+3 -3

include/linux/netfilter_ipv4/ip_tables.h

reviewed

··· 63 63 } 64 64 65 65 extern void *ipt_alloc_initial_table(const struct xt_table *); 66 66 - extern unsigned int ipt_do_table(struct sk_buff *skb, 67 67 - const struct nf_hook_state *state, 68 68 - struct xt_table *table); 66 66 + extern unsigned int ipt_do_table(void *priv, 67 67 + struct sk_buff *skb, 68 68 + const struct nf_hook_state *state); 69 69 70 70 #ifdef CONFIG_NETFILTER_XTABLES_COMPAT 71 71 #include <net/compat.h>

+4 -3

net/ipv4/netfilter/ip_tables.c

reviewed

··· 222 222 223 223 /* Returns one of the generic firewall policies, like NF_ACCEPT. */ 224 224 unsigned int 225 225 - ipt_do_table(struct sk_buff *skb, 226 226 - const struct nf_hook_state *state, 227 227 - struct xt_table *table) 225 225 + ipt_do_table(void *priv, 226 226 + struct sk_buff *skb, 227 227 + const struct nf_hook_state *state) 228 228 { 229 229 + const struct xt_table *table = priv; 229 230 unsigned int hook = state->hook; 230 231 static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); 231 232 const struct iphdr *ip;

+1 -8

net/ipv4/netfilter/iptable_filter.c

reviewed

··· 28 28 .priority = NF_IP_PRI_FILTER, 29 29 }; 30 30 31 31 - static unsigned int 32 32 - iptable_filter_hook(void *priv, struct sk_buff *skb, 33 33 - const struct nf_hook_state *state) 34 34 - { 35 35 - return ipt_do_table(skb, state, priv); 36 36 - } 37 37 - 38 31 static struct nf_hook_ops *filter_ops __read_mostly; 39 32 40 33 /* Default to forward because I got too much mail already. */ ··· 83 90 if (ret < 0) 84 91 return ret; 85 92 86 86 - filter_ops = xt_hook_ops_alloc(&packet_filter, iptable_filter_hook); 93 93 + filter_ops = xt_hook_ops_alloc(&packet_filter, ipt_do_table); 87 94 if (IS_ERR(filter_ops)) { 88 95 xt_unregister_template(&packet_filter); 89 96 return PTR_ERR(filter_ops);

+4 -4

net/ipv4/netfilter/iptable_mangle.c

reviewed

··· 34 34 }; 35 35 36 36 static unsigned int 37 37 - ipt_mangle_out(struct sk_buff *skb, const struct nf_hook_state *state, void *priv) 37 37 + ipt_mangle_out(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) 38 38 { 39 39 unsigned int ret; 40 40 const struct iphdr *iph; ··· 50 50 daddr = iph->daddr; 51 51 tos = iph->tos; 52 52 53 53 - ret = ipt_do_table(skb, state, priv); 53 53 + ret = ipt_do_table(priv, skb, state); 54 54 /* Reroute for ANY change. */ 55 55 if (ret != NF_DROP && ret != NF_STOLEN) { 56 56 iph = ip_hdr(skb); ··· 75 75 const struct nf_hook_state *state) 76 76 { 77 77 if (state->hook == NF_INET_LOCAL_OUT) 78 78 - return ipt_mangle_out(skb, state, priv); 79 79 - return ipt_do_table(skb, state, priv); 78 78 + return ipt_mangle_out(priv, skb, state); 79 79 + return ipt_do_table(priv, skb, state); 80 80 } 81 81 82 82 static struct nf_hook_ops *mangle_ops __read_mostly;

+4 -11

net/ipv4/netfilter/iptable_nat.c

reviewed

··· 29 29 .af = NFPROTO_IPV4, 30 30 }; 31 31 32 32 - static unsigned int iptable_nat_do_chain(void *priv, 33 33 - struct sk_buff *skb, 34 34 - const struct nf_hook_state *state) 35 35 - { 36 36 - return ipt_do_table(skb, state, priv); 37 37 - } 38 38 - 39 32 static const struct nf_hook_ops nf_nat_ipv4_ops[] = { 40 33 { 41 41 - .hook = iptable_nat_do_chain, 34 34 + .hook = ipt_do_table, 42 35 .pf = NFPROTO_IPV4, 43 36 .hooknum = NF_INET_PRE_ROUTING, 44 37 .priority = NF_IP_PRI_NAT_DST, 45 38 }, 46 39 { 47 47 - .hook = iptable_nat_do_chain, 40 40 + .hook = ipt_do_table, 48 41 .pf = NFPROTO_IPV4, 49 42 .hooknum = NF_INET_POST_ROUTING, 50 43 .priority = NF_IP_PRI_NAT_SRC, 51 44 }, 52 45 { 53 53 - .hook = iptable_nat_do_chain, 46 46 + .hook = ipt_do_table, 54 47 .pf = NFPROTO_IPV4, 55 48 .hooknum = NF_INET_LOCAL_OUT, 56 49 .priority = NF_IP_PRI_NAT_DST, 57 50 }, 58 51 { 59 59 - .hook = iptable_nat_do_chain, 52 52 + .hook = ipt_do_table, 60 53 .pf = NFPROTO_IPV4, 61 54 .hooknum = NF_INET_LOCAL_IN, 62 55 .priority = NF_IP_PRI_NAT_SRC,

+1 -9

net/ipv4/netfilter/iptable_raw.c

reviewed

··· 32 32 .priority = NF_IP_PRI_RAW_BEFORE_DEFRAG, 33 33 }; 34 34 35 35 - /* The work comes in here from netfilter.c. */ 36 36 - static unsigned int 37 37 - iptable_raw_hook(void *priv, struct sk_buff *skb, 38 38 - const struct nf_hook_state *state) 39 39 - { 40 40 - return ipt_do_table(skb, state, priv); 41 41 - } 42 42 - 43 35 static struct nf_hook_ops *rawtable_ops __read_mostly; 44 36 45 37 static int iptable_raw_table_init(struct net *net) ··· 82 90 if (ret < 0) 83 91 return ret; 84 92 85 85 - rawtable_ops = xt_hook_ops_alloc(table, iptable_raw_hook); 93 93 + rawtable_ops = xt_hook_ops_alloc(table, ipt_do_table); 86 94 if (IS_ERR(rawtable_ops)) { 87 95 xt_unregister_template(table); 88 96 return PTR_ERR(rawtable_ops);

+1 -8

net/ipv4/netfilter/iptable_security.c

reviewed

··· 33 33 .priority = NF_IP_PRI_SECURITY, 34 34 }; 35 35 36 36 - static unsigned int 37 37 - iptable_security_hook(void *priv, struct sk_buff *skb, 38 38 - const struct nf_hook_state *state) 39 39 - { 40 40 - return ipt_do_table(skb, state, priv); 41 41 - } 42 42 - 43 36 static struct nf_hook_ops *sectbl_ops __read_mostly; 44 37 45 38 static int iptable_security_table_init(struct net *net) ··· 71 78 if (ret < 0) 72 79 return ret; 73 80 74 74 - sectbl_ops = xt_hook_ops_alloc(&security_table, iptable_security_hook); 81 81 + sectbl_ops = xt_hook_ops_alloc(&security_table, ipt_do_table); 75 82 if (IS_ERR(sectbl_ops)) { 76 83 xt_unregister_template(&security_table); 77 84 return PTR_ERR(sectbl_ops);