+2 -3

include/linux/netfilter_ipv6/ip6_tables.h

reviewed

··· 29 29 const struct nf_hook_ops *ops); 30 30 void ip6t_unregister_table_pre_exit(struct net *net, const char *name); 31 31 void ip6t_unregister_table_exit(struct net *net, const char *name); 32 32 - extern unsigned int ip6t_do_table(struct sk_buff *skb, 33 33 - const struct nf_hook_state *state, 34 34 - struct xt_table *table); 32 32 + extern unsigned int ip6t_do_table(void *priv, struct sk_buff *skb, 33 33 + const struct nf_hook_state *state); 35 34 36 35 #ifdef CONFIG_NETFILTER_XTABLES_COMPAT 37 36 #include <net/compat.h>

+3 -3

net/ipv6/netfilter/ip6_tables.c

reviewed

··· 247 247 248 248 /* Returns one of the generic firewall policies, like NF_ACCEPT. */ 249 249 unsigned int 250 250 - ip6t_do_table(struct sk_buff *skb, 251 251 - const struct nf_hook_state *state, 252 252 - struct xt_table *table) 250 250 + ip6t_do_table(void *priv, struct sk_buff *skb, 251 251 + const struct nf_hook_state *state) 253 252 { 253 253 + const struct xt_table *table = priv; 254 254 unsigned int hook = state->hook; 255 255 static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); 256 256 /* Initializing verdict to NF_DROP keeps gcc happy. */

+1 -9

net/ipv6/netfilter/ip6table_filter.c

reviewed

··· 27 27 .priority = NF_IP6_PRI_FILTER, 28 28 }; 29 29 30 30 - /* The work comes in here from netfilter.c. */ 31 31 - static unsigned int 32 32 - ip6table_filter_hook(void *priv, struct sk_buff *skb, 33 33 - const struct nf_hook_state *state) 34 34 - { 35 35 - return ip6t_do_table(skb, state, priv); 36 36 - } 37 37 - 38 30 static struct nf_hook_ops *filter_ops __read_mostly; 39 31 40 32 /* Default to forward because I got too much mail already. */ ··· 82 90 if (ret < 0) 83 91 return ret; 84 92 85 85 - filter_ops = xt_hook_ops_alloc(&packet_filter, ip6table_filter_hook); 93 93 + filter_ops = xt_hook_ops_alloc(&packet_filter, ip6t_do_table); 86 94 if (IS_ERR(filter_ops)) { 87 95 xt_unregister_template(&packet_filter); 88 96 return PTR_ERR(filter_ops);

+4 -4

net/ipv6/netfilter/ip6table_mangle.c

reviewed

··· 29 29 }; 30 30 31 31 static unsigned int 32 32 - ip6t_mangle_out(struct sk_buff *skb, const struct nf_hook_state *state, void *priv) 32 32 + ip6t_mangle_out(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) 33 33 { 34 34 unsigned int ret; 35 35 struct in6_addr saddr, daddr; ··· 46 46 /* flowlabel and prio (includes version, which shouldn't change either */ 47 47 flowlabel = *((u_int32_t *)ipv6_hdr(skb)); 48 48 49 49 - ret = ip6t_do_table(skb, state, priv); 49 49 + ret = ip6t_do_table(priv, skb, state); 50 50 51 51 if (ret != NF_DROP && ret != NF_STOLEN && 52 52 (!ipv6_addr_equal(&ipv6_hdr(skb)->saddr, &saddr) || ··· 68 68 const struct nf_hook_state *state) 69 69 { 70 70 if (state->hook == NF_INET_LOCAL_OUT) 71 71 - return ip6t_mangle_out(skb, state, priv); 72 72 - return ip6t_do_table(skb, state, priv); 71 71 + return ip6t_mangle_out(priv, skb, state); 72 72 + return ip6t_do_table(priv, skb, state); 73 73 } 74 74 75 75 static struct nf_hook_ops *mangle_ops __read_mostly;

