Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says: ==================== Netfilter/IPVS updates for net-next The following patchset contains Netfilter/IPVS for net-next: 1) Add new run_estimation toggle to IPVS to stop the estimation_timer logic, from Dust Li. 2) Relax superfluous dynset check on NFT_SET_TIMEOUT. 3) Add egress hook, from Lukas Wunner. 4) Nowadays, almost all hook functions in x_table land just call the hook evaluation loop. Remove remaining hook wrappers from iptables and IPVS. From Florian Westphal. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
@@ -140,7 +140,7 @@
|
||||
#include <linux/if_macvlan.h>
|
||||
#include <linux/errqueue.h>
|
||||
#include <linux/hrtimer.h>
|
||||
#include <linux/netfilter_ingress.h>
|
||||
#include <linux/netfilter_netdev.h>
|
||||
#include <linux/crash_dump.h>
|
||||
#include <linux/sctp.h>
|
||||
#include <net/udp_tunnel.h>
|
||||
@@ -3926,6 +3926,7 @@ EXPORT_SYMBOL(dev_loopback_xmit);
|
||||
static struct sk_buff *
|
||||
sch_handle_egress(struct sk_buff *skb, int *ret, struct net_device *dev)
|
||||
{
|
||||
#ifdef CONFIG_NET_CLS_ACT
|
||||
struct mini_Qdisc *miniq = rcu_dereference_bh(dev->miniq_egress);
|
||||
struct tcf_result cl_res;
|
||||
|
||||
@@ -3961,6 +3962,7 @@ sch_handle_egress(struct sk_buff *skb, int *ret, struct net_device *dev)
|
||||
default:
|
||||
break;
|
||||
}
|
||||
#endif /* CONFIG_NET_CLS_ACT */
|
||||
|
||||
return skb;
|
||||
}
|
||||
@@ -4154,13 +4156,20 @@ static int __dev_queue_xmit(struct sk_buff *skb, struct net_device *sb_dev)
|
||||
qdisc_pkt_len_init(skb);
|
||||
#ifdef CONFIG_NET_CLS_ACT
|
||||
skb->tc_at_ingress = 0;
|
||||
# ifdef CONFIG_NET_EGRESS
|
||||
#endif
|
||||
#ifdef CONFIG_NET_EGRESS
|
||||
if (static_branch_unlikely(&egress_needed_key)) {
|
||||
if (nf_hook_egress_active()) {
|
||||
skb = nf_hook_egress(skb, &rc, dev);
|
||||
if (!skb)
|
||||
goto out;
|
||||
}
|
||||
nf_skip_egress(skb, true);
|
||||
skb = sch_handle_egress(skb, &rc, dev);
|
||||
if (!skb)
|
||||
goto out;
|
||||
nf_skip_egress(skb, false);
|
||||
}
|
||||
# endif
|
||||
#endif
|
||||
/* If device/qdisc don't need skb->dst, release it right now while
|
||||
* its hot in this cpu cache.
|
||||
@@ -5302,6 +5311,7 @@ skip_taps:
|
||||
if (static_branch_unlikely(&ingress_needed_key)) {
|
||||
bool another = false;
|
||||
|
||||
nf_skip_egress(skb, true);
|
||||
skb = sch_handle_ingress(skb, &pt_prev, &ret, orig_dev,
|
||||
&another);
|
||||
if (another)
|
||||
@@ -5309,6 +5319,7 @@ skip_taps:
|
||||
if (!skb)
|
||||
goto out;
|
||||
|
||||
nf_skip_egress(skb, false);
|
||||
if (nf_ingress(skb, &pt_prev, &ret, orig_dev) < 0)
|
||||
goto out;
|
||||
}
|
||||
@@ -10870,7 +10881,7 @@ struct net_device *alloc_netdev_mqs(int sizeof_priv, const char *name,
|
||||
if (!dev->ethtool_ops)
|
||||
dev->ethtool_ops = &default_ethtool_ops;
|
||||
|
||||
nf_hook_ingress_init(dev);
|
||||
nf_hook_netdev_init(dev);
|
||||
|
||||
return dev;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user