Commit 85554eb9 authored May 28, 2021 by Florian Westphal Committed by Pablo Neira Ayuso May 29, 2021

netfilter: nf_tables: add and use nft_sk helper



This allows to change storage placement later on without changing readers.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 6802db48

include/net/netfilter/nf_tables.h

+5 −0

Original line number	Diff line number	Diff line
		@@ -29,6 +29,11 @@ struct nft_pktinfo {
		struct xt_action_param xt;
		};

		static inline struct sock nft_sk(const struct nft_pktinfo pkt)
		{
		return pkt->xt.state->sk;
		}

		static inline struct net nft_net(const struct nft_pktinfo pkt)
		{
		return pkt->xt.state->net;

net/ipv4/netfilter/nft_reject_ipv4.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -27,7 +27,7 @@ static void nft_reject_ipv4_eval(const struct nft_expr *expr,
		nf_send_unreach(pkt->skb, priv->icmp_code, nft_hook(pkt));
		break;
		case NFT_REJECT_TCP_RST:
		nf_send_reset(nft_net(pkt), pkt->xt.state->sk, pkt->skb,
		nf_send_reset(nft_net(pkt), nft_sk(pkt), pkt->skb,
		nft_hook(pkt));
		break;
		default:

net/ipv6/netfilter/nft_reject_ipv6.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -28,7 +28,7 @@ static void nft_reject_ipv6_eval(const struct nft_expr *expr,
		nft_hook(pkt));
		break;
		case NFT_REJECT_TCP_RST:
		nf_send_reset6(nft_net(pkt), pkt->xt.state->sk, pkt->skb,
		nf_send_reset6(nft_net(pkt), nft_sk(pkt), pkt->skb,
		nft_hook(pkt));
		break;
		default:

net/netfilter/nft_reject_inet.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -28,7 +28,7 @@ static void nft_reject_inet_eval(const struct nft_expr *expr,
		nft_hook(pkt));
		break;
		case NFT_REJECT_TCP_RST:
		nf_send_reset(nft_net(pkt), pkt->xt.state->sk,
		nf_send_reset(nft_net(pkt), nft_sk(pkt),
		pkt->skb, nft_hook(pkt));
		break;
		case NFT_REJECT_ICMPX_UNREACH:
		@@ -45,7 +45,7 @@ static void nft_reject_inet_eval(const struct nft_expr *expr,
		priv->icmp_code, nft_hook(pkt));
		break;
		case NFT_REJECT_TCP_RST:
		nf_send_reset6(nft_net(pkt), pkt->xt.state->sk,
		nf_send_reset6(nft_net(pkt), nft_sk(pkt),
		pkt->skb, nft_hook(pkt));
		break;
		case NFT_REJECT_ICMPX_UNREACH: