netfilter: Pass nf_hook_state through nft_set_pktinfo*(). (073bfd56) · Commits · e / devices / android_kernel_oneplus_sm7250

include/net/netfilter/nf_tables.h

+3 −4

Original line number	Diff line number	Diff line
		@@ -26,12 +26,11 @@ struct nft_pktinfo {
		static inline void nft_set_pktinfo(struct nft_pktinfo *pkt,
		const struct nf_hook_ops *ops,
		struct sk_buff *skb,
		const struct net_device *in,
		const struct net_device *out)
		const struct nf_hook_state *state)
		{
		pkt->skb = skb;
		pkt->in = pkt->xt.in = in;
		pkt->out = pkt->xt.out = out;
		pkt->in = pkt->xt.in = state->in;
		pkt->out = pkt->xt.out = state->out;
		pkt->ops = ops;
		pkt->xt.hooknum = ops->hooknum;
		pkt->xt.family = ops->pf;

include/net/netfilter/nf_tables_ipv4.h

+2 −3

Original line number	Diff line number	Diff line
		@@ -8,12 +8,11 @@ static inline void
		nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt,
		const struct nf_hook_ops *ops,
		struct sk_buff *skb,
		const struct net_device *in,
		const struct net_device *out)
		const struct nf_hook_state *state)
		{
		struct iphdr *ip;

		nft_set_pktinfo(pkt, ops, skb, in, out);
		nft_set_pktinfo(pkt, ops, skb, state);

		ip = ip_hdr(pkt->skb);
		pkt->tprot = ip->protocol;

include/net/netfilter/nf_tables_ipv6.h

+2 −3

Original line number	Diff line number	Diff line
		@@ -8,13 +8,12 @@ static inline int
		nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt,
		const struct nf_hook_ops *ops,
		struct sk_buff *skb,
		const struct net_device *in,
		const struct net_device *out)
		const struct nf_hook_state *state)
		{
		int protohdr, thoff = 0;
		unsigned short frag_off;

		nft_set_pktinfo(pkt, ops, skb, in, out);
		nft_set_pktinfo(pkt, ops, skb, state);

		protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, NULL);
		/* If malformed, drop it */

net/bridge/netfilter/nf_tables_bridge.c

+11 −13

Original line number	Diff line number	Diff line
		@@ -67,27 +67,25 @@ EXPORT_SYMBOL_GPL(nft_bridge_ip6hdr_validate);
		static inline void nft_bridge_set_pktinfo_ipv4(struct nft_pktinfo *pkt,
		const struct nf_hook_ops *ops,
		struct sk_buff *skb,
		const struct net_device *in,
		const struct net_device *out)
		const struct nf_hook_state *state)
		{
		if (nft_bridge_iphdr_validate(skb))
		nft_set_pktinfo_ipv4(pkt, ops, skb, in, out);
		nft_set_pktinfo_ipv4(pkt, ops, skb, state);
		else
		nft_set_pktinfo(pkt, ops, skb, in, out);
		nft_set_pktinfo(pkt, ops, skb, state);
		}

		static inline void nft_bridge_set_pktinfo_ipv6(struct nft_pktinfo *pkt,
		const struct nf_hook_ops *ops,
		struct sk_buff *skb,
		const struct net_device *in,
		const struct net_device *out)
		const struct nf_hook_state *state)
		{
		#if IS_ENABLED(CONFIG_IPV6)
		if (nft_bridge_ip6hdr_validate(skb) &&
		nft_set_pktinfo_ipv6(pkt, ops, skb, in, out) == 0)
		nft_set_pktinfo_ipv6(pkt, ops, skb, state) == 0)
		return;
		#endif
		nft_set_pktinfo(pkt, ops, skb, in, out);
		nft_set_pktinfo(pkt, ops, skb, state);
		}

		static unsigned int
		@@ -99,13 +97,13 @@ nft_do_chain_bridge(const struct nf_hook_ops *ops,

		switch (eth_hdr(skb)->h_proto) {
		case htons(ETH_P_IP):
		nft_bridge_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out);
		nft_bridge_set_pktinfo_ipv4(&pkt, ops, skb, state);
		break;
		case htons(ETH_P_IPV6):
		nft_bridge_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out);
		nft_bridge_set_pktinfo_ipv6(&pkt, ops, skb, state);
		break;
		default:
		nft_set_pktinfo(&pkt, ops, skb, state->in, state->out);
		nft_set_pktinfo(&pkt, ops, skb, state);
		break;
		}

net/ipv4/netfilter/nf_tables_arp.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -21,7 +21,7 @@ nft_do_chain_arp(const struct nf_hook_ops *ops,
		{
		struct nft_pktinfo pkt;

		nft_set_pktinfo(&pkt, ops, skb, state->in, state->out);
		nft_set_pktinfo(&pkt, ops, skb, state);

		return nft_do_chain(&pkt, ops);
		}