From: "Eric W. Biederman" <ebiederm@xmission.com>
To: David Miller <davem@davemloft.net>
Cc: <netdev@vger.kernel.org>,
netfilter-devel@vger.kernel.org,
Stephen Hemminger <stephen@networkplumber.org>,
Juanjo Ciarlante <jjciarla@raiz.uncu.edu.ar>,
Wensong Zhang <wensong@linux-vs.org>,
Simon Horman <horms@verge.net.au>, Julian Anastasov <ja@ssi.bg>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Patrick McHardy <kaber@trash.net>,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
Jamal Hadi Salim <jhs@mojatatu.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH net-next 03/43] netfilter: Use nf_hook_state.net
Date: Wed, 17 Jun 2015 10:28:12 -0500 [thread overview]
Message-ID: <1434554932-4552-3-git-send-email-ebiederm@xmission.com> (raw)
In-Reply-To: <87r3pae5hn.fsf@x220.int.ebiederm.org>
Instead of saying "net = dev_net(state->in?state->in:state->out)"
just say "state->net". As that information is now availabe,
much less confusing and much less error prone.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
net/bridge/netfilter/ebtable_filter.c | 4 ++--
net/bridge/netfilter/ebtable_nat.c | 4 ++--
net/ipv4/netfilter/arptable_filter.c | 4 +---
net/ipv4/netfilter/ip_tables.c | 8 ++++----
net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 +-
net/ipv4/netfilter/ipt_SYNPROXY.c | 2 +-
net/ipv4/netfilter/iptable_filter.c | 6 ++----
net/ipv4/netfilter/iptable_mangle.c | 7 +++----
net/ipv4/netfilter/iptable_nat.c | 5 ++---
net/ipv4/netfilter/iptable_raw.c | 6 ++----
net/ipv4/netfilter/iptable_security.c | 5 +----
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 4 ++--
net/ipv6/netfilter/ip6_tables.c | 8 ++++----
net/ipv6/netfilter/ip6t_SYNPROXY.c | 2 +-
net/ipv6/netfilter/ip6table_filter.c | 5 ++---
net/ipv6/netfilter/ip6table_mangle.c | 6 +++---
net/ipv6/netfilter/ip6table_nat.c | 5 ++---
net/ipv6/netfilter/ip6table_raw.c | 5 ++---
net/ipv6/netfilter/ip6table_security.c | 4 +---
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 4 ++--
net/netfilter/nfnetlink_queue_core.c | 3 +--
21 files changed, 41 insertions(+), 58 deletions(-)
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index 8a3f63b2e807..ab20d6ed6e2f 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -61,7 +61,7 @@ ebt_in_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
return ebt_do_table(ops->hooknum, skb, state->in, state->out,
- dev_net(state->in)->xt.frame_filter);
+ state->net->xt.frame_filter);
}
static unsigned int
@@ -69,7 +69,7 @@ ebt_out_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
return ebt_do_table(ops->hooknum, skb, state->in, state->out,
- dev_net(state->out)->xt.frame_filter);
+ state->net->xt.frame_filter);
}
static struct nf_hook_ops ebt_ops_filter[] __read_mostly = {
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index c5ef5b1ab678..ad81a5a65644 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -61,7 +61,7 @@ ebt_nat_in(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
return ebt_do_table(ops->hooknum, skb, state->in, state->out,
- dev_net(state->in)->xt.frame_nat);
+ state->net->xt.frame_nat);
}
static unsigned int
@@ -69,7 +69,7 @@ ebt_nat_out(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
return ebt_do_table(ops->hooknum, skb, state->in, state->out,
- dev_net(state->out)->xt.frame_nat);
+ state->net->xt.frame_nat);
}
static struct nf_hook_ops ebt_ops_nat[] __read_mostly = {
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index 93876d03120c..d217e4c19645 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -30,10 +30,8 @@ static unsigned int
arptable_filter_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
- const struct net *net = dev_net(state->in ? state->in : state->out);
-
return arpt_do_table(skb, ops->hooknum, state,
- net->ipv4.arptable_filter);
+ state->net->ipv4.arptable_filter);
}
static struct nf_hook_ops *arpfilter_ops __read_mostly;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 6c72fbb7b49e..3b6356c058b7 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -246,7 +246,8 @@ get_chainname_rulenum(const struct ipt_entry *s, const struct ipt_entry *e,
return 0;
}
-static void trace_packet(const struct sk_buff *skb,
+static void trace_packet(struct net *net,
