diff options
author | Florian Westphal <fw@strlen.de> | 2022-04-11 14:01:20 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-05-13 19:52:16 +0300 |
commit | 17438b42ce14cb60ceda9ae62ad5dd022d55a216 (patch) | |
tree | 6f4c522fe50b9518733c972f9501d8cc995072f5 /net/netfilter/nfnetlink_cttimeout.c | |
parent | 78222bacfca97cb18505df1ba5f3591864498a7e (diff) | |
download | linux-17438b42ce14cb60ceda9ae62ad5dd022d55a216.tar.xz |
netfilter: remove nf_ct_unconfirmed_destroy helper
This helper tags connections not yet in the conntrack table as
dying. These nf_conn entries will be dropped instead when the
core attempts to insert them from the input or postrouting
'confirm' hook.
After the previous change, the entries get unlinked from the
list earlier, so that by the time the actual exit hook runs,
new connections no longer have a timeout policy assigned.
Its enough to walk the hashtable instead.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nfnetlink_cttimeout.c')
-rw-r--r-- | net/netfilter/nfnetlink_cttimeout.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nfnetlink_cttimeout.c b/net/netfilter/nfnetlink_cttimeout.c index 83fa15c4193c..f366b8187915 100644 --- a/net/netfilter/nfnetlink_cttimeout.c +++ b/net/netfilter/nfnetlink_cttimeout.c @@ -608,7 +608,9 @@ static void __net_exit cttimeout_net_exit(struct net *net) struct nfct_timeout_pernet *pernet = nfct_timeout_pernet(net); struct ctnl_timeout *cur, *tmp; - nf_ct_unconfirmed_destroy(net); + if (list_empty(&pernet->nfct_timeout_freelist)) + return; + nf_ct_untimeout(net, NULL); list_for_each_entry_safe(cur, tmp, &pernet->nfct_timeout_freelist, head) { |