Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 01886bd9 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: remove hook_entries field from nf_hook_state 



This field is only useful for nf_queue, so store it in the
nf_queue_entry structure instead, away from the core path. Pass
hook_head to nf_hook_slow().

Since we always have a valid entry on the first iteration in
nf_iterate(), we can use 'do { ... } while (entry)' loop instead.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c63cbc46

include/linux/netfilter.h

+4 −6
Original line number Diff line number Diff line
@@ -54,7 +54,6 @@ struct nf_hook_state { 
	struct net_device *out;

	struct sock *sk;

	struct net *net;

	struct nf_hook_entry __rcu *hook_entries;

	int (*okfn)(struct net *, struct sock *, struct sk_buff *);

};
@@ -81,7 +80,6 @@ struct nf_hook_entry { 
};



static inline void nf_hook_state_init(struct nf_hook_state *p,

				      struct nf_hook_entry *hook_entry,

				      unsigned int hook,

				      u_int8_t pf,

				      struct net_device *indev,
@@ -96,7 +94,6 @@ static inline void nf_hook_state_init(struct nf_hook_state *p, 
	p->out = outdev;

	p->sk = sk;

	p->net = net;

	RCU_INIT_POINTER(p->hook_entries, hook_entry);

	p->okfn = okfn;

}
@@ -150,7 +147,8 @@ void nf_unregister_sockopt(struct nf_sockopt_ops *reg); 
extern struct static_key nf_hooks_needed[NFPROTO_NUMPROTO][NF_MAX_HOOKS];

#endif



int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state);

int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state,

		 struct nf_hook_entry *entry);



/**

 *	nf_hook - call a netfilter hook
@@ -179,10 +177,10 @@ static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net, 
	if (hook_head) {

		struct nf_hook_state state;



		nf_hook_state_init(&state, hook_head, hook, pf, indev, outdev,

		nf_hook_state_init(&state, hook, pf, indev, outdev,

				   sk, net, okfn);



		ret = nf_hook_slow(skb, &state);

		ret = nf_hook_slow(skb, &state, hook_head);

	}

	rcu_read_unlock();

include/linux/netfilter_ingress.h

+2 −2
Original line number Diff line number Diff line
@@ -26,10 +26,10 @@ static inline int nf_hook_ingress(struct sk_buff *skb) 
	if (unlikely(!e))

		return 0;



	nf_hook_state_init(&state, e, NF_NETDEV_INGRESS,

	nf_hook_state_init(&state, NF_NETDEV_INGRESS,

			   NFPROTO_NETDEV, skb->dev, NULL, NULL,

			   dev_net(skb->dev), NULL);

	return nf_hook_slow(skb, &state);

	return nf_hook_slow(skb, &state, e);

}



static inline void nf_hook_ingress_init(struct net_device *dev)

include/net/netfilter/nf_queue.h

+1 −0
Original line number Diff line number Diff line
@@ -12,6 +12,7 @@ struct nf_queue_entry { 
	unsigned int		id;



	struct nf_hook_state	state;

	struct nf_hook_entry	*hook;

	u16			size; /* sizeof(entry) + saved route keys */



	/* extra space to store route keys */

net/bridge/br_netfilter_hooks.c

+2 −2
Original line number Diff line number Diff line
@@ -1018,10 +1018,10 @@ int br_nf_hook_thresh(unsigned int hook, struct net *net, 


	/* We may already have this, but read-locks nest anyway */

	rcu_read_lock();

	nf_hook_state_init(&state, elem, hook, NFPROTO_BRIDGE, indev, outdev,

	nf_hook_state_init(&state, hook, NFPROTO_BRIDGE, indev, outdev,

			   sk, net, okfn);



	ret = nf_hook_slow(skb, &state);

	ret = nf_hook_slow(skb, &state, elem);

	rcu_read_unlock();

	if (ret == 1)

		ret = okfn(net, sk, skb);

net/bridge/netfilter/ebtable_broute.c

+1 −1
Original line number Diff line number Diff line
@@ -53,7 +53,7 @@ static int ebt_broute(struct sk_buff *skb) 
	struct nf_hook_state state;

	int ret;



	nf_hook_state_init(&state, NULL, NF_BR_BROUTING,

	nf_hook_state_init(&state, NF_BR_BROUTING,

			   NFPROTO_BRIDGE, skb->dev, NULL, NULL,

			   dev_net(skb->dev), NULL);