diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-11-28 00:50:26 +0300 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-08 20:10:53 +0300 |
| commit | ce388f452f0af2013c657dd24be4415d94e7704f (patch) | |
| tree | 05f43955eee02314af8eab159ccbc2c0363c0c82 /include/linux | |
| parent | 3f87c08c615f567799b426aff0341ea8010a0ebb (diff) | |
| download | linux-ce388f452f0af2013c657dd24be4415d94e7704f.tar.xz | |
netfilter: move reroute indirection to struct nf_ipv6_ops
We cannot make a direct call to nf_ip6_reroute() because that would result
in autoloading the 'ipv6' module because of symbol dependencies.
Therefore, define reroute indirection in nf_ipv6_ops where this really
belongs to.
For IPv4, we can indeed make a direct function call, which is faster,
given IPv4 is built-in in the networking code by default. Still,
CONFIG_INET=n and CONFIG_NETFILTER=y is possible, so define empty inline
stub for IPv4 in such case.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter.h | 3 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4.h | 8 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv6.h | 3 |
3 files changed, 12 insertions, 2 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 02c35eabd348..8358e717eabd 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -311,8 +311,6 @@ struct nf_queue_entry; struct nf_afinfo { unsigned short family; - int (*reroute)(struct net *net, struct sk_buff *skb, - const struct nf_queue_entry *entry); int route_key_size; }; @@ -331,6 +329,7 @@ __sum16 nf_checksum_partial(struct sk_buff *skb, unsigned int hook, u_int8_t protocol, unsigned short family); int nf_route(struct net *net, struct dst_entry **dst, struct flowi *fl, bool strict, unsigned short family); +int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry); int nf_register_afinfo(const struct nf_afinfo *afinfo); void nf_unregister_afinfo(const struct nf_afinfo *afinfo); diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 2a4e2c415647..b31dabfdb453 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h @@ -18,6 +18,8 @@ struct ip_rt_info { int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type); +struct nf_queue_entry; + #ifdef CONFIG_INET __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff, u_int8_t protocol); @@ -26,6 +28,7 @@ __sum16 nf_ip_checksum_partial(struct sk_buff *skb, unsigned int hook, u_int8_t protocol); int nf_ip_route(struct net *net, struct dst_entry **dst, struct flowi *fl, bool strict); +int nf_ip_reroute(struct sk_buff *skb, const struct nf_queue_entry *entry); #else static inline __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff, u_int8_t protocol) @@ -45,6 +48,11 @@ static inline int nf_ip_route(struct net *net, struct dst_entry **dst, { return -EOPNOTSUPP; } +static inline int nf_ip_reroute(struct sk_buff *skb, + const struct nf_queue_entry *entry) +{ + return -EOPNOTSUPP; +} #endif /* CONFIG_INET */ #endif /*__LINUX_IP_NETFILTER_H*/ diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h index e5700bb314a1..288c597e75b3 100644 --- a/include/linux/netfilter_ipv6.h +++ b/include/linux/netfilter_ipv6.h @@ -18,6 +18,8 @@ struct ip6_rt_info { u_int32_t mark; }; +struct nf_queue_entry; + /* * Hook functions for ipv6 to allow xt_* modules to be built-in even * if IPv6 is a module. @@ -35,6 +37,7 @@ struct nf_ipv6_ops { u_int8_t protocol); int (*route)(struct net *net, struct dst_entry **dst, struct flowi *fl, bool strict); + int (*reroute)(struct sk_buff *skb, const struct nf_queue_entry *entry); }; #ifdef CONFIG_NETFILTER |