msn: [email protected]
来源:http://yfydz.cublog.cn
8.7 ipt动作操作结构 ipt是借用了netfilter的目标操作, 根据netfilter的target结果作为是否接受还是丢弃数据包, 不过感觉意义不大, 因为这破坏了协议栈的分层处理, 要丢包的话直接在上层就丢了就算了。代码在net/sched/act_ipt.c中定义。 8.7.1 数据结构和动作操作结构 /* include/net/tc_act/tc_ipt.h */ // ipt动作结构 struct tcf_ipt { // 通用结构 struct tcf_common common; // hook点 u32 tcfi_hook; // target名称 char *tcfi_tname; // target指针 struct xt_entry_target *tcfi_t; }; #define to_ipt(pc) \ container_of(pc, struct tcf_ipt, common) /* net/sched/act_ipt.c */ static struct tcf_hashinfo ipt_hash_info = { .htab = tcf_ipt_ht, .hmask = IPT_TAB_MASK, .lock = &ipt_lock, }; // ipt动作操作结构 static struct tc_action_ops act_ipt_ops = { // 名称 .kind = "ipt", .hinfo = &ipt_hash_info, // 类型 .type = TCA_ACT_IPT, .capab = TCA_CAP_NONE, .owner = THIS_MODULE, .act = tcf_ipt, .dump = tcf_ipt_dump, .cleanup = tcf_ipt_cleanup, // 查找, 通用函数 .lookup = tcf_hash_search, .init = tcf_ipt_init, // 遍历, 通用函数 .walk = tcf_generic_walker }; 8.7.2 初始化 static int tcf_ipt_init(struct rtattr *rta, struct rtattr *est, struct tc_action *a, int ovr, int bind) { struct rtattr *tb[TCA_IPT_MAX]; struct tcf_ipt *ipt; struct tcf_common *pc; struct ipt_entry_target *td, *t; char *tname; int ret = 0, err; u32 hook = 0; u32 index = 0; // 解析输入参数 if (rta == NULL || rtattr_parse_nested(tb, TCA_IPT_MAX, rta) < 0) return -EINVAL; // 需要有hook参数 if (tb[TCA_IPT_HOOK-1] == NULL || RTA_PAYLOAD(tb[TCA_IPT_HOOK-1]) < sizeof(u32)) return -EINVAL; // 需要有target参数 if (tb[TCA_IPT_TARG-1] == NULL || RTA_PAYLOAD(tb[TCA_IPT_TARG-1]) < sizeof(*t)) return -EINVAL; // netfilter目标 td = (struct ipt_entry_target *)RTA_DATA(tb[TCA_IPT_TARG-1]); // 检查target参数大小是否合法 if (RTA_PAYLOAD(tb[TCA_IPT_TARG-1]) < td->u.target_size) return -EINVAL; // 索引号 if (tb[TCA_IPT_INDEX-1] != NULL && RTA_PAYLOAD(tb[TCA_IPT_INDEX-1]) >= sizeof(u32)) index = *(u32 *)RTA_DATA(tb[TCA_IPT_INDEX-1]); // 根据索引号查找common节点, 绑定到a节点(priv) pc = tcf_hash_check(index, a, bind, &ipt_hash_info); if (!pc) { // 如果为空, 创建新的common节点 pc = tcf_hash_create(index, est, a, sizeof(*ipt), bind, &ipt_idx_gen, &ipt_hash_info); if (unlikely(!pc)) return -ENOMEM; ret = ACT_P_CREATED; } else { // ovr是替代标志, 如果不是替代操作, 对象已经存在, 操作失败 if (!ovr) { // 释放 tcf_ipt_release(to_ipt(pc), bind); return -EEXIST; } } // ipt = to_ipt(pc); // hook点 hook = *(u32 *)RTA_DATA(tb[TCA_IPT_HOOK-1]); err = -ENOMEM; // 分配缓冲区保存目标名称 tname = kmalloc(IFNAMSIZ, GFP_KERNEL); if (unlikely(!tname)) goto err1; // 解析iptables表的名称, 缺省为mangle表 if (tb[TCA_IPT_TABLE - 1] == NULL || rtattr_strlcpy(tname, tb[TCA_IPT_TABLE-1], IFNAMSIZ) >= IFNAMSIZ) strcpy(tname, "mangle"); // 分配目标空间 t = kmalloc(td->u.target_size, GFP_KERNEL); if (unlikely(!t)) goto err2; // 复制目标结构相关参数 memcpy(t, td, td->u.target_size); // 初始化目标 if ((err = ipt_init_target(t, tname, hook)) < 0) goto err3; spin_lock_bh(&ipt->tcf_lock); if (ret != ACT_P_CREATED) { // 如果不是新建, 释放老节点参数 ipt_destroy_target(ipt->tcfi_t); kfree(ipt->tcfi_tname); kfree(ipt->tcfi_t); } // 参数赋值 ipt->tcfi_tname = tname; ipt->tcfi_t = t; ipt->tcfi_hook = hook; spin_unlock_bh(&ipt->tcf_lock); // 新建节点, 插入哈希表 if (ret == ACT_P_CREATED) tcf_hash_insert(pc, &ipt_hash_info); return ret; 错误处理, 释放各种动态分配的参数 err3: kfree(t); err2: kfree(tname); err1: kfree(pc); return err; } // 初始化目标 static int ipt_init_target(struct ipt_entry_target *t, char *table, unsigned int hook) { struct ipt_target *target; int ret = 0; // 根据名称查找target target = xt_find_target(AF_INET, t->u.user.name, t->u.user.revision); // 找不到则失败 if (!target) return -ENOENT; t->u.kernel.target = target; // target通用检查, 检查合适的大小, 表名, hook, 协议等信息 ret = xt_check_target(target, AF_INET, t->u.target_size - sizeof(*t), table, hook, 0, 0); if (ret) return ret; // 执行target自己的检查函数 if (t->u.kernel.target->checkentry && !t->u.kernel.target->checkentry(table, NULL, t->u.kernel.target, t->data, hook)) { module_put(t->u.kernel.target->me); ret = -EINVAL; } return ret; } 8.7.3 动作 static int tcf_ipt(struct sk_buff *skb, struct tc_action *a, struct tcf_result *res) { int ret = 0, result = 0; // 动作结构 struct tcf_ipt *ipt = a->priv; if (skb_cloned(skb)) { // 如果是克隆包, 重新分配数据空间形成一个独立的数据包 if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) return TC_ACT_UNSPEC; } spin_lock(&ipt->tcf_lock); // 统计参数更新 ipt->tcf_tm.lastuse = jiffies; ipt->tcf_bstats.bytes += skb->len; ipt->tcf_bstats.packets++; /* yes, we have to worry about both in and out dev worry later - danger - this API seems to have changed from earlier kernels */ /* iptables targets take a double skb pointer in case the skb * needs to be replaced. We don't own the skb, so this must not * happen. The pskb_expand_head above should make sure of this */ // 执行target函数 ret = ipt->tcfi_t->u.kernel.target->target(&skb, skb->dev, NULL, ipt->tcfi_hook, ipt->tcfi_t->u.kernel.target, ipt->tcfi_t->data); switch (ret) { case NF_ACCEPT: // 接受 result = TC_ACT_OK; break; case NF_DROP: // 拒绝 result = TC_ACT_SHOT; ipt->tcf_qstats.drops++; break; case IPT_CONTINUE: // 继续 result = TC_ACT_PIPE; break; default: // 缺省也是接受 if (net_ratelimit()) printk("Bogus netfilter code %d assume ACCEPT\n", ret); result = TC_POLICE_OK; break; } spin_unlock(&ipt->tcf_lock); return result; } 8.7.4 输出 static int tcf_ipt_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref) { // 数据包缓冲区位置 unsigned char *b = skb->tail; // ipt动作结构 struct tcf_ipt *ipt = a->priv; struct ipt_entry_target *t; struct tcf_t tm; struct tc_cnt c; /* for simple targets kernel size == user size ** user name = target name ** for foolproof you need to not assume this */ // 分配target结构, 只是用于中转处理 t = kmalloc(ipt->tcfi_t->u.user.target_size, GFP_ATOMIC); if (unlikely(!t)) goto rtattr_failure; // 统计值 c.bindcnt = ipt->tcf_bindcnt - bind; c.refcnt = ipt->tcf_refcnt - ref; // 拷贝target结构 memcpy(t, ipt->tcfi_t, ipt->tcfi_t->u.user.target_size); // 拷贝target名称 