[SRU,B,1/5] UBUNTU: SAUCE: netfilter: xt_connlimit: remove the 'addr' parameter in add_hlist()

Message ID 20190110033603.31647-2-mfo@canonical.com
State New
Headers show
Series
  • netfilter: nf_conncount: fix for LP#1811094
Related show

Commit Message

Mauricio Faria de Oliveira Jan. 10, 2019, 3:35 a.m.
BugLink: https://bugs.launchpad.net/bugs/1811094

The commit ce49480dba86 ("netfilter: xt_connlimit: don't store address in the conn
nodes)" made the 'addr' parameter in add_hlist() unused.  So remove it
with a SAUCE patch, to simplify the backport of the next patches, as it is removed
anyway in upstream later (but before the next patches) through commit 625c556118f3
("netfilter: connlimit: split xt_connlimit into front and backend"), in the rename
from 'xt_connlimit.c' to 'nf_conncount.c', which is a large refactor we don't need.

Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
---
 net/netfilter/xt_connlimit.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Comments

Stefan Bader Jan. 10, 2019, 10:15 a.m. | #1
On 10.01.19 04:35, Mauricio Faria de Oliveira wrote:
> BugLink: https://bugs.launchpad.net/bugs/1811094
> 
> The commit ce49480dba86 ("netfilter: xt_connlimit: don't store address in the conn
> nodes)" made the 'addr' parameter in add_hlist() unused.  So remove it
> with a SAUCE patch, to simplify the backport of the next patches, as it is removed
> anyway in upstream later (but before the next patches) through commit 625c556118f3
> ("netfilter: connlimit: split xt_connlimit into front and backend"), in the rename
> from 'xt_connlimit.c' to 'nf_conncount.c', which is a large refactor we don't need.

Not sure this really would make things clearer but what would you think about
changing your description section to this:

In commit ce49480dba86 ("netfilter: xt_connlimit: don't store address in the
conn nodes)" the actual use of the addr argument in add_hlist() got dropped,
but it was still passed as an argument. This was done as part of a bigger
modification through commit 625c556118f3 ("netfilter: connlimit: split
xt_connlimit into front and backend").
For upstream stable 4.14.y, this was merged into the backport of ce49480dba86
but this is already in Bionic/4.15. So we do this as a separate SAUCE patch.

> 
> Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
> ---
>  net/netfilter/xt_connlimit.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
> index a6214f235333..580239db4af2 100644
> --- a/net/netfilter/xt_connlimit.c
> +++ b/net/netfilter/xt_connlimit.c
> @@ -97,8 +97,7 @@ same_source(const union nf_inet_addr *addr,
>  }
>  
>  static bool add_hlist(struct hlist_head *head,
> -		      const struct nf_conntrack_tuple *tuple,
> -		      const union nf_inet_addr *addr)
> +		      const struct nf_conntrack_tuple *tuple)
>  {
>  	struct xt_connlimit_conn *conn;
>  
> @@ -211,7 +210,7 @@ count_tree(struct net *net, struct rb_root *root,
>  			if (!addit)
>  				return count;
>  
> -			if (!add_hlist(&rbconn->hhead, tuple, addr))
> +			if (!add_hlist(&rbconn->hhead, tuple))
>  				return 0; /* hotdrop */
>  
>  			return count + 1;
>
Mauricio Faria de Oliveira Jan. 10, 2019, 1:18 p.m. | #2
On Thu, Jan 10, 2019 at 8:15 AM Stefan Bader <stefan.bader@canonical.com> wrote:
>
> On 10.01.19 04:35, Mauricio Faria de Oliveira wrote:
> > BugLink: https://bugs.launchpad.net/bugs/1811094
> >
> > The commit ce49480dba86 ("netfilter: xt_connlimit: don't store address in the conn
> > nodes)" made the 'addr' parameter in add_hlist() unused.  So remove it
> > with a SAUCE patch, to simplify the backport of the next patches, as it is removed
> > anyway in upstream later (but before the next patches) through commit 625c556118f3
> > ("netfilter: connlimit: split xt_connlimit into front and backend"), in the rename
> > from 'xt_connlimit.c' to 'nf_conncount.c', which is a large refactor we don't need.
>
> Not sure this really would make things clearer but what would you think about
> changing your description section to this:
>
> In commit ce49480dba86 ("netfilter: xt_connlimit: don't store address in the
> conn nodes)" the actual use of the addr argument in add_hlist() got dropped,
> but it was still passed as an argument. This was done as part of a bigger
> modification through commit 625c556118f3 ("netfilter: connlimit: split
> xt_connlimit into front and backend").
> For upstream stable 4.14.y, this was merged into the backport of ce49480dba86
> but this is already in Bionic/4.15. So we do this as a separate SAUCE patch.

Yes, that's clearer, thanks.
Please let me know if you'd like me to send a v2 for that change.

cheers,
Mauricio

>
> >
> > Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
> > ---
> >  net/netfilter/xt_connlimit.c | 5 ++---
> >  1 file changed, 2 insertions(+), 3 deletions(-)
> >
> > diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
> > index a6214f235333..580239db4af2 100644
> > --- a/net/netfilter/xt_connlimit.c
> > +++ b/net/netfilter/xt_connlimit.c
> > @@ -97,8 +97,7 @@ same_source(const union nf_inet_addr *addr,
> >  }
> >
> >  static bool add_hlist(struct hlist_head *head,
> > -                   const struct nf_conntrack_tuple *tuple,
> > -                   const union nf_inet_addr *addr)
> > +                   const struct nf_conntrack_tuple *tuple)
> >  {
> >       struct xt_connlimit_conn *conn;
> >
> > @@ -211,7 +210,7 @@ count_tree(struct net *net, struct rb_root *root,
> >                       if (!addit)
> >                               return count;
> >
> > -                     if (!add_hlist(&rbconn->hhead, tuple, addr))
> > +                     if (!add_hlist(&rbconn->hhead, tuple))
> >                               return 0; /* hotdrop */
> >
> >                       return count + 1;
> >
>
>

Patch

diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index a6214f235333..580239db4af2 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -97,8 +97,7 @@  same_source(const union nf_inet_addr *addr,
 }
 
 static bool add_hlist(struct hlist_head *head,
-		      const struct nf_conntrack_tuple *tuple,
-		      const union nf_inet_addr *addr)
+		      const struct nf_conntrack_tuple *tuple)
 {
 	struct xt_connlimit_conn *conn;
 
@@ -211,7 +210,7 @@  count_tree(struct net *net, struct rb_root *root,
 			if (!addit)
 				return count;
 
-			if (!add_hlist(&rbconn->hhead, tuple, addr))
+			if (!add_hlist(&rbconn->hhead, tuple))
 				return 0; /* hotdrop */
 
 			return count + 1;