Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
073bfd56
Commit
073bfd56
authored
Apr 03, 2015
by
David S. Miller
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
netfilter: Pass nf_hook_state through nft_set_pktinfo*().
Signed-off-by:
David S. Miller
<
davem@davemloft.net
>
parent
8f8a3715
Changes
11
Show whitespace changes
Inline
Side-by-side
Showing
11 changed files
with
25 additions
and
30 deletions
+25
-30
include/net/netfilter/nf_tables.h
include/net/netfilter/nf_tables.h
+3
-4
include/net/netfilter/nf_tables_ipv4.h
include/net/netfilter/nf_tables_ipv4.h
+2
-3
include/net/netfilter/nf_tables_ipv6.h
include/net/netfilter/nf_tables_ipv6.h
+2
-3
net/bridge/netfilter/nf_tables_bridge.c
net/bridge/netfilter/nf_tables_bridge.c
+11
-13
net/ipv4/netfilter/nf_tables_arp.c
net/ipv4/netfilter/nf_tables_arp.c
+1
-1
net/ipv4/netfilter/nf_tables_ipv4.c
net/ipv4/netfilter/nf_tables_ipv4.c
+1
-1
net/ipv4/netfilter/nft_chain_nat_ipv4.c
net/ipv4/netfilter/nft_chain_nat_ipv4.c
+1
-1
net/ipv4/netfilter/nft_chain_route_ipv4.c
net/ipv4/netfilter/nft_chain_route_ipv4.c
+1
-1
net/ipv6/netfilter/nf_tables_ipv6.c
net/ipv6/netfilter/nf_tables_ipv6.c
+1
-1
net/ipv6/netfilter/nft_chain_nat_ipv6.c
net/ipv6/netfilter/nft_chain_nat_ipv6.c
+1
-1
net/ipv6/netfilter/nft_chain_route_ipv6.c
net/ipv6/netfilter/nft_chain_route_ipv6.c
+1
-1
No files found.
include/net/netfilter/nf_tables.h
View file @
073bfd56
...
@@ -26,12 +26,11 @@ struct nft_pktinfo {
...
@@ -26,12 +26,11 @@ struct nft_pktinfo {
static
inline
void
nft_set_pktinfo
(
struct
nft_pktinfo
*
pkt
,
static
inline
void
nft_set_pktinfo
(
struct
nft_pktinfo
*
pkt
,
const
struct
nf_hook_ops
*
ops
,
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
nf_hook_state
*
state
)
const
struct
net_device
*
out
)
{
{
pkt
->
skb
=
skb
;
pkt
->
skb
=
skb
;
pkt
->
in
=
pkt
->
xt
.
in
=
in
;
pkt
->
in
=
pkt
->
xt
.
in
=
state
->
in
;
pkt
->
out
=
pkt
->
xt
.
out
=
out
;
pkt
->
out
=
pkt
->
xt
.
out
=
state
->
out
;
pkt
->
ops
=
ops
;
pkt
->
ops
=
ops
;
pkt
->
xt
.
hooknum
=
ops
->
hooknum
;
pkt
->
xt
.
hooknum
=
ops
->
hooknum
;
pkt
->
xt
.
family
=
ops
->
pf
;
pkt
->
xt
.
family
=
ops
->
pf
;
...
...
include/net/netfilter/nf_tables_ipv4.h
View file @
073bfd56
...
@@ -8,12 +8,11 @@ static inline void
...
@@ -8,12 +8,11 @@ static inline void
nft_set_pktinfo_ipv4
(
struct
nft_pktinfo
*
pkt
,
nft_set_pktinfo_ipv4
(
struct
nft_pktinfo
*
pkt
,
const
struct
nf_hook_ops
*
ops
,
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
nf_hook_state
*
state
)
const
struct
net_device
*
out
)
{
{
struct
iphdr
*
ip
;
struct
iphdr
*
ip
;
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
state
);
ip
=
ip_hdr
(
pkt
->
skb
);
ip
=
ip_hdr
(
pkt
->
skb
);
pkt
->
tprot
=
ip
->
protocol
;
pkt
->
tprot
=
ip
->
protocol
;
...
