netfilter: Pass nf_hook_state through nft_set_pktinfo*().

Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index b8cd60dcb4e1f7fd1ae8b7efe7e5802a1ddd86ca..8049819803939043db30ea182b715341f0cd9587 100644 (file)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -26,12 +26,11 @@ struct nft_pktinfo {
 static inline void nft_set_pktinfo(struct nft_pktinfo *pkt,
                                   const struct nf_hook_ops *ops,
                                   struct sk_buff *skb,
-                                  const struct net_device *in,
-                                  const struct net_device *out)
+                                  const struct nf_hook_state *state)
 {
        pkt->skb = skb;
-       pkt->in = pkt->xt.in = in;
-       pkt->out = pkt->xt.out = out;
+       pkt->in = pkt->xt.in = state->in;
+       pkt->out = pkt->xt.out = state->out;
        pkt->ops = ops;
        pkt->xt.hooknum = ops->hooknum;
        pkt->xt.family = ops->pf;

diff --git a/include/net/netfilter/nf_tables_ipv4.h b/include/net/netfilter/nf_tables_ipv4.h
index cba143fbd2e4fca9f5d0280dda035215ebd922fb..2df7f96902ee96edaa9a85f7c96c254220b5e12d 100644 (file)
--- a/include/net/netfilter/nf_tables_ipv4.h
+++ b/include/net/netfilter/nf_tables_ipv4.h
@@ -8,12 +8,11 @@ static inline void
 nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt,
                     const struct nf_hook_ops *ops,
                     struct sk_buff *skb,
-                    const struct net_device *in,
-                    const struct net_device *out)
+                    const struct nf_hook_state *state)
 {
        struct iphdr *ip;
 
-       nft_set_pktinfo(pkt, ops, skb, in, out);
+       nft_set_pktinfo(pkt, ops, skb, state);
 
        ip = ip_hdr(pkt->skb);
        pkt->tprot = ip->protocol;

diff --git a/include/net/netfilter/nf_tables_ipv6.h b/include/net/netfilter/nf_tables_ipv6.h
index 74d97613765801512e523bab6e40b6e2767d982d..97db2e3a5e657c4b67fdbcfd9b609aea390e1ec0 100644 (file)
--- a/include/net/netfilter/nf_tables_ipv6.h
+++ b/include/net/netfilter/nf_tables_ipv6.h
@@ -8,13 +8,12 @@ static inline int
 nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt,
                     const struct nf_hook_ops *ops,
                     struct sk_buff *skb,
-                    const struct net_device *in,
-                    const struct net_device *out)
+                    const struct nf_hook_state *state)
 {
        int protohdr, thoff = 0;
        unsigned short frag_off;
 
-       nft_set_pktinfo(pkt, ops, skb, in, out);
+       nft_set_pktinfo(pkt, ops, skb, state);
 
        protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, NULL);
        /* If malformed, drop it */

diff --git a/net/bridge/netfilter/nf_tables_bridge.c b/net/bridge/netfilter/nf_tables_bridge.c
index 2c46a47160a8c1dc59b7ac4bbaeb687dd0cb4d09..a343e62442b1304eca4e23abeb2a3df92283552e 100644 (file)
--- a/net/bridge/netfilter/nf_tables_bridge.c
+++ b/net/bridge/netfilter/nf_tables_bridge.c
@@ -67,27 +67,25 @@ EXPORT_SYMBOL_GPL(nft_bridge_ip6hdr_validate);
 static inline void nft_bridge_set_pktinfo_ipv4(struct nft_pktinfo *pkt,
                                               const struct nf_hook_ops *ops,
                                               struct sk_buff *skb,
-                                              const struct net_device *in,
-                                              const struct net_device *out)
+                                              const struct nf_hook_state *state)
 {
        if (nft_bridge_iphdr_validate(skb))
-               nft_set_pktinfo_ipv4(pkt, ops, skb, in, out);
+               nft_set_pktinfo_ipv4(pkt, ops, skb, state);
        else
-               nft_set_pktinfo(pkt, ops, skb, in, out);
+               nft_set_pktinfo(pkt, ops, skb, state);
 }
 
 static inline void nft_bridge_set_pktinfo_ipv6(struct nft_pktinfo *pkt,
-                                             const struct nf_hook_ops *ops,
-                                             struct sk_buff *skb,
-                                             const struct net_device *in,
-                                             const struct net_device *out)
+                                              const struct nf_hook_ops *ops,
+                                              struct sk_buff *skb,
+                                              const struct nf_hook_state *state)
 {
 #if IS_ENABLED(CONFIG_IPV6)
        if (nft_bridge_ip6hdr_validate(skb) &&
-           nft_set_pktinfo_ipv6(pkt, ops, skb, in, out) == 0)
+           nft_set_pktinfo_ipv6(pkt, ops, skb, state) == 0)
                return;
 #endif
-       nft_set_pktinfo(pkt, ops, skb, in, out);
+       nft_set_pktinfo(pkt, ops, skb, state);
 }
 
 static unsigned int
@@ -99,13 +97,13 @@ nft_do_chain_bridge(const struct nf_hook_ops *ops,
 
        switch (eth_hdr(skb)->h_proto) {
        case htons(ETH_P_IP):
-               nft_bridge_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out);
+               nft_bridge_set_pktinfo_ipv4(&pkt, ops, skb, state);
                break;
        case htons(ETH_P_IPV6):
-               nft_bridge_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out);
+               nft_bridge_set_pktinfo_ipv6(&pkt, ops, skb, state);
                break;
        default:
-               nft_set_pktinfo(&pkt, ops, skb, state->in, state->out);
+               nft_set_pktinfo(&pkt, ops, skb, state);
                break;
        }
 

diff --git a/net/ipv4/netfilter/nf_tables_arp.c b/net/ipv4/netfilter/nf_tables_arp.c
index fceb50e1e87dc86f3011f3a4ac2fe7e806d620a4..8412268bbad1852851c6fc3d5337d463d1ff1c51 100644 (file)
--- a/net/ipv4/netfilter/nf_tables_arp.c
+++ b/net/ipv4/netfilter/nf_tables_arp.c
@@ -21,7 +21,7 @@ nft_do_chain_arp(const struct nf_hook_ops *ops,
 {
        struct nft_pktinfo pkt;
 
-       nft_set_pktinfo(&pkt, ops, skb, state->in, state->out);
+       nft_set_pktinfo(&pkt, ops, skb, state);
 
        return nft_do_chain(&pkt, ops);
 }

diff --git a/net/ipv4/netfilter/nf_tables_ipv4.c b/net/ipv4/netfilter/nf_tables_ipv4.c
index 708e388e3dbeb7220f7a8ca0782cbe93d7f0a036..aa180d3a69a5a196e65fdc46cad267944ef6c5cc 100644 (file)
--- a/net/ipv4/netfilter/nf_tables_ipv4.c
+++ b/net/ipv4/netfilter/nf_tables_ipv4.c
@@ -24,7 +24,7 @@ static unsigned int nft_do_chain_ipv4(const struct nf_hook_ops *ops,
 {
        struct nft_pktinfo pkt;
 
-       nft_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out);
+       nft_set_pktinfo_ipv4(&pkt, ops, skb, state);
 
        return nft_do_chain(&pkt, ops);
 }

diff --git a/net/ipv4/netfilter/nft_chain_nat_ipv4.c b/net/ipv4/netfilter/nft_chain_nat_ipv4.c
index f56bbb1ab1a0b6160c0aab1d165a56c340eb48e0..bf5c30ae14e4e768b61dd758be2acef6e8a0aa86 100644 (file)
--- a/net/ipv4/netfilter/nft_chain_nat_ipv4.c
+++ b/net/ipv4/netfilter/nft_chain_nat_ipv4.c
@@ -33,7 +33,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
 {
        struct nft_pktinfo pkt;
 
-       nft_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out);
+       nft_set_pktinfo_ipv4(&pkt, ops, skb, state);
 
        return nft_do_chain(&pkt, ops);
 }

diff --git a/net/ipv4/netfilter/nft_chain_route_ipv4.c b/net/ipv4/netfilter/nft_chain_route_ipv4.c
index 073d0776ae7ff5069721b471ce273da70e06e939..e335b0afdaf33405f05804e72bcadf48cac5c3ea 100644 (file)
--- a/net/ipv4/netfilter/nft_chain_route_ipv4.c
+++ b/net/ipv4/netfilter/nft_chain_route_ipv4.c
@@ -37,7 +37,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
            ip_hdrlen(skb) < sizeof(struct iphdr))
                return NF_ACCEPT;
 
-       nft_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out);
+       nft_set_pktinfo_ipv4(&pkt, ops, skb, state);
 
        mark = skb->mark;
        iph = ip_hdr(skb);

diff --git a/net/ipv6/netfilter/nf_tables_ipv6.c b/net/ipv6/netfilter/nf_tables_ipv6.c
index 224bc8971a0bbb9d20752568184403fa922c9fae..c8148ba76d1a765e1ee2ba190961045fad033c6b 100644 (file)
--- a/net/ipv6/netfilter/nf_tables_ipv6.c
+++ b/net/ipv6/netfilter/nf_tables_ipv6.c
@@ -23,7 +23,7 @@ static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops,
        struct nft_pktinfo pkt;
 
        /* malformed packet, drop it */
-       if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0)
+       if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state) < 0)
                return NF_DROP;
 
        return nft_do_chain(&pkt, ops);

diff --git a/net/ipv6/netfilter/nft_chain_nat_ipv6.c b/net/ipv6/netfilter/nft_chain_nat_ipv6.c
index 11c6f75fcc4dd4b4db753dd7177ce2cdf2d6cc0c..951bb458b7bd53968f76b6e8431f12214a05b88a 100644 (file)
--- a/net/ipv6/netfilter/nft_chain_nat_ipv6.c
+++ b/net/ipv6/netfilter/nft_chain_nat_ipv6.c
@@ -31,7 +31,7 @@ static unsigned int nft_nat_do_chain(const struct nf_hook_ops *ops,
 {
        struct nft_pktinfo pkt;
 
-       nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out);
+       nft_set_pktinfo_ipv6(&pkt, ops, skb, state);
 
        return nft_do_chain(&pkt, ops);
 }

diff --git a/net/ipv6/netfilter/nft_chain_route_ipv6.c b/net/ipv6/netfilter/nft_chain_route_ipv6.c
index c826c3c854b2bd6fe0a12e47eeb61f929cb55813..0dafdaac5e175062b8c81665834390a8aabe5171 100644 (file)
--- a/net/ipv6/netfilter/nft_chain_route_ipv6.c
+++ b/net/ipv6/netfilter/nft_chain_route_ipv6.c
@@ -33,7 +33,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
        u32 mark, flowlabel;
 
        /* malformed packet, drop it */
-       if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0)
+       if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state) < 0)
                return NF_DROP;
 
        /* save source/dest address, mark, hoplimit, flowlabel, priority */