tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: xtables: move extension arguments into compound structure (4/6)

This patch does this for target extensions' target functions.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by

Jan Engelhardt and committed by
Patrick McHardy 7eb35586 6be3d859

+209 -297
+17 -5
include/linux/netfilter/x_tables.h
··· 218 218 void *matchinfo; 219 219 }; 220 220 221 + /** 222 + * struct xt_target_param - parameters for target extensions' target functions 223 + * 224 + * @hooknum: hook through which this target was invoked 225 + * @target: struct xt_target through which this function was invoked 226 + * @targinfo: per-target data 227 + * 228 + * Other fields see above. 229 + */ 230 + struct xt_target_param { 231 + const struct net_device *in, *out; 232 + unsigned int hooknum; 233 + const struct xt_target *target; 234 + const void *targinfo; 235 + }; 236 + 221 237 struct xt_match 222 238 { 223 239 struct list_head list; ··· 285 269 must now handle non-linear skbs, using skb_copy_bits and 286 270 skb_ip_make_writable. */ 287 271 unsigned int (*target)(struct sk_buff *skb, 288 - const struct net_device *in, 289 - const struct net_device *out, 290 - unsigned int hooknum, 291 - const struct xt_target *target, 292 - const void *targinfo); 272 + const struct xt_target_param *); 293 273 294 274 /* Called when user tries to insert an entry of this type: 295 275 hook_mask is a bitmask of hooks from which it can be
+3 -5
net/bridge/netfilter/ebt_arpreply.c
··· 16 16 #include <linux/netfilter_bridge/ebt_arpreply.h> 17 17 18 18 static unsigned int 19 - ebt_arpreply_tg(struct sk_buff *skb, const struct net_device *in, 20 - const struct net_device *out, unsigned int hook_nr, 21 - const struct xt_target *target, const void *data) 19 + ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par) 22 20 { 23 - const struct ebt_arpreply_info *info = data; 21 + const struct ebt_arpreply_info *info = par->targinfo; 24 22 const __be32 *siptr, *diptr; 25 23 __be32 _sip, _dip; 26 24 const struct arphdr *ap; ··· 51 53 if (diptr == NULL) 52 54 return EBT_DROP; 53 55 54 - arp_send(ARPOP_REPLY, ETH_P_ARP, *siptr, (struct net_device *)in, 56 + arp_send(ARPOP_REPLY, ETH_P_ARP, *siptr, (struct net_device *)par->in, 55 57 *diptr, shp, info->mac, shp); 56 58 57 59 return info->target;
+2 -4
net/bridge/netfilter/ebt_dnat.c
··· 15 15 #include <linux/netfilter_bridge/ebt_nat.h> 16 16 17 17 static unsigned int 18 - ebt_dnat_tg(struct sk_buff *skb, const struct net_device *in, 19 - const struct net_device *out, unsigned int hook_nr, 20 - const struct xt_target *target, const void *data) 18 + ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par) 21 19 { 22 - const struct ebt_nat_info *info = data; 20 + const struct ebt_nat_info *info = par->targinfo; 23 21 24 22 if (!skb_make_writable(skb, 0)) 25 23 return EBT_DROP;
+6 -8
net/bridge/netfilter/ebt_log.c
··· 195 195 } 196 196 197 197 static unsigned int 198 - ebt_log_tg(struct sk_buff *skb, const struct net_device *in, 199 - const struct net_device *out, unsigned int hooknr, 200 - const struct xt_target *target, const void *data) 198 + ebt_log_tg(struct sk_buff *skb, const struct xt_target_param *par) 201 199 { 202 - const struct ebt_log_info *info = data; 200 + const struct ebt_log_info *info = par->targinfo; 203 201 struct nf_loginfo li; 204 202 205 203 li.type = NF_LOG_TYPE_LOG; ··· 205 207 li.u.log.logflags = info->bitmask; 206 208 207 209 if (info->bitmask & EBT_LOG_NFLOG) 208 - nf_log_packet(NFPROTO_BRIDGE, hooknr, skb, in, out, &li, 209 - "%s", info->prefix); 210 + nf_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in, 211 + par->out, &li, "%s", info->prefix); 210 212 else 211 - ebt_log_packet(NFPROTO_BRIDGE, hooknr, skb, in, out, &li, 212 - info->prefix); 213 + ebt_log_packet(NFPROTO_BRIDGE, par->hooknum, skb, par->in, 214 + par->out, &li, info->prefix); 213 215 return EBT_CONTINUE; 214 216 } 215 217
+2 -4
net/bridge/netfilter/ebt_mark.c
··· 19 19 #include <linux/netfilter_bridge/ebt_mark_t.h> 20 20 21 21 static unsigned int 22 - ebt_mark_tg(struct sk_buff *skb, const struct net_device *in, 23 - const struct net_device *out, unsigned int hook_nr, 24 - const struct xt_target *target, const void *data) 22 + ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par) 25 23 { 26 - const struct ebt_mark_t_info *info = data; 24 + const struct ebt_mark_t_info *info = par->targinfo; 27 25 int action = info->target & -16; 28 26 29 27 if (action == MARK_SET_VALUE)
+4 -5
net/bridge/netfilter/ebt_nflog.c
··· 20 20 #include <net/netfilter/nf_log.h> 21 21 22 22 static unsigned int 23 - ebt_nflog_tg(struct sk_buff *skb, const struct net_device *in, 24 - const struct net_device *out, unsigned int hooknr, 25 - const struct xt_target *target, const void *data) 23 + ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par) 26 24 { 27 - const struct ebt_nflog_info *info = data; 25 + const struct ebt_nflog_info *info = par->targinfo; 28 26 struct nf_loginfo li; 29 27 30 28 li.type = NF_LOG_TYPE_ULOG; ··· 30 32 li.u.ulog.group = info->group; 31 33 li.u.ulog.qthreshold = info->threshold; 32 34 33 - nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix); 35 + nf_log_packet(PF_BRIDGE, par->hooknum, skb, par->in, par->out, 36 + &li, "%s", info->prefix); 34 37 return EBT_CONTINUE; 35 38 } 36 39
+5 -7
net/bridge/netfilter/ebt_redirect.c
··· 16 16 #include <linux/netfilter_bridge/ebt_redirect.h> 17 17 18 18 static unsigned int 19 - ebt_redirect_tg(struct sk_buff *skb, const struct net_device *in, 20 - const struct net_device *out, unsigned int hooknr, 21 - const struct xt_target *target, const void *data) 19 + ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par) 22 20 { 23 - const struct ebt_redirect_info *info = data; 21 + const struct ebt_redirect_info *info = par->targinfo; 24 22 25 23 if (!skb_make_writable(skb, 0)) 26 24 return EBT_DROP; 27 25 28 - if (hooknr != NF_BR_BROUTING) 26 + if (par->hooknum != NF_BR_BROUTING) 29 27 memcpy(eth_hdr(skb)->h_dest, 30 - in->br_port->br->dev->dev_addr, ETH_ALEN); 28 + par->in->br_port->br->dev->dev_addr, ETH_ALEN); 31 29 else 32 - memcpy(eth_hdr(skb)->h_dest, in->dev_addr, ETH_ALEN); 30 + memcpy(eth_hdr(skb)->h_dest, par->in->dev_addr, ETH_ALEN); 33 31 skb->pkt_type = PACKET_HOST; 34 32 return info->target; 35 33 }
+2 -4
net/bridge/netfilter/ebt_snat.c
··· 17 17 #include <linux/netfilter_bridge/ebt_nat.h> 18 18 19 19 static unsigned int 20 - ebt_snat_tg(struct sk_buff *skb, const struct net_device *in, 21 - const struct net_device *out, unsigned int hook_nr, 22 - const struct xt_target *target, const void *data) 20 + ebt_snat_tg(struct sk_buff *skb, const struct xt_target_param *par) 23 21 { 24 - const struct ebt_nat_info *info = data; 22 + const struct ebt_nat_info *info = par->targinfo; 25 23 26 24 if (!skb_make_writable(skb, 0)) 27 25 return EBT_DROP;
+3 -6
net/bridge/netfilter/ebt_ulog.c
··· 247 247 } 248 248 249 249 static unsigned int 250 - ebt_ulog_tg(struct sk_buff *skb, const struct net_device *in, 251 - const struct net_device *out, unsigned int hooknr, 252 - const struct xt_target *target, const void *data) 250 + ebt_ulog_tg(struct sk_buff *skb, const struct xt_target_param *par) 253 251 { 254 - const struct ebt_ulog_info *uloginfo = data; 255 - 256 - ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL); 252 + ebt_ulog_packet(par->hooknum, skb, par->in, par->out, 253 + par->targinfo, NULL); 257 254 return EBT_CONTINUE; 258 255 } 259 256
+16 -11
net/bridge/netfilter/ebtables.c
··· 64 64 .targetsize = sizeof(int), 65 65 }; 66 66 67 - static inline int ebt_do_watcher (struct ebt_entry_watcher *w, 68 - struct sk_buff *skb, unsigned int hooknr, const struct net_device *in, 69 - const struct net_device *out) 67 + static inline int 68 + ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb, 69 + struct xt_target_param *par) 70 70 { 71 - w->u.watcher->target(skb, in, out, hooknr, w->u.watcher, w->data); 71 + par->target = w->u.watcher; 72 + par->targinfo = w->data; 73 + w->u.watcher->target(skb, par); 72 74 /* watchers don't give a verdict */ 73 75 return 0; 74 76 } ··· 158 156 struct ebt_table_info *private; 159 157 bool hotdrop = false; 160 158 struct xt_match_param mtpar; 159 + struct xt_target_param tgpar; 161 160 162 - mtpar.in = in; 163 - mtpar.out = out; 161 + mtpar.in = tgpar.in = in; 162 + mtpar.out = tgpar.out = out; 164 163 mtpar.hotdrop = &hotdrop; 164 + tgpar.hooknum = hook; 165 165 166 166 read_lock_bh(&table->lock); 167 167 private = table->private; ··· 197 193 198 194 /* these should only watch: not modify, nor tell us 199 195 what to do with the packet */ 200 - EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, hook, in, 201 - out); 196 + EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar); 202 197 203 198 t = (struct ebt_entry_target *) 204 199 (((char *)point) + point->target_offset); 205 200 /* standard target */ 206 201 if (!t->u.target->target) 207 202 verdict = ((struct ebt_standard_target *)t)->verdict; 208 - else 209 - verdict = t->u.target->target(skb, in, out, hook, 210 - t->u.target, t->data); 203 + else { 204 + tgpar.target = t->u.target; 205 + tgpar.targinfo = t->data; 206 + verdict = t->u.target->target(skb, &tgpar); 207 + } 211 208 if (verdict == EBT_ACCEPT) { 212 209 read_unlock_bh(&table->lock); 213 210 return NF_ACCEPT;
+12 -11
net/ipv4/netfilter/arp_tables.c
··· 200 200 return 1; 201 201 } 202 202 203 - static unsigned int arpt_error(struct sk_buff *skb, 204 - const struct net_device *in, 205 - const struct net_device *out, 206 - unsigned int hooknum, 207 - const struct xt_target *target, 208 - const void *targinfo) 203 + static unsigned int 204 + arpt_error(struct sk_buff *skb, const struct xt_target_param *par) 209 205 { 210 206 if (net_ratelimit()) 211 - printk("arp_tables: error: '%s'\n", (char *)targinfo); 207 + printk("arp_tables: error: '%s'\n", 208 + (const char *)par->targinfo); 212 209 213 210 return NF_DROP; 214 211 } ··· 229 232 const char *indev, *outdev; 230 233 void *table_base; 231 234 const struct xt_table_info *private; 235 + struct xt_target_param tgpar; 232 236 233 237 if (!pskb_may_pull(skb, arp_hdr_len(skb->dev))) 234 238 return NF_DROP; ··· 242 244 table_base = (void *)private->entries[smp_processor_id()]; 243 245 e = get_entry(table_base, private->hook_entry[hook]); 244 246 back = get_entry(table_base, private->underflow[hook]); 247 + 248 + tgpar.in = in; 249 + tgpar.out = out; 250 + tgpar.hooknum = hook; 245 251 246 252 arp = arp_hdr(skb); 247 253 do { ··· 292 290 /* Targets which reenter must return 293 291 * abs. verdicts 294 292 */ 293 + tgpar.target = t->u.kernel.target; 294 + tgpar.targinfo = t->data; 295 295 verdict = t->u.kernel.target->target(skb, 296 - in, out, 297 - hook, 298 - t->u.kernel.target, 299 - t->data); 296 + &tgpar); 300 297 301 298 /* Target might have changed stuff. */ 302 299 arp = arp_hdr(skb);