+ const struct sk_buff *skb,
unsigned int hook,
const struct net_device *in,
const struct net_device *out,
@@ -258,7 +259,6 @@ static void trace_packet(const struct sk_buff *skb,
const char *hookname, *chainname, *comment;
const struct ipt_entry *iter;
unsigned int rulenum = 0;
- struct net *net = dev_net(in ? in : out);
root = get_entry(private->entries, private->hook_entry[hook]);
@@ -369,8 +369,8 @@ ipt_do_table(struct sk_buff *skb,
#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
/* The packet is traced: log it */
if (unlikely(skb->nf_trace))
- trace_packet(skb, hook, state->in, state->out,
- table->name, private, e);
+ trace_packet(state->net, skb, hook, state->in,
+ state->out, table->name, private, e);
#endif
/* Standard target? */
if (!t->u.kernel.target->target) {
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 45cb16a6a4a3..69157d8eba95 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -514,7 +514,7 @@ arp_mangle(const struct nf_hook_ops *ops,
struct arphdr *arp = arp_hdr(skb);
struct arp_payload *payload;
struct clusterip_config *c;
- struct net *net = dev_net(state->in ? state->in : state->out);
+ struct net *net = state->net;
/* we don't care about non-ethernet and non-ipv4 ARP */
if (arp->ar_hrd != htons(ARPHRD_ETHER) ||
diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index fe8cc183411e..0b3eff1a85a2 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -302,7 +302,7 @@ static unsigned int ipv4_synproxy_hook(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct nf_hook_state *nhs)
{
- struct synproxy_net *snet = synproxy_pernet(dev_net(nhs->in ? : nhs->out));
+ struct synproxy_net *snet = synproxy_pernet(nhs->net);
enum ip_conntrack_info ctinfo;
struct nf_conn *ct;
struct nf_conn_synproxy *synproxy;
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index a0f3beca52d2..32feff32b116 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -36,16 +36,14 @@ static unsigned int
iptable_filter_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
- const struct net *net;
-
if (ops->hooknum == NF_INET_LOCAL_OUT &&
(skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr)))
/* root is playing with raw sockets. */
return NF_ACCEPT;
- net = dev_net(state->in ? state->in : state->out);
- return ipt_do_table(skb, ops->hooknum, state, net->ipv4.iptable_filter);
+ return ipt_do_table(skb, ops->hooknum, state,
+ state->net->ipv4.iptable_filter);
}
static struct nf_hook_ops *filter_ops __read_mostly;
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 62cbb8c5f4a8..4a5150fc9510 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -39,7 +39,6 @@ static const struct xt_table packet_mangler = {
static unsigned int
ipt_mangle_out(struct sk_buff *skb, const struct nf_hook_state *state)
{
- struct net_device *out = state->out;
unsigned int ret;
const struct iphdr *iph;
u_int8_t tos;
@@ -60,7 +59,7 @@ ipt_mangle_out(struct sk_buff *skb, const struct nf_hook_state *state)
tos = iph->tos;
ret = ipt_do_table(skb, NF_INET_LOCAL_OUT, state,
- dev_net(out)->ipv4.iptable_mangle);
+ state->net->ipv4.iptable_mangle);
/* Reroute for ANY change. */
if (ret != NF_DROP && ret != NF_STOLEN) {
iph = ip_hdr(skb);
@@ -88,10 +87,10 @@ iptable_mangle_hook(const struct nf_hook_ops *ops,
return ipt_mangle_out(skb, state);
if (ops->hooknum == NF_INET_POST_ROUTING)
return ipt_do_table(skb, ops->hooknum, state,
- dev_net(state->out)->ipv4.iptable_mangle);
+ state->net->ipv4.iptable_mangle);
/* PREROUTING/INPUT/FORWARD: */
return ipt_do_table(skb, ops->hooknum, state,
- dev_net(state->in)->ipv4.iptable_mangle);
+ state->net->ipv4.iptable_mangle);
}
static struct nf_hook_ops *mangle_ops __read_mostly;
diff --git a/net/ipv4/netfilter/iptable_nat.c b/net/ipv4/netfilter/iptable_nat.c
index 0d4d9cdf98a4..4f4c64f81169 100644
--- a/net/ipv4/netfilter/iptable_nat.c
+++ b/net/ipv4/netfilter/iptable_nat.c
@@ -33,9 +33,8 @@ static unsigned int iptable_nat_do_chain(const struct nf_hook_ops *ops,
const struct nf_hook_state *state,
struct nf_conn *ct)
{
- struct net *net = nf_ct_net(ct);
-
- return ipt_do_table(skb, ops->hooknum, state, net->ipv4.nat_table);
+ return ipt_do_table(skb, ops->hooknum, state,
+ state->net->ipv4.nat_table);
}
