Commit 445db8d0 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: flowtable: remove dying bit, use teardown bit instead

The dying bit removes the conntrack entry if the netdev that owns this
flow is going down. Instead, use the teardown mechanism to push back the
flow to conntrack to let the classic software path decide what to do
with it.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 87265d84
...@@ -85,7 +85,6 @@ struct flow_offload_tuple_rhash { ...@@ -85,7 +85,6 @@ struct flow_offload_tuple_rhash {
#define FLOW_OFFLOAD_SNAT 0x1 #define FLOW_OFFLOAD_SNAT 0x1
#define FLOW_OFFLOAD_DNAT 0x2 #define FLOW_OFFLOAD_DNAT 0x2
#define FLOW_OFFLOAD_DYING 0x4
#define FLOW_OFFLOAD_TEARDOWN 0x8 #define FLOW_OFFLOAD_TEARDOWN 0x8
#define FLOW_OFFLOAD_HW 0x10 #define FLOW_OFFLOAD_HW 0x10
#define FLOW_OFFLOAD_HW_DYING 0x20 #define FLOW_OFFLOAD_HW_DYING 0x20
...@@ -134,10 +133,6 @@ int nf_flow_table_init(struct nf_flowtable *flow_table); ...@@ -134,10 +133,6 @@ int nf_flow_table_init(struct nf_flowtable *flow_table);
void nf_flow_table_free(struct nf_flowtable *flow_table); void nf_flow_table_free(struct nf_flowtable *flow_table);
void flow_offload_teardown(struct flow_offload *flow); void flow_offload_teardown(struct flow_offload *flow);
static inline void flow_offload_dead(struct flow_offload *flow)
{
flow->flags |= FLOW_OFFLOAD_DYING;
}
int nf_flow_snat_port(const struct flow_offload *flow, int nf_flow_snat_port(const struct flow_offload *flow,
struct sk_buff *skb, unsigned int thoff, struct sk_buff *skb, unsigned int thoff,
......
...@@ -182,8 +182,6 @@ void flow_offload_free(struct flow_offload *flow) ...@@ -182,8 +182,6 @@ void flow_offload_free(struct flow_offload *flow)
default: default:
break; break;
} }
if (flow->flags & FLOW_OFFLOAD_DYING)
nf_ct_delete(flow->ct, 0, 0);
nf_ct_put(flow->ct); nf_ct_put(flow->ct);
kfree_rcu(flow, rcu_head); kfree_rcu(flow, rcu_head);
} }
...@@ -300,7 +298,7 @@ flow_offload_lookup(struct nf_flowtable *flow_table, ...@@ -300,7 +298,7 @@ flow_offload_lookup(struct nf_flowtable *flow_table,
dir = tuplehash->tuple.dir; dir = tuplehash->tuple.dir;
flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
if (flow->flags & (FLOW_OFFLOAD_DYING | FLOW_OFFLOAD_TEARDOWN)) if (flow->flags & FLOW_OFFLOAD_TEARDOWN)
return NULL; return NULL;
if (unlikely(nf_ct_is_dying(flow->ct))) if (unlikely(nf_ct_is_dying(flow->ct)))
...@@ -349,7 +347,7 @@ static void nf_flow_offload_gc_step(struct flow_offload *flow, void *data) ...@@ -349,7 +347,7 @@ static void nf_flow_offload_gc_step(struct flow_offload *flow, void *data)
struct nf_flowtable *flow_table = data; struct nf_flowtable *flow_table = data;
if (nf_flow_has_expired(flow) || nf_ct_is_dying(flow->ct) || if (nf_flow_has_expired(flow) || nf_ct_is_dying(flow->ct) ||
(flow->flags & (FLOW_OFFLOAD_DYING | FLOW_OFFLOAD_TEARDOWN))) { (flow->flags & FLOW_OFFLOAD_TEARDOWN)) {
if (flow->flags & FLOW_OFFLOAD_HW) { if (flow->flags & FLOW_OFFLOAD_HW) {
if (!(flow->flags & FLOW_OFFLOAD_HW_DYING)) if (!(flow->flags & FLOW_OFFLOAD_HW_DYING))
nf_flow_offload_del(flow_table, flow); nf_flow_offload_del(flow_table, flow);
...@@ -523,7 +521,7 @@ static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data) ...@@ -523,7 +521,7 @@ static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data)
if (net_eq(nf_ct_net(flow->ct), dev_net(dev)) && if (net_eq(nf_ct_net(flow->ct), dev_net(dev)) &&
(flow->tuplehash[0].tuple.iifidx == dev->ifindex || (flow->tuplehash[0].tuple.iifidx == dev->ifindex ||
flow->tuplehash[1].tuple.iifidx == dev->ifindex)) flow->tuplehash[1].tuple.iifidx == dev->ifindex))
flow_offload_dead(flow); flow_offload_teardown(flow);
} }
static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable, static void nf_flow_table_iterate_cleanup(struct nf_flowtable *flowtable,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment