netfilter: ebtables: allow use of ebt_do_table as hookfn

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This is possible now that the xt_table structure is passed via *priv.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 4 years ago f0d6764f 44b5990e

+12 -26

5 changed files

expand all

include

linux

netfilter_bridge

ebtables.h

net

bridge

netfilter

ebtable_broute.c

ebtable_filter.c

ebtable_nat.c

ebtables.c

+2 -3

include/linux/netfilter_bridge/ebtables.h

··· 112 112 const struct nf_hook_ops *ops); 113 113 extern void ebt_unregister_table(struct net *net, const char *tablename); 114 114 void ebt_unregister_table_pre_exit(struct net *net, const char *tablename); 115 - extern unsigned int ebt_do_table(struct sk_buff *skb, 116 - const struct nf_hook_state *state, 117 - struct ebt_table *table); 115 + extern unsigned int ebt_do_table(void *priv, struct sk_buff *skb, 116 + const struct nf_hook_state *state); 118 117 119 118 /* True if the hook mask denotes that the rule is in a base chain, 120 119 * used in the check() functions */

+1 -1

net/bridge/netfilter/ebtable_broute.c

··· 66 66 NFPROTO_BRIDGE, s->in, NULL, NULL, 67 67 s->net, NULL); 68 68 69 - ret = ebt_do_table(skb, &state, priv); 69 + ret = ebt_do_table(priv, skb, &state); 70 70 if (ret != NF_DROP) 71 71 return ret; 72 72

+3 -10

net/bridge/netfilter/ebtable_filter.c

··· 58 58 .me = THIS_MODULE, 59 59 }; 60 60 61 - static unsigned int 62 - ebt_filter_hook(void *priv, struct sk_buff *skb, 63 - const struct nf_hook_state *state) 64 - { 65 - return ebt_do_table(skb, state, priv); 66 - } 67 - 68 61 static const struct nf_hook_ops ebt_ops_filter[] = { 69 62 { 70 - .hook = ebt_filter_hook, 63 + .hook = ebt_do_table, 71 64 .pf = NFPROTO_BRIDGE, 72 65 .hooknum = NF_BR_LOCAL_IN, 73 66 .priority = NF_BR_PRI_FILTER_BRIDGED, 74 67 }, 75 68 { 76 - .hook = ebt_filter_hook, 69 + .hook = ebt_do_table, 77 70 .pf = NFPROTO_BRIDGE, 78 71 .hooknum = NF_BR_FORWARD, 79 72 .priority = NF_BR_PRI_FILTER_BRIDGED, 80 73 }, 81 74 { 82 - .hook = ebt_filter_hook, 75 + .hook = ebt_do_table, 83 76 .pf = NFPROTO_BRIDGE, 84 77 .hooknum = NF_BR_LOCAL_OUT, 85 78 .priority = NF_BR_PRI_FILTER_OTHER,

+3 -9

net/bridge/netfilter/ebtable_nat.c

··· 58 58 .me = THIS_MODULE, 59 59 }; 60 60 61 - static unsigned int ebt_nat_hook(void *priv, struct sk_buff *skb, 62 - const struct nf_hook_state *state) 63 - { 64 - return ebt_do_table(skb, state, priv); 65 - } 66 - 67 61 static const struct nf_hook_ops ebt_ops_nat[] = { 68 62 { 69 - .hook = ebt_nat_hook, 63 + .hook = ebt_do_table, 70 64 .pf = NFPROTO_BRIDGE, 71 65 .hooknum = NF_BR_LOCAL_OUT, 72 66 .priority = NF_BR_PRI_NAT_DST_OTHER, 73 67 }, 74 68 { 75 - .hook = ebt_nat_hook, 69 + .hook = ebt_do_table, 76 70 .pf = NFPROTO_BRIDGE, 77 71 .hooknum = NF_BR_POST_ROUTING, 78 72 .priority = NF_BR_PRI_NAT_SRC, 79 73 }, 80 74 { 81 - .hook = ebt_nat_hook, 75 + .hook = ebt_do_table, 82 76 .pf = NFPROTO_BRIDGE, 83 77 .hooknum = NF_BR_PRE_ROUTING, 84 78 .priority = NF_BR_PRI_NAT_DST_BRIDGED,

+3 -3

net/bridge/netfilter/ebtables.c

··· 189 189 } 190 190 191 191 /* Do some firewalling */ 192 - unsigned int ebt_do_table(struct sk_buff *skb, 193 - const struct nf_hook_state *state, 194 - struct ebt_table *table) 192 + unsigned int ebt_do_table(void *priv, struct sk_buff *skb, 193 + const struct nf_hook_state *state) 195 194 { 195 + struct ebt_table *table = priv; 196 196 unsigned int hook = state->hook; 197 197 int i, nentries; 198 198 struct ebt_entry *point;