OpenWrt – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | From: Pablo Neira Ayuso <pablo@netfilter.org> |
2 | Date: Wed, 20 Dec 2017 16:12:55 +0100 |
||
3 | Subject: [PATCH] netfilter: remove saveroute indirection in struct nf_afinfo |
||
4 | |||
5 | This is only used by nf_queue.c and this function comes with no symbol |
||
6 | dependencies with IPv6, it just refers to structure layouts. Therefore, |
||
7 | we can replace it by a direct function call from where it belongs. |
||
8 | |||
9 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
10 | --- |
||
11 | |||
12 | --- a/include/linux/netfilter.h |
||
13 | +++ b/include/linux/netfilter.h |
||
14 | @@ -313,8 +313,6 @@ struct nf_afinfo { |
||
15 | unsigned short family; |
||
16 | int (*route)(struct net *net, struct dst_entry **dst, |
||
17 | struct flowi *fl, bool strict); |
||
18 | - void (*saveroute)(const struct sk_buff *skb, |
||
19 | - struct nf_queue_entry *entry); |
||
20 | int (*reroute)(struct net *net, struct sk_buff *skb, |
||
21 | const struct nf_queue_entry *entry); |
||
22 | int route_key_size; |
||
23 | --- a/include/linux/netfilter_ipv4.h |
||
24 | +++ b/include/linux/netfilter_ipv4.h |
||
25 | @@ -6,6 +6,16 @@ |
||
26 | |||
27 | #include <uapi/linux/netfilter_ipv4.h> |
||
28 | |||
29 | +/* Extra routing may needed on local out, as the QUEUE target never returns |
||
30 | + * control to the table. |
||
31 | + */ |
||
32 | +struct ip_rt_info { |
||
33 | + __be32 daddr; |
||
34 | + __be32 saddr; |
||
35 | + u_int8_t tos; |
||
36 | + u_int32_t mark; |
||
37 | +}; |
||
38 | + |
||
39 | int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type); |
||
40 | |||
41 | #ifdef CONFIG_INET |
||
42 | --- a/include/linux/netfilter_ipv6.h |
||
43 | +++ b/include/linux/netfilter_ipv6.h |
||
44 | @@ -9,6 +9,15 @@ |
||
45 | |||
46 | #include <uapi/linux/netfilter_ipv6.h> |
||
47 | |||
48 | +/* Extra routing may needed on local out, as the QUEUE target never returns |
||
49 | + * control to the table. |
||
50 | + */ |
||
51 | +struct ip6_rt_info { |
||
52 | + struct in6_addr daddr; |
||
53 | + struct in6_addr saddr; |
||
54 | + u_int32_t mark; |
||
55 | +}; |
||
56 | + |
||
57 | /* |
||
58 | * Hook functions for ipv6 to allow xt_* modules to be built-in even |
||
59 | * if IPv6 is a module. |
||
60 | --- a/net/bridge/netfilter/nf_tables_bridge.c |
||
61 | +++ b/net/bridge/netfilter/nf_tables_bridge.c |
||
62 | @@ -95,11 +95,6 @@ static const struct nf_chain_type filter |
||
63 | (1 << NF_BR_POST_ROUTING), |
||
64 | }; |
||
65 | |||
66 | -static void nf_br_saveroute(const struct sk_buff *skb, |
||
67 | - struct nf_queue_entry *entry) |
||
68 | -{ |
||
69 | -} |
||
70 | - |
||
71 | static int nf_br_reroute(struct net *net, struct sk_buff *skb, |
||
72 | const struct nf_queue_entry *entry) |
||
73 | { |
||
74 | @@ -115,7 +110,6 @@ static int nf_br_route(struct net *net, |
||
75 | static const struct nf_afinfo nf_br_afinfo = { |
||
76 | .family = AF_BRIDGE, |
||
77 | .route = nf_br_route, |
||
78 | - .saveroute = nf_br_saveroute, |
||
79 | .reroute = nf_br_reroute, |
||
80 | .route_key_size = 0, |
||
81 | }; |
||
82 | --- a/net/ipv4/netfilter.c |
||
83 | +++ b/net/ipv4/netfilter.c |
||
84 | @@ -80,33 +80,6 @@ int ip_route_me_harder(struct net *net, |
||
85 | } |
||
86 | EXPORT_SYMBOL(ip_route_me_harder); |
||
87 | |||
88 | -/* |
||
89 | - * Extra routing may needed on local out, as the QUEUE target never |
||
90 | - * returns control to the table. |
||
91 | - */ |
||
92 | - |
||
93 | -struct ip_rt_info { |
||
94 | - __be32 daddr; |
||
95 | - __be32 saddr; |
||
96 | - u_int8_t tos; |
||
97 | - u_int32_t mark; |
||
98 | -}; |
||
99 | - |
||
100 | -static void nf_ip_saveroute(const struct sk_buff *skb, |
||
101 | - struct nf_queue_entry *entry) |
||
102 | -{ |
||
103 | - struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry); |
||
104 | - |
||
105 | - if (entry->state.hook == NF_INET_LOCAL_OUT) { |
||
106 | - const struct iphdr *iph = ip_hdr(skb); |
||
107 | - |
||
108 | - rt_info->tos = iph->tos; |
||
109 | - rt_info->daddr = iph->daddr; |
||
110 | - rt_info->saddr = iph->saddr; |
||
111 | - rt_info->mark = skb->mark; |
||
112 | - } |
||
113 | -} |
||
114 | - |
||
115 | static int nf_ip_reroute(struct net *net, struct sk_buff *skb, |
||