+2 -5
net/ipv4/netfilter/arpt_mangle.c
··· 9 9 MODULE_DESCRIPTION("arptables arp payload mangle target"); 10 10 11 11 static unsigned int 12 - target(struct sk_buff *skb, 13 - const struct net_device *in, const struct net_device *out, 14 - unsigned int hooknum, const struct xt_target *target, 15 - const void *targinfo) 12 + target(struct sk_buff *skb, const struct xt_target_param *par) 16 13 { 17 - const struct arpt_mangle *mangle = targinfo; 14 + const struct arpt_mangle *mangle = par->targinfo; 18 15 const struct arphdr *arp; 19 16 unsigned char *arpptr; 20 17 int pln, hln;
+10 -14
net/ipv4/netfilter/ip_tables.c
··· 171 171 } 172 172 173 173 static unsigned int 174 - ipt_error(struct sk_buff *skb, 175 - const struct net_device *in, 176 - const struct net_device *out, 177 - unsigned int hooknum, 178 - const struct xt_target *target, 179 - const void *targinfo) 174 + ipt_error(struct sk_buff *skb, const struct xt_target_param *par) 180 175 { 181 176 if (net_ratelimit()) 182 - printk("ip_tables: error: `%s'\n", (char *)targinfo); 177 + printk("ip_tables: error: `%s'\n", 178 + (const char *)par->targinfo); 183 179 184 180 return NF_DROP; 185 181 } ··· 330 334 struct ipt_entry *e, *back; 331 335 struct xt_table_info *private; 332 336 struct xt_match_param mtpar; 337 + struct xt_target_param tgpar; 333 338 334 339 /* Initialization */ 335 340 ip = ip_hdr(skb); ··· 346 349 mtpar.fragoff = ntohs(ip->frag_off) & IP_OFFSET; 347 350 mtpar.thoff = ip_hdrlen(skb); 348 351 mtpar.hotdrop = &hotdrop; 349 - mtpar.in = in; 350 - mtpar.out = out; 352 + mtpar.in = tgpar.in = in; 353 + mtpar.out = tgpar.out = out; 354 + tgpar.hooknum = hook; 351 355 352 356 read_lock_bh(&table->lock); 353 357 IP_NF_ASSERT(table->valid_hooks & (1 << hook)); ··· 412 414 } else { 413 415 /* Targets which reenter must return 414 416 abs. verdicts */ 417 + tgpar.target = t->u.kernel.target; 418 + tgpar.targinfo = t->data; 415 419 #ifdef CONFIG_NETFILTER_DEBUG 416 420 ((struct ipt_entry *)table_base)->comefrom 417 421 = 0xeeeeeeec; 418 422 #endif 419 423 verdict = t->u.kernel.target->target(skb, 420 - in, out, 421 - hook, 422 - t->u.kernel.target, 423 - t->data); 424 - 424 + &tgpar); 425 425 #ifdef CONFIG_NETFILTER_DEBUG 426 426 if (((struct ipt_entry *)table_base)->comefrom 427 427 != 0xeeeeeeec
+2 -4
net/ipv4/netfilter/ipt_CLUSTERIP.c
··· 281 281 ***********************************************************************/ 282 282 283 283 static unsigned int 284 - clusterip_tg(struct sk_buff *skb, const struct net_device *in, 285 - const struct net_device *out, unsigned int hooknum, 286 - const struct xt_target *target, const void *targinfo) 284 + clusterip_tg(struct sk_buff *skb, const struct xt_target_param *par) 287 285 { 288 - const struct ipt_clusterip_tgt_info *cipinfo = targinfo; 286 + const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo; 289 287 struct nf_conn *ct; 290 288 enum ip_conntrack_info ctinfo; 291 289 u_int32_t hash;
+2 -4
net/ipv4/netfilter/ipt_ECN.c
··· 77 77 } 78 78 79 79 static unsigned int 80 - ecn_tg(struct sk_buff *skb, const struct net_device *in, 81 - const struct net_device *out, unsigned int hooknum, 82 - const struct xt_target *target, const void *targinfo) 80 + ecn_tg(struct sk_buff *skb, const struct xt_target_param *par) 83 81 { 84 - const struct ipt_ECN_info *einfo = targinfo; 82 + const struct ipt_ECN_info *einfo = par->targinfo; 85 83 86 84 if (einfo->operation & IPT_ECN_OP_SET_IP) 87 85 if (!set_ect_ip(skb, einfo))
+3 -5
net/ipv4/netfilter/ipt_LOG.c
··· 426 426 } 427 427 428 428 static unsigned int 429 - log_tg(struct sk_buff *skb, const struct net_device *in, 430 - const struct net_device *out, unsigned int hooknum, 431 - const struct xt_target *target, const void *targinfo) 429 + log_tg(struct sk_buff *skb, const struct xt_target_param *par) 432 430 { 433 - const struct ipt_log_info *loginfo = targinfo; 431 + const struct ipt_log_info *loginfo = par->targinfo; 434 432 struct nf_loginfo li; 435 433 436 434 li.type = NF_LOG_TYPE_LOG; 437 435 li.u.log.level = loginfo->level; 438 436 li.u.log.logflags = loginfo->logflags; 439 437 440 - ipt_log_packet(NFPROTO_IPV4, hooknum, skb, in, out, &li, 438 + ipt_log_packet(NFPROTO_IPV4, par->hooknum, skb, par->in, par->out, &li, 441 439 loginfo->prefix); 442 440 return XT_CONTINUE; 443 441 }
+6 -8
net/ipv4/netfilter/ipt_MASQUERADE.c
··· 50 50 } 51 51 52 52 static unsigned int 53 - masquerade_tg(struct sk_buff *skb, const struct net_device *in, 54 - const struct net_device *out, unsigned int hooknum, 55 - const struct xt_target *target, const void *targinfo) 53 + masquerade_tg(struct sk_buff *skb, const struct xt_target_param *par) 56 54 { 57 55 struct nf_conn *ct; 58 56 struct nf_conn_nat *nat; ··· 60 62 const struct rtable *rt; 61 63 __be32 newsrc; 62 64 63 - NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING); 65 + NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING); 64 66 65 67 ct = nf_ct_get(skb, &ctinfo); 66 68 nat = nfct_nat(ct); ··· 74 76 if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip == 0) 75 77 return NF_ACCEPT; 76 78 77 - mr = targinfo; 79 + mr = par->targinfo; 78 80 rt = skb->rtable; 79 - newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); 81 + newsrc = inet_select_addr(par->out, rt->rt_gateway, RT_SCOPE_UNIVERSE); 80 82 if (!newsrc) { 81 - printk("MASQUERADE: %s ate my IP address\n", out->name); 83 + printk("MASQUERADE: %s ate my IP address\n", par->out->name); 82 84 return NF_DROP; 83 85 } 84 86 85 87 write_lock_bh(&masq_lock); 86 - nat->masq_index = out->ifindex; 88 + nat->masq_index = par->out->ifindex; 87 89 write_unlock_bh(&masq_lock); 88 90 89 91 /* Transfer from original range. */
