netfilter: Pass priv instead of nf_hook_ops to netfilter hooks

Only pass the void *priv parameter out of the nf_hook_ops. That is all any of the functions are interested now, and by limiting what is passed it becomes simpler to change implementation details. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Eric W. Biederman <ebiederm@xmission.com> 2015-09-18 15:33:06 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-09-18 16:00:16 -0400
commit: 06198b34a3e09e06d9aecaa3727e0d37206cea77 (patch)
tree: 4fd18327ad7aaaf991b422de0b7ab6ef0ac28acb /security
parent: 176971b33859135d8dbda9b79e16cb1cf615eb92 (diff)
2 files changed, 7 insertions, 7 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e4369d86e588..64340160f4ac 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4866,7 +4866,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb,
        return NF_ACCEPT;
 }
-static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,
+static unsigned int selinux_ipv4_forward(void *priv,
                                         struct sk_buff *skb,
                                         const struct nf_hook_state *state)
 {
@@ -4874,7 +4874,7 @@ static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,
 }
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static unsigned int selinux_ipv6_forward(const struct nf_hook_ops *ops,
+static unsigned int selinux_ipv6_forward(void *priv,
                                         struct sk_buff *skb,
                                         const struct nf_hook_state *state)
 {
@@ -4924,7 +4924,7 @@ static unsigned int selinux_ip_output(struct sk_buff *skb,
        return NF_ACCEPT;
 }
-static unsigned int selinux_ipv4_output(const struct nf_hook_ops *ops,
+static unsigned int selinux_ipv4_output(void *priv,
                                        struct sk_buff *skb,
                                        const struct nf_hook_state *state)
 {
@@ -5099,7 +5099,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb,
        return NF_ACCEPT;
 }
-static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,
+static unsigned int selinux_ipv4_postroute(void *priv,
                                           struct sk_buff *skb,
                                           const struct nf_hook_state *state)
 {
@@ -5107,7 +5107,7 @@ static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,
 }
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,
+static unsigned int selinux_ipv6_postroute(void *priv,
                                           struct sk_buff *skb,
                                           const struct nf_hook_state *state)
 {
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
index a455cfc9ec1f..a9e41da05d28 100644
--- a/security/smack/smack_netfilter.c
+++ b/security/smack/smack_netfilter.c
@@ -21,7 +21,7 @@
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
-static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,
+static unsigned int smack_ipv6_output(void *priv,
                                        struct sk_buff *skb,
                                        const struct nf_hook_state *state)
 {
@@ -38,7 +38,7 @@ static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,
 }
 #endif  /* IPV6 */
-static unsigned int smack_ipv4_output(const struct nf_hook_ops *ops,
+static unsigned int smack_ipv4_output(void *priv,
                                        struct sk_buff *skb,
                                        const struct nf_hook_state *state)
 {
author	Eric W. Biederman <ebiederm@xmission.com>	2015-09-18 15:33:06 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-09-18 16:00:16 -0400
commit	06198b34a3e09e06d9aecaa3727e0d37206cea77 (patch)
tree	4fd18327ad7aaaf991b422de0b7ab6ef0ac28acb /security
parent	176971b33859135d8dbda9b79e16cb1cf615eb92 (diff)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e4369d86e588..64340160f4ac 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -4866,7 +4866,7 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb,
4866	return NF_ACCEPT;	4866	return NF_ACCEPT;
4867	}	4867	}
4868		4868
4869	static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,	4869	static unsigned int selinux_ipv4_forward(void *priv,
4870	struct sk_buff *skb,	4870	struct sk_buff *skb,
4871	const struct nf_hook_state *state)	4871	const struct nf_hook_state *state)
4872	{	4872	{
@@ -4874,7 +4874,7 @@ static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,
4874	}	4874	}
4875		4875
4876	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	4876	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
4877	static unsigned int selinux_ipv6_forward(const struct nf_hook_ops *ops,	4877	static unsigned int selinux_ipv6_forward(void *priv,
4878	struct sk_buff *skb,	4878	struct sk_buff *skb,
4879	const struct nf_hook_state *state)	4879	const struct nf_hook_state *state)
4880	{	4880	{
@@ -4924,7 +4924,7 @@ static unsigned int selinux_ip_output(struct sk_buff *skb,
4924	return NF_ACCEPT;	4924	return NF_ACCEPT;
4925	}	4925	}
4926		4926
4927	static unsigned int selinux_ipv4_output(const struct nf_hook_ops *ops,	4927	static unsigned int selinux_ipv4_output(void *priv,
4928	struct sk_buff *skb,	4928	struct sk_buff *skb,
4929	const struct nf_hook_state *state)	4929	const struct nf_hook_state *state)
4930	{	4930	{
@@ -5099,7 +5099,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb,
5099	return NF_ACCEPT;	5099	return NF_ACCEPT;
5100	}	5100	}
5101		5101
5102	static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,	5102	static unsigned int selinux_ipv4_postroute(void *priv,
5103	struct sk_buff *skb,	5103	struct sk_buff *skb,
5104	const struct nf_hook_state *state)	5104	const struct nf_hook_state *state)
5105	{	5105	{
@@ -5107,7 +5107,7 @@ static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,
5107	}	5107	}
5108		5108
5109	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	5109	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
5110	static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,	5110	static unsigned int selinux_ipv6_postroute(void *priv,
5111	struct sk_buff *skb,	5111	struct sk_buff *skb,
5112	const struct nf_hook_state *state)	5112	const struct nf_hook_state *state)
5113	{	5113	{


diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c index a455cfc9ec1f..a9e41da05d28 100644 --- a/security/smack/smack_netfilter.c +++ b/security/smack/smack_netfilter.c
@@ -21,7 +21,7 @@
21		21
22	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)	22	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
23		23
24	static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,	24	static unsigned int smack_ipv6_output(void *priv,
25	struct sk_buff *skb,	25	struct sk_buff *skb,
26	const struct nf_hook_state *state)	26	const struct nf_hook_state *state)
27	{	27	{
@@ -38,7 +38,7 @@ static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,
38	}	38	}
39	#endif /* IPV6 */	39	#endif /* IPV6 */
40		40
41	static unsigned int smack_ipv4_output(const struct nf_hook_ops *ops,	41	static unsigned int smack_ipv4_output(void *priv,
42	struct sk_buff *skb,	42	struct sk_buff *skb,
43	const struct nf_hook_state *state)	43	const struct nf_hook_state *state)
44	{	44	{