mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-04 04:06:26 +00:00
netfilter: nf_tables: add and use nft_thoff helper
This allows to change storage placement later on without changing readers. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
85554eb981
commit
2d7b4ace07
@ -34,6 +34,11 @@ static inline struct sock *nft_sk(const struct nft_pktinfo *pkt)
|
||||
return pkt->xt.state->sk;
|
||||
}
|
||||
|
||||
static inline unsigned int nft_thoff(const struct nft_pktinfo *pkt)
|
||||
{
|
||||
return pkt->xt.thoff;
|
||||
}
|
||||
|
||||
static inline struct net *nft_net(const struct nft_pktinfo *pkt)
|
||||
{
|
||||
return pkt->xt.state->net;
|
||||
|
@ -81,7 +81,7 @@ static bool nft_payload_fast_eval(const struct nft_expr *expr,
|
||||
else {
|
||||
if (!pkt->tprot_set)
|
||||
return false;
|
||||
ptr = skb_network_header(skb) + pkt->xt.thoff;
|
||||
ptr = skb_network_header(skb) + nft_thoff(pkt);
|
||||
}
|
||||
|
||||
ptr += priv->offset;
|
||||
|
@ -113,17 +113,17 @@ static int nf_trace_fill_pkt_info(struct sk_buff *nlskb,
|
||||
int off = skb_network_offset(skb);
|
||||
unsigned int len, nh_end;
|
||||
|
||||
nh_end = pkt->tprot_set ? pkt->xt.thoff : skb->len;
|
||||
nh_end = pkt->tprot_set ? nft_thoff(pkt) : skb->len;
|
||||
len = min_t(unsigned int, nh_end - skb_network_offset(skb),
|
||||
NFT_TRACETYPE_NETWORK_HSIZE);
|
||||
if (trace_fill_header(nlskb, NFTA_TRACE_NETWORK_HEADER, skb, off, len))
|
||||
return -1;
|
||||
|
||||
if (pkt->tprot_set) {
|
||||
len = min_t(unsigned int, skb->len - pkt->xt.thoff,
|
||||
len = min_t(unsigned int, skb->len - nft_thoff(pkt),
|
||||
NFT_TRACETYPE_TRANSPORT_HSIZE);
|
||||
if (trace_fill_header(nlskb, NFTA_TRACE_TRANSPORT_HEADER, skb,
|
||||
pkt->xt.thoff, len))
|
||||
nft_thoff(pkt), len))
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
@ -167,7 +167,7 @@ nft_tcp_header_pointer(const struct nft_pktinfo *pkt,
|
||||
if (!pkt->tprot_set || pkt->tprot != IPPROTO_TCP)
|
||||
return NULL;
|
||||
|
||||
tcph = skb_header_pointer(pkt->skb, pkt->xt.thoff, sizeof(*tcph), buffer);
|
||||
tcph = skb_header_pointer(pkt->skb, nft_thoff(pkt), sizeof(*tcph), buffer);
|
||||
if (!tcph)
|
||||
return NULL;
|
||||
|
||||
@ -175,7 +175,7 @@ nft_tcp_header_pointer(const struct nft_pktinfo *pkt,
|
||||
if (*tcphdr_len < sizeof(*tcph) || *tcphdr_len > len)
|
||||
return NULL;
|
||||
|
||||
return skb_header_pointer(pkt->skb, pkt->xt.thoff, *tcphdr_len, buffer);
|
||||
return skb_header_pointer(pkt->skb, nft_thoff(pkt), *tcphdr_len, buffer);
|
||||
}
|
||||
|
||||
static void nft_exthdr_tcp_eval(const struct nft_expr *expr,
|
||||
@ -251,7 +251,7 @@ static void nft_exthdr_tcp_set_eval(const struct nft_expr *expr,
|
||||
return;
|
||||
|
||||
if (skb_ensure_writable(pkt->skb,
|
||||
pkt->xt.thoff + i + priv->len))
|
||||
nft_thoff(pkt) + i + priv->len))
|
||||
return;
|
||||
|
||||
tcph = nft_tcp_header_pointer(pkt, sizeof(buff), buff,
|
||||
@ -306,7 +306,7 @@ static void nft_exthdr_sctp_eval(const struct nft_expr *expr,
|
||||
struct nft_regs *regs,
|
||||
const struct nft_pktinfo *pkt)
|
||||
{
|
||||
unsigned int offset = pkt->xt.thoff + sizeof(struct sctphdr);
|
||||
unsigned int offset = nft_thoff(pkt) + sizeof(struct sctphdr);
