net: ipv4: listified version of ip_rcv
Also involved adding a way to run a netfilter hook over a list of packets. Rather than attempting to make netfilter know about lists (which would be a major project in itself) we just let it call the regular okfn (in this case ip_rcv_finish()) for any packets it steals, and have it give us back a list of packets it's synchronously accepted (which normally NF_HOOK would automatically call okfn() on, but we want to be able to potentially pass the list to a listified version of okfn().) The netfilter hooks themselves are indirect calls that still happen per- packet (see nf_hook_entry_hookfn()), but again, changing that can be left for future work. There is potential for out-of-order receives if the netfilter hook ends up synchronously stealing packets, as they will be processed before any accepts earlier in the list. However, it was already possible for an asynchronous accept to cause out-of-order receives, so presumably this is considered OK. Signed-off-by: Edward Cree <ecree@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Edward Cree
committed by
David S. Miller
David S. Miller
parent
88eb1944e1
commit
17266ee939
@@ -288,6 +288,20 @@ NF_HOOK(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, struct
|
||||
return ret;
|
||||
}
|
||||
|
||||
static inline void
|
||||
NF_HOOK_LIST(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
|
||||
struct list_head *head, struct net_device *in, struct net_device *out,
|
||||
int (*okfn)(struct net *, struct sock *, struct sk_buff *))
|
||||
{
|
||||
struct sk_buff *skb, *next;
|
||||
|
||||
list_for_each_entry_safe(skb, next, head, list) {
|
||||
int ret = nf_hook(pf, hook, net, sk, skb, in, out, okfn);
|
||||
if (ret != 1)
|
||||
list_del(&skb->list);
|
||||
}
|
||||
}
|
||||
|
||||
/* Call setsockopt() */
|
||||
int nf_setsockopt(struct sock *sk, u_int8_t pf, int optval, char __user *opt,
|
||||
unsigned int len);
|
||||
@@ -369,6 +383,14 @@ NF_HOOK(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
|
||||
return okfn(net, sk, skb);
|
||||
}
|
||||
|
||||
static inline void
|
||||
NF_HOOK_LIST(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk,
|
||||
struct list_head *head, struct net_device *in, struct net_device *out,
|
||||
int (*okfn)(struct net *, struct sock *, struct sk_buff *))
|
||||
{
|
||||
/* nothing to do */
|
||||
}
|
||||
|
||||
static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net,
|
||||
struct sock *sk, struct sk_buff *skb,
|
||||
struct net_device *indev, struct net_device *outdev,
|
||||
|
||||
Reference in New Issue
Block a user