static unsigned int iptable_nat_ipv4_fn(const struct nf_hook_ops *ops,
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index 0356e6da4bb7..20126e469ffb 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -23,16 +23,14 @@ static unsigned int
iptable_raw_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
- const struct net *net;
-
if (ops->hooknum == NF_INET_LOCAL_OUT &&
(skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr)))
/* root is playing with raw sockets. */
return NF_ACCEPT;
- net = dev_net(state->in ? state->in : state->out);
- return ipt_do_table(skb, ops->hooknum, state, net->ipv4.iptable_raw);
+ return ipt_do_table(skb, ops->hooknum, state,
+ state->net->ipv4.iptable_raw);
}
static struct nf_hook_ops *rawtable_ops __read_mostly;
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c
index 4bce3980ccd9..82fefd609b85 100644
--- a/net/ipv4/netfilter/iptable_security.c
+++ b/net/ipv4/netfilter/iptable_security.c
@@ -40,17 +40,14 @@ static unsigned int
iptable_security_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
- const struct net *net;
-
if (ops->hooknum == NF_INET_LOCAL_OUT &&
(skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr)))
/* Somebody is playing with raw sockets. */
return NF_ACCEPT;
- net = dev_net(state->in ? state->in : state->out);
return ipt_do_table(skb, ops->hooknum, state,
- net->ipv4.iptable_security);
+ state->net->ipv4.iptable_security);
}
static struct nf_hook_ops *sectbl_ops __read_mostly;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 30ad9554b5e9..c8b7d520af3b 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -147,7 +147,7 @@ static unsigned int ipv4_conntrack_in(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
- return nf_conntrack_in(dev_net(state->in), PF_INET, ops->hooknum, skb);
+ return nf_conntrack_in(state->net, PF_INET, ops->hooknum, skb);
}
static unsigned int ipv4_conntrack_local(const struct nf_hook_ops *ops,
@@ -158,7 +158,7 @@ static unsigned int ipv4_conntrack_local(const struct nf_hook_ops *ops,
if (skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr))
return NF_ACCEPT;
- return nf_conntrack_in(dev_net(state->out), PF_INET, ops->hooknum, skb);
+ return nf_conntrack_in(state->net, PF_INET, ops->hooknum, skb);
}
/* Connection tracking may drop packets, but never alters them, so
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 3c35ced39b42..642500b96440 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -275,7 +275,8 @@ get_chainname_rulenum(const struct ip6t_entry *s, const struct ip6t_entry *e,
return 0;
}
-static void trace_packet(const struct sk_buff *skb,
+static void trace_packet(struct net *net,
+ const struct sk_buff *skb,
unsigned int hook,
const struct net_device *in,
const struct net_device *out,
@@ -287,7 +288,6 @@ static void trace_packet(const struct sk_buff *skb,
const char *hookname, *chainname, *comment;
const struct ip6t_entry *iter;
unsigned int rulenum = 0;
- struct net *net = dev_net(in ? in : out);
root = get_entry(private->entries, private->hook_entry[hook]);
@@ -392,8 +392,8 @@ ip6t_do_table(struct sk_buff *skb,
#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
/* The packet is traced: log it */
if (unlikely(skb->nf_trace))
- trace_packet(skb, hook, state->in, state->out,
- table->name, private, e);
+ trace_packet(state->net, skb, hook, state->in,
+ state->out, table->name, private, e);
#endif
/* Standard target? */
if (!t->u.kernel.target->target) {
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c
index 6edb7b106de7..72fbf3499e40 100644
--- a/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@ -317,7 +317,7 @@ static unsigned int ipv6_synproxy_hook(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct nf_hook_state *nhs)
{
- struct synproxy_net *snet = synproxy_pernet(dev_net(nhs->in ? : nhs->out));
+ struct synproxy_net *snet = synproxy_pernet(nhs->net);
enum ip_conntrack_info ctinfo;
struct nf_conn *ct;
struct nf_conn_synproxy *synproxy;
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index 5c33d8abc077..2449005fb5dc 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -35,9 +35,8 @@ static unsigned int
ip6table_filter_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
