diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter.c | 17 | ||||
-rw-r--r-- | net/ipv6/netfilter.c | 17 | ||||
-rw-r--r-- | net/netfilter/core.c | 23 | ||||
-rw-r--r-- | net/netfilter/nf_queue.c | 49 |
4 files changed, 54 insertions, 52 deletions
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c index b5ad9ac2fbcc..b25339c11ea0 100644 --- a/net/ipv4/netfilter.c +++ b/net/ipv4/netfilter.c | |||
@@ -133,7 +133,7 @@ struct ip_rt_info { | |||
133 | u_int8_t tos; | 133 | u_int8_t tos; |
134 | }; | 134 | }; |
135 | 135 | ||
136 | static void queue_save(const struct sk_buff *skb, struct nf_info *info) | 136 | static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info) |
137 | { | 137 | { |
138 | struct ip_rt_info *rt_info = nf_info_reroute(info); | 138 | struct ip_rt_info *rt_info = nf_info_reroute(info); |
139 | 139 | ||
@@ -146,7 +146,7 @@ static void queue_save(const struct sk_buff *skb, struct nf_info *info) | |||
146 | } | 146 | } |
147 | } | 147 | } |
148 | 148 | ||
149 | static int queue_reroute(struct sk_buff **pskb, const struct nf_info *info) | 149 | static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info) |
150 | { | 150 | { |
151 | const struct ip_rt_info *rt_info = nf_info_reroute(info); | 151 | const struct ip_rt_info *rt_info = nf_info_reroute(info); |
152 | 152 | ||
@@ -161,20 +161,21 @@ static int queue_reroute(struct sk_buff **pskb, const struct nf_info *info) | |||
161 | return 0; | 161 | return 0; |
162 | } | 162 | } |
163 | 163 | ||
164 | static struct nf_queue_rerouter ip_reroute = { | 164 | static struct nf_afinfo nf_ip_afinfo = { |
165 | .rer_size = sizeof(struct ip_rt_info), | 165 | .family = AF_INET, |
166 | .save = queue_save, | 166 | .saveroute = nf_ip_saveroute, |
167 | .reroute = queue_reroute, | 167 | .reroute = nf_ip_reroute, |
168 | .route_key_size = sizeof(struct ip_rt_info), | ||
168 | }; | 169 | }; |
169 | 170 | ||
170 | static int ipv4_netfilter_init(void) | 171 | static int ipv4_netfilter_init(void) |
171 | { | 172 | { |
172 | return nf_register_queue_rerouter(PF_INET, &ip_reroute); | 173 | return nf_register_afinfo(&nf_ip_afinfo); |
173 | } | 174 | } |
174 | 175 | ||
175 | static void ipv4_netfilter_fini(void) | 176 | static void ipv4_netfilter_fini(void) |
176 | { | 177 | { |
177 | nf_unregister_queue_rerouter(PF_INET); | 178 | nf_unregister_afinfo(&nf_ip_afinfo); |
178 | } | 179 | } |
179 | 180 | ||
180 | module_init(ipv4_netfilter_init); | 181 | module_init(ipv4_netfilter_init); |
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index d750cfc019dc..f514a0113b9f 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c | |||
@@ -54,7 +54,7 @@ struct ip6_rt_info { | |||
54 | struct in6_addr saddr; | 54 | struct in6_addr saddr; |
55 | }; | 55 | }; |
56 | 56 | ||
57 | static void save(const struct sk_buff *skb, struct nf_info *info) | 57 | static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info) |
58 | { | 58 | { |
59 | struct ip6_rt_info *rt_info = nf_info_reroute(info); | 59 | struct ip6_rt_info *rt_info = nf_info_reroute(info); |
60 | 60 | ||
@@ -66,7 +66,7 @@ static void save(const struct sk_buff *skb, struct nf_info *info) | |||
66 | } | 66 | } |
67 | } | 67 | } |
68 | 68 | ||
69 | static int reroute(struct sk_buff **pskb, const struct nf_info *info) | 69 | static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info) |
70 | { | 70 | { |
71 | struct ip6_rt_info *rt_info = nf_info_reroute(info); | 71 | struct ip6_rt_info *rt_info = nf_info_reroute(info); |
72 | 72 | ||
@@ -79,15 +79,16 @@ static int reroute(struct sk_buff **pskb, const struct nf_info *info) | |||
