]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: Introduce infrastructure for address family specific operations
authorPatrick McHardy <kaber@trash.net>
Thu, 6 Apr 2006 21:18:09 +0000 (14:18 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Mon, 10 Apr 2006 05:25:40 +0000 (22:25 -0700)
Change the queue rerouter intrastructure to a generic usable
infrastructure for address family specific operations as a base for
some cleanups.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/linux/netfilter.h
net/ipv4/netfilter.c
net/ipv6/netfilter.c
net/netfilter/core.c
net/netfilter/nf_queue.c

index 5aa9316079234f77b897d34ae7d5e3febb7dfd36..6ee168c4978a3782410767036d8451ef018b2bd8 100644 (file)
@@ -283,16 +283,25 @@ extern void nf_invalidate_cache(int pf);
    Returns true or false. */
 extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
 
-struct nf_queue_rerouter {
-       void (*save)(const struct sk_buff *skb, struct nf_info *info);
-       int (*reroute)(struct sk_buff **skb, const struct nf_info *info);
-       int rer_size;
+struct nf_afinfo {
+       unsigned short  family;
+       void            (*saveroute)(const struct sk_buff *skb,
+                                    struct nf_info *info);
+       int             (*reroute)(struct sk_buff **skb,
+                                  const struct nf_info *info);
+       int             route_key_size;
 };
 
-#define nf_info_reroute(x) ((void *)x + sizeof(struct nf_info))
+extern struct nf_afinfo *nf_afinfo[];
+static inline struct nf_afinfo *nf_get_afinfo(unsigned short family)
+{
+       return rcu_dereference(nf_afinfo[family]);
+}
 
-extern int nf_register_queue_rerouter(int pf, struct nf_queue_rerouter *rer);
-extern int nf_unregister_queue_rerouter(int pf);
+extern int nf_register_afinfo(struct nf_afinfo *afinfo);
+extern void nf_unregister_afinfo(struct nf_afinfo *afinfo);
+
+#define nf_info_reroute(x) ((void *)x + sizeof(struct nf_info))
 
 #include <net/flow.h>
 extern void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *);
index b5ad9ac2fbcc04b2c444df5a32d1ffe4c9646afe..b25339c11ea04cdebb2944c632255fcd67793506 100644 (file)
@@ -133,7 +133,7 @@ struct ip_rt_info {
        u_int8_t tos;
 };
 
-static void queue_save(const struct sk_buff *skb, struct nf_info *info)
+static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info)
 {
        struct ip_rt_info *rt_info = nf_info_reroute(info);
 
@@ -146,7 +146,7 @@ static void queue_save(const struct sk_buff *skb, struct nf_info *info)
        }
 }
 
-static int queue_reroute(struct sk_buff **pskb, const struct nf_info *info)
+static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
 {
        const struct ip_rt_info *rt_info = nf_info_reroute(info);
 
@@ -161,20 +161,21 @@ static int queue_reroute(struct sk_buff **pskb, const struct nf_info *info)
        return 0;
 }
 
-static struct nf_queue_rerouter ip_reroute = {
-       .rer_size       = sizeof(struct ip_rt_info),
-       .save           = queue_save,
-       .reroute        = queue_reroute,
+static struct nf_afinfo nf_ip_afinfo = {
+       .family         = AF_INET,
+       .saveroute      = nf_ip_saveroute,
+       .reroute        = nf_ip_reroute,
+       .route_key_size = sizeof(struct ip_rt_info),
 };
 
 static int ipv4_netfilter_init(void)
 {
-       return nf_register_queue_rerouter(PF_INET, &ip_reroute);
+       return nf_register_afinfo(&nf_ip_afinfo);
 }
 
 static void ipv4_netfilter_fini(void)
 {
-       nf_unregister_queue_rerouter(PF_INET);
+       nf_unregister_afinfo(&nf_ip_afinfo);
 }
 
 module_init(ipv4_netfilter_init);
index d750cfc019dcabc7efa187266e0001e550d30fe5..f514a0113b9f42c036fea572d863eac0f61cadec 100644 (file)
@@ -54,7 +54,7 @@ struct ip6_rt_info {
        struct in6_addr saddr;
 };
 
-static void save(const struct sk_buff *skb, struct nf_info *info)
+static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info)
 {
        struct ip6_rt_info *rt_info = nf_info_reroute(info);
 
@@ -66,7 +66,7 @@ static void save(const struct sk_buff *skb, struct nf_info *info)
        }
 }
 
-static int reroute(struct sk_buff **pskb, const struct nf_info *info)
+static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info)
 {
        struct ip6_rt_info *rt_info = nf_info_reroute(info);
 
@@ -79,15 +79,16 @@ static int reroute(struct sk_buff **pskb, const struct nf_info *info)
        return 0;
 }
 
-static struct nf_queue_rerouter ip6_reroute = {
-       .rer_size       = sizeof(struct ip6_rt_info),
-       .save           = &save,
-       .reroute        = &reroute,
+static struct nf_afinfo nf_ip6_afinfo = {
+       .family         = AF_INET6,
+       .saveroute      = nf_ip6_saveroute,
+       .reroute        = nf_ip6_reroute,
+       .route_key_size = sizeof(struct ip6_rt_info),
 };
 
 int __init ipv6_netfilter_init(void)
 {
-       return nf_register_queue_rerouter(PF_INET6, &ip6_reroute);
+       return nf_register_afinfo(&nf_ip6_afinfo);
 }
 
 /* This can be called from inet6_init() on errors, so it cannot
@@ -95,5 +96,5 @@ int __init ipv6_netfilter_init(void)
  */
 void ipv6_netfilter_fini(void)
 {
-       nf_unregister_queue_rerouter(PF_INET6);
+       nf_unregister_afinfo(&nf_ip6_afinfo);
 }
index 645d6210557104d721ba75f3bfc7131520abc892..8455a32ea5c4df61e7cc8c78125f988e15b65cf3 100644 (file)
 
 #include "nf_internals.h"
 
+static DEFINE_SPINLOCK(afinfo_lock);
+
+struct nf_afinfo *nf_afinfo[NPROTO];
+EXPORT_SYMBOL(nf_afinfo);
+
+int nf_register_afinfo(struct nf_afinfo *afinfo)
+{
+       spin_lock(&afinfo_lock);
+       rcu_assign_pointer(nf_afinfo[afinfo->family], afinfo);
+       spin_unlock(&afinfo_lock);
+       return 0;
+}
+EXPORT_SYMBOL_GPL(nf_register_afinfo);
+
+void nf_unregister_afinfo(struct nf_afinfo *afinfo)
+{
+       spin_lock(&afinfo_lock);
+       rcu_assign_pointer(nf_afinfo[afinfo->family], NULL);
+       spin_unlock(&afinfo_lock);
+       synchronize_rcu();
+}
+EXPORT_SYMBOL_GPL(nf_unregister_afinfo);
+
 /* In this code, we can be waiting indefinitely for userspace to
  * service a packet if a hook returns NF_QUEUE.  We could keep a count
  * of skbuffs queued for userspace, and not deregister a hook unless
index d9f0d7ef103b61f8209eaa9fd9aaa29306438309..ee8f70889f47d752b422b4eb01798c9e99266c7a 100644 (file)
@@ -17,7 +17,6 @@
  * for queueing and must reinject all packets it receives, no matter what.
  */
 static struct nf_queue_handler *queue_handler[NPROTO];
-static struct nf_queue_rerouter *queue_rerouter[NPROTO];
 
 static DEFINE_RWLOCK(queue_handler_lock);
 
@@ -59,32 +58,6 @@ int nf_unregister_queue_handler(int pf)
 }
 EXPORT_SYMBOL(nf_unregister_queue_handler);
 
-int nf_register_queue_rerouter(int pf, struct nf_queue_rerouter *rer)
-{
-       if (pf >= NPROTO)
-               return -EINVAL;
-
-       write_lock_bh(&queue_handler_lock);
-       rcu_assign_pointer(queue_rerouter[pf], rer);
-       write_unlock_bh(&queue_handler_lock);
-
-       return 0;
-}
-EXPORT_SYMBOL_GPL(nf_register_queue_rerouter);
-
-int nf_unregister_queue_rerouter(int pf)
-{
-       if (pf >= NPROTO)
-               return -EINVAL;
-
-       write_lock_bh(&queue_handler_lock);
-       rcu_assign_pointer(queue_rerouter[pf], NULL);
-       write_unlock_bh(&queue_handler_lock);
-       synchronize_rcu();
-       return 0;
-}
-EXPORT_SYMBOL_GPL(nf_unregister_queue_rerouter);
-
 void nf_unregister_queue_handlers(struct nf_queue_handler *qh)
 {
        int pf;
@@ -116,7 +89,7 @@ int nf_queue(struct sk_buff **skb,
        struct net_device *physindev = NULL;
        struct net_device *physoutdev = NULL;
 #endif
-       struct nf_queue_rerouter *rerouter;
+       struct nf_afinfo *afinfo;
 
        /* QUEUE == DROP if noone is waiting, to be safe. */
        read_lock(&queue_handler_lock);
@@ -126,7 +99,14 @@ int nf_queue(struct sk_buff **skb,
                return 1;
        }
 
-       info = kmalloc(sizeof(*info)+queue_rerouter[pf]->rer_size, GFP_ATOMIC);
+       afinfo = nf_get_afinfo(pf);
+       if (!afinfo) {
+               read_unlock(&queue_handler_lock);
+               kfree_skb(*skb);
+               return 1;
+       }
+
+       info = kmalloc(sizeof(*info) + afinfo->route_key_size, GFP_ATOMIC);
        if (!info) {
                if (net_ratelimit())
                        printk(KERN_ERR "OOM queueing packet %p\n",
@@ -158,10 +138,7 @@ int nf_queue(struct sk_buff **skb,
                if (physoutdev) dev_hold(physoutdev);
        }
 #endif
-       rerouter = rcu_dereference(queue_rerouter[pf]);
-       if (rerouter)
-               rerouter->save(*skb, info);
-
+       afinfo->saveroute(*skb, info);
        status = queue_handler[pf]->outfn(*skb, info, queuenum,
                                          queue_handler[pf]->data);
 
@@ -190,7 +167,7 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
 {
        struct list_head *elem = &info->elem->list;
        struct list_head *i;
-       struct nf_queue_rerouter *rerouter;
+       struct nf_afinfo *afinfo;
 
        rcu_read_lock();
 
@@ -228,8 +205,8 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
        }
 
        if (verdict == NF_ACCEPT) {
-               rerouter = rcu_dereference(queue_rerouter[info->pf]);
-               if (rerouter && rerouter->reroute(&skb, info) < 0)
+               afinfo = nf_get_afinfo(info->pf);
+               if (!afinfo || afinfo->reroute(&skb, info) < 0)
                        verdict = NF_DROP;
        }