Skip to content

Commit 8e81358

Browse files
davem330davem330
committed
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== Netfilter/IPVS fixes for net The following patchset contains Netfilter/IPVS fixes for net: 1) Fix NAT hook deletion when table is dormant, from Florian Westphal. 2) Fix IPVS sync stalls, from guodeqing. ==================== Signed-off-by: David S. Miller <[email protected]>
2 parents 32818c0 + 8210e34 commit 8e81358

File tree

2 files changed

+22
-31
lines changed

2 files changed

+22
-31
lines changed

net/netfilter/ipvs/ip_vs_sync.c

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1717,19 +1717,23 @@ static int sync_thread_backup(void *data)
17171717
{
17181718
struct ip_vs_sync_thread_data *tinfo = data;
17191719
struct netns_ipvs *ipvs = tinfo->ipvs;
1720+
struct sock *sk = tinfo->sock->sk;
1721+
struct udp_sock *up = udp_sk(sk);
17201722
int len;
17211723

17221724
pr_info("sync thread started: state = BACKUP, mcast_ifn = %s, "
17231725
"syncid = %d, id = %d\n",
17241726
ipvs->bcfg.mcast_ifn, ipvs->bcfg.syncid, tinfo->id);
17251727

17261728
while (!kthread_should_stop()) {
1727-
wait_event_interruptible(*sk_sleep(tinfo->sock->sk),
1728-
!skb_queue_empty(&tinfo->sock->sk->sk_receive_queue)
1729-
|| kthread_should_stop());
1729+
wait_event_interruptible(*sk_sleep(sk),
1730+
!skb_queue_empty_lockless(&sk->sk_receive_queue) ||
1731+
!skb_queue_empty_lockless(&up->reader_queue) ||
1732+
kthread_should_stop());
17301733

17311734
/* do we have data now? */
1732-
while (!skb_queue_empty(&(tinfo->sock->sk->sk_receive_queue))) {
1735+
while (!skb_queue_empty_lockless(&sk->sk_receive_queue) ||
1736+
!skb_queue_empty_lockless(&up->reader_queue)) {
17331737
len = ip_vs_receive(tinfo->sock, tinfo->buf,
17341738
ipvs->bcfg.sync_maxlen);
17351739
if (len <= 0) {

net/netfilter/nf_tables_api.c

Lines changed: 14 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -188,24 +188,6 @@ static void nft_netdev_unregister_hooks(struct net *net,
188188
nf_unregister_net_hook(net, &hook->ops);
189189
}
190190

191-
static int nft_register_basechain_hooks(struct net *net, int family,
192-
struct nft_base_chain *basechain)
193-
{
194-
if (family == NFPROTO_NETDEV)
195-
return nft_netdev_register_hooks(net, &basechain->hook_list);
196-
197-
return nf_register_net_hook(net, &basechain->ops);
198-
}
199-
200-
static void nft_unregister_basechain_hooks(struct net *net, int family,
201-
struct nft_base_chain *basechain)
202-
{
203-
if (family == NFPROTO_NETDEV)
204-
nft_netdev_unregister_hooks(net, &basechain->hook_list);
205-
else
206-
nf_unregister_net_hook(net, &basechain->ops);
207-
}
208-
209191
static int nf_tables_register_hook(struct net *net,
210192
const struct nft_table *table,
211193
struct nft_chain *chain)
@@ -223,7 +205,10 @@ static int nf_tables_register_hook(struct net *net,
223205
if (basechain->type->ops_register)
224206
return basechain->type->ops_register(net, ops);
225207

226-
return nft_register_basechain_hooks(net, table->family, basechain);
208+
if (table->family == NFPROTO_NETDEV)
209+
return nft_netdev_register_hooks(net, &basechain->hook_list);
210+
211+
return nf_register_net_hook(net, &basechain->ops);
227212
}
228213

229214
static void nf_tables_unregister_hook(struct net *net,
@@ -242,7 +227,10 @@ static void nf_tables_unregister_hook(struct net *net,
242227
if (basechain->type->ops_unregister)
243228
return basechain->type->ops_unregister(net, ops);
244229

245-
nft_unregister_basechain_hooks(net, table->family, basechain);
230+
if (table->family == NFPROTO_NETDEV)
231+
nft_netdev_unregister_hooks(net, &basechain->hook_list);
232+
else
233+
nf_unregister_net_hook(net, &basechain->ops);
246234
}
247235

248236
static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
@@ -832,8 +820,7 @@ static void nft_table_disable(struct net *net, struct nft_table *table, u32 cnt)
832820
if (cnt && i++ == cnt)
833821
break;
834822

835-
nft_unregister_basechain_hooks(net, table->family,
836-
nft_base_chain(chain));
823+
nf_tables_unregister_hook(net, table, chain);
837824
}
838825
}
839826

@@ -848,8 +835,7 @@ static int nf_tables_table_enable(struct net *net, struct nft_table *table)
848835
if (!nft_is_base_chain(chain))
849836
continue;
850837

851-
err = nft_register_basechain_hooks(net, table->family,
852-
nft_base_chain(chain));
838+
err = nf_tables_register_hook(net, table, chain);
853839
if (err < 0)
854840
goto err_register_hooks;
855841

@@ -894,11 +880,12 @@ static int nf_tables_updtable(struct nft_ctx *ctx)
894880
nft_trans_table_enable(trans) = false;
895881
} else if (!(flags & NFT_TABLE_F_DORMANT) &&
896882
ctx->table->flags & NFT_TABLE_F_DORMANT) {
883+
ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
897884
ret = nf_tables_table_enable(ctx->net, ctx->table);
898-
if (ret >= 0) {
899-
ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
885+
if (ret >= 0)
900886
nft_trans_table_enable(trans) = true;
901-
}
887+
else
888+
ctx->table->flags |= NFT_TABLE_F_DORMANT;
902889
}
903890
if (ret < 0)
904891
goto err;

0 commit comments

Comments
 (0)