diff options
author | David S. Miller <davem@davemloft.net> | 2015-04-03 20:32:56 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-04-04 12:31:38 -0400 |
commit | 238e54c9cb9385a1ba99e92801f3615a2fb398b6 (patch) | |
tree | 4efeb9b5c92f87028a6d321c7088b9d1e270360a /net/ipv6 | |
parent | 1d1de89b9a4746f1dd055a3b8d073dd2f962a3b6 (diff) |
netfilter: Make nf_hookfn use nf_hook_state.
Pass the nf_hook_state all the way down into the hook
functions themselves.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6t_SYNPROXY.c | 6 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 7 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 13 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_nat.c | 28 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 7 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_security.c | 8 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 20 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 8 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_tables_ipv6.c | 12 | ||||
-rw-r--r-- | net/ipv6/netfilter/nft_chain_nat_ipv6.c | 24 | ||||
-rw-r--r-- | net/ipv6/netfilter/nft_chain_route_ipv6.c | 6 |
11 files changed, 52 insertions, 87 deletions
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c index a0d17270117c..6edb7b106de7 100644 --- a/net/ipv6/netfilter/ip6t_SYNPROXY.c +++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c | |||
@@ -315,11 +315,9 @@ synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par) | |||
315 | 315 | ||
316 | static unsigned int ipv6_synproxy_hook(const struct nf_hook_ops *ops, | 316 | static unsigned int ipv6_synproxy_hook(const struct nf_hook_ops *ops, |
317 | struct sk_buff *skb, | 317 | struct sk_buff *skb, |
318 | const struct net_device *in, | 318 | const struct nf_hook_state *nhs) |
319 | const struct net_device *out, | ||
320 | int (*okfn)(struct sk_buff *)) | ||
321 | { | 319 | { |
322 | struct synproxy_net *snet = synproxy_pernet(dev_net(in ? : out)); | 320 | struct synproxy_net *snet = synproxy_pernet(dev_net(nhs->in ? : nhs->out)); |
323 | enum ip_conntrack_info ctinfo; | 321 | enum ip_conntrack_info ctinfo; |
324 | struct nf_conn *ct; | 322 | struct nf_conn *ct; |
325 | struct nf_conn_synproxy *synproxy; | 323 | struct nf_conn_synproxy *synproxy; |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index ca7f6c128086..eb9ef093454f 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
@@ -33,12 +33,11 @@ static const struct xt_table packet_filter = { | |||
33 | /* The work comes in here from netfilter.c. */ | 33 | /* The work comes in here from netfilter.c. */ |
34 | static unsigned int | 34 | static unsigned int |
35 | ip6table_filter_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, | 35 | ip6table_filter_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, |
36 | const struct net_device *in, const struct net_device *out, | 36 | const struct nf_hook_state *state) |
37 | int (*okfn)(struct sk_buff *)) | ||
38 | { | 37 | { |
39 | const struct net *net = dev_net((in != NULL) ? in : out); | 38 | const struct net *net = dev_net(state->in ? state->in : state->out); |
40 | 39 | ||
41 | return ip6t_do_table(skb, ops->hooknum, in, out, | 40 | return ip6t_do_table(skb, ops->hooknum, state->in, state->out, |
42 | net->ipv6.ip6table_filter); | 41 | net->ipv6.ip6table_filter); |
43 | } | 42 | } |
44 | 43 | ||
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index 307bbb782d14..e713b8d3dbbc 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
@@ -77,17 +77,16 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out) | |||
77 | /* The work comes in here from netfilter.c. */ | 77 | /* The work comes in here from netfilter.c. */ |
78 | static unsigned int | 78 | static unsigned int |
79 | ip6table_mangle_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, | 79 | ip6table_mangle_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, |
80 | const struct net_device *in, const struct net_device *out, | 80 | const struct nf_hook_state *state) |
81 | int (*okfn)(struct sk_buff *)) | ||
82 | { | 81 | { |
83 | if (ops->hooknum == NF_INET_LOCAL_OUT) | 82 | if (ops->hooknum == NF_INET_LOCAL_OUT) |
84 | return ip6t_mangle_out(skb, out); | 83 | return ip6t_mangle_out(skb, state->out); |
85 | if (ops->hooknum == NF_INET_POST_ROUTING) | 84 | if (ops->hooknum == NF_INET_POST_ROUTING) |
86 | return ip6t_do_table(skb, ops->hooknum, in, out, | 85 | return ip6t_do_table(skb, ops->hooknum, state->in, state->out, |
87 | dev_net(out)->ipv6.ip6table_mangle); | 86 | dev_net(state->out)->ipv6.ip6table_mangle); |
88 | /* INPUT/FORWARD */ | 87 | /* INPUT/FORWARD */ |
89 | return ip6t_do_table(skb, ops->hooknum, in, out, | 88 | return ip6t_do_table(skb, ops->hooknum, state->in, state->out, |
90 | dev_net(in)->ipv6.ip6table_mangle); | 89 | dev_net(state->in)->ipv6.ip6table_mangle); |
91 | } | 90 | } |
92 | 91 | ||
93 | static struct nf_hook_ops *mangle_ops __read_mostly; | 92 | static struct nf_hook_ops *mangle_ops __read_mostly; |
diff --git a/net/ipv6/netfilter/ip6table_nat.c b/net/ipv6/netfilter/ip6table_nat.c index b0634ac996b7..e32b0d0315e6 100644 --- a/net/ipv6/netfilter/ip6table_nat.c +++ b/net/ipv6/netfilter/ip6table_nat.c | |||
@@ -43,38 +43,34 @@ static unsigned int ip6table_nat_do_chain(const struct nf_hook_ops *ops, | |||
43 | 43 | ||
44 | static unsigned int ip6table_nat_fn(const struct nf_hook_ops *ops, | 44 | static unsigned int ip6table_nat_fn(const struct nf_hook_ops *ops, |
45 | struct sk_buff *skb, | 45 | struct sk_buff *skb, |
46 | const struct net_device *in, | 46 | const struct nf_hook_state *state) |
47 | const struct net_device *out, | ||
48 | int (*okfn)(struct sk_buff *)) | ||
49 | { | 47 | { |
50 | return nf_nat_ipv6_fn(ops, skb, in, out, ip6table_nat_do_chain); | 48 | return nf_nat_ipv6_fn(ops, skb, state->in, state->out, |
49 | ip6table_nat_do_chain); | ||
51 | } | 50 | } |
52 | 51 | ||
53 | static unsigned int ip6table_nat_in(const struct nf_hook_ops *ops, | 52 | static unsigned int ip6table_nat_in(const struct nf_hook_ops *ops, |
54 | struct sk_buff *skb, | 53 | struct sk_buff *skb, |
55 | const struct net_device *in, | 54 | const struct nf_hook_state *state) |
56 | const struct net_device *out, | ||
57 | int (*okfn)(struct sk_buff *)) | ||
58 | { | 55 | { |
59 | return nf_nat_ipv6_in(ops, skb, in, out, ip6table_nat_do_chain); | 56 | return nf_nat_ipv6_in(ops, skb, state->in, state->out, |
57 | ip6table_nat_do_chain); | ||
60 | } | 58 | } |
61 | 59 | ||
62 | static unsigned int ip6table_nat_out(const struct nf_hook_ops *ops, | 60 | static unsigned int ip6table_nat_out(const struct nf_hook_ops *ops, |
63 | struct sk_buff *skb, | 61 | struct sk_buff *skb, |
64 | const struct net_device *in, | 62 | const struct nf_hook_state *state) |
65 | const struct net_device *out, | ||
66 | int (*okfn)(struct sk_buff *)) | ||
67 | { | 63 | { |
68 | return nf_nat_ipv6_out(ops, skb, in, out, ip6table_nat_do_chain); | 64 | return nf_nat_ipv6_out(ops, skb, state->in, state->out, |
65 | ip6table_nat_do_chain); | ||
69 | } | 66 | } |
70 | 67 | ||
71 | static unsigned int ip6table_nat_local_fn(const struct nf_hook_ops *ops, | 68 | static unsigned int ip6table_nat_local_fn(const struct nf_hook_ops *ops, |
72 | struct sk_buff *skb, | 69 | struct sk_buff *skb, |
73 | const struct net_device *in, | 70 | const struct nf_hook_state *state) |
74 | const struct net_device *out, | ||
75 | int (*okfn)(struct sk_buff *)) | ||
76 | { | 71 | { |
77 | return nf_nat_ipv6_local_fn(ops, skb, in, out, ip6table_nat_do_chain); | 72 | return nf_nat_ipv6_local_fn(ops, skb, state->in, state->out, |
73 | ip6table_nat_do_chain); | ||
78 | } | 74 | } |
79 | 75 | ||
80 | static struct nf_hook_ops nf_nat_ipv6_ops[] __read_mostly = { | 76 | static struct nf_hook_ops nf_nat_ipv6_ops[] __read_mostly = { |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index 5274740acecc..937908e25862 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
@@ -20,12 +20,11 @@ static const struct xt_table packet_raw = { | |||
20 | /* The work comes in here from netfilter.c. */ | 20 | /* The work comes in here from netfilter.c. */ |
21 | static unsigned int | 21 | static unsigned int |
22 | ip6table_raw_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, | 22 | ip6table_raw_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, |
23 | const struct net_device *in, const struct net_device *out, | 23 | const struct nf_hook_state *state) |
24 | int (*okfn)(struct sk_buff *)) | ||
25 | { | 24 | { |
26 | const struct net *net = dev_net((in != NULL) ? in : out); | 25 | const struct net *net = dev_net(state->in ? state->in : state->out); |
27 | 26 | ||
28 | return ip6t_do_table(skb, ops->hooknum, in, out, | 27 | return ip6t_do_table(skb, ops->hooknum, state->in, state->out, |
29 | net->ipv6.ip6table_raw); | 28 | net->ipv6.ip6table_raw); |
30 | } | 29 | } |
31 | 30 | ||
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c index ab3b0219ecfa..f33b41e8e294 100644 --- a/net/ipv6/netfilter/ip6table_security.c +++ b/net/ipv6/netfilter/ip6table_security.c | |||
@@ -37,13 +37,11 @@ static const struct xt_table security_table = { | |||
37 | 37 | ||
38 | static unsigned int | 38 | static unsigned int |
39 | ip6table_security_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, | 39 | ip6table_security_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, |
40 | const struct net_device *in, | 40 | const struct nf_hook_state *state) |
41 | const struct net_device *out, | ||
42 | int (*okfn)(struct sk_buff *)) | ||
43 | { | 41 | { |
44 | const struct net *net = dev_net((in != NULL) ? in : out); | 42 | const struct net *net = dev_net(state->in ? state->in : state->out); |
45 | 43 | ||
46 | return ip6t_do_table(skb, ops->hooknum, in, out, | 44 | return ip6t_do_table(skb, ops->hooknum, state->in, state->out, |
47 | net->ipv6.ip6table_security); | 45 | net->ipv6.ip6table_security); |
48 | } | 46 | } |
49 | 47 | ||
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index fba91c6fc7ca..4ba0c34c627b 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
@@ -97,9 +97,7 @@ static int ipv6_get_l4proto(const struct sk_buff *skb, unsigned int nhoff, | |||
97 | 97 | ||
98 | static unsigned int ipv6_helper(const struct nf_hook_ops *ops, | 98 | static unsigned int ipv6_helper(const struct nf_hook_ops *ops, |
