diff options
author | 2021-04-21 09:51:06 +0200 | |
---|---|---|
committer | 2021-04-26 03:20:46 +0200 | |
commit | a4aeafa28cf706f65f763026c26d83e7e8c96592 (patch) | |
tree | 808792a718e5aca1edb6cef236622bd8094eb751 /net/ipv4/netfilter/iptable_mangle.c | |
parent | netfilter: x_tables: remove paranoia tests (diff) | |
download | linux-a4aeafa28cf706f65f763026c26d83e7e8c96592.tar.gz linux-a4aeafa28cf706f65f763026c26d83e7e8c96592.tar.bz2 linux-a4aeafa28cf706f65f763026c26d83e7e8c96592.zip |
netfilter: xt_nat: pass table to hookfn
This changes how ip(6)table nat passes the ruleset/table to the
evaluation loop.
At the moment, it will fetch the table from struct net.
This change stores the table in the hook_ops 'priv' argument
instead.
This requires to duplicate the hook_ops for each netns, so
they can store the (per-net) xt_table structure.
The dupliated nat hook_ops get stored in net_generic data area.
They are free'd in the namespace exit path.
This is a pre-requisite to remove the xt_table/ruleset pointers
from struct net.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4/netfilter/iptable_mangle.c')
0 files changed, 0 insertions, 0 deletions