strcpy(t->u.user.name, ipt->tcfi_t->u.kernel.target->name); // target RTA_PUT(skb, TCA_IPT_TARG, ipt->tcfi_t->u.user.target_size, t); // 索引号 RTA_PUT(skb, TCA_IPT_INDEX, 4, &ipt->tcf_index); // hook点 RTA_PUT(skb, TCA_IPT_HOOK, 4, &ipt->tcfi_hook); // 统计值 RTA_PUT(skb, TCA_IPT_CNT, sizeof(struct tc_cnt), &c); // 网卡名称 RTA_PUT(skb, TCA_IPT_TABLE, IFNAMSIZ, ipt->tcfi_tname); // 时间参数 tm.install = jiffies_to_clock_t(jiffies - ipt->tcf_tm.install); tm.lastuse = jiffies_to_clock_t(jiffies - ipt->tcf_tm.lastuse); tm.expires = jiffies_to_clock_t(ipt->tcf_tm.expires); RTA_PUT(skb, TCA_IPT_TM, sizeof (tm), &tm); // 释放刚分配的target kfree(t); return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); kfree(t); return -1; } 8.7.5 清除 // 只是tcf_ipt_release的转换函数 static int tcf_ipt_cleanup(struct tc_action *a, int bind) { // ipt动作结构 struct tcf_ipt *ipt = a->priv; return tcf_ipt_release(ipt, bind); } // ipt释放操作 static int tcf_ipt_release(struct tcf_ipt *ipt, int bind) { int ret = 0; if (ipt) { // 减少绑定数 if (bind) ipt->tcf_bindcnt--; // 减少引用数 ipt->tcf_refcnt--; // 绑定数和引用数都为0后释放ipt动作结构 if (ipt->tcf_bindcnt <= 0 && ipt->tcf_refcnt <= 0) { // 释放目标 ipt_destroy_target(ipt->tcfi_t); // 释放target名称 kfree(ipt->tcfi_tname); // 释放target空间 kfree(ipt->tcfi_t); // 释放动作结构节点 tcf_hash_destroy(&ipt->common, &ipt_hash_info); ret = ACT_P_DELETED; } } return ret; } static void ipt_destroy_target(struct ipt_entry_target *t) { // 调用target的destroy函数, 其实有此成员函数的target不多 if (t->u.kernel.target->destroy) t->u.kernel.target->destroy(t->u.kernel.target, t->data); // 减少module计数 module_put(t->u.kernel.target->me); } 8.8 gact(Generic actions) gact定义一个通用的TC动作处理结果方法, 代码在net/sched/act_gact.c中定义. 8.8.1 数据结构和动作操作结构 /* include/net/tc_act/tc_gact.h */ // GACT动作结构 struct tcf_gact { struct tcf_common common; #ifdef CONFIG_GACT_PROB u16 tcfg_ptype; u16 tcfg_pval; int tcfg_paction; #endif }; #define to_gact(pc) \ container_of(pc, struct tcf_gact, common) /* include/linux/tc_act/tc_gact.h */ #define TCA_ACT_GACT 5 struct tc_gact { // TC通用数据 tc_gen; }; #define tc_gen \ __u32 index; \ __u32 capab; \ int action; \ int refcnt; \ int bindcnt struct tc_gact_p { #define PGACT_NONE 0 #define PGACT_NETRAND 1 #define PGACT_DETERM 2 #define MAX_RAND (PGACT_DETERM + 1 ) __u16 ptype; __u16 pval; int paction; }; /* net/sched/act_gact.c */ // GACT哈希表信息结构 static struct tcf_hashinfo gact_hash_info = { .htab = tcf_gact_ht, .hmask = GACT_TAB_MASK, .lock = &gact_lock, }; // gact动作操作结构 static struct tc_action_ops act_gact_ops = { .kind = "gact", // 哈希表信息 .hinfo = &gact_hash_info, .type = TCA_ACT_GACT, .capab = TCA_CAP_NONE, .owner = THIS_MODULE, .act = tcf_gact, .dump = tcf_gact_dump, .cleanup = tcf_gact_cleanup, // 通用函数 .lookup = tcf_hash_search, .init = tcf_gact_init, // 通用函数 .walk = tcf_generic_walker }; 8.8.2 初始化 static int tcf_gact_init(struct rtattr *rta, struct rtattr *est, struct tc_action *a, int