netfilter: arp_tables: allow use of arpt_do_table as hookfn

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This is possible now that the xt_table structure is passed in via *priv.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 4 years ago e8d225b6 8844e010

+7 -15

3 changed files

expand all

include

linux

netfilter_arp

arp_tables.h

net

ipv4

netfilter

arp_tables.c

arptable_filter.c

+2 -3

include/linux/netfilter_arp/arp_tables.h

··· 54 54 const struct nf_hook_ops *ops); 55 55 void arpt_unregister_table(struct net *net, const char *name); 56 56 void arpt_unregister_table_pre_exit(struct net *net, const char *name); 57 - extern unsigned int arpt_do_table(struct sk_buff *skb, 58 - const struct nf_hook_state *state, 59 - struct xt_table *table); 57 + extern unsigned int arpt_do_table(void *priv, struct sk_buff *skb, 58 + const struct nf_hook_state *state); 60 59 61 60 #ifdef CONFIG_NETFILTER_XTABLES_COMPAT 62 61 #include <net/compat.h>

+4 -3

net/ipv4/netfilter/arp_tables.c

··· 179 179 return (void *)entry + entry->next_offset; 180 180 } 181 181 182 - unsigned int arpt_do_table(struct sk_buff *skb, 183 - const struct nf_hook_state *state, 184 - struct xt_table *table) 182 + unsigned int arpt_do_table(void *priv, 183 + struct sk_buff *skb, 184 + const struct nf_hook_state *state) 185 185 { 186 + const struct xt_table *table = priv; 186 187 unsigned int hook = state->hook; 187 188 static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long)))); 188 189 unsigned int verdict = NF_DROP;

+1 -9

net/ipv4/netfilter/arptable_filter.c

··· 26 26 .priority = NF_IP_PRI_FILTER, 27 27 }; 28 28 29 - /* The work comes in here from netfilter.c */ 30 - static unsigned int 31 - arptable_filter_hook(void *priv, struct sk_buff *skb, 32 - const struct nf_hook_state *state) 33 - { 34 - return arpt_do_table(skb, state, priv); 35 - } 36 - 37 29 static struct nf_hook_ops *arpfilter_ops __read_mostly; 38 30 39 31 static int arptable_filter_table_init(struct net *net) ··· 64 72 if (ret < 0) 65 73 return ret; 66 74 67 - arpfilter_ops = xt_hook_ops_alloc(&packet_filter, arptable_filter_hook); 75 + arpfilter_ops = xt_hook_ops_alloc(&packet_filter, arpt_do_table); 68 76 if (IS_ERR(arpfilter_ops)) { 69 77 xt_unregister_template(&packet_filter); 70 78 return PTR_ERR(arpfilter_ops);