1 From: Pablo Neira Ayuso <pablo@netfilter.org>
2 Date: Wed, 20 Dec 2017 16:12:55 +0100
3 Subject: [PATCH] netfilter: remove saveroute indirection in struct nf_afinfo
5 This is only used by nf_queue.c and this function comes with no symbol
6 dependencies with IPv6, it just refers to structure layouts. Therefore,
7 we can replace it by a direct function call from where it belongs.
9 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 --- a/include/linux/netfilter.h
13 +++ b/include/linux/netfilter.h
14 @@ -313,8 +313,6 @@ struct nf_afinfo {
15 unsigned short family;
16 int (*route)(struct net *net, struct dst_entry **dst,
17 struct flowi *fl, bool strict);
18 - void (*saveroute)(const struct sk_buff *skb,
19 - struct nf_queue_entry *entry);
20 int (*reroute)(struct net *net, struct sk_buff *skb,
21 const struct nf_queue_entry *entry);
23 --- a/include/linux/netfilter_ipv4.h
24 +++ b/include/linux/netfilter_ipv4.h
27 #include <uapi/linux/netfilter_ipv4.h>
29 +/* Extra routing may needed on local out, as the QUEUE target never returns
30 + * control to the table.
39 int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type);
42 --- a/include/linux/netfilter_ipv6.h
43 +++ b/include/linux/netfilter_ipv6.h
46 #include <uapi/linux/netfilter_ipv6.h>
48 +/* Extra routing may needed on local out, as the QUEUE target never returns
49 + * control to the table.
52 + struct in6_addr daddr;
53 + struct in6_addr saddr;
58 * Hook functions for ipv6 to allow xt_* modules to be built-in even
59 * if IPv6 is a module.
60 --- a/net/bridge/netfilter/nf_tables_bridge.c
61 +++ b/net/bridge/netfilter/nf_tables_bridge.c
62 @@ -95,11 +95,6 @@ static const struct nf_chain_type filter
63 (1 << NF_BR_POST_ROUTING),
66 -static void nf_br_saveroute(const struct sk_buff *skb,
67 - struct nf_queue_entry *entry)
71 static int nf_br_reroute(struct net *net, struct sk_buff *skb,
72 const struct nf_queue_entry *entry)
74 @@ -115,7 +110,6 @@ static int nf_br_route(struct net *net,
75 static const struct nf_afinfo nf_br_afinfo = {
78 - .saveroute = nf_br_saveroute,
79 .reroute = nf_br_reroute,
82 --- a/net/ipv4/netfilter.c
83 +++ b/net/ipv4/netfilter.c
84 @@ -80,33 +80,6 @@ int ip_route_me_harder(struct net *net,
86 EXPORT_SYMBOL(ip_route_me_harder);
89 - * Extra routing may needed on local out, as the QUEUE target never
90 - * returns control to the table.
100 -static void nf_ip_saveroute(const struct sk_buff *skb,
101 - struct nf_queue_entry *entry)
103 - struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);
105 - if (entry->state.hook == NF_INET_LOCAL_OUT) {
106 - const struct iphdr *iph = ip_hdr(skb);
108 - rt_info->tos = iph->tos;
109 - rt_info->daddr = iph->daddr;
110 - rt_info->saddr = iph->saddr;
111 - rt_info->mark = skb->mark;
115 static int nf_ip_reroute(struct net *net, struct sk_buff *skb,
116 const struct nf_queue_entry *entry)
118 @@ -190,7 +163,6 @@ static int nf_ip_route(struct net *net,
119 static const struct nf_afinfo nf_ip_afinfo = {
121 .route = nf_ip_route,
122 - .saveroute = nf_ip_saveroute,
123 .reroute = nf_ip_reroute,
124 .route_key_size = sizeof(struct ip_rt_info),
126 --- a/net/ipv6/netfilter.c
127 +++ b/net/ipv6/netfilter.c
128 @@ -72,31 +72,6 @@ int ip6_route_me_harder(struct net *net,
130 EXPORT_SYMBOL(ip6_route_me_harder);
133 - * Extra routing may needed on local out, as the QUEUE target never
134 - * returns control to the table.
137 -struct ip6_rt_info {
138 - struct in6_addr daddr;
139 - struct in6_addr saddr;
143 -static void nf_ip6_saveroute(const struct sk_buff *skb,
144 - struct nf_queue_entry *entry)
146 - struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);
148 - if (entry->state.hook == NF_INET_LOCAL_OUT) {
149 - const struct ipv6hdr *iph = ipv6_hdr(skb);
151 - rt_info->daddr = iph->daddr;
152 - rt_info->saddr = iph->saddr;
153 - rt_info->mark = skb->mark;
157 static int nf_ip6_reroute(struct net *net, struct sk_buff *skb,
158 const struct nf_queue_entry *entry)
160 @@ -204,7 +179,6 @@ static const struct nf_ipv6_ops ipv6ops
161 static const struct nf_afinfo nf_ip6_afinfo = {
163 .route = nf_ip6_route,
164 - .saveroute = nf_ip6_saveroute,
165 .reroute = nf_ip6_reroute,
166 .route_key_size = sizeof(struct ip6_rt_info),
168 --- a/net/netfilter/nf_queue.c
169 +++ b/net/netfilter/nf_queue.c
171 #include <linux/proc_fs.h>
172 #include <linux/skbuff.h>
173 #include <linux/netfilter.h>
174 +#include <linux/netfilter_ipv4.h>
175 +#include <linux/netfilter_ipv6.h>
176 #include <linux/netfilter_bridge.h>
177 #include <linux/seq_file.h>
178 #include <linux/rcupdate.h>
179 @@ -108,6 +110,35 @@ void nf_queue_nf_hook_drop(struct net *n
181 EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop);
183 +static void nf_ip_saveroute(const struct sk_buff *skb,
184 + struct nf_queue_entry *entry)
186 + struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);
188 + if (entry->state.hook == NF_INET_LOCAL_OUT) {
189 + const struct iphdr *iph = ip_hdr(skb);
191 + rt_info->tos = iph->tos;
192 + rt_info->daddr = iph->daddr;
193 + rt_info->saddr = iph->saddr;
194 + rt_info->mark = skb->mark;
198 +static void nf_ip6_saveroute(const struct sk_buff *skb,
199 + struct nf_queue_entry *entry)
201 + struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);
203 + if (entry->state.hook == NF_INET_LOCAL_OUT) {
204 + const struct ipv6hdr *iph = ipv6_hdr(skb);
206 + rt_info->daddr = iph->daddr;
207 + rt_info->saddr = iph->saddr;
208 + rt_info->mark = skb->mark;
212 static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state,
213 const struct nf_hook_entries *entries,
214 unsigned int index, unsigned int queuenum)
215 @@ -144,7 +175,16 @@ static int __nf_queue(struct sk_buff *sk
217 nf_queue_entry_get_refs(entry);
219 - afinfo->saveroute(skb, entry);
221 + switch (entry->state.pf) {
223 + nf_ip_saveroute(skb, entry);
226 + nf_ip6_saveroute(skb, entry);
230 status = qh->outfn(entry, queuenum);
projects / oweals / openwrt.git / blob