netfilter: add hook list to nf_hook_state

author Pablo Neira <pablo@netfilter.org>

Wed, 13 May 2015 16:19:35 +0000 (18:19 +0200)

committer David S. Miller <davem@davemloft.net>

Thu, 14 May 2015 05:10:05 +0000 (01:10 -0400)
author Pablo Neira <pablo@netfilter.org>
Wed, 13 May 2015 16:19:35 +0000 (18:19 +0200)
committer David S. Miller <davem@davemloft.net>
Thu, 14 May 2015 05:10:05 +0000 (01:10 -0400)
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h

index 83be4a3..388ed19 100644 (file)
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -54,10 +54,12 @@ struct nf_hook_state {
         struct net_device *in;
         struct net_device *out;
         struct sock *sk;
+       struct list_head *hook_list;
         int (*okfn)(struct sock *, struct sk_buff *);
  };
  
  static inline void nf_hook_state_init(struct nf_hook_state *p,
+                                     struct list_head *hook_list,
                                       unsigned int hook,
                                       int thresh, u_int8_t pf,
                                       struct net_device *indev,
@@ -71,6 +73,7 @@ static inline void nf_hook_state_init(struct nf_hook_state *p,
         p->in = indev;
         p->out = outdev;
         p->sk = sk;
+       p->hook_list = hook_list;
         p->okfn = okfn;
  }
  
@@ -166,8 +169,8 @@ static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
         if (nf_hooks_active(pf, hook)) {
                 struct nf_hook_state state;
  
-               nf_hook_state_init(&state, hook, thresh, pf,
-                                  indev, outdev, sk, okfn);
+               nf_hook_state_init(&state, &nf_hooks[pf][hook], hook, thresh,
+                                  pf, indev, outdev, sk, okfn);
                 return nf_hook_slow(skb, &state);
         }
         return 1;
diff --git a/net/netfilter/core.c b/net/netfilter/core.c

index e616301..e418cfd 100644 (file)
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -166,11 +166,9 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state)
         /* We may already have this, but read-locks nest anyway */
         rcu_read_lock();
  
-       elem = list_entry_rcu(&nf_hooks[state->pf][state->hook],
-                             struct nf_hook_ops, list);
+       elem = list_entry_rcu(state->hook_list, struct nf_hook_ops, list);
  next_hook:
-       verdict = nf_iterate(&nf_hooks[state->pf][state->hook], skb, state,
-                            &elem);
+       verdict = nf_iterate(state->hook_list, skb, state, &elem);
         if (verdict == NF_ACCEPT || verdict == NF_STOP) {
                 ret = 1;
         } else if ((verdict & NF_VERDICT_MASK) == NF_DROP) {
author	Pablo Neira <pablo@netfilter.org>
	Wed, 13 May 2015 16:19:35 +0000 (18:19 +0200)
committer	David S. Miller <davem@davemloft.net>
	Thu, 14 May 2015 05:10:05 +0000 (01:10 -0400)
include/linux/netfilter.h		patch \| blob \| history
net/netfilter/core.c		patch \| blob \| history