netfilter: add and use nf_ct_unconfirmed_destroy

This also removes __nf_ct_unconfirmed_destroy() call from nf_ct_iterate_cleanup_net, so that function can be used only when missing conntracks from unconfirmed list isn't a problem. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2017-07-26 00:02:32 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-07-31 19:09:39 +0200
commit: 84657984c26fd0b64743a397f3a1a587fa4b575a (patch)
tree: b178213018f5ce363f399020bacfc68f40a74a54 /include/net
parent: ac7b848390036dadd4351899d2a23748075916bd (diff)
download: op-kernel-dev-84657984c26fd0b64743a397f3a1a587fa4b575a.zip
op-kernel-dev-84657984c26fd0b64743a397f3a1a587fa4b575a.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 4840756..6e6f678 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -224,6 +224,9 @@ extern s32 (*nf_ct_nat_offset)(const struct nf_conn *ct,
 			       enum ip_conntrack_dir dir,
 			       u32 seq);
 
+/* Set all unconfirmed conntrack as dying */
+void nf_ct_unconfirmed_destroy(struct net *);
+
 /* Iterate over all conntracks: if iter returns true, it's deleted. */
 void nf_ct_iterate_cleanup_net(struct net *net,
 			       int (*iter)(struct nf_conn *i, void *data),
author	Florian Westphal <fw@strlen.de>	2017-07-26 00:02:32 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-07-31 19:09:39 +0200
commit	84657984c26fd0b64743a397f3a1a587fa4b575a (patch)
tree	b178213018f5ce363f399020bacfc68f40a74a54 /include/net
parent	ac7b848390036dadd4351899d2a23748075916bd (diff)
download	op-kernel-dev-84657984c26fd0b64743a397f3a1a587fa4b575a.zip op-kernel-dev-84657984c26fd0b64743a397f3a1a587fa4b575a.tar.gz