ovr, int bind) { struct rtattr *tb[TCA_GACT_MAX]; struct tc_gact *parm; struct tcf_gact *gact; struct tcf_common *pc; int ret = 0; // 解析输入参数, 结果保存到tb数组, 失败则返回 if (rta == NULL || rtattr_parse_nested(tb, TCA_GACT_MAX, rta) < 0) return -EINVAL; // 解析参数 if (tb[TCA_GACT_PARMS - 1] == NULL || RTA_PAYLOAD(tb[TCA_GACT_PARMS - 1]) < sizeof(*parm)) return -EINVAL; parm = RTA_DATA(tb[TCA_GACT_PARMS - 1]); // PROB参数 if (tb[TCA_GACT_PROB-1] != NULL) #ifdef CONFIG_GACT_PROB if (RTA_PAYLOAD(tb[TCA_GACT_PROB-1]) < sizeof(struct tc_gact_p)) return -EINVAL; #else return -EOPNOTSUPP; #endif // 根据索引号查找common结构 pc = tcf_hash_check(parm->index, a, bind, &gact_hash_info); if (!pc) { // 没找到的话新建一个 pc = tcf_hash_create(parm->index, est, a, sizeof(*gact), bind, &gact_idx_gen, &gact_hash_info); if (unlikely(!pc)) return -ENOMEM; ret = ACT_P_CREATED; } else { // 找到的话检查是否是替代操作, 否则失败, 对象已经存在 if (!ovr) { tcf_hash_release(pc, bind, &gact_hash_info); return -EEXIST; } } // 获取GACT结构指针 gact = to_gact(pc); spin_lock_bh(&gact->tcf_lock); // 填写GACT结构参数 // 动作结果 gact->tcf_action = parm->action; #ifdef CONFIG_GACT_PROB if (tb[TCA_GACT_PROB-1] != NULL) { struct tc_gact_p *p_parm = RTA_DATA(tb[TCA_GACT_PROB-1]); gact->tcfg_paction = p_parm->paction; gact->tcfg_pval = p_parm->pval; gact->tcfg_ptype = p_parm->ptype; } #endif spin_unlock_bh(&gact->tcf_lock); // 如果是新建节点, 插入哈希表 if (ret == ACT_P_CREATED) tcf_hash_insert(pc, &gact_hash_info); return ret; } 8.8.3 动作 static int tcf_gact(struct sk_buff *skb, struct tc_action *a, struct tcf_result *res) { // GACT动作结构为a的私有数据 struct tcf_gact *gact = a->priv; // 缺省动作是拒绝 int action = TC_ACT_SHOT; spin_lock(&gact->tcf_lock); #ifdef CONFIG_GACT_PROB // 如果定义了GACT_PROB内核选项 // gact_rand是一个动作函数指针数组, 对应一些动作函数, 会有些随机因素在里面 if (gact->tcfg_ptype && gact_rand[gact->tcfg_ptype] != NULL) action = gact_rand[gact->tcfg_ptype](gact); else action = gact->tcf_action; #else // 否则就直接是TC规则中定义的动作类型 action = gact->tcf_action; #endif // 统计数更新 gact->tcf_bstats.bytes += skb->len; gact->tcf_bstats.packets++; // 如果是丢包, 增加丢包数 if (action == TC_ACT_SHOT) gact->tcf_qstats.drops++; // 结构上次使用时间 gact->tcf_tm.lastuse = jiffies; spin_unlock(&gact->tcf_lock); return action; } 其中gact_rand数组定义如下: typedef int (*g_rand)(struct tcf_gact *gact); static g_rand gact_rand[MAX_RAND]= { NULL, gact_net_rand, gact_determ }; // 随机动作 static int gact_net_rand(struct tcf_gact *gact) { // pval作为一个随机处理因素, 在非0情况下会有一定随机性选择tcfg_paction动作, // 其他情况下选择tcfg_action if (!gact->tcfg_pval || net_random() % gact->tcfg_pval) return gact->tcf_action; return gact->tcfg_paction; } // 确定性动作 static int gact_determ(struct tcf_gact *gact) { // pval作为一个处理因素, 在非0情况下会有一定根据当前统计数选择tcfg_paction动作, // 其他情况下选择tcfg_action if (!gact->tcfg_pval || gact->tcf_bstats.packets % gact->tcfg_pval) return gact->tcf_action; return gact->tcfg_paction; } 8.8.4 输出 static int tcf_gact_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref) { // 