Commit 1cf51900 authored by Pablo Neira's avatar Pablo Neira Committed by David S. Miller

net: add CONFIG_NET_INGRESS to enable ingress filtering

This new config switch enables the ingress filtering infrastructure that is
controlled through the ingress_needed static key. This prepares the
introduction of the Netfilter ingress hook that resides under this unique
static key.

Note that CONFIG_SCH_INGRESS automatically selects this, that should be no
problem since this also depends on CONFIG_NET_CLS_ACT.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Acked-by: default avatarAlexei Starovoitov <ast@plumgrid.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b8d0aad0
...@@ -79,7 +79,7 @@ static inline struct netdev_queue *dev_ingress_queue(struct net_device *dev) ...@@ -79,7 +79,7 @@ static inline struct netdev_queue *dev_ingress_queue(struct net_device *dev)
struct netdev_queue *dev_ingress_queue_create(struct net_device *dev); struct netdev_queue *dev_ingress_queue_create(struct net_device *dev);
#ifdef CONFIG_NET_CLS_ACT #ifdef CONFIG_NET_INGRESS
void net_inc_ingress_queue(void); void net_inc_ingress_queue(void);
void net_dec_ingress_queue(void); void net_dec_ingress_queue(void);
#endif #endif
......
...@@ -45,6 +45,9 @@ config COMPAT_NETLINK_MESSAGES ...@@ -45,6 +45,9 @@ config COMPAT_NETLINK_MESSAGES
Newly written code should NEVER need this option but do Newly written code should NEVER need this option but do
compat-independent messages instead! compat-independent messages instead!
config NET_INGRESS
bool
menu "Networking options" menu "Networking options"
source "net/packet/Kconfig" source "net/packet/Kconfig"
......
...@@ -1630,7 +1630,7 @@ int call_netdevice_notifiers(unsigned long val, struct net_device *dev) ...@@ -1630,7 +1630,7 @@ int call_netdevice_notifiers(unsigned long val, struct net_device *dev)
} }
EXPORT_SYMBOL(call_netdevice_notifiers); EXPORT_SYMBOL(call_netdevice_notifiers);
#ifdef CONFIG_NET_CLS_ACT #ifdef CONFIG_NET_INGRESS
static struct static_key ingress_needed __read_mostly; static struct static_key ingress_needed __read_mostly;
void net_inc_ingress_queue(void) void net_inc_ingress_queue(void)
...@@ -3798,13 +3798,14 @@ static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc) ...@@ -3798,13 +3798,14 @@ static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc)
} }
skip_taps: skip_taps:
#ifdef CONFIG_NET_CLS_ACT #ifdef CONFIG_NET_INGRESS
if (static_key_false(&ingress_needed)) { if (static_key_false(&ingress_needed)) {
skb = handle_ing(skb, &pt_prev, &ret, orig_dev); skb = handle_ing(skb, &pt_prev, &ret, orig_dev);
if (!skb) if (!skb)
goto unlock; goto unlock;
} }
#endif
#ifdef CONFIG_NET_CLS_ACT
skb->tc_verd = 0; skb->tc_verd = 0;
ncls: ncls:
#endif #endif
......
...@@ -312,6 +312,7 @@ config NET_SCH_PIE ...@@ -312,6 +312,7 @@ config NET_SCH_PIE
config NET_SCH_INGRESS config NET_SCH_INGRESS
tristate "Ingress Qdisc" tristate "Ingress Qdisc"
depends on NET_CLS_ACT depends on NET_CLS_ACT
select NET_INGRESS
---help--- ---help---
Say Y here if you want to use classifiers for incoming packets. Say Y here if you want to use classifiers for incoming packets.
If unsure, say Y. If unsure, say Y.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment