OpenWrt – Blame information for rev 1
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | From: Pablo Neira Ayuso <pablo@netfilter.org> |
2 | Date: Mon, 27 Nov 2017 21:55:14 +0100 |
||
3 | Subject: [PATCH] netfilter: move checksum indirection to struct nf_ipv6_ops |
||
4 | |||
5 | We cannot make a direct call to nf_ip6_checksum() because that would |
||
6 | result in autoloading the 'ipv6' module because of symbol dependencies. |
||
7 | Therefore, define checksum indirection in nf_ipv6_ops where this really |
||
8 | belongs to. |
||
9 | |||
10 | For IPv4, we can indeed make a direct function call, which is faster, |
||
11 | given IPv4 is built-in in the networking code by default. Still, |
||
12 | CONFIG_INET=n and CONFIG_NETFILTER=y is possible, so define empty inline |
||
13 | stub for IPv4 in such case. |
||
14 | |||
15 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
16 | --- |
||
17 | create mode 100644 net/netfilter/utils.c |
||
18 | |||
19 | --- a/include/linux/netfilter.h |
||
20 | +++ b/include/linux/netfilter.h |
||
21 | @@ -311,8 +311,6 @@ struct nf_queue_entry; |
||
22 | |||
23 | struct nf_afinfo { |
||
24 | unsigned short family; |
||
25 | - __sum16 (*checksum)(struct sk_buff *skb, unsigned int hook, |
||
26 | - unsigned int dataoff, u_int8_t protocol); |
||
27 | __sum16 (*checksum_partial)(struct sk_buff *skb, |
||
28 | unsigned int hook, |
||
29 | unsigned int dataoff, |
||
30 | @@ -333,20 +331,9 @@ static inline const struct nf_afinfo *nf |
||
31 | return rcu_dereference(nf_afinfo[family]); |
||
32 | } |
||
33 | |||
34 | -static inline __sum16 |
||
35 | -nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff, |
||
36 | - u_int8_t protocol, unsigned short family) |
||
37 | -{ |
||
38 | - const struct nf_afinfo *afinfo; |
||
39 | - __sum16 csum = 0; |
||
40 | - |
||
41 | - rcu_read_lock(); |
||
42 | - afinfo = nf_get_afinfo(family); |
||
43 | - if (afinfo) |
||
44 | - csum = afinfo->checksum(skb, hook, dataoff, protocol); |
||
45 | - rcu_read_unlock(); |
||
46 | - return csum; |
||
47 | -} |
||
48 | +__sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, |
||
49 | + unsigned int dataoff, u_int8_t protocol, |
||
50 | + unsigned short family); |
||
51 | |||
52 | static inline __sum16 |
||
53 | nf_checksum_partial(struct sk_buff *skb, unsigned int hook, |
||
54 | --- a/include/linux/netfilter_ipv4.h |
||
55 | +++ b/include/linux/netfilter_ipv4.h |
||
56 | @@ -7,6 +7,16 @@ |
||
57 | #include <uapi/linux/netfilter_ipv4.h> |
||
58 | |||
59 | int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type); |
||
60 | + |
||
61 | +#ifdef CONFIG_INET |
||
62 | __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, |
||
63 | unsigned int dataoff, u_int8_t protocol); |
||
64 | +#else |
||
65 | +static inline __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, |
||
66 | + unsigned int dataoff, u_int8_t protocol) |
||
67 | +{ |
||
68 | + return 0; |
||
69 | +} |
||
70 | +#endif /* CONFIG_INET */ |
||
71 | + |
||
72 | #endif /*__LINUX_IP_NETFILTER_H*/ |
||
73 | --- a/include/linux/netfilter_ipv6.h |
||
74 | +++ b/include/linux/netfilter_ipv6.h |
||
75 | @@ -19,6 +19,8 @@ struct nf_ipv6_ops { |
||
76 | void (*route_input)(struct sk_buff *skb); |
||
77 | int (*fragment)(struct net *net, struct sock *sk, struct sk_buff *skb, |
||
78 | int (*output)(struct net *, struct sock *, struct sk_buff *)); |
||
79 | + __sum16 (*checksum)(struct sk_buff *skb, unsigned int hook, |
||
80 | + unsigned int dataoff, u_int8_t protocol); |
||
81 | }; |
||
82 | |||
83 | #ifdef CONFIG_NETFILTER |
||
84 | --- a/net/bridge/netfilter/nf_tables_bridge.c |
||
