diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/sched/Kconfig | 2 | ||||
-rw-r--r-- | net/sched/sch_ingress.c | 79 |
2 files changed, 1 insertions, 80 deletions
diff --git a/net/sched/Kconfig b/net/sched/Kconfig index 87af7c913d81..7d4085a4af66 100644 --- a/net/sched/Kconfig +++ b/net/sched/Kconfig | |||
@@ -198,7 +198,7 @@ config NET_SCH_NETEM | |||
198 | 198 | ||
199 | config NET_SCH_INGRESS | 199 | config NET_SCH_INGRESS |
200 | tristate "Ingress Qdisc" | 200 | tristate "Ingress Qdisc" |
201 | depends on NET_CLS_ACT || NETFILTER | 201 | depends on NET_CLS_ACT |
202 | ---help--- | 202 | ---help--- |
203 | Say Y here if you want to use classifiers for incoming packets. | 203 | Say Y here if you want to use classifiers for incoming packets. |
204 | If unsure, say Y. | 204 | If unsure, say Y. |
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c index 3f72d528273c..274b1ddb160c 100644 --- a/net/sched/sch_ingress.c +++ b/net/sched/sch_ingress.c | |||
@@ -12,18 +12,10 @@ | |||
12 | #include <linux/list.h> | 12 | #include <linux/list.h> |
13 | #include <linux/skbuff.h> | 13 | #include <linux/skbuff.h> |
14 | #include <linux/rtnetlink.h> | 14 | #include <linux/rtnetlink.h> |
15 | #include <linux/netfilter_ipv4.h> | ||
16 | #include <linux/netfilter_ipv6.h> | ||
17 | #include <linux/netfilter.h> | ||
18 | #include <net/netlink.h> | 15 | #include <net/netlink.h> |
19 | #include <net/pkt_sched.h> | 16 | #include <net/pkt_sched.h> |
20 | 17 | ||
21 | 18 | ||
22 | /* Thanks to Doron Oz for this hack */ | ||
23 | #if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER) | ||
24 | static int nf_registered; | ||
25 | #endif | ||
26 | |||
27 | struct ingress_qdisc_data { | 19 | struct ingress_qdisc_data { |
28 | struct tcf_proto *filter_list; | 20 | struct tcf_proto *filter_list; |
29 | }; | 21 | }; |
@@ -84,11 +76,6 @@ static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch) | |||
84 | 76 | ||
85 | result = tc_classify(skb, p->filter_list, &res); | 77 | result = tc_classify(skb, p->filter_list, &res); |
86 | 78 | ||
87 | /* | ||
88 | * Unlike normal "enqueue" functions, ingress_enqueue returns a | ||
89 | * firewall FW_* code. | ||
90 | */ | ||
91 | #ifdef CONFIG_NET_CLS_ACT | ||
92 | sch->bstats.packets++; | 79 | sch->bstats.packets++; |
93 | sch->bstats.bytes += skb->len; | 80 | sch->bstats.bytes += skb->len; |
94 | switch (result) { | 81 | switch (result) { |
@@ -107,71 +94,10 @@ static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch) | |||
107 | result = TC_ACT_OK; | 94 | result = TC_ACT_OK; |
108 | break; | 95 | break; |
109 | } | 96 | } |
110 | #else | ||
111 | result = NF_ACCEPT; | ||
112 | sch->bstats.packets++; | ||
113 | sch->bstats.bytes += skb->len; | ||
114 | #endif | ||
115 | 97 | ||
116 | return result; | 98 | return result; |
117 | } | 99 | } |
118 | 100 | ||
119 | #if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER) | ||
120 | static unsigned int ing_hook(unsigned int hook, struct sk_buff *skb, | ||
121 | const struct net_device *indev, | ||
122 | const struct net_device *outdev, | ||
123 | int (*okfn)(struct sk_buff *)) | ||
124 | { | ||
125 | |||
126 | struct Qdisc *q; | ||
127 | struct net_device *dev = skb->dev; | ||
128 | int fwres = NF_ACCEPT; | ||
129 | |||
130 | if (dev->qdisc_ingress) { | ||
131 | spin_lock(&dev->ingress_lock); | ||
132 | if ((q = dev->qdisc_ingress) != NULL) | ||
133 | fwres = q->enqueue(skb, q); | ||
134 | spin_unlock(&dev->ingress_lock); | ||
135 | } | ||
136 | |||
137 | return fwres; | ||
138 | } | ||
139 | |||
140 | /* after ipt_filter */ | ||
141 | static struct nf_hook_ops ing_ops[] __read_mostly = { | ||
142 | { | ||
143 | .hook = ing_hook, | ||
144 | .owner = THIS_MODULE, | ||
145 | .pf = PF_INET, | ||
146 | .hooknum = NF_INET_PRE_ROUTING, | ||
147 | .priority = NF_IP_PRI_FILTER + 1, | ||
148 | }, | ||
149 | { | ||
150 | .hook = ing_hook, | ||
151 | .owner = THIS_MODULE, | ||
152 | .pf = PF_INET6, | ||
153 | .hooknum = NF_INET_PRE_ROUTING, | ||
154 | .priority = NF_IP6_PRI_FILTER + 1, | ||
155 | }, | ||
156 | }; | ||
157 | #endif | ||
158 | |||
159 | static int ingress_init(struct Qdisc *sch, struct nlattr *opt) | ||
160 | { | ||
161 | #if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER) | ||
162 | printk("Ingress scheduler: Classifier actions prefered over netfilter\n"); | ||
163 | |||
164 | if (!nf_registered) { | ||
165 | if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) { | ||
166 | printk("ingress qdisc registration error \n"); | ||
167 | return -EINVAL; | ||
168 | } | ||
169 | nf_registered++; | ||
170 | } | ||
171 | #endif | ||
172 | return 0; | ||
173 | } | ||
174 | |||
175 | /* ------------------------------------------------------------- */ | 101 | /* ------------------------------------------------------------- */ |
176 | 102 | ||
177 | static void ingress_destroy(struct Qdisc *sch) | 103 | static void ingress_destroy(struct Qdisc *sch) |
@@ -213,7 +139,6 @@ static struct Qdisc_ops ingress_qdisc_ops __read_mostly = { | |||
213 | .id = "ingress", | 139 | .id = "ingress", |
214 | .priv_size = sizeof(struct ingress_qdisc_data), | 140 | .priv_size = sizeof(struct ingress_qdisc_data), |
215 | .enqueue = ingress_enqueue, | 141 | .enqueue = ingress_enqueue, |
216 | .init = ingress_init, | ||
217 | .destroy = ingress_destroy, | 142 | .destroy = ingress_destroy, |
218 | .dump = ingress_dump, | 143 | .dump = ingress_dump, |
219 | .owner = THIS_MODULE, | 144 | .owner = THIS_MODULE, |
@@ -227,10 +152,6 @@ static int __init ingress_module_init(void) | |||
227 | static void __exit ingress_module_exit(void) | 152 | static void __exit ingress_module_exit(void) |
228 | { | 153 | { |
229 | unregister_qdisc(&ingress_qdisc_ops); | 154 | unregister_qdisc(&ingress_qdisc_ops); |
230 | #if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER) | ||
231 | if (nf_registered) | ||
232 | nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops)); | ||
233 | #endif | ||
234 | } | 155 | } |
235 | 156 | ||
236 | module_init(ingress_module_init) | 157 | module_init(ingress_module_init) |