mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-15 01:24:33 +00:00
[NETFILTER]: add type parameter to ip_route_me_harder
By adding a type parameter to ip_route_me_harder() the expensive call to inet_addr_type() can be avoided in some cases. A followup patch where ip_route_me_harder() is called from within ip_vs_out() is one such example. Signed-off-By: Simon Horman <horms@verge.net.au> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
f1da70632f
commit
b4c4ed175f
@ -77,7 +77,7 @@ enum nf_ip_hook_priorities {
|
||||
#define SO_ORIGINAL_DST 80
|
||||
|
||||
#ifdef __KERNEL__
|
||||
extern int ip_route_me_harder(struct sk_buff **pskb);
|
||||
extern int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type);
|
||||
extern int ip_xfrm_me_harder(struct sk_buff **pskb);
|
||||
extern unsigned int nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
|
||||
unsigned int dataoff, u_int8_t protocol);
|
||||
|
@ -8,7 +8,7 @@
|
||||
#include <net/ip.h>
|
||||
|
||||
/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
|
||||
int ip_route_me_harder(struct sk_buff **pskb)
|
||||
int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
|
||||
{
|
||||
struct iphdr *iph = (*pskb)->nh.iph;
|
||||
struct rtable *rt;
|
||||
@ -16,10 +16,13 @@ int ip_route_me_harder(struct sk_buff **pskb)
|
||||
struct dst_entry *odst;
|
||||
unsigned int hh_len;
|
||||
|
||||
if (addr_type == RTN_UNSPEC)
|
||||
addr_type = inet_addr_type(iph->saddr);
|
||||
|
||||
/* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
|
||||
* packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook.
|
||||
*/
|
||||
if (inet_addr_type(iph->saddr) == RTN_LOCAL) {
|
||||
if (addr_type == RTN_LOCAL) {
|
||||
fl.nl_u.ip4_u.daddr = iph->daddr;
|
||||
fl.nl_u.ip4_u.saddr = iph->saddr;
|
||||
fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
|
||||
@ -156,7 +159,7 @@ static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
|
||||
if (!(iph->tos == rt_info->tos
|
||||
&& iph->daddr == rt_info->daddr
|
||||
&& iph->saddr == rt_info->saddr))
|
||||
return ip_route_me_harder(pskb);
|
||||
return ip_route_me_harder(pskb, RTN_UNSPEC);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -265,7 +265,8 @@ ip_nat_local_fn(unsigned int hooknum,
|
||||
ct->tuplehash[!dir].tuple.src.u.all
|
||||
#endif
|
||||
)
|
||||
return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
|
||||
if (ip_route_me_harder(pskb, RTN_UNSPEC))
|
||||
ret = NF_DROP;
|
||||
}
|
||||
return ret;
|
||||
}
|
||||
|
@ -157,7 +157,8 @@ ipt_local_hook(unsigned int hook,
|
||||
|| (*pskb)->nfmark != nfmark
|
||||
#endif
|
||||
|| (*pskb)->nh.iph->tos != tos))
|
||||
return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
|
||||
if (ip_route_me_harder(pskb, RTN_UNSPEC))
|
||||
ret = NF_DROP;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user