netfilter: nf_tables: add compatibility layer for x_tables

[deliverable/linux.git] / net / ipv6 / netfilter / nft_chain_route_ipv6.c

diff --git a/net/ipv6/netfilter/nft_chain_route_ipv6.c b/net/ipv6/netfilter/nft_chain_route_ipv6.c
index 4cdc992fa067592bf969743d15bc253d8e11abb0..3fe40f0456add7bd0272b25a6df05a4d34752632 100644 (file)
--- a/net/ipv6/netfilter/nft_chain_route_ipv6.c
+++ b/net/ipv6/netfilter/nft_chain_route_ipv6.c
@@ -19,6 +19,7 @@
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nf_tables.h>
 #include <net/netfilter/nf_tables.h>
+#include <net/netfilter/nf_tables_ipv6.h>
 #include <net/route.h>
 
 static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
@@ -28,10 +29,15 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
                                        int (*okfn)(struct sk_buff *))
 {
        unsigned int ret;
+       struct nft_pktinfo pkt;
        struct in6_addr saddr, daddr;
        u_int8_t hop_limit;
        u32 mark, flowlabel;
 
+       /* malformed packet, drop it */
+       if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0)
+               return NF_DROP;
+
        /* save source/dest address, mark, hoplimit, flowlabel, priority */
        memcpy(&saddr, &ipv6_hdr(skb)->saddr, sizeof(saddr));
        memcpy(&daddr, &ipv6_hdr(skb)->daddr, sizeof(daddr));
@@ -41,7 +47,7 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops,
        /* flowlabel and prio (includes version, which shouldn't change either */
        flowlabel = *((u32 *)ipv6_hdr(skb));
 
-       ret = nft_do_chain(ops, skb, in, out, okfn);
+       ret = nft_do_chain_pktinfo(&pkt, ops);
        if (ret != NF_DROP && ret != NF_QUEUE &&
            (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr)) ||
             memcmp(&ipv6_hdr(skb)->daddr, &daddr, sizeof(daddr)) ||