Code Review / kvmfornfv.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
These changes are the raw update to linux-4.4.6-rt14. Kernel sources
[kvmfornfv.git] / kernel / net / ipv6 / netfilter / nf_nat_l3proto_ipv6.c
diff --git a/kernel/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c b/kernel/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
index e76900e..238e70c 100644 (file)
--- a/kernel/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
+++ b/kernel/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
@@ -124,7 +124,7 @@ static void nf_nat_ipv6_csum_update(struct sk_buff *skb,
                newip = &t->dst.u3.in6;
        }
        inet_proto_csum_replace16(check, skb, oldip->s6_addr32,
-                                 newip->s6_addr32, 1);
+                                 newip->s6_addr32, true);
 }
 
 static void nf_nat_ipv6_csum_recalc(struct sk_buff *skb,
@@ -155,7 +155,7 @@ static void nf_nat_ipv6_csum_recalc(struct sk_buff *skb,
                }
        } else
                inet_proto_csum_replace2(check, skb,
-                                        htons(oldlen), htons(datalen), 1);
+                                        htons(oldlen), htons(datalen), true);
 }
 
 #if IS_ENABLED(CONFIG_NF_CT_NETLINK)
@@ -262,9 +262,9 @@ int nf_nat_icmpv6_reply_translation(struct sk_buff *skb,
 EXPORT_SYMBOL_GPL(nf_nat_icmpv6_reply_translation);
 
 unsigned int
-nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
+nf_nat_ipv6_fn(void *priv, struct sk_buff *skb,
               const struct nf_hook_state *state,
-              unsigned int (*do_chain)(const struct nf_hook_ops *ops,
+              unsigned int (*do_chain)(void *priv,
                                        struct sk_buff *skb,
                                        const struct nf_hook_state *state,
                                        struct nf_conn *ct))
@@ -272,7 +272,7 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
        struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
        struct nf_conn_nat *nat;
-       enum nf_nat_manip_type maniptype = HOOK2MANIP(ops->hooknum);
+       enum nf_nat_manip_type maniptype = HOOK2MANIP(state->hook);
        __be16 frag_off;
        int hdrlen;
        u8 nexthdr;
@@ -303,7 +303,7 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
 
                if (hdrlen >= 0 && nexthdr == IPPROTO_ICMPV6) {
                        if (!nf_nat_icmpv6_reply_translation(skb, ct, ctinfo,
-                                                            ops->hooknum,
+                                                            state->hook,
                                                             hdrlen))
                                return NF_DROP;
                        else
@@ -317,21 +317,21 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
                if (!nf_nat_initialized(ct, maniptype)) {
                        unsigned int ret;
 
-                       ret = do_chain(ops, skb, state, ct);
+                       ret = do_chain(priv, skb, state, ct);
                        if (ret != NF_ACCEPT)
                                return ret;
 
-                       if (nf_nat_initialized(ct, HOOK2MANIP(ops->hooknum)))
+                       if (nf_nat_initialized(ct, HOOK2MANIP(state->hook)))
                                break;
 
-                       ret = nf_nat_alloc_null_binding(ct, ops->hooknum);
+                       ret = nf_nat_alloc_null_binding(ct, state->hook);
                        if (ret != NF_ACCEPT)
                                return ret;
                } else {
                        pr_debug("Already setup manip %s for ct %p\n",
                                 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST",
                                 ct);
-                       if (nf_nat_oif_changed(ops->hooknum, ctinfo, nat, state->out))
+                       if (nf_nat_oif_changed(state->hook, ctinfo, nat, state->out))
                                goto oif_changed;
                }
                break;
@@ -340,11 +340,11 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
                /* ESTABLISHED */
                NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED ||
                             ctinfo == IP_CT_ESTABLISHED_REPLY);
-               if (nf_nat_oif_changed(ops->hooknum, ctinfo, nat, state->out))
+               if (nf_nat_oif_changed(state->hook, ctinfo, nat, state->out))
                        goto oif_changed;
        }
 
-       return nf_nat_packet(ct, ctinfo, ops->hooknum, skb);
+       return nf_nat_packet(ct, ctinfo, state->hook, skb);
 
 oif_changed:
        nf_ct_kill_acct(ct, ctinfo, skb);
@@ -353,9 +353,9 @@ oif_changed:
 EXPORT_SYMBOL_GPL(nf_nat_ipv6_fn);
 
 unsigned int
-nf_nat_ipv6_in(const struct nf_hook_ops *ops, struct sk_buff *skb,
+nf_nat_ipv6_in(void *priv, struct sk_buff *skb,
               const struct nf_hook_state *state,
-              unsigned int (*do_chain)(const struct nf_hook_ops *ops,
+              unsigned int (*do_chain)(void *priv,
                                        struct sk_buff *skb,
                                        const struct nf_hook_state *state,
                                        struct nf_conn *ct))
@@ -363,7 +363,7 @@ nf_nat_ipv6_in(const struct nf_hook_ops *ops, struct sk_buff *skb,
        unsigned int ret;
        struct in6_addr daddr = ipv6_hdr(skb)->daddr;
 
