netfilter: use sk_fullsock() helper

Upcoming request sockets have TCP_NEW_SYN_RECV state and should
be special cased a bit like TCP_TIME_WAIT sockets.

Signed-off-by; Eric Dumazet <edumazet@google.com>

Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 3aedbda..f35c15b 100644 (file)
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -209,7 +209,7 @@ static inline void maybe_update_pmtu(int skb_af, struct sk_buff *skb, int mtu)
        struct sock *sk = skb->sk;
        struct rtable *ort = skb_rtable(skb);
 
-       if (!skb->dev && sk && sk->sk_state != TCP_TIME_WAIT)
+       if (!skb->dev && sk && sk_fullsock(sk))
                ort->dst.ops->update_pmtu(&ort->dst, sk, NULL, mtu);
 }
 

diff --git a/net/netfilter/nf_log_common.c b/net/netfilter/nf_log_common.c
index a2233e7..2631876 100644 (file)
--- a/net/netfilter/nf_log_common.c
+++ b/net/netfilter/nf_log_common.c
@@ -133,7 +133,7 @@ EXPORT_SYMBOL_GPL(nf_log_dump_tcp_header);
 
 void nf_log_dump_sk_uid_gid(struct nf_log_buf *m, struct sock *sk)
 {
-       if (!sk || sk->sk_state == TCP_TIME_WAIT)
+       if (!sk || !sk_fullsock(sk))
                return;
 
        read_lock_bh(&sk->sk_callback_lock);

diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 11d85b3..61d04bf 100644 (file)
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -539,7 +539,7 @@ __build_packet_message(struct nfnl_log_net *log,
 
        /* UID */
        sk = skb->sk;
-       if (sk && sk->sk_state != TCP_TIME_WAIT) {
+       if (sk && sk_fullsock(sk)) {
                read_lock_bh(&sk->sk_callback_lock);
                if (sk->sk_socket && sk->sk_socket->file) {
                        struct file *file = sk->sk_socket->file;

diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index 0db8515..86ee8b0 100644 (file)
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -257,7 +257,7 @@ static int nfqnl_put_sk_uidgid(struct sk_buff *skb, struct sock *sk)
 {
        const struct cred *cred;
 
-       if (sk->sk_state == TCP_TIME_WAIT)
+       if (!sk_fullsock(sk))
                return 0;
 
        read_lock_bh(&sk->sk_callback_lock);

diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index e99911e..abe6811 100644 (file)
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -83,7 +83,7 @@ void nft_meta_get_eval(const struct nft_expr *expr,
                *(u16 *)dest->data = out->type;
                break;
        case NFT_META_SKUID:
-               if (skb->sk == NULL || skb->sk->sk_state == TCP_TIME_WAIT)
+               if (skb->sk == NULL || !sk_fullsock(skb->sk))
                        goto err;
 
                read_lock_bh(&skb->sk->sk_callback_lock);
@@ -99,7 +99,7 @@ void nft_meta_get_eval(const struct nft_expr *expr,
                read_unlock_bh(&skb->sk->sk_callback_lock);
                break;
        case NFT_META_SKGID:
-               if (skb->sk == NULL || skb->sk->sk_state == TCP_TIME_WAIT)
+               if (skb->sk == NULL || !sk_fullsock(skb->sk))
                        goto err;
 
                read_lock_bh(&skb->sk->sk_callback_lock);