netfilter: remove nf_ct_is_untracked
This function is now obsolete and always returns false. This change has no effect on generated code. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Родитель
cc41c84b7e
Коммит
ab8bc7ed86
|
@ -1555,7 +1555,7 @@ static inline void ip_vs_notrack(struct sk_buff *skb)
|
||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
||||||
|
|
||||||
if (!ct || !nf_ct_is_untracked(ct)) {
|
if (ct) {
|
||||||
nf_conntrack_put(&ct->ct_general);
|
nf_conntrack_put(&ct->ct_general);
|
||||||
nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
|
nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
|
||||||
}
|
}
|
||||||
|
@ -1616,7 +1616,7 @@ static inline bool ip_vs_conn_uses_conntrack(struct ip_vs_conn *cp,
|
||||||
if (!(cp->flags & IP_VS_CONN_F_NFCT))
|
if (!(cp->flags & IP_VS_CONN_F_NFCT))
|
||||||
return false;
|
return false;
|
||||||
ct = nf_ct_get(skb, &ctinfo);
|
ct = nf_ct_get(skb, &ctinfo);
|
||||||
if (ct && !nf_ct_is_untracked(ct))
|
if (ct)
|
||||||
return true;
|
return true;
|
||||||
#endif
|
#endif
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -273,11 +273,6 @@ static inline int nf_ct_is_dying(const struct nf_conn *ct)
|
||||||
return test_bit(IPS_DYING_BIT, &ct->status);
|
return test_bit(IPS_DYING_BIT, &ct->status);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int nf_ct_is_untracked(const struct nf_conn *ct)
|
|
||||||
{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Packet is received from loopback */
|
/* Packet is received from loopback */
|
||||||
static inline bool nf_is_loopback_packet(const struct sk_buff *skb)
|
static inline bool nf_is_loopback_packet(const struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
|
|
|
@ -65,7 +65,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
|
||||||
struct nf_conn *ct = (struct nf_conn *)skb_nfct(skb);
|
struct nf_conn *ct = (struct nf_conn *)skb_nfct(skb);
|
||||||
int ret = NF_ACCEPT;
|
int ret = NF_ACCEPT;
|
||||||
|
|
||||||
if (ct && !nf_ct_is_untracked(ct)) {
|
if (ct) {
|
||||||
if (!nf_ct_is_confirmed(ct))
|
if (!nf_ct_is_confirmed(ct))
|
||||||
ret = __nf_conntrack_confirm(skb);
|
ret = __nf_conntrack_confirm(skb);
|
||||||
if (likely(ret == NF_ACCEPT))
|
if (likely(ret == NF_ACCEPT))
|
||||||
|
|
|
@ -264,10 +264,6 @@ nf_nat_ipv4_fn(void *priv, struct sk_buff *skb,
|
||||||
if (!ct)
|
if (!ct)
|
||||||
return NF_ACCEPT;
|
return NF_ACCEPT;
|
||||||
|
|
||||||
/* Don't try to NAT if this packet is not conntracked */
|
|
||||||
if (nf_ct_is_untracked(ct))
|
|
||||||
return NF_ACCEPT;
|
|
||||||
|
|
||||||
nat = nf_ct_nat_ext_add(ct);
|
nat = nf_ct_nat_ext_add(ct);
|
||||||
if (nat == NULL)
|
if (nat == NULL)
|
||||||
return NF_ACCEPT;
|
return NF_ACCEPT;
|
||||||
|
|
|
@ -139,7 +139,7 @@ struct sock *nf_sk_lookup_slow_v4(struct net *net, const struct sk_buff *skb,
|
||||||
* SNAT-ted connection.
|
* SNAT-ted connection.
|
||||||
*/
|
*/
|
||||||
ct = nf_ct_get(skb, &ctinfo);
|
ct = nf_ct_get(skb, &ctinfo);
|
||||||
if (ct && !nf_ct_is_untracked(ct) &&
|
if (ct &&
|
||||||
((iph->protocol != IPPROTO_ICMP &&
|
((iph->protocol != IPPROTO_ICMP &&
|
||||||
ctinfo == IP_CT_ESTABLISHED_REPLY) ||
|
ctinfo == IP_CT_ESTABLISHED_REPLY) ||
|
||||||
(iph->protocol == IPPROTO_ICMP &&
|
(iph->protocol == IPPROTO_ICMP &&
|
||||||
|
|
|
@ -273,10 +273,6 @@ nf_nat_ipv6_fn(void *priv, struct sk_buff *skb,
|
||||||
if (!ct)
|
if (!ct)
|
||||||
return NF_ACCEPT;
|
return NF_ACCEPT;
|
||||||
|
|
||||||
/* Don't try to NAT if this packet is not conntracked */
|
|
||||||
if (nf_ct_is_untracked(ct))
|
|
||||||
return NF_ACCEPT;
|
|
||||||
|
|
||||||
nat = nf_ct_nat_ext_add(ct);
|
nat = nf_ct_nat_ext_add(ct);
|
||||||
if (nat == NULL)
|
if (nat == NULL)
|
||||||
return NF_ACCEPT;
|
return NF_ACCEPT;
|
||||||
|
|
|
@ -260,9 +260,8 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
|
||||||
buf_len = strlen(buf);
|
buf_len = strlen(buf);
|
||||||
|
|
||||||
ct = nf_ct_get(skb, &ctinfo);
|
ct = nf_ct_get(skb, &ctinfo);
|
||||||
if (ct && !nf_ct_is_untracked(ct) && (ct->status & IPS_NAT_MASK)) {
|
if (ct && nfct_nat(ct)) {
|
||||||
bool mangled;
|
bool mangled;
|
||||||
|
|
||||||
/* If mangling fails this function will return 0
|
/* If mangling fails this function will return 0
|
||||||
* which will cause the packet to be dropped.