99 | struct sk_buff *skb, | 99 | struct sk_buff *skb, |
100 | const struct net_device *in, | 100 | const struct nf_hook_state *state) |
101 | const struct net_device *out, | ||
102 | int (*okfn)(struct sk_buff *)) | ||
103 | { | 101 | { |
104 | struct nf_conn *ct; | 102 | struct nf_conn *ct; |
105 | const struct nf_conn_help *help; | 103 | const struct nf_conn_help *help; |
@@ -135,9 +133,7 @@ static unsigned int ipv6_helper(const struct nf_hook_ops *ops, | |||
135 | 133 | ||
136 | static unsigned int ipv6_confirm(const struct nf_hook_ops *ops, | 134 | static unsigned int ipv6_confirm(const struct nf_hook_ops *ops, |
137 | struct sk_buff *skb, | 135 | struct sk_buff *skb, |
138 | const struct net_device *in, | 136 | const struct nf_hook_state *state) |
139 | const struct net_device *out, | ||
140 | int (*okfn)(struct sk_buff *)) | ||
141 | { | 137 | { |
142 | struct nf_conn *ct; | 138 | struct nf_conn *ct; |
143 | enum ip_conntrack_info ctinfo; | 139 | enum ip_conntrack_info ctinfo; |
@@ -171,25 +167,21 @@ out: | |||
171 | 167 | ||
172 | static unsigned int ipv6_conntrack_in(const struct nf_hook_ops *ops, | 168 | static unsigned int ipv6_conntrack_in(const struct nf_hook_ops *ops, |
173 | struct sk_buff *skb, | 169 | struct sk_buff *skb, |
174 | const struct net_device *in, | 170 | const struct nf_hook_state *state) |
175 | const struct net_device *out, | ||
176 | int (*okfn)(struct sk_buff *)) | ||
177 | { | 171 | { |
178 | return nf_conntrack_in(dev_net(in), PF_INET6, ops->hooknum, skb); | 172 | return nf_conntrack_in(dev_net(state->in), PF_INET6, ops->hooknum, skb); |
179 | } | 173 | } |
180 | 174 | ||
181 | static unsigned int ipv6_conntrack_local(const struct nf_hook_ops *ops, | 175 | static unsigned int ipv6_conntrack_local(const struct nf_hook_ops *ops, |
182 | struct sk_buff *skb, | 176 | struct sk_buff *skb, |
183 | const struct net_device *in, | 177 | const struct nf_hook_state *state) |
184 | const struct net_device *out, | ||
185 | int (*okfn)(struct sk_buff *)) | ||
186 | { | 178 | { |
187 | /* root is playing with raw sockets. */ | 179 | /* root is playing with raw sockets. */ |
188 | if (skb->len < sizeof(struct ipv6hdr)) { | 180 | if (skb->len < sizeof(struct ipv6hdr)) { |
189 | net_notice_ratelimited("ipv6_conntrack_local: packet too short\n"); | 181 | net_notice_ratelimited("ipv6_conntrack_local: packet too short\n"); |
190 | return NF_ACCEPT; | 182 | return NF_ACCEPT; |
191 | } | 183 | } |
192 | return nf_conntrack_in(dev_net(out), PF_INET6, ops->hooknum, skb); | 184 | return nf_conntrack_in(dev_net(state->out), PF_INET6, ops->hooknum, skb); |
193 | } | 185 | } |
194 | 186 | ||
195 | static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = { | 187 | static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = { |
diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c index e70382e4dfb5..e2b882056751 100644 --- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c +++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | |||
@@ -54,9 +54,7 @@ static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum, | |||
54 | 54 | ||
55 | static unsigned int ipv6_defrag(const struct nf_hook_ops *ops, | 55 | static unsigned int ipv6_defrag(const struct nf_hook_ops *ops, |
56 | struct sk_buff *skb, | 56 | struct sk_buff *skb, |
57 | const struct net_device *in, | 57 | const struct nf_hook_state *state) |
58 | const struct net_device *out, | ||
59 | int (*okfn)(struct sk_buff *)) | ||
60 | { | 58 | { |
61 | struct sk_buff *reasm; | 59 | struct sk_buff *reasm; |
62 | 60 | ||
@@ -78,8 +76,8 @@ static unsigned int ipv6_defrag(const struct nf_hook_ops *ops, | |||
78 | nf_ct_frag6_consume_orig(reasm); | 76 | nf_ct_frag6_consume_orig(reasm); |
79 | 77 | ||
80 | NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, reasm, | 78 | NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, reasm, |
81 | (struct net_device *) in, (struct net_device *) out, | 79 | state->in, state->out, |
82 | okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1); | 80 | state->okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1); |
83 | 81 | ||
84 | return NF_STOLEN; | 82 | return NF_STOLEN; |
85 | } | 83 | } |
diff --git a/net/ipv6/netfilter/nf_tables_ipv6.c b/net/ipv6/netfilter/nf_tables_ipv6.c index 0d812b31277d..224bc8971a0b 100644 --- a/net/ipv6/netfilter/nf_tables_ipv6.c +++ b/net/ipv6/netfilter/nf_tables_ipv6.c | |||
@@ -18,14 +18,12 @@ | |||
18 | 18 | ||
19 | static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops, | 19 | static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops, |
20 | struct sk_buff *skb, | 20 | struct sk_buff *skb, |
21 | const struct net_device *in, | 21 | const struct nf_hook_state *state) |
22 | const struct net_device *out, | ||
23 | int (*okfn)(struct sk_buff *)) | ||
24 | { | 22 | { |
25 | struct nft_pktinfo pkt; | 23 | struct nft_pktinfo pkt; |
26 | 24 | ||
27 | /* malformed packet, drop it */ | 25 | /* malformed packet, drop it */ |
28 | if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0) | 26 | if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0) |
29 | return NF_DROP; | 27 | return NF_DROP; |
30 | 28 | ||
31 | return nft_do_chain(&pkt, ops); | 29 | return nft_do_chain(&pkt, ops); |
@@ -33,9 +31,7 @@ static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops, | |||
33 | 31 | ||
34 | static unsigned int nft_ipv6_output(const struct nf_hook_ops *ops, | 32 | static unsigned int nft_ipv6_output(const struct nf_hook_ops *ops, |
35 | struct sk_buff *skb, | 33 | struct sk_buff *skb, |
36 | const struct net_device *in, | 34 | const struct nf_hook_state *state) |
37 | const struct net_device *out, | ||
38 | int (*okfn)(struct sk_buff *)) | ||
39 | { | 35 | { |
40 | if (unlikely(skb->len < sizeof(struct ipv6hdr))) { | 36 | if (unlikely(skb->len < sizeof(struct ipv6hdr))) { |
41 | if (net_ratelimit()) | 37 | if (net_ratelimit()) |
@@ -44,7 +40,7 @@ static unsigned int nft_ipv6_output(const struct nf_hook_ops *ops, | |||
44 | return NF_ACCEPT; | 40 | return NF_ACCEPT; |
45 | } | 41 | } |
46 | 42 | ||
47 | return nft_do_chain_ipv6(ops, skb, in, out, okfn); | 43 | return nft_do_chain_ipv6(ops, skb, state); |
48 | } | 44 | } |
49 | 45 | ||
50 | struct nft_af_info nft_af_ipv6 __read_mostly = { | 46 | struct nft_af_info nft_af_ipv6 __read_mostly = { |
diff --git a/net/ipv6/netfilter/nft_chain_nat_ipv6.c b/net/ipv6/netfilter/nft_chain_nat_ipv6.c index 1c4b75dd425b..f73f4ae25bc2 100644 --- a/net/ipv6/netfilter/nft_chain_nat_ipv6.c +++ b/net/ipv6/netfilter/nft_chain_nat_ipv6.c | |||
@@ -39,38 +39,30 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops, | |||
39 | 39 | ||
40 | static unsigned int nft_nat_ipv6_fn(const struct nf_hook_ops *ops, | 40 | static unsigned int nft_nat_ipv6_fn(const struct nf_hook_ops *ops, |
41 | struct sk_buff *skb, | 41 | struct sk_buff *skb, |
42 | const struct net_device *in, | 42 | const struct nf_hook_state *state) |
43 | const struct net_device *out, | ||
44 | int (*okfn)(struct sk_buff *)) | ||
45 | { | 43 | { |
46 | return nf_nat_ipv6_fn(ops, skb, in, out, nft_nat_do_chain); | 44 | return nf_nat_ipv6_fn(ops, skb, state->in, state->out, nft_nat_do_chain); |
47 | } | 45 | } |
48 | 46 | ||
49 | static unsigned int nft_nat_ipv6_in(const struct nf_hook_ops *ops, | 47 | static unsigned int nft_nat_ipv6_in(const struct nf_hook_ops *ops, |
50 | struct sk_buff *skb, | 48 | struct sk_buff *skb, |
51 | const struct net_device *in, | 49 | const struct nf_hook_state *state) |
52 | const struct net_device *out, | ||
53 | int (*okfn)(struct sk_buff *)) | ||
54 | { | 50 | { |
55 | return nf_nat_ipv6_in(ops, skb, in, out, nft_nat_do_chain); | 51 | return nf_nat_ipv6_in(ops, skb, state->in, state->out, nft_nat_do_chain); |
56 | } | 52 | } |
57 | 53 | ||
58 | static unsigned int nft_nat_ipv6_out(const struct nf_hook_ops *ops, | 54 | static unsigned int nft_nat_ipv6_out(const struct nf_hook_ops *ops, |
59 | struct sk_buff *skb, | 55 | struct sk_buff *skb, |
60 | const struct net_device *in, | 56 | const struct nf_hook_state *state) |
61 | const struct net_device *out, | ||
62 | int (*okfn)(struct sk_buff *)) | ||
63 | { | 57 | { |
64 | return nf_nat_ipv6_out(ops, skb, in, out, nft_nat_do_chain); | 58 | return nf_nat_ipv6_out(ops, skb, state->in, state->out, nft_nat_do_chain); |
65 | } | 59 | } |
66 | 60 | ||
67 | static unsigned int nft_nat_ipv6_local_fn(const struct nf_hook_ops *ops, | 61 | static unsigned int nft_nat_ipv6_local_fn(const struct nf_hook_ops *ops, |
68 | struct sk_buff *skb, | 62 | struct sk_buff *skb, |
69 | const struct net_device *in, | 63 | const struct nf_hook_state *state) |
70 | const struct net_device *out, | ||
71 | int (*okfn)(struct sk_buff *)) | ||
72 | { | 64 | { |
73 | return nf_nat_ipv6_local_fn(ops, skb, in, out, nft_nat_do_chain); | 65 | return nf_nat_ipv6_local_fn(ops, skb, state->in, state->out, nft_nat_do_chain); |
74 | } | 66 | } |
75 | 67 | ||
76 | static const struct nf_chain_type nft_chain_nat_ipv6 = { | 68 | static const struct nf_chain_type nft_chain_nat_ipv6 = { |
diff --git a/net/ipv6/netfilter/nft_chain_route_ipv6.c b/net/ipv6/netfilter/nft_chain_route_ipv6.c index 42031299585e..c826c3c854b2 100644 --- a/net/ipv6/netfilter/nft_chain_route_ipv6.c +++ b/net/ipv6/netfilter/nft_chain_route_ipv6.c | |||
@@ -24,9 +24,7 @@ | |||
24 | 24 | ||
25 | static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops, | 25 | static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops, |
26 | struct sk_buff *skb, | 26 | struct sk_buff *skb, |
27 | const struct net_device *in, | 27 | const struct nf_hook_state *state) |
28 | const struct net_device *out, | ||
29 | int (*okfn)(struct sk_buff *)) | ||
30 | { | 28 | { |
31 | unsigned int ret; | 29 | unsigned int ret; |
32 | struct nft_pktinfo pkt; | 30 | struct nft_pktinfo pkt; |
@@ -35,7 +33,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops, | |||
35 | u32 mark, flowlabel; | 33 | u32 mark, flowlabel; |
36 | 34 | ||
37 | /* malformed packet, drop it */ | 35 | /* malformed packet, drop it */ |
38 | if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0) | 36 | if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0) |
39 | return NF_DROP; | 37 | return NF_DROP; |
40 | 38 | ||
41 | /* save source/dest address, mark, hoplimit, flowlabel, priority */ | 39 | /* save source/dest address, mark, hoplimit, flowlabel, priority */ |