OpenWrt – Blame information for rev 2
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | From cb7ccd835ebb333669e400f99c650e4f3abf11c0 Mon Sep 17 00:00:00 2001 |
2 | From: Pablo Neira Ayuso <pablo@netfilter.org> |
||
3 | Date: Sat, 9 Dec 2017 15:30:26 +0100 |
||
4 | Subject: [PATCH 11/11] netfilter: core: support for NFPROTO_INET hook |
||
5 | registration |
||
6 | |||
7 | Expand NFPROTO_INET in two hook registrations, one for NFPROTO_IPV4 and |
||
8 | another for NFPROTO_IPV6. Hence, we handle NFPROTO_INET from the core. |
||
9 | |||
10 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
11 | --- |
||
12 | net/netfilter/core.c | 53 +++++++++++++++++++++++++++++++++++++++++++--------- |
||
13 | 1 file changed, 44 insertions(+), 9 deletions(-) |
||
14 | |||
15 | --- a/net/netfilter/core.c |
||
16 | +++ b/net/netfilter/core.c |
||
17 | @@ -310,12 +310,13 @@ nf_hook_entry_head(struct net *net, int |
||
18 | return NULL; |
||
19 | } |
||
20 | |||
21 | -int nf_register_net_hook(struct net *net, const struct nf_hook_ops *reg) |
||
22 | +static int __nf_register_net_hook(struct net *net, int pf, |
||
23 | + const struct nf_hook_ops *reg) |
||
24 | { |
||
25 | struct nf_hook_entries *p, *new_hooks; |
||
26 | struct nf_hook_entries __rcu **pp; |
||
27 | |||
28 | - if (reg->pf == NFPROTO_NETDEV) { |
||
29 | + if (pf == NFPROTO_NETDEV) { |
||
30 | #ifndef CONFIG_NETFILTER_INGRESS |
||
31 | if (reg->hooknum == NF_NETDEV_INGRESS) |
||
32 | return -EOPNOTSUPP; |
||
33 | @@ -325,7 +326,7 @@ int nf_register_net_hook(struct net *net |
||
34 | return -EINVAL; |
||
35 | } |
||
36 | |||
37 | - pp = nf_hook_entry_head(net, reg->pf, reg->hooknum, reg->dev); |
||
38 | + pp = nf_hook_entry_head(net, pf, reg->hooknum, reg->dev); |
||
39 | if (!pp) |
||
40 | return -EINVAL; |
||
41 | |||
42 | @@ -343,17 +344,16 @@ int nf_register_net_hook(struct net *net |
||
43 | |||
44 | hooks_validate(new_hooks); |
||
45 | #ifdef CONFIG_NETFILTER_INGRESS |
||
46 | - if (reg->pf == NFPROTO_NETDEV && reg->hooknum == NF_NETDEV_INGRESS) |
||
47 | + if (pf == NFPROTO_NETDEV && reg->hooknum == NF_NETDEV_INGRESS) |
||
48 | net_inc_ingress_queue(); |
||
49 | #endif |
||
50 | #ifdef HAVE_JUMP_LABEL |
||
51 | - static_key_slow_inc(&nf_hooks_needed[reg->pf][reg->hooknum]); |
||
52 | + static_key_slow_inc(&nf_hooks_needed[pf][reg->hooknum]); |
||
53 | #endif |
||
54 | BUG_ON(p == new_hooks); |
||
55 | nf_hook_entries_free(p); |
||
56 | return 0; |
||
57 | } |
||
58 | -EXPORT_SYMBOL(nf_register_net_hook); |
||
59 | |||
60 | /* |
||
61 | * nf_remove_net_hook - remove a hook from blob |
||
62 | @@ -394,12 +394,13 @@ static void nf_remove_net_hook(struct nf |
||
63 | } |
||
64 | } |
||
65 | |||
66 | -void nf_unregister_net_hook(struct net *net, const struct nf_hook_ops *reg) |
||
67 | +void __nf_unregister_net_hook(struct net *net, int pf, |
||
68 | + const struct nf_hook_ops *reg) |
||
69 | { |
||
70 | struct nf_hook_entries __rcu **pp; |
||
71 | struct nf_hook_entries *p; |
||
72 | |||
73 | - pp = nf_hook_entry_head(net, reg->pf, reg->hooknum, reg->dev); |
||
74 | + pp = nf_hook_entry_head(net, pf, reg->hooknum, reg->dev); |
||
75 | if (!pp) |
||
76 | return; |
||
77 | |||
78 | @@ -411,7 +412,7 @@ void nf_unregister_net_hook(struct net * |
||
79 | return; |
||
80 | } |
||
81 | |||
82 | - nf_remove_net_hook(p, reg, reg->pf); |
||
83 | + nf_remove_net_hook(p, reg, pf); |
||
84 | |||
85 | p = __nf_hook_entries_try_shrink(pp); |
||
86 | mutex_unlock(&nf_hook_mutex); |
||
87 | @@ -421,8 +422,42 @@ void nf_unregister_net_hook(struct net * |
||
88 | nf_queue_nf_hook_drop(net); |
||
89 | nf_hook_entries_free(p); |
||
90 | } |
||
91 | + |
||
92 | +void nf_unregister_net_hook(struct net *net, const struct nf_hook_ops *reg) |
||
93 | +{ |
||
94 | + if (reg->pf == NFPROTO_INET) { |
||
95 | + __nf_unregister_net_hook(net, NFPROTO_IPV4, reg); |
||
96 | + __nf_unregister_net_hook(net, NFPROTO_IPV6, reg); |
||
97 | + } else { |
||
98 | + __nf_unregister_net_hook(net, reg->pf, reg); |
||
99 | + } |
||
100 | +} |
||
101 | EXPORT_SYMBOL(nf_unregister_net_hook); |
||
102 | |||
103 | +int nf_register_net_hook(struct net *net, const struct nf_hook_ops *reg) |
||
104 | +{ |
||
105 | + int err; |
||
106 | + |
||
107 | + if (reg->pf == NFPROTO_INET) { |
||
108 | + err = __nf_register_net_hook(net, NFPROTO_IPV4, reg); |
||
109 | + if (err < 0) |
||
110 | + return err; |
||
111 | + |
||
112 | + err = __nf_register_net_hook(net, NFPROTO_IPV6, reg); |
||
113 | + if (err < 0) { |
||
114 | + __nf_unregister_net_hook(net, NFPROTO_IPV4, reg); |
||
115 | + return err; |
||
116 | + } |
||
117 | + } else { |
||
118 | + err = __nf_register_net_hook(net, reg->pf, reg); |
||
119 | + if (err < 0) |
||
120 | + return err; |
||
121 | + } |
||
122 | + |
||
123 | + return 0; |
||
124 | +} |
||
125 | +EXPORT_SYMBOL(nf_register_net_hook); |
||
126 | + |
||
127 | int nf_register_net_hooks(struct net *net, const struct nf_hook_ops *reg, |
||
128 | unsigned int n) |
||
129 | { |