aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Miller <davem@davemloft.net>2015-04-05 22:19:00 -0400
committerDavid S. Miller <davem@davemloft.net>2015-04-07 15:25:55 -0400
commit1c984f8a5df085bcf35364a8a870bd4db4da4ed3 (patch)
tree14dcad3877bc1bb657a32888d2af007c13b9d856
parent107a9f4dc9211c1f91703d1739d7fd22ac58b332 (diff)
netfilter: Add socket pointer to nf_hook_state.
It is currently always set to NULL, but nf_queue is adjusted to be prepared for it being set to a real socket by taking and releasing a reference to that socket when necessary. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--include/linux/netfilter.h7
-rw-r--r--net/netfilter/nf_queue.c4
2 files changed, 10 insertions, 1 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index b8c88f3c85ff..f8f58fab2402 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -45,12 +45,15 @@ struct sk_buff;
45 45
46struct nf_hook_ops; 46struct nf_hook_ops;
47 47
48struct sock;
49
48struct nf_hook_state { 50struct nf_hook_state {
49 unsigned int hook; 51 unsigned int hook;
50 int thresh; 52 int thresh;
51 u_int8_t pf; 53 u_int8_t pf;
52 struct net_device *in; 54 struct net_device *in;
53 struct net_device *out; 55 struct net_device *out;
56 struct sock *sk;
54 int (*okfn)(struct sk_buff *); 57 int (*okfn)(struct sk_buff *);
55}; 58};
56 59
@@ -59,6 +62,7 @@ static inline void nf_hook_state_init(struct nf_hook_state *p,
59 int thresh, u_int8_t pf, 62 int thresh, u_int8_t pf,
60 struct net_device *indev, 63 struct net_device *indev,
61 struct net_device *outdev, 64 struct net_device *outdev,
65 struct sock *sk,
62 int (*okfn)(struct sk_buff *)) 66 int (*okfn)(struct sk_buff *))
63{ 67{
64 p->hook = hook; 68 p->hook = hook;
@@ -66,6 +70,7 @@ static inline void nf_hook_state_init(struct nf_hook_state *p,
66 p->pf = pf; 70 p->pf = pf;
67 p->in = indev; 71 p->in = indev;
68 p->out = outdev; 72 p->out = outdev;
73 p->sk = sk;
69 p->okfn = okfn; 74 p->okfn = okfn;
70} 75}
71 76
@@ -160,7 +165,7 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
160 struct nf_hook_state state; 165 struct nf_hook_state state;
161 166
162 nf_hook_state_init(&state, hook, thresh, pf, 167 nf_hook_state_init(&state, hook, thresh, pf,
163 indev, outdev, okfn); 168 indev, outdev, NULL, okfn);
164 return nf_hook_slow(skb, &state); 169 return nf_hook_slow(skb, &state);
165 } 170 }
166 return 1; 171 return 1;
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index d3cd37edca18..c4a706678f88 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -54,6 +54,8 @@ void nf_queue_entry_release_refs(struct nf_queue_entry *entry)
54 dev_put(state->in); 54 dev_put(state->in);
55 if (state->out) 55 if (state->out)
56 dev_put(state->out); 56 dev_put(state->out);
57 if (state->sk)
58 sock_put(state->sk);
57#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 59#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
58 if (entry->skb->nf_bridge) { 60 if (entry->skb->nf_bridge) {
59 struct nf_bridge_info *nf_bridge = entry->skb->nf_bridge; 61 struct nf_bridge_info *nf_bridge = entry->skb->nf_bridge;
@@ -81,6 +83,8 @@ bool nf_queue_entry_get_refs(struct nf_queue_entry *entry)
81 dev_hold(state->in); 83 dev_hold(state->in);
82 if (state->out) 84 if (state->out)
83 dev_hold(state->out); 85 dev_hold(state->out);
86 if (state->sk)
87 sock_hold(state->sk);
84#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 88#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
85 if (entry->skb->nf_bridge) { 89 if (entry->skb->nf_bridge) {
86 struct nf_bridge_info *nf_bridge = entry->skb->nf_bridge; 90 struct nf_bridge_info *nf_bridge = entry->skb->nf_bridge;
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-19 08:57:29 -0500