netfilter: nf_tables: move struct net pointer to base chain

The network namespace is only needed for base chains to get at the gencursor. Also convert to possible_net_t. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2015-03-21 15:19:15 +0000
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-03-25 12:09:38 +0100
commit: 5ebb335dcbe63470c88c4f80f2d571089543b638 (patch)
tree: 92475f2f78434af4101ffe54c52dce51f76fb1a4 /net/netfilter/nf_tables_core.c
parent: 0144a81cccf7532bead90f0542f517bd028d3b3c (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index 77165bf023f3..4c921a302cfd 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -112,6 +112,7 @@ unsigned int
 nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops)
 {
 	const struct nft_chain *chain = ops->priv, *basechain = chain;
+	const struct net *net = read_pnet(&nft_base_chain(basechain)->pnet);
 	const struct nft_rule *rule;
 	const struct nft_expr *expr, *last;
 	struct nft_data data[NFT_REG_MAX + 1];
@@ -123,7 +124,7 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops)
 	 * Cache cursor to avoid problems in case that the cursor is updated
 	 * while traversing the ruleset.
 	 */
-	unsigned int gencursor = ACCESS_ONCE(chain->net->nft.gencursor);
+	unsigned int gencursor = ACCESS_ONCE(net->nft.gencursor);
 
 do_chain:
 	rulenum = 0;
author	Patrick McHardy <kaber@trash.net>	2015-03-21 15:19:15 +0000
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-03-25 12:09:38 +0100
commit	5ebb335dcbe63470c88c4f80f2d571089543b638 (patch)
tree	92475f2f78434af4101ffe54c52dce51f76fb1a4 /net/netfilter/nf_tables_core.c
parent	0144a81cccf7532bead90f0542f517bd028d3b3c (diff)