xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: Make nf_hookfn use nf_hook_state.

Browse Source 
Pass the nf_hook_state all the way down into the hook
functions themselves.

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
2015-04-03 20:32:56 -04:00
parent 1d1de89b9a
commit 238e54c9cb
35 changed files with 169 additions and 294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
net/ipv6/netfilter/ip6t_SYNPROXY.c
View File

@@ -315,11 +315,9 @@ synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par)
static unsigned int ipv6_synproxy_hook(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *nhs)
{
struct synproxy_net *snet = synproxy_pernet(dev_net(in ? : out));
struct synproxy_net *snet = synproxy_pernet(dev_net(nhs->in ? : nhs->out));
enum ip_conntrack_info ctinfo;
struct nf_conn *ct;
struct nf_conn_synproxy *synproxy;

7
net/ipv6/netfilter/ip6table_filter.c
View File

@@ -33,12 +33,11 @@ static const struct xt_table packet_filter = {
/* The work comes in here from netfilter.c. */
static unsigned int
ip6table_filter_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
const struct net *net = dev_net((in != NULL) ? in : out);
const struct net *net = dev_net(state->in ? state->in : state->out);
return ip6t_do_table(skb, ops->hooknum, in, out,
return ip6t_do_table(skb, ops->hooknum, state->in, state->out,
net->ipv6.ip6table_filter);
}

13
net/ipv6/netfilter/ip6table_mangle.c
View File

@@ -77,17 +77,16 @@ ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out)
/* The work comes in here from netfilter.c. */
static unsigned int
ip6table_mangle_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
if (ops->hooknum == NF_INET_LOCAL_OUT)
return ip6t_mangle_out(skb, out);
return ip6t_mangle_out(skb, state->out);
if (ops->hooknum == NF_INET_POST_ROUTING)
return ip6t_do_table(skb, ops->hooknum, in, out,
dev_net(out)->ipv6.ip6table_mangle);
return ip6t_do_table(skb, ops->hooknum, state->in, state->out,
dev_net(state->out)->ipv6.ip6table_mangle);
/* INPUT/FORWARD */
return ip6t_do_table(skb, ops->hooknum, in, out,
dev_net(in)->ipv6.ip6table_mangle);
return ip6t_do_table(skb, ops->hooknum, state->in, state->out,
dev_net(state->in)->ipv6.ip6table_mangle);
}
static struct nf_hook_ops *mangle_ops __read_mostly;

28
net/ipv6/netfilter/ip6table_nat.c
View File

@@ -43,38 +43,34 @@ static unsigned int ip6table_nat_do_chain(const struct nf_hook_ops *ops,
static unsigned int ip6table_nat_fn(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
return nf_nat_ipv6_fn(ops, skb, in, out, ip6table_nat_do_chain);
return nf_nat_ipv6_fn(ops, skb, state->in, state->out,
ip6table_nat_do_chain);
}
static unsigned int ip6table_nat_in(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
return nf_nat_ipv6_in(ops, skb, in, out, ip6table_nat_do_chain);
return nf_nat_ipv6_in(ops, skb, state->in, state->out,
ip6table_nat_do_chain);
}
static unsigned int ip6table_nat_out(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
return nf_nat_ipv6_out(ops, skb, in, out, ip6table_nat_do_chain);
return nf_nat_ipv6_out(ops, skb, state->in, state->out,
ip6table_nat_do_chain);
}
static unsigned int ip6table_nat_local_fn(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
return nf_nat_ipv6_local_fn(ops, skb, in, out, ip6table_nat_do_chain);
return nf_nat_ipv6_local_fn(ops, skb, state->in, state->out,
ip6table_nat_do_chain);
}
static struct nf_hook_ops nf_nat_ipv6_ops[] __read_mostly = {

7
net/ipv6/netfilter/ip6table_raw.c
View File

@@ -20,12 +20,11 @@ static const struct xt_table packet_raw = {
/* The work comes in here from netfilter.c. */
static unsigned int
ip6table_raw_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
const struct net *net = dev_net((in != NULL) ? in : out);
const struct net *net = dev_net(state->in ? state->in : state->out);
return ip6t_do_table(skb, ops->hooknum, in, out,
return ip6t_do_table(skb, ops->hooknum, state->in, state->out,
net->ipv6.ip6table_raw);
}

8
net/ipv6/netfilter/ip6table_security.c
View File

@@ -37,13 +37,11 @@ static const struct xt_table security_table = {
static unsigned int
ip6table_security_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
const struct net *net = dev_net((in != NULL) ? in : out);
const struct net *net = dev_net(state->in ? state->in : state->out);
return ip6t_do_table(skb, ops->hooknum, in, out,
return ip6t_do_table(skb, ops->hooknum, state->in, state->out,
net->ipv6.ip6table_security);
}

20
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
View File

@@ -97,9 +97,7 @@ static int ipv6_get_l4proto(const struct sk_buff *skb, unsigned int nhoff,
static unsigned int ipv6_helper(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
struct nf_conn *ct;
const struct nf_conn_help *help;
@@ -135,9 +133,7 @@ static unsigned int ipv6_helper(const struct nf_hook_ops *ops,
static unsigned int ipv6_confirm(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
struct nf_conn *ct;
enum ip_conntrack_info ctinfo;
@@ -171,25 +167,21 @@ out:
static unsigned int ipv6_conntrack_in(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
return nf_conntrack_in(dev_net(in), PF_INET6, ops->hooknum, skb);
return nf_conntrack_in(dev_net(state->in), PF_INET6, ops->hooknum, skb);
}
static unsigned int ipv6_conntrack_local(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
/* root is playing with raw sockets. */
if (skb->len < sizeof(struct ipv6hdr)) {
net_notice_ratelimited("ipv6_conntrack_local: packet too short\n");
return NF_ACCEPT;
}
return nf_conntrack_in(dev_net(out), PF_INET6, ops->hooknum, skb);
return nf_conntrack_in(dev_net(state->out), PF_INET6, ops->hooknum, skb);
}
static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {

8
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
View File

@@ -54,9 +54,7 @@ static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
static unsigned int ipv6_defrag(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
struct sk_buff *reasm;
@@ -78,8 +76,8 @@ static unsigned int ipv6_defrag(const struct nf_hook_ops *ops,
nf_ct_frag6_consume_orig(reasm);
NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, reasm,
(struct net_device *) in, (struct net_device *) out,
okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1);
state->in, state->out,
state->okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1);
return NF_STOLEN;
}

12
net/ipv6/netfilter/nf_tables_ipv6.c
View File

@@ -18,14 +18,12 @@
static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
struct nft_pktinfo pkt;
/* malformed packet, drop it */
if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0)
if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0)
return NF_DROP;
return nft_do_chain(&pkt, ops);
@@ -33,9 +31,7 @@ static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops,
static unsigned int nft_ipv6_output(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
if (unlikely(skb->len < sizeof(struct ipv6hdr))) {
if (net_ratelimit())
@@ -44,7 +40,7 @@ static unsigned int nft_ipv6_output(const struct nf_hook_ops *ops,
return NF_ACCEPT;
}
return nft_do_chain_ipv6(ops, skb, in, out, okfn);
return nft_do_chain_ipv6(ops, skb, state);
}
struct nft_af_info nft_af_ipv6 __read_mostly = {

24
net/ipv6/netfilter/nft_chain_nat_ipv6.c
View File

@@ -39,38 +39,30 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
static unsigned int nft_nat_ipv6_fn(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
return nf_nat_ipv6_fn(ops, skb, in, out, nft_nat_do_chain);
return nf_nat_ipv6_fn(ops, skb, state->in, state->out, nft_nat_do_chain);
}
static unsigned int nft_nat_ipv6_in(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
return nf_nat_ipv6_in(ops, skb, in, out, nft_nat_do_chain);
return nf_nat_ipv6_in(ops, skb, state->in, state->out, nft_nat_do_chain);
}
static unsigned int nft_nat_ipv6_out(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
return nf_nat_ipv6_out(ops, skb, in, out, nft_nat_do_chain);
return nf_nat_ipv6_out(ops, skb, state->in, state->out, nft_nat_do_chain);
}
static unsigned int nft_nat_ipv6_local_fn(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
return nf_nat_ipv6_local_fn(ops, skb, in, out, nft_nat_do_chain);
return nf_nat_ipv6_local_fn(ops, skb, state->in, state->out, nft_nat_do_chain);
}
static const struct nf_chain_type nft_chain_nat_ipv6 = {

6
net/ipv6/netfilter/nft_chain_route_ipv6.c
View File

@@ -24,9 +24,7 @@
static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
const struct nf_hook_state *state)
{
unsigned int ret;
struct nft_pktinfo pkt;
@@ -35,7 +33,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
u32 mark, flowlabel;
/* malformed packet, drop it */
if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0)
if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0)
return NF_DROP;
/* save source/dest address, mark, hoplimit, flowlabel, priority */