]> err.no Git - linux-2.6/blobdiff - net/ipv4/netfilter/iptable_mangle.c
projects / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'linus' into timers/nohz
[linux-2.6] / net / ipv4 / netfilter / iptable_mangle.c
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index c55a210853a7a5e92d10cecf30dabe645a6355c3..da59182f222639ffbc0dda3652e9b89d3b36fc0b 100644 (file)
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -67,20 +67,54 @@ static struct
 static struct xt_table packet_mangler = {
        .name           = "mangle",
        .valid_hooks    = MANGLE_VALID_HOOKS,
-       .lock           = RW_LOCK_UNLOCKED,
+       .lock           = __RW_LOCK_UNLOCKED(packet_mangler.lock),
        .me             = THIS_MODULE,
        .af             = AF_INET,
 };
 
 /* The work comes in here from netfilter.c. */
 static unsigned int
-ipt_route_hook(unsigned int hook,
+ipt_pre_routing_hook(unsigned int hook,
+                    struct sk_buff *skb,
+                    const struct net_device *in,
+                    const struct net_device *out,
+                    int (*okfn)(struct sk_buff *))
+{
+       return ipt_do_table(skb, hook, in, out,
+                           nf_pre_routing_net(in, out)->ipv4.iptable_mangle);
+}
+
+static unsigned int
+ipt_post_routing_hook(unsigned int hook,
+                     struct sk_buff *skb,
+                     const struct net_device *in,
+                     const struct net_device *out,
+                     int (*okfn)(struct sk_buff *))
+{
+       return ipt_do_table(skb, hook, in, out,
+                           nf_post_routing_net(in, out)->ipv4.iptable_mangle);
+}
+
+static unsigned int
+ipt_local_in_hook(unsigned int hook,
+                 struct sk_buff *skb,
+                 const struct net_device *in,
+                 const struct net_device *out,
+                 int (*okfn)(struct sk_buff *))
+{
+       return ipt_do_table(skb, hook, in, out,
+                           nf_local_in_net(in, out)->ipv4.iptable_mangle);
+}
+
+static unsigned int
+ipt_forward_hook(unsigned int hook,
         struct sk_buff *skb,
         const struct net_device *in,
         const struct net_device *out,
         int (*okfn)(struct sk_buff *))
 {
-       return ipt_do_table(skb, hook, in, out, init_net.ipv4.iptable_mangle);
+       return ipt_do_table(skb, hook, in, out,
+                           nf_forward_net(in, out)->ipv4.iptable_mangle);
 }
 
 static unsigned int
@@ -112,7 +146,8 @@ ipt_local_hook(unsigned int hook,
        daddr = iph->daddr;
        tos = iph->tos;
 
-       ret = ipt_do_table(skb, hook, in, out, init_net.ipv4.iptable_mangle);
+       ret = ipt_do_table(skb, hook, in, out,
+                          nf_local_out_net(in, out)->ipv4.iptable_mangle);
        /* Reroute for ANY change. */
        if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
                iph = ip_hdr(skb);
@@ -130,21 +165,21 @@ ipt_local_hook(unsigned int hook,
 
 static struct nf_hook_ops ipt_ops[] __read_mostly = {
        {
-               .hook           = ipt_route_hook,
+               .hook           = ipt_pre_routing_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_INET_PRE_ROUTING,
                .priority       = NF_IP_PRI_MANGLE,
        },
        {
-               .hook           = ipt_route_hook,
+               .hook           = ipt_local_in_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP_PRI_MANGLE,
        },
        {
-               .hook           = ipt_route_hook,
+               .hook           = ipt_forward_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_INET_FORWARD,
@@ -158,7 +193,7 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = {
                .priority       = NF_IP_PRI_MANGLE,
        },
        {
-               .hook           = ipt_route_hook,
+               .hook           = ipt_post_routing_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_INET_POST_ROUTING,
Linux 2.6 source tree