diff options
| author | David S. Miller <davem@davemloft.net> | 2015-04-03 20:32:56 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-04-04 12:31:38 -0400 |
| commit | 238e54c9cb9385a1ba99e92801f3615a2fb398b6 (patch) | |
| tree | 4efeb9b5c92f87028a6d321c7088b9d1e270360a /net/ipv6 | |
| parent | 1d1de89b9a4746f1dd055a3b8d073dd2f962a3b6 (diff) | |
netfilter: Make nf_hookfn use nf_hook_state.
Pass the nf_hook_state all the way down into the hook
functions themselves.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6t_SYNPROXY.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 7 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 13 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_nat.c | 28 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 7 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_security.c | 8 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 20 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 8 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_tables_ipv6.c | 12 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nft_chain_nat_ipv6.c | 24 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nft_chain_route_ipv6.c | 6 |
11 files changed, 52 insertions, 87 deletions
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c index a0d17270117c..6edb7b106de7 100644 --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c | |||
| @@ -315,11 +315,9 @@ synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par) | |||
| 315 | 315 | ||
| 316 | static unsigned int ipv6_synproxy_hook(const struct nf_hook_ops *ops, | 316 | static unsigned int ipv6_synproxy_hook(const struct nf_hook_ops *ops, |
| 317 | struct sk_buff *skb, | 317 | struct sk_buff *skb, |
| 318 | const struct net_device *in, | 318 | const struct nf_hook_state *nhs) |
| 319 | const struct net_device *out, | ||
| 320 | int (*okfn)(struct sk_buff *)) | ||
| 321 | { | 319 | { |
| 322 | struct synproxy_net *snet = synproxy_pernet(dev_net(in ? : out)); | 320 | struct synproxy_net *snet = synproxy_pernet(dev_net(nhs->in ? : nhs->out)); |
| 323 | enum ip_conntrack_info ctinfo; | 321 | enum ip_conntrack_info ctinfo; |
| 324 | struct nf_conn *ct; | 322 | struct nf_conn *ct; |
| 325 | struct nf_conn_synproxy *synproxy; | 323 | struct nf_conn_synproxy *synproxy; |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index ca7f6c128086..eb9ef093454f 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
| @@ -33,12 +33,11 @@ static const struct xt_table packet_filter = { | |||
| 33 | /* The work comes in here from netfilter.c. */ | 33 | /* The work comes in here from netfilter.c. */ |
| 34 | static unsigned int | 34 | static unsigned int |
| 35 | ip6table_filter_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, | 35 | ip6table_filter_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, |
| 36 | const struct net_device *in, const struct net_device *out, | 36 | const struct nf_hook_state *state) |
| 37 | int (*okfn)(struct sk_buff *)) | ||
| 38 | { | 37 | { |
| 39 | const struct net *net = dev_net((in != NULL) ? in : out); | 38 | const struct net *net = dev_net(state->in ? state->in : state->out); |
| 40 | 39 | ||
| 41 | return ip6t_do_table(skb, ops->hooknum, in, out, | 40 | return ip6t_do_table(skb, ops->hooknum, state->in, state->out, |
| 42 | net->ipv6.ip6table_filter); | 41 | net->ipv6.ip6table_filter); |
| 43 | } | 42 | } |
| 44 | 43 | ||
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index 307bbb782d14..e713b8d3dbbc 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
