diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-11-27 22:50:26 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-08 18:10:53 +0100 |
commit | ce388f452f0af2013c657dd24be4415d94e7704f (patch) | |
tree | 05f43955eee02314af8eab159ccbc2c0363c0c82 /net/netfilter/nf_queue.c | |
parent | 3f87c08c615f567799b426aff0341ea8010a0ebb (diff) | |
download | linux-ce388f452f0af2013c657dd24be4415d94e7704f.tar.gz linux-ce388f452f0af2013c657dd24be4415d94e7704f.tar.bz2 linux-ce388f452f0af2013c657dd24be4415d94e7704f.zip |
netfilter: move reroute indirection to struct nf_ipv6_ops
We cannot make a direct call to nf_ip6_reroute() because that would result
in autoloading the 'ipv6' module because of symbol dependencies.
Therefore, define reroute indirection in nf_ipv6_ops where this really
belongs to.
For IPv4, we can indeed make a direct function call, which is faster,
given IPv4 is built-in in the networking code by default. Still,
CONFIG_INET=n and CONFIG_NETFILTER=y is possible, so define empty inline
stub for IPv4 in such case.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_queue.c')
-rw-r--r-- | net/netfilter/nf_queue.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index dfa35bd292c8..15382ff83e7a 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c @@ -266,7 +266,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) const struct nf_hook_entry *hook_entry; const struct nf_hook_entries *hooks; struct sk_buff *skb = entry->skb; - const struct nf_afinfo *afinfo; const struct net *net; unsigned int i; int err; @@ -293,8 +292,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) verdict = nf_hook_entry_hookfn(hook_entry, skb, &entry->state); if (verdict == NF_ACCEPT) { - afinfo = nf_get_afinfo(entry->state.pf); - if (!afinfo || afinfo->reroute(entry->state.net, skb, entry) < 0) + if (nf_reroute(skb, entry) < 0) verdict = NF_DROP; } |