Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1#ifndef _NETFILTER_INGRESS_H_
2#define _NETFILTER_INGRESS_H_
3
4#include <linux/netfilter.h>
5#include <linux/netdevice.h>
6
7#ifdef CONFIG_NETFILTER_INGRESS
8static inline bool nf_hook_ingress_active(const struct sk_buff *skb)
9{
10#ifdef HAVE_JUMP_LABEL
11 if (!static_key_false(&nf_hooks_needed[NFPROTO_NETDEV][NF_NETDEV_INGRESS]))
12 return false;
13#endif
14 return rcu_access_pointer(skb->dev->nf_hooks_ingress);
15}
16
17/* caller must hold rcu_read_lock */
18static inline int nf_hook_ingress(struct sk_buff *skb)
19{
20 struct nf_hook_entry *e = rcu_dereference(skb->dev->nf_hooks_ingress);
21 struct nf_hook_state state;
22 int ret;
23
24 /* Must recheck the ingress hook head, in the event it became NULL
25 * after the check in nf_hook_ingress_active evaluated to true.
26 */
27 if (unlikely(!e))
28 return 0;
29
30 nf_hook_state_init(&state, NF_NETDEV_INGRESS,
31 NFPROTO_NETDEV, skb->dev, NULL, NULL,
32 dev_net(skb->dev), NULL);
33 ret = nf_hook_slow(skb, &state, e);
34 if (ret == 0)
35 return -1;
36
37 return ret;
38}
39
40static inline void nf_hook_ingress_init(struct net_device *dev)
41{
42 RCU_INIT_POINTER(dev->nf_hooks_ingress, NULL);
43}
44#else /* CONFIG_NETFILTER_INGRESS */
45static inline int nf_hook_ingress_active(struct sk_buff *skb)
46{
47 return 0;
48}
49
50static inline int nf_hook_ingress(struct sk_buff *skb)
51{
52 return 0;
53}
54
55static inline void nf_hook_ingress_init(struct net_device *dev) {}
56#endif /* CONFIG_NETFILTER_INGRESS */
57#endif /* _NETFILTER_INGRESS_H_ */