Commit 0aa8c57a authored by Aaron Conole's avatar Aaron Conole Committed by Pablo Neira Ayuso
Browse files

netfilter: introduce accessor functions for hook entries 



This allows easier future refactoring.

Signed-off-by: default avatarAaron Conole <aconole@bytheb.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 834184b1

include/linux/netfilter.h

+27 −0
Original line number Diff line number Diff line
@@ -79,6 +79,33 @@ struct nf_hook_entry { 
	const struct nf_hook_ops	*orig_ops;

};



static inline void

nf_hook_entry_init(struct nf_hook_entry *entry,	const struct nf_hook_ops *ops)

{

	entry->next = NULL;

	entry->ops = *ops;

	entry->orig_ops = ops;

}



static inline int

nf_hook_entry_priority(const struct nf_hook_entry *entry)

{

	return entry->ops.priority;

}



static inline int

nf_hook_entry_hookfn(const struct nf_hook_entry *entry, struct sk_buff *skb,

		     struct nf_hook_state *state)

{

	return entry->ops.hook(entry->ops.priv, skb, state);

}



static inline const struct nf_hook_ops *

nf_hook_entry_ops(const struct nf_hook_entry *entry)

{

	return entry->orig_ops;

}



static inline void nf_hook_state_init(struct nf_hook_state *p,

				      unsigned int hook,

				      u_int8_t pf,

net/bridge/br_netfilter_hooks.c

+1 −1
Original line number Diff line number Diff line
@@ -1010,7 +1010,7 @@ int br_nf_hook_thresh(unsigned int hook, struct net *net, 


	elem = rcu_dereference(net->nf.hooks[NFPROTO_BRIDGE][hook]);



	while (elem && (elem->ops.priority <= NF_BR_PRI_BRNF))

	while (elem && (nf_hook_entry_priority(elem) <= NF_BR_PRI_BRNF))

		elem = rcu_dereference(elem->next);



	if (!elem)

net/netfilter/core.c

+4 −6
Original line number Diff line number Diff line
@@ -102,15 +102,13 @@ int nf_register_net_hook(struct net *net, const struct nf_hook_ops *reg) 
	if (!entry)

		return -ENOMEM;



	entry->orig_ops	= reg;

	entry->ops	= *reg;

	entry->next	= NULL;

	nf_hook_entry_init(entry, reg);



	mutex_lock(&nf_hook_mutex);



	/* Find the spot in the list */

	while ((p = nf_entry_dereference(*pp)) != NULL) {

		if (reg->priority < p->orig_ops->priority)

		if (reg->priority < nf_hook_entry_priority(p))

			break;

		pp = &p->next;

	}
@@ -140,7 +138,7 @@ void nf_unregister_net_hook(struct net *net, const struct nf_hook_ops *reg) 


	mutex_lock(&nf_hook_mutex);

	while ((p = nf_entry_dereference(*pp)) != NULL) {

		if (p->orig_ops == reg) {

		if (nf_hook_entry_ops(p) == reg) {

			rcu_assign_pointer(*pp, p->next);

			break;

		}
@@ -311,7 +309,7 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state, 
	int ret;



	do {

		verdict = entry->ops.hook(entry->ops.priv, skb, state);

		verdict = nf_hook_entry_hookfn(entry, skb, state);

		switch (verdict & NF_VERDICT_MASK) {

		case NF_ACCEPT:

			entry = rcu_dereference(entry->next);

net/netfilter/nf_queue.c

+2 −3
Original line number Diff line number Diff line
@@ -185,7 +185,7 @@ static unsigned int nf_iterate(struct sk_buff *skb, 


	do {

repeat:

		verdict = (*entryp)->ops.hook((*entryp)->ops.priv, skb, state);

		verdict = nf_hook_entry_hookfn((*entryp), skb, state);

		if (verdict != NF_ACCEPT) {

			if (verdict != NF_REPEAT)

				return verdict;
@@ -200,7 +200,6 @@ static unsigned int nf_iterate(struct sk_buff *skb, 
void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)

{

	struct nf_hook_entry *hook_entry = entry->hook;

	struct nf_hook_ops *elem = &hook_entry->ops;

	struct sk_buff *skb = entry->skb;

	const struct nf_afinfo *afinfo;

	int err;
@@ -209,7 +208,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) 


	/* Continue traversal iff userspace said ok... */

	if (verdict == NF_REPEAT)

		verdict = elem->hook(elem->priv, skb, &entry->state);

		verdict = nf_hook_entry_hookfn(hook_entry, skb, &entry->state);



	if (verdict == NF_ACCEPT) {

		afinfo = nf_get_afinfo(entry->state.pf);