diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2015-09-15 20:04:17 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-09-17 17:18:37 -0700 |
commit | 9dff2c966a0a79a4222553a851f17e679fc28a43 (patch) | |
tree | d86e10d6bf21cfcefd4f6eeaa783d24563456d8f /net/ipv4/netfilter/iptable_security.c | |
parent | 29a26a56803855a79dbd028cd61abee56237d6e5 (diff) | |
download | linux-9dff2c966a0a79a4222553a851f17e679fc28a43.tar.gz |
netfilter: Use nf_hook_state.net
Instead of saying "net = dev_net(state->in?state->in:state->out)"
just say "state->net". As that information is now availabe,
much less confusing and much less error prone.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/iptable_security.c')
-rw-r--r-- | net/ipv4/netfilter/iptable_security.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c index 4bce3980ccd935..82fefd609b85b3 100644 --- a/net/ipv4/netfilter/iptable_security.c +++ b/net/ipv4/netfilter/iptable_security.c @@ -40,17 +40,14 @@ static unsigned int iptable_security_hook(const struct nf_hook_ops *ops, struct sk_buff *skb, const struct nf_hook_state *state) { - const struct net *net; - if (ops->hooknum == NF_INET_LOCAL_OUT && (skb->len < sizeof(struct iphdr) || ip_hdrlen(skb) < sizeof(struct iphdr))) /* Somebody is playing with raw sockets. */ return NF_ACCEPT; - net = dev_net(state->in ? state->in : state->out); return ipt_do_table(skb, ops->hooknum, state, - net->ipv4.iptable_security); + state->net->ipv4.iptable_security); } static struct nf_hook_ops *sectbl_ops __read_mostly; |