Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fe72926b authored Sep 21, 2016 by Florian Westphal Committed by Pablo Neira Ayuso Sep 24, 2016

netfilter: call nf_hook_state_init with rcu_read_lock held



This makes things simpler because we can store the head of the list
in the nf_state structure without worrying about concurrent add/delete
of hook elements from the list.

A future commit will make use of this to implement a simpler
linked-list.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Aaron Conole <aconole@bytheb.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent c5136b15

include/linux/netfilter.h

+7 −1

Original line number	Diff line number	Diff line
		@@ -174,10 +174,16 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,

		if (!list_empty(hook_list)) {
		struct nf_hook_state state;
		int ret;

		/* We may already have this, but read-locks nest anyway */
		rcu_read_lock();
		nf_hook_state_init(&state, hook_list, hook, thresh,
		pf, indev, outdev, sk, net, okfn);
		return nf_hook_slow(skb, &state);

		ret = nf_hook_slow(skb, &state);
		rcu_read_unlock();
		return ret;
		}
		return 1;
		}

include/linux/netfilter_ingress.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -14,6 +14,7 @@ static inline bool nf_hook_ingress_active(const struct sk_buff *skb)
		return !list_empty(&skb->dev->nf_hooks_ingress);
		}

		/* caller must hold rcu_read_lock */
		static inline int nf_hook_ingress(struct sk_buff *skb)
		{
		struct nf_hook_state state;