netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[RFC, PATCH 1/5]: netfilter+ipsec - nf_reset

from [Patrick McHardy] [Permanent Link][Original]
To: "David S. Miller" <davem@xxxxxxxxxx>
Subject: [RFC, PATCH 1/5]: netfilter+ipsec - nf_reset
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Thu, 18 Mar 2004 17:31:27 +0100
Cc: herbert@xxxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20040308115858.75cdddca.davem@xxxxxxxxxx>
References: <20040308110331.GA20719@xxxxxxxxxxxxxxxxxxx> <404C874D.4000907@xxxxxxxxx> <20040308115858.75cdddca.davem@xxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040122 Debian/1.6-1 
This patch adds a new function nf_reset to reset netfilter
related skb-fields. It has no real relationship to
netfilter+ipsec, but it's required for the follow-up patches.


# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/03/18 03:22:26+01:00 kaber@xxxxxxxxx 
#   [NETFILTER]: Add new function 'nf_reset' to reset netfilter related 
skb-fields
# 
# net/ipv6/sit.c
#   2004/03/18 03:19:58+01:00 kaber@xxxxxxxxx +2 -14
#   [NETFILTER]: Add new function 'nf_reset' to reset netfilter related 
skb-fields
# 
# net/ipv6/ip6_tunnel.c
#   2004/03/18 03:19:58+01:00 kaber@xxxxxxxxx +1 -7
#   [NETFILTER]: Add new function 'nf_reset' to reset netfilter related 
skb-fields
# 
# net/ipv4/ipip.c
#   2004/03/18 03:19:58+01:00 kaber@xxxxxxxxx +2 -14
#   [NETFILTER]: Add new function 'nf_reset' to reset netfilter related 
skb-fields
# 
# net/ipv4/ip_input.c
#   2004/03/18 03:19:58+01:00 kaber@xxxxxxxxx +1 -5
#   [NETFILTER]: Add new function 'nf_reset' to reset netfilter related 
skb-fields
# 
# net/ipv4/ip_gre.c
#   2004/03/18 03:19:58+01:00 kaber@xxxxxxxxx +2 -14
#   [NETFILTER]: Add new function 'nf_reset' to reset netfilter related 
skb-fields
# 
# include/linux/skbuff.h
#   2004/03/18 03:19:58+01:00 kaber@xxxxxxxxx +12 -3
#   [NETFILTER]: Add new function 'nf_reset' to reset netfilter related 
skb-fields
# 
diff -Nru a/include/linux/skbuff.h b/include/linux/skbuff.h
--- a/include/linux/skbuff.h    Thu Mar 18 16:45:10 2004
+++ b/include/linux/skbuff.h    Thu Mar 18 16:45:10 2004
@@ -1201,6 +1201,14 @@
        if (nfct)
                atomic_inc(&nfct->master->use);
 }
+static inline void nf_reset(struct sk_buff *skb)
+{
+       nf_conntrack_put(skb->nfct);
+       skb->nfct = NULL;
+#ifdef CONFIG_NETFILTER_DEBUG
+       skb->nf_debug = 0;
+#endif
+}
 
 #ifdef CONFIG_BRIDGE_NETFILTER
 static inline void nf_bridge_put(struct nf_bridge_info *nf_bridge)
@@ -1213,9 +1221,10 @@
        if (nf_bridge)
                atomic_inc(&nf_bridge->use);
 }
-#endif
-
-#endif
+#endif /* CONFIG_BRIDGE_NETFILTER */
+#else /* CONFIG_NETFILTER */
+static inline void nf_reset(struct sk_buff *skb) {}
+#endif /* CONFIG_NETFILTER */
 
 #endif /* __KERNEL__ */
 #endif /* _LINUX_SKBUFF_H */
diff -Nru a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
--- a/net/ipv4/ip_gre.c Thu Mar 18 16:45:10 2004
+++ b/net/ipv4/ip_gre.c Thu Mar 18 16:45:10 2004
@@ -643,13 +643,7 @@
                skb->dev = tunnel->dev;
                dst_release(skb->dst);
                skb->dst = NULL;
-#ifdef CONFIG_NETFILTER
-               nf_conntrack_put(skb->nfct);
-               skb->nfct = NULL;
-#ifdef CONFIG_NETFILTER_DEBUG
-               skb->nf_debug = 0;
-#endif
-#endif
+               nf_reset(skb);
                ipgre_ecn_decapsulate(iph, skb);
                netif_rx(skb);
                read_unlock(&ipgre_lock);
@@ -877,13 +871,7 @@
                }
        }
 
-#ifdef CONFIG_NETFILTER
-       nf_conntrack_put(skb->nfct);
-       skb->nfct = NULL;
-#ifdef CONFIG_NETFILTER_DEBUG
-       skb->nf_debug = 0;
-#endif
-#endif
+       nf_reset(skb);
 
