summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2015-09-18 21:32:58 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2015-09-18 21:58:14 +0200
commit156c196f6038610770588a708b9e0f7df2ead74a (patch)
tree6943a22200b7548ea957ac1305ea9fbed8f6be05 /include
parentnetfilter: nf_tables: kill nft_pktinfo.ops (diff)
downloadlinux-156c196f6038610770588a708b9e0f7df2ead74a.tar.xz
linux-156c196f6038610770588a708b9e0f7df2ead74a.zip
netfilter: x_tables: Pass struct net in xt_action_param
As xt_action_param lives on the stack this does not bloat any persistent data structures. This is a first step in making netfilter code that needs to know which network namespace it is executing in simpler. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/x_tables.h3
-rw-r--r--include/net/netfilter/nf_tables.h1
2 files changed, 3 insertions, 1 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index b006b719183f..c5577410c25d 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -13,6 +13,7 @@
* @target: the target extension
* @matchinfo: per-match data
* @targetinfo: per-target data
+ * @net network namespace through which the action was invoked
* @in: input netdevice
* @out: output netdevice
* @fragoff: packet is a fragment, this is the data offset
@@ -24,7 +25,6 @@
* Fields written to by extensions:
*
* @hotdrop: drop packet if we had inspection problems
- * Network namespace obtainable using dev_net(in/out)
*/
struct xt_action_param {
union {
@@ -34,6 +34,7 @@ struct xt_action_param {
union {
const void *matchinfo, *targinfo;
};
+ struct net *net;
const struct net_device *in, *out;
int fragoff;
unsigned int thoff;
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index c0899f97ff8d..c0516529e8a0 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -30,6 +30,7 @@ static inline void nft_set_pktinfo(struct nft_pktinfo *pkt,
const struct nf_hook_state *state)
{
pkt->skb = skb;
+ pkt->xt.net = state->net;
pkt->in = pkt->xt.in = state->in;
pkt->out = pkt->xt.out = state->out;
pkt->hook = pkt->xt.hooknum = state->hook;