netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6 (2a7851bf) · Commits · 戴 / test

include/linux/netfilter_ipv6.h

+16 −0

Original line number	Diff line number	Diff line
		@@ -17,6 +17,22 @@ extern __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,

		extern int ipv6_netfilter_init(void);
		extern void ipv6_netfilter_fini(void);

		/*
		* Hook functions for ipv6 to allow xt_* modules to be built-in even
		* if IPv6 is a module.
		*/
		struct nf_ipv6_ops {
		int (chk_addr)(struct net net, const struct in6_addr *addr,
		const struct net_device *dev, int strict);
		};

		extern const struct nf_ipv6_ops __rcu *nf_ipv6_ops;
		static inline const struct nf_ipv6_ops *nf_get_ipv6_ops(void)
		{
		return rcu_dereference(nf_ipv6_ops);
		}

		#else /* CONFIG_NETFILTER */
		static inline int ipv6_netfilter_init(void) { return 0; }
		static inline void ipv6_netfilter_fini(void) { return; }

+1 −1

Original line number	Diff line number	Diff line
		@@ -65,7 +65,7 @@ extern int addrconf_set_dstaddr(struct net *net,

		extern int ipv6_chk_addr(struct net *net,
		const struct in6_addr *addr,
		struct net_device *dev,
		const struct net_device *dev,
		int strict);

		#if defined(CONFIG_IPV6_MIP6) \|\| defined(CONFIG_IPV6_MIP6_MODULE)

+1 −1

Original line number	Diff line number	Diff line
		@@ -1487,7 +1487,7 @@ static int ipv6_count_addresses(struct inet6_dev *idev)
		}

		int ipv6_chk_addr(struct net net, const struct in6_addr addr,
		struct net_device *dev, int strict)
		const struct net_device *dev, int strict)
		{
		struct inet6_ifaddr *ifp;
		unsigned int hash = inet6_addr_hash(addr);

+7 −0

Original line number	Diff line number	Diff line
		@@ -10,6 +10,7 @@
		#include <linux/netfilter.h>
		#include <linux/netfilter_ipv6.h>
		#include <linux/export.h>
		#include <net/addrconf.h>
		#include <net/dst.h>
		#include <net/ipv6.h>
		#include <net/ip6_route.h>
		@@ -186,6 +187,10 @@ static __sum16 nf_ip6_checksum_partial(struct sk_buff *skb, unsigned int hook,
		return csum;
		};

		static const struct nf_ipv6_ops ipv6ops = {
		.chk_addr = ipv6_chk_addr,
		};

		static const struct nf_afinfo nf_ip6_afinfo = {
		.family = AF_INET6,
		.checksum = nf_ip6_checksum,
		@@ -198,6 +203,7 @@ static const struct nf_afinfo nf_ip6_afinfo = {

		int __init ipv6_netfilter_init(void)
		{
		RCU_INIT_POINTER(nf_ipv6_ops, &ipv6ops);
		return nf_register_afinfo(&nf_ip6_afinfo);
		}

		@@ -206,5 +212,6 @@ int __init ipv6_netfilter_init(void)
		*/
		void ipv6_netfilter_fini(void)
		{
		RCU_INIT_POINTER(nf_ipv6_ops, NULL);
		nf_unregister_afinfo(&nf_ip6_afinfo);
		}

+2 −0

Original line number	Diff line number	Diff line
		@@ -30,6 +30,8 @@ static DEFINE_MUTEX(afinfo_mutex);

		const struct nf_afinfo __rcu *nf_afinfo[NFPROTO_NUMPROTO] __read_mostly;
		EXPORT_SYMBOL(nf_afinfo);
		const struct nf_ipv6_ops __rcu *nf_ipv6_ops __read_mostly;
		EXPORT_SYMBOL_GPL(nf_ipv6_ops);

		int nf_register_afinfo(const struct nf_afinfo *afinfo)
		{