-       ret = nf_nat_ipv6_fn(ops, skb, state, do_chain);
+       ret = nf_nat_ipv6_fn(priv, skb, state, do_chain);
        if (ret != NF_DROP && ret != NF_STOLEN &&
            ipv6_addr_cmp(&daddr, &ipv6_hdr(skb)->daddr))
                skb_dst_drop(skb);
@@ -373,9 +373,9 @@ nf_nat_ipv6_in(const struct nf_hook_ops *ops, struct sk_buff *skb,
 EXPORT_SYMBOL_GPL(nf_nat_ipv6_in);
 
 unsigned int
-nf_nat_ipv6_out(const struct nf_hook_ops *ops, struct sk_buff *skb,
+nf_nat_ipv6_out(void *priv, struct sk_buff *skb,
                const struct nf_hook_state *state,
-               unsigned int (*do_chain)(const struct nf_hook_ops *ops,
+               unsigned int (*do_chain)(void *priv,
                                         struct sk_buff *skb,
                                         const struct nf_hook_state *state,
                                         struct nf_conn *ct))
@@ -391,7 +391,7 @@ nf_nat_ipv6_out(const struct nf_hook_ops *ops, struct sk_buff *skb,
        if (skb->len < sizeof(struct ipv6hdr))
                return NF_ACCEPT;
 
-       ret = nf_nat_ipv6_fn(ops, skb, state, do_chain);
+       ret = nf_nat_ipv6_fn(priv, skb, state, do_chain);
 #ifdef CONFIG_XFRM
        if (ret != NF_DROP && ret != NF_STOLEN &&
            !(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&
@@ -403,7 +403,7 @@ nf_nat_ipv6_out(const struct nf_hook_ops *ops, struct sk_buff *skb,
                    (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
                     ct->tuplehash[dir].tuple.src.u.all !=
                     ct->tuplehash[!dir].tuple.dst.u.all)) {
-                       err = nf_xfrm_me_harder(skb, AF_INET6);
+                       err = nf_xfrm_me_harder(state->net, skb, AF_INET6);
                        if (err < 0)
                                ret = NF_DROP_ERR(err);
                }
@@ -414,9 +414,9 @@ nf_nat_ipv6_out(const struct nf_hook_ops *ops, struct sk_buff *skb,
 EXPORT_SYMBOL_GPL(nf_nat_ipv6_out);
 
 unsigned int
-nf_nat_ipv6_local_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
+nf_nat_ipv6_local_fn(void *priv, struct sk_buff *skb,
                     const struct nf_hook_state *state,
-                    unsigned int (*do_chain)(const struct nf_hook_ops *ops,
+                    unsigned int (*do_chain)(void *priv,
                                              struct sk_buff *skb,
                                              const struct nf_hook_state *state,
                                              struct nf_conn *ct))
@@ -430,14 +430,14 @@ nf_nat_ipv6_local_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
        if (skb->len < sizeof(struct ipv6hdr))
                return NF_ACCEPT;
 
-       ret = nf_nat_ipv6_fn(ops, skb, state, do_chain);
+       ret = nf_nat_ipv6_fn(priv, skb, state, do_chain);
        if (ret != NF_DROP && ret != NF_STOLEN &&
            (ct = nf_ct_get(skb, &ctinfo)) != NULL) {
                enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
 
                if (!nf_inet_addr_cmp(&ct->tuplehash[dir].tuple.dst.u3,
                                      &ct->tuplehash[!dir].tuple.src.u3)) {
-                       err = ip6_route_me_harder(skb);
+                       err = ip6_route_me_harder(state->net, skb);
                        if (err < 0)
                                ret = NF_DROP_ERR(err);
                }
@@ -446,7 +446,7 @@ nf_nat_ipv6_local_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
                         ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
                         ct->tuplehash[dir].tuple.dst.u.all !=
                         ct->tuplehash[!dir].tuple.src.u.all) {
-                       err = nf_xfrm_me_harder(skb, AF_INET6);
+                       err = nf_xfrm_me_harder(state->net, skb, AF_INET6);
                        if (err < 0)
                                ret = NF_DROP_ERR(err);
                }