+4 -11

net/ipv6/netfilter/ip6table_nat.c

reviewed

··· 31 31 .af = NFPROTO_IPV6, 32 32 }; 33 33 34 34 - static unsigned int ip6table_nat_do_chain(void *priv, 35 35 - struct sk_buff *skb, 36 36 - const struct nf_hook_state *state) 37 37 - { 38 38 - return ip6t_do_table(skb, state, priv); 39 39 - } 40 40 - 41 34 static const struct nf_hook_ops nf_nat_ipv6_ops[] = { 42 35 { 43 43 - .hook = ip6table_nat_do_chain, 36 36 + .hook = ip6t_do_table, 44 37 .pf = NFPROTO_IPV6, 45 38 .hooknum = NF_INET_PRE_ROUTING, 46 39 .priority = NF_IP6_PRI_NAT_DST, 47 40 }, 48 41 { 49 49 - .hook = ip6table_nat_do_chain, 42 42 + .hook = ip6t_do_table, 50 43 .pf = NFPROTO_IPV6, 51 44 .hooknum = NF_INET_POST_ROUTING, 52 45 .priority = NF_IP6_PRI_NAT_SRC, 53 46 }, 54 47 { 55 55 - .hook = ip6table_nat_do_chain, 48 48 + .hook = ip6t_do_table, 56 49 .pf = NFPROTO_IPV6, 57 50 .hooknum = NF_INET_LOCAL_OUT, 58 51 .priority = NF_IP6_PRI_NAT_DST, 59 52 }, 60 53 { 61 61 - .hook = ip6table_nat_do_chain, 54 54 + .hook = ip6t_do_table, 62 55 .pf = NFPROTO_IPV6, 63 56 .hooknum = NF_INET_LOCAL_IN, 64 57 .priority = NF_IP6_PRI_NAT_SRC,

+1 -9

net/ipv6/netfilter/ip6table_raw.c

reviewed

··· 31 31 .priority = NF_IP6_PRI_RAW_BEFORE_DEFRAG, 32 32 }; 33 33 34 34 - /* The work comes in here from netfilter.c. */ 35 35 - static unsigned int 36 36 - ip6table_raw_hook(void *priv, struct sk_buff *skb, 37 37 - const struct nf_hook_state *state) 38 38 - { 39 39 - return ip6t_do_table(skb, state, priv); 40 40 - } 41 41 - 42 34 static struct nf_hook_ops *rawtable_ops __read_mostly; 43 35 44 36 static int ip6table_raw_table_init(struct net *net) ··· 80 88 return ret; 81 89 82 90 /* Register hooks */ 83 83 - rawtable_ops = xt_hook_ops_alloc(table, ip6table_raw_hook); 91 91 + rawtable_ops = xt_hook_ops_alloc(table, ip6t_do_table); 84 92 if (IS_ERR(rawtable_ops)) { 85 93 xt_unregister_template(table); 86 94 return PTR_ERR(rawtable_ops);

+1 -8

net/ipv6/netfilter/ip6table_security.c

reviewed

··· 32 32 .priority = NF_IP6_PRI_SECURITY, 33 33 }; 34 34 35 35 - static unsigned int 36 36 - ip6table_security_hook(void *priv, struct sk_buff *skb, 37 37 - const struct nf_hook_state *state) 38 38 - { 39 39 - return ip6t_do_table(skb, state, priv); 40 40 - } 41 41 - 42 35 static struct nf_hook_ops *sectbl_ops __read_mostly; 43 36 44 37 static int ip6table_security_table_init(struct net *net) ··· 70 77 if (ret < 0) 71 78 return ret; 72 79 73 73 - sectbl_ops = xt_hook_ops_alloc(&security_table, ip6table_security_hook); 80 80 + sectbl_ops = xt_hook_ops_alloc(&security_table, ip6t_do_table); 74 81 if (IS_ERR(sectbl_ops)) { 75 82 xt_unregister_template(&security_table); 76 83 return PTR_ERR(sectbl_ops);