Pablo Neira | e687ad6 | 2015-05-13 18:19:38 +0200 | [diff] [blame] | 1 | #ifndef _NETFILTER_INGRESS_H_ |
| 2 | #define _NETFILTER_INGRESS_H_ |
| 3 | |
| 4 | #include <linux/netfilter.h> |
| 5 | #include <linux/netdevice.h> |
| 6 | |
| 7 | #ifdef CONFIG_NETFILTER_INGRESS |
Florian Westphal | 61b590b | 2015-10-23 12:43:18 +0200 | [diff] [blame] | 8 | static inline bool nf_hook_ingress_active(const struct sk_buff *skb) |
Pablo Neira | e687ad6 | 2015-05-13 18:19:38 +0200 | [diff] [blame] | 9 | { |
Florian Westphal | 61b590b | 2015-10-23 12:43:18 +0200 | [diff] [blame] | 10 | #ifdef HAVE_JUMP_LABEL |
| 11 | if (!static_key_false(&nf_hooks_needed[NFPROTO_NETDEV][NF_NETDEV_INGRESS])) |
| 12 | return false; |
| 13 | #endif |
Aaron Conole | e3b37f1 | 2016-09-21 11:35:07 -0400 | [diff] [blame] | 14 | return rcu_access_pointer(skb->dev->nf_hooks_ingress); |
Pablo Neira | e687ad6 | 2015-05-13 18:19:38 +0200 | [diff] [blame] | 15 | } |
| 16 | |
Florian Westphal | fe72926 | 2016-09-21 11:35:02 -0400 | [diff] [blame] | 17 | /* caller must hold rcu_read_lock */ |
Pablo Neira | e687ad6 | 2015-05-13 18:19:38 +0200 | [diff] [blame] | 18 | static inline int nf_hook_ingress(struct sk_buff *skb) |
| 19 | { |
Aaron Conole | e3b37f1 | 2016-09-21 11:35:07 -0400 | [diff] [blame] | 20 | struct nf_hook_entry *e = rcu_dereference(skb->dev->nf_hooks_ingress); |
Pablo Neira | e687ad6 | 2015-05-13 18:19:38 +0200 | [diff] [blame] | 21 | struct nf_hook_state state; |
| 22 | |
Aaron Conole | e3b37f1 | 2016-09-21 11:35:07 -0400 | [diff] [blame] | 23 | /* Must recheck the ingress hook head, in the event it became NULL |
| 24 | * after the check in nf_hook_ingress_active evaluated to true. |
| 25 | */ |
| 26 | if (unlikely(!e)) |
| 27 | return 0; |
| 28 | |
| 29 | nf_hook_state_init(&state, e, NF_NETDEV_INGRESS, INT_MIN, |
| 30 | NFPROTO_NETDEV, skb->dev, NULL, NULL, |
| 31 | dev_net(skb->dev), NULL); |
Pablo Neira | e687ad6 | 2015-05-13 18:19:38 +0200 | [diff] [blame] | 32 | return nf_hook_slow(skb, &state); |
| 33 | } |
| 34 | |
| 35 | static inline void nf_hook_ingress_init(struct net_device *dev) |
| 36 | { |
Aaron Conole | e3b37f1 | 2016-09-21 11:35:07 -0400 | [diff] [blame] | 37 | RCU_INIT_POINTER(dev->nf_hooks_ingress, NULL); |
Pablo Neira | e687ad6 | 2015-05-13 18:19:38 +0200 | [diff] [blame] | 38 | } |
| 39 | #else /* CONFIG_NETFILTER_INGRESS */ |
| 40 | static inline int nf_hook_ingress_active(struct sk_buff *skb) |
| 41 | { |
| 42 | return 0; |
| 43 | } |
| 44 | |
| 45 | static inline int nf_hook_ingress(struct sk_buff *skb) |
| 46 | { |
| 47 | return 0; |
| 48 | } |
| 49 | |
| 50 | static inline void nf_hook_ingress_init(struct net_device *dev) {} |
| 51 | #endif /* CONFIG_NETFILTER_INGRESS */ |
| 52 | #endif /* _NETFILTER_INGRESS_H_ */ |