From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nf-next 6/7] netfilter: conntrack: include ecache dying list in dumps
Date: Wed, 9 Feb 2022 17:10:56 +0100 [thread overview]
Message-ID: <20220209161057.30688-7-fw@strlen.de> (raw)
In-Reply-To: <20220209161057.30688-1-fw@strlen.de>
The new pernet dying list includes conntrack entries that await
delivery of the 'destroy' event via ctnetlink.
The old percpu dying list will be removed soon.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/net/netfilter/nf_conntrack_ecache.h | 2 ++
net/netfilter/nf_conntrack_ecache.c | 10 ++++++
net/netfilter/nf_conntrack_netlink.c | 38 +++++++++++++++++++++
3 files changed, 50 insertions(+)
diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h
index c63a8fc3225e..54051e663ff4 100644
--- a/include/net/netfilter/nf_conntrack_ecache.h
+++ b/include/net/netfilter/nf_conntrack_ecache.h
@@ -161,6 +161,8 @@ void nf_conntrack_ecache_work(struct net *net, enum nf_ct_ecache_state state);
void nf_conntrack_ecache_pernet_init(struct net *net);
void nf_conntrack_ecache_pernet_fini(struct net *net);
+struct nf_conntrack_net_ecache *nf_conn_pernet_ecache(const struct net *net);
+
static inline bool nf_conntrack_ecache_dwork_pending(const struct net *net)
{
return net->ct.ecache_dwork_pending;
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
index be111218899d..5c8918857dfc 100644
--- a/net/netfilter/nf_conntrack_ecache.c
+++ b/net/netfilter/nf_conntrack_ecache.c
@@ -38,6 +38,16 @@ enum retry_state {
STATE_DONE,
};
+struct nf_conntrack_net_ecache *nf_conn_pernet_ecache(const struct net *net)
+{
+ struct nf_conntrack_net *cnet = nf_ct_pernet(net);
+
+ return &cnet->ecache;
+}
+#if IS_MODULE(CONFIG_NF_CT_NETLINK)
+EXPORT_SYMBOL_GPL(nf_conn_retrans_list_head);
+#endif
+
static enum retry_state ecache_work_evict_list(struct nf_conntrack_net *cnet)
{
unsigned long stop = jiffies + ECACHE_MAX_JIFFIES;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 75e11fe3486a..831e717c5847 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -62,6 +62,7 @@ struct ctnetlink_list_dump_ctx {
struct nf_conn *last;
unsigned int cpu;
bool done;
+ bool retrans_done;
};
static int ctnetlink_dump_tuples_proto(struct sk_buff *skb,
@@ -1802,6 +1803,43 @@ ctnetlink_dump_list(struct sk_buff *skb, struct netlink_callback *cb, bool dying
static int
ctnetlink_dump_dying(struct sk_buff *skb, struct netlink_callback *cb)
{
+ struct ctnetlink_list_dump_ctx *ctx = (void *)cb->ctx;
+ struct nf_conntrack_net_ecache *ecache_net;
+ const struct net *net = sock_net(skb->sk);
+ struct nf_conn *last = ctx->last;
+ struct nf_conntrack_tuple_hash *h;
+ struct hlist_nulls_node *n;
+
+ if (ctx->retrans_done)
+ return ctnetlink_dump_list(skb, cb, true);
+
+ ctx->last = NULL;
+ ecache_net = nf_conn_pernet_ecache(net);
+ spin_lock_bh(&ecache_net->dying_lock);
+
+ hlist_nulls_for_each_entry(h, n, &ecache_net->dying_list, hnnode) {
+ struct nf_conn *ct;
+ int res;
+
+ ct = nf_ct_tuplehash_to_ctrack(h);
+ if (last && last != ct)
+ continue;
+
+ res = ctnetlink_dump_one_entry(skb, cb, ct, true);
+ if (res < 0) {
+ spin_unlock_bh(&ecache_net->dying_lock);
+ nf_ct_put(last);
+ return skb->len;
+ }
+
+ nf_ct_put(last);
+ last = NULL;
+ }
+
+ ctx->retrans_done = true;
+ spin_unlock_bh(&ecache_net->dying_lock);
+ nf_ct_put(last);
+
return ctnetlink_dump_list(skb, cb, true);
}
--
2.34.1
next prev parent reply other threads:[~2022-02-09 16:11 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-09 16:10 [PATCH nf-next 0/7] metfilter: remove pcpu dying list Florian Westphal
2022-02-09 16:10 ` [PATCH nf-next 1/7] nfnetlink: handle already-released nl socket Florian Westphal
2022-02-09 16:10 ` [PATCH nf-next 2/7] netfilter: ctnetlink: make ecache event cb global again Florian Westphal
2022-02-09 16:10 ` [PATCH nf-next 3/7] netfilter: ecache: move to separate structure Florian Westphal
2022-02-09 16:10 ` [PATCH nf-next 4/7] netfilter: ecache: use dedicated list for event redelivery Florian Westphal
2022-02-09 16:10 ` [PATCH nf-next 5/7] netfilter: conntrack: split inner loop of list dumping to own function Florian Westphal
2022-02-09 16:10 ` Florian Westphal [this message]
2022-02-09 16:10 ` [PATCH nf-next 7/7] netfilter: conntrack: remove the percpu dying list Florian Westphal
2022-02-09 16:26 ` [PATCH nf-next 0/7] metfilter: remove pcpu " Florian Westphal
2022-02-24 16:04 ` Pablo Neira Ayuso
2022-02-24 16:15 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220209161057.30688-7-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.