+8 -9
net/ipv4/netfilter/ipt_NETMAP.c
··· 41 41 } 42 42 43 43 static unsigned int 44 - netmap_tg(struct sk_buff *skb, const struct net_device *in, 45 - const struct net_device *out, unsigned int hooknum, 46 - const struct xt_target *target, const void *targinfo) 44 + netmap_tg(struct sk_buff *skb, const struct xt_target_param *par) 47 45 { 48 46 struct nf_conn *ct; 49 47 enum ip_conntrack_info ctinfo; 50 48 __be32 new_ip, netmask; 51 - const struct nf_nat_multi_range_compat *mr = targinfo; 49 + const struct nf_nat_multi_range_compat *mr = par->targinfo; 52 50 struct nf_nat_range newrange; 53 51 54 - NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING 55 - || hooknum == NF_INET_POST_ROUTING 56 - || hooknum == NF_INET_LOCAL_OUT); 52 + NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING || 53 + par->hooknum == NF_INET_POST_ROUTING || 54 + par->hooknum == NF_INET_LOCAL_OUT); 57 55 ct = nf_ct_get(skb, &ctinfo); 58 56 59 57 netmask = ~(mr->range[0].min_ip ^ mr->range[0].max_ip); 60 58 61 - if (hooknum == NF_INET_PRE_ROUTING || hooknum == NF_INET_LOCAL_OUT) 59 + if (par->hooknum == NF_INET_PRE_ROUTING || 60 + par->hooknum == NF_INET_LOCAL_OUT) 62 61 new_ip = ip_hdr(skb)->daddr & ~netmask; 63 62 else 64 63 new_ip = ip_hdr(skb)->saddr & ~netmask; ··· 69 70 mr->range[0].min, mr->range[0].max }); 70 71 71 72 /* Hand modified range to generic setup. */ 72 - return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(hooknum)); 73 + return nf_nat_setup_info(ct, &newrange, HOOK2MANIP(par->hooknum)); 73 74 } 74 75 75 76 static struct xt_target netmap_tg_reg __read_mostly = {
+5 -7
net/ipv4/netfilter/ipt_REDIRECT.c
··· 45 45 } 46 46 47 47 static unsigned int 48 - redirect_tg(struct sk_buff *skb, const struct net_device *in, 49 - const struct net_device *out, unsigned int hooknum, 50 - const struct xt_target *target, const void *targinfo) 48 + redirect_tg(struct sk_buff *skb, const struct xt_target_param *par) 51 49 { 52 50 struct nf_conn *ct; 53 51 enum ip_conntrack_info ctinfo; 54 52 __be32 newdst; 55 - const struct nf_nat_multi_range_compat *mr = targinfo; 53 + const struct nf_nat_multi_range_compat *mr = par->targinfo; 56 54 struct nf_nat_range newrange; 57 55 58 - NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING 59 - || hooknum == NF_INET_LOCAL_OUT); 56 + NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING || 57 + par->hooknum == NF_INET_LOCAL_OUT); 60 58 61 59 ct = nf_ct_get(skb, &ctinfo); 62 60 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 63 61 64 62 /* Local packets: make them go to loopback */ 65 - if (hooknum == NF_INET_LOCAL_OUT) 63 + if (par->hooknum == NF_INET_LOCAL_OUT) 66 64 newdst = htonl(0x7F000001); 67 65 else { 68 66 struct in_device *indev;
+3 -5
net/ipv4/netfilter/ipt_REJECT.c
··· 136 136 } 137 137 138 138 static unsigned int 139 - reject_tg(struct sk_buff *skb, const struct net_device *in, 140 - const struct net_device *out, unsigned int hooknum, 141 - const struct xt_target *target, const void *targinfo) 139 + reject_tg(struct sk_buff *skb, const struct xt_target_param *par) 142 140 { 143 - const struct ipt_reject_info *reject = targinfo; 141 + const struct ipt_reject_info *reject = par->targinfo; 144 142 145 143 /* WARNING: This code causes reentry within iptables. 146 144 This means that the iptables jump stack is now crap. We ··· 166 168 send_unreach(skb, ICMP_PKT_FILTERED); 167 169 break; 168 170 case IPT_TCP_RESET: 169 - send_reset(skb, hooknum); 171 + send_reset(skb, par->hooknum); 170 172 case IPT_ICMP_ECHOREPLY: 171 173 /* Doesn't happen. */ 172 174 break;
+2 -4
net/ipv4/netfilter/ipt_TTL.c
··· 20 20 MODULE_LICENSE("GPL"); 21 21 22 22 static unsigned int 23 - ttl_tg(struct sk_buff *skb, const struct net_device *in, 24 - const struct net_device *out, unsigned int hooknum, 25 - const struct xt_target *target, const void *targinfo) 23 + ttl_tg(struct sk_buff *skb, const struct xt_target_param *par) 26 24 { 27 25 struct iphdr *iph; 28 - const struct ipt_TTL_info *info = targinfo; 26 + const struct ipt_TTL_info *info = par->targinfo; 29 27 int new_ttl; 30 28 31 29 if (!skb_make_writable(skb, skb->len))
+3 -7
net/ipv4/netfilter/ipt_ULOG.c
··· 281 281 } 282 282 283 283 static unsigned int 284 - ulog_tg(struct sk_buff *skb, const struct net_device *in, 285 - const struct net_device *out, unsigned int hooknum, 286 - const struct xt_target *target, const void *targinfo) 284 + ulog_tg(struct sk_buff *skb, const struct xt_target_param *par) 287 285 { 288 - struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo; 289 - 290 - ipt_ulog_packet(hooknum, skb, in, out, loginfo, NULL); 291 - 286 + ipt_ulog_packet(par->hooknum, skb, par->in, par->out, 287 + par->targinfo, NULL); 292 288 return XT_CONTINUE; 293 289 } 294 290
+12 -20
net/ipv4/netfilter/nf_nat_rule.c
··· 67 67 }; 68 68 69 69 /* Source NAT */ 70 - static unsigned int ipt_snat_target(struct sk_buff *skb, 71 - const struct net_device *in, 72 - const struct net_device *out, 73 - unsigned int hooknum, 74 - const struct xt_target *target, 75 - const void *targinfo) 70 + static unsigned int 71 + ipt_snat_target(struct sk_buff *skb, const struct xt_target_param *par) 76 72 { 77 73 struct nf_conn *ct; 78 74 enum ip_conntrack_info ctinfo; 79 - const struct nf_nat_multi_range_compat *mr = targinfo; 75 + const struct nf_nat_multi_range_compat *mr = par->targinfo; 80 76 81 - NF_CT_ASSERT(hooknum == NF_INET_POST_ROUTING); 77 + NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING); 82 78 83 79 ct = nf_ct_get(skb, &ctinfo); 84 80 85 81 /* Connection must be valid and new. */ 86 82 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED || 87 83 ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); 88 - NF_CT_ASSERT(out); 84 + NF_CT_ASSERT(par->out != NULL); 89 85 90 86 return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC); 91 87 } ··· 105 109 ip_rt_put(rt); 106 110 } 107 111 108 - static unsigned int ipt_dnat_target(struct sk_buff *skb, 109 - const struct net_device *in, 110 - const struct net_device *out, 111 - unsigned int hooknum, 112 - const struct xt_target *target, 113 - const void *targinfo) 112 + static unsigned int 113 + ipt_dnat_target(struct sk_buff *skb, const struct xt_target_param *par) 114 114 { 115 115 struct nf_conn *ct; 116 116 enum ip_conntrack_info ctinfo; 117 - const struct nf_nat_multi_range_compat *mr = targinfo; 117 + const struct nf_nat_multi_range_compat *mr = par->targinfo; 118 118 119 - NF_CT_ASSERT(hooknum == NF_INET_PRE_ROUTING || 120 - hooknum == NF_INET_LOCAL_OUT); 119 + NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING || 120 + par->hooknum == NF_INET_LOCAL_OUT); 121 121 122 122 ct = nf_ct_get(skb, &ctinfo); 123 123 124 124 /* Connection must be valid and new. */ 125 125 NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED)); 126 126 127 - if (hooknum == NF_INET_LOCAL_OUT && 127 + if (par->hooknum == NF_INET_LOCAL_OUT && 128 128 mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) 129 - warn_if_extra_mangle(dev_net(out), ip_hdr(skb)->daddr, 129 + warn_if_extra_mangle(dev_net(par->out), ip_hdr(skb)->daddr, 130 130 mr->range[0].min_ip); 131 131 132 132 return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);
+11 -13
net/ipv6/netfilter/ip6_tables.c
··· 200 200 } 201 201 202 202 static unsigned int 203 - ip6t_error(struct sk_buff *skb, 204 - const struct net_device *in, 205 - const struct net_device *out, 206 - unsigned int hooknum, 207 - const struct xt_target *target, 208 - const void *targinfo) 203 + ip6t_error(struct sk_buff *skb, const struct xt_target_param *par) 209 204 { 210 205 if (net_ratelimit()) 211 - printk("ip6_tables: error: `%s'\n", (char *)targinfo); 206 + printk("ip6_tables: error: `%s'\n", 207 + (const char *)par->targinfo); 212 208 213 209 return NF_DROP; 214 210 } ··· 356 360 struct ip6t_entry *e, *back; 357 361 struct xt_table_info *private; 358 362 struct xt_match_param mtpar; 363 + struct xt_target_param tgpar; 359 364 360 365 /* Initialization */ 361 366 indev = in ? in->name : nulldevname; ··· 368 371 * rule is also a fragment-specific rule, non-fragments won't 369 372 * match it. */ 370 373 mtpar.hotdrop = &hotdrop; 371 - mtpar.in = in; 372 - mtpar.out = out; 374 + mtpar.in = tgpar.in = in; 375 + mtpar.out = tgpar.out = out; 376 + tgpar.hooknum = hook; 373 377 374 378 read_lock_bh(&table->lock); 375 379 IP_NF_ASSERT(table->valid_hooks & (1 << hook)); ··· 436 438 } else { 437 439 /* Targets which reenter must return 438 440 abs. verdicts */ 441 + tgpar.target = t->u.kernel.target; 442 + tgpar.targinfo = t->data; 443 + 439 444 #ifdef CONFIG_NETFILTER_DEBUG 440 445 ((struct ip6t_entry *)table_base)->comefrom 441 446 = 0xeeeeeeec; 442 447 #endif 443 448 verdict = t->u.kernel.target->target(skb, 444 - in, out, 445 - hook, 446 - t->u.kernel.target, 447 - t->data); 449 + &tgpar); 448 450 449 451 #ifdef CONFIG_NETFILTER_DEBUG 450 452 if (((struct ip6t_entry *)table_base)->comefrom
+2 -4
net/ipv6/netfilter/ip6t_HL.c
··· 19 19 MODULE_LICENSE("GPL"); 20 20 21 21 static unsigned int 22 - hl_tg6(struct sk_buff *skb, const struct net_device *in, 23 - const struct net_device *out, unsigned int hooknum, 24 - const struct xt_target *target, const void *targinfo) 22 + hl_tg6(struct sk_buff *skb, const struct xt_target_param *par) 25 23 { 26 24 struct ipv6hdr *ip6h; 27 - const struct ip6t_HL_info *info = targinfo; 25 + const struct ip6t_HL_info *info = par->targinfo; 28 26 int new_hl; 29 27 30 28 if (!skb_make_writable(skb, skb->len))
+3 -5
net/ipv6/netfilter/ip6t_LOG.c
··· 438 438 } 439 439 440 440 static unsigned int 441 - log_tg6(struct sk_buff *skb, const struct net_device *in, 442 - const struct net_device *out, unsigned int hooknum, 443 - const struct xt_target *target, const void *targinfo) 441 + log_tg6(struct sk_buff *skb, const struct xt_target_param *par) 444 442 { 445 - const struct ip6t_log_info *loginfo = targinfo; 443 + const struct ip6t_log_info *loginfo = par->targinfo; 446 444 struct nf_loginfo li; 447 445 448 446 li.type = NF_LOG_TYPE_LOG; 449 447 li.u.log.level = loginfo->level; 450 448 li.u.log.logflags = loginfo->logflags; 451 449 452 - ip6t_log_packet(NFPROTO_IPV6, hooknum, skb, in, out, 450 + ip6t_log_packet(NFPROTO_IPV6, par->hooknum, skb, par->in, par->out, 453 451 &li, loginfo->prefix); 454 452 return XT_CONTINUE; 455 453 }
+8 -10
net/ipv6/netfilter/ip6t_REJECT.c
··· 173 173 } 174 174 175 175 static unsigned int 176 - reject_tg6(struct sk_buff *skb, const struct net_device *in, 177 - const struct net_device *out, unsigned int hooknum, 178 - const struct xt_target *target, const void *targinfo) 176 + reject_tg6(struct sk_buff *skb, const struct xt_target_param *par) 179 177 { 180 - const struct ip6t_reject_info *reject = targinfo; 181 - struct net *net = dev_net(in ? in : out); 178 + const struct ip6t_reject_info *reject = par->targinfo; 179 + struct net *net = dev_net((par->in != NULL) ? par->in : par->out); 182 180 183 181 pr_debug("%s: medium point\n", __func__); 184 182 /* WARNING: This code causes reentry within ip6tables. ··· 184 186 must return an absolute verdict. --RR */ 185 187 switch (reject->with) { 186 188 case IP6T_ICMP6_NO_ROUTE: 187 - send_unreach(net, skb, ICMPV6_NOROUTE, hooknum); 189 + send_unreach(net, skb, ICMPV6_NOROUTE, par->hooknum); 188 190 break; 189 191 case IP6T_ICMP6_ADM_PROHIBITED: 190 - send_unreach(net, skb, ICMPV6_ADM_PROHIBITED, hooknum); 192 + send_unreach(net, skb, ICMPV6_ADM_PROHIBITED, par->hooknum); 191 193 break; 192 194 case IP6T_ICMP6_NOT_NEIGHBOUR: 193 - send_unreach(net, skb, ICMPV6_NOT_NEIGHBOUR, hooknum); 195 + send_unreach(net, skb, ICMPV6_NOT_NEIGHBOUR, par->hooknum); 194 196 break; 195 197 case IP6T_ICMP6_ADDR_UNREACH: 196 - send_unreach(net, skb, ICMPV6_ADDR_UNREACH, hooknum); 198 + send_unreach(net, skb, ICMPV6_ADDR_UNREACH, par->hooknum); 197 199 break; 198 200 case IP6T_ICMP6_PORT_UNREACH: 199 - send_unreach(net, skb, ICMPV6_PORT_UNREACH, hooknum); 201 + send_unreach(net, skb, ICMPV6_PORT_UNREACH, par->hooknum); 200 202 break; 201 203 case IP6T_ICMP6_ECHOREPLY: 202 204 /* Do nothing */
+2 -4
net/netfilter/xt_CLASSIFY.c
··· 27 27 MODULE_ALIAS("ip6t_CLASSIFY"); 28 28 29 29 static unsigned int 30 - classify_tg(struct sk_buff *skb, const struct net_device *in, 31 - const struct net_device *out, unsigned int hooknum, 32 - const struct xt_target *target, const void *targinfo) 30 + classify_tg(struct sk_buff *skb, const struct xt_target_param *par) 33 31 { 34 - const struct xt_classify_target_info *clinfo = targinfo; 32 + const struct xt_classify_target_info *clinfo = par->targinfo; 35 33 36 34 skb->priority = clinfo->priority; 37 35 return XT_CONTINUE;
+4 -8
net/netfilter/xt_CONNMARK.c
··· 36 36 #include <net/netfilter/nf_conntrack_ecache.h> 37 37 38 38 static unsigned int 39 - connmark_tg_v0(struct sk_buff *skb, const struct net_device *in, 40 - const struct net_device *out, unsigned int hooknum, 41 - const struct xt_target *target, const void *targinfo) 39 + connmark_tg_v0(struct sk_buff *skb, const struct xt_target_param *par) 42 40 { 43 - const struct xt_connmark_target_info *markinfo = targinfo; 41 + const struct xt_connmark_target_info *markinfo = par->targinfo; 44 42 struct nf_conn *ct; 45 43 enum ip_conntrack_info ctinfo; 46 44 u_int32_t diff; ··· 75 77 } 76 78 77 79 static unsigned int 78 - connmark_tg(struct sk_buff *skb, const struct net_device *in, 79 - const struct net_device *out, unsigned int hooknum, 80 - const struct xt_target *target, const void *targinfo) 80 + connmark_tg(struct sk_buff *skb, const struct xt_target_param *par) 81 81 { 82 - const struct xt_connmark_tginfo1 *info = targinfo; 82 + const struct xt_connmark_tginfo1 *info = par->targinfo; 83 83 enum ip_conntrack_info ctinfo; 84 84 struct nf_conn *ct; 85 85 u_int32_t newmark;
+2 -4
net/netfilter/xt_CONNSECMARK.c
··· 65 65 } 66 66 67 67 static unsigned int 68 - connsecmark_tg(struct sk_buff *skb, const struct net_device *in, 69 - const struct net_device *out, unsigned int hooknum, 70 - const struct xt_target *target, const void *targinfo) 68 + connsecmark_tg(struct sk_buff *skb, const struct xt_target_param *par) 71 69 { 72 - const struct xt_connsecmark_target_info *info = targinfo; 70 + const struct xt_connsecmark_target_info *info = par->targinfo; 73 71 74 72 switch (info->mode) { 75 73 case CONNSECMARK_SAVE:
+10 -20
net/netfilter/xt_DSCP.c
··· 29 29 MODULE_ALIAS("ip6t_TOS"); 30 30 31 31 static unsigned int 32 - dscp_tg(struct sk_buff *skb, const struct net_device *in, 33 - const struct net_device *out, unsigned int hooknum, 34 - const struct xt_target *target, const void *targinfo) 32 + dscp_tg(struct sk_buff *skb, const struct xt_target_param *par) 35 33 { 36 - const struct xt_DSCP_info *dinfo = targinfo; 34 + const struct xt_DSCP_info *dinfo = par->targinfo; 37 35 u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT; 38 36 39 37 if (dscp != dinfo->dscp) { ··· 46 48 } 47 49 48 50 static unsigned int 49 - dscp_tg6(struct sk_buff *skb, const struct net_device *in, 50 - const struct net_device *out, unsigned int hooknum, 51 - const struct xt_target *target, const void *targinfo) 51 + dscp_tg6(struct sk_buff *skb, const struct xt_target_param *par) 52 52 { 53 - const struct xt_DSCP_info *dinfo = targinfo; 53 + const struct xt_DSCP_info *dinfo = par->targinfo; 54 54 u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT; 55 55 56 56 if (dscp != dinfo->dscp) { ··· 76 80 } 77 81 78 82 static unsigned int 79 - tos_tg_v0(struct sk_buff *skb, const struct net_device *in, 80 - const struct net_device *out, unsigned int hooknum, 81 - const struct xt_target *target, const void *targinfo) 83 + tos_tg_v0(struct sk_buff *skb, const struct xt_target_param *par) 82 84 { 83 - const struct ipt_tos_target_info *info = targinfo; 85 + const struct ipt_tos_target_info *info = par->targinfo; 84 86 struct iphdr *iph = ip_hdr(skb); 85 87 u_int8_t oldtos; 86 88 ··· 113 119 } 114 120 115 121 static unsigned int 116 - tos_tg(struct sk_buff *skb, const struct net_device *in, 117 - const struct net_device *out, unsigned int hooknum, 118 - const struct xt_target *target, const void *targinfo) 122 + tos_tg(struct sk_buff *skb, const struct xt_target_param *par) 119 123 { 120 - const struct xt_tos_target_info *info = targinfo; 124 + const struct xt_tos_target_info *info = par->targinfo; 121 125 struct iphdr *iph = ip_hdr(skb); 122 126 u_int8_t orig, nv; 123 127 ··· 133 141 } 134 142 135 143 static unsigned int 136 - tos_tg6(struct sk_buff *skb, const struct net_device *in, 137 - const struct net_device *out, unsigned int hooknum, 138 - const struct xt_target *target, const void *targinfo) 144 + tos_tg6(struct sk_buff *skb, const struct xt_target_param *par) 139 145 { 140 - const struct xt_tos_target_info *info = targinfo; 146 + const struct xt_tos_target_info *info = par->targinfo; 141 147 struct ipv6hdr *iph = ipv6_hdr(skb); 142 148 u_int8_t orig, nv; 143 149
+6 -12
net/netfilter/xt_MARK.c
··· 25 25 MODULE_ALIAS("ip6t_MARK"); 26 26 27 27 static unsigned int 28 - mark_tg_v0(struct sk_buff *skb, const struct net_device *in, 29 - const struct net_device *out, unsigned int hooknum, 30 - const struct xt_target *target, const void *targinfo) 28 + mark_tg_v0(struct sk_buff *skb, const struct xt_target_param *par) 31 29 { 32 - const struct xt_mark_target_info *markinfo = targinfo; 30 + const struct xt_mark_target_info *markinfo = par->targinfo; 33 31 34 32 skb->mark = markinfo->mark; 35 33 return XT_CONTINUE; 36 34 } 37 35 38 36 static unsigned int 39 - mark_tg_v1(struct sk_buff *skb, const struct net_device *in, 40 - const struct net_device *out, unsigned int hooknum, 41 - const struct xt_target *target, const void *targinfo) 37 + mark_tg_v1(struct sk_buff *skb, const struct xt_target_param *par) 42 38 { 43 - const struct xt_mark_target_info_v1 *markinfo = targinfo; 39 + const struct xt_mark_target_info_v1 *markinfo = par->targinfo; 44 40 int mark = 0; 45 41 46 42 switch (markinfo->mode) { ··· 58 62 } 59 63 60 64 static unsigned int 61 - mark_tg(struct sk_buff *skb, const struct net_device *in, 62 - const struct net_device *out, unsigned int hooknum, 63 - const struct xt_target *target, const void *targinfo) 65 + mark_tg(struct sk_buff *skb, const struct xt_target_param *par) 64 66 { 65 - const struct xt_mark_tginfo2 *info = targinfo; 67 + const struct xt_mark_tginfo2 *info = par->targinfo; 66 68 67 69 skb->mark = (skb->mark & ~info->mask) ^ info->mark; 68 70 return XT_CONTINUE;
+4 -6
net/netfilter/xt_NFLOG.c
··· 21 21 MODULE_ALIAS("ip6t_NFLOG"); 22 22 23 23 static unsigned int 24 - nflog_tg(struct sk_buff *skb, const struct net_device *in, 25 - const struct net_device *out, unsigned int hooknum, 26 - const struct xt_target *target, const void *targinfo) 24 + nflog_tg(struct sk_buff *skb, const struct xt_target_param *par) 27 25 { 28 - const struct xt_nflog_info *info = targinfo; 26 + const struct xt_nflog_info *info = par->targinfo; 29 27 struct nf_loginfo li; 30 28 31 29 li.type = NF_LOG_TYPE_ULOG; ··· 31 33 li.u.ulog.group = info->group; 32 34 li.u.ulog.qthreshold = info->threshold; 33 35 34 - nf_log_packet(target->family, hooknum, skb, in, out, &li, 35 - "%s", info->prefix); 36 + nf_log_packet(par->target->family, par->hooknum, skb, par->in, 37 + par->out, &li, "%s", info->prefix); 36 38 return XT_CONTINUE; 37 39 } 38 40
+2 -4
net/netfilter/xt_NFQUEUE.c
··· 24 24 MODULE_ALIAS("arpt_NFQUEUE"); 25 25 26 26 static unsigned int 27 - nfqueue_tg(struct sk_buff *skb, const struct net_device *in, 28 - const struct net_device *out, unsigned int hooknum, 29 - const struct xt_target *target, const void *targinfo) 27 + nfqueue_tg(struct sk_buff *skb, const struct xt_target_param *par) 30 28 { 31 - const struct xt_NFQ_info *tinfo = targinfo; 29 + const struct xt_NFQ_info *tinfo = par->targinfo; 32 30 33 31 return NF_QUEUE_NR(tinfo->queuenum); 34 32 }
+1 -3
net/netfilter/xt_NOTRACK.c
··· 13 13 MODULE_ALIAS("ip6t_NOTRACK"); 14 14 15 15 static unsigned int 16 - notrack_tg(struct sk_buff *skb, const struct net_device *in, 17 - const struct net_device *out, unsigned int hooknum, 18 - const struct xt_target *target, const void *targinfo) 16 + notrack_tg(struct sk_buff *skb, const struct xt_target_param *par) 19 17 { 20 18 /* Previously seen (loopback)? Ignore. */ 21 19 if (skb->nfct != NULL)
+2 -7
net/netfilter/xt_RATEEST.c
··· 71 71 EXPORT_SYMBOL_GPL(xt_rateest_put); 72 72 73 73 static unsigned int 74 - xt_rateest_tg(struct sk_buff *skb, 75 - const struct net_device *in, 76 - const struct net_device *out, 77 - unsigned int hooknum, 78 - const struct xt_target *target, 79 - const void *targinfo) 74 + xt_rateest_tg(struct sk_buff *skb, const struct xt_target_param *par) 80 75 { 81 - const struct xt_rateest_target_info *info = targinfo; 76 + const struct xt_rateest_target_info *info = par->targinfo; 82 77 struct gnet_stats_basic *stats = &info->est->bstats; 83 78 84 79 spin_lock_bh(&info->est->lock);
+2 -4
net/netfilter/xt_SECMARK.c
