diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2015-09-15 21:04:18 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-09-17 20:18:37 -0400 |
| commit | 0c4b51f0054ce85c0ec578ab818f0631834573eb (patch) | |
| tree | 73e729f58fbaf6420e0f390e36aa936ddaa219ef /include/linux | |
| parent | 9dff2c966a0a79a4222553a851f17e679fc28a43 (diff) | |
netfilter: Pass net into okfn
This is immediately motivated by the bridge code that chains functions that
call into netfilter. Without passing net into the okfns the bridge code would
need to guess about the best expression for the network namespace to process
packets in.
As net is frequently one of the first things computed in continuation functions
after netfilter has done it's job passing in the desired network namespace is in
many cases a code simplification.
To support this change the function dst_output_okfn is introduced to
simplify passing dst_output as an okfn. For the moment dst_output_okfn
just silently drops the struct net.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netdevice.h | 2 | ||||
| -rw-r--r-- | include/linux/netfilter.h | 26 | ||||
| -rw-r--r-- | include/linux/netfilter_bridge.h | 2 |
3 files changed, 16 insertions, 14 deletions
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index 97ab5c9a7069..b791405958b4 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h | |||
| @@ -2212,7 +2212,7 @@ int dev_open(struct net_device *dev); | |||
| 2212 | int dev_close(struct net_device *dev); | 2212 | int dev_close(struct net_device *dev); |
| 2213 | int dev_close_many(struct list_head *head, bool unlink); | 2213 | int dev_close_many(struct list_head *head, bool unlink); |
| 2214 | void dev_disable_lro(struct net_device *dev); | 2214 | void dev_disable_lro(struct net_device *dev); |
| 2215 | int dev_loopback_xmit(struct sock *sk, struct sk_buff *newskb); | 2215 | int dev_loopback_xmit(struct net *net, struct sock *sk, struct sk_buff *newskb); |
| 2216 | int dev_queue_xmit(struct sk_buff *skb); | 2216 | int dev_queue_xmit(struct sk_buff *skb); |
| 2217 | int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv); | 2217 | int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv); |
| 2218 | int register_netdevice(struct net_device *dev); | 2218 | int register_netdevice(struct net_device *dev); |
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 295f2650b5dc..0b4d4560f33d 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
| @@ -56,7 +56,7 @@ struct nf_hook_state { | |||
| 56 | struct sock *sk; | 56 | struct sock *sk; |
| 57 | struct net *net; | 57 | struct net *net; |
| 58 | struct list_head *hook_list; | 58 | struct list_head *hook_list; |
| 59 | int (*okfn)(struct sock *, struct sk_buff *); | 59 | int (*okfn)(struct net *, struct sock *, struct sk_buff *); |
| 60 | }; | 60 | }; |
| 61 | 61 | ||
| 62 | static inline void nf_hook_state_init(struct nf_hook_state *p, | 62 | static inline void nf_hook_state_init(struct nf_hook_state *p, |
| @@ -67,7 +67,7 @@ static inline void nf_hook_state_init(struct nf_hook_state *p, | |||
| 67 | struct net_device *outdev, | 67 | struct net_device *outdev, |
| 68 | struct sock *sk, | 68 | struct sock *sk, |
| 69 | struct net *net, | 69 | struct net *net, |
| 70 | int (*okfn)(struct sock *, struct sk_buff *)) | 70 | int (*okfn)(struct net *, struct sock *, struct sk_buff *)) |
| 71 | { | 71 | { |
| 72 | p->hook = hook; | 72 | p->hook = hook; |
| 73 | p->thresh = thresh; | 73 | p->thresh = thresh; |
| @@ -175,7 +175,7 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, | |||
| 175 | struct sk_buff *skb, | 175 | struct sk_buff *skb, |
| 176 | struct net_device *indev, | 176 | struct net_device *indev, |
| 177 | struct net_device *outdev, | 177 | struct net_device *outdev, |
| 178 | int (*okfn)(struct sock *, struct sk_buff *), | 178 | int (*okfn)(struct net *, struct sock *, struct sk_buff *), |
| 179 | int thresh) | 179 | int thresh) |
| 180 | { | 180 | { |
| 181 | struct list_head *hook_list = &net->nf.hooks[pf][hook]; | 181 | struct list_head *hook_list = &net->nf.hooks[pf][hook]; |
| @@ -193,7 +193,7 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, | |||
| 193 | static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net, | 193 | static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net, |
| 194 | struct sock *sk, struct sk_buff *skb, | 194 | struct sock *sk, struct sk_buff *skb, |
| 195 | struct net_device *indev, struct net_device *outdev, | 195 | struct net_device *indev, struct net_device *outdev, |
| 196 | int (*okfn)(struct sock *, struct sk_buff *)) | 196 | int (*okfn)(struct net *, struct sock *, struct sk_buff *)) |
| 197 | { | 197 | { |
| 198 | return nf_hook_thresh(pf, hook, net, sk, skb, indev, outdev, okfn, INT_MIN); | 198 | return nf_hook_thresh(pf, hook, net, sk, skb, indev, outdev, okfn, INT_MIN); |
| 199 | } | 199 | } |
| @@ -219,31 +219,33 @@ static inline int | |||
| 219 | NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, | 219 | NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, |
| 220 | struct sk_buff *skb, struct net_device *in, | 220 | struct sk_buff *skb, struct net_device *in, |
| 221 | struct net_device *out, | 221 | struct net_device *out, |
| 222 | int (*okfn)(struct sock *, struct sk_buff *), int thresh) | 222 | int (*okfn)(struct net *, struct sock *, struct sk_buff *), |
| 223 | int thresh) | ||
| 223 | { | 224 | { |
| 224 | int ret = nf_hook_thresh(pf, hook, net, sk, skb, in, out, okfn, thresh); | 225 | int ret = nf_hook_thresh(pf, hook, net, sk, skb, in, out, okfn, thresh); |
| 225 | if (ret == 1) | 226 | if (ret == 1) |
| 226 | ret = okfn(sk, skb); | 227 | ret = okfn(net, sk, skb); |
| 227 | return ret; | 228 | return ret; |
| 228 | } | 229 | } |
| 229 | 230 | ||
| 230 | static inline int | 231 | static inline int |
| 231 | NF_HOOK_COND(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, | 232 | NF_HOOK_COND(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, |
| 232 | struct sk_buff *skb, struct net_device *in, struct net_device *out, | 233 | struct sk_buff *skb, struct net_device *in, struct net_device *out, |
| 233 | int (*okfn)(struct sock *, struct sk_buff *), bool cond) | 234 | int (*okfn)(struct net *, struct sock *, struct sk_buff *), |
| 235 | bool cond) | ||
| 234 | { | 236 | { |
| 235 | int ret; | 237 | int ret; |
| 236 | 238 | ||
| 237 | if (!cond || | 239 | if (!cond || |
| 238 | ((ret = nf_hook_thresh(pf, hook, net, sk, skb, in, out, okfn, INT_MIN)) == 1)) | 240 | ((ret = nf_hook_thresh(pf, hook, net, sk, skb, in, out, okfn, INT_MIN)) == 1)) |
| 239 | ret = okfn(sk, skb); | 241 | ret = okfn(net, sk, skb); |
| 240 | return ret; | 242 | return ret; |
| 241 | } | 243 | } |
| 242 | 244 | ||
| 243 | static inline int | 245 | static inline int |
| 244 | NF_HOOK(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, struct sk_buff *skb, | 246 | NF_HOOK(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, struct sk_buff *skb, |
| 245 | struct net_device *in, struct net_device *out, | 247 | struct net_device *in, struct net_device *out, |
| 246 | int (*okfn)(struct sock *, struct sk_buff *)) | 248 | int (*okfn)(struct net *, struct sock *, struct sk_buff *)) |
| 247 | { | 249 | { |
| 248 | return NF_HOOK_THRESH(pf, hook, net, sk, skb, in, out, okfn, INT_MIN); | 250 | return NF_HOOK_THRESH(pf, hook, net, sk, skb, in, out, okfn, INT_MIN); |
| 249 | } | 251 | } |
| @@ -345,12 +347,12 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family) | |||
| 345 | } | 347 | } |
| 346 | 348 | ||
| 347 | #else /* !CONFIG_NETFILTER */ | 349 | #else /* !CONFIG_NETFILTER */ |
| 348 | #define NF_HOOK(pf, hook, net, sk, skb, indev, outdev, okfn) (okfn)(sk, skb) | 350 | #define NF_HOOK(pf, hook, net, sk, skb, indev, outdev, okfn) (okfn)(net, sk, skb) |
| 349 | #define NF_HOOK_COND(pf, hook, net, sk, skb, indev, outdev, okfn, cond) (okfn)(sk, skb) | 351 | #define NF_HOOK_COND(pf, hook, net, sk, skb, indev, outdev, okfn, cond) (okfn)(net, sk, skb) |
| 350 | static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net, | 352 | static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net, |
| 351 | struct sock *sk, struct sk_buff *skb, | 353 | struct sock *sk, struct sk_buff *skb, |
| 352 | struct net_device *indev, struct net_device *outdev, | 354 | struct net_device *indev, struct net_device *outdev, |
| 353 | int (*okfn)(struct sock *, struct sk_buff *)) | 355 | int (*okfn)(struct net *, struct sock *, struct sk_buff *)) |
| 354 | { | 356 | { |
| 355 | return 1; | 357 | return 1; |
| 356 | } | 358 | } |
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h index 2437b8a5d7a9..2ed40c402b5e 100644 --- a/include/linux/netfilter_bridge.h +++ b/include/linux/netfilter_bridge.h | |||
| @@ -17,7 +17,7 @@ enum nf_br_hook_priorities { | |||
| 17 | 17 | ||
| 18 | #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) | 18 | #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) |
| 19 | 19 | ||
| 20 | int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb); | 20 | int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb); |
| 21 | 21 | ||
| 22 | static inline void br_drop_fake_rtable(struct sk_buff *skb) | 22 | static inline void br_drop_fake_rtable(struct sk_buff *skb) |
| 23 | { | 23 | { |