openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

netfilter: remove saveroute indirection in struct nf_afinfo 

This is only used by nf_queue.c and this function comes with no symbol
dependencies with IPv6, it just refers to structure layouts. Therefore,
we can replace it by a direct function call from where it belongs.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso 2017-12-20 16:12:55 +01:00
parent f7dcbe2f36
commit 7db9a51e0f
7 changed files with 60 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/linux/netfilter.h
View File

@ -313,8 +313,6 @@ struct nf_afinfo {
unsigned short family; unsigned short family;
int (*route)(struct net *net, struct dst_entry **dst, int (*route)(struct net *net, struct dst_entry **dst,
struct flowi *fl, bool strict); struct flowi *fl, bool strict);
void (*saveroute)(const struct sk_buff *skb,
struct nf_queue_entry *entry);
int (*reroute)(struct net *net, struct sk_buff *skb, int (*reroute)(struct net *net, struct sk_buff *skb,
const struct nf_queue_entry *entry); const struct nf_queue_entry *entry);
int route_key_size; int route_key_size;

10
include/linux/netfilter_ipv4.h
View File

@ -6,6 +6,16 @@
#include <uapi/linux/netfilter_ipv4.h> #include <uapi/linux/netfilter_ipv4.h>
/* Extra routing may needed on local out, as the QUEUE target never returns
* control to the table.
*/
struct ip_rt_info {
__be32 daddr;
__be32 saddr;
u_int8_t tos;
u_int32_t mark;
};
int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type); int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type);
#ifdef CONFIG_INET #ifdef CONFIG_INET

9
include/linux/netfilter_ipv6.h
View File

@ -9,6 +9,15 @@
#include <uapi/linux/netfilter_ipv6.h> #include <uapi/linux/netfilter_ipv6.h>
/* Extra routing may needed on local out, as the QUEUE target never returns
* control to the table.
*/
struct ip6_rt_info {
struct in6_addr daddr;
struct in6_addr saddr;
u_int32_t mark;
};
/* /*
* Hook functions for ipv6 to allow xt_* modules to be built-in even * Hook functions for ipv6 to allow xt_* modules to be built-in even
* if IPv6 is a module. * if IPv6 is a module.

6
net/bridge/netfilter/nf_tables_bridge.c
View File

@ -95,11 +95,6 @@ static const struct nf_chain_type filter_bridge = {
}, },
}; };
static void nf_br_saveroute(const struct sk_buff *skb,
struct nf_queue_entry *entry)
{
}
static int nf_br_reroute(struct net *net, struct sk_buff *skb, static int nf_br_reroute(struct net *net, struct sk_buff *skb,
const struct nf_queue_entry *entry) const struct nf_queue_entry *entry)
{ {
@ -115,7 +110,6 @@ static int nf_br_route(struct net *net, struct dst_entry **dst,
static const struct nf_afinfo nf_br_afinfo = { static const struct nf_afinfo nf_br_afinfo = {
.family = AF_BRIDGE, .family = AF_BRIDGE,
.route = nf_br_route, .route = nf_br_route,
.saveroute = nf_br_saveroute,
.reroute = nf_br_reroute, .reroute = nf_br_reroute,
.route_key_size = 0, .route_key_size = 0,
}; };

28
net/ipv4/netfilter.c
View File

@ -80,33 +80,6 @@ int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned int addr_t
} }
EXPORT_SYMBOL(ip_route_me_harder); EXPORT_SYMBOL(ip_route_me_harder);
/*
* Extra routing may needed on local out, as the QUEUE target never
* returns control to the table.
*/
struct ip_rt_info {
__be32 daddr;
__be32 saddr;
u_int8_t tos;
u_int32_t mark;
};
static void nf_ip_saveroute(const struct sk_buff *skb,
struct nf_queue_entry *entry)
{
struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);
if (entry->state.hook == NF_INET_LOCAL_OUT) {
const struct iphdr *iph = ip_hdr(skb);
rt_info->tos = iph->tos;
rt_info->daddr = iph->daddr;
rt_info->saddr = iph->saddr;
rt_info->mark = skb->mark;
}
}
static int nf_ip_reroute(struct net *net, struct sk_buff *skb, static int nf_ip_reroute(struct net *net, struct sk_buff *skb,
const struct nf_queue_entry *entry) const struct nf_queue_entry *entry)
{ {
@ -190,7 +163,6 @@ static int nf_ip_route(struct net *net, struct dst_entry **dst,
static const struct nf_afinfo nf_ip_afinfo = { static const struct nf_afinfo nf_ip_afinfo = {
.family = AF_INET, .family = AF_INET,
.route = nf_ip_route, .route = nf_ip_route,
.saveroute = nf_ip_saveroute,
.reroute = nf_ip_reroute, .reroute = nf_ip_reroute,
.route_key_size = sizeof(struct ip_rt_info), .route_key_size = sizeof(struct ip_rt_info),
}; };

