Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c9484874 authored Jan 03, 2014 by Patrick McHardy Committed by Pablo Neira Ayuso Jan 07, 2014

netfilter: nf_tables: add hook ops to struct nft_pktinfo

Multi-family tables need the AF from the hook ops. Add a pointer to the
hook ops and replace usage of the hooknum member in struct nft_pktinfo.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 3b088c4b

include/net/netfilter/nf_tables.h

+3 −2

Original line number	Original line	Diff line number	Diff line
	@@ -13,7 +13,7 @@ struct nft_pktinfo {
	struct sk_buff *skb;		struct sk_buff *skb;
	const struct net_device *in;		const struct net_device *in;
	const struct net_device *out;		const struct net_device *out;
	u8 hooknum;		const struct nf_hook_ops *ops;
	u8 nhoff;		u8 nhoff;
	u8 thoff;		u8 thoff;
	/* for x_tables compatibility */		/* for x_tables compatibility */
	@@ -29,7 +29,8 @@ static inline void nft_set_pktinfo(struct nft_pktinfo *pkt,
	pkt->skb = skb;		pkt->skb = skb;
	pkt->in = pkt->xt.in = in;		pkt->in = pkt->xt.in = in;
	pkt->out = pkt->xt.out = out;		pkt->out = pkt->xt.out = out;
	pkt->hooknum = pkt->xt.hooknum = ops->hooknum;		pkt->ops = ops;
			pkt->xt.hooknum = ops->hooknum;
	pkt->xt.family = ops->pf;		pkt->xt.family = ops->pf;
	}		}

net/netfilter/nf_tables_core.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -109,7 +109,7 @@ static inline void nft_trace_packet(const struct nft_pktinfo *pkt,
	{		{
	struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);		struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);

	nf_log_packet(net, pkt->xt.family, pkt->hooknum, pkt->skb, pkt->in,		nf_log_packet(net, pkt->xt.family, pkt->ops->hooknum, pkt->skb, pkt->in,
	pkt->out, &trace_loginfo, "TRACE: %s:%s:%s:%u ",		pkt->out, &trace_loginfo, "TRACE: %s:%s:%s:%u ",
	chain->table->name, chain->name, comments[type],		chain->table->name, chain->name, comments[type],
	rulenum);		rulenum);

net/netfilter/nft_log.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -33,7 +33,7 @@ static void nft_log_eval(const struct nft_expr *expr,
	const struct nft_log *priv = nft_expr_priv(expr);		const struct nft_log *priv = nft_expr_priv(expr);
	struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);		struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);

	nf_log_packet(net, priv->family, pkt->hooknum, pkt->skb, pkt->in,		nf_log_packet(net, priv->family, pkt->ops->hooknum, pkt->skb, pkt->in,
	pkt->out, &priv->loginfo, "%s", priv->prefix);		pkt->out, &priv->loginfo, "%s", priv->prefix);
	}		}

net/netfilter/nft_reject.c

+3 −3

Original line number	Original line	Diff line number	Diff line
	@@ -44,15 +44,15 @@ static void nft_reject_eval(const struct nft_expr *expr,
	#if IS_ENABLED(CONFIG_NF_TABLES_IPV6)		#if IS_ENABLED(CONFIG_NF_TABLES_IPV6)
	else if (priv->family == NFPROTO_IPV6)		else if (priv->family == NFPROTO_IPV6)
	nf_send_unreach6(net, pkt->skb, priv->icmp_code,		nf_send_unreach6(net, pkt->skb, priv->icmp_code,
	pkt->hooknum);		pkt->ops->hooknum);
	#endif		#endif
	break;		break;
	case NFT_REJECT_TCP_RST:		case NFT_REJECT_TCP_RST:
	if (priv->family == NFPROTO_IPV4)		if (priv->family == NFPROTO_IPV4)
	nf_send_reset(pkt->skb, pkt->hooknum);		nf_send_reset(pkt->skb, pkt->ops->hooknum);
	#if IS_ENABLED(CONFIG_NF_TABLES_IPV6)		#if IS_ENABLED(CONFIG_NF_TABLES_IPV6)
	else if (priv->family == NFPROTO_IPV6)		else if (priv->family == NFPROTO_IPV6)
	nf_send_reset6(net, pkt->skb, pkt->hooknum);		nf_send_reset6(net, pkt->skb, pkt->ops->hooknum);
	#endif		#endif
	break;		break;
	}		}