diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-11-27 22:50:26 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-08 18:10:53 +0100 |
| commit | ce388f452f0af2013c657dd24be4415d94e7704f (patch) | |
| tree | 05f43955eee02314af8eab159ccbc2c0363c0c82 /net/netfilter/utils.c | |
| parent | 3f87c08c615f567799b426aff0341ea8010a0ebb (diff) | |
netfilter: move reroute indirection to struct nf_ipv6_ops
We cannot make a direct call to nf_ip6_reroute() because that would result
in autoloading the 'ipv6' module because of symbol dependencies.
Therefore, define reroute indirection in nf_ipv6_ops where this really
belongs to.
For IPv4, we can indeed make a direct function call, which is faster,
given IPv4 is built-in in the networking code by default. Still,
CONFIG_INET=n and CONFIG_NETFILTER=y is possible, so define empty inline
stub for IPv4 in such case.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/utils.c')
| -rw-r--r-- | net/netfilter/utils.c | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/net/netfilter/utils.c b/net/netfilter/utils.c index 45c22418c955..0b660c568156 100644 --- a/net/netfilter/utils.c +++ b/net/netfilter/utils.c @@ -2,6 +2,7 @@ #include <linux/netfilter.h> #include <linux/netfilter_ipv4.h> #include <linux/netfilter_ipv6.h> +#include <net/netfilter/nf_queue.h> __sum16 nf_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff, u_int8_t protocol, @@ -69,3 +70,21 @@ int nf_route(struct net *net, struct dst_entry **dst, struct flowi *fl, return ret; } EXPORT_SYMBOL_GPL(nf_route); + +int nf_reroute(struct sk_buff *skb, struct nf_queue_entry *entry) +{ + const struct nf_ipv6_ops *v6ops; + int ret = 0; + + switch (entry->state.pf) { + case AF_INET: + ret = nf_ip_reroute(skb, entry); + break; + case AF_INET6: + v6ops = rcu_dereference(nf_ipv6_ops); + if (v6ops) + ret = v6ops->reroute(skb, entry); + break; + } + return ret; +} |