LXR linux/include/linux/netfilter

   1/* SPDX-License-Identifier: GPL-2.0 */
   2#ifndef _NETFILTER_INGRESS_H_
   3#define _NETFILTER_INGRESS_H_
   4
   5#include <linux/netfilter.h>
   6#include <linux/netdevice.h>
   7
   8#ifdef CONFIG_NETFILTER_INGRESS
   9static inline bool nf_hook_ingress_active(const struct sk_buff *skb)
  10{
  11#ifdef CONFIG_JUMP_LABEL
  12        if (!static_key_false(&nf_hooks_needed[NFPROTO_NETDEV][NF_NETDEV_INGRESS]))
  13                return false;
  14#endif
  15        return rcu_access_pointer(skb->dev->nf_hooks_ingress);
  16}
  17
  18/* caller must hold rcu_read_lock */
  19static inline int nf_hook_ingress(struct sk_buff *skb)
  20{
  21        struct nf_hook_entries *e = rcu_dereference(skb->dev->nf_hooks_ingress);
  22        struct nf_hook_state state;
  23        int ret;
  24
  25        /* Must recheck the ingress hook head, in the event it became NULL
  26         * after the check in nf_hook_ingress_active evaluated to true.
  27         */
  28        if (unlikely(!e))
  29                return 0;
  30
  31        nf_hook_state_init(&state, NF_NETDEV_INGRESS,
  32                           NFPROTO_NETDEV, skb->dev, NULL, NULL,
  33                           dev_net(skb->dev), NULL);
  34        ret = nf_hook_slow(skb, &state, e, 0);
  35        if (ret == 0)
  36                return -1;
  37
  38        return ret;
  39}
  40
  41static inline void nf_hook_ingress_init(struct net_device *dev)
  42{
  43        RCU_INIT_POINTER(dev->nf_hooks_ingress, NULL);
  44}
  45#else /* CONFIG_NETFILTER_INGRESS */
  46static inline int nf_hook_ingress_active(struct sk_buff *skb)
  47{
  48        return 0;
  49}
  50
  51static inline int nf_hook_ingress(struct sk_buff *skb)
  52{
  53        return 0;
  54}
  55
  56static inline void nf_hook_ingress_init(struct net_device *dev) {}
  57#endif /* CONFIG_NETFILTER_INGRESS */
  58#endif /* _NETFILTER_INGRESS_H_ */
  59