Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0c4b51f0 authored by Eric W. Biederman's avatar Eric W. Biederman Committed by David S. Miller
Browse files

netfilter: Pass net into okfn 



This is immediately motivated by the bridge code that chains functions that
call into netfilter.  Without passing net into the okfns the bridge code would
need to guess about the best expression for the network namespace to process
packets in.

As net is frequently one of the first things computed in continuation functions
after netfilter has done it's job passing in the desired network namespace is in
many cases a code simplification.

To support this change the function dst_output_okfn is introduced to
simplify passing dst_output as an okfn.  For the moment dst_output_okfn
just silently drops the struct net.

Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9dff2c96

drivers/net/vrf.c

+1 −1
Original line number Diff line number Diff line
@@ -253,7 +253,7 @@ static netdev_tx_t vrf_xmit(struct sk_buff *skb, struct net_device *dev) 
}



/* modelled after ip_finish_output2 */

static int vrf_finish_output(struct sock *sk, struct sk_buff *skb)

static int vrf_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)

{

	struct dst_entry *dst = skb_dst(skb);

	struct rtable *rt = (struct rtable *)dst;

include/linux/netdevice.h

+1 −1
Original line number Diff line number Diff line
@@ -2212,7 +2212,7 @@ int dev_open(struct net_device *dev); 
int dev_close(struct net_device *dev);

int dev_close_many(struct list_head *head, bool unlink);

void dev_disable_lro(struct net_device *dev);

int dev_loopback_xmit(struct sock *sk, struct sk_buff *newskb);

int dev_loopback_xmit(struct net *net, struct sock *sk, struct sk_buff *newskb);

int dev_queue_xmit(struct sk_buff *skb);

int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv);

int register_netdevice(struct net_device *dev);

include/linux/netfilter.h

+14 −12
Original line number Diff line number Diff line
@@ -56,7 +56,7 @@ struct nf_hook_state { 
	struct sock *sk;

	struct net *net;

	struct list_head *hook_list;

	int (*okfn)(struct sock *, struct sk_buff *);

	int (*okfn)(struct net *, struct sock *, struct sk_buff *);

};



static inline void nf_hook_state_init(struct nf_hook_state *p,
@@ -67,7 +67,7 @@ static inline void nf_hook_state_init(struct nf_hook_state *p, 
				      struct net_device *outdev,

				      struct sock *sk,

				      struct net *net,

				      int (*okfn)(struct sock *, struct sk_buff *))

				      int (*okfn)(struct net *, struct sock *, struct sk_buff *))

{

	p->hook = hook;

	p->thresh = thresh;
@@ -175,7 +175,7 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, 
				 struct sk_buff *skb,

				 struct net_device *indev,

				 struct net_device *outdev,

				 int (*okfn)(struct sock *, struct sk_buff *),

				 int (*okfn)(struct net *, struct sock *, struct sk_buff *),

				 int thresh)

{

	struct list_head *hook_list = &net->nf.hooks[pf][hook];
@@ -193,7 +193,7 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, 
static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net,

			  struct sock *sk, struct sk_buff *skb,

			  struct net_device *indev, struct net_device *outdev,

			  int (*okfn)(struct sock *, struct sk_buff *))

			  int (*okfn)(struct net *, struct sock *, struct sk_buff *))

{

	return nf_hook_thresh(pf, hook, net, sk, skb, indev, outdev, okfn, INT_MIN);

}
@@ -219,31 +219,33 @@ static inline int 
NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,

	       struct sk_buff *skb, struct net_device *in,

	       struct net_device *out,

	       int (*okfn)(struct sock *, struct sk_buff *), int thresh)

	       int (*okfn)(struct net *, struct sock *, struct sk_buff *),

	       int thresh)

{

	int ret = nf_hook_thresh(pf, hook, net, sk, skb, in, out, okfn, thresh);

	if (ret == 1)

		ret = okfn(sk, skb);

		ret = okfn(net, sk, skb);

	return ret;

}



static inline int

NF_HOOK_COND(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,

	     struct sk_buff *skb, struct net_device *in, struct net_device *out,

	     int (*okfn)(struct sock *, struct sk_buff *), bool cond)

	     int (*okfn)(struct net *, struct sock *, struct sk_buff *),

	     bool cond)

{

	int ret;



	if (!cond ||

	    ((ret = nf_hook_thresh(pf, hook, net, sk, skb, in, out, okfn, INT_MIN)) == 1))

		ret = okfn(sk, skb);

		ret = okfn(net, sk, skb);

	return ret;

}



static inline int

NF_HOOK(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, struct sk_buff *skb,

	struct net_device *in, struct net_device *out,

	int (*okfn)(struct sock *, struct sk_buff *))

	int (*okfn)(struct net *, struct sock *, struct sk_buff *))

{

	return NF_HOOK_THRESH(pf, hook, net, sk, skb, in, out, okfn, INT_MIN);

}
@@ -345,12 +347,12 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family) 
}



#else /* !CONFIG_NETFILTER */

#define NF_HOOK(pf, hook, net, sk, skb, indev, outdev, okfn) (okfn)(sk, skb)

#define NF_HOOK_COND(pf, hook, net, sk, skb, indev, outdev, okfn, cond) (okfn)(sk, skb)

#define NF_HOOK(pf, hook, net, sk, skb, indev, outdev, okfn) (okfn)(net, sk, skb)

#define NF_HOOK_COND(pf, hook, net, sk, skb, indev, outdev, okfn, cond) (okfn)(net, sk, skb)

static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net,

			  struct sock *sk, struct sk_buff *skb,

			  struct net_device *indev, struct net_device *outdev,

			  int (*okfn)(struct sock *, struct sk_buff *))

			  int (*okfn)(struct net *, struct sock *, struct sk_buff *))

{

	return 1;

}

include/linux/netfilter_bridge.h

+1 −1
Original line number Diff line number Diff line
@@ -17,7 +17,7 @@ enum nf_br_hook_priorities { 


#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)



int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb);

int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb);



static inline void br_drop_fake_rtable(struct sk_buff *skb)

{

include/net/dn_neigh.h

+3 −3
Original line number Diff line number Diff line
@@ -18,11 +18,11 @@ struct dn_neigh { 


void dn_neigh_init(void);

void dn_neigh_cleanup(void);

int dn_neigh_router_hello(struct sock *sk, struct sk_buff *skb);

int dn_neigh_endnode_hello(struct sock *sk, struct sk_buff *skb);

int dn_neigh_router_hello(struct net *net, struct sock *sk, struct sk_buff *skb);

int dn_neigh_endnode_hello(struct net *net, struct sock *sk, struct sk_buff *skb);

void dn_neigh_pointopoint_hello(struct sk_buff *skb);

int dn_neigh_elist(struct net_device *dev, unsigned char *ptr, int n);

int dn_to_neigh_output(struct sock *sk, struct sk_buff *skb);

int dn_to_neigh_output(struct net *net, struct sock *sk, struct sk_buff *skb);



extern struct neigh_table dn_neigh_table;