netfilter: nf_tables: add and use nft_sk helper
This allows to change storage placement later on without changing readers. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
6802db48fc
commit
85554eb981
@ -29,6 +29,11 @@ struct nft_pktinfo {
|
|||||||
struct xt_action_param xt;
|
struct xt_action_param xt;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static inline struct sock *nft_sk(const struct nft_pktinfo *pkt)
|
||||||
|
{
|
||||||
|
return pkt->xt.state->sk;
|
||||||
|
}
|
||||||
|
|
||||||
static inline struct net *nft_net(const struct nft_pktinfo *pkt)
|
static inline struct net *nft_net(const struct nft_pktinfo *pkt)
|
||||||
{
|
{
|
||||||
return pkt->xt.state->net;
|
return pkt->xt.state->net;
|
||||||
|
@ -27,7 +27,7 @@ static void nft_reject_ipv4_eval(const struct nft_expr *expr,
|
|||||||
nf_send_unreach(pkt->skb, priv->icmp_code, nft_hook(pkt));
|
nf_send_unreach(pkt->skb, priv->icmp_code, nft_hook(pkt));
|
||||||
break;
|
break;
|
||||||
case NFT_REJECT_TCP_RST:
|
case NFT_REJECT_TCP_RST:
|
||||||
nf_send_reset(nft_net(pkt), pkt->xt.state->sk, pkt->skb,
|
nf_send_reset(nft_net(pkt), nft_sk(pkt), pkt->skb,
|
||||||
nft_hook(pkt));
|
nft_hook(pkt));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -28,7 +28,7 @@ static void nft_reject_ipv6_eval(const struct nft_expr *expr,
|
|||||||
nft_hook(pkt));
|
nft_hook(pkt));
|
||||||
break;
|
break;
|
||||||
case NFT_REJECT_TCP_RST:
|
case NFT_REJECT_TCP_RST:
|
||||||
nf_send_reset6(nft_net(pkt), pkt->xt.state->sk, pkt->skb,
|
nf_send_reset6(nft_net(pkt), nft_sk(pkt), pkt->skb,
|
||||||
nft_hook(pkt));
|
nft_hook(pkt));
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -28,7 +28,7 @@ static void nft_reject_inet_eval(const struct nft_expr *expr,
|
|||||||
nft_hook(pkt));
|
nft_hook(pkt));
|
||||||
break;
|
break;
|
||||||
case NFT_REJECT_TCP_RST:
|
case NFT_REJECT_TCP_RST:
|
||||||
nf_send_reset(nft_net(pkt), pkt->xt.state->sk,
|
nf_send_reset(nft_net(pkt), nft_sk(pkt),
|
||||||
pkt->skb, nft_hook(pkt));
|
pkt->skb, nft_hook(pkt));
|
||||||
break;
|
break;
|
||||||
case NFT_REJECT_ICMPX_UNREACH:
|
case NFT_REJECT_ICMPX_UNREACH:
|
||||||
@ -45,7 +45,7 @@ static void nft_reject_inet_eval(const struct nft_expr *expr,
|
|||||||
priv->icmp_code, nft_hook(pkt));
|
priv->icmp_code, nft_hook(pkt));
|
||||||
break;
|
break;
|
||||||
case NFT_REJECT_TCP_RST:
|
case NFT_REJECT_TCP_RST:
|
||||||
nf_send_reset6(nft_net(pkt), pkt->xt.state->sk,
|
nf_send_reset6(nft_net(pkt), nft_sk(pkt),
|
||||||
pkt->skb, nft_hook(pkt));
|
pkt->skb, nft_hook(pkt));
|
||||||
break;
|
break;
|
||||||
case NFT_REJECT_ICMPX_UNREACH:
|
case NFT_REJECT_ICMPX_UNREACH:
|
||||||
|
Loading…
Reference in New Issue
Block a user