netfilter: nf_tables: add hook ops to struct nft_pktinfo

Multi-family tables need the AF from the hook ops. Add a pointer to the hook ops and replace usage of the hooknum member in struct nft_pktinfo. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nf_tables: add hook ops to struct nft_pktinfo
Multi-family tables need the AF from the hook ops. Add a pointer to the hook ops and replace usage of the hooknum member in struct nft_pktinfo. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Patrick McHardy · Pablo Neira Ayuso
1 parent 3b088c4bc0
Showing 4 changed files with 8 additions and 7 deletions Side-by-side Diff
include/net/netfilter/nf_tables.h
net/netfilter/nf_tables_core.c
net/netfilter/nft_log.c
net/netfilter/nft_reject.c
@@ -13,7 +13,7 @@
 	struct sk_buff			*skb;
 	const struct net_device		*in;
 	const struct net_device		*out;
-	u8				hooknum;
+	const struct nf_hook_ops	*ops;
 	u8				nhoff;
 	u8				thoff;
 	/* for x_tables compatibility */
@@ -29,7 +29,8 @@
 	pkt->skb = skb;
 	pkt->in = pkt->xt.in = in;
 	pkt->out = pkt->xt.out = out;
-	pkt->hooknum = pkt->xt.hooknum = ops->hooknum;
+	pkt->ops = ops;
+	pkt->xt.hooknum = ops->hooknum;
 	pkt->xt.family = ops->pf;
 }
  
@@ -109,7 +109,7 @@
 {
 	struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);
  
-	nf_log_packet(net, pkt->xt.family, pkt->hooknum, pkt->skb, pkt->in,
+	nf_log_packet(net, pkt->xt.family, pkt->ops->hooknum, pkt->skb, pkt->in,
 		      pkt->out, &trace_loginfo, "TRACE: %s:%s:%s:%u ",
 		      chain->table->name, chain->name, comments[type],
 		      rulenum);
@@ -33,7 +33,7 @@
 	const struct nft_log *priv = nft_expr_priv(expr);
 	struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);
  
-	nf_log_packet(net, priv->family, pkt->hooknum, pkt->skb, pkt->in,
+	nf_log_packet(net, priv->family, pkt->ops->hooknum, pkt->skb, pkt->in,
 		      pkt->out, &priv->loginfo, "%s", priv->prefix);
 }
  
@@ -44,15 +44,15 @@
 #if IS_ENABLED(CONFIG_NF_TABLES_IPV6)
 		else if (priv->family == NFPROTO_IPV6)
 			nf_send_unreach6(net, pkt->skb, priv->icmp_code,
-				      pkt->hooknum);
+				      pkt->ops->hooknum);
 #endif
 		break;
 	case NFT_REJECT_TCP_RST:
 		if (priv->family == NFPROTO_IPV4)
-			nf_send_reset(pkt->skb, pkt->hooknum);
+			nf_send_reset(pkt->skb, pkt->ops->hooknum);
 #if IS_ENABLED(CONFIG_NF_TABLES_IPV6)
 		else if (priv->family == NFPROTO_IPV6)
-			nf_send_reset6(net, pkt->skb, pkt->hooknum);
+			nf_send_reset6(net, pkt->skb, pkt->ops->hooknum);
 #endif
 		break;
 	}
...	...	@@ -13,7 +13,7 @@
13	13	struct sk_buff *skb;
14	14	const struct net_device *in;
15	15	const struct net_device *out;
16		- u8 hooknum;
	16	+ const struct nf_hook_ops *ops;
17	17	u8 nhoff;
18	18	u8 thoff;
19	19	/* for x_tables compatibility */
...	...	@@ -29,7 +29,8 @@
29	29	pkt->skb = skb;
30	30	pkt->in = pkt->xt.in = in;
31	31	pkt->out = pkt->xt.out = out;
32		- pkt->hooknum = pkt->xt.hooknum = ops->hooknum;
	32	+ pkt->ops = ops;
	33	+ pkt->xt.hooknum = ops->hooknum;
33	34	pkt->xt.family = ops->pf;
34	35	}
35	36
...	...	@@ -109,7 +109,7 @@
109	109	{
110	110	struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);
111	111
112		- nf_log_packet(net, pkt->xt.family, pkt->hooknum, pkt->skb, pkt->in,
	112	+ nf_log_packet(net, pkt->xt.family, pkt->ops->hooknum, pkt->skb, pkt->in,
113	113	pkt->out, &trace_loginfo, "TRACE: %s:%s:%s:%u ",
114	114	chain->table->name, chain->name, comments[type],
115	115	rulenum);
...	...	@@ -33,7 +33,7 @@
33	33	const struct nft_log *priv = nft_expr_priv(expr);
34	34	struct net *net = dev_net(pkt->in ? pkt->in : pkt->out);
35	35
36		- nf_log_packet(net, priv->family, pkt->hooknum, pkt->skb, pkt->in,
	36	+ nf_log_packet(net, priv->family, pkt->ops->hooknum, pkt->skb, pkt->in,
37	37	pkt->out, &priv->loginfo, "%s", priv->prefix);
38	38	}
39	39
...	...	@@ -44,15 +44,15 @@
44	44	#if IS_ENABLED(CONFIG_NF_TABLES_IPV6)
45	45	else if (priv->family == NFPROTO_IPV6)
46	46	nf_send_unreach6(net, pkt->skb, priv->icmp_code,
47		- pkt->hooknum);
	47	+ pkt->ops->hooknum);
48	48	#endif
49	49	break;
50	50	case NFT_REJECT_TCP_RST:
51	51	if (priv->family == NFPROTO_IPV4)
52		- nf_send_reset(pkt->skb, pkt->hooknum);
	52	+ nf_send_reset(pkt->skb, pkt->ops->hooknum);
53	53	#if IS_ENABLED(CONFIG_NF_TABLES_IPV6)
54	54	else if (priv->family == NFPROTO_IPV6)
55		- nf_send_reset6(net, pkt->skb, pkt->hooknum);
	55	+ nf_send_reset6(net, pkt->skb, pkt->ops->hooknum);
56	56	#endif
57	57	break;
58	58	}