netfilter: nf_tables: add and use nft_thoff helper (2d7b4ace) · Commits · EulixOS / Software / Kernel

include/net/netfilter/nf_tables.h

+5 −0

Original line number	Diff line number	Diff line
		@@ -34,6 +34,11 @@ static inline struct sock nft_sk(const struct nft_pktinfo pkt)
		return pkt->xt.state->sk;
		}

		static inline unsigned int nft_thoff(const struct nft_pktinfo *pkt)
		{
		return pkt->xt.thoff;
		}

		static inline struct net nft_net(const struct nft_pktinfo pkt)
		{
		return pkt->xt.state->net;

+1 −1

Original line number	Diff line number	Diff line
		@@ -81,7 +81,7 @@ static bool nft_payload_fast_eval(const struct nft_expr *expr,
		else {
		if (!pkt->tprot_set)
		return false;
		ptr = skb_network_header(skb) + pkt->xt.thoff;
		ptr = skb_network_header(skb) + nft_thoff(pkt);
		}

		ptr += priv->offset;

+3 −3

Original line number	Diff line number	Diff line
		@@ -113,17 +113,17 @@ static int nf_trace_fill_pkt_info(struct sk_buff *nlskb,
		int off = skb_network_offset(skb);
		unsigned int len, nh_end;

		nh_end = pkt->tprot_set ? pkt->xt.thoff : skb->len;
		nh_end = pkt->tprot_set ? nft_thoff(pkt) : skb->len;
		len = min_t(unsigned int, nh_end - skb_network_offset(skb),
		NFT_TRACETYPE_NETWORK_HSIZE);
		if (trace_fill_header(nlskb, NFTA_TRACE_NETWORK_HEADER, skb, off, len))
		return -1;

		if (pkt->tprot_set) {
		len = min_t(unsigned int, skb->len - pkt->xt.thoff,
		len = min_t(unsigned int, skb->len - nft_thoff(pkt),
		NFT_TRACETYPE_TRANSPORT_HSIZE);
		if (trace_fill_header(nlskb, NFTA_TRACE_TRANSPORT_HEADER, skb,
		pkt->xt.thoff, len))
		nft_thoff(pkt), len))
		return -1;
		}

+4 −4

Original line number	Diff line number	Diff line
		@@ -167,7 +167,7 @@ nft_tcp_header_pointer(const struct nft_pktinfo *pkt,
		if (!pkt->tprot_set \|\| pkt->tprot != IPPROTO_TCP)
		return NULL;

		tcph = skb_header_pointer(pkt->skb, pkt->xt.thoff, sizeof(*tcph), buffer);
		tcph = skb_header_pointer(pkt->skb, nft_thoff(pkt), sizeof(*tcph), buffer);
		if (!tcph)
		return NULL;

		@@ -175,7 +175,7 @@ nft_tcp_header_pointer(const struct nft_pktinfo *pkt,
		if (tcphdr_len < sizeof(tcph) \|\| *tcphdr_len > len)
		return NULL;

		return skb_header_pointer(pkt->skb, pkt->xt.thoff, *tcphdr_len, buffer);
		return skb_header_pointer(pkt->skb, nft_thoff(pkt), *tcphdr_len, buffer);
		}

		static void nft_exthdr_tcp_eval(const struct nft_expr *expr,
		@@ -251,7 +251,7 @@ static void nft_exthdr_tcp_set_eval(const struct nft_expr *expr,
		return;

		if (skb_ensure_writable(pkt->skb,
		pkt->xt.thoff + i + priv->len))
		nft_thoff(pkt) + i + priv->len))
		return;

		tcph = nft_tcp_header_pointer(pkt, sizeof(buff), buff,
		@@ -306,7 +306,7 @@ static void nft_exthdr_sctp_eval(const struct nft_expr *expr,
		struct nft_regs *regs,
		const struct nft_pktinfo *pkt)
		{
		unsigned int offset = pkt->xt.thoff + sizeof(struct sctphdr);
		unsigned int offset = nft_thoff(pkt) + sizeof(struct sctphdr);
		struct nft_exthdr *priv = nft_expr_priv(expr);
		u32 *dest = &regs->data[priv->dreg];
		const struct sctp_chunkhdr *sch;

+1 −1

Original line number	Diff line number	Diff line
		@@ -291,7 +291,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,

		switch (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum) {
		case IPPROTO_TCP:
		tcph = skb_header_pointer(pkt->skb, pkt->xt.thoff,
		tcph = skb_header_pointer(pkt->skb, nft_thoff(pkt),
		sizeof(_tcph), &_tcph);
		if (unlikely(!tcph \|\| tcph->fin \|\| tcph->rst))
		goto out;