git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 21 Apr 2021 07:51:06 +0000 (09:51 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 26 Apr 2021 01:20:46 +0000 (03:20 +0200)
commit	2b7239796c2e58f1731d5e41fbd74e711f07eeba
tree	808792a718e5aca1edb6cef236622bd8094eb751	tree \| snapshot
parent	002423bd13650db0da51b38c213f34bb9e65af29	commit \| diff

netfilter: xt_nat: pass table to hookfn

This changes how ip(6)table nat passes the ruleset/table to the
evaluation loop.

At the moment, it will fetch the table from struct net.

This change stores the table in the hook_ops 'priv' argument
instead.

This requires to duplicate the hook_ops for each netns, so
they can store the (per-net) xt_table structure.

The dupliated nat hook_ops get stored in net_generic data area.
They are free'd in the namespace exit path.

This is a pre-requisite to remove the xt_table/ruleset pointers
from struct net.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/ipv4/netfilter/iptable_nat.c		diff \| blob \| history
net/ipv6/netfilter/ip6table_nat.c		diff \| blob \| history