LXR linux/include/linux/netfilter

   1#ifndef _NETFILTER_INGRESS_H_
   2#define _NETFILTER_INGRESS_H_
   3
   4#include <linux/netfilter.h>
   5#include <linux/netdevice.h>
   6
   7#ifdef CONFIG_NETFILTER_INGRESS
   8static inline bool nf_hook_ingress_active(const struct sk_buff *skb)
   9{
  10#ifdef HAVE_JUMP_LABEL
  11        if (!static_key_false(&nf_hooks_needed[NFPROTO_NETDEV][NF_NETDEV_INGRESS]))
  12                return false;
  13#endif
  14        return rcu_access_pointer(skb->dev->nf_hooks_ingress);
  15}
  16
  17/* caller must hold rcu_read_lock */
  18static inline int nf_hook_ingress(struct sk_buff *skb)
  19{
  20        struct nf_hook_entry *e = rcu_dereference(skb->dev->nf_hooks_ingress);
  21        struct nf_hook_state state;
  22        int ret;
  23
  24        /* Must recheck the ingress hook head, in the event it became NULL
  25         * after the check in nf_hook_ingress_active evaluated to true.
  26         */
  27        if (unlikely(!e))
  28                return 0;
  29
  30        nf_hook_state_init(&state, NF_NETDEV_INGRESS,
  31                           NFPROTO_NETDEV, skb->dev, NULL, NULL,
  32                           dev_net(skb->dev), NULL);
  33        ret = nf_hook_slow(skb, &state, e);
  34        if (ret == 0)
  35                return -1;
  36
  37        return ret;
  38}
  39
  40static inline void nf_hook_ingress_init(struct net_device *dev)
  41{
  42        RCU_INIT_POINTER(dev->nf_hooks_ingress, NULL);
  43}
  44#else /* CONFIG_NETFILTER_INGRESS */
  45static inline int nf_hook_ingress_active(struct sk_buff *skb)
  46{
  47        return 0;
  48}
  49
  50static inline int nf_hook_ingress(struct sk_buff *skb)
  51{
  52        return 0;
  53}
  54
  55static inline void nf_hook_ingress_init(struct net_device *dev) {}
  56#endif /* CONFIG_NETFILTER_INGRESS */
  57#endif /* _NETFILTER_INGRESS_H_ */
  58