79 | return 0; | 79 | return 0; |
80 | } | 80 | } |
81 | 81 | ||
82 | static struct nf_queue_rerouter ip6_reroute = { | 82 | static struct nf_afinfo nf_ip6_afinfo = { |
83 | .rer_size = sizeof(struct ip6_rt_info), | 83 | .family = AF_INET6, |
84 | .save = &save, | 84 | .saveroute = nf_ip6_saveroute, |
85 | .reroute = &reroute, | 85 | .reroute = nf_ip6_reroute, |
86 | .route_key_size = sizeof(struct ip6_rt_info), | ||
86 | }; | 87 | }; |
87 | 88 | ||
88 | int __init ipv6_netfilter_init(void) | 89 | int __init ipv6_netfilter_init(void) |
89 | { | 90 | { |
90 | return nf_register_queue_rerouter(PF_INET6, &ip6_reroute); | 91 | return nf_register_afinfo(&nf_ip6_afinfo); |
91 | } | 92 | } |
92 | 93 | ||
93 | /* This can be called from inet6_init() on errors, so it cannot | 94 | /* This can be called from inet6_init() on errors, so it cannot |
@@ -95,5 +96,5 @@ int __init ipv6_netfilter_init(void) | |||
95 | */ | 96 | */ |
96 | void ipv6_netfilter_fini(void) | 97 | void ipv6_netfilter_fini(void) |
97 | { | 98 | { |
98 | nf_unregister_queue_rerouter(PF_INET6); | 99 | nf_unregister_afinfo(&nf_ip6_afinfo); |
99 | } | 100 | } |
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 645d62105571..8455a32ea5c4 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c | |||
@@ -27,6 +27,29 @@ | |||
27 | 27 | ||
28 | #include "nf_internals.h" | 28 | #include "nf_internals.h" |
29 | 29 | ||
30 | static DEFINE_SPINLOCK(afinfo_lock); | ||
31 | |||
32 | struct nf_afinfo *nf_afinfo[NPROTO]; | ||
33 | EXPORT_SYMBOL(nf_afinfo); | ||
34 | |||
35 | int nf_register_afinfo(struct nf_afinfo *afinfo) | ||
36 | { | ||
37 | spin_lock(&afinfo_lock); | ||
38 | rcu_assign_pointer(nf_afinfo[afinfo->family], afinfo); | ||
39 | spin_unlock(&afinfo_lock); | ||
40 | return 0; | ||
41 | } | ||
42 | EXPORT_SYMBOL_GPL(nf_register_afinfo); | ||
43 | |||
44 | void nf_unregister_afinfo(struct nf_afinfo *afinfo) | ||
45 | { | ||
46 | spin_lock(&afinfo_lock); | ||
47 | rcu_assign_pointer(nf_afinfo[afinfo->family], NULL); | ||
48 | spin_unlock(&afinfo_lock); | ||
49 | synchronize_rcu(); | ||
50 | } | ||
51 | EXPORT_SYMBOL_GPL(nf_unregister_afinfo); | ||
52 | |||
30 | /* In this code, we can be waiting indefinitely for userspace to | 53 | /* In this code, we can be waiting indefinitely for userspace to |
31 | * service a packet if a hook returns NF_QUEUE. We could keep a count | 54 | * service a packet if a hook returns NF_QUEUE. We could keep a count |
32 | * of skbuffs queued for userspace, and not deregister a hook unless | 55 | * of skbuffs queued for userspace, and not deregister a hook unless |
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index d9f0d7ef103b..ee8f70889f47 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
@@ -17,7 +17,6 @@ | |||
17 | * for queueing and must reinject all packets it receives, no matter what. | 17 | * for queueing and must reinject all packets it receives, no matter what. |
18 | */ | 18 | */ |
19 | static struct nf_queue_handler *queue_handler[NPROTO]; | 19 | static struct nf_queue_handler *queue_handler[NPROTO]; |
20 | static struct nf_queue_rerouter *queue_rerouter[NPROTO]; | ||
21 | 20 | ||
22 | static DEFINE_RWLOCK(queue_handler_lock); | 21 | static DEFINE_RWLOCK(queue_handler_lock); |
23 | 22 | ||
@@ -59,32 +58,6 @@ int nf_unregister_queue_handler(int pf) | |||
59 | } | 58 | } |
60 | EXPORT_SYMBOL(nf_unregister_queue_handler); | 59 | EXPORT_SYMBOL(nf_unregister_queue_handler); |
61 | 60 | ||
62 | int nf_register_queue_rerouter(int pf, struct nf_queue_rerouter *rer) | ||
63 | { | ||
64 | if (pf >= NPROTO) | ||