        IPTUNNEL_XMIT();
        tunnel->recursion--;
diff -Nru a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
--- a/net/ipv4/ip_input.c       Thu Mar 18 16:45:10 2004
+++ b/net/ipv4/ip_input.c       Thu Mar 18 16:45:10 2004
@@ -202,17 +202,13 @@
 
 #ifdef CONFIG_NETFILTER_DEBUG
        nf_debug_ip_local_deliver(skb);
-       skb->nf_debug = 0;
 #endif /*CONFIG_NETFILTER_DEBUG*/
 
        __skb_pull(skb, ihl);
 
-#ifdef CONFIG_NETFILTER
        /* Free reference early: we don't need it any more, and it may
            hold ip_conntrack module loaded indefinitely. */
-       nf_conntrack_put(skb->nfct);
-       skb->nfct = NULL;
-#endif /*CONFIG_NETFILTER*/
+       nf_reset(skb);
 
         /* Point into the IP datagram, just past the header. */
         skb->h.raw = skb->data;
diff -Nru a/net/ipv4/ipip.c b/net/ipv4/ipip.c
--- a/net/ipv4/ipip.c   Thu Mar 18 16:45:10 2004
+++ b/net/ipv4/ipip.c   Thu Mar 18 16:45:10 2004
@@ -496,13 +496,7 @@
                skb->dev = tunnel->dev;
                dst_release(skb->dst);
                skb->dst = NULL;
-#ifdef CONFIG_NETFILTER
-               nf_conntrack_put(skb->nfct);
-               skb->nfct = NULL;
-#ifdef CONFIG_NETFILTER_DEBUG
-               skb->nf_debug = 0;
-#endif
-#endif
+               nf_reset(skb);
                ipip_ecn_decapsulate(iph, skb);
                netif_rx(skb);
                read_unlock(&ipip_lock);
@@ -647,13 +641,7 @@
        if ((iph->ttl = tiph->ttl) == 0)
                iph->ttl        =       old_iph->ttl;
 
-#ifdef CONFIG_NETFILTER
-       nf_conntrack_put(skb->nfct);
-       skb->nfct = NULL;
-#ifdef CONFIG_NETFILTER_DEBUG
-       skb->nf_debug = 0;
-#endif
-#endif
+       nf_reset(skb);
 
        IPTUNNEL_XMIT();
        tunnel->recursion--;
diff -Nru a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
--- a/net/ipv6/ip6_tunnel.c     Thu Mar 18 16:45:10 2004
+++ b/net/ipv6/ip6_tunnel.c     Thu Mar 18 16:45:10 2004
@@ -715,13 +715,7 @@
        ipv6h->nexthdr = proto;
        ipv6_addr_copy(&ipv6h->saddr, &fl.fl6_src);
        ipv6_addr_copy(&ipv6h->daddr, &fl.fl6_dst);
-#ifdef CONFIG_NETFILTER
-       nf_conntrack_put(skb->nfct);
-       skb->nfct = NULL;
-#ifdef CONFIG_NETFILTER_DEBUG
-       skb->nf_debug = 0;
-#endif
-#endif
+       nf_reset(skb);
        pkt_len = skb->len;
        err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, 
                      skb->dst->dev, dst_output);
diff -Nru a/net/ipv6/sit.c b/net/ipv6/sit.c
--- a/net/ipv6/sit.c    Thu Mar 18 16:45:10 2004
+++ b/net/ipv6/sit.c    Thu Mar 18 16:45:10 2004
@@ -388,13 +388,7 @@
                skb->dev = tunnel->dev;
                dst_release(skb->dst);
                skb->dst = NULL;
-#ifdef CONFIG_NETFILTER
-               nf_conntrack_put(skb->nfct);
-               skb->nfct = NULL;
-#ifdef CONFIG_NETFILTER_DEBUG
-               skb->nf_debug = 0;
-#endif
-#endif
+               nf_reset(skb);
                ipip6_ecn_decapsulate(iph, skb);
                netif_rx(skb);
                read_unlock(&ipip6_lock);
@@ -580,13 +574,7 @@
        if ((iph->ttl = tiph->ttl) == 0)
                iph->ttl        =       iph6->hop_limit;
 
-#ifdef CONFIG_NETFILTER
-       nf_conntrack_put(skb->nfct);
-       skb->nfct = NULL;
-#ifdef CONFIG_NETFILTER_DEBUG
-       skb->nf_debug = 0;
-#endif
-#endif
+       nf_reset(skb);
 
        IPTUNNEL_XMIT();
        tunnel->recursion--;
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ip_route_me_harder -> xfrm_lookup, Patrick McHardy
Next by Date:  [RFC, PATCH 2/5]: netfilter+ipsec - output hooks, Patrick McHardy
Previous by Thread:  Re: ip_route_me_harder -> xfrm_lookup, Patrick McHardy
Next by Thread:  Re: [RFC, PATCH 1/5]: netfilter+ipsec - nf_reset, David S. Miller
Indexes:  [Date] [Thread] [Top] [All Lists]