|
||||
struct nft_exthdr *priv = nft_expr_priv(expr);
|
||||
u32 *dest = ®s->data[priv->dreg];
|
||||
const struct sctp_chunkhdr *sch;
|
||||
|
@ -291,7 +291,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr,
|
||||
|
||||
switch (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum) {
|
||||
case IPPROTO_TCP:
|
||||
tcph = skb_header_pointer(pkt->skb, pkt->xt.thoff,
|
||||
tcph = skb_header_pointer(pkt->skb, nft_thoff(pkt),
|
||||
sizeof(_tcph), &_tcph);
|
||||
if (unlikely(!tcph || tcph->fin || tcph->rst))
|
||||
goto out;
|
||||
|
@ -110,7 +110,7 @@ void nft_payload_eval(const struct nft_expr *expr,
|
||||
case NFT_PAYLOAD_TRANSPORT_HEADER:
|
||||
if (!pkt->tprot_set)
|
||||
goto err;
|
||||
offset = pkt->xt.thoff;
|
||||
offset = nft_thoff(pkt);
|
||||
break;
|
||||
default:
|
||||
BUG();
|
||||
@ -507,7 +507,7 @@ static int nft_payload_l4csum_offset(const struct nft_pktinfo *pkt,
|
||||
*l4csum_offset = offsetof(struct tcphdr, check);
|
||||
break;
|
||||
case IPPROTO_UDP:
|
||||
if (!nft_payload_udp_checksum(skb, pkt->xt.thoff))
|
||||
if (!nft_payload_udp_checksum(skb, nft_thoff(pkt)))
|
||||
return -1;
|
||||
fallthrough;
|
||||
case IPPROTO_UDPLITE:
|
||||
@ -520,7 +520,7 @@ static int nft_payload_l4csum_offset(const struct nft_pktinfo *pkt,
|
||||
return -1;
|
||||
}
|
||||
|
||||
*l4csum_offset += pkt->xt.thoff;
|
||||
*l4csum_offset += nft_thoff(pkt);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -612,7 +612,7 @@ static void nft_payload_set_eval(const struct nft_expr *expr,
|
||||
case NFT_PAYLOAD_TRANSPORT_HEADER:
|
||||
if (!pkt->tprot_set)
|
||||
goto err;
|
||||
offset = pkt->xt.thoff;
|
||||
offset = nft_thoff(pkt);
|
||||
break;
|
||||
default:
|
||||
BUG();
|
||||
@ -643,7 +643,7 @@ static void nft_payload_set_eval(const struct nft_expr *expr,
|
||||
if (priv->csum_type == NFT_PAYLOAD_CSUM_SCTP &&
|
||||
pkt->tprot == IPPROTO_SCTP &&
|
||||
skb->ip_summed != CHECKSUM_PARTIAL) {
|
||||
if (nft_payload_csum_sctp(skb, pkt->xt.thoff))
|
||||
if (nft_payload_csum_sctp(skb, nft_thoff(pkt)))
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
@ -109,7 +109,7 @@ static void nft_synproxy_do_eval(const struct nft_synproxy *priv,
|
||||
{
|
||||
struct synproxy_options opts = {};
|
||||
struct sk_buff *skb = pkt->skb;
|
||||
int thoff = pkt->xt.thoff;
|
||||
int thoff = nft_thoff(pkt);
|
||||
const struct tcphdr *tcp;
|
||||
struct tcphdr _tcph;
|
||||
|
||||
@ -123,7 +123,7 @@ static void nft_synproxy_do_eval(const struct nft_synproxy *priv,
|
||||
return;
|
||||
}
|
||||
|
||||
tcp = skb_header_pointer(skb, pkt->xt.thoff,
|
||||
tcp = skb_header_pointer(skb, thoff,
|
||||
sizeof(struct tcphdr),
|
||||
&_tcph);
|
||||
if (!tcp) {
|
||||
|
@ -82,9 +82,9 @@ static void nft_tproxy_eval_v6(const struct nft_expr *expr,
|
||||
const struct nft_tproxy *priv = nft_expr_priv(expr);
|
||||
struct sk_buff *skb = pkt->skb;
|
||||
const struct ipv6hdr *iph = ipv6_hdr(skb);
|
||||
struct in6_addr taddr;
|
||||
int thoff = pkt->xt.thoff;
|
||||
int thoff = nft_thoff(pkt);
|
||||
struct udphdr _hdr, *hp;
|
||||
struct in6_addr taddr;
|
||||
__be16 tport = 0;
|
||||
struct sock *sk;
|
||||
int l4proto;
|
||||
|
Loading…
Reference in New Issue
Block a user