]>
Commit | Line | Data |
---|---|---|
b2441318 | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
e687ad60 PN |
2 | #ifndef _NETFILTER_INGRESS_H_ |
3 | #define _NETFILTER_INGRESS_H_ | |
4 | ||
5 | #include <linux/netfilter.h> | |
6 | #include <linux/netdevice.h> | |
7 | ||
8 | #ifdef CONFIG_NETFILTER_INGRESS | |
61b590b9 | 9 | static inline bool nf_hook_ingress_active(const struct sk_buff *skb) |
e687ad60 | 10 | { |
61b590b9 FW |
11 | #ifdef HAVE_JUMP_LABEL |
12 | if (!static_key_false(&nf_hooks_needed[NFPROTO_NETDEV][NF_NETDEV_INGRESS])) | |
13 | return false; | |
14 | #endif | |
e3b37f11 | 15 | return rcu_access_pointer(skb->dev->nf_hooks_ingress); |
e687ad60 PN |
16 | } |
17 | ||
fe72926b | 18 | /* caller must hold rcu_read_lock */ |
e687ad60 PN |
19 | static inline int nf_hook_ingress(struct sk_buff *skb) |
20 | { | |
960632ec | 21 | struct nf_hook_entries *e = rcu_dereference(skb->dev->nf_hooks_ingress); |
e687ad60 | 22 | struct nf_hook_state state; |
df122f58 | 23 | int ret; |
e687ad60 | 24 | |
e3b37f11 AC |
25 | /* Must recheck the ingress hook head, in the event it became NULL |
26 | * after the check in nf_hook_ingress_active evaluated to true. | |
27 | */ | |
28 | if (unlikely(!e)) | |
29 | return 0; | |
30 | ||
01886bd9 | 31 | nf_hook_state_init(&state, NF_NETDEV_INGRESS, |
e3b37f11 AC |
32 | NFPROTO_NETDEV, skb->dev, NULL, NULL, |
33 | dev_net(skb->dev), NULL); | |
960632ec | 34 | ret = nf_hook_slow(skb, &state, e, 0); |
df122f58 FW |
35 | if (ret == 0) |
36 | return -1; | |
37 | ||
38 | return ret; | |
e687ad60 PN |
39 | } |
40 | ||
41 | static inline void nf_hook_ingress_init(struct net_device *dev) | |
42 | { | |
e3b37f11 | 43 | RCU_INIT_POINTER(dev->nf_hooks_ingress, NULL); |
e687ad60 PN |
44 | } |
45 | #else /* CONFIG_NETFILTER_INGRESS */ | |
46 | static inline int nf_hook_ingress_active(struct sk_buff *skb) | |
47 | { | |
48 | return 0; | |
49 | } | |
50 | ||
51 | static inline int nf_hook_ingress(struct sk_buff *skb) | |
52 | { | |
53 | return 0; | |
54 | } | |
55 | ||
56 | static inline void nf_hook_ingress_init(struct net_device *dev) {} | |
57 | #endif /* CONFIG_NETFILTER_INGRESS */ | |
58 | #endif /* _NETFILTER_INGRESS_H_ */ |