On Fri, May 29, 2020 at 01:03:28PM +0200, Laura Garcia Liebana wrote:
[...]
> diff --git a/net/ipv4/netfilter/nf_reject_ipv4.c b/net/ipv4/netfilter/nf_reject_ipv4.c
> index 2361fdac2c43..b5b7633d9433 100644
> --- a/net/ipv4/netfilter/nf_reject_ipv4.c
> +++ b/net/ipv4/netfilter/nf_reject_ipv4.c
> @@ -96,6 +96,22 @@ void nf_reject_ip_tcphdr_put(struct sk_buff *nskb, const struct sk_buff *oldskb,
> }
> EXPORT_SYMBOL_GPL(nf_reject_ip_tcphdr_put);
>
> +static int nf_reject_fill_skb_dst(struct sk_buff *skb_in)
> +{
> + struct dst_entry *dst = NULL;
> + struct flowi fl;
> + struct flowi4 *fl4 = &fl.u.ip4;
> +
> + memset(fl4, 0, sizeof(*fl4));
> + fl4->daddr = ip_hdr(skb_in)->saddr;
> + nf_route(dev_net(skb_in->dev), &dst, &fl, false, AF_INET);
> + if (!dst)
> + return -1;
> +
> + skb_dst_set(skb_in, dst);
> + return 0;
> +}
Probably slightly simplify this? I'd suggest:
* make calls to nf_ip_route() and nf_ip6_route() instead of the nf_route()
wrapper.
* use flowi structure, no need to add struct flowi4 ? Probably:
static int nf_reject_fill_skb_dst(struct sk_buff *skb_in)
{
struct dst_entry *dst = NULL;
struct flowi fl;
memset(fl, 0, sizeof(*fl));
fl.u.ip4 = ip_hdr(skb_in)->saddr;
nf_ip_route(dev_net(skb_in->dev), &dst, &fl, false);
if (!dst)
return -1;
skb_dst_set(skb_in, dst);
return 0;
}
Another possibility would be to use C99 structure initialization. But
I think the code above should be fine.
Thanks.
