2b44066f1aadae66b73ceb1415112d9764ee1bd4
[librecmc/librecmc.git] /
1 From: Pablo Neira Ayuso <pablo@netfilter.org>
2 Date: Wed, 20 Dec 2017 16:12:55 +0100
3 Subject: [PATCH] netfilter: remove saveroute indirection in struct nf_afinfo
4
5 This is only used by nf_queue.c and this function comes with no symbol
6 dependencies with IPv6, it just refers to structure layouts. Therefore,
7 we can replace it by a direct function call from where it belongs.
8
9 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
10 ---
11
12 --- a/include/linux/netfilter.h
13 +++ b/include/linux/netfilter.h
14 @@ -313,8 +313,6 @@ struct nf_afinfo {
15         unsigned short  family;
16         int             (*route)(struct net *net, struct dst_entry **dst,
17                                  struct flowi *fl, bool strict);
18 -       void            (*saveroute)(const struct sk_buff *skb,
19 -                                    struct nf_queue_entry *entry);
20         int             (*reroute)(struct net *net, struct sk_buff *skb,
21                                    const struct nf_queue_entry *entry);
22         int             route_key_size;
23 --- a/include/linux/netfilter_ipv4.h
24 +++ b/include/linux/netfilter_ipv4.h
25 @@ -6,6 +6,16 @@
26  
27  #include <uapi/linux/netfilter_ipv4.h>
28  
29 +/* Extra routing may needed on local out, as the QUEUE target never returns
30 + * control to the table.
31 + */
32 +struct ip_rt_info {
33 +       __be32 daddr;
34 +       __be32 saddr;
35 +       u_int8_t tos;
36 +       u_int32_t mark;
37 +};
38 +
39  int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type);
40  
41  #ifdef CONFIG_INET
42 --- a/include/linux/netfilter_ipv6.h
43 +++ b/include/linux/netfilter_ipv6.h
44 @@ -9,6 +9,15 @@
45  
46  #include <uapi/linux/netfilter_ipv6.h>
47  
48 +/* Extra routing may needed on local out, as the QUEUE target never returns
49 + * control to the table.
50 + */
51 +struct ip6_rt_info {
52 +       struct in6_addr daddr;
53 +       struct in6_addr saddr;
54 +       u_int32_t mark;
55 +};
56 +
57  /*
58   * Hook functions for ipv6 to allow xt_* modules to be built-in even
59   * if IPv6 is a module.
60 --- a/net/bridge/netfilter/nf_tables_bridge.c
61 +++ b/net/bridge/netfilter/nf_tables_bridge.c
62 @@ -95,11 +95,6 @@ static const struct nf_chain_type filter
63                           (1 << NF_BR_POST_ROUTING),
64  };
65  
66 -static void nf_br_saveroute(const struct sk_buff *skb,
67 -                           struct nf_queue_entry *entry)
68 -{
69 -}
70 -
71  static int nf_br_reroute(struct net *net, struct sk_buff *skb,
72                          const struct nf_queue_entry *entry)
73  {
74 @@ -115,7 +110,6 @@ static int nf_br_route(struct net *net,
75  static const struct nf_afinfo nf_br_afinfo = {
76         .family                 = AF_BRIDGE,
77         .route                  = nf_br_route,
78 -       .saveroute              = nf_br_saveroute,
79         .reroute                = nf_br_reroute,
80         .route_key_size         = 0,
81  };
82 --- a/net/ipv4/netfilter.c
83 +++ b/net/ipv4/netfilter.c
84 @@ -80,33 +80,6 @@ int ip_route_me_harder(struct net *net,
85  }
86  EXPORT_SYMBOL(ip_route_me_harder);
87  
88 -/*
89 - * Extra routing may needed on local out, as the QUEUE target never
90 - * returns control to the table.
91 - */
92 -
93 -struct ip_rt_info {
94 -       __be32 daddr;
95 -       __be32 saddr;
96 -       u_int8_t tos;
97 -       u_int32_t mark;
98 -};
99 -
100 -static void nf_ip_saveroute(const struct sk_buff *skb,
101 -                           struct nf_queue_entry *entry)
102 -{
103 -       struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);
104 -
105 -       if (entry->state.hook == NF_INET_LOCAL_OUT) {
106 -               const struct iphdr *iph = ip_hdr(skb);
107 -
108 -               rt_info->tos = iph->tos;
109 -               rt_info->daddr = iph->daddr;
110 -               rt_info->saddr = iph->saddr;
111 -               rt_info->mark = skb->mark;
112 -       }
113 -}
114 -
115  static int nf_ip_reroute(struct net *net, struct sk_buff *skb,
116                          const struct nf_queue_entry *entry)
117  {
118 @@ -190,7 +163,6 @@ static int nf_ip_route(struct net *net,
119  static const struct nf_afinfo nf_ip_afinfo = {
120         .family                 = AF_INET,
121         .route                  = nf_ip_route,
122 -       .saveroute              = nf_ip_saveroute,
123         .reroute                = nf_ip_reroute,
124         .route_key_size         = sizeof(struct ip_rt_info),
125  };
126 --- a/net/ipv6/netfilter.c
127 +++ b/net/ipv6/netfilter.c
128 @@ -70,31 +70,6 @@ int ip6_route_me_harder(struct net *net,
129  }
130  EXPORT_SYMBOL(ip6_route_me_harder);
131  
132 -/*
133 - * Extra routing may needed on local out, as the QUEUE target never
134 - * returns control to the table.
