aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/sched/Kconfig2
-rw-r--r--net/sched/sch_ingress.c79
2 files changed, 1 insertions, 80 deletions
diff --git a/net/sched/Kconfig b/net/sched/Kconfig
index 87af7c913d81..7d4085a4af66 100644
--- a/net/sched/Kconfig
+++ b/net/sched/Kconfig
@@ -198,7 +198,7 @@ config NET_SCH_NETEM
198 198
199config NET_SCH_INGRESS 199config NET_SCH_INGRESS
200 tristate "Ingress Qdisc" 200 tristate "Ingress Qdisc"
201 depends on NET_CLS_ACT || NETFILTER 201 depends on NET_CLS_ACT
202 ---help--- 202 ---help---
203 Say Y here if you want to use classifiers for incoming packets. 203 Say Y here if you want to use classifiers for incoming packets.
204 If unsure, say Y. 204 If unsure, say Y.
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c
index 3f72d528273c..274b1ddb160c 100644
--- a/net/sched/sch_ingress.c
+++ b/net/sched/sch_ingress.c
@@ -12,18 +12,10 @@
12#include <linux/list.h> 12#include <linux/list.h>
13#include <linux/skbuff.h> 13#include <linux/skbuff.h>
14#include <linux/rtnetlink.h> 14#include <linux/rtnetlink.h>
15#include <linux/netfilter_ipv4.h>
16#include <linux/netfilter_ipv6.h>
17#include <linux/netfilter.h>
18#include <net/netlink.h> 15#include <net/netlink.h>
19#include <net/pkt_sched.h> 16#include <net/pkt_sched.h>
20 17
21 18
22/* Thanks to Doron Oz for this hack */
23#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
24static int nf_registered;
25#endif
26
27struct ingress_qdisc_data { 19struct ingress_qdisc_data {
28 struct tcf_proto *filter_list; 20 struct tcf_proto *filter_list;
29}; 21};
@@ -84,11 +76,6 @@ static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch)
84 76
85 result = tc_classify(skb, p->filter_list, &res); 77 result = tc_classify(skb, p->filter_list, &res);
86 78
87 /*
88 * Unlike normal "enqueue" functions, ingress_enqueue returns a
89 * firewall FW_* code.
90 */
91#ifdef CONFIG_NET_CLS_ACT
92 sch->bstats.packets++; 79 sch->bstats.packets++;
93 sch->bstats.bytes += skb->len; 80 sch->bstats.bytes += skb->len;
94 switch (result) { 81 switch (result) {
@@ -107,71 +94,10 @@ static int ingress_enqueue(struct sk_buff *skb, struct Qdisc *sch)
107 result = TC_ACT_OK; 94 result = TC_ACT_OK;
108 break; 95 break;
109 } 96 }
110#else
111 result = NF_ACCEPT;
112 sch->bstats.packets++;
113 sch->bstats.bytes += skb->len;
114#endif
115 97
116 return result; 98 return result;
117} 99}
118 100
119#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
120static unsigned int ing_hook(unsigned int hook, struct sk_buff *skb,
121 const struct net_device *indev,
122 const struct net_device *outdev,
123 int (*okfn)(struct sk_buff *))
124{
125
126 struct Qdisc *q;
127 struct net_device *dev = skb->dev;
128 int fwres = NF_ACCEPT;
129
130 if (dev->qdisc_ingress) {
131 spin_lock(&dev->ingress_lock);
132 if ((q = dev->qdisc_ingress) != NULL)
133 fwres = q->enqueue(skb, q);
134 spin_unlock(&dev->ingress_lock);
135 }
136
137 return fwres;
138}
139
140/* after ipt_filter */
141static struct nf_hook_ops ing_ops[] __read_mostly = {
142 {
143 .hook = ing_hook,
144 .owner = THIS_MODULE,
145 .pf = PF_INET,
146 .hooknum = NF_INET_PRE_ROUTING,
147 .priority = NF_IP_PRI_FILTER + 1,
148 },
149 {
150 .hook = ing_hook,
151 .owner = THIS_MODULE,
152 .pf = PF_INET6,
153 .hooknum = NF_INET_PRE_ROUTING,
154 .priority = NF_IP6_PRI_FILTER + 1,
155 },
156};
157#endif
158
159static int ingress_init(struct Qdisc *sch, struct nlattr *opt)
160{
161#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
162 printk("Ingress scheduler: Classifier actions prefered over netfilter\n");
163
164 if (!nf_registered) {
165 if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) {
166 printk("ingress qdisc registration error \n");
167 return -EINVAL;
168 }
169 nf_registered++;
170 }
171#endif
172 return 0;
173}
174
175/* ------------------------------------------------------------- */ 101/* ------------------------------------------------------------- */
176 102
177static void ingress_destroy(struct Qdisc *sch) 103static void ingress_destroy(struct Qdisc *sch)
@@ -213,7 +139,6 @@ static struct Qdisc_ops ingress_qdisc_ops __read_mostly = {
213 .id = "ingress", 139 .id = "ingress",
214 .priv_size = sizeof(struct ingress_qdisc_data), 140 .priv_size = sizeof(struct ingress_qdisc_data),
215 .enqueue = ingress_enqueue, 141 .enqueue = ingress_enqueue,
216 .init = ingress_init,
217 .destroy = ingress_destroy, 142 .destroy = ingress_destroy,
218 .dump = ingress_dump, 143 .dump = ingress_dump,
219 .owner = THIS_MODULE, 144 .owner = THIS_MODULE,
@@ -227,10 +152,6 @@ static int __init ingress_module_init(void)
227static void __exit ingress_module_exit(void) 152static void __exit ingress_module_exit(void)
228{ 153{
229 unregister_qdisc(&ingress_qdisc_ops); 154 unregister_qdisc(&ingress_qdisc_ops);
230#if !defined(CONFIG_NET_CLS_ACT) && defined(CONFIG_NETFILTER)
231 if (nf_registered)
232 nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops));
233#endif
234} 155}
235 156
236module_init(ingress_module_init) 157module_init(ingress_module_init)