netfilter: nf_conntrack: make sequence number adjustments usuable without NAT

[mirror_ubuntu-bionic-kernel.git] / net / netfilter / nf_nat_core.c

diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 038eee5c8f8548787bff468c40256d52bb6655fd..6f0f4f7f68a5f4a7f85c03b09a35b456bedc33a7 100644 (file)
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -25,6 +25,7 @@
 #include <net/netfilter/nf_nat_core.h>
 #include <net/netfilter/nf_nat_helper.h>
 #include <net/netfilter/nf_conntrack_helper.h>
+#include <net/netfilter/nf_conntrack_seqadj.h>
 #include <net/netfilter/nf_conntrack_l3proto.h>
 #include <net/netfilter/nf_conntrack_zones.h>
 #include <linux/netfilter/nf_nat.h>
@@ -402,6 +403,9 @@ nf_nat_setup_info(struct nf_conn *ct,
                        ct->status |= IPS_SRC_NAT;
                else
                        ct->status |= IPS_DST_NAT;
+
+               if (nfct_help(ct))
+                       nfct_seqadj_ext_add(ct);
        }
 
        if (maniptype == NF_NAT_MANIP_SRC) {
@@ -497,7 +501,7 @@ static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto)
 
        rtnl_lock();
        for_each_net(net)
-               nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean);
+               nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean, 0, 0);
        rtnl_unlock();
 }
 
@@ -511,7 +515,7 @@ static void nf_nat_l3proto_clean(u8 l3proto)
        rtnl_lock();
 
        for_each_net(net)
-               nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean);
+               nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean, 0, 0);
        rtnl_unlock();
 }
 
@@ -749,7 +753,7 @@ static void __net_exit nf_nat_net_exit(struct net *net)
 {
        struct nf_nat_proto_clean clean = {};
 
-       nf_ct_iterate_cleanup(net, &nf_nat_proto_remove, &clean);
+       nf_ct_iterate_cleanup(net, &nf_nat_proto_remove, &clean, 0, 0);
        synchronize_rcu();
        nf_ct_free_hashtable(net->ct.nat_bysource, net->ct.nat_htable_size);
 }
@@ -764,10 +768,6 @@ static struct nf_ct_helper_expectfn follow_master_nat = {
        .expectfn       = nf_nat_follow_master,
 };
 
-static struct nfq_ct_nat_hook nfq_ct_nat = {
-       .seq_adjust     = nf_nat_tcp_seq_adjust,
-};
-
 static int __init nf_nat_init(void)
 {
        int ret;
@@ -787,14 +787,9 @@ static int __init nf_nat_init(void)
        /* Initialize fake conntrack so that NAT will skip it */
        nf_ct_untracked_status_or(IPS_NAT_DONE_MASK);
 
-       BUG_ON(nf_nat_seq_adjust_hook != NULL);
-       RCU_INIT_POINTER(nf_nat_seq_adjust_hook, nf_nat_seq_adjust);
        BUG_ON(nfnetlink_parse_nat_setup_hook != NULL);
        RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook,
                           nfnetlink_parse_nat_setup);
-       BUG_ON(nf_ct_nat_offset != NULL);
-       RCU_INIT_POINTER(nf_ct_nat_offset, nf_nat_get_offset);
-       RCU_INIT_POINTER(nfq_ct_nat_hook, &nfq_ct_nat);
 #ifdef CONFIG_XFRM
        BUG_ON(nf_nat_decode_session_hook != NULL);
        RCU_INIT_POINTER(nf_nat_decode_session_hook, __nf_nat_decode_session);
@@ -813,10 +808,7 @@ static void __exit nf_nat_cleanup(void)
        unregister_pernet_subsys(&nf_nat_net_ops);
        nf_ct_extend_unregister(&nat_extend);
        nf_ct_helper_expectfn_unregister(&follow_master_nat);
-       RCU_INIT_POINTER(nf_nat_seq_adjust_hook, NULL);
        RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook, NULL);
-       RCU_INIT_POINTER(nf_ct_nat_offset, NULL);
-       RCU_INIT_POINTER(nfq_ct_nat_hook, NULL);
 #ifdef CONFIG_XFRM
        RCU_INIT_POINTER(nf_nat_decode_session_hook, NULL);
 #endif