netfilter: netns: remove nf_*_net() wrappers

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Now that dev_net() exists, the usefullness of them is even less. Also they're
a big problem in resolving circular header dependencies necessary for
NOTRACK-in-netns patch. See below.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by

Alexey Dobriyan and committed by

Patrick McHardy 17 years ago 48dc7865 55b69e91

+19 -72

7 changed files

expand all

include

linux

netfilter.h

net

ipv4

netfilter

iptable_filter.c

iptable_mangle.c

iptable_raw.c

iptable_security.c

ipv6

netfilter

ip6table_filter.c

ip6table_security.c

-53

include/linux/netfilter.h

··· 5 5 #include <linux/init.h> 6 6 #include <linux/skbuff.h> 7 7 #include <linux/net.h> 8 - #include <linux/netdevice.h> 9 8 #include <linux/if.h> 10 9 #include <linux/in.h> 11 10 #include <linux/in6.h> 12 11 #include <linux/wait.h> 13 12 #include <linux/list.h> 14 - #include <net/net_namespace.h> 15 13 #endif 16 14 #include <linux/types.h> 17 15 #include <linux/compiler.h> ··· 352 354 #else 353 355 static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} 354 356 #endif 355 - 356 - static inline struct net *nf_pre_routing_net(const struct net_device *in, 357 - const struct net_device *out) 358 - { 359 - #ifdef CONFIG_NET_NS 360 - return in->nd_net; 361 - #else 362 - return &init_net; 363 - #endif 364 - } 365 - 366 - static inline struct net *nf_local_in_net(const struct net_device *in, 367 - const struct net_device *out) 368 - { 369 - #ifdef CONFIG_NET_NS 370 - return in->nd_net; 371 - #else 372 - return &init_net; 373 - #endif 374 - } 375 - 376 - static inline struct net *nf_forward_net(const struct net_device *in, 377 - const struct net_device *out) 378 - { 379 - #ifdef CONFIG_NET_NS 380 - BUG_ON(in->nd_net != out->nd_net); 381 - return in->nd_net; 382 - #else 383 - return &init_net; 384 - #endif 385 - } 386 - 387 - static inline struct net *nf_local_out_net(const struct net_device *in, 388 - const struct net_device *out) 389 - { 390 - #ifdef CONFIG_NET_NS 391 - return out->nd_net; 392 - #else 393 - return &init_net; 394 - #endif 395 - } 396 - 397 - static inline struct net *nf_post_routing_net(const struct net_device *in, 398 - const struct net_device *out) 399 - { 400 - #ifdef CONFIG_NET_NS 401 - return out->nd_net; 402 - #else 403 - return &init_net; 404 - #endif 405 - } 406 357 407 358 #endif /*__KERNEL__*/ 408 359 #endif /*__LINUX_NETFILTER_H*/

+3 -3

net/ipv4/netfilter/iptable_filter.c

··· 70 70 int (*okfn)(struct sk_buff *)) 71 71 { 72 72 return ipt_do_table(skb, hook, in, out, 73 - nf_local_in_net(in, out)->ipv4.iptable_filter); 73 + dev_net(in)->ipv4.iptable_filter); 74 74 } 75 75 76 76 static unsigned int ··· 81 81 int (*okfn)(struct sk_buff *)) 82 82 { 83 83 return ipt_do_table(skb, hook, in, out, 84 - nf_forward_net(in, out)->ipv4.iptable_filter); 84 + dev_net(in)->ipv4.iptable_filter); 85 85 } 86 86 87 87 static unsigned int ··· 101 101 } 102 102 103 103 return ipt_do_table(skb, hook, in, out, 104 - nf_local_out_net(in, out)->ipv4.iptable_filter); 104 + dev_net(out)->ipv4.iptable_filter); 105 105 } 106 106 107 107 static struct nf_hook_ops ipt_ops[] __read_mostly = {

+5 -5

net/ipv4/netfilter/iptable_mangle.c

··· 81 81 int (*okfn)(struct sk_buff *)) 82 82 { 83 83 return ipt_do_table(skb, hook, in, out, 84 - nf_pre_routing_net(in, out)->ipv4.iptable_mangle); 84 + dev_net(in)->ipv4.iptable_mangle); 85 85 } 86 86 87 87 static unsigned int ··· 92 92 int (*okfn)(struct sk_buff *)) 93 93 { 94 94 return ipt_do_table(skb, hook, in, out, 95 - nf_post_routing_net(in, out)->ipv4.iptable_mangle); 95 + dev_net(out)->ipv4.iptable_mangle); 96 96 } 97 97 98 98 static unsigned int ··· 103 103 int (*okfn)(struct sk_buff *)) 104 104 { 105 105 return ipt_do_table(skb, hook, in, out, 106 - nf_local_in_net(in, out)->ipv4.iptable_mangle); 106 + dev_net(in)->ipv4.iptable_mangle); 107 107 } 108 108 109 109 static unsigned int ··· 114 114 int (*okfn)(struct sk_buff *)) 115 115 { 116 116 return ipt_do_table(skb, hook, in, out, 117 - nf_forward_net(in, out)->ipv4.iptable_mangle); 117 + dev_net(in)->ipv4.iptable_mangle); 118 118 } 119 119 120 120 static unsigned int ··· 147 147 tos = iph->tos; 148 148 149 149 ret = ipt_do_table(skb, hook, in, out, 150 - nf_local_out_net(in, out)->ipv4.iptable_mangle); 150 + dev_net(out)->ipv4.iptable_mangle); 151 151 /* Reroute for ANY change. */ 152 152 if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) { 153 153 iph = ip_hdr(skb);

