diff options
| author | Daniel Borkmann <daniel@iogearbox.net> | 2015-08-08 21:40:01 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-08-11 12:29:01 +0200 |
| commit | 308ac9143ee2208f54d061eca54a89da509b5d92 (patch) | |
| tree | 25edc149b4a99d3edf58927e15c6881044d60ade /include/net/netfilter/nf_conntrack_zones.h | |
| parent | 3499abb249bb5ed9d21031944bc3059ec4aa2909 (diff) | |
netfilter: nf_conntrack: push zone object into functions
This patch replaces the zone id which is pushed down into functions
with the actual zone object. It's a bigger one-time change, but
needed for later on extending zones with a direction parameter, and
thus decoupling this additional information from all call-sites.
No functional changes in this patch.
The default zone becomes a global const object, namely nf_ct_zone_dflt
and will be returned directly in various cases, one being, when there's
f.e. no zoning support.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net/netfilter/nf_conntrack_zones.h')
| -rw-r--r-- | include/net/netfilter/nf_conntrack_zones.h | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/include/net/netfilter/nf_conntrack_zones.h b/include/net/netfilter/nf_conntrack_zones.h index 034efe8d45a5..0788bb0f267d 100644 --- a/include/net/netfilter/nf_conntrack_zones.h +++ b/include/net/netfilter/nf_conntrack_zones.h @@ -1,25 +1,38 @@ #ifndef _NF_CONNTRACK_ZONES_H #define _NF_CONNTRACK_ZONES_H -#define NF_CT_DEFAULT_ZONE 0 - -#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) -#include <net/netfilter/nf_conntrack_extend.h> +#define NF_CT_DEFAULT_ZONE_ID 0 struct nf_conntrack_zone { u16 id; }; -static inline u16 nf_ct_zone(const struct nf_conn *ct) +extern const struct nf_conntrack_zone nf_ct_zone_dflt; + +#if IS_ENABLED(CONFIG_NF_CONNTRACK) +#include <net/netfilter/nf_conntrack_extend.h> + +static inline const struct nf_conntrack_zone * +nf_ct_zone(const struct nf_conn *ct) { + const struct nf_conntrack_zone *nf_ct_zone = NULL; + #ifdef CONFIG_NF_CONNTRACK_ZONES - struct nf_conntrack_zone *nf_ct_zone; nf_ct_zone = nf_ct_ext_find(ct, NF_CT_EXT_ZONE); - if (nf_ct_zone) - return nf_ct_zone->id; #endif - return NF_CT_DEFAULT_ZONE; + return nf_ct_zone ? nf_ct_zone : &nf_ct_zone_dflt; } -#endif /* CONFIG_NF_CONNTRACK || CONFIG_NF_CONNTRACK_MODULE */ +static inline const struct nf_conntrack_zone * +nf_ct_zone_tmpl(const struct nf_conn *tmpl) +{ + return tmpl ? nf_ct_zone(tmpl) : &nf_ct_zone_dflt; +} + +static inline bool nf_ct_zone_equal(const struct nf_conn *a, + const struct nf_conntrack_zone *b) +{ + return nf_ct_zone(a)->id == b->id; +} +#endif /* IS_ENABLED(CONFIG_NF_CONNTRACK) */ #endif /* _NF_CONNTRACK_ZONES_H */ |