数据包缓冲区起始位置 unsigned char *b = skb->tail; // GACT选项结构 struct tc_gact opt; // GACT动作结构 struct tcf_gact *gact = a->priv; // 时间参数 struct tcf_t t; // 填充GACT选项参数 opt.index = gact->tcf_index; opt.refcnt = gact->tcf_refcnt - ref; opt.bindcnt = gact->tcf_bindcnt - bind; opt.action = gact->tcf_action; // 将选项参数拷贝到skb缓冲区 RTA_PUT(skb, TCA_GACT_PARMS, sizeof(opt), &opt); #ifdef CONFIG_GACT_PROB // 填充GACT_PROB情况下相关数据 if (gact->tcfg_ptype) { struct tc_gact_p p_opt; p_opt.paction = gact->tcfg_paction; p_opt.pval = gact->tcfg_pval; p_opt.ptype = gact->tcfg_ptype; RTA_PUT(skb, TCA_GACT_PROB, sizeof(p_opt), &p_opt); } #endif // 填写时间 t.install = jiffies_to_clock_t(jiffies - gact->tcf_tm.install); t.lastuse = jiffies_to_clock_t(jiffies - gact->tcf_tm.lastuse); t.expires = jiffies_to_clock_t(gact->tcf_tm.expires); // 拷贝到skb缓冲区 RTA_PUT(skb, TCA_GACT_TM, sizeof(t), &t); // 返回当前数据长度, 注意这里都没有计算netlink信息长度参数 return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); return -1; } 8.8.5 清除 // 只是相当于tcf_hash_release的包裹函数 static int tcf_gact_cleanup(struct tc_action *a, int bind) { struct tcf_gact *gact = a->priv; if (gact) return tcf_hash_release(&gact->common, bind, &gact_hash_info); return 0; } 8.9 simple simple定义一个简单的TC动作处理结果方法实例, 代码在net/sched/act_simple.c中定义. 8.9.1 数据结构和动作操作结构 /* net/sched/act_simple.c */ // simple哈希表信息结构 static struct tcf_hashinfo simp_hash_info = { .htab = tcf_simp_ht, .hmask = SIMP_TAB_MASK, .lock = &simp_lock, }; // simple动作操作结构 // 没有lookup函数 static struct tc_action_ops act_simp_ops = { .kind = "simple", .hinfo = &simp_hash_info, .type = TCA_ACT_SIMP, .capab = TCA_CAP_NONE, .owner = THIS_MODULE, .act = tcf_simp, .dump = tcf_simp_dump, .cleanup = tcf_simp_cleanup, .init = tcf_simp_init, // 通用函数 .walk = tcf_generic_walker, }; 8.9.2 初始化 static int tcf_simp_init(struct rtattr *rta, struct rtattr *est, struct tc_action *a, int ovr, int bind) { struct rtattr *tb[TCA_DEF_MAX]; // 缺省动作结构, simple由于很简单, 没定义自己的动作结构, 直接用缺省的 struct tc_defact *parm; struct tcf_defact *d; struct tcf_common *pc; void *defdata; u32 datalen = 0; int ret = 0; // 解析输入参数, 结果保存到tb数组, 失败则返回 if (rta == NULL || rtattr_parse_nested(tb, TCA_DEF_MAX, rta) < 0) return -EINVAL; // 解析参数 if (tb[TCA_DEF_PARMS - 1] == NULL || RTA_PAYLOAD(tb[TCA_DEF_PARMS - 1]) < sizeof(*parm)) return -EINVAL; // 参数指针 parm = RTA_DATA(tb[TCA_DEF_PARMS - 1]); defdata = RTA_DATA(tb[TCA_DEF_DATA - 1]); if (defdata == NULL) return -EINVAL; // 数据长度 datalen = RTA_PAYLOAD(tb[TCA_DEF_DATA - 1]); if (datalen <= 0) return -EINVAL; // 根据索引号查找common结构 pc = tcf_hash_check(parm->index, a, bind, &simp_hash_info); if (!pc) { // 没找到的话新建一个 pc = tcf_hash_create(parm->index, est, a, sizeof(*d), bind, &simp_idx_gen, &simp_hash_info); if (unlikely(!pc)) return -ENOMEM; d = to_defact(pc); // 分配缺省数据, 复制defdata参数 ret = alloc_defdata(d, datalen, defdata); if (ret < 0) { kfree(pc); return ret; } // 