- const struct net *net = dev_net(state->in ? state->in : state->out);
-
- return ip6t_do_table(skb, ops->hooknum, state, net->ipv6.ip6table_filter);
+ return ip6t_do_table(skb, ops->hooknum, state,
+ state->net->ipv6.ip6table_filter);
}
static struct nf_hook_ops *filter_ops __read_mostly;
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index b551f5b79fe2..a46dbf097d29 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -58,7 +58,7 @@ ip6t_mangle_out(struct sk_buff *skb, const struct nf_hook_state *state)
flowlabel = *((u_int32_t *)ipv6_hdr(skb));
ret = ip6t_do_table(skb, NF_INET_LOCAL_OUT, state,
- dev_net(state->out)->ipv6.ip6table_mangle);
+ state->net->ipv6.ip6table_mangle);
if (ret != NF_DROP && ret != NF_STOLEN &&
(!ipv6_addr_equal(&ipv6_hdr(skb)->saddr, &saddr) ||
@@ -83,10 +83,10 @@ ip6table_mangle_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
return ip6t_mangle_out(skb, state);
if (ops->hooknum == NF_INET_POST_ROUTING)
return ip6t_do_table(skb, ops->hooknum, state,
- dev_net(state->out)->ipv6.ip6table_mangle);
+ state->net->ipv6.ip6table_mangle);
/* INPUT/FORWARD */
return ip6t_do_table(skb, ops->hooknum, state,
- dev_net(state->in)->ipv6.ip6table_mangle);
+ state->net->ipv6.ip6table_mangle);
}
static struct nf_hook_ops *mangle_ops __read_mostly;
diff --git a/net/ipv6/netfilter/ip6table_nat.c b/net/ipv6/netfilter/ip6table_nat.c
index c3a7f7af0ed4..a56451de127f 100644
--- a/net/ipv6/netfilter/ip6table_nat.c
+++ b/net/ipv6/netfilter/ip6table_nat.c
@@ -35,9 +35,8 @@ static unsigned int ip6table_nat_do_chain(const struct nf_hook_ops *ops,
const struct nf_hook_state *state,
struct nf_conn *ct)
{
- struct net *net = nf_ct_net(ct);
-
- return ip6t_do_table(skb, ops->hooknum, state, net->ipv6.ip6table_nat);
+ return ip6t_do_table(skb, ops->hooknum, state,
+ state->net->ipv6.ip6table_nat);
}
static unsigned int ip6table_nat_fn(const struct nf_hook_ops *ops,
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
index 0b33caad2b69..18e831e35782 100644
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -22,9 +22,8 @@ static unsigned int
ip6table_raw_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
- const struct net *net = dev_net(state->in ? state->in : state->out);
-
- return ip6t_do_table(skb, ops->hooknum, state, net->ipv6.ip6table_raw);
+ return ip6t_do_table(skb, ops->hooknum, state,
+ state->net->ipv6.ip6table_raw);
}
static struct nf_hook_ops *rawtable_ops __read_mostly;
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c
index fcef83c25f7b..83bc96ae5d73 100644
--- a/net/ipv6/netfilter/ip6table_security.c
+++ b/net/ipv6/netfilter/ip6table_security.c
@@ -39,10 +39,8 @@ static unsigned int
ip6table_security_hook(const struct nf_hook_ops *ops, struct sk_buff *skb,
const struct nf_hook_state *state)
{
- const struct net *net = dev_net(state->in ? state->in : state->out);
-
return ip6t_do_table(skb, ops->hooknum, state,
- net->ipv6.ip6table_security);
+ state->net->ipv6.ip6table_security);
}
static struct nf_hook_ops *sectbl_ops __read_mostly;
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 4ba0c34c627b..311ade2825db 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -169,7 +169,7 @@ static unsigned int ipv6_conntrack_in(const struct nf_hook_ops *ops,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
- return nf_conntrack_in(dev_net(state->in), PF_INET6, ops->hooknum, skb);
+ return nf_conntrack_in(state->net, PF_INET6, ops->hooknum, skb);
}
static unsigned int ipv6_conntrack_local(const struct nf_hook_ops *ops,
@@ -181,7 +181,7 @@ static unsigned int ipv6_conntrack_local(const struct nf_hook_ops *ops,
net_notice_ratelimited("ipv6_conntrack_local: packet too short\n");
return NF_ACCEPT;
}
- return nf_conntrack_in(dev_net(state->out), PF_INET6, ops->hooknum, skb);
+ return nf_conntrack_in(state->net, PF_INET6, ops->hooknum, skb);
}
static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {
diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 700e31725223..754ed6ce3763 100644
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -641,8 +641,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
struct nfqnl_instance *queue;
struct sk_buff *skb, *segs;
int err = -ENOBUFS;
- struct net *net = dev_net(entry->state.in ?
