Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1cf51900 authored by Pablo Neira's avatar Pablo Neira Committed by David S. Miller
Browse files

net: add CONFIG_NET_INGRESS to enable ingress filtering 



This new config switch enables the ingress filtering infrastructure that is
controlled through the ingress_needed static key. This prepares the
introduction of the Netfilter ingress hook that resides under this unique
static key.

Note that CONFIG_SCH_INGRESS automatically selects this, that should be no
problem since this also depends on CONFIG_NET_CLS_ACT.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Acked-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b8d0aad0

include/linux/rtnetlink.h

+1 −1
Original line number Diff line number Diff line
@@ -79,7 +79,7 @@ static inline struct netdev_queue *dev_ingress_queue(struct net_device *dev) 


struct netdev_queue *dev_ingress_queue_create(struct net_device *dev);



#ifdef CONFIG_NET_CLS_ACT

#ifdef CONFIG_NET_INGRESS

void net_inc_ingress_queue(void);

void net_dec_ingress_queue(void);

#endif

net/Kconfig

+3 −0
Original line number Diff line number Diff line
@@ -45,6 +45,9 @@ config COMPAT_NETLINK_MESSAGES 
	  Newly written code should NEVER need this option but do

	  compat-independent messages instead!



config NET_INGRESS

	bool



menu "Networking options"



source "net/packet/Kconfig"

net/core/dev.c

+4 −3
Original line number Diff line number Diff line
@@ -1630,7 +1630,7 @@ int call_netdevice_notifiers(unsigned long val, struct net_device *dev) 
}

EXPORT_SYMBOL(call_netdevice_notifiers);



#ifdef CONFIG_NET_CLS_ACT

#ifdef CONFIG_NET_INGRESS

static struct static_key ingress_needed __read_mostly;



void net_inc_ingress_queue(void)
@@ -3798,13 +3798,14 @@ another_round: 
	}



skip_taps:

#ifdef CONFIG_NET_CLS_ACT

#ifdef CONFIG_NET_INGRESS

	if (static_key_false(&ingress_needed)) {

		skb = handle_ing(skb, &pt_prev, &ret, orig_dev);

		if (!skb)

			goto unlock;

	}



#endif

#ifdef CONFIG_NET_CLS_ACT

	skb->tc_verd = 0;

ncls:

#endif

net/sched/Kconfig

+1 −0
Original line number Diff line number Diff line
@@ -312,6 +312,7 @@ config NET_SCH_PIE 
config NET_SCH_INGRESS

	tristate "Ingress Qdisc"

	depends on NET_CLS_ACT

	select NET_INGRESS

	---help---

	  Say Y here if you want to use classifiers for incoming packets.

	  If unsure, say Y.