github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-04 12:35:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

netfilter: nf_conncount: make nf_conncount_gc_list() to disable BH

Browse Source 
For convenience when performing GC over the connection list, make
nf_conncount_gc_list() to disable BH. This unifies the behavior with
nf_conncount_add() and nf_conncount_count().

Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Fernando Fernandez Mancera 2025-11-21 01:14:31 +01:00 committed by Pablo Neira Ayuso
parent be102eb6a0
commit c0362b5748
2 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
net/netfilter/nf_conncount.c
View File

@ -278,8 +278,8 @@ void nf_conncount_list_init(struct nf_conncount_list *list)
EXPORT_SYMBOL_GPL(nf_conncount_list_init);
/* Return true if the list is empty. Must be called with BH disabled. */
bool nf_conncount_gc_list(struct net *net,
struct nf_conncount_list *list)
static bool __nf_conncount_gc_list(struct net *net,
struct nf_conncount_list *list)
{
const struct nf_conntrack_tuple_hash *found;
struct nf_conncount_tuple *conn, *conn_n;
@ -291,10 +291,6 @@ bool nf_conncount_gc_list(struct net *net,
if ((u32)jiffies == READ_ONCE(list->last_gc))
return false;
/* don't bother if other cpu is already doing GC */
if (!spin_trylock(&list->list_lock))
return false;
list_for_each_entry_safe(conn, conn_n, &list->head, node) {
found = find_or_evict(net, list, conn);
if (IS_ERR(found)) {
@ -323,7 +319,21 @@ bool nf_conncount_gc_list(struct net *net,
if (!list->count)
ret = true;
list->last_gc = (u32)jiffies;
spin_unlock(&list->list_lock);
return ret;
}
bool nf_conncount_gc_list(struct net *net,
struct nf_conncount_list *list)
{
bool ret;
/* don't bother if other cpu is already doing GC */
if (!spin_trylock_bh(&list->list_lock))
return false;
ret = __nf_conncount_gc_list(net, list);
spin_unlock_bh(&list->list_lock);
return ret;
}

7
net/netfilter/nft_connlimit.c
View File

@ -223,13 +223,8 @@ static void nft_connlimit_destroy_clone(const struct nft_ctx *ctx,
static bool nft_connlimit_gc(struct net *net, const struct nft_expr *expr)
{
struct nft_connlimit *priv = nft_expr_priv(expr);
bool ret;
local_bh_disable();
ret = nf_conncount_gc_list(net, priv->list);
local_bh_enable();
return ret;
return nf_conncount_gc_list(net, priv->list);
}
static struct nft_expr_type nft_connlimit_type;