mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-12 21:57:43 +00:00
0c4b51f005
This is immediately motivated by the bridge code that chains functions that call into netfilter. Without passing net into the okfns the bridge code would need to guess about the best expression for the network namespace to process packets in. As net is frequently one of the first things computed in continuation functions after netfilter has done it's job passing in the desired network namespace is in many cases a code simplification. To support this change the function dst_output_okfn is introduced to simplify passing dst_output as an okfn. For the moment dst_output_okfn just silently drops the struct net. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
76 lines
1.8 KiB
C
76 lines
1.8 KiB
C
#ifndef __LINUX_BRIDGE_NETFILTER_H
|
|
#define __LINUX_BRIDGE_NETFILTER_H
|
|
|
|
#include <uapi/linux/netfilter_bridge.h>
|
|
#include <linux/skbuff.h>
|
|
|
|
enum nf_br_hook_priorities {
|
|
NF_BR_PRI_FIRST = INT_MIN,
|
|
NF_BR_PRI_NAT_DST_BRIDGED = -300,
|
|
NF_BR_PRI_FILTER_BRIDGED = -200,
|
|
NF_BR_PRI_BRNF = 0,
|
|
NF_BR_PRI_NAT_DST_OTHER = 100,
|
|
NF_BR_PRI_FILTER_OTHER = 200,
|
|
NF_BR_PRI_NAT_SRC = 300,
|
|
NF_BR_PRI_LAST = INT_MAX,
|
|
};
|
|
|
|
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
|
|
|
|
int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb);
|
|
|
|
static inline void br_drop_fake_rtable(struct sk_buff *skb)
|
|
{
|
|
struct dst_entry *dst = skb_dst(skb);
|
|
|
|
if (dst && (dst->flags & DST_FAKE_RTABLE))
|
|
skb_dst_drop(skb);
|
|
}
|
|
|
|
static inline int nf_bridge_get_physinif(const struct sk_buff *skb)
|
|
{
|
|
struct nf_bridge_info *nf_bridge;
|
|
|
|
if (skb->nf_bridge == NULL)
|
|
return 0;
|
|
|
|
nf_bridge = skb->nf_bridge;
|
|
return nf_bridge->physindev ? nf_bridge->physindev->ifindex : 0;
|
|
}
|
|
|
|
static inline int nf_bridge_get_physoutif(const struct sk_buff *skb)
|
|
{
|
|
struct nf_bridge_info *nf_bridge;
|
|
|
|
if (skb->nf_bridge == NULL)
|
|
return 0;
|
|
|
|
nf_bridge = skb->nf_bridge;
|
|
return nf_bridge->physoutdev ? nf_bridge->physoutdev->ifindex : 0;
|
|
}
|
|
|
|
static inline struct net_device *
|
|
nf_bridge_get_physindev(const struct sk_buff *skb)
|
|
{
|
|
return skb->nf_bridge ? skb->nf_bridge->physindev : NULL;
|
|
}
|
|
|
|
static inline struct net_device *
|
|
nf_bridge_get_physoutdev(const struct sk_buff *skb)
|
|
{
|
|
return skb->nf_bridge ? skb->nf_bridge->physoutdev : NULL;
|
|
}
|
|
|
|
static inline bool nf_bridge_in_prerouting(const struct sk_buff *skb)
|
|
{
|
|
return skb->nf_bridge && skb->nf_bridge->in_prerouting;
|
|
}
|
|
#else
|
|
#define br_drop_fake_rtable(skb) do { } while (0)
|
|
static inline bool nf_bridge_in_prerouting(const struct sk_buff *skb)
|
|
{
|
|
return false;
|
|
}
|
|
#endif /* CONFIG_BRIDGE_NETFILTER */
|
|
|
|
#endif
|