116 | const struct nf_queue_entry *entry) |
||
117 | { |
||
118 | @@ -190,7 +163,6 @@ static int nf_ip_route(struct net *net, |
||
119 | static const struct nf_afinfo nf_ip_afinfo = { |
||
120 | .family = AF_INET, |
||
121 | .route = nf_ip_route, |
||
122 | - .saveroute = nf_ip_saveroute, |
||
123 | .reroute = nf_ip_reroute, |
||
124 | .route_key_size = sizeof(struct ip_rt_info), |
||
125 | }; |
||
126 | --- a/net/ipv6/netfilter.c |
||
127 | +++ b/net/ipv6/netfilter.c |
||
128 | @@ -70,31 +70,6 @@ int ip6_route_me_harder(struct net *net, |
||
129 | } |
||
130 | EXPORT_SYMBOL(ip6_route_me_harder); |
||
131 | |||
132 | -/* |
||
133 | - * Extra routing may needed on local out, as the QUEUE target never |
||
134 | - * returns control to the table. |
||
135 | - */ |
||
136 | - |
||
137 | -struct ip6_rt_info { |
||
138 | - struct in6_addr daddr; |
||
139 | - struct in6_addr saddr; |
||
140 | - u_int32_t mark; |
||
141 | -}; |
||
142 | - |
||
143 | -static void nf_ip6_saveroute(const struct sk_buff *skb, |
||
144 | - struct nf_queue_entry *entry) |
||
145 | -{ |
||
146 | - struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry); |
||
147 | - |
||
148 | - if (entry->state.hook == NF_INET_LOCAL_OUT) { |
||
149 | - const struct ipv6hdr *iph = ipv6_hdr(skb); |
||
150 | - |
||
151 | - rt_info->daddr = iph->daddr; |
||
152 | - rt_info->saddr = iph->saddr; |
||
153 | - rt_info->mark = skb->mark; |
||
154 | - } |
||
155 | -} |
||
156 | - |
||
157 | static int nf_ip6_reroute(struct net *net, struct sk_buff *skb, |
||
158 | const struct nf_queue_entry *entry) |
||
159 | { |
||
160 | @@ -202,7 +177,6 @@ static const struct nf_ipv6_ops ipv6ops |
||
161 | static const struct nf_afinfo nf_ip6_afinfo = { |
||
162 | .family = AF_INET6, |
||
163 | .route = nf_ip6_route, |
||
164 | - .saveroute = nf_ip6_saveroute, |
||
165 | .reroute = nf_ip6_reroute, |
||
166 | .route_key_size = sizeof(struct ip6_rt_info), |
||
167 | }; |
||
168 | --- a/net/netfilter/nf_queue.c |
||
169 | +++ b/net/netfilter/nf_queue.c |
||
170 | @@ -10,6 +10,8 @@ |
||
171 | #include <linux/proc_fs.h> |
||
172 | #include <linux/skbuff.h> |
||
173 | #include <linux/netfilter.h> |
||
174 | +#include <linux/netfilter_ipv4.h> |
||
175 | +#include <linux/netfilter_ipv6.h> |
||
176 | #include <linux/netfilter_bridge.h> |
||
177 | #include <linux/seq_file.h> |
||
178 | #include <linux/rcupdate.h> |
||
179 | @@ -108,6 +110,35 @@ void nf_queue_nf_hook_drop(struct net *n |
||
180 | } |
||
181 | EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop); |
||
182 | |||
183 | +static void nf_ip_saveroute(const struct sk_buff *skb, |
||
184 | + struct nf_queue_entry *entry) |
||
185 | +{ |
||
186 | + struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry); |
||
187 | + |
||
188 | + if (entry->state.hook == NF_INET_LOCAL_OUT) { |
||
189 | + const struct iphdr *iph = ip_hdr(skb); |
||
190 | + |
||
191 | + rt_info->tos = iph->tos; |
||
192 | + rt_info->daddr = iph->daddr; |
||
193 | + rt_info->saddr = iph->saddr; |
||
194 | + rt_info->mark = skb->mark; |
||
195 | + } |
||
196 | +} |
||
197 | + |
||
198 | +static void nf_ip6_saveroute(const struct sk_buff *skb, |
||
199 | + struct nf_queue_entry *entry) |
||
200 | +{ |
||
201 | + struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry); |
||
202 | + |
||
203 | + if (entry->state.hook == NF_INET_LOCAL_OUT) { |
||
204 | + const struct ipv6hdr *iph = ipv6_hdr(skb); |
||
205 | + |
||
206 | + rt_info->daddr = iph->daddr; |
||
207 | + rt_info->saddr = iph->saddr; |
||
208 | + rt_info->mark = skb->mark; |
||
209 | + } |
||
210 | +} |
||
211 | + |
||
212 | static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, |
||
213 | const struct nf_hook_entries *entries, |
||
214 | unsigned int index, unsigned int queuenum) |
||
215 | @@ -144,7 +175,16 @@ static int __nf_queue(struct sk_buff *sk |
||
216 | |||
217 | nf_queue_entry_get_refs(entry); |
||
218 | skb_dst_force(skb); |
||
219 | - afinfo->saveroute(skb, entry); |
||
220 | + |
||
221 | + switch (entry->state.pf) { |
||
222 | + case AF_INET: |
||
223 | + nf_ip_saveroute(skb, entry); |
||
224 | + break; |
||
225 | + case AF_INET6: |
||
226 | + nf_ip6_saveroute(skb, entry); |
||
227 | + break; |
||
228 | + } |
||
229 | + |
||
230 | status = qh->outfn(entry, queuenum); |
||
231 | |||
232 | if (status < 0) { |