netfilter: Make nf_hookfn use nf_hook_state.

Pass the nf_hook_state all the way down into the hook functions themselves. Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2015-04-03 20:32:56 -0400
committer: David S. Miller <davem@davemloft.net> 2015-04-04 12:31:38 -0400
commit: 238e54c9cb9385a1ba99e92801f3615a2fb398b6 (patch)
tree: 4efeb9b5c92f87028a6d321c7088b9d1e270360a /security
parent: 1d1de89b9a4746f1dd055a3b8d073dd2f962a3b6 (diff)
2 files changed, 11 insertions, 25 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index edc66de39f2e..7e392edaab97 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4852,21 +4852,17 @@ static unsigned int selinux_ip_forward(struct sk_buff *skb,
 static unsigned int selinux_ipv4_forward(const struct nf_hook_ops *ops,
                                         struct sk_buff *skb,
-                                         const struct net_device *in,
+                                         const struct nf_hook_state *state)
-                                         const struct net_device *out,
-                                         int (*okfn)(struct sk_buff *))
 {
-        return selinux_ip_forward(skb, in, PF_INET);
+        return selinux_ip_forward(skb, state->in, PF_INET);
 }
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 static unsigned int selinux_ipv6_forward(const struct nf_hook_ops *ops,
                                         struct sk_buff *skb,
-                                         const struct net_device *in,
+                                         const struct nf_hook_state *state)
-                                         const struct net_device *out,
-                                         int (*okfn)(struct sk_buff *))
 {
-        return selinux_ip_forward(skb, in, PF_INET6);
+        return selinux_ip_forward(skb, state->in, PF_INET6);
 }
 #endif  /* IPV6 */
@@ -4914,9 +4910,7 @@ static unsigned int selinux_ip_output(struct sk_buff *skb,
 static unsigned int selinux_ipv4_output(const struct nf_hook_ops *ops,
                                        struct sk_buff *skb,
-                                        const struct net_device *in,
+                                        const struct nf_hook_state *state)
-                                        const struct net_device *out,
-                                        int (*okfn)(struct sk_buff *))
 {
        return selinux_ip_output(skb, PF_INET);
 }
@@ -5091,21 +5085,17 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb,
 static unsigned int selinux_ipv4_postroute(const struct nf_hook_ops *ops,
                                           struct sk_buff *skb,
-                                           const struct net_device *in,
+                                           const struct nf_hook_state *state)
-                                           const struct net_device *out,
-                                           int (*okfn)(struct sk_buff *))
 {
-        return selinux_ip_postroute(skb, out, PF_INET);
+        return selinux_ip_postroute(skb, state->out, PF_INET);
 }
 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
 static unsigned int selinux_ipv6_postroute(const struct nf_hook_ops *ops,
                                           struct sk_buff *skb,
-                                           const struct net_device *in,
+                                           const struct nf_hook_state *state)
-                                           const struct net_device *out,
-                                           int (*okfn)(struct sk_buff *))
 {
-        return selinux_ip_postroute(skb, out, PF_INET6);
+        return selinux_ip_postroute(skb, state->out, PF_INET6);
 }
 #endif  /* IPV6 */
diff --git a/security/smack/smack_netfilter.c b/security/smack/smack_netfilter.c
index c952632afb0d..a455cfc9ec1f 100644
--- a/security/smack/smack_netfilter.c
+++ b/security/smack/smack_netfilter.c
@@ -23,9 +23,7 @@
 static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,
                                        struct sk_buff *skb,
-                                        const struct net_device *in,
+                                        const struct nf_hook_state *state)
-                                        const struct net_device *out,
-                                        int (*okfn)(struct sk_buff *))
 {
        struct socket_smack *ssp;
        struct smack_known *skp;
@@ -42,9 +40,7 @@ static unsigned int smack_ipv6_output(const struct nf_hook_ops *ops,
 static unsigned int smack_ipv4_output(const struct nf_hook_ops *ops,
                                        struct sk_buff *skb,
-                                        const struct net_device *in,
+                                        const struct nf_hook_state *state)
-                                        const struct net_device *out,
-                                        int (*okfn)(struct sk_buff *))
 {
        struct socket_smack *ssp;
        struct smack_known *skp;
author	David S. Miller <davem@davemloft.net>	2015-04-03 20:32:56 -0400
committer	David S. Miller <davem@davemloft.net>	2015-04-04 12:31:38 -0400
commit	238e54c9cb9385a1ba99e92801f3615a2fb398b6 (patch)
tree	4efeb9b5c92f87028a6d321c7088b9d1e270360a /security
parent	1d1de89b9a4746f1dd055a3b8d073dd2f962a3b6 (diff)