mirror of
https://github.com/torvalds/linux.git
synced 2025-01-01 15:51:46 +00:00
skbuff: add and use skb_nfct helper
Followup patch renames skb->nfct and changes its type so add a helper to avoid intrusive rename change later. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
97a6ad13de
commit
cb9c68363e
@ -3553,6 +3553,15 @@ static inline void skb_remcsum_process(struct sk_buff *skb, void *ptr,
|
||||
skb->csum = csum_add(skb->csum, delta);
|
||||
}
|
||||
|
||||
static inline struct nf_conntrack *skb_nfct(const struct sk_buff *skb)
|
||||
{
|
||||
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
|
||||
return skb->nfct;
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
|
||||
void nf_conntrack_destroy(struct nf_conntrack *nfct);
|
||||
static inline void nf_conntrack_put(struct nf_conntrack *nfct)
|
||||
@ -3652,9 +3661,7 @@ static inline bool skb_irq_freeable(const struct sk_buff *skb)
|
||||
#if IS_ENABLED(CONFIG_XFRM)
|
||||
!skb->sp &&
|
||||
#endif
|
||||
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
|
||||
!skb->nfct &&
|
||||
#endif
|
||||
!skb_nfct(skb) &&
|
||||
!skb->_skb_refdst &&
|
||||
!skb_has_frag_list(skb);
|
||||
}
|
||||
|
@ -62,7 +62,7 @@ int __nf_conntrack_confirm(struct sk_buff *skb);
|
||||
/* Confirm a connection: returns NF_DROP if packet must be dropped. */
|
||||
static inline int nf_conntrack_confirm(struct sk_buff *skb)
|
||||
{
|
||||
struct nf_conn *ct = (struct nf_conn *)skb->nfct;
|
||||
struct nf_conn *ct = (struct nf_conn *)skb_nfct(skb);
|
||||
int ret = NF_ACCEPT;
|
||||
|
||||
if (ct && !nf_ct_is_untracked(ct)) {
|
||||
|
@ -655,7 +655,7 @@ static void skb_release_head_state(struct sk_buff *skb)
|
||||
skb->destructor(skb);
|
||||
}
|
||||
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
|
||||
nf_conntrack_put(skb->nfct);
|
||||
nf_conntrack_put(skb_nfct(skb));
|
||||
#endif
|
||||
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
|
||||
nf_bridge_put(skb->nf_bridge);
|
||||
|
@ -107,8 +107,8 @@ synproxy_send_client_synack(struct net *net,
|
||||
|
||||
synproxy_build_options(nth, opts);
|
||||
|
||||
synproxy_send_tcp(net, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY,
|
||||
niph, nth, tcp_hdr_size);
|
||||
synproxy_send_tcp(net, skb, nskb, skb_nfct(skb),
|
||||
IP_CT_ESTABLISHED_REPLY, niph, nth, tcp_hdr_size);
|
||||
}
|
||||
|
||||
static void
|
||||
@ -230,8 +230,8 @@ synproxy_send_client_ack(struct net *net,
|
||||
|
||||
synproxy_build_options(nth, opts);
|
||||
|
||||
synproxy_send_tcp(net, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY,
|
||||
niph, nth, tcp_hdr_size);
|
||||
synproxy_send_tcp(net, skb, nskb, skb_nfct(skb),
|
||||
IP_CT_ESTABLISHED_REPLY, niph, nth, tcp_hdr_size);
|
||||
}
|
||||
|
||||
static bool
|
||||
|
@ -137,7 +137,7 @@ icmp_error_message(struct net *net, struct nf_conn *tmpl, struct sk_buff *skb,
|
||||
enum ip_conntrack_info ctinfo;
|
||||
struct nf_conntrack_zone tmp;
|
||||
|
||||