...
include/net/netfilter/nf_tables_ipv6.h
View file @
073bfd56
...
@@ -8,13 +8,12 @@ static inline int
...
@@ -8,13 +8,12 @@ static inline int
nft_set_pktinfo_ipv6
(
struct
nft_pktinfo
*
pkt
,
nft_set_pktinfo_ipv6
(
struct
nft_pktinfo
*
pkt
,
const
struct
nf_hook_ops
*
ops
,
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
nf_hook_state
*
state
)
const
struct
net_device
*
out
)
{
{
int
protohdr
,
thoff
=
0
;
int
protohdr
,
thoff
=
0
;
unsigned
short
frag_off
;
unsigned
short
frag_off
;
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
state
);
protohdr
=
ipv6_find_hdr
(
pkt
->
skb
,
&
thoff
,
-
1
,
&
frag_off
,
NULL
);
protohdr
=
ipv6_find_hdr
(
pkt
->
skb
,
&
thoff
,
-
1
,
&
frag_off
,
NULL
);
/* If malformed, drop it */
/* If malformed, drop it */
...
...
net/bridge/netfilter/nf_tables_bridge.c
View file @
073bfd56
...
@@ -67,27 +67,25 @@ EXPORT_SYMBOL_GPL(nft_bridge_ip6hdr_validate);
...
@@ -67,27 +67,25 @@ EXPORT_SYMBOL_GPL(nft_bridge_ip6hdr_validate);
static
inline
void
nft_bridge_set_pktinfo_ipv4
(
struct
nft_pktinfo
*
pkt
,
static
inline
void
nft_bridge_set_pktinfo_ipv4
(
struct
nft_pktinfo
*
pkt
,
const
struct
nf_hook_ops
*
ops
,
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
nf_hook_state
*
state
)
const
struct
net_device
*
out
)
{
{
if
(
nft_bridge_iphdr_validate
(
skb
))
if
(
nft_bridge_iphdr_validate
(
skb
))
nft_set_pktinfo_ipv4
(
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo_ipv4
(
pkt
,
ops
,
skb
,
state
);
else
else
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
state
);
}
}
static
inline
void
nft_bridge_set_pktinfo_ipv6
(
struct
nft_pktinfo
*
pkt
,
static
inline
void
nft_bridge_set_pktinfo_ipv6
(
struct
nft_pktinfo
*
pkt
,
const
struct
nf_hook_ops
*
ops
,
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
nf_hook_state
*
state
)
const
struct
net_device
*
out
)
{
{
#if IS_ENABLED(CONFIG_IPV6)
#if IS_ENABLED(CONFIG_IPV6)
if
(
nft_bridge_ip6hdr_validate
(
skb
)
&&
if
(
nft_bridge_ip6hdr_validate
(
skb
)
&&
nft_set_pktinfo_ipv6
(
pkt
,
ops
,
skb
,
in
,
out
)
==
0
)
nft_set_pktinfo_ipv6
(
pkt
,
ops
,
skb
,
state
)
==
0
)
return
;
return
;
#endif
#endif
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
state
);
}
}
static
unsigned
int
static
unsigned
int
...
@@ -99,13 +97,13 @@ nft_do_chain_bridge(const struct nf_hook_ops *ops,
...
@@ -99,13 +97,13 @@ nft_do_chain_bridge(const struct nf_hook_ops *ops,
switch
(
eth_hdr
(
skb
)
->
h_proto
)
{
switch
(
eth_hdr
(
skb
)
->
h_proto
)
{
case
htons
(
ETH_P_IP
):
case
htons
(
ETH_P_IP
):
nft_bridge_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_bridge_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
);
break
;
break
;
case
htons
(
ETH_P_IPV6
):
case
htons
(
ETH_P_IPV6
):
nft_bridge_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_bridge_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
);
break
;
break
;
default:
default:
nft_set_pktinfo
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo
(
&
pkt
,
ops
,
skb
,
state
);
break
;
break
;
}
}
...