| @@ -77,17 +77,16 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out) | |||
| 77 | /* The work comes in here from netfilter.c. */ | 77 | /* The work comes in here from netfilter.c. */ |
| 78 | static unsigned int | 78 | static unsigned int |
| 79 | ip6table_mangle_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, | 79 | ip6table_mangle_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, |
| 80 | const struct net_device *in, const struct net_device *out, | 80 | const struct nf_hook_state *state) |
| 81 | int (*okfn)(struct sk_buff *)) | ||
| 82 | { | 81 | { |
| 83 | if (ops->hooknum == NF_INET_LOCAL_OUT) | 82 | if (ops->hooknum == NF_INET_LOCAL_OUT) |
| 84 | return ip6t_mangle_out(skb, out); | 83 | return ip6t_mangle_out(skb, state->out); |
| 85 | if (ops->hooknum == NF_INET_POST_ROUTING) | 84 | if (ops->hooknum == NF_INET_POST_ROUTING) |
| 86 | return ip6t_do_table(skb, ops->hooknum, in, out, | 85 | return ip6t_do_table(skb, ops->hooknum, state->in, state->out, |
| 87 | dev_net(out)->ipv6.ip6table_mangle); | 86 | dev_net(state->out)->ipv6.ip6table_mangle); |
| 88 | /* INPUT/FORWARD */ | 87 | /* INPUT/FORWARD */ |
| 89 | return ip6t_do_table(skb, ops->hooknum, in, out, | 88 | return ip6t_do_table(skb, ops->hooknum, state->in, state->out, |
| 90 | dev_net(in)->ipv6.ip6table_mangle); | 89 | dev_net(state->in)->ipv6.ip6table_mangle); |
| 91 | } | 90 | } |
| 92 | 91 | ||
| 93 | static struct nf_hook_ops *mangle_ops __read_mostly; | 92 | static struct nf_hook_ops *mangle_ops __read_mostly; |
diff --git a/net/ipv6/netfilter/ip6table_nat.c b/net/ipv6/netfilter/ip6table_nat.c index b0634ac996b7..e32b0d0315e6 100644 --- a/net/ipv6/netfilter/ip6table_nat.c +++ b/net/ipv6/netfilter/ip6table_nat.c | |||
| @@ -43,38 +43,34 @@ static unsigned int ip6table_nat_do_chain(const struct nf_hook_ops *ops, | |||
| 43 | 43 | ||
| 44 | static unsigned int ip6table_nat_fn(const struct nf_hook_ops *ops, | 44 | static unsigned int ip6table_nat_fn(const struct nf_hook_ops *ops, |
| 45 | struct sk_buff *skb, | 45 | struct sk_buff *skb, |
| 46 | const struct net_device *in, | 46 | const struct nf_hook_state *state) |
| 47 | const struct net_device *out, | ||
| 48 | int (*okfn)(struct sk_buff *)) | ||
| 49 | { | 47 | { |
| 50 | return nf_nat_ipv6_fn(ops, skb, in, out, ip6table_nat_do_chain); | 48 | return nf_nat_ipv6_fn(ops, skb, state->in, state->out, |
| 49 | ip6table_nat_do_chain); | ||
| 51 | } | 50 | } |
| 52 | 51 | ||
| 53 | static unsigned int ip6table_nat_in(const struct nf_hook_ops *ops, | 52 | static unsigned int ip6table_nat_in(const struct nf_hook_ops *ops, |
| 54 | struct sk_buff *skb, | 53 | struct sk_buff *skb, |
| 55 | const struct net_device *in, | 54 | const struct nf_hook_state *state) |
| 56 | const struct net_device *out, | ||
| 57 | int (*okfn)(struct sk_buff *)) | ||
| 58 | { | 55 | { |
| 59 | return nf_nat_ipv6_in(ops, skb, in, out, ip6table_nat_do_chain); | 56 | return nf_nat_ipv6_in(ops, skb, state->in, state->out, |
| 57 | ip6table_nat_do_chain); | ||
| 60 | } | 58 | } |
| 61 | 59 | ||
| 62 | static unsigned int ip6table_nat_out(const struct nf_hook_ops *ops, | 60 | static unsigned int ip6table_nat_out(const struct nf_hook_ops *ops, |
| 63 | struct sk_buff *skb, | 61 | struct sk_buff *skb, |
| 64 | const struct net_device *in, | 62 | const struct nf_hook_state *state) |
| 65 | const struct net_device *out, | ||
| 66 | int (*okfn)(struct sk_buff *)) | ||
| 67 | { | 63 | { |
| 68 | return nf_nat_ipv6_out(ops, skb, in, out, ip6table_nat_do_chain); | 64 | return nf_nat_ipv6_out(ops, skb, state->in, state->out, |
| 65 | ip6table_nat_do_chain); | ||
| 69 | } | 66 | } |
| 70 | 67 | ||
| 71 | static unsigned int ip6table_nat_local_fn(const struct nf_hook_ops *ops, | 68 | static unsigned int ip6table_nat_local_fn(const struct nf_hook_ops *ops, |
| 72 | struct sk_buff *skb, | 69 | struct sk_buff *skb, |
| 73 | const struct net_device *in, | 70 | const struct nf_hook_state *state) |
| 74 | const struct net_device *out, | ||
| 75 | int (*okfn)(struct sk_buff *)) | ||
| 76 | { | 71 | { |
| 77 | return nf_nat_ipv6_local_fn(ops, skb, in, out, ip6table_nat_do_chain); | 72 | return nf_nat_ipv6_local_fn(ops, skb, state->in, state->out, |
| 73 | ip6table_nat_do_chain); | ||
| 78 | } | 74 | } |
| 79 | 75 | ||
| 80 | static struct nf_hook_ops nf_nat_ipv6_ops[] __read_mostly = { | 76 | static struct nf_hook_ops nf_nat_ipv6_ops[] __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index 5274740acecc..937908e25862 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
| @@ -20,12 +20,11 @@ static const struct xt_table packet_raw = { | |||
| 20 | /* The work comes in here from netfilter.c. */ | 20 | /* The work comes in here from netfilter.c. */ |
| 21 | static unsigned int | 21 | static unsigned int |
| 22 | ip6table_raw_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, | 22 | ip6table_raw_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, |
| 23 | const struct net_device *in, const struct net_device *out, | 23 | const struct nf_hook_state *state) |
| 24 | int (*okfn)(struct sk_buff *)) | ||
| 25 | { | 24 | { |
| 26 | const struct net *net = dev_net((in != NULL) ? in : out); | 25 | const struct net *net = dev_net(state->in ? state->in : state->out); |
| 27 | 26 | ||
| 28 | return ip6t_do_table(skb, ops->hooknum, in, out, | 27 | return ip6t_do_table(skb, ops->hooknum, state->in, state->out, |
| 29 | net->ipv6.ip6table_raw); | 28 | net->ipv6.ip6table_raw); |
| 30 | } | 29 | } |
| 31 | 30 | ||
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c index ab3b0219ecfa..f33b41e8e294 100644 --- a/net/ipv6/netfilter/ip6table_security.c +++ b/net/ipv6/netfilter/ip6table_security.c | |||
| @@ -37,13 +37,11 @@ static const struct xt_table security_table = { | |||
| 37 | 37 | ||
| 38 | static unsigned int | 38 | static unsigned int |
| 39 | ip6table_security_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, | 39 | ip6table_security_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, |
| 40 | const struct net_device *in, | 40 | const struct nf_hook_state *state) |
| 41 | const struct net_device *out, | ||
| 42 | int (*okfn)(struct sk_buff *)) | ||
| 43 | { | 41 | { |
| 44 | const struct net *net = dev_net((in != NULL) ? in : out); | 42 | const struct net *net = dev_net(state->in ? state->in : state->out); |
| 45 | 43 | ||
| 46 | return ip6t_do_table(skb, ops->hooknum, in, out, | 44 | return ip6t_do_table(skb, ops->hooknum, state->in, state->out, |
| 47 | net->ipv6.ip6table_security); | 45 | net->ipv6.ip6table_security); |
| 48 | } | 46 | } |
| 49 | 47 | ||
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index fba91c6fc7ca..4ba0c34c627b 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
| @@ -97,9 +97,7 @@ static int ipv6_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | |||
| 97 | 97 | ||
| 98 | static unsigned int ipv6_helper(const struct nf_hook_ops *ops, | 98 | static unsigned int ipv6_helper(const struct nf_hook_ops *ops, |
| 99 | struct sk_buff *skb, | 99 | struct sk_buff *skb, |
| 100 | const struct net_device *in, | 100 | const struct nf_hook_state *state) |
| 101 | const struct net_device *out, | ||
| 102 | int (*okfn)(struct sk_buff *)) | ||
| 103 | { | 101 | { |
| 104 | struct nf_conn *ct; | 102 | struct nf_conn *ct; |
| 105 | const struct nf_conn_help *help; | 103 | const struct nf_conn_help *help; |
| @@ -135,9 +133,7 @@ static unsigned int ipv6_helper(const struct nf_hook_ops *ops, | |||
| 135 | 133 | ||
| 136 | static unsigned int ipv6_confirm(const struct nf_hook_ops *ops, | 134 | static unsigned int ipv6_confirm(const struct nf_hook_ops *ops, |
| 137 | struct sk_buff *skb, | 135 | struct sk_buff *skb, |
| 138 | const struct net_device *in, | 136 | const struct nf_hook_state *state) |
| 139 | const struct net_device *out, | ||
| 140 | int (*okfn)(struct sk_buff *)) | ||
| 141 | { | 137 | { |
| 142 | struct nf_conn *ct; | 138 | struct nf_conn *ct; |
| 143 | enum ip_conntrack_info ctinfo; | 139 | enum ip_conntrack_info ctinfo; |
| @@ -171,25 +167,21 @@ out: | |||
| 171 | 167 | ||
| 172 | static unsigned int ipv6_conntrack_in(const struct nf_hook_ops *ops, | 168 | static unsigned int ipv6_conntrack_in(const struct nf_hook_ops *ops, |
| 173 | struct sk_buff *skb, | 169 | struct sk_buff *skb, |
| 174 | const struct net_device *in, | 170 | const struct nf_hook_state *state) |
| 175 | const struct net_device *out, | ||
| 176 | int (*okfn)(struct sk_buff *)) | ||
| 177 | { | 171 | { |
| 178 | return nf_conntrack_in(dev_net(in), PF_INET6, ops->hooknum, skb); | 172 | return nf_conntrack_in(dev_net(state->in), PF_INET6, ops->hooknum, skb); |
| 179 | } | 173 | } |
| 180 | 174 | ||
| 181 | static unsigned int ipv6_conntrack_local(const struct nf_hook_ops *ops, | 175 | static unsigned int ipv6_conntrack_local(const struct nf_hook_ops *ops, |
| 182 | struct sk_buff *skb, | 176 | struct sk_buff *skb, |
| 183 | const struct net_device *in, | 177 | const struct nf_hook_state *state) |
| 184 | const struct net_device *out, | ||
| 185 | int (*okfn)(struct sk_buff *)) | ||
| 186 | { | 178 | { |
| 187 | /* root is playing with raw sockets. */ | 179 | /* root is playing with raw sockets. */ |
| 188 | if (skb->len < sizeof(struct ipv6hdr)) { | 180 | if (skb->len < sizeof(struct ipv6hdr)) { |
| 189 | net_notice_ratelimited("ipv6_conntrack_local: packet too short\n"); | 181 | net_notice_ratelimited("ipv6_conntrack_local: packet too short\n"); |
| 190 | return NF_ACCEPT; | 182 | return NF_ACCEPT; |
| 191 | } | 183 | } |
| 192 | return nf_conntrack_in(dev_net(out), PF_INET6, ops->hooknum, skb); | 184 | return nf_conntrack_in(dev_net(state->out), PF_INET6, ops->hooknum, skb); |
| 193 | } | 185 | } |
| 194 | 186 | ||
| 195 | static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = { | 187 | static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = { |
diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c index e70382e4dfb5..e2b882056751 100644 --- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c +++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | |||
| @@ -54,9 +54,7 @@ static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum, | |||
| 54 | 54 | ||
| 55 | static unsigned int ipv6_defrag(const struct nf_hook_ops *ops, | 55 | static unsigned int ipv6_defrag(const struct nf_hook_ops *ops, |
| 56 | struct sk_buff *skb, | 56 | struct sk_buff *skb, |
| 57 | const struct net_device *in, | 57 | const struct nf_hook_state *state) |
| 58 | const struct net_device *out, | ||
| 59 | int (*okfn)(struct sk_buff *)) | ||
| 60 | { | 58 | { |
