netfilter: core: remove synchronize_net call if nfqueue is used

since commit 960632ece6949b ("netfilter: convert hook list to an array") nfqueue no longer stores a pointer to the hook that caused the packet to be queued. Therefore no extra synchronize_net() call is needed after dropping the packets enqueued by the old rule blob. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2017-12-01 00:21:03 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-01-08 18:01:06 +0100
commit: 26888dfd7e7454686b8d3ea9ba5045d5f236e4d7 (patch)
tree: 61d1f7799b39dfa9a78de032d1efc12f1d96b2bd /net/netfilter/nfnetlink_queue.c
parent: 4e645b47c4f000a503b9c90163ad905786b9bc1d (diff)
1 files changed, 2 insertions, 7 deletions
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index c09b36755ed7..2db35f2d553d 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -941,23 +941,18 @@ static struct notifier_block nfqnl_dev_notifier = {
 	.notifier_call	= nfqnl_rcv_dev_event,
 };
 
-static unsigned int nfqnl_nf_hook_drop(struct net *net)
+static void nfqnl_nf_hook_drop(struct net *net)
 {
 	struct nfnl_queue_net *q = nfnl_queue_pernet(net);
-	unsigned int instances = 0;
 	int i;
 
 	for (i = 0; i < INSTANCE_BUCKETS; i++) {
 		struct nfqnl_instance *inst;
 		struct hlist_head *head = &q->instance_table[i];
 
-		hlist_for_each_entry_rcu(inst, head, hlist) {
+		hlist_for_each_entry_rcu(inst, head, hlist)
 			nfqnl_flush(inst, NULL, 0);
-			instances++;
-		}
 	}
-
-	return instances;
 }
 
 static int
author	Florian Westphal <fw@strlen.de>	2017-12-01 00:21:03 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-01-08 18:01:06 +0100
commit	26888dfd7e7454686b8d3ea9ba5045d5f236e4d7 (patch)
tree	61d1f7799b39dfa9a78de032d1efc12f1d96b2bd /net/netfilter/nfnetlink_queue.c
parent	4e645b47c4f000a503b9c90163ad905786b9bc1d (diff)