Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
1#ifndef _NETFILTER_INGRESS_H_
2#define _NETFILTER_INGRESS_H_
3
4#include <linux/netfilter.h>
5#include <linux/netdevice.h>
6
7#ifdef CONFIG_NETFILTER_INGRESS
8static inline bool nf_hook_ingress_active(const struct sk_buff *skb)
9{
10#ifdef HAVE_JUMP_LABEL
11 if (!static_key_false(&nf_hooks_needed[NFPROTO_NETDEV][NF_NETDEV_INGRESS]))
12 return false;
13#endif
14 return rcu_access_pointer(skb->dev->nf_hooks_ingress);
15}
16
17/* caller must hold rcu_read_lock */
18static inline int nf_hook_ingress(struct sk_buff *skb)
19{
20 struct nf_hook_entry *e = rcu_dereference(skb->dev->nf_hooks_ingress);
21 struct nf_hook_state state;
22
23 /* Must recheck the ingress hook head, in the event it became NULL
24 * after the check in nf_hook_ingress_active evaluated to true.
25 */
26 if (unlikely(!e))
27 return 0;
28
29 nf_hook_state_init(&state, e, NF_NETDEV_INGRESS, INT_MIN,
30 NFPROTO_NETDEV, skb->dev, NULL, NULL,
31 dev_net(skb->dev), NULL);
32 return nf_hook_slow(skb, &state);
33}
34
35static inline void nf_hook_ingress_init(struct net_device *dev)
36{
37 RCU_INIT_POINTER(dev->nf_hooks_ingress, NULL);
38}
39#else /* CONFIG_NETFILTER_INGRESS */
40static inline int nf_hook_ingress_active(struct sk_buff *skb)
41{
42 return 0;
43}
44
45static inline int nf_hook_ingress(struct sk_buff *skb)
46{
47 return 0;
48}
49
50static inline void nf_hook_ingress_init(struct net_device *dev) {}
51#endif /* CONFIG_NETFILTER_INGRESS */
52#endif /* _NETFILTER_INGRESS_H_ */