65 | return -EINVAL; | ||
66 | |||
67 | write_lock_bh(&queue_handler_lock); | ||
68 | rcu_assign_pointer(queue_rerouter[pf], rer); | ||
69 | write_unlock_bh(&queue_handler_lock); | ||
70 | |||
71 | return 0; | ||
72 | } | ||
73 | EXPORT_SYMBOL_GPL(nf_register_queue_rerouter); | ||
74 | |||
75 | int nf_unregister_queue_rerouter(int pf) | ||
76 | { | ||
77 | if (pf >= NPROTO) | ||
78 | return -EINVAL; | ||
79 | |||
80 | write_lock_bh(&queue_handler_lock); | ||
81 | rcu_assign_pointer(queue_rerouter[pf], NULL); | ||
82 | write_unlock_bh(&queue_handler_lock); | ||
83 | synchronize_rcu(); | ||
84 | return 0; | ||
85 | } | ||
86 | EXPORT_SYMBOL_GPL(nf_unregister_queue_rerouter); | ||
87 | |||
88 | void nf_unregister_queue_handlers(struct nf_queue_handler *qh) | 61 | void nf_unregister_queue_handlers(struct nf_queue_handler *qh) |
89 | { | 62 | { |
90 | int pf; | 63 | int pf; |
@@ -116,7 +89,7 @@ int nf_queue(struct sk_buff **skb, | |||
116 | struct net_device *physindev = NULL; | 89 | struct net_device *physindev = NULL; |
117 | struct net_device *physoutdev = NULL; | 90 | struct net_device *physoutdev = NULL; |
118 | #endif | 91 | #endif |
119 | struct nf_queue_rerouter *rerouter; | 92 | struct nf_afinfo *afinfo; |
120 | 93 | ||
121 | /* QUEUE == DROP if noone is waiting, to be safe. */ | 94 | /* QUEUE == DROP if noone is waiting, to be safe. */ |
122 | read_lock(&queue_handler_lock); | 95 | read_lock(&queue_handler_lock); |
@@ -126,7 +99,14 @@ int nf_queue(struct sk_buff **skb, | |||
126 | return 1; | 99 | return 1; |
127 | } | 100 | } |
128 | 101 | ||
129 | info = kmalloc(sizeof(*info)+queue_rerouter[pf]->rer_size, GFP_ATOMIC); | 102 | afinfo = nf_get_afinfo(pf); |
103 | if (!afinfo) { | ||
104 | read_unlock(&queue_handler_lock); | ||
105 | kfree_skb(*skb); | ||
106 | return 1; | ||
107 | } | ||
108 | |||
109 | info = kmalloc(sizeof(*info) + afinfo->route_key_size, GFP_ATOMIC); | ||
130 | if (!info) { | 110 | if (!info) { |
131 | if (net_ratelimit()) | 111 | if (net_ratelimit()) |
132 | printk(KERN_ERR "OOM queueing packet %p\n", | 112 | printk(KERN_ERR "OOM queueing packet %p\n", |
@@ -158,10 +138,7 @@ int nf_queue(struct sk_buff **skb, | |||
158 | if (physoutdev) dev_hold(physoutdev); | 138 | if (physoutdev) dev_hold(physoutdev); |
159 | } | 139 | } |
160 | #endif | 140 | #endif |
161 | rerouter = rcu_dereference(queue_rerouter[pf]); | 141 | afinfo->saveroute(*skb, info); |
162 | if (rerouter) | ||
163 | rerouter->save(*skb, info); | ||
164 | |||
165 | status = queue_handler[pf]->outfn(*skb, info, queuenum, | 142 | status = queue_handler[pf]->outfn(*skb, info, queuenum, |
166 | queue_handler[pf]->data); | 143 | queue_handler[pf]->data); |
167 | 144 | ||
@@ -190,7 +167,7 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
190 | { | 167 | { |
191 | struct list_head *elem = &info->elem->list; | 168 | struct list_head *elem = &info->elem->list; |
192 | struct list_head *i; | 169 | struct list_head *i; |
193 | struct nf_queue_rerouter *rerouter; | 170 | struct nf_afinfo *afinfo; |
194 | 171 | ||
195 | rcu_read_lock(); | 172 | rcu_read_lock(); |
196 | 173 | ||
@@ -228,8 +205,8 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
228 | } | 205 | } |
229 | 206 | ||
230 | if (verdict == NF_ACCEPT) { | 207 | if (verdict == NF_ACCEPT) { |
231 | rerouter = rcu_dereference(queue_rerouter[info->pf]); | 208 | afinfo = nf_get_afinfo(info->pf); |
232 | if (rerouter && rerouter->reroute(&skb, info) < 0) | 209 | if (!afinfo || afinfo->reroute(&skb, info) < 0) |
233 | verdict = NF_DROP; | 210 | verdict = NF_DROP; |
234 | } | 211 | } |
235 | 212 | ||