Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
cloud-kernel
提交
073bfd56
cloud-kernel
项目概览
openanolis
/
cloud-kernel
大约 1 年 前同步成功
通知
156
Star
36
Fork
7
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
10
列表
看板
标记
里程碑
合并请求
2
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
cloud-kernel
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
10
Issue
10
列表
看板
标记
里程碑
合并请求
2
合并请求
2
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
073bfd56
编写于
4月 03, 2015
作者:
D
David S. Miller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
netfilter: Pass nf_hook_state through nft_set_pktinfo*().
Signed-off-by:
N
David S. Miller
<
davem@davemloft.net
>
上级
8f8a3715
变更
11
显示空白变更内容
内联
并排
Showing
11 changed file
with
25 addition
and
30 deletion
+25
-30
include/net/netfilter/nf_tables.h
include/net/netfilter/nf_tables.h
+3
-4
include/net/netfilter/nf_tables_ipv4.h
include/net/netfilter/nf_tables_ipv4.h
+2
-3
include/net/netfilter/nf_tables_ipv6.h
include/net/netfilter/nf_tables_ipv6.h
+2
-3
net/bridge/netfilter/nf_tables_bridge.c
net/bridge/netfilter/nf_tables_bridge.c
+11
-13
net/ipv4/netfilter/nf_tables_arp.c
net/ipv4/netfilter/nf_tables_arp.c
+1
-1
net/ipv4/netfilter/nf_tables_ipv4.c
net/ipv4/netfilter/nf_tables_ipv4.c
+1
-1
net/ipv4/netfilter/nft_chain_nat_ipv4.c
net/ipv4/netfilter/nft_chain_nat_ipv4.c
+1
-1
net/ipv4/netfilter/nft_chain_route_ipv4.c
net/ipv4/netfilter/nft_chain_route_ipv4.c
+1
-1
net/ipv6/netfilter/nf_tables_ipv6.c
net/ipv6/netfilter/nf_tables_ipv6.c
+1
-1
net/ipv6/netfilter/nft_chain_nat_ipv6.c
net/ipv6/netfilter/nft_chain_nat_ipv6.c
+1
-1
net/ipv6/netfilter/nft_chain_route_ipv6.c
net/ipv6/netfilter/nft_chain_route_ipv6.c
+1
-1
未找到文件。
include/net/netfilter/nf_tables.h
浏览文件 @
073bfd56
...
...
@@ -26,12 +26,11 @@ struct nft_pktinfo {
static
inline
void
nft_set_pktinfo
(
struct
nft_pktinfo
*
pkt
,
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
)
const
struct
nf_hook_state
*
state
)
{
pkt
->
skb
=
skb
;
pkt
->
in
=
pkt
->
xt
.
in
=
in
;
pkt
->
out
=
pkt
->
xt
.
out
=
out
;
pkt
->
in
=
pkt
->
xt
.
in
=
state
->
in
;
pkt
->
out
=
pkt
->
xt
.
out
=
state
->
out
;
pkt
->
ops
=
ops
;
pkt
->
xt
.
hooknum
=
ops
->
hooknum
;
pkt
->
xt
.
family
=
ops
->
pf
;
...
...
include/net/netfilter/nf_tables_ipv4.h
浏览文件 @
073bfd56
...
...
@@ -8,12 +8,11 @@ static inline void
nft_set_pktinfo_ipv4
(
struct
nft_pktinfo
*
pkt
,
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
)
const
struct
nf_hook_state
*
state
)
{
struct
iphdr
*
ip
;
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
state
);
ip
=
ip_hdr
(
pkt
->
skb
);
pkt
->
tprot
=
ip
->
protocol
;
...
...
include/net/netfilter/nf_tables_ipv6.h
浏览文件 @
073bfd56
...
...
@@ -8,13 +8,12 @@ static inline int
nft_set_pktinfo_ipv6
(
struct
nft_pktinfo
*
pkt
,
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
)
const
struct
nf_hook_state
*
state
)
{
int
protohdr
,
thoff
=
0
;
unsigned
short
frag_off
;
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
state
);
protohdr
=
ipv6_find_hdr
(
pkt
->
skb
,
&
thoff
,
-
1
,
&
frag_off
,
NULL
);
/* If malformed, drop it */
...
...
net/bridge/netfilter/nf_tables_bridge.c
浏览文件 @
073bfd56
...
...
