+3 -4

include/net/netfilter/nf_tables.h

reviewed

··· 26 26 static inline void nft_set_pktinfo(struct nft_pktinfo *pkt, 27 27 const struct nf_hook_ops *ops, 28 28 struct sk_buff *skb, 29 29 - const struct net_device *in, 30 30 - const struct net_device *out) 29 29 + const struct nf_hook_state *state) 31 30 { 32 31 pkt->skb = skb; 33 33 - pkt->in = pkt->xt.in = in; 34 34 - pkt->out = pkt->xt.out = out; 32 32 + pkt->in = pkt->xt.in = state->in; 33 33 + pkt->out = pkt->xt.out = state->out; 35 34 pkt->ops = ops; 36 35 pkt->xt.hooknum = ops->hooknum; 37 36 pkt->xt.family = ops->pf;

+2 -3

include/net/netfilter/nf_tables_ipv4.h

reviewed

··· 8 8 nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt, 9 9 const struct nf_hook_ops *ops, 10 10 struct sk_buff *skb, 11 11 - const struct net_device *in, 12 12 - const struct net_device *out) 11 11 + const struct nf_hook_state *state) 13 12 { 14 13 struct iphdr *ip; 15 14 16 16 - nft_set_pktinfo(pkt, ops, skb, in, out); 15 15 + nft_set_pktinfo(pkt, ops, skb, state); 17 16 18 17 ip = ip_hdr(pkt->skb); 19 18 pkt->tprot = ip->protocol;

+2 -3

include/net/netfilter/nf_tables_ipv6.h

reviewed

··· 8 8 nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt, 9 9 const struct nf_hook_ops *ops, 10 10 struct sk_buff *skb, 11 11 - const struct net_device *in, 12 12 - const struct net_device *out) 11 11 + const struct nf_hook_state *state) 13 12 { 14 13 int protohdr, thoff = 0; 15 14 unsigned short frag_off; 16 15 17 17 - nft_set_pktinfo(pkt, ops, skb, in, out); 16 16 + nft_set_pktinfo(pkt, ops, skb, state); 18 17 19 18 protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, NULL); 20 19 /* If malformed, drop it */

+11 -13

net/bridge/netfilter/nf_tables_bridge.c

reviewed

··· 67 67 static inline void nft_bridge_set_pktinfo_ipv4(struct nft_pktinfo *pkt, 68 68 const struct nf_hook_ops *ops, 69 69 struct sk_buff *skb, 70 70 - const struct net_device *in, 71 71 - const struct net_device *out) 70 70 + const struct nf_hook_state *state) 72 71 { 73 72 if (nft_bridge_iphdr_validate(skb)) 74 74 - nft_set_pktinfo_ipv4(pkt, ops, skb, in, out); 73 73 + nft_set_pktinfo_ipv4(pkt, ops, skb, state); 75 74 else 76 76 - nft_set_pktinfo(pkt, ops, skb, in, out); 75 75 + nft_set_pktinfo(pkt, ops, skb, state); 77 76 } 78 77 79 78 static inline void nft_bridge_set_pktinfo_ipv6(struct nft_pktinfo *pkt, 80 80 - const struct nf_hook_ops *ops, 81 81 - struct sk_buff *skb, 82 82 - const struct net_device *in, 83 83 - const struct net_device *out) 79 79 + const struct nf_hook_ops *ops, 80 80 + struct sk_buff *skb, 81 81 + const struct nf_hook_state *state) 84 82 { 85 83 #if IS_ENABLED(CONFIG_IPV6) 86 84 if (nft_bridge_ip6hdr_validate(skb) && 87 87 - nft_set_pktinfo_ipv6(pkt, ops, skb, in, out) == 0) 85 85 + nft_set_pktinfo_ipv6(pkt, ops, skb, state) == 0) 88 86 return; 89 87 #endif 90 90 - nft_set_pktinfo(pkt, ops, skb, in, out); 88 88 + nft_set_pktinfo(pkt, ops, skb, state); 91 89 } 92 90 93 91 static unsigned int ··· 97 99 98 100 switch (eth_hdr(skb)->h_proto) { 99 101 case htons(ETH_P_IP): 100 100 - nft_bridge_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out); 102 102 + nft_bridge_set_pktinfo_ipv4(&pkt, ops, skb, state); 101 103 break; 102 104 case htons(ETH_P_IPV6): 103 103 - nft_bridge_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out); 105 105 + nft_bridge_set_pktinfo_ipv6(&pkt, ops, skb, state); 104 106 break; 105 107 default: 106 106 - nft_set_pktinfo(&pkt, ops, skb, state->in, state->out); 108 108 + nft_set_pktinfo(&pkt, ops, skb, state); 107 109 break; 108 110 } 109 111

+1 -1

net/ipv4/netfilter/nf_tables_arp.c

reviewed

··· 21 21 { 22 22 struct nft_pktinfo pkt; 23 23 24 24 - nft_set_pktinfo(&pkt, ops, skb, state->in, state->out); 24 24 + nft_set_pktinfo(&pkt, ops, skb, state); 25 25 26 26 return nft_do_chain(&pkt, ops); 27 27 }

+1 -1

net/ipv4/netfilter/nf_tables_ipv4.c

reviewed

··· 24 24 { 25 25 struct nft_pktinfo pkt; 26 26 27 27 - nft_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out); 27 27 + nft_set_pktinfo_ipv4(&pkt, ops, skb, state); 28 28 29 29 return nft_do_chain(&pkt, ops); 30 30 }

+1 -1

net/ipv4/netfilter/nft_chain_nat_ipv4.c

reviewed

··· 33 33 { 34 34 struct nft_pktinfo pkt; 35 35 36 36 - nft_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out); 36 36 + nft_set_pktinfo_ipv4(&pkt, ops, skb, state); 37 37 38 38 return nft_do_chain(&pkt, ops); 39 39 }

+1 -1

net/ipv4/netfilter/nft_chain_route_ipv4.c

reviewed

··· 37 37 ip_hdrlen(skb) < sizeof(struct iphdr)) 38 38 return NF_ACCEPT; 39 39 40 40 - nft_set_pktinfo_ipv4(&pkt, ops, skb, state->in, state->out); 40 40 + nft_set_pktinfo_ipv4(&pkt, ops, skb, state); 41 41 42 42 mark = skb->mark; 43 43 iph = ip_hdr(skb);

+1 -1

net/ipv6/netfilter/nf_tables_ipv6.c

reviewed

··· 23 23 struct nft_pktinfo pkt; 24 24 25 25 /* malformed packet, drop it */ 26 26 - if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0) 26 26 + if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state) < 0) 27 27 return NF_DROP; 28 28 29 29 return nft_do_chain(&pkt, ops);

+1 -1

net/ipv6/netfilter/nft_chain_nat_ipv6.c

reviewed

··· 31 31 { 32 32 struct nft_pktinfo pkt; 33 33 34 34 - nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out); 34 34 + nft_set_pktinfo_ipv6(&pkt, ops, skb, state); 35 35 36 36 return nft_do_chain(&pkt, ops); 37 37 }

+1 -1

net/ipv6/netfilter/nft_chain_route_ipv6.c

reviewed

··· 33 33 u32 mark, flowlabel; 34 34 35 35 /* malformed packet, drop it */ 36 36 - if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state->in, state->out) < 0) 36 36 + if (nft_set_pktinfo_ipv6(&pkt, ops, skb, state) < 0) 37 37 return NF_DROP; 38 38 39 39 /* save source/dest address, mark, hoplimit, flowlabel, priority */