netfilter: nat: destroy nat mappings on module exit path only

[mirror_ubuntu-artful-kernel.git] / net / netfilter / nf_nat_core.c

diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index b48d6b5aae8a87d4ea69cae0e025739ebe3f1658..d26cc2f864e6f0cff986c79378381601fae46053 100644 (file)
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -409,6 +409,10 @@ nf_nat_setup_info(struct nf_conn *ct,
 {
        struct nf_conntrack_tuple curr_tuple, new_tuple;
 
+       /* Can't setup nat info for confirmed ct. */
+       if (nf_ct_is_confirmed(ct))
+               return NF_ACCEPT;
+
        NF_CT_ASSERT(maniptype == NF_NAT_MANIP_SRC ||
                     maniptype == NF_NAT_MANIP_DST);
        BUG_ON(nf_nat_initialized(ct, maniptype));
@@ -578,12 +582,8 @@ static void nf_nat_l4proto_clean(u8 l3proto, u8 l4proto)
                .l3proto = l3proto,
                .l4proto = l4proto,
        };
-       struct net *net;
 
-       rtnl_lock();
-       for_each_net(net)
-               nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean, 0, 0);
-       rtnl_unlock();
+       nf_ct_iterate_destroy(nf_nat_proto_remove, &clean);
 }
 
 static void nf_nat_l3proto_clean(u8 l3proto)
@@ -591,13 +591,8 @@ static void nf_nat_l3proto_clean(u8 l3proto)
        struct nf_nat_proto_clean clean = {
                .l3proto = l3proto,
        };
-       struct net *net;
-
-       rtnl_lock();
 
-       for_each_net(net)
-               nf_ct_iterate_cleanup(net, nf_nat_proto_remove, &clean, 0, 0);
-       rtnl_unlock();
+       nf_ct_iterate_destroy(nf_nat_proto_remove, &clean);
 }
 
 /* Protocol registration. */
@@ -818,17 +813,6 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
 }
 #endif
 
-static void __net_exit nf_nat_net_exit(struct net *net)
-{
-       struct nf_nat_proto_clean clean = {};
-
-       nf_ct_iterate_cleanup(net, nf_nat_proto_clean, &clean, 0, 0);
-}
-
-static struct pernet_operations nf_nat_net_ops = {
-       .exit = nf_nat_net_exit,
-};
-
 static struct nf_ct_helper_expectfn follow_master_nat = {
        .name           = "nat-follow-master",
        .expectfn       = nf_nat_follow_master,
@@ -849,10 +833,6 @@ static int __init nf_nat_init(void)
                return ret;
        }
 
-       ret = register_pernet_subsys(&nf_nat_net_ops);
-       if (ret < 0)
-               goto cleanup_extend;
-
        nf_ct_helper_expectfn_register(&follow_master_nat);
 
        BUG_ON(nfnetlink_parse_nat_setup_hook != NULL);
@@ -863,18 +843,15 @@ static int __init nf_nat_init(void)
        RCU_INIT_POINTER(nf_nat_decode_session_hook, __nf_nat_decode_session);
 #endif
        return 0;
-
- cleanup_extend:
-       rhltable_destroy(&nf_nat_bysource_table);
-       nf_ct_extend_unregister(&nat_extend);
-       return ret;
 }
 
 static void __exit nf_nat_cleanup(void)
 {
+       struct nf_nat_proto_clean clean = {};
        unsigned int i;
 
-       unregister_pernet_subsys(&nf_nat_net_ops);
+       nf_ct_iterate_destroy(nf_nat_proto_clean, &clean);
+
        nf_ct_extend_unregister(&nat_extend);
        nf_ct_helper_expectfn_unregister(&follow_master_nat);
        RCU_INIT_POINTER(nfnetlink_parse_nat_setup_hook, NULL);