85 | +++ b/net/bridge/netfilter/nf_tables_bridge.c |
||
86 | @@ -106,12 +106,6 @@ static int nf_br_reroute(struct net *net |
||
87 | return 0; |
||
88 | } |
||
89 | |||
90 | -static __sum16 nf_br_checksum(struct sk_buff *skb, unsigned int hook, |
||
91 | - unsigned int dataoff, u_int8_t protocol) |
||
92 | -{ |
||
93 | - return 0; |
||
94 | -} |
||
95 | - |
||
96 | static __sum16 nf_br_checksum_partial(struct sk_buff *skb, unsigned int hook, |
||
97 | unsigned int dataoff, unsigned int len, |
||
98 | u_int8_t protocol) |
||
99 | @@ -127,7 +121,6 @@ static int nf_br_route(struct net *net, |
||
100 | |||
101 | static const struct nf_afinfo nf_br_afinfo = { |
||
102 | .family = AF_BRIDGE, |
||
103 | - .checksum = nf_br_checksum, |
||
104 | .checksum_partial = nf_br_checksum_partial, |
||
105 | .route = nf_br_route, |
||
106 | .saveroute = nf_br_saveroute, |
||
107 | --- a/net/ipv4/netfilter.c |
||
108 | +++ b/net/ipv4/netfilter.c |
||
109 | @@ -188,7 +188,6 @@ static int nf_ip_route(struct net *net, |
||
110 | |||
111 | static const struct nf_afinfo nf_ip_afinfo = { |
||
112 | .family = AF_INET, |
||
113 | - .checksum = nf_ip_checksum, |
||
114 | .checksum_partial = nf_ip_checksum_partial, |
||
115 | .route = nf_ip_route, |
||
116 | .saveroute = nf_ip_saveroute, |
||
117 | --- a/net/ipv6/netfilter.c |
||
118 | +++ b/net/ipv6/netfilter.c |
||
119 | @@ -194,12 +194,12 @@ static __sum16 nf_ip6_checksum_partial(s |
||
120 | static const struct nf_ipv6_ops ipv6ops = { |
||
121 | .chk_addr = ipv6_chk_addr, |
||
122 | .route_input = ip6_route_input, |
||
123 | - .fragment = ip6_fragment |
||
124 | + .fragment = ip6_fragment, |
||
125 | + .checksum = nf_ip6_checksum, |
||
126 | }; |
||
127 | |||
128 | static const struct nf_afinfo nf_ip6_afinfo = { |
||
129 | .family = AF_INET6, |
||
130 | - .checksum = nf_ip6_checksum, |
||
131 | .checksum_partial = nf_ip6_checksum_partial, |
||
132 | .route = nf_ip6_route, |
||
133 | .saveroute = nf_ip6_saveroute, |
||
134 | --- a/net/netfilter/Makefile |
||
135 | +++ b/net/netfilter/Makefile |
||
136 | @@ -1,5 +1,5 @@ |
||
137 | # SPDX-License-Identifier: GPL-2.0 |
||
138 | -netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o |
||
139 | +netfilter-objs := core.o nf_log.o nf_queue.o nf_sockopt.o utils.o |
||
140 | |||
141 | nf_conntrack-y := nf_conntrack_core.o nf_conntrack_standalone.o nf_conntrack_expect.o nf_conntrack_helper.o nf_conntrack_proto.o nf_conntrack_l3proto_generic.o nf_conntrack_proto_generic.o nf_conntrack_proto_tcp.o nf_conntrack_proto_udp.o nf_conntrack_extend.o nf_conntrack_acct.o nf_conntrack_seqadj.o |
||
142 | nf_conntrack-$(CONFIG_NF_CONNTRACK_TIMEOUT) += nf_conntrack_timeout.o |
||
143 | --- /dev/null |
||
144 | +++ b/net/netfilter/utils.c |
||
145 | @@ -0,0 +1,26 @@ |
||
146 | +#include <linux/kernel.h> |
||
147 | +#include <linux/netfilter.h> |
||
148 | +#include <linux/netfilter_ipv4.h> |
||
149 | +#include <linux/netfilter_ipv6.h> |
||
150 | + |
||
151 | +__sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, |
||
152 | + unsigned int dataoff, u_int8_t protocol, |
||
153 | + unsigned short family) |
||
154 | +{ |
||
155 | + const struct nf_ipv6_ops *v6ops; |
||
156 | + __sum16 csum = 0; |
||
157 | + |
||
158 | + switch (family) { |
||
159 | + case AF_INET: |
||
160 | + csum = nf_ip_checksum(skb, hook, dataoff, protocol); |
||
161 | + break; |
||
162 | + case AF_INET6: |
||
163 | + v6ops = rcu_dereference(nf_ipv6_ops); |
||
164 | + if (v6ops) |
||
165 | + csum = v6ops->checksum(skb, hook, dataoff, protocol); |
||
166 | + break; |
||
167 | + } |
||
168 | + |
||
169 | + return csum; |
||
170 | +} |
||
171 | +EXPORT_SYMBOL_GPL(nf_checksum); |