|
* which will cause the packet to be dropped.
|
||||||
* Mangling can only fail under memory pressure,
|
* Mangling can only fail under memory pressure,
|
||||||
|
|
|
@ -85,7 +85,7 @@ ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp, int outin)
|
||||||
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
||||||
struct nf_conntrack_tuple new_tuple;
|
struct nf_conntrack_tuple new_tuple;
|
||||||
|
|
||||||
if (ct == NULL || nf_ct_is_confirmed(ct) || nf_ct_is_untracked(ct) ||
|
if (ct == NULL || nf_ct_is_confirmed(ct) ||
|
||||||
nf_ct_is_dying(ct))
|
nf_ct_is_dying(ct))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -232,7 +232,7 @@ void ip_vs_nfct_expect_related(struct sk_buff *skb, struct nf_conn *ct,
|
||||||
{
|
{
|
||||||
struct nf_conntrack_expect *exp;
|
struct nf_conntrack_expect *exp;
|
||||||
|
|
||||||
if (ct == NULL || nf_ct_is_untracked(ct))
|
if (ct == NULL)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
exp = nf_ct_expect_alloc(ct);
|
exp = nf_ct_expect_alloc(ct);
|
||||||
|
|
|
@ -775,7 +775,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
|
||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
||||||
|
|
||||||
if (ct && !nf_ct_is_untracked(ct)) {
|
if (ct) {
|
||||||
IP_VS_DBG_RL_PKT(10, AF_INET, pp, skb, ipvsh->off,
|
IP_VS_DBG_RL_PKT(10, AF_INET, pp, skb, ipvsh->off,
|
||||||
"ip_vs_nat_xmit(): "
|
"ip_vs_nat_xmit(): "
|
||||||
"stopping DNAT to local address");
|
"stopping DNAT to local address");
|
||||||
|
@ -866,7 +866,7 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
|
||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
||||||
|
|
||||||
if (ct && !nf_ct_is_untracked(ct)) {
|
if (ct) {
|
||||||
IP_VS_DBG_RL_PKT(10, AF_INET6, pp, skb, ipvsh->off,
|
IP_VS_DBG_RL_PKT(10, AF_INET6, pp, skb, ipvsh->off,
|
||||||
"ip_vs_nat_xmit_v6(): "
|
"ip_vs_nat_xmit_v6(): "
|
||||||
"stopping DNAT to local address");
|
"stopping DNAT to local address");
|
||||||
|
@ -1338,7 +1338,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
|
||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
||||||
|
|
||||||
if (ct && !nf_ct_is_untracked(ct)) {
|
if (ct) {
|
||||||
IP_VS_DBG(10, "%s(): "
|
IP_VS_DBG(10, "%s(): "
|
||||||
"stopping DNAT to local address %pI4\n",
|
"stopping DNAT to local address %pI4\n",
|
||||||
__func__, &cp->daddr.ip);
|
__func__, &cp->daddr.ip);
|
||||||
|
@ -1429,7 +1429,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
|
||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
||||||
|
|
||||||
if (ct && !nf_ct_is_untracked(ct)) {
|
if (ct) {
|
||||||
IP_VS_DBG(10, "%s(): "
|
IP_VS_DBG(10, "%s(): "
|
||||||
"stopping DNAT to local address %pI6\n",
|
"stopping DNAT to local address %pI6\n",
|
||||||
__func__, &cp->daddr.in6);
|
__func__, &cp->daddr.in6);
|
||||||
|
|
|
@ -627,10 +627,6 @@ ctnetlink_conntrack_event(unsigned int events, struct nf_ct_event *item)
|
||||||
unsigned int flags = 0, group;
|
unsigned int flags = 0, group;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
/* ignore our fake conntrack entry */
|
|
||||||
if (nf_ct_is_untracked(ct))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if (events & (1 << IPCT_DESTROY)) {
|
if (events & (1 << IPCT_DESTROY)) {
|
||||||
type = IPCTNL_MSG_CT_DELETE;
|
type = IPCTNL_MSG_CT_DELETE;
|
||||||
group = NFNLGRP_CONNTRACK_DESTROY;
|
group = NFNLGRP_CONNTRACK_DESTROY;
|
||||||
|
@ -2173,13 +2169,7 @@ ctnetlink_glue_build_size(const struct nf_conn *ct)
|
||||||
static struct nf_conn *ctnetlink_glue_get_ct(const struct sk_buff *skb,
|
static struct nf_conn *ctnetlink_glue_get_ct(const struct sk_buff *skb,
|
||||||
enum ip_conntrack_info *ctinfo)
|
enum ip_conntrack_info *ctinfo)
|
||||||
{
|
{
|
||||||
struct nf_conn *ct;
|
return nf_ct_get(skb, ctinfo);
|
||||||
|
|
||||||
ct = nf_ct_get(skb, ctinfo);
|
|
||||||
if (ct && nf_ct_is_untracked(ct))
|
|
||||||
ct = NULL;
|
|
||||||
|
|
||||||
return ct;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
|
static int __ctnetlink_glue_build(struct sk_buff *skb, struct nf_conn *ct)
|
||||||
|
|
|
@ -84,7 +84,7 @@ hmark_ct_set_htuple(const struct sk_buff *skb, struct hmark_tuple *t,
|
||||||
struct nf_conntrack_tuple *otuple;
|
struct nf_conntrack_tuple *otuple;
|
||||||
struct nf_conntrack_tuple *rtuple;
|
struct nf_conntrack_tuple *rtuple;
|
||||||
|
|
||||||
if (ct == NULL || nf_ct_is_untracked(ct))
|
if (ct == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
otuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
|
otuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
|
||||||
|
|
|
@ -121,9 +121,6 @@ xt_cluster_mt(const struct sk_buff *skb, struct xt_action_param *par)
|
||||||
if (ct == NULL)
|
if (ct == NULL)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
if (nf_ct_is_untracked(ct))
|
|
||||||
return false;
|
|
||||||
|
|
||||||
if (ct->master)
|
if (ct->master)
|
||||||
hash = xt_cluster_hash(ct->master, info);
|
hash = xt_cluster_hash(ct->master, info);
|
||||||
else
|
else
|
||||||
|
|
|
@ -29,7 +29,7 @@ connlabel_mt(const struct sk_buff *skb, struct xt_action_param *par)
|
||||||
bool invert = info->options & XT_CONNLABEL_OP_INVERT;
|
bool invert = info->options & XT_CONNLABEL_OP_INVERT;
|
||||||
|
|
||||||
ct = nf_ct_get(skb, &ctinfo);
|
ct = nf_ct_get(skb, &ctinfo);
|
||||||
if (ct == NULL || nf_ct_is_untracked(ct))
|
if (ct == NULL)
|
||||||
return invert;
|
return invert;
|
||||||
|
|
||||||
labels = nf_ct_labels_find(ct);
|
labels = nf_ct_labels_find(ct);
|
||||||
|
|
|
@ -44,7 +44,7 @@ connmark_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
||||||
u_int32_t newmark;
|
u_int32_t newmark;
|
||||||
|
|
||||||
ct = nf_ct_get(skb, &ctinfo);
|
ct = nf_ct_get(skb, &ctinfo);
|
||||||
if (ct == NULL || nf_ct_is_untracked(ct))
|
if (ct == NULL)
|
||||||
return XT_CONTINUE;
|
return XT_CONTINUE;
|
||||||
|
|
||||||
switch (info->mode) {
|
switch (info->mode) {
|
||||||
|
@ -97,7 +97,7 @@ connmark_mt(const struct sk_buff *skb, struct xt_action_param *par)
|
||||||
const struct nf_conn *ct;
|
const struct nf_conn *ct;
|
||||||
|
|
||||||
ct = nf_ct_get(skb, &ctinfo);
|
ct = nf_ct_get(skb, &ctinfo);
|
||||||
if (ct == NULL || nf_ct_is_untracked(ct))
|
if (ct == NULL)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
return ((ct->mark & info->mask) == info->mark) ^ info->invert;
|
return ((ct->mark & info->mask) == info->mark) ^ info->invert;
|
||||||
|
|
|
@ -116,7 +116,7 @@ ipvs_mt(const struct sk_buff *skb, struct xt_action_param *par)
|
||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
||||||
|
|
||||||
if (ct == NULL || nf_ct_is_untracked(ct)) {
|
if (ct == NULL) {
|
||||||
match = false;
|
match = false;
|
||||||
goto out_put_cp;
|
goto out_put_cp;
|
||||||
}
|
}
|
||||||
|
|
|
@ -795,11 +795,6 @@ static int ovs_ct_nat(struct net *net, struct sw_flow_key *key,
|
||||||
enum nf_nat_manip_type maniptype;
|
enum nf_nat_manip_type maniptype;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (nf_ct_is_untracked(ct)) {
|
|
||||||
/* A NAT action may only be performed on tracked packets. */
|
|
||||||
return NF_ACCEPT;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Add NAT extension if not confirmed yet. */
|
/* Add NAT extension if not confirmed yet. */
|
||||||
if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
|
if (!nf_ct_is_confirmed(ct) && !nf_ct_nat_ext_add(ct))
|
||||||
return NF_ACCEPT; /* Can't NAT. */
|
return NF_ACCEPT; /* Can't NAT. */
|
||||||
|
|
Загрузка…
Ссылка в новой задаче