netfilter: call nf_hook_state_init with rcu_read_lock held
This makes things simpler because we can store the head of the list in the nf_state structure without worrying about concurrent add/delete of hook elements from the list. A future commit will make use of this to implement a simpler linked-list. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Aaron Conole <aconole@bytheb.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal
Pablo Neira Ayuso
parent
c5136b15ea
commit
fe72926b79
2 changed files with 8 additions and 1 deletions
|
|
@ -174,10 +174,16 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
|
||||||
|
|
||||||
if (!list_empty(hook_list)) {
|
if (!list_empty(hook_list)) {
|
||||||
struct nf_hook_state state;
|
struct nf_hook_state state;
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
/* We may already have this, but read-locks nest anyway */
|
||||||
|
rcu_read_lock();
|
||||||
nf_hook_state_init(&state, hook_list, hook, thresh,
|
nf_hook_state_init(&state, hook_list, hook, thresh,
|
||||||
pf, indev, outdev, sk, net, okfn);
|
pf, indev, outdev, sk, net, okfn);
|
||||||
return nf_hook_slow(skb, &state);
|
|
||||||
|
ret = nf_hook_slow(skb, &state);
|
||||||
|
rcu_read_unlock();
|
||||||
|
return ret;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ static inline bool nf_hook_ingress_active(const struct sk_buff *skb)
|
||||||
return !list_empty(&skb->dev->nf_hooks_ingress);
|
return !list_empty(&skb->dev->nf_hooks_ingress);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* caller must hold rcu_read_lock */
|
||||||
static inline int nf_hook_ingress(struct sk_buff *skb)
|
static inline int nf_hook_ingress(struct sk_buff *skb)
|
||||||
{
|
{
|
||||||
struct nf_hook_state state;
|
struct nf_hook_state state;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue