RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook, NULL);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment