netfilter: Pass nf_hook_state through ipt_do_table().

extern void *ipt_alloc_initial_table(const struct xt_table *);

extern unsigned int ipt_do_table(struct sk_buff *skb,

				 unsigned int hook,

				 const struct net_device *in,

				 const struct net_device *out,

				 const struct nf_hook_state *state,

				 struct xt_table *table);

#ifdef CONFIG_COMPAT

unsigned int

ipt_do_table(struct sk_buff *skb,

	     unsigned int hook,

	     const struct net_device *in,

	     const struct net_device *out,

	     const struct nf_hook_state *state,

	     struct xt_table *table)

{

	static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));

	/* Initialization */

	ip = ip_hdr(skb);

	indev = in ? in->name : nulldevname;

	outdev = out ? out->name : nulldevname;

	indev = state->in ? state->in->name : nulldevname;

	outdev = state->out ? state->out->name : nulldevname;

	/* We handle fragments by dealing with the first fragment as

	 * if it was a normal packet.  All other fragments are treated

	 * normally, except that they will NEVER match rules that ask

	acpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET;

	acpar.thoff   = ip_hdrlen(skb);

	acpar.hotdrop = false;

	acpar.in      = in;

	acpar.out     = out;

	acpar.in      = state->in;

	acpar.out     = state->out;

	acpar.family  = NFPROTO_IPV4;

	acpar.hooknum = hook;

#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)

		/* The packet is traced: log it */

		if (unlikely(skb->nf_trace))

			trace_packet(skb, hook, in, out,

			trace_packet(skb, hook, state->in, state->out,

				     table->name, private, e);

#endif

		/* Standard target? */

		return NF_ACCEPT;

	net = dev_net(state->in ? state->in : state->out);

	return ipt_do_table(skb, ops->hooknum, state->in, state->out,

			    net->ipv4.iptable_filter);

	return ipt_do_table(skb, ops->hooknum, state, net->ipv4.iptable_filter);

}

static struct nf_hook_ops *filter_ops __read_mostly;

};

static unsigned int

ipt_mangle_out(struct sk_buff *skb, const struct net_device *out)

ipt_mangle_out(struct sk_buff *skb, const struct nf_hook_state *state)

{

	struct net_device *out = state->out;

	unsigned int ret;

	const struct iphdr *iph;

	u_int8_t tos;

	daddr = iph->daddr;

	tos = iph->tos;

	ret = ipt_do_table(skb, NF_INET_LOCAL_OUT, NULL, out,

	ret = ipt_do_table(skb, NF_INET_LOCAL_OUT, state,

			   dev_net(out)->ipv4.iptable_mangle);

	/* Reroute for ANY change. */

	if (ret != NF_DROP && ret != NF_STOLEN) {

		     const struct nf_hook_state *state)

{

	if (ops->hooknum == NF_INET_LOCAL_OUT)

		return ipt_mangle_out(skb, state->out);

		return ipt_mangle_out(skb, state);

	if (ops->hooknum == NF_INET_POST_ROUTING)

		return ipt_do_table(skb, ops->hooknum, state->in, state->out,

		return ipt_do_table(skb, ops->hooknum, state,

				    dev_net(state->out)->ipv4.iptable_mangle);

	/* PREROUTING/INPUT/FORWARD: */

	return ipt_do_table(skb, ops->hooknum, state->in, state->out,

	return ipt_do_table(skb, ops->hooknum, state,

			    dev_net(state->in)->ipv4.iptable_mangle);

}

{

	struct net *net = nf_ct_net(ct);

	return ipt_do_table(skb, ops->hooknum, state->in, state->out,

			    net->ipv4.nat_table);

	return ipt_do_table(skb, ops->hooknum, state, net->ipv4.nat_table);

}

static unsigned int iptable_nat_ipv4_fn(const struct nf_hook_ops *ops,