On Tue, Feb 20, 2018 at 03:49:50PM +0100, Felix Fietkau wrote: > -unsigned int > -nf_flow_offload_ipv6_hook(void *priv, struct sk_buff *skb, > - const struct nf_hook_state *state) > -{ > - struct flow_offload_tuple_rhash *tuplehash; > - struct nf_flowtable *flow_table = priv; > - struct flow_offload_tuple tuple = {}; > - enum flow_offload_tuple_dir dir; > - struct flow_offload *flow; > - struct net_device *outdev; > - struct in6_addr *nexthop; > - struct ipv6hdr *ip6h; > - struct rt6_info *rt; > - > - if (skb->protocol != htons(ETH_P_IPV6)) > - return NF_ACCEPT; > - > - if (nf_flow_tuple_ipv6(skb, state->in, &tuple) < 0) > - return NF_ACCEPT; > - > - tuplehash = flow_offload_lookup(flow_table, &tuple); > - if (tuplehash == NULL) > - return NF_ACCEPT; > - > - outdev = dev_get_by_index_rcu(state->net, tuplehash->tuple.oifidx); > - if (!outdev) > - return NF_ACCEPT; > - > - dir = tuplehash->tuple.dir; > - flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]); > - rt = (struct rt6_info *)flow->tuplehash[dir].tuple.dst_cache; > - > - if (unlikely(nf_flow_exceeds_mtu(skb, flow->tuplehash[dir].tuple.mtu))) > - return NF_ACCEPT; > - > - if (skb_try_make_writable(skb, sizeof(*ip6h))) > - return NF_DROP; > - > - if (flow->flags & (FLOW_OFFLOAD_SNAT | FLOW_OFFLOAD_DNAT) && > - nf_flow_nat_ipv6(flow, skb, dir) < 0) > - return NF_DROP; > - > - flow->timeout = (u32)jiffies + NF_FLOW_TIMEOUT; > - ip6h = ipv6_hdr(skb); > - ip6h->hop_limit--; > - > - skb->dev = outdev; > - nexthop = rt6_nexthop(rt, &flow->tuplehash[!dir].tuple.src_v6); > - neigh_xmit(NEIGH_ND_TABLE, outdev, nexthop, skb); > - > - return NF_STOLEN; > -} > -EXPORT_SYMBOL_GPL(nf_flow_offload_ipv6_hook); Why do you need to move the hook function to this new core file? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html