netfilter: cttimeout: decouple unlink and free on netns destruction

Make it so netns pre_exit unlinks the objects from the pernet list, so they cannot be found anymore. netns core issues a synchronize_rcu() before calling the exit hooks so any the time the exit hooks run unconfirmed nf_conn entries have been free'd or they have been committed to the hashtable. The exit hook still tags unconfirmed entries as dying, this can now be removed in a followup change. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2022-04-11 14:01:19 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-05-13 19:52:16 +0300
commit: 78222bacfca97cb18505df1ba5f3591864498a7e (patch)
tree: 757760ef05b8c462d76c0d65aefbb79020e62b7f /include/net
parent: 1397af5bfd7d32b0cf2adb70a78c9a9e8f11d912 (diff)
download: linux-78222bacfca97cb18505df1ba5f3591864498a7e.tar.xz
1 files changed, 0 insertions, 8 deletions
diff --git a/include/net/netfilter/nf_conntrack_timeout.h b/include/net/netfilter/nf_conntrack_timeout.h
index 3ea94f6f3844..fea258983d23 100644
--- a/include/net/netfilter/nf_conntrack_timeout.h
+++ b/include/net/netfilter/nf_conntrack_timeout.h
@@ -17,14 +17,6 @@ struct nf_ct_timeout {
 	char			data[];
 };
 
-struct ctnl_timeout {
-	struct list_head	head;
-	struct rcu_head		rcu_head;
-	refcount_t		refcnt;
-	char			name[CTNL_TIMEOUT_NAME_MAX];
-	struct nf_ct_timeout	timeout;
-};
-
 struct nf_conn_timeout {
 	struct nf_ct_timeout __rcu *timeout;
 };
author	Florian Westphal <fw@strlen.de>	2022-04-11 14:01:19 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-05-13 19:52:16 +0300
commit	78222bacfca97cb18505df1ba5f3591864498a7e (patch)
tree	757760ef05b8c462d76c0d65aefbb79020e62b7f /include/net
parent	1397af5bfd7d32b0cf2adb70a78c9a9e8f11d912 (diff)
download	linux-78222bacfca97cb18505df1ba5f3591864498a7e.tar.xz