tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nf_tables: add and use nft_sk helper

This allows to change storage placement later on without changing readers.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso 85554eb9 6802db48

+9 -4
+5
include/net/netfilter/nf_tables.h
··· 29 29 struct xt_action_param xt; 30 30 }; 31 31 32 + static inline struct sock *nft_sk(const struct nft_pktinfo *pkt) 33 + { 34 + return pkt->xt.state->sk; 35 + } 36 + 32 37 static inline struct net *nft_net(const struct nft_pktinfo *pkt) 33 38 { 34 39 return pkt->xt.state->net;
+1 -1
net/ipv4/netfilter/nft_reject_ipv4.c
··· 27 27 nf_send_unreach(pkt->skb, priv->icmp_code, nft_hook(pkt)); 28 28 break; 29 29 case NFT_REJECT_TCP_RST: 30 - nf_send_reset(nft_net(pkt), pkt->xt.state->sk, pkt->skb, 30 + nf_send_reset(nft_net(pkt), nft_sk(pkt), pkt->skb, 31 31 nft_hook(pkt)); 32 32 break; 33 33 default:
+1 -1
net/ipv6/netfilter/nft_reject_ipv6.c
··· 28 28 nft_hook(pkt)); 29 29 break; 30 30 case NFT_REJECT_TCP_RST: 31 - nf_send_reset6(nft_net(pkt), pkt->xt.state->sk, pkt->skb, 31 + nf_send_reset6(nft_net(pkt), nft_sk(pkt), pkt->skb, 32 32 nft_hook(pkt)); 33 33 break; 34 34 default:
+2 -2
net/netfilter/nft_reject_inet.c
··· 28 28 nft_hook(pkt)); 29 29 break; 30 30 case NFT_REJECT_TCP_RST: 31 - nf_send_reset(nft_net(pkt), pkt->xt.state->sk, 31 + nf_send_reset(nft_net(pkt), nft_sk(pkt), 32 32 pkt->skb, nft_hook(pkt)); 33 33 break; 34 34 case NFT_REJECT_ICMPX_UNREACH: ··· 45 45 priv->icmp_code, nft_hook(pkt)); 46 46 break; 47 47 case NFT_REJECT_TCP_RST: 48 - nf_send_reset6(nft_net(pkt), pkt->xt.state->sk, 48 + nf_send_reset6(nft_net(pkt), nft_sk(pkt), 49 49 pkt->skb, nft_hook(pkt)); 50 50 break; 51 51 case NFT_REJECT_ICMPX_UNREACH: