tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nf_tables: add and use nft_thoff helper
This allows to change storage placement later on without changing readers.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
authored by
Florian Westphal
and committed by
Pablo Neira Ayuso
2d7b4ace
85554eb9
+23
-18
+5
include/net/netfilter/nf_tables.h
+5
include/net/netfilter/nf_tables.h
+1
-1
net/netfilter/nf_tables_core.c
+1
-1
net/netfilter/nf_tables_core.c
+3
-3
net/netfilter/nf_tables_trace.c
+3
-3
net/netfilter/nf_tables_trace.c
···
113
113
int off = skb_network_offset(skb);
114
114
unsigned int len, nh_end;
115
115
116
-
nh_end = pkt->tprot_set ? pkt->xt.thoff : skb->len;
116
+
nh_end = pkt->tprot_set ? nft_thoff(pkt) : skb->len;
117
117
len = min_t(unsigned int, nh_end - skb_network_offset(skb),
118
118
NFT_TRACETYPE_NETWORK_HSIZE);
119
119
if (trace_fill_header(nlskb, NFTA_TRACE_NETWORK_HEADER, skb, off, len))
120
120
return -1;
121
121
122
122
if (pkt->tprot_set) {
123
-
len = min_t(unsigned int, skb->len - pkt->xt.thoff,
123
+
len = min_t(unsigned int, skb->len - nft_thoff(pkt),
124
124
NFT_TRACETYPE_TRANSPORT_HSIZE);
125
125
if (trace_fill_header(nlskb, NFTA_TRACE_TRANSPORT_HEADER, skb,
126
-
pkt->xt.thoff, len))
126
+
nft_thoff(pkt), len))
127
127
return -1;
128
128
}
129
129
+4
-4
net/netfilter/nft_exthdr.c
+4
-4
net/netfilter/nft_exthdr.c
···
167
167
if (!pkt->tprot_set || pkt->tprot != IPPROTO_TCP)
168
168
return NULL;
169
169
170
-
tcph = skb_header_pointer(pkt->skb, pkt->xt.thoff, sizeof(*tcph), buffer);
170
+
tcph = skb_header_pointer(pkt->skb, nft_thoff(pkt), sizeof(*tcph), buffer);
171
171
if (!tcph)
172
172
return NULL;
173
173
···
175
175
if (*tcphdr_len < sizeof(*tcph) || *tcphdr_len > len)
176
176
return NULL;
177
177
178
-
return skb_header_pointer(pkt->skb, pkt->xt.thoff, *tcphdr_len, buffer);
178
+
return skb_header_pointer(pkt->skb, nft_thoff(pkt), *tcphdr_len, buffer);
179
179
}
180
180
181
181
static void nft_exthdr_tcp_eval(const struct nft_expr *expr,
···
251
251
return;
252
252
253
253
if (skb_ensure_writable(pkt->skb,
254
-
pkt->xt.thoff + i + priv->len))
254
+
nft_thoff(pkt) + i + priv->len))
255
255
return;
256
256
257
257
tcph = nft_tcp_header_pointer(pkt, sizeof(buff), buff,
···
306
306
struct nft_regs *regs,
307
307
const struct nft_pktinfo *pkt)
308
308
{
309
-
unsigned int offset = pkt->xt.thoff + sizeof(struct sctphdr);
309
+
unsigned int offset = nft_thoff(pkt) + sizeof(struct sctphdr);
310
310
struct nft_exthdr *priv = nft_expr_priv(expr);
311
311
u32 *dest = ®s->data[priv->dreg];
312
312
const struct sctp_chunkhdr *sch;
+1
-1
net/netfilter/nft_flow_offload.c
+1
-1
net/netfilter/nft_flow_offload.c
···
291
291
292
292
switch (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum) {
293
293
case IPPROTO_TCP:
294
-
tcph = skb_header_pointer(pkt->skb, pkt->xt.thoff,
294
+
tcph = skb_header_pointer(pkt->skb, nft_thoff(pkt),
295
295
sizeof(_tcph), &_tcph);
296
296
if (unlikely(!tcph || tcph->fin || tcph->rst))
297
297
goto out;
+5
-5
net/netfilter/nft_payload.c
+5
-5
net/netfilter/nft_payload.c
···
110
110
case NFT_PAYLOAD_TRANSPORT_HEADER:
111
111
if (!pkt->tprot_set)
112
112
goto err;
113
-
offset = pkt->xt.thoff;
113
+
offset = nft_thoff(pkt);
114
114
break;
115
115
default:
116
116
BUG();
···
507
507
*l4csum_offset = offsetof(struct tcphdr, check);
508
508
break;
509
509
case IPPROTO_UDP:
510
-
if (!nft_payload_udp_checksum(skb, pkt->xt.thoff))
510
+
if (!nft_payload_udp_checksum(skb, nft_thoff(pkt)))
511
511
return -1;
512
512
fallthrough;
513
513
case IPPROTO_UDPLITE:
···
520
520
return -1;
521
521
}
522
522
523
-
*l4csum_offset += pkt->xt.thoff;
523
+
*l4csum_offset += nft_thoff(pkt);
524
524
return 0;
525
525
}
526
526
···
612
612
case NFT_PAYLOAD_TRANSPORT_HEADER:
613
613
if (!pkt->tprot_set)
614
614
goto err;
615
-
offset = pkt->xt.thoff;
615
+
offset = nft_thoff(pkt);
616
616
break;
617
617
default:
618
618
BUG();
···
643
643
if (priv->csum_type == NFT_PAYLOAD_CSUM_SCTP &&
644
644
pkt->tprot == IPPROTO_SCTP &&
645
645
skb->ip_summed != CHECKSUM_PARTIAL) {
646
-
if (nft_payload_csum_sctp(skb, pkt->xt.thoff))
646
+
if (nft_payload_csum_sctp(skb, nft_thoff(pkt)))
647
647
goto err;
648
648
}
649
649
+2
-2
net/netfilter/nft_synproxy.c
+2
-2
net/netfilter/nft_synproxy.c
···
109
109
{
110
110
struct synproxy_options opts = {};
111
111
struct sk_buff *skb = pkt->skb;
112
-
int thoff = pkt->xt.thoff;
112
+
int thoff = nft_thoff(pkt);
113
113
const struct tcphdr *tcp;
114
114
struct tcphdr _tcph;
115
115
···
123
123
return;
124
124
}
125
125
126
-
tcp = skb_header_pointer(skb, pkt->xt.thoff,
126
+
tcp = skb_header_pointer(skb, thoff,
127
127
sizeof(struct tcphdr),
128
128
&_tcph);
129
129
if (!tcp) {
+2
-2
net/netfilter/nft_tproxy.c
+2
-2
net/netfilter/nft_tproxy.c
···
82
82
const struct nft_tproxy *priv = nft_expr_priv(expr);
83
83
struct sk_buff *skb = pkt->skb;
84
84
const struct ipv6hdr *iph = ipv6_hdr(skb);
85
-
struct in6_addr taddr;
86
-
int thoff = pkt->xt.thoff;
85
+
int thoff = nft_thoff(pkt);
87
86
struct udphdr _hdr, *hp;
87
+
struct in6_addr taddr;
88
88
__be16 tport = 0;
89
89
struct sock *sk;
90
90
int l4proto;