netfilter: iptables: allow use of ipt_do_table as hookfn

This is possible now that the xt_table structure is passed in via *priv. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2021-10-11 17:15:10 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-10-14 23:06:53 +0200
commit: 8844e01062ddd8196c4550df9803cc1835d123c2 (patch)
tree: 50693cedc8ee91b69c9e956563351923852b6924 /net/ipv4/netfilter/ip_tables.c
parent: af_packet: Introduce egress hook (diff)
download: linux-dev-8844e01062ddd8196c4550df9803cc1835d123c2.tar.xz
linux-dev-8844e01062ddd8196c4550df9803cc1835d123c2.zip
1 files changed, 4 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 13acb687c19a..2ed7c58b471a 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -222,10 +222,11 @@ struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry)
 
 /* Returns one of the generic firewall policies, like NF_ACCEPT. */
 unsigned int
-ipt_do_table(struct sk_buff *skb,
-	     const struct nf_hook_state *state,
-	     struct xt_table *table)
+ipt_do_table(void *priv,
+	     struct sk_buff *skb,
+	     const struct nf_hook_state *state)
 {
+	const struct xt_table *table = priv;
 	unsigned int hook = state->hook;
 	static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
 	const struct iphdr *ip;
author	Florian Westphal <fw@strlen.de>	2021-10-11 17:15:10 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-10-14 23:06:53 +0200
commit	8844e01062ddd8196c4550df9803cc1835d123c2 (patch)
tree	50693cedc8ee91b69c9e956563351923852b6924 /net/ipv4/netfilter/ip_tables.c
parent	af_packet: Introduce egress hook (diff)
download	linux-dev-8844e01062ddd8196c4550df9803cc1835d123c2.tar.xz linux-dev-8844e01062ddd8196c4550df9803cc1835d123c2.zip