netfilter: Pass net into nf_xfrm_me_harder

author Eric W. Biederman <ebiederm@xmission.com>

Fri, 18 Sep 2015 19:33:07 +0000 (14:33 -0500)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Fri, 18 Sep 2015 20:00:22 +0000 (22:00 +0200)
author Eric W. Biederman <ebiederm@xmission.com>
Fri, 18 Sep 2015 19:33:07 +0000 (14:33 -0500)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Fri, 18 Sep 2015 20:00:22 +0000 (22:00 +0200)
diff --git a/include/net/netfilter/nf_nat_core.h b/include/net/netfilter/nf_nat_core.h

index fbfd1ba..186c541 100644 (file)
--- a/include/net/netfilter/nf_nat_core.h
+++ b/include/net/netfilter/nf_nat_core.h
@@ -10,7 +10,7 @@
  unsigned int nf_nat_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
                            unsigned int hooknum, struct sk_buff *skb);
  
-int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family);
+int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family);
  
  static inline int nf_nat_initialized(struct nf_conn *ct,
                                      enum nf_nat_manip_type manip)
diff --git a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c

index 8593a9d..bc3b9dc 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
@@ -396,7 +396,7 @@ nf_nat_ipv4_out(void *priv, struct sk_buff *skb,
                     (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
                      ct->tuplehash[dir].tuple.src.u.all !=
                      ct->tuplehash[!dir].tuple.dst.u.all)) {
-                       err = nf_xfrm_me_harder(skb, AF_INET);
+                       err = nf_xfrm_me_harder(state->net, skb, AF_INET);
                         if (err < 0)
                                 ret = NF_DROP_ERR(err);
                 }
@@ -440,7 +440,7 @@ nf_nat_ipv4_local_fn(void *priv, struct sk_buff *skb,
                          ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
                          ct->tuplehash[dir].tuple.dst.u.all !=
                          ct->tuplehash[!dir].tuple.src.u.all) {
-                       err = nf_xfrm_me_harder(skb, AF_INET);
+                       err = nf_xfrm_me_harder(state->net, skb, AF_INET);
                         if (err < 0)
                                 ret = NF_DROP_ERR(err);
                 }
diff --git a/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c b/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c

index 357f57b..18e835f 100644 (file)
--- a/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
@@ -403,7 +403,7 @@ nf_nat_ipv6_out(void *priv, struct sk_buff *skb,
                     (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
                      ct->tuplehash[dir].tuple.src.u.all !=
                      ct->tuplehