diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2015-09-15 20:04:17 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-09-17 17:18:37 -0700 |
| commit | 9dff2c966a0a79a4222553a851f17e679fc28a43 (patch) | |
| tree | d86e10d6bf21cfcefd4f6eeaa783d24563456d8f /net/ipv4/netfilter/iptable_filter.c | |
| parent | 29a26a56803855a79dbd028cd61abee56237d6e5 (diff) | |
| download | linux-9dff2c966a0a79a4222553a851f17e679fc28a43.tar.gz | |
netfilter: Use nf_hook_state.net
Instead of saying "net = dev_net(state->in?state->in:state->out)"
just say "state->net". As that information is now availabe,
much less confusing and much less error prone.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/iptable_filter.c')
| -rw-r--r-- | net/ipv4/netfilter/iptable_filter.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index a0f3beca52d210..32feff32b116f9 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c @@ -36,16 +36,14 @@ static unsigned int iptable_filter_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, const struct nf_hook_state *state) { - const struct net *net; - if (ops->hooknum == NF_INET_LOCAL_OUT && (skb->len < sizeof(struct iphdr) || ip_hdrlen(skb) < sizeof(struct iphdr))) /* root is playing with raw sockets. */ return NF_ACCEPT; - net = dev_net(state->in ? state->in : state->out); - return ipt_do_table(skb, ops->hooknum, state, net->ipv4.iptable_filter); + return ipt_do_table(skb, ops->hooknum, state, + state->net->ipv4.iptable_filter); } static struct nf_hook_ops *filter_ops __read_mostly; |