Commit 073bfd56 authored by David S. Miller's avatar David S. Miller

netfilter: Pass nf_hook_state through nft_set_pktinfo*().

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8f8a3715
...@@ -26,12 +26,11 @@ struct nft_pktinfo { ...@@ -26,12 +26,11 @@ struct nft_pktinfo {
static inline void nft_set_pktinfo(struct nft_pktinfo *pkt, static inline void nft_set_pktinfo(struct nft_pktinfo *pkt,
const struct nf_hook_ops *ops, const struct nf_hook_ops *ops,
struct sk_buff *skb, struct sk_buff *skb,
const struct net_device *in, const struct nf_hook_state *state)
const struct net_device *out)
{ {
pkt->skb = skb; pkt->skb = skb;
pkt->in = pkt->xt.in = in; pkt->in = pkt->xt.in = state->in;
pkt->out = pkt->xt.out = out; pkt->out = pkt->xt.out = state->out;
pkt->ops = ops; pkt->ops = ops;
pkt->xt.hooknum = ops->hooknum; pkt->xt.hooknum = ops->hooknum;
pkt->xt.family = ops->pf; pkt->xt.family = ops->pf;
......
...@@ -8,12 +8,11 @@ static inline void ...@@ -8,12 +8,11 @@ static inline void
nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt, nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt,
const struct nf_hook_ops *ops, const struct nf_hook_ops *ops,
struct sk_buff *skb, struct sk_buff *skb,
const struct net_device *in, const struct nf_hook_state *state)
const struct net_device *out)
{ {
struct iphdr *ip; struct iphdr *ip;
nft_set_pktinfo(pkt, ops, skb, in, out); nft_set_pktinfo(pkt, ops, skb, state);
ip = ip_hdr(pkt->skb); ip = ip_hdr(pkt->skb);
pkt->tprot = ip->protocol; pkt->tprot = ip->protocol;
......
...@@ -8,13 +8,12 @@ static inline int ...@@ -8,13 +8,12 @@ static inline int
nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt, nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt,
const struct nf_hook_ops *ops, const struct nf_hook_ops *ops,
struct sk_buff *skb, struct sk_buff *skb,
const struct net_device *in, const struct nf_hook_state *state)
const struct net_device *out)
{ {
int protohdr, thoff = 0; int protohdr, thoff = 0;
unsigned short frag_off; unsigned short frag_off;
nft_set_pktinfo(pkt, ops, skb, in, out); nft_set_pktinfo(pkt, ops, skb, state);
protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, NULL); protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, NULL);
/* If malformed, drop it */ /* If malformed, drop it */
......
...@@ -67,27 +67,25 @@ EXPORT_SYMBOL_GPL(nft_bridge_ip6hdr_validate); ...@@ -67,27 +67,25 @@ EXPORT_SYMBOL_GPL(nft_bridge_ip6hdr_validate);
static inline void nft_bridge_set_pktinfo_ipv4(struct nft_pktinfo *pkt, static inline void nft_bridge_set_pktinfo_ipv4(struct nft_pktinfo *pkt,
const struct nf_hook_ops *ops, const struct nf_hook_ops *ops,
struct sk_buff *skb, struct sk_buff *skb,
const struct net_device *in, const struct nf_hook_state *state)
const struct net_device *out)
{ {
if (nft_bridge_iphdr_validate(skb)) if (nft_bridge_iphdr_validate(skb))
nft_set_pktinfo_ipv4(pkt, ops, skb, in, out); nft_set_pktinfo_ipv4(pkt, ops, skb, state);
else else
nft_set_pktinfo(pkt, ops, skb, in, out); nft_set_pktinfo(pkt, ops, skb, state);
} }
static inline void nft_bridge_set_pktinfo_ipv6(struct nft_pktinfo *pkt, static inline void nft_bridge_set_pktinfo_ipv6(struct nft_pktinfo *pkt,
const struct nf_hook_ops *ops, const struct nf_hook_ops *ops,
struct sk_buff *skb, struct sk_buff *skb,
const struct net_device *in, const struct nf_hook_state *state)
const struct net_device *out)
{ {
#if IS_ENABLED(CONFIG_IPV6) #if IS_ENABLED(CONFIG_IPV6)
if (nft_bridge_ip6hdr_validate(skb) && if (nft_bridge_ip6hdr_validate(skb) &&
nft_set_pktinfo_ipv6(pkt, ops, skb, in, out) == 0) nft_set_pktinfo_ipv6(pkt, ops, skb, state) == 0)
return; return;
#endif #endif
nft_set_pktinfo(pkt, ops, skb, in, out); nft_set_pktinfo(pkt, ops, skb, state);
} }
static unsigned int static unsigned int
...@@ -99,13 +97,13 @@ nft_do_chain_bridge(const struct nf_hook_ops *ops, ...@@ -99,13 +97,13 @@ nft_do_chain_bridge(const struct nf_hook_ops *ops,
switch (eth_hdr(skb)->h_proto) { switch (eth_hdr(skb)->h_proto) {
case htons(ETH_P_IP): case htons(ETH_P_IP):
nft_bridge_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out); nft_bridge_set_pktinfo_ipv4(&pkt, ops, skb, state);
break; break;
case htons(ETH_P_IPV6): case htons(ETH_P_IPV6):
nft_bridge_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out); nft_bridge_set_pktinfo_ipv6(&pkt, ops, skb, state);
break; break;
default: default:
nft_set_pktinfo(&pkt, ops, skb, state->in, state->out); nft_set_pktinfo(&pkt, ops, skb, state);
break; break;
} }
......
...@@ -21,7 +21,7 @@ nft_do_chain_arp(const struct nf_hook_ops *ops, ...@@ -21,7 +21,7 @@ nft_do_chain_arp(const struct nf_hook_ops *ops,
{ {
struct nft_pktinfo pkt; struct nft_pktinfo pkt;
nft_set_pktinfo(&pkt, ops, skb, state->in, state->out); nft_set_pktinfo(&pkt, ops, skb, state);
return nft_do_chain(&pkt, ops); return nft_do_chain(&pkt, ops);
} }
......
...@@ -24,7 +24,7 @@ static unsigned int nft_do_chain_ipv4(const struct nf_hook_ops *ops, ...@@ -24,7 +24,7 @@ static unsigned int nft_do_chain_ipv4(const struct nf_hook_ops *ops,
{ {
struct nft_pktinfo pkt; struct nft_pktinfo pkt;
nft_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out); nft_set_pktinfo_ipv4(&pkt, ops, skb, state);
return nft_do_chain(&pkt, ops); return nft_do_chain(&pkt, ops);
} }
......
...@@ -33,7 +33,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops, ...@@ -33,7 +33,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
{ {
struct nft_pktinfo pkt; struct nft_pktinfo pkt;
nft_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out); nft_set_pktinfo_ipv4(&pkt, ops, skb, state);
return nft_do_chain(&pkt, ops); return nft_do_chain(&pkt, ops);
} }
......
...@@ -37,7 +37,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops, ...@@ -37,7 +37,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
ip_hdrlen(skb) < sizeof(struct iphdr)) ip_hdrlen(skb) < sizeof(struct iphdr))
return NF_ACCEPT; return NF_ACCEPT;
nft_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out); nft_set_pktinfo_ipv4(&pkt, ops, skb, state);
mark = skb->mark; mark = skb->mark;
iph = ip_hdr(skb); iph = ip_hdr(skb);
......
...@@ -23,7 +23,7 @@ static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops, ...@@ -23,7 +23,7 @@ static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops,
struct nft_pktinfo pkt; struct nft_pktinfo pkt;
/* malformed packet, drop it */ /* malformed packet, drop it */
if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0) if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state) < 0)
return NF_DROP; return NF_DROP;
return nft_do_chain(&pkt, ops); return nft_do_chain(&pkt, ops);
......
...@@ -31,7 +31,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops, ...@@ -31,7 +31,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
{ {
struct nft_pktinfo pkt; struct nft_pktinfo pkt;
nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out); nft_set_pktinfo_ipv6(&pkt, ops, skb, state);
return nft_do_chain(&pkt, ops); return nft_do_chain(&pkt, ops);
} }
......
...@@ -33,7 +33,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops, ...@@ -33,7 +33,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
u32 mark, flowlabel; u32 mark, flowlabel;
/* malformed packet, drop it */ /* malformed packet, drop it */
if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0) if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state) < 0)
return NF_DROP; return NF_DROP;
/* save source/dest address, mark, hoplimit, flowlabel, priority */ /* save source/dest address, mark, hoplimit, flowlabel, priority */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment