net: add CONFIG_NET_INGRESS to enable ingress filtering
This new config switch enables the ingress filtering infrastructure that is controlled through the ingress_needed static key. This prepares the introduction of the Netfilter ingress hook that resides under this unique static key. Note that CONFIG_SCH_INGRESS automatically selects this, that should be no problem since this also depends on CONFIG_NET_CLS_ACT. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
b8d0aad0c7
commit
1cf51900f8
|
@ -79,7 +79,7 @@ static inline struct netdev_queue *dev_ingress_queue(struct net_device *dev)
|
||||||
|
|
||||||
struct netdev_queue *dev_ingress_queue_create(struct net_device *dev);
|
struct netdev_queue *dev_ingress_queue_create(struct net_device *dev);
|
||||||
|
|
||||||
#ifdef CONFIG_NET_CLS_ACT
|
#ifdef CONFIG_NET_INGRESS
|
||||||
void net_inc_ingress_queue(void);
|
void net_inc_ingress_queue(void);
|
||||||
void net_dec_ingress_queue(void);
|
void net_dec_ingress_queue(void);
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -45,6 +45,9 @@ config COMPAT_NETLINK_MESSAGES
|
||||||
Newly written code should NEVER need this option but do
|
Newly written code should NEVER need this option but do
|
||||||
compat-independent messages instead!
|
compat-independent messages instead!
|
||||||
|
|
||||||
|
config NET_INGRESS
|
||||||
|
bool
|
||||||
|
|
||||||
menu "Networking options"
|
menu "Networking options"
|
||||||
|
|
||||||
source "net/packet/Kconfig"
|
source "net/packet/Kconfig"
|
||||||
|
|
|
@ -1630,7 +1630,7 @@ int call_netdevice_notifiers(unsigned long val, struct net_device *dev)
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(call_netdevice_notifiers);
|
EXPORT_SYMBOL(call_netdevice_notifiers);
|
||||||
|
|
||||||
#ifdef CONFIG_NET_CLS_ACT
|
#ifdef CONFIG_NET_INGRESS
|
||||||
static struct static_key ingress_needed __read_mostly;
|
static struct static_key ingress_needed __read_mostly;
|
||||||
|
|
||||||
void net_inc_ingress_queue(void)
|
void net_inc_ingress_queue(void)
|
||||||
|
@ -3798,13 +3798,14 @@ another_round:
|
||||||
}
|
}
|
||||||
|
|
||||||
skip_taps:
|
skip_taps:
|
||||||
#ifdef CONFIG_NET_CLS_ACT
|
#ifdef CONFIG_NET_INGRESS
|
||||||
if (static_key_false(&ingress_needed)) {
|
if (static_key_false(&ingress_needed)) {
|
||||||
skb = handle_ing(skb, &pt_prev, &ret, orig_dev);
|
skb = handle_ing(skb, &pt_prev, &ret, orig_dev);
|
||||||
if (!skb)
|
if (!skb)
|
||||||
goto unlock;
|
goto unlock;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
#ifdef CONFIG_NET_CLS_ACT
|
||||||
skb->tc_verd = 0;
|
skb->tc_verd = 0;
|
||||||
ncls:
|
ncls:
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -312,6 +312,7 @@ config NET_SCH_PIE
|
||||||
config NET_SCH_INGRESS
|
config NET_SCH_INGRESS
|
||||||
tristate "Ingress Qdisc"
|
tristate "Ingress Qdisc"
|
||||||
depends on NET_CLS_ACT
|
depends on NET_CLS_ACT
|
||||||
|
select NET_INGRESS
|
||||||
---help---
|
---help---
|
||||||
Say Y here if you want to use classifiers for incoming packets.
|
Say Y here if you want to use classifiers for incoming packets.
|
||||||
If unsure, say Y.
|
If unsure, say Y.
|
||||||
|
|
Loading…
Reference in New Issue