diff options
author | Patrick McHardy <kaber@trash.net> | 2008-01-31 19:57:15 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:28:25 -0500 |
commit | 72eb7bd2693d83e161442b709b107dd77c77b4f2 (patch) | |
tree | d823cbbf98ed196f280a230fd3cb0268fd65a5a0 | |
parent | 52913246e0056c9c6215a778a3b31b6b9ce5c3ef (diff) |
[NET_SCHED]: sch_ingress: remove netfilter support
Since the old policer code is gone, TC actions are needed for policing.
The ingress qdisc can get packets directly from netif_receive_skb()
in case TC actions are enabled or through netfilter otherwise, but
since without TC actions there is no policer the only thing it actually
does is count packets.
Remove the netfilter support and always require TC actions.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/sched/Kconfig | 2 | ||||
-rw-r--r-- | net/sched/sch_ingress.c | 79 |
2 files changed, 1 insertions, 80 deletions
diff --git a/net/sched/Kconfig b/net/sched/Kconfig index 87af7c913d81..7d4085a4af66 100644 --- a/net/sched/Kconfig +++ b/net/sched/Kconfig | |||
@@ -198,7 +198,7 @@ config NET_SCH_NETEM | |||
198 | 198 | ||
199 | config NET_SCH_INGRESS | 199 | config NET_SCH_INGRESS |
200 | tristate "Ingress Qdisc" | 200 | tristate "Ingress Qdisc" |
201 | depends on NET_CLS_ACT || NETFILTER | 201 | depends on NET_CLS_ACT |
202 | ---help--- | 202 | ---help--- |
203 | Say Y here if you want to use classifiers for incoming packets. | 203 | Say Y here if you want to use classifiers for incoming packets. |
204 | If unsure, say Y. | 204 | If unsure, say Y. |
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c index 3f72d528273c..274b1ddb160c 100644 --- a/net/sched/sch_ingress.c +++ b/net/sched/sch_ingress.c | |||
@@ -12,18 +12,10 @@ | |||
12 | #include <linux/list.h> | 12 | #include <linux/list.h> |
13 | #include <linux/skbuff.h> | 13 | #include <linux/skbuff.h> |
14 | #include <linux/rtnetlink.h> | 14 | #include <linux/rtnetlink.h> |
15 | #include <linux/netfilter_ipv4.h> | ||
16 | #include <linux/netfilter_ipv6.h> | ||
17 | #include <linux/netfilter.h> | ||
18 | #include <net/netlink.h> | 15 | #include <net/netlink.h> |
19 | #include <net/pkt_sched.h> | 16 | #include <net/pkt_sched.h> |
20 | 17 | ||
21 | 18 | ||
22 | /* Thanks to Doron Oz for this hack */ | ||
23 | #if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER) | ||
24 | static int nf_registered; | ||
25 | #endif | ||
26 | |||
27 | struct ingress_qdisc_data { | 19 | struct ingress_qdisc_data { |
28 | struct tcf_proto *filter_list; | 20 | struct tcf_proto *filter_list; |
29 | }; | 21 | }; |
@@ -84,11 +76,6 @@ static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch) | |||
84 | 76 | ||
85 | result = tc_classify(skb, p->filter_list, &res); | 77 | result = tc_classify(skb, p->filter_list, &res); |
86 | 78 | ||
87 | /* | ||
88 | * Unlike normal "enqueue" functions, ingress_enqueue returns a | ||
89 | * firewall FW_* code. | ||
90 | */ | ||
91 | #ifdef CONFIG_NET_CLS_ACT | ||
92 | sch->bstats.packets++; | 79 | sch->bstats.packets++; |
93 | sch->bstats.bytes += skb->len; | 80 | sch->bstats.bytes += skb->len; |
94 | switch (result) { | 81 | switch (result) { |
@@ -107,71 +94,10 @@ static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch) | |||
107 | result = TC_ACT_OK; | 94 | result = TC_ACT_OK; |
108 | break; | 95 | break; |
109 | } | 96 | } |
110 | #else | ||
111 | result = NF_ACCEPT; | ||
112 | sch->bstats.packets++; | ||
113 | sch->bstats.bytes += skb->len; | ||
114 | #endif | ||
115 | 97 | ||
116 | return result; | 98 | return result; |
117 | } | 99 | } |
118 | 100 | ||
119 | #if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER) | ||
120 | static unsigned int ing_hook(unsigned int hook, struct sk_buff *skb, | ||
121 | const struct net_device *indev, | ||
122 | const struct net_device *outdev, | ||
123 | int (*okfn)(struct sk_buff *)) | ||
124 | { | ||
125 | |||
126 | struct Qdisc *q; | ||
127 | struct net_device *dev = skb->dev; | ||
128 | int fwres = NF_ACCEPT; | ||
129 | |||
130 | if (dev->qdisc_ingress) { | ||
131 | spin_lock(&dev->ingress_lock); | ||
132 | if ((q = dev->qdisc_ingress) != NULL) | ||
133 | fwres = q->enqueue(skb, q); | ||
134 | spin_unlock(&dev->ingress_lock); | ||
135 | } | ||
136 | |||
137 | return fwres; | ||
138 | } | ||
139 | |||
140 | /* after ipt_filter */ | ||
141 | static struct nf_hook_ops ing_ops[] __read_mostly = { | ||
142 | { | ||
143 | .hook = ing_hook, | ||
144 | .owner = THIS_MODULE, | ||
145 | .pf = PF_INET, | ||
146 | .hooknum = NF_INET_PRE_ROUTING, | ||
147 | .priority = NF_IP_PRI_FILTER + 1, | ||
148 | }, | ||
149 | { | ||
150 | .hook = ing_hook, | ||
151 | .owner = THIS_MODULE, | ||
152 | .pf = PF_INET6, | ||
153 | .hooknum = NF_INET_PRE_ROUTING, | ||
154 | .priority = NF_IP6_PRI_FILTER + 1, | ||
155 | }, | ||
156 | }; | ||
157 | #endif | ||
158 | |||
159 | static int ingress_init(struct Qdisc *sch, struct nlattr *opt) | ||
160 | { | ||
161 | #if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER) | ||
162 | printk("Ingress scheduler: Classifier actions prefered over netfilter\n"); | ||
163 | |||
164 | if (!nf_registered) { | ||
165 | if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) { | ||
166 | printk("ingress qdisc registration error \n"); | ||
167 | return -EINVAL; | ||
168 | } | ||
169 | nf_registered++; | ||
170 | } | ||
171 | #endif | ||
172 | return 0; | ||
173 | } | ||
174 | |||
175 | /* ------------------------------------------------------------- */ | 101 | /* ------------------------------------------------------------- */ |
176 | 102 | ||
177 | static void ingress_destroy(struct Qdisc *sch) | 103 | static void ingress_destroy(struct Qdisc *sch) |
@@ -213,7 +139,6 @@ static struct Qdisc_ops ingress_qdisc_ops __read_mostly = { | |||
213 | .id = "ingress", | 139 | .id = "ingress", |
214 | .priv_size = sizeof(struct ingress_qdisc_data), | 140 | .priv_size = sizeof(struct ingress_qdisc_data), |
215 | .enqueue = ingress_enqueue, | 141 | .enqueue = ingress_enqueue, |
216 | .init = ingress_init, | ||
217 | .destroy = ingress_destroy, | 142 | .destroy = ingress_destroy, |
218 | .dump = ingress_dump, | 143 | .dump = ingress_dump, |
219 | .owner = THIS_MODULE, | 144 | .owner = THIS_MODULE, |
@@ -227,10 +152,6 @@ static int __init ingress_module_init(void) | |||
227 | static void __exit ingress_module_exit(void) | 152 | static void __exit ingress_module_exit(void) |
228 | { | 153 | { |
229 | unregister_qdisc(&ingress_qdisc_ops); | 154 | unregister_qdisc(&ingress_qdisc_ops); |
230 | #if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER) | ||
231 | if (nf_registered) | ||
232 | nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops)); | ||
233 | #endif | ||
234 | } | 155 | } |
235 | 156 | ||
236 | module_init(ingress_module_init) | 157 | module_init(ingress_module_init) |