netfilter: nf_tables: minor tracing cleanups (01ef16c2) · Commits · e / devices / android_kernel_oneplus_sm7250

net/netfilter/nf_tables_core.c

+49 −49

Original line number	Diff line number	Diff line
		@@ -21,6 +21,48 @@
		#include <net/netfilter/nf_tables.h>
		#include <net/netfilter/nf_log.h>

		enum nft_trace {
		NFT_TRACE_RULE,
		NFT_TRACE_RETURN,
		NFT_TRACE_POLICY,
		};

		static const char *const comments[] = {
		[NFT_TRACE_RULE] = "rule",
		[NFT_TRACE_RETURN] = "return",
		[NFT_TRACE_POLICY] = "policy",
		};

		static struct nf_loginfo trace_loginfo = {
		.type = NF_LOG_TYPE_LOG,
		.u = {
		.log = {
		.level = 4,
		.logflags = NF_LOG_MASK,
		},
		},
		};

		static void __nft_trace_packet(const struct nft_pktinfo *pkt,
		const struct nft_chain *chain,
		int rulenum, enum nft_trace type)
		{
		struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);

		nf_log_packet(net, pkt->xt.family, pkt->ops->hooknum, pkt->skb, pkt->in,
		pkt->out, &trace_loginfo, "TRACE: %s:%s:%s:%u ",
		chain->table->name, chain->name, comments[type],
		rulenum);
		}

		static inline void nft_trace_packet(const struct nft_pktinfo *pkt,
		const struct nft_chain *chain,
		int rulenum, enum nft_trace type)
		{
		if (unlikely(pkt->skb->nf_trace))
		__nft_trace_packet(pkt, chain, rulenum, type);
		}

		static void nft_cmp_fast_eval(const struct nft_expr *expr,
		struct nft_data data[NFT_REG_MAX + 1])
		{
		@@ -66,40 +108,6 @@ struct nft_jumpstack {
		int rulenum;
		};

		enum nft_trace {
		NFT_TRACE_RULE,
		NFT_TRACE_RETURN,
		NFT_TRACE_POLICY,
		};

		static const char *const comments[] = {
		[NFT_TRACE_RULE] = "rule",
		[NFT_TRACE_RETURN] = "return",
		[NFT_TRACE_POLICY] = "policy",
		};

		static struct nf_loginfo trace_loginfo = {
		.type = NF_LOG_TYPE_LOG,
		.u = {
		.log = {
		.level = 4,
		.logflags = NF_LOG_MASK,
		},
		},
		};

		static void nft_trace_packet(const struct nft_pktinfo *pkt,
		const struct nft_chain *chain,
		int rulenum, enum nft_trace type)
		{
		struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);

		nf_log_packet(net, pkt->xt.family, pkt->ops->hooknum, pkt->skb, pkt->in,
		pkt->out, &trace_loginfo, "TRACE: %s:%s:%s:%u ",
		chain->table->name, chain->name, comments[type],
		rulenum);
		}

		unsigned int
		nft_do_chain(struct nft_pktinfo pkt, const struct nf_hook_ops ops)
		{
		@@ -146,7 +154,6 @@ nft_do_chain(struct nft_pktinfo pkt, const struct nf_hook_ops ops)
		data[NFT_REG_VERDICT].verdict = NFT_CONTINUE;
		continue;
		case NFT_CONTINUE:
		if (unlikely(pkt->skb->nf_trace))
		nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE);
		continue;
		}
		@@ -157,15 +164,12 @@ nft_do_chain(struct nft_pktinfo pkt, const struct nf_hook_ops ops)
		case NF_ACCEPT:
		case NF_DROP:
		case NF_QUEUE:
		if (unlikely(pkt->skb->nf_trace))
		nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE);

		return data[NFT_REG_VERDICT].verdict;
		}

		switch (data[NFT_REG_VERDICT].verdict) {
		case NFT_JUMP:
		if (unlikely(pkt->skb->nf_trace))
		nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE);

		BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE);
		@@ -176,17 +180,14 @@ nft_do_chain(struct nft_pktinfo pkt, const struct nf_hook_ops ops)
		chain = data[NFT_REG_VERDICT].chain;
		goto do_chain;
		case NFT_GOTO:
		if (unlikely(pkt->skb->nf_trace))
		nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE);

		chain = data[NFT_REG_VERDICT].chain;
		goto do_chain;
		case NFT_RETURN:
		if (unlikely(pkt->skb->nf_trace))
		nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RETURN);
		break;
		case NFT_CONTINUE:
		if (unlikely(pkt->skb->nf_trace && !(chain->flags & NFT_BASE_CHAIN)))
		nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_RETURN);
		break;
		default:
		@@ -201,7 +202,6 @@ nft_do_chain(struct nft_pktinfo pkt, const struct nf_hook_ops ops)
		goto next_rule;
		}

		if (unlikely(pkt->skb->nf_trace))
		nft_trace_packet(pkt, basechain, -1, NFT_TRACE_POLICY);

		rcu_read_lock_bh();