On Tue, Feb 20, 2018 at 03:49:50PM +0100, Felix Fietkau wrote:
> -unsigned int
> -nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb,
> - const struct nf_hook_state *state)
> -{
> - struct flow_offload_tuple_rhash *tuplehash;
> - struct nf_flowtable *flow_table = priv;
> - struct flow_offload_tuple tuple = {};
> - enum flow_offload_tuple_dir dir;
> - struct flow_offload *flow;
> - struct net_device *outdev;
> - struct in6_addr *nexthop;
> - struct ipv6hdr *ip6h;
> - struct rt6_info *rt;
> -
> - if (skb->protocol != htons(ETH_P_IPV6))
> - return NF_ACCEPT;
> -
> - if (nf_flow_tuple_ipv6(skb, state->in, &tuple) < 0)
> - return NF_ACCEPT;
> -
> - tuplehash = flow_offload_lookup(flow_table, &tuple);
> - if (tuplehash == NULL)
> - return NF_ACCEPT;
> -
> - outdev = dev_get_by_index_rcu(state->net, tuplehash->tuple.oifidx);
> - if (!outdev)
> - return NF_ACCEPT;
> -
> - dir = tuplehash->tuple.dir;
> - flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
> - rt = (struct rt6_info *)flow->tuplehash[dir].tuple.dst_cache;
> -
> - if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu)))
> - return NF_ACCEPT;
> -
> - if (skb_try_make_writable(skb, sizeof(*ip6h)))
> - return NF_DROP;
> -
> - if (flow->flags & (FLOW_OFFLOAD_SNAT | FLOW_OFFLOAD_DNAT) &&
> - nf_flow_nat_ipv6(flow, skb, dir) < 0)
> - return NF_DROP;
> -
> - flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT;
> - ip6h = ipv6_hdr(skb);
> - ip6h->hop_limit--;
> -
> - skb->dev = outdev;
> - nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6);
> - neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb);
> -
> - return NF_STOLEN;
> -}
> -EXPORT_SYMBOL_GPL(nf_flow_offload_ipv6_hook);
Why do you need to move the hook function to this new core file?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