- entry->state.in : entry->state.out);
+ struct net *net = entry->state.net;
struct nfnl_queue_net *q = nfnl_queue_pernet(net);
/* rcu_read_lock()ed by nf_hook_slow() */
--
2.2.1
next prev parent reply other threads:[~2015-06-17 15:28 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-15 3:07 [PATCH net-next 00/15] Simplify netfilter and network namespaces Eric W. Biederman
2015-06-15 3:12 ` [PATCH net-next 01/15] netfilter: Kill unused copies of RCV_SKB_FAIL Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 02/15] netfilter: Pass struct net into the netfilter hooks Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 03/15] netfilter: Use nf_hook_state.net Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 04/15] ebtables: Simplify the arguments to ebt_do_table Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 05/15] inet netfilter: Remove hook from ip6t_do_table, arp_do_table, ipt_do_table Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 06/15] inet netfilter: Prefer state->hook to ops->hooknum Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 07/15] nftables: kill nft_pktinfo.ops Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 08/15] tc: Simplify em_ipset_match Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 09/15] x_tables: Pass struct net in xt_action_param Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 10/15] x_tables: Use par->net instead of computing from the passed net devices Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 11/15] nftables: Pass struct net in nft_pktinfo Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 12/15] nf_tables: Use pkt->net instead of computing net from the passed net_devices Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 13/15] nf_conntrack: Add a struct net parameter to l4_pkt_to_tuple Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 14/15] ipv4: Pass struct net into ip_defrag and ip_check_defrag Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 15/15] ipv6: Pass struct net into nf_ct_frag6_gather Eric W. Biederman
2015-06-15 7:06 ` [PATCH net-next 00/15] Simplify netfilter and network namespaces Pablo Neira Ayuso
2015-06-15 15:06 ` Eric W. Biederman
2015-06-15 15:20 ` Pablo Neira Ayuso
2015-06-16 0:10 ` David Miller
2015-06-16 0:26 ` Eric W. Biederman
2015-06-16 2:14 ` David Miller
2015-06-16 10:32 ` Pablo Neira Ayuso
2015-06-16 21:00 ` Eric W. Biederman
2015-06-17 15:09 ` [PATCH net-next 00/43] Simplify netfilter and network namespaces (take 2) Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 01/43] netfilter: Kill unused copies of RCV_SKB_FAIL Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 02/43] netfilter: Pass struct net into the netfilter hooks Eric W. Biederman
2015-06-17 15:28 ` Eric W. Biederman [this message]
2015-06-17 15:28 ` [PATCH net-next 04/43] ebtables: Simplify the arguments to ebt_do_table Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 05/43] inet netfilter: Remove hook from ip6t_do_table, arp_do_table, ipt_do_table Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 06/43] inet netfilter: Prefer state->hook to ops->hooknum Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 07/43] nftables: kill nft_pktinfo.ops Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 08/43] tc: Simplify em_ipset_match Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 09/43] x_tables: Pass struct net in xt_action_param Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 10/43] x_tables: Use par->net instead of computing from the passed net devices Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 11/43] nftables: Pass struct net in nft_pktinfo Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 12/43] nf_tables: Use pkt->net instead of computing net from the passed net_devices Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 13/43] nf_conntrack: Add a struct net parameter to l4_pkt_to_tuple Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 14/43] ipv4: Pass struct net into ip_defrag and ip_check_defrag Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 15/43] ipv6: Pass struct net into nf_ct_frag6_gather Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 16/43] net: include missing headers in net/net_namespace.h Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 17/43] netfilter: use forward declaration instead of including linux/proc_fs.h Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 18/43] netfilter: don't pull include/linux/netfilter.h from netns headers Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 19/43] ipvs: Read hooknum from state rather than ops->hooknum Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 20/43] netfilter: Pass priv instead of nf_hook_ops to netfilter hooks Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 21/43] netfilter: Add a network namespace Kconfig conflict Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 22/43] netfilter: Add a struct net parameter to nf_register_hook[s] Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 23/43] netfilter: Add a struct net parameter to nf_unregister_hook[s] Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 24/43] netfilter: Make the netfilter hooks per network namespace Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 25/43] netfilter: Make nf_hook_ops just a parameter structure Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 26/43] netfitler: Remove spurios included of netfilter.h Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 27/43] x_tables: Add magical hook registration in the common case Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 28/43] x_tables: Where possible convert to the new hook registration method Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 29/43] x_tables: Kill xt_[un]hook_link Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 30/43] x_tables: Update ip?table_nat to register their hooks in all network namespaces Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 31/43] netfilter: nf_tables: adapt it to pernet hooks Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 32/43] netfilter: ipt_CLUSTERIP: adapt it to support " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 33/43] netfilter: ebtables: adapt the filter and nat table to " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 34/43] netfilter: bridge: adapt it " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 35/43] ipvs: Register netfilter hooks in all network namespaces Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 36/43] netfilter: nf_conntract: " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 37/43] netfilter: nf_defrag: " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 38/43] netfilter: synproxy: " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 39/43] selinux: adapt it to pernet hooks Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 40/43] smack: " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 41/43] netfilter: Remove the network namespace Kconfig conflict Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 42/43] netfilter bridge: Make the sysctl knobs per network namespace Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 43/43] netfilter: Skip unnecessary calls to synchronize_net Eric W. Biederman
2015-06-17 17:20 ` Patrick McHardy
2015-06-17 20:32 ` Eric W. Biederman
2015-06-18 15:49 ` [PATCH net-next 00/43] Simplify netfilter and network namespaces (take 2) Andreas Schultz
2015-06-18 19:40 ` Pablo Neira Ayuso
2015-07-10 23:11 ` [PATCH -next 0/6] Per network namespace netfilter chains Eric W. Biederman
2015-07-10 23:12 ` [PATCH -next 1/6] netfilter: nf_queue: Don't recompute the hook_list head Eric W. Biederman
2015-07-10 23:13 ` [PATCH -next 2/6] netfilter: kill nf_hooks_active Eric W. Biederman
2015-07-10 23:13 ` [PATCH -next 3/6] netfilter: Simply the tests for enabling and disabling the ingress queue hook Eric W. Biederman
2015-07-10 23:14 ` [PATCH -next 4/6] netfilter: Factor out the hook list selection from nf_register_hook Eric W. Biederman
2015-07-10 23:15 ` [PATCH -next 5/6] netfilter: Per network namespace netfilter hooks Eric W. Biederman
2015-07-15 19:00 ` Pablo Neira Ayuso
2015-07-15 20:22 ` Eric W. Biederman
2015-07-10 23:15 ` [PATCH -next 6/6] netfilter: nftables: Only run the nftables chains in the proper netns Eric W. Biederman
2015-07-15 17:20 ` [PATCH -next 0/6] Per network namespace netfilter chains Pablo Neira Ayuso
2015-07-15 20:05 ` Eric W. Biederman
2015-07-16 11:01 ` Pablo Neira Ayuso
2015-06-17 19:38 ` [PATCH net-next 00/15] Simplify netfilter and network namespaces Julian Anastasov
2015-06-17 20:55 ` Eric W. Biederman
2015-06-17 22:01 ` Julian Anastasov
2015-06-18 14:45 ` Eric W. Biederman
2015-06-18 19:21 ` Julian Anastasov
2015-06-19 14:24 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1434554932-4552-3-git-send-email-ebiederm@xmission.com \
--to=ebiederm@xmission.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=horms@verge.net.au \
--cc=ja@ssi.bg \
--cc=jhs@mojatatu.com \
--cc=jjciarla@raiz.uncu.edu.ar \
--cc=kaber@trash.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=steffen.klassert@secunet.com \
--cc=stephen@networkplumber.org \
--cc=wensong@linux-vs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.