··· 29 29 static u8 mode; 30 30 31 31 static unsigned int 32 - secmark_tg(struct sk_buff *skb, const struct net_device *in, 33 - const struct net_device *out, unsigned int hooknum, 34 - const struct xt_target *target, const void *targinfo) 32 + secmark_tg(struct sk_buff *skb, const struct xt_target_param *par) 35 33 { 36 34 u32 secmark = 0; 37 - const struct xt_secmark_target_info *info = targinfo; 35 + const struct xt_secmark_target_info *info = par->targinfo; 38 36 39 37 BUG_ON(info->mode != mode); 40 38
+4 -8
net/netfilter/xt_TCPMSS.c
··· 174 174 } 175 175 176 176 static unsigned int 177 - tcpmss_tg4(struct sk_buff *skb, const struct net_device *in, 178 - const struct net_device *out, unsigned int hooknum, 179 - const struct xt_target *target, const void *targinfo) 177 + tcpmss_tg4(struct sk_buff *skb, const struct xt_target_param *par) 180 178 { 181 179 struct iphdr *iph = ip_hdr(skb); 182 180 __be16 newlen; 183 181 int ret; 184 182 185 - ret = tcpmss_mangle_packet(skb, targinfo, 183 + ret = tcpmss_mangle_packet(skb, par->targinfo, 186 184 tcpmss_reverse_mtu(skb, PF_INET), 187 185 iph->ihl * 4, 188 186 sizeof(*iph) + sizeof(struct tcphdr)); ··· 197 199 198 200 #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) 199 201 static unsigned int 200 - tcpmss_tg6(struct sk_buff *skb, const struct net_device *in, 201 - const struct net_device *out, unsigned int hooknum, 202 - const struct xt_target *target, const void *targinfo) 202 + tcpmss_tg6(struct sk_buff *skb, const struct xt_target_param *par) 203 203 { 204 204 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 205 205 u8 nexthdr; ··· 208 212 tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr); 209 213 if (tcphoff < 0) 210 214 return NF_DROP; 211 - ret = tcpmss_mangle_packet(skb, targinfo, 215 + ret = tcpmss_mangle_packet(skb, par->targinfo, 212 216 tcpmss_reverse_mtu(skb, PF_INET6), 213 217 tcphoff, 214 218 sizeof(*ipv6h) + sizeof(struct tcphdr));
+4 -8
net/netfilter/xt_TCPOPTSTRIP.c
··· 75 75 } 76 76 77 77 static unsigned int 78 - tcpoptstrip_tg4(struct sk_buff *skb, const struct net_device *in, 79 - const struct net_device *out, unsigned int hooknum, 80 - const struct xt_target *target, const void *targinfo) 78 + tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_target_param *par) 81 79 { 82 - return tcpoptstrip_mangle_packet(skb, targinfo, ip_hdrlen(skb), 80 + return tcpoptstrip_mangle_packet(skb, par->targinfo, ip_hdrlen(skb), 83 81 sizeof(struct iphdr) + sizeof(struct tcphdr)); 84 82 } 85 83 86 84 #if defined(CONFIG_IP6_NF_MANGLE) || defined(CONFIG_IP6_NF_MANGLE_MODULE) 87 85 static unsigned int 88 - tcpoptstrip_tg6(struct sk_buff *skb, const struct net_device *in, 89 - const struct net_device *out, unsigned int hooknum, 90 - const struct xt_target *target, const void *targinfo) 86 + tcpoptstrip_tg6(struct sk_buff *skb, const struct xt_target_param *par) 91 87 { 92 88 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 93 89 int tcphoff; ··· 94 98 if (tcphoff < 0) 95 99 return NF_DROP; 96 100 97 - return tcpoptstrip_mangle_packet(skb, targinfo, tcphoff, 101 + return tcpoptstrip_mangle_packet(skb, par->targinfo, tcphoff, 98 102 sizeof(*ipv6h) + sizeof(struct tcphdr)); 99 103 } 100 104 #endif
+3 -8
net/netfilter/xt_TPROXY.c
··· 25 25 #include <net/netfilter/nf_tproxy_core.h> 26 26 27 27 static unsigned int 28 - tproxy_tg(struct sk_buff *skb, 29 - const struct net_device *in, 30 - const struct net_device *out, 31 - unsigned int hooknum, 32 - const struct xt_target *target, 33 - const void *targinfo) 28 + tproxy_tg(struct sk_buff *skb, const struct xt_target_param *par) 34 29 { 35 30 const struct iphdr *iph = ip_hdr(skb); 36 - const struct xt_tproxy_target_info *tgi = targinfo; 31 + const struct xt_tproxy_target_info *tgi = par->targinfo; 37 32 struct udphdr _hdr, *hp; 38 33 struct sock *sk; 39 34 ··· 39 44 sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), iph->protocol, 40 45 iph->saddr, tgi->laddr ? tgi->laddr : iph->daddr, 41 46 hp->source, tgi->lport ? tgi->lport : hp->dest, 42 - in, true); 47 + par->in, true); 43 48 44 49 /* NOTE: assign_sock consumes our sk reference */ 45 50 if (sk && nf_tproxy_assign_sock(skb, sk)) {
+1 -3
net/netfilter/xt_TRACE.c
··· 11 11 MODULE_ALIAS("ip6t_TRACE"); 12 12 13 13 static unsigned int 14 - trace_tg(struct sk_buff *skb, const struct net_device *in, 15 - const struct net_device *out, unsigned int hooknum, 16 - const struct xt_target *target, const void *targinfo) 14 + trace_tg(struct sk_buff *skb, const struct xt_target_param *par) 17 15 { 18 16 skb->nf_trace = 1; 19 17 return XT_CONTINUE;
+8 -4
net/sched/act_ipt.c
··· 188 188 { 189 189 int ret = 0, result = 0; 190 190 struct tcf_ipt *ipt = a->priv; 191 + struct xt_target_param par; 191 192 192 193 if (skb_cloned(skb)) { 193 194 if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) ··· 204 203 /* yes, we have to worry about both in and out dev 205 204 worry later - danger - this API seems to have changed 206 205 from earlier kernels */ 207 - ret = ipt->tcfi_t->u.kernel.target->target(skb, skb->dev, NULL, 208 - ipt->tcfi_hook, 209 - ipt->tcfi_t->u.kernel.target, 210 - ipt->tcfi_t->data); 206 + par.in = skb->dev; 207 + par.out = NULL; 208 + par.hooknum = ipt->tcfi_hook; 209 + par.target = ipt->tcfi_t->u.kernel.target; 210 + par.targinfo = ipt->tcfi_t->data; 211 + ret = par.target->target(skb, &par); 212 + 211 213 switch (ret) { 212 214 case NF_ACCEPT: 213 215 result = TC_ACT_OK;