...
net/ipv4/netfilter/nf_tables_arp.c
View file @
073bfd56
...
@@ -21,7 +21,7 @@ nft_do_chain_arp(const struct nf_hook_ops *ops,
...
@@ -21,7 +21,7 @@ nft_do_chain_arp(const struct nf_hook_ops *ops,
{
{
struct
nft_pktinfo
pkt
;
struct
nft_pktinfo
pkt
;
nft_set_pktinfo
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo
(
&
pkt
,
ops
,
skb
,
state
);
return
nft_do_chain
(
&
pkt
,
ops
);
return
nft_do_chain
(
&
pkt
,
ops
);
}
}
...
...
net/ipv4/netfilter/nf_tables_ipv4.c
View file @
073bfd56
...
@@ -24,7 +24,7 @@ static unsigned int nft_do_chain_ipv4(const struct nf_hook_ops *ops,
...
@@ -24,7 +24,7 @@ static unsigned int nft_do_chain_ipv4(const struct nf_hook_ops *ops,
{
{
struct
nft_pktinfo
pkt
;
struct
nft_pktinfo
pkt
;
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
);
return
nft_do_chain
(
&
pkt
,
ops
);
return
nft_do_chain
(
&
pkt
,
ops
);
}
}
...
...
net/ipv4/netfilter/nft_chain_nat_ipv4.c
View file @
073bfd56
...
@@ -33,7 +33,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
...
@@ -33,7 +33,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
{
{
struct
nft_pktinfo
pkt
;
struct
nft_pktinfo
pkt
;
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
);
return
nft_do_chain
(
&
pkt
,
ops
);
return
nft_do_chain
(
&
pkt
,
ops
);
}
}
...
...
net/ipv4/netfilter/nft_chain_route_ipv4.c
View file @
073bfd56
...
@@ -37,7 +37,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
...
@@ -37,7 +37,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
ip_hdrlen
(
skb
)
<
sizeof
(
struct
iphdr
))
ip_hdrlen
(
skb
)
<
sizeof
(
struct
iphdr
))
return
NF_ACCEPT
;
return
NF_ACCEPT
;
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
);
mark
=
skb
->
mark
;
mark
=
skb
->
mark
;
iph
=
ip_hdr
(
skb
);
iph
=
ip_hdr
(
skb
);
...
...
net/ipv6/netfilter/nf_tables_ipv6.c
View file @
073bfd56
...
@@ -23,7 +23,7 @@ static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops,
...
@@ -23,7 +23,7 @@ static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops,
struct
nft_pktinfo
pkt
;
struct
nft_pktinfo
pkt
;
/* malformed packet, drop it */
/* malformed packet, drop it */
if
(
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
)
<
0
)
if
(
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
)
<
0
)
return
NF_DROP
;
return
NF_DROP
;
return
nft_do_chain
(
&
pkt
,
ops
);
return
nft_do_chain
(
&
pkt
,
ops
);
...
...
net/ipv6/netfilter/nft_chain_nat_ipv6.c
View file @
073bfd56
...
@@ -31,7 +31,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
...
@@ -31,7 +31,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
{
{
struct
nft_pktinfo
pkt
;
struct
nft_pktinfo
pkt
;
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
);
return
nft_do_chain
(
&
pkt
,
ops
);
return
nft_do_chain
(
&
pkt
,
ops
);
}
}
...
...
net/ipv6/netfilter/nft_chain_route_ipv6.c
View file @
073bfd56
...
@@ -33,7 +33,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
...
@@ -33,7 +33,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
u32
mark
,
flowlabel
;
u32
mark
,
flowlabel
;
/* malformed packet, drop it */
/* malformed packet, drop it */
if
(
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
)
<
0
)
if
(
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
)
<
0
)
return
NF_DROP
;
return
NF_DROP
;
/* save source/dest address, mark, hoplimit, flowlabel, priority */
/* save source/dest address, mark, hoplimit, flowlabel, priority */
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment