aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-01-31 19:57:15 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-31 22:28:25 -0500
commit72eb7bd2693d83e161442b709b107dd77c77b4f2 (patch)
treed823cbbf98ed196f280a230fd3cb0268fd65a5a0
parent52913246e0056c9c6215a778a3b31b6b9ce5c3ef (diff)
[NET_SCHED]: sch_ingress: remove netfilter support
Since the old policer code is gone, TC actions are needed for policing. The ingress qdisc can get packets directly from netif_receive_skb() in case TC actions are enabled or through netfilter otherwise, but since without TC actions there is no policer the only thing it actually does is count packets. Remove the netfilter support and always require TC actions. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/sched/Kconfig2
-rw-r--r--net/sched/sch_ingress.c79
2 files changed, 1 insertions, 80 deletions
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index 87af7c913d81..7d4085a4af66 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -198,7 +198,7 @@ config NET_SCH_NETEM
198 198
199config NET_SCH_INGRESS 199config NET_SCH_INGRESS
200 tristate "Ingress Qdisc" 200 tristate "Ingress Qdisc"
201 depends on NET_CLS_ACT || NETFILTER 201 depends on NET_CLS_ACT
202 ---help--- 202 ---help---
203 Say Y here if you want to use classifiers for incoming packets. 203 Say Y here if you want to use classifiers for incoming packets.
204 If unsure, say Y. 204 If unsure, say Y.
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c
index 3f72d528273c..274b1ddb160c 100644
--- a/net/sched/sch_ingress.c
+++ b/net/sched/sch_ingress.c
@@ -12,18 +12,10 @@
12#include <linux/list.h> 12#include <linux/list.h>
13#include <linux/skbuff.h> 13#include <linux/skbuff.h>
14#include <linux/rtnetlink.h> 14#include <linux/rtnetlink.h>
15#include <linux/netfilter_ipv4.h>
16#include <linux/netfilter_ipv6.h>
17#include <linux/netfilter.h>
18#include <net/netlink.h> 15#include <net/netlink.h>
19#include <net/pkt_sched.h> 16#include <net/pkt_sched.h>
20 17
21 18
22/* Thanks to Doron Oz for this hack */
23#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
24static int nf_registered;
25#endif
26
27struct ingress_qdisc_data { 19struct ingress_qdisc_data {
28 struct tcf_proto *filter_list; 20 struct tcf_proto *filter_list;
29}; 21};
@@ -84,11 +76,6 @@ static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch)
84 76
85 result = tc_classify(skb, p->filter_list, &res); 77 result = tc_classify(skb, p->filter_list, &res);
86 78
87 /*
88 * Unlike normal "enqueue" functions, ingress_enqueue returns a
89 * firewall FW_* code.
90 */
91#ifdef CONFIG_NET_CLS_ACT
92 sch->bstats.packets++; 79 sch->bstats.packets++;
93 sch->bstats.bytes += skb->len; 80 sch->bstats.bytes += skb->len;
94 switch (result) { 81 switch (result) {
@@ -107,71 +94,10 @@ static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch)
107 result = TC_ACT_OK; 94 result = TC_ACT_OK;
108 break; 95 break;
109 } 96 }
110#else
111 result = NF_ACCEPT;
112 sch->bstats.packets++;
113 sch->bstats.bytes += skb->len;
114#endif
115 97
116 return result; 98 return result;
117} 99}
118 100
119#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
120static unsigned int ing_hook(unsigned int hook, struct sk_buff *skb,
121 const struct net_device *indev,
122 const struct net_device *outdev,
123 int (*okfn)(struct sk_buff *))
124{
125
126 struct Qdisc *q;
127 struct net_device *dev = skb->dev;
128 int fwres = NF_ACCEPT;
129
130 if (dev->qdisc_ingress) {
131 spin_lock(&dev->ingress_lock);
132 if ((q = dev->qdisc_ingress) != NULL)
133 fwres = q->enqueue(skb, q);
134 spin_unlock(&dev->ingress_lock);
135 }
136
137 return fwres;
138}
139
140/* after ipt_filter */
141static struct nf_hook_ops ing_ops[] __read_mostly = {
142 {
143 .hook = ing_hook,
144 .owner = THIS_MODULE,
145 .pf = PF_INET,
146 .hooknum = NF_INET_PRE_ROUTING,
147 .priority = NF_IP_PRI_FILTER + 1,
148 },
149 {
150 .hook = ing_hook,
151 .owner = THIS_MODULE,
152 .pf = PF_INET6,
153 .hooknum = NF_INET_PRE_ROUTING,
154 .priority = NF_IP6_PRI_FILTER + 1,
155 },
156};
157#endif
158
159static int ingress_init(struct Qdisc *sch, struct nlattr *opt)
160{
161#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
162 printk("Ingress scheduler: Classifier actions prefered over netfilter\n");
163
164 if (!nf_registered) {
165 if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) {
166 printk("ingress qdisc registration error \n");
167 return -EINVAL;
168 }
169 nf_registered++;
170 }
171#endif
172 return 0;
173}
174
175/* ------------------------------------------------------------- */ 101/* ------------------------------------------------------------- */
176 102
177static void ingress_destroy(struct Qdisc *sch) 103static void ingress_destroy(struct Qdisc *sch)
@@ -213,7 +139,6 @@ static struct Qdisc_ops ingress_qdisc_ops __read_mostly = {
213 .id = "ingress", 139 .id = "ingress",
214 .priv_size = sizeof(struct ingress_qdisc_data), 140 .priv_size = sizeof(struct ingress_qdisc_data),
215 .enqueue = ingress_enqueue, 141 .enqueue = ingress_enqueue,
216 .init = ingress_init,
217 .destroy = ingress_destroy, 142 .destroy = ingress_destroy,
218 .dump = ingress_dump, 143 .dump = ingress_dump,
219 .owner = THIS_MODULE, 144 .owner = THIS_MODULE,
@@ -227,10 +152,6 @@ static int __init ingress_module_init(void)
227static void __exit ingress_module_exit(void) 152static void __exit ingress_module_exit(void)
228{ 153{
229 unregister_qdisc(&ingress_qdisc_ops); 154 unregister_qdisc(&ingress_qdisc_ops);
230#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
231 if (nf_registered)
232 nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops));
233#endif
234} 155}
235 156
236module_init(ingress_module_init) 157module_init(ingress_module_init)