Name: Remove nfdebug from skb Status: Compiles Signed-off-by: Rusty Russell Use skb_extend for netfilter debug tracking. Index: linux-2.6.10-rc2-bk7-Netfilter/include/linux/skbuff.h =================================================================== --- linux-2.6.10-rc2-bk7-Netfilter.orig/include/linux/skbuff.h 2004-11-23 22:20:09.000000000 +1100 +++ linux-2.6.10-rc2-bk7-Netfilter/include/linux/skbuff.h 2004-11-24 09:31:43.750928272 +1100 @@ -1151,18 +1151,22 @@ void skb_drop_exts(struct sk_buff *skb); struct skb_extend *skb_copy_exts(const struct sk_buff *skb, int gfp_mask); -static inline void nf_reset(struct sk_buff *skb) +static inline void nf_reset_debug(struct sk_buff *skb) { - skb_drop_exts(skb); #ifdef CONFIG_NETFILTER_DEBUG - skb->nf_debug = 0; + extern __u8 nf_debug_type; + struct skb_extend *e = skb_find_ext(skb, nf_debug_type); + if (e) { + skb_unlink_ext(skb, e); + e->delete(skb, e); + } #endif } -static inline void nf_reset_debug(struct sk_buff *skb) + +static inline void nf_reset(struct sk_buff *skb) { -#ifdef CONFIG_NETFILTER_DEBUG - skb->nf_debug = 0; -#endif + skb_drop_exts(skb); + nf_reset_debug(skb); } #ifdef CONFIG_BRIDGE_NETFILTER Index: linux-2.6.10-rc2-bk7-Netfilter/net/core/netfilter.c =================================================================== --- linux-2.6.10-rc2-bk7-Netfilter.orig/net/core/netfilter.c 2004-11-23 22:20:09.000000000 +1100 +++ linux-2.6.10-rc2-bk7-Netfilter/net/core/netfilter.c 2004-11-24 09:30:01.317500520 +1100 @@ -146,6 +146,34 @@ #include #include +struct nf_debug_extend +{ + struct skb_extend ext; + unsigned int debug; +}; + +static struct skb_extend_type nf_debug_ext_type = { + .size = sizeof(struct nf_debug_extend); +}; + +__u8 nf_debug_type; + +static int nf_debug_init(void) +{ + nf_debug_type = register_skb_extend_type(&nf_debug_ext_type); + return 0; +} + +static struct nf_debug_extend *get_nf_debug(struct sk_buff *skb) +{ + struct skb_extend *ext; + + ext = skb_find_ext(skb, nf_debug_type); + if (ext) + return container_of(ext, struct nf_debug_extend, ext); + return NULL; +} + static void debug_print_hooks_ip(unsigned int nf_debug) { if (nf_debug & (1 << NF_IP_PRE_ROUTING)) { @@ -211,28 +239,32 @@ void nf_debug_ip_local_deliver(struct sk_buff *skb) { + struct nf_debug_extend *ext = get_nf_debug(skb); + /* If it's a loopback packet, it must have come through * NF_IP_LOCAL_OUT, NF_IP_RAW_INPUT, NF_IP_PRE_ROUTING and * NF_IP_LOCAL_IN. Otherwise, must have gone through * NF_IP_RAW_INPUT and NF_IP_PRE_ROUTING. */ if (!skb->dev) { printk("ip_local_deliver: skb->dev is NULL.\n"); + } else if (!ext) { + printk("ip_local_deliver: nf_debug is NULL.\n"); } else if (strcmp(skb->dev->name, "lo") == 0) { - if (skb->nf_debug != ((1 << NF_IP_LOCAL_OUT) + if (ext->debug != ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING) | (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN))) { printk("ip_local_deliver: bad loopback skb: "); - debug_print_hooks_ip(skb->nf_debug); + debug_print_hooks_ip(ext->debug); nf_dump_skb(PF_INET, skb); } } else { - if (skb->nf_debug != ((1<debug != ((1<nf_debug); + debug_print_hooks_ip(ext->debug); nf_dump_skb(PF_INET, skb); } } @@ -240,43 +272,58 @@ void nf_debug_ip_loopback_xmit(struct sk_buff *newskb) { - if (newskb->nf_debug != ((1 << NF_IP_LOCAL_OUT) + struct nf_debug_extend *ext = get_nf_debug(skb); + + if (!ext) { + printk("ip_dev_loopback_xmit: skb = %p NULL nf_debug\n", + newskb); + return; + } + if (ext->debug != ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING))) { printk("ip_dev_loopback_xmit: bad owned skb = %p: ", newskb); - debug_print_hooks_ip(newskb->nf_debug); + debug_print_hooks_ip(ext->debug); nf_dump_skb(PF_INET, newskb); } /* Clear to avoid confusing input check */ - newskb->nf_debug = 0; + ext->debug = 0; } void nf_debug_ip_finish_output2(struct sk_buff *skb) { + struct nf_debug_extend *ext = get_nf_debug(skb); + + if (!ext) { + printk("ip_finish_output: skb %p NULL nf_debug\n", + skb); + return; + } + /* If it's owned, it must have gone through the * NF_IP_LOCAL_OUT and NF_IP_POST_ROUTING. * Otherwise, must have gone through * NF_IP_PRE_ROUTING, NF_IP_FORWARD and NF_IP_POST_ROUTING. */ if (skb->sk) { - if (skb->nf_debug != ((1 << NF_IP_LOCAL_OUT) + if (ext->debug != ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING))) { printk("ip_finish_output: bad owned skb = %p: ", skb); - debug_print_hooks_ip(skb->nf_debug); + debug_print_hooks_ip(ext->debug); nf_dump_skb(PF_INET, skb); } } else { - if (skb->nf_debug != ((1 << NF_IP_PRE_ROUTING) + if (ext->debug != ((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_FORWARD) | (1 << NF_IP_POST_ROUTING))) { /* Fragments, entunnelled packets, TCP RSTs generated by ipt_REJECT will have no owners, but still may be local */ - if (skb->nf_debug != ((1 << NF_IP_LOCAL_OUT) + if (ext->debug != ((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING))){ printk("ip_finish_output:" " bad unowned skb = %p: ",skb); - debug_print_hooks_ip(skb->nf_debug); + debug_print_hooks_ip(ext->debug); nf_dump_skb(PF_INET, skb); } } @@ -508,11 +555,20 @@ rcu_read_lock(); #ifdef CONFIG_NETFILTER_DEBUG - if (skb->nf_debug & (1 << hook)) { - printk("nf_hook: hook %i already set.\n", hook); - nf_dump_skb(pf, skb); + { + struct nf_debug_extend *ext = get_nf_debug(skb); + + if (!ext) { + ext = kmalloc(sizeof(*ext), GFP_ATOMIC); + if (!ext) + return NF_DROP; + } + if (ext->debug & (1 << hook)) { + printk("nf_hook: hook %i already set.\n", hook); + nf_dump_skb(pf, skb); + } + ext->debug |= (1 << hook); } - skb->nf_debug |= (1 << hook); #endif elem = &nf_hooks[pf][hook];