+2 -2

net/ipv4/netfilter/iptable_raw.c

··· 53 53 int (*okfn)(struct sk_buff *)) 54 54 { 55 55 return ipt_do_table(skb, hook, in, out, 56 - nf_pre_routing_net(in, out)->ipv4.iptable_raw); 56 + dev_net(in)->ipv4.iptable_raw); 57 57 } 58 58 59 59 static unsigned int ··· 72 72 return NF_ACCEPT; 73 73 } 74 74 return ipt_do_table(skb, hook, in, out, 75 - nf_local_out_net(in, out)->ipv4.iptable_raw); 75 + dev_net(out)->ipv4.iptable_raw); 76 76 } 77 77 78 78 /* 'raw' is the very first table. */

+3 -3

net/ipv4/netfilter/iptable_security.c

··· 73 73 int (*okfn)(struct sk_buff *)) 74 74 { 75 75 return ipt_do_table(skb, hook, in, out, 76 - nf_local_in_net(in, out)->ipv4.iptable_security); 76 + dev_net(in)->ipv4.iptable_security); 77 77 } 78 78 79 79 static unsigned int ··· 84 84 int (*okfn)(struct sk_buff *)) 85 85 { 86 86 return ipt_do_table(skb, hook, in, out, 87 - nf_forward_net(in, out)->ipv4.iptable_security); 87 + dev_net(in)->ipv4.iptable_security); 88 88 } 89 89 90 90 static unsigned int ··· 103 103 return NF_ACCEPT; 104 104 } 105 105 return ipt_do_table(skb, hook, in, out, 106 - nf_local_out_net(in, out)->ipv4.iptable_security); 106 + dev_net(out)->ipv4.iptable_security); 107 107 } 108 108 109 109 static struct nf_hook_ops ipt_ops[] __read_mostly = {

+3 -3

net/ipv6/netfilter/ip6table_filter.c

··· 68 68 int (*okfn)(struct sk_buff *)) 69 69 { 70 70 return ip6t_do_table(skb, hook, in, out, 71 - nf_local_in_net(in, out)->ipv6.ip6table_filter); 71 + dev_net(in)->ipv6.ip6table_filter); 72 72 } 73 73 74 74 static unsigned int ··· 79 79 int (*okfn)(struct sk_buff *)) 80 80 { 81 81 return ip6t_do_table(skb, hook, in, out, 82 - nf_forward_net(in, out)->ipv6.ip6table_filter); 82 + dev_net(in)->ipv6.ip6table_filter); 83 83 } 84 84 85 85 static unsigned int ··· 100 100 #endif 101 101 102 102 return ip6t_do_table(skb, hook, in, out, 103 - nf_local_out_net(in, out)->ipv6.ip6table_filter); 103 + dev_net(out)->ipv6.ip6table_filter); 104 104 } 105 105 106 106 static struct nf_hook_ops ip6t_ops[] __read_mostly = {

+3 -3

net/ipv6/netfilter/ip6table_security.c

··· 72 72 int (*okfn)(struct sk_buff *)) 73 73 { 74 74 return ip6t_do_table(skb, hook, in, out, 75 - nf_local_in_net(in, out)->ipv6.ip6table_security); 75 + dev_net(in)->ipv6.ip6table_security); 76 76 } 77 77 78 78 static unsigned int ··· 83 83 int (*okfn)(struct sk_buff *)) 84 84 { 85 85 return ip6t_do_table(skb, hook, in, out, 86 - nf_forward_net(in, out)->ipv6.ip6table_security); 86 + dev_net(in)->ipv6.ip6table_security); 87 87 } 88 88 89 89 static unsigned int ··· 95 95 { 96 96 /* TBD: handle short packets via raw socket */ 97 97 return ip6t_do_table(skb, hook, in, out, 98 - nf_local_out_net(in, out)->ipv6.ip6table_security); 98 + dev_net(out)->ipv6.ip6table_security); 99 99 } 100 100 101 101 static struct nf_hook_ops ip6t_ops[] __read_mostly = {