135 - */
136 -
137 -struct ip6_rt_info {
138 -       struct in6_addr daddr;
139 -       struct in6_addr saddr;
140 -       u_int32_t mark;
141 -};
142 -
143 -static void nf_ip6_saveroute(const struct sk_buff *skb,
144 -                            struct nf_queue_entry *entry)
145 -{
146 -       struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);
147 -
148 -       if (entry->state.hook == NF_INET_LOCAL_OUT) {
149 -               const struct ipv6hdr *iph = ipv6_hdr(skb);
150 -
151 -               rt_info->daddr = iph->daddr;
152 -               rt_info->saddr = iph->saddr;
153 -               rt_info->mark = skb->mark;
154 -       }
155 -}
156 -
157  static int nf_ip6_reroute(struct net *net, struct sk_buff *skb,
158                           const struct nf_queue_entry *entry)
159  {
160 @@ -202,7 +177,6 @@ static const struct nf_ipv6_ops ipv6ops
161  static const struct nf_afinfo nf_ip6_afinfo = {
162         .family                 = AF_INET6,
163         .route                  = nf_ip6_route,
164 -       .saveroute              = nf_ip6_saveroute,
165         .reroute                = nf_ip6_reroute,
166         .route_key_size         = sizeof(struct ip6_rt_info),
167  };
168 --- a/net/netfilter/nf_queue.c
169 +++ b/net/netfilter/nf_queue.c
170 @@ -10,6 +10,8 @@
171  #include <linux/proc_fs.h>
172  #include <linux/skbuff.h>
173  #include <linux/netfilter.h>
174 +#include <linux/netfilter_ipv4.h>
175 +#include <linux/netfilter_ipv6.h>
176  #include <linux/netfilter_bridge.h>
177  #include <linux/seq_file.h>
178  #include <linux/rcupdate.h>
179 @@ -108,6 +110,35 @@ void nf_queue_nf_hook_drop(struct net *n
180  }
181  EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop);
182  
183 +static void nf_ip_saveroute(const struct sk_buff *skb,
184 +                           struct nf_queue_entry *entry)
185 +{
186 +       struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);
187 +
188 +       if (entry->state.hook == NF_INET_LOCAL_OUT) {
189 +               const struct iphdr *iph = ip_hdr(skb);
190 +
191 +               rt_info->tos = iph->tos;
192 +               rt_info->daddr = iph->daddr;
193 +               rt_info->saddr = iph->saddr;
194 +               rt_info->mark = skb->mark;
195 +       }
196 +}
197 +
198 +static void nf_ip6_saveroute(const struct sk_buff *skb,
199 +                            struct nf_queue_entry *entry)
200 +{
201 +       struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);
202 +
203 +       if (entry->state.hook == NF_INET_LOCAL_OUT) {
204 +               const struct ipv6hdr *iph = ipv6_hdr(skb);
205 +
206 +               rt_info->daddr = iph->daddr;
207 +               rt_info->saddr = iph->saddr;
208 +               rt_info->mark = skb->mark;
209 +       }
210 +}
211 +
212  static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state,
213                       const struct nf_hook_entries *entries,
214                       unsigned int index, unsigned int queuenum)
215 @@ -144,7 +175,16 @@ static int __nf_queue(struct sk_buff *sk
216  
217         nf_queue_entry_get_refs(entry);
218         skb_dst_force(skb);
219 -       afinfo->saveroute(skb, entry);
220 +
221 +       switch (entry->state.pf) {
222 +       case AF_INET:
223 +               nf_ip_saveroute(skb, entry);
224 +               break;
225 +       case AF_INET6:
226 +               nf_ip6_saveroute(skb, entry);
227 +               break;
228 +       }
229 +
230         status = qh->outfn(entry, queuenum);
231  
232         if (status < 0) {