新建标志 ret = ACT_P_CREATED; } else { // 转换为缺省动作结构 d = to_defact(pc); // 找到的话检查是否是替代操作, 否则失败, 对象已经存在 if (!ovr) { // 释放simple动作结构 tcf_simp_release(d, bind); return -EEXIST; } // 是替代操作, 进行重新分配结构操作 realloc_defdata(d, datalen, defdata); } spin_lock_bh(&d->tcf_lock); // 设置动作 d->tcf_action = parm->action; spin_unlock_bh(&d->tcf_lock); // 如果是新建节点, 插入哈希表 if (ret == ACT_P_CREATED) tcf_hash_insert(pc, &simp_hash_info); return ret; } // 分配缺省数据 static int alloc_defdata(struct tcf_defact *d, u32 datalen, void *defdata) { // 分配空间 d->tcfd_defdata = kmalloc(datalen, GFP_KERNEL); if (unlikely(!d->tcfd_defdata)) return -ENOMEM; // 设置数据长度 d->tcfd_datalen = datalen; // 拷贝数据 memcpy(d->tcfd_defdata, defdata, datalen); return 0; } // 重新分配 static int realloc_defdata(struct tcf_defact *d, u32 datalen, void *defdata) { // 释放原来的defdata kfree(d->tcfd_defdata); // 重新分配新的defdata return alloc_defdata(d, datalen, defdata); } 8.9.3 动作 static int tcf_simp(struct sk_buff *skb, struct tc_action *a, struct tcf_result *res) { // simple只是用缺省动作结构, 为a的私有数据 struct tcf_defact *d = a->priv; spin_lock(&d->tcf_lock); // 更新结构时间参数 d->tcf_tm.lastuse = jiffies; // 更新数据包统计值 d->tcf_bstats.bytes += skb->len; d->tcf_bstats.packets++; /* print policy string followed by _ then packet count * Example if this was the 3rd packet and the string was "hello" * then it would look like "hello_3" (without quotes) **/ printk("simple: %s_%d\n", (char *)d->tcfd_defdata, d->tcf_bstats.packets); spin_unlock(&d->tcf_lock); // 返回动作结果 return d->tcf_action; } 8.9.4 输出 static inline int tcf_simp_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref) { unsigned char *b = skb->tail; struct tcf_defact *d = a->priv; struct tc_defact opt; struct tcf_t t; // 填写基本选项参数 // 索引号 opt.index = d->tcf_index; // 引用数 opt.refcnt = d->tcf_refcnt - ref; // 绑定数 opt.bindcnt = d->tcf_bindcnt - bind; // 动作 opt.action = d->tcf_action; RTA_PUT(skb, TCA_DEF_PARMS, sizeof(opt), &opt); // 拷贝defdata RTA_PUT(skb, TCA_DEF_DATA, d->tcfd_datalen, d->tcfd_defdata); // 填写时间参数 // 建立时间 t.install = jiffies_to_clock_t(jiffies - d->tcf_tm.install); // 上次使用时间 t.lastuse = jiffies_to_clock_t(jiffies - d->tcf_tm.lastuse); // 到期时间 t.expires = jiffies_to_clock_t(d->tcf_tm.expires); RTA_PUT(skb, TCA_DEF_TM, sizeof(t), &t); return skb->len; rtattr_failure: skb_trim(skb, b - skb->data); return -1; } 8.9.5 清除 // 就是tcf_simp_release的包裹函数 static inline int tcf_simp_cleanup(struct tc_action *a, int bind) { struct tcf_defact *d = a->priv; if (d) return tcf_simp_release(d, bind); return 0; } // 释放simple动作结构 static int tcf_simp_release(struct tcf_defact *d, int bind) { int ret = 0; if (d) { // 减少绑定数 if (bind) d->tcf_bindcnt--; // 减少引用数 d->tcf_refcnt--; // 绑定数和引用数都到0 if (d->tcf_bindcnt <= 0 && d->tcf_refcnt <= 0) { // 释放defdata的缓冲区 kfree(d->tcfd_defdata); // 释放节点 tcf_hash_destroy(&d->common, &simp_hash_info); ret = 1; } } return ret; } ...... 待续 ......