[NETFILTER]: add type parameter to ip_route_me_harder

By adding a type parameter to ip_route_me_harder() the
expensive call to inet_addr_type() can be avoided in some cases.
A followup patch where ip_route_me_harder() is called from within
ip_vs_out() is one such example.

Signed-off-By: Simon Horman <horms@verge.net.au>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

4 files changed, 11 insertions, 6 deletions

diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h
index ce02c984f3ba..5b63a231a76b 100644
--- a/include/linux/netfilter_ipv4.h
+++ b/include/linux/netfilter_ipv4.h
@@ -77,7 +77,7 @@ enum nf_ip_hook_priorities {
 #define SO_ORIGINAL_DST 80
 
 #ifdef __KERNEL__
-extern int ip_route_me_harder(struct sk_buff **pskb);
+extern int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type);
 extern int ip_xfrm_me_harder(struct sk_buff **pskb);
 extern unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
                                    unsigned int dataoff, u_int8_t protocol);
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 5ac15379a0cf..e2005c6810a4 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -8,7 +8,7 @@
 #include <net/ip.h>
 
 /* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
-int ip_route_me_harder(struct sk_buff **pskb)
+int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
 {
         struct iphdr *iph = (*pskb)->nh.iph;
         struct rtable *rt;
@@ -16,10 +16,13 @@ int ip_route_me_harder(struct sk_buff **pskb)
         struct dst_entry *odst;
         unsigned int hh_len;
 
+        if (addr_type == RTN_UNSPEC)
+                addr_type = inet_addr_type(iph->saddr);
+
         /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
          * packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook.
          */
-        if (inet_addr_type(iph->saddr) == RTN_LOCAL) {
+        if (addr_type == RTN_LOCAL) {
                 fl.nl_u.ip4_u.daddr = iph->daddr;
                 fl.nl_u.ip4_u.saddr = iph->saddr;
                 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
@@ -156,7 +159,7 @@ static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
                 if (!(iph->tos == rt_info->tos
                       && iph->daddr == rt_info->daddr
                       && iph->saddr == rt_info->saddr))
-                        return ip_route_me_harder(pskb);
+                        return ip_route_me_harder(pskb, RTN_UNSPEC);
         }
         return 0;
 }
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 021395b67463..d85d2de50449 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -265,7 +265,8 @@ ip_nat_local_fn(unsigned int hooknum,
                        ct->tuplehash[!dir].tuple.src.u.all
 #endif
                     )
-                        return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
+                        if (ip_route_me_harder(pskb, RTN_UNSPEC))
+                                ret = NF_DROP;
         }
         return ret;
 }
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index e62ea2bb9c0a..b91f3582359b 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -157,7 +157,8 @@ ipt_local_hook(unsigned int hook,
                 || (*pskb)->nfmark != nfmark
 #endif
                 || (*pskb)->nh.iph->tos != tos))
-                return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
+                if (ip_route_me_harder(pskb, RTN_UNSPEC))
+                        ret = NF_DROP;
 
         return ret;
 }