netfilter: Pass nf_hook_state through ip6t_do_table().

extern void ip6t_unregister_table(struct net *net, struct xt_table *table);

extern unsigned int ip6t_do_table(struct sk_buff *skb,

				  unsigned int hook,

				  const struct net_device *in,

				  const struct net_device *out,

				  const struct nf_hook_state *state,

				  struct xt_table *table);

/* Check for an extension */

unsigned int

ip6t_do_table(struct sk_buff *skb,

	      unsigned int hook,

	      const struct net_device *in,

	      const struct net_device *out,

	      const struct nf_hook_state *state,

	      struct xt_table *table)

{

	static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));

	unsigned int addend;

	/* Initialization */

	indev = in ? in->name : nulldevname;

	outdev = out ? out->name : nulldevname;

	indev = state->in ? state->in->name : nulldevname;

	outdev = state->out ? state->out->name : nulldevname;

	/* We handle fragments by dealing with the first fragment as

	 * if it was a normal packet.  All other fragments are treated

	 * normally, except that they will NEVER match rules that ask

	 * rule is also a fragment-specific rule, non-fragments won't

	 * match it. */

	acpar.hotdrop = false;

	acpar.in      = in;

	acpar.out     = out;

	acpar.in      = state->in;

	acpar.out     = state->out;

	acpar.family  = NFPROTO_IPV6;

	acpar.hooknum = hook;

#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)

		/* The packet is traced: log it */

		if (unlikely(skb->nf_trace))

			trace_packet(skb, hook, in, out,

			trace_packet(skb, hook, state->in, state->out,

				     table->name, private, e);

#endif

		/* Standard target? */

{

	const struct net *net = dev_net(state->in ? state->in : state->out);

	return ip6t_do_table(skb, ops->hooknum, state->in, state->out,

			     net->ipv6.ip6table_filter);

	return ip6t_do_table(skb, ops->hooknum, state, net->ipv6.ip6table_filter);

}

static struct nf_hook_ops *filter_ops __read_mostly;

};

static unsigned int

ip6t_mangle_out(struct sk_buff *skb, const struct net_device *out)

ip6t_mangle_out(struct sk_buff *skb, const struct nf_hook_state *state)

{

	unsigned int ret;

	struct in6_addr saddr, daddr;

	/* flowlabel and prio (includes version, which shouldn't change either */

	flowlabel = *((u_int32_t *)ipv6_hdr(skb));

	ret = ip6t_do_table(skb, NF_INET_LOCAL_OUT, NULL, out,

			    dev_net(out)->ipv6.ip6table_mangle);

	ret = ip6t_do_table(skb, NF_INET_LOCAL_OUT, state,

			    dev_net(state->out)->ipv6.ip6table_mangle);

	if (ret != NF_DROP && ret != NF_STOLEN &&

	    (!ipv6_addr_equal(&ipv6_hdr(skb)->saddr, &saddr) ||

		     const struct nf_hook_state *state)

{

	if (ops->hooknum == NF_INET_LOCAL_OUT)

		return ip6t_mangle_out(skb, state->out);

		return ip6t_mangle_out(skb, state);

	if (ops->hooknum == NF_INET_POST_ROUTING)

		return ip6t_do_table(skb, ops->hooknum, state->in, state->out,

		return ip6t_do_table(skb, ops->hooknum, state,

				     dev_net(state->out)->ipv6.ip6table_mangle);

	/* INPUT/FORWARD */

	return ip6t_do_table(skb, ops->hooknum, state->in, state->out,

	return ip6t_do_table(skb, ops->hooknum, state,

			     dev_net(state->in)->ipv6.ip6table_mangle);

}

{

	struct net *net = nf_ct_net(ct);

	return ip6t_do_table(skb, ops->hooknum, state->in, state->out,

			     net->ipv6.ip6table_nat);

	return ip6t_do_table(skb, ops->hooknum, state, net->ipv6.ip6table_nat);

}

static unsigned int ip6table_nat_fn(const struct nf_hook_ops *ops,