]>
Commit | Line | Data |
---|---|---|
e687ad60 PN |
1 | #ifndef _NETFILTER_INGRESS_H_ |
2 | #define _NETFILTER_INGRESS_H_ | |
3 | ||
4 | #include <linux/netfilter.h> | |
5 | #include <linux/netdevice.h> | |
6 | ||
7 | #ifdef CONFIG_NETFILTER_INGRESS | |
61b590b9 | 8 | static inline bool nf_hook_ingress_active(const struct sk_buff *skb) |
e687ad60 | 9 | { |
61b590b9 FW |
10 | #ifdef HAVE_JUMP_LABEL |
11 | if (!static_key_false(&nf_hooks_needed[NFPROTO_NETDEV][NF_NETDEV_INGRESS])) | |
12 | return false; | |
13 | #endif | |
e3b37f11 | 14 | return rcu_access_pointer(skb->dev->nf_hooks_ingress); |
e687ad60 PN |
15 | } |
16 | ||
fe72926b | 17 | /* caller must hold rcu_read_lock */ |
e687ad60 PN |
18 | static inline int nf_hook_ingress(struct sk_buff *skb) |
19 | { | |
e3b37f11 | 20 | struct nf_hook_entry *e = rcu_dereference(skb->dev->nf_hooks_ingress); |
e687ad60 PN |
21 | struct nf_hook_state state; |
22 | ||
e3b37f11 AC |
23 | /* Must recheck the ingress hook head, in the event it became NULL |
24 | * after the check in nf_hook_ingress_active evaluated to true. | |
25 | */ | |
26 | if (unlikely(!e)) | |
27 | return 0; | |
28 | ||
01886bd9 | 29 | nf_hook_state_init(&state, NF_NETDEV_INGRESS, |
e3b37f11 AC |
30 | NFPROTO_NETDEV, skb->dev, NULL, NULL, |
31 | dev_net(skb->dev), NULL); | |
01886bd9 | 32 | return nf_hook_slow(skb, &state, e); |
e687ad60 PN |
33 | } |
34 | ||
35 | static inline void nf_hook_ingress_init(struct net_device *dev) | |
36 | { | |
e3b37f11 | 37 | RCU_INIT_POINTER(dev->nf_hooks_ingress, NULL); |
e687ad60 PN |
38 | } |
39 | #else /* CONFIG_NETFILTER_INGRESS */ | |
40 | static inline int nf_hook_ingress_active(struct sk_buff *skb) | |
41 | { | |
42 | return 0; | |
43 | } | |
44 | ||
45 | static inline int nf_hook_ingress(struct sk_buff *skb) | |
46 | { | |
47 | return 0; | |
48 | } | |
49 | ||
50 | static inline void nf_hook_ingress_init(struct net_device *dev) {} | |
51 | #endif /* CONFIG_NETFILTER_INGRESS */ | |
52 | #endif /* _NETFILTER_INGRESS_H_ */ |