26
net/ipv6/netfilter.c
View File

@ -68,31 +68,6 @@ int ip6_route_me_harder(struct net *net, struct sk_buff *skb)
} }
EXPORT_SYMBOL(ip6_route_me_harder); EXPORT_SYMBOL(ip6_route_me_harder);
/*
* Extra routing may needed on local out, as the QUEUE target never
* returns control to the table.
*/
struct ip6_rt_info {
struct in6_addr daddr;
struct in6_addr saddr;
u_int32_t mark;
};
static void nf_ip6_saveroute(const struct sk_buff *skb,
struct nf_queue_entry *entry)
{
struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);
if (entry->state.hook == NF_INET_LOCAL_OUT) {
const struct ipv6hdr *iph = ipv6_hdr(skb);
rt_info->daddr = iph->daddr;
rt_info->saddr = iph->saddr;
rt_info->mark = skb->mark;
}
}
static int nf_ip6_reroute(struct net *net, struct sk_buff *skb, static int nf_ip6_reroute(struct net *net, struct sk_buff *skb,
const struct nf_queue_entry *entry) const struct nf_queue_entry *entry)
{ {
@ -200,7 +175,6 @@ static const struct nf_ipv6_ops ipv6ops = {
static const struct nf_afinfo nf_ip6_afinfo = { static const struct nf_afinfo nf_ip6_afinfo = {
.family = AF_INET6, .family = AF_INET6,
.route = nf_ip6_route, .route = nf_ip6_route,
.saveroute = nf_ip6_saveroute,
.reroute = nf_ip6_reroute, .reroute = nf_ip6_reroute,
.route_key_size = sizeof(struct ip6_rt_info), .route_key_size = sizeof(struct ip6_rt_info),
}; };

42
net/netfilter/nf_queue.c
View File

@ -10,6 +10,8 @@
#include <linux/proc_fs.h> #include <linux/proc_fs.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <linux/netfilter.h> #include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv6.h>
#include <linux/netfilter_bridge.h> #include <linux/netfilter_bridge.h>
#include <linux/seq_file.h> #include <linux/seq_file.h>
#include <linux/rcupdate.h> #include <linux/rcupdate.h>
@ -108,6 +110,35 @@ void nf_queue_nf_hook_drop(struct net *net)
} }
EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop); EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop);
static void nf_ip_saveroute(const struct sk_buff *skb,
struct nf_queue_entry *entry)
{
struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);
if (entry->state.hook == NF_INET_LOCAL_OUT) {
const struct iphdr *iph = ip_hdr(skb);
rt_info->tos = iph->tos;
rt_info->daddr = iph->daddr;
rt_info->saddr = iph->saddr;
rt_info->mark = skb->mark;
}
}
static void nf_ip6_saveroute(const struct sk_buff *skb,
struct nf_queue_entry *entry)
{
struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);
if (entry->state.hook == NF_INET_LOCAL_OUT) {
const struct ipv6hdr *iph = ipv6_hdr(skb);
rt_info->daddr = iph->daddr;
rt_info->saddr = iph->saddr;
rt_info->mark = skb->mark;
}
}
static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state,
const struct nf_hook_entries *entries, const struct nf_hook_entries *entries,
unsigned int index, unsigned int queuenum) unsigned int index, unsigned int queuenum)
@ -144,7 +175,16 @@ static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state,
nf_queue_entry_get_refs(entry); nf_queue_entry_get_refs(entry);
skb_dst_force(skb); skb_dst_force(skb);
afinfo->saveroute(skb, entry);
switch (entry->state.pf) {
case AF_INET:
nf_ip_saveroute(skb, entry);
break;
case AF_INET6:
nf_ip6_saveroute(skb, entry);
break;
}
status = qh->outfn(entry, queuenum); status = qh->outfn(entry, queuenum);
if (status < 0) { if (status < 0) {