NF_CT_ASSERT(skb->nfct == NULL);
|
||||
NF_CT_ASSERT(!skb_nfct(skb));
|
||||
zone = nf_ct_zone_tmpl(tmpl, skb, &tmp);
|
||||
|
||||
/* Are they talking about one of our connections? */
|
||||
|
@ -45,7 +45,7 @@ static enum ip_defrag_users nf_ct_defrag_user(unsigned int hooknum,
|
||||
{
|
||||
u16 zone_id = NF_CT_DEFAULT_ZONE_ID;
|
||||
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
|
||||
if (skb->nfct) {
|
||||
if (skb_nfct(skb)) {
|
||||
enum ip_conntrack_info ctinfo;
|
||||
const struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
||||
|
||||
@ -75,7 +75,7 @@ static unsigned int ipv4_conntrack_defrag(void *priv,
|
||||
#if !IS_ENABLED(CONFIG_NF_NAT)
|
||||
/* Previously seen (loopback)? Ignore. Do this before
|
||||
fragment check. */
|
||||
if (skb->nfct && !nf_ct_is_template((struct nf_conn *)skb->nfct))
|
||||
if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb)))
|
||||
return NF_ACCEPT;
|
||||
#endif
|
||||
#endif
|
||||
|
@ -71,7 +71,7 @@ void nf_dup_ipv4(struct net *net, struct sk_buff *skb, unsigned int hooknum,
|
||||
nf_reset(skb);
|
||||
skb->nfct = &nf_ct_untracked_get()->ct_general;
|
||||
skb->nfctinfo = IP_CT_NEW;
|
||||
nf_conntrack_get(skb->nfct);
|
||||
nf_conntrack_get(skb_nfct(skb));
|
||||
#endif
|
||||
/*
|
||||
* If we are in PREROUTING/INPUT, decrease the TTL to mitigate potential
|
||||
|
@ -121,8 +121,8 @@ synproxy_send_client_synack(struct net *net,
|
||||
|
||||
synproxy_build_options(nth, opts);
|
||||
|
||||
synproxy_send_tcp(net, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY,
|
||||
niph, nth, tcp_hdr_size);
|
||||
synproxy_send_tcp(net, skb, nskb, skb_nfct(skb),
|
||||
IP_CT_ESTABLISHED_REPLY, niph, nth, tcp_hdr_size);
|
||||
}
|
||||
|
||||
static void
|
||||
@ -244,8 +244,8 @@ synproxy_send_client_ack(struct net *net,
|
||||
|
||||
synproxy_build_options(nth, opts);
|
||||
|
||||
synproxy_send_tcp(net, skb, nskb, skb->nfct, IP_CT_ESTABLISHED_REPLY,
|
||||
niph, nth, tcp_hdr_size);
|
||||
synproxy_send_tcp(net, skb, nskb, skb_nfct(skb),
|
||||
IP_CT_ESTABLISHED_REPLY, niph, nth, tcp_hdr_size);
|
||||
}
|
||||
|
||||
static bool
|
||||
|
@ -153,7 +153,7 @@ icmpv6_error_message(struct net *net, struct nf_conn *tmpl,
|
||||
enum ip_conntrack_info ctinfo;
|
||||
struct nf_conntrack_zone tmp;
|
||||
|
||||
NF_CT_ASSERT(skb->nfct == NULL);
|
||||
NF_CT_ASSERT(!skb_nfct(skb));
|
||||
|
||||
/* Are they talking about one of our connections? */
|
||||
if (!nf_ct_get_tuplepr(skb,
|
||||
@ -224,7 +224,7 @@ icmpv6_error(struct net *net, struct nf_conn *tmpl,
|
||||
noct_valid_new[type]) {
|
||||
skb->nfct = &nf_ct_untracked_get()->ct_general;
|
||||
skb->nfctinfo = IP_CT_NEW;
|
||||
nf_conntrack_get(skb->nfct);
|
||||
nf_conntrack_get(skb_nfct(skb));
|
||||
return NF_ACCEPT;
|
||||
}
|
||||
|
||||
|
@ -37,7 +37,7 @@ static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
|
||||
{
|
||||
u16 zone_id = NF_CT_DEFAULT_ZONE_ID;
|
||||
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
|
||||
if (skb->nfct) {
|
||||
if (skb_nfct(skb)) {
|
||||
enum ip_conntrack_info ctinfo;
|
||||
const struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
|
||||
|
||||
@ -61,7 +61,7 @@ static unsigned int ipv6_defrag(void *priv,
|
||||
|
||||
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
|
||||
/* Previously seen (loopback)? */
|
||||
if (skb->nfct && !nf_ct_is_template((struct nf_conn *)skb->nfct))
|
||||
if (skb_nfct(skb) && !nf_ct_is_template((struct nf_conn *)skb_nfct(skb)))
|
||||
return NF_ACCEPT;
|
||||
#endif
|
||||
|
||||
|
@ -1357,7 +1357,7 @@ repeat:
|
||||
goto out;
|
||||
}
|
||||
|
||||
NF_CT_ASSERT(skb->nfct);
|
||||
NF_CT_ASSERT(skb_nfct(skb));
|
||||
|
||||
/* Decide what timeout policy we want to apply to this flow. */
|
||||
timeouts = nf_ct_timeout_lookup(net, ct, l4proto);
|
||||
@ -1528,7 +1528,7 @@ static void nf_conntrack_attach(struct sk_buff *nskb, const struct sk_buff *skb)
|
||||
/* Attach to new skbuff, and increment count */
|
||||
nskb->nfct = &ct->ct_general;
|
||||
nskb->nfctinfo = ctinfo;
|
||||
nf_conntrack_get(nskb->nfct);
|
||||
nf_conntrack_get(skb_nfct(nskb));
|
||||
}
|
||||
|
||||
/* Bring out ya dead! */
|
||||
|
@ -60,7 +60,7 @@ static void mangle_contents(struct sk_buff *skb,
|
||||
__skb_trim(skb, skb->len + rep_len - match_len);
|
||||
}
|
||||
|
||||
if (nf_ct_l3num((struct nf_conn *)skb->nfct) == NFPROTO_IPV4) {
|
||||
if (nf_ct_l3num((struct nf_conn *)skb_nfct(skb)) == NFPROTO_IPV4) {
|
||||
/* fix IP hdr checksum information */
|
||||
ip_hdr(skb)->tot_len = htons(skb->len);
|
||||
ip_send_check(ip_hdr(skb));
|
||||
|
@ -415,7 +415,7 @@ notrack_tg(struct sk_buff *skb, const struct xt_action_param *par)
|
||||
|
||||
skb->nfct = &nf_ct_untracked_get()->ct_general;
|
||||
skb->nfctinfo = IP_CT_NEW;
|
||||
nf_conntrack_get(skb->nfct);
|
||||
nf_conntrack_get(skb_nfct(skb));
|
||||
|
||||
return XT_CONTINUE;
|
||||
}
|
||||
|
@ -721,8 +721,8 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key,
|
||||
|
||||
/* Associate skb with specified zone. */
|
||||
if (tmpl) {
|
||||
if (skb->nfct)
|
||||
nf_conntrack_put(skb->nfct);
|
||||
if (skb_nfct(skb))
|
||||
nf_conntrack_put(skb_nfct(skb));
|
||||
nf_conntrack_get(&tmpl->ct_general);
|
||||
skb->nfct = &tmpl->ct_general;
|
||||
skb->nfctinfo = IP_CT_NEW;
|
||||
@ -819,7 +819,7 @@ static int ovs_ct_lookup(struct net *net, struct sw_flow_key *key,
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
ct = (struct nf_conn *)skb->nfct;
|
||||
ct = (struct nf_conn *)skb_nfct(skb);
|
||||
if (ct)
|
||||
nf_ct_deliver_cached_events(ct);
|
||||
}
|
||||
|
@ -129,7 +129,7 @@ static u32 flow_get_mark(const struct sk_buff *skb)
|
||||
static u32 flow_get_nfct(const struct sk_buff *skb)
|
||||
{
|
||||
#if IS_ENABLED(CONFIG_NF_CONNTRACK)
|
||||
return addr_fold(skb->nfct);
|
||||
return addr_fold(skb_nfct(skb));
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user