@@ -67,27 +67,25 @@ EXPORT_SYMBOL_GPL(nft_bridge_ip6hdr_validate);
static
inline
void
nft_bridge_set_pktinfo_ipv4
(
struct
nft_pktinfo
*
pkt
,
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
)
const
struct
nf_hook_state
*
state
)
{
if
(
nft_bridge_iphdr_validate
(
skb
))
nft_set_pktinfo_ipv4
(
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo_ipv4
(
pkt
,
ops
,
skb
,
state
);
else
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
state
);
}
static
inline
void
nft_bridge_set_pktinfo_ipv6
(
struct
nft_pktinfo
*
pkt
,
const
struct
nf_hook_ops
*
ops
,
struct
sk_buff
*
skb
,
const
struct
net_device
*
in
,
const
struct
net_device
*
out
)
const
struct
nf_hook_state
*
state
)
{
#if IS_ENABLED(CONFIG_IPV6)
if
(
nft_bridge_ip6hdr_validate
(
skb
)
&&
nft_set_pktinfo_ipv6
(
pkt
,
ops
,
skb
,
in
,
out
)
==
0
)
nft_set_pktinfo_ipv6
(
pkt
,
ops
,
skb
,
state
)
==
0
)
return
;
#endif
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
in
,
out
);
nft_set_pktinfo
(
pkt
,
ops
,
skb
,
state
);
}
static
unsigned
int
...
...
@@ -99,13 +97,13 @@ nft_do_chain_bridge(const struct nf_hook_ops *ops,
switch
(
eth_hdr
(
skb
)
->
h_proto
)
{
case
htons
(
ETH_P_IP
):
nft_bridge_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_bridge_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
);
break
;
case
htons
(
ETH_P_IPV6
):
nft_bridge_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_bridge_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
);
break
;
default:
nft_set_pktinfo
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo
(
&
pkt
,
ops
,
skb
,
state
);
break
;
}
...
...
net/ipv4/netfilter/nf_tables_arp.c
浏览文件 @
073bfd56
...
...
@@ -21,7 +21,7 @@ nft_do_chain_arp(const struct nf_hook_ops *ops,
{
struct
nft_pktinfo
pkt
;
nft_set_pktinfo
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo
(
&
pkt
,
ops
,
skb
,
state
);
return
nft_do_chain
(
&
pkt
,
ops
);
}
...
...
net/ipv4/netfilter/nf_tables_ipv4.c
浏览文件 @
073bfd56
...
...
@@ -24,7 +24,7 @@ static unsigned int nft_do_chain_ipv4(const struct nf_hook_ops *ops,
{
struct
nft_pktinfo
pkt
;
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
);
return
nft_do_chain
(
&
pkt
,
ops
);
}
...
...
net/ipv4/netfilter/nft_chain_nat_ipv4.c
浏览文件 @
073bfd56
...
...
@@ -33,7 +33,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
{
struct
nft_pktinfo
pkt
;
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
);
return
nft_do_chain
(
&
pkt
,
ops
);
}
...
...
net/ipv4/netfilter/nft_chain_route_ipv4.c
浏览文件 @
073bfd56
...
...
@@ -37,7 +37,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
ip_hdrlen
(
skb
)
<
sizeof
(
struct
iphdr
))
return
NF_ACCEPT
;
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo_ipv4
(
&
pkt
,
ops
,
skb
,
state
);
mark
=
skb
->
mark
;
iph
=
ip_hdr
(
skb
);
...
...
net/ipv6/netfilter/nf_tables_ipv6.c
浏览文件 @
073bfd56
...
...
@@ -23,7 +23,7 @@ static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops,
struct
nft_pktinfo
pkt
;
/* malformed packet, drop it */
if
(
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
)
<
0
)
if
(
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
)
<
0
)
return
NF_DROP
;
return
nft_do_chain
(
&
pkt
,
ops
);
...
...
net/ipv6/netfilter/nft_chain_nat_ipv6.c
浏览文件 @
073bfd56
...
...
@@ -31,7 +31,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
{
struct
nft_pktinfo
pkt
;
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
);
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
);
return
nft_do_chain
(
&
pkt
,
ops
);
}
...
...
net/ipv6/netfilter/nft_chain_route_ipv6.c
浏览文件 @
073bfd56
...
...
@@ -33,7 +33,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
u32
mark
,
flowlabel
;
/* malformed packet, drop it */
if
(
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
->
in
,
state
->
out
)
<
0
)
if
(
nft_set_pktinfo_ipv6
(
&
pkt
,
ops
,
skb
,
state
)
<
0
)
return
NF_DROP
;
/* save source/dest address, mark, hoplimit, flowlabel, priority */
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录