| 61 | struct sk_buff *reasm; | 59 | struct sk_buff *reasm; |
| 62 | 60 | ||
| @@ -78,8 +76,8 @@ static unsigned int ipv6_defrag(const struct nf_hook_ops *ops, | |||
| 78 | nf_ct_frag6_consume_orig(reasm); | 76 | nf_ct_frag6_consume_orig(reasm); |
| 79 | 77 | ||
| 80 | NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, reasm, | 78 | NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, reasm, |
| 81 | (struct net_device *) in, (struct net_device *) out, | 79 | state->in, state->out, |
| 82 | okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1); | 80 | state->okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1); |
| 83 | 81 | ||
| 84 | return NF_STOLEN; | 82 | return NF_STOLEN; |
| 85 | } | 83 | } |
diff --git a/net/ipv6/netfilter/nf_tables_ipv6.c b/net/ipv6/netfilter/nf_tables_ipv6.c index 0d812b31277d..224bc8971a0b 100644 --- a/net/ipv6/netfilter/nf_tables_ipv6.c +++ b/net/ipv6/netfilter/nf_tables_ipv6.c | |||
| @@ -18,14 +18,12 @@ | |||
| 18 | 18 | ||
| 19 | static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops, | 19 | static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops, |
| 20 | struct sk_buff *skb, | 20 | struct sk_buff *skb, |
| 21 | const struct net_device *in, | 21 | const struct nf_hook_state *state) |
| 22 | const struct net_device *out, | ||
| 23 | int (*okfn)(struct sk_buff *)) | ||
| 24 | { | 22 | { |
| 25 | struct nft_pktinfo pkt; | 23 | struct nft_pktinfo pkt; |
| 26 | 24 | ||
| 27 | /* malformed packet, drop it */ | 25 | /* malformed packet, drop it */ |
| 28 | if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0) | 26 | if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0) |
| 29 | return NF_DROP; | 27 | return NF_DROP; |
| 30 | 28 | ||
| 31 | return nft_do_chain(&pkt, ops); | 29 | return nft_do_chain(&pkt, ops); |
| @@ -33,9 +31,7 @@ static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops, | |||
| 33 | 31 | ||
| 34 | static unsigned int nft_ipv6_output(const struct nf_hook_ops *ops, | 32 | static unsigned int nft_ipv6_output(const struct nf_hook_ops *ops, |
| 35 | struct sk_buff *skb, | 33 | struct sk_buff *skb, |
| 36 | const struct net_device *in, | 34 | const struct nf_hook_state *state) |
| 37 | const struct net_device *out, | ||
| 38 | int (*okfn)(struct sk_buff *)) | ||
| 39 | { | 35 | { |
| 40 | if (unlikely(skb->len < sizeof(struct ipv6hdr))) { | 36 | if (unlikely(skb->len < sizeof(struct ipv6hdr))) { |
| 41 | if (net_ratelimit()) | 37 | if (net_ratelimit()) |
| @@ -44,7 +40,7 @@ static unsigned int nft_ipv6_output(const struct nf_hook_ops *ops, | |||
| 44 | return NF_ACCEPT; | 40 | return NF_ACCEPT; |
| 45 | } | 41 | } |
| 46 | 42 | ||
| 47 | return nft_do_chain_ipv6(ops, skb, in, out, okfn); | 43 | return nft_do_chain_ipv6(ops, skb, state); |
| 48 | } | 44 | } |
| 49 | 45 | ||
| 50 | struct nft_af_info nft_af_ipv6 __read_mostly = { | 46 | struct nft_af_info nft_af_ipv6 __read_mostly = { |
diff --git a/net/ipv6/netfilter/nft_chain_nat_ipv6.c b/net/ipv6/netfilter/nft_chain_nat_ipv6.c index 1c4b75dd425b..f73f4ae25bc2 100644 --- a/net/ipv6/netfilter/nft_chain_nat_ipv6.c +++ b/net/ipv6/netfilter/nft_chain_nat_ipv6.c | |||
| @@ -39,38 +39,30 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops, | |||
| 39 | 39 | ||
| 40 | static unsigned int nft_nat_ipv6_fn(const struct nf_hook_ops *ops, | 40 | static unsigned int nft_nat_ipv6_fn(const struct nf_hook_ops *ops, |
| 41 | struct sk_buff *skb, | 41 | struct sk_buff *skb, |
| 42 | const struct net_device *in, | 42 | const struct nf_hook_state *state) |
| 43 | const struct net_device *out, | ||
| 44 | int (*okfn)(struct sk_buff *)) | ||
| 45 | { | 43 | { |
| 46 | return nf_nat_ipv6_fn(ops, skb, in, out, nft_nat_do_chain); | 44 | return nf_nat_ipv6_fn(ops, skb, state->in, state->out, nft_nat_do_chain); |
| 47 | } | 45 | } |
| 48 | 46 | ||
| 49 | static unsigned int nft_nat_ipv6_in(const struct nf_hook_ops *ops, | 47 | static unsigned int nft_nat_ipv6_in(const struct nf_hook_ops *ops, |
| 50 | struct sk_buff *skb, | 48 | struct sk_buff *skb, |
| 51 | const struct net_device *in, | 49 | const struct nf_hook_state *state) |
| 52 | const struct net_device *out, | ||
| 53 | int (*okfn)(struct sk_buff *)) | ||
| 54 | { | 50 | { |
| 55 | return nf_nat_ipv6_in(ops, skb, in, out, nft_nat_do_chain); | 51 | return nf_nat_ipv6_in(ops, skb, state->in, state->out, nft_nat_do_chain); |
| 56 | } | 52 | } |
| 57 | 53 | ||
| 58 | static unsigned int nft_nat_ipv6_out(const struct nf_hook_ops *ops, | 54 | static unsigned int nft_nat_ipv6_out(const struct nf_hook_ops *ops, |
| 59 | struct sk_buff *skb, | 55 | struct sk_buff *skb, |
| 60 | const struct net_device *in, | 56 | const struct nf_hook_state *state) |
| 61 | const struct net_device *out, | ||
| 62 | int (*okfn)(struct sk_buff *)) | ||
| 63 | { | 57 | { |
| 64 | return nf_nat_ipv6_out(ops, skb, in, out, nft_nat_do_chain); | 58 | return nf_nat_ipv6_out(ops, skb, state->in, state->out, nft_nat_do_chain); |
| 65 | } | 59 | } |
| 66 | 60 | ||
| 67 | static unsigned int nft_nat_ipv6_local_fn(const struct nf_hook_ops *ops, | 61 | static unsigned int nft_nat_ipv6_local_fn(const struct nf_hook_ops *ops, |
| 68 | struct sk_buff *skb, | 62 | struct sk_buff *skb, |
| 69 | const struct net_device *in, | 63 | const struct nf_hook_state *state) |
| 70 | const struct net_device *out, | ||
| 71 | int (*okfn)(struct sk_buff *)) | ||
| 72 | { | 64 | { |
| 73 | return nf_nat_ipv6_local_fn(ops, skb, in, out, nft_nat_do_chain); | 65 | return nf_nat_ipv6_local_fn(ops, skb, state->in, state->out, nft_nat_do_chain); |
| 74 | } | 66 | } |
| 75 | 67 | ||
| 76 | static const struct nf_chain_type nft_chain_nat_ipv6 = { | 68 | static const struct nf_chain_type nft_chain_nat_ipv6 = { |
diff --git a/net/ipv6/netfilter/nft_chain_route_ipv6.c b/net/ipv6/netfilter/nft_chain_route_ipv6.c index 42031299585e..c826c3c854b2 100644 --- a/net/ipv6/netfilter/nft_chain_route_ipv6.c +++ b/net/ipv6/netfilter/nft_chain_route_ipv6.c | |||
| @@ -24,9 +24,7 @@ | |||
| 24 | 24 | ||
| 25 | static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops, | 25 | static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops, |
| 26 | struct sk_buff *skb, | 26 | struct sk_buff *skb, |
| 27 | const struct net_device *in, | 27 | const struct nf_hook_state *state) |
| 28 | const struct net_device *out, | ||
| 29 | int (*okfn)(struct sk_buff *)) | ||
| 30 | { | 28 | { |
| 31 | unsigned int ret; | 29 | unsigned int ret; |
| 32 | struct nft_pktinfo pkt; | 30 | struct nft_pktinfo pkt; |
| @@ -35,7 +33,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops, | |||
| 35 | u32 mark, flowlabel; | 33 | u32 mark, flowlabel; |
| 36 | 34 | ||
| 37 | /* malformed packet, drop it */ | 35 | /* malformed packet, drop it */ |
| 38 | if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0) | 36 | if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0) |
| 39 | return NF_DROP; | 37 | return NF_DROP; |
| 40 | 38 | ||
| 41 | /* save source/dest address, mark, hoplimit, flowlabel, priority */ | 39 | /* save source/dest address, mark, hoplimit, flowlabel, priority */ |