[NETFILTER]: xt_helper: use RCU

The ->helper pointer is protected by RCU, no need to take
nf_conntrack_lock. Also remove excessive debugging.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy 2007-07-07 22:39:16 -07:00 committed by David S. Miller
parent 91e8db8006
commit 342b7e3c8a

View file

@ -22,11 +22,6 @@ MODULE_DESCRIPTION("iptables helper match module");
MODULE_ALIAS("ipt_helper");
MODULE_ALIAS("ip6t_helper");
#if 0
#define DEBUGP printk
#else
#define DEBUGP(format, args...)
#endif
static bool
match(const struct sk_buff *skb,
@ -41,38 +36,28 @@ match(const struct sk_buff *skb,
const struct xt_helper_info *info = matchinfo;
const struct nf_conn *ct;
const struct nf_conn_help *master_help;
const struct nf_conntrack_helper *helper;
enum ip_conntrack_info ctinfo;
bool ret = info->invert;
ct = nf_ct_get(skb, &ctinfo);
if (!ct) {
DEBUGP("xt_helper: Eek! invalid conntrack?\n");
if (!ct || !ct->master)
return ret;
}
if (!ct->master) {
DEBUGP("xt_helper: conntrack %p has no master\n", ct);
return ret;
}
read_lock_bh(&nf_conntrack_lock);
master_help = nfct_help(ct->master);
if (!master_help || !master_help->helper) {
DEBUGP("xt_helper: master ct %p has no helper\n",
exp->expectant);
goto out_unlock;
}
if (!master_help)
return ret;
DEBUGP("master's name = %s , info->name = %s\n",
ct->master->helper->name, info->name);
/* rcu_read_lock()ed by nf_hook_slow */
helper = rcu_dereference(master_help->helper);
if (!helper)
return ret;
if (info->name[0] == '\0')
ret = !ret;
else
ret ^= !strncmp(master_help->helper->name, info->name,
strlen(master_help->helper->name));
out_unlock:
read_unlock_bh(&nf_conntrack_lock);
return ret;
}