Revert "Introduce --update-counters-first flag for the set target"

This reverts commit c2dfb6432aea5bb0a3522901b0c44f42d8adbd49.

diff --git a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
index 68813290136aa74dbf38646db50905c4b5a76abf..7545af48036319758ff5a620358e1103c68280f2 100644 (file)
--- a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
+++ b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -186,9 +186,6 @@ enum ipset_cmd_flags {
        IPSET_FLAG_MAP_SKBPRIO = (1 << IPSET_FLAG_BIT_MAP_SKBPRIO),
        IPSET_FLAG_BIT_MAP_SKBQUEUE = 10,
        IPSET_FLAG_MAP_SKBQUEUE = (1 << IPSET_FLAG_BIT_MAP_SKBQUEUE),
-       IPSET_FLAG_BIT_UPDATE_COUNTERS_FIRST = 11,
-       IPSET_FLAG_UPDATE_COUNTERS_FIRST =
-               (1 << IPSET_FLAG_BIT_UPDATE_COUNTERS_FIRST),
        IPSET_FLAG_CMD_MAX = 15,
 };
 

diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 906d01a05f524ef5e33f958c475012fa03394808..c6799af4c15cf3706f27375d738bab265b16b849 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -622,9 +622,10 @@ ip_set_add_packets(u64 packets, struct ip_set_counter *counter)
 
 static void
 ip_set_update_counter(struct ip_set_counter *counter,
-                     const struct ip_set_ext *ext)
+                     const struct ip_set_ext *ext, u32 flags)
 {
-       if (ext->packets != ULLONG_MAX) {
+       if (ext->packets != ULLONG_MAX &&
+           !(flags & IPSET_FLAG_SKIP_COUNTER_UPDATE)) {
                ip_set_add_bytes(ext->bytes, counter);
                ip_set_add_packets(ext->packets, counter);
        }
@@ -648,19 +649,13 @@ ip_set_match_extensions(struct ip_set *set, const struct ip_set_ext *ext,
        if (SET_WITH_COUNTER(set)) {
                struct ip_set_counter *counter = ext_counter(data, set);
 
-               if (flags & IPSET_FLAG_UPDATE_COUNTERS_FIRST)
-                       ip_set_update_counter(counter, ext);
-
                if (flags & IPSET_FLAG_MATCH_COUNTERS &&
                    !(ip_set_match_counter(ip_set_get_packets(counter),
                                mext->packets, mext->packets_op) &&
                      ip_set_match_counter(ip_set_get_bytes(counter),
                                mext->bytes, mext->bytes_op)))
                        return false;
-
-               if (!(flags & (IPSET_FLAG_UPDATE_COUNTERS_FIRST |
-                              IPSET_FLAG_SKIP_COUNTER_UPDATE)))
-                       ip_set_update_counter(counter, ext);
+               ip_set_update_counter(counter, ext, flags);
        }
        if (SET_WITH_SKBINFO(set))
                ip_set_get_skbinfo(ext_skbinfo(data, set),

diff --git a/kernel/net/netfilter/xt_set.c b/kernel/net/netfilter/xt_set.c
index 76395225118f6d751f54bf985513c306cca1011b..95efb3a25661c388bda40bb946611ced864c1a34 100644 (file)
--- a/kernel/net/netfilter/xt_set.c
+++ b/kernel/net/netfilter/xt_set.c
@@ -646,27 +646,6 @@ static struct xt_match set_matches[] __read_mostly = {
                .destroy        = set_match_v4_destroy,
                .me             = THIS_MODULE
        },
-       /* --update-counters-first flag support */
-       {
-               .name           = "set",
-               .family         = NFPROTO_IPV4,
-               .revision       = 5,
-               .match          = set_match_v4,
-               .matchsize      = sizeof(struct xt_set_info_match_v4),
-               .checkentry     = set_match_v4_checkentry,
-               .destroy        = set_match_v4_destroy,
-               .me             = THIS_MODULE
-       },
-       {
-               .name           = "set",
-               .family         = NFPROTO_IPV6,
-               .revision       = 5,
-               .match          = set_match_v4,
-               .matchsize      = sizeof(struct xt_set_info_match_v4),
-               .checkentry     = set_match_v4_checkentry,
-               .destroy        = set_match_v4_destroy,
-               .me             = THIS_MODULE
-       },
 };
 
 static struct xt_target set_targets[] __read_mostly = {