7d450f95f0c86c5c10f2c409053f005951f4507c
[openwrt/staging/ansuel.git] /
1 From 62a0fe46e2aaba1812d3cbcae014a41539f9eb09 Mon Sep 17 00:00:00 2001
2 From: Pablo Neira Ayuso <pablo@netfilter.org>
3 Date: Sat, 9 Dec 2017 15:23:51 +0100
4 Subject: [PATCH 09/11] netfilter: core: pass hook number, family and device to
5 nf_find_hook_list()
6
7 Instead of passing struct nf_hook_ops, this is needed by follow up
8 patches to handle NFPROTO_INET from the core.
9
10 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
11 ---
12 net/netfilter/core.c | 36 +++++++++++++++++++-----------------
13 1 file changed, 19 insertions(+), 17 deletions(-)
14
15 --- a/net/netfilter/core.c
16 +++ b/net/netfilter/core.c
17 @@ -262,36 +262,38 @@ out_assign:
18 return old;
19 }
20
21 -static struct nf_hook_entries __rcu **nf_hook_entry_head(struct net *net, const struct nf_hook_ops *reg)
22 +static struct nf_hook_entries __rcu **
23 +nf_hook_entry_head(struct net *net, int pf, unsigned int hooknum,
24 + struct net_device *dev)
25 {
26 - switch (reg->pf) {
27 + switch (pf) {
28 case NFPROTO_NETDEV:
29 break;
30 #ifdef CONFIG_NETFILTER_FAMILY_ARP
31 case NFPROTO_ARP:
32 - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_arp) <= reg->hooknum))
33 + if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_arp) <= hooknum))
34 return NULL;
35 - return net->nf.hooks_arp + reg->hooknum;
36 + return net->nf.hooks_arp + hooknum;
37 #endif
38 #ifdef CONFIG_NETFILTER_FAMILY_BRIDGE
39 case NFPROTO_BRIDGE:
40 - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_bridge) <= reg->hooknum))
41 + if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_bridge) <= hooknum))
42 return NULL;
43 - return net->nf.hooks_bridge + reg->hooknum;
44 + return net->nf.hooks_bridge + hooknum;
45 #endif
46 case NFPROTO_IPV4:
47 - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= reg->hooknum))
48 + if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv4) <= hooknum))
49 return NULL;
50 - return net->nf.hooks_ipv4 + reg->hooknum;
51 + return net->nf.hooks_ipv4 + hooknum;
52 case NFPROTO_IPV6:
53 - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= reg->hooknum))
54 + if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= hooknum))
55 return NULL;
56 - return net->nf.hooks_ipv6 + reg->hooknum;
57 + return net->nf.hooks_ipv6 + hooknum;
58 #if IS_ENABLED(CONFIG_DECNET)
59 case NFPROTO_DECNET:
60 - if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= reg->hooknum))
61 + if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= hooknum))
62 return NULL;
63 - return net->nf.hooks_decnet + reg->hooknum;
64 + return net->nf.hooks_decnet + hooknum;
65 #endif
66 default:
67 WARN_ON_ONCE(1);
68 @@ -299,9 +301,9 @@ static struct nf_hook_entries __rcu **nf
69 }
70
71 #ifdef CONFIG_NETFILTER_INGRESS
72 - if (reg->hooknum == NF_NETDEV_INGRESS) {
73 - if (reg->dev && dev_net(reg->dev) == net)
74 - return &reg->dev->nf_hooks_ingress;
75 + if (hooknum == NF_NETDEV_INGRESS) {
76 + if (dev && dev_net(dev) == net)
77 + return &dev->nf_hooks_ingress;
78 }
79 #endif
80 WARN_ON_ONCE(1);
81 @@ -323,7 +325,7 @@ int nf_register_net_hook(struct net *net
82 return -EINVAL;
83 }
84
85 - pp = nf_hook_entry_head(net, reg);
86 + pp = nf_hook_entry_head(net, reg->pf, reg->hooknum, reg->dev);
87 if (!pp)
88 return -EINVAL;
89
90 @@ -397,7 +399,7 @@ void nf_unregister_net_hook(struct net *
91 struct nf_hook_entries __rcu **pp;
92 struct nf_hook_entries *p;
93
94 - pp = nf_hook_entry_head(net, reg);
95 + pp = nf_hook_entry_head(net, reg->pf, reg->hooknum, reg->dev);
96 if (!pp)
97 return;
98