netfilter: conntrack: move nf_ct_netns_{get,put}() to core

So we can call this from other expression that need conntrack in place
to work.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Florian Westphal <fw@strlen.de>

diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
index 3b06ff3..c8e9c95 100644 (file)
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
@@ -172,7 +172,7 @@ void nf_ct_l3proto_module_put(unsigned short l3proto)
 }
 EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);
 
-int nf_ct_netns_get(struct net *net, u8 nfproto)
+static int nf_ct_netns_do_get(struct net *net, u8 nfproto)
 {
        const struct nf_conntrack_l3proto *l3proto;
        int ret;
@@ -197,9 +197,33 @@ int nf_ct_netns_get(struct net *net, u8 nfproto)
 
        return ret;
 }
+
+int nf_ct_netns_get(struct net *net, u8 nfproto)
+{
+       int err;
+
+       if (nfproto == NFPROTO_INET) {
+               err = nf_ct_netns_do_get(net, NFPROTO_IPV4);
+               if (err < 0)
+                       goto err1;
+               err = nf_ct_netns_do_get(net, NFPROTO_IPV6);
+               if (err < 0)
+                       goto err2;
+       } else {
+               err = nf_ct_netns_do_get(net, nfproto);
+               if (err < 0)
+                       goto err1;
+       }
+       return 0;
+
+err2:
+       nf_ct_netns_put(net, NFPROTO_IPV4);
+err1:
+       return err;
+}
 EXPORT_SYMBOL_GPL(nf_ct_netns_get);
 
-void nf_ct_netns_put(struct net *net, u8 nfproto)
+static void nf_ct_netns_do_put(struct net *net, u8 nfproto)
 {
        const struct nf_conntrack_l3proto *l3proto;
 
@@ -218,6 +242,15 @@ void nf_ct_netns_put(struct net *net, u8 nfproto)
 
        nf_ct_l3proto_module_put(nfproto);
 }
+
+void nf_ct_netns_put(struct net *net, uint8_t nfproto)
+{
+       if (nfproto == NFPROTO_INET) {
+               nf_ct_netns_do_put(net, NFPROTO_IPV4);
+               nf_ct_netns_do_put(net, NFPROTO_IPV6);
+       } else
+               nf_ct_netns_do_put(net, nfproto);
+}
 EXPORT_SYMBOL_GPL(nf_ct_netns_put);
 
 const struct nf_conntrack_l4proto *

diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index bd0975d..2647b89 100644 (file)
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -312,39 +312,6 @@ static const struct nla_policy nft_ct_policy[NFTA_CT_MAX + 1] = {
        [NFTA_CT_SREG]          = { .type = NLA_U32 },
 };
 
-static int nft_ct_netns_get(struct net *net, uint8_t family)
-{
-       int err;
-
-       if (family == NFPROTO_INET) {
-               err = nf_ct_netns_get(net, NFPROTO_IPV4);
-               if (err < 0)
-                       goto err1;
-               err = nf_ct_netns_get(net, NFPROTO_IPV6);
-               if (err < 0)
-                       goto err2;
-       } else {
-               err = nf_ct_netns_get(net, family);
-               if (err < 0)
-                       goto err1;
-       }
-       return 0;
-
-err2:
-       nf_ct_netns_put(net, NFPROTO_IPV4);
-err1:
-       return err;
-}
-
-static void nft_ct_netns_put(struct net *net, uint8_t family)
-{
-       if (family == NFPROTO_INET) {
-               nf_ct_netns_put(net, NFPROTO_IPV4);
-               nf_ct_netns_put(net, NFPROTO_IPV6);
-       } else
-               nf_ct_netns_put(net, family);
-}
-
 #ifdef CONFIG_NF_CONNTRACK_ZONES
 static void nft_ct_tmpl_put_pcpu(void)
 {
@@ -489,7 +456,7 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
        if (err < 0)
                return err;
 
-       err = nft_ct_netns_get(ctx->net, ctx->afi->family);
+       err = nf_ct_netns_get(ctx->net, ctx->afi->family);
        if (err < 0)
                return err;
 
@@ -583,7 +550,7 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
        if (err < 0)
                goto err1;
 
-       err = nft_ct_netns_get(ctx->net, ctx->afi->family);
+       err = nf_ct_netns_get(ctx->net, ctx->afi->family);
        if (err < 0)
                goto err1;
 
@@ -606,7 +573,7 @@ static void nft_ct_set_destroy(const struct nft_ctx *ctx,
        struct nft_ct *priv = nft_expr_priv(expr);
 
        __nft_ct_set_destroy(ctx, priv);
-       nft_ct_netns_put(ctx->net, ctx->afi->family);
+       nf_ct_netns_put(ctx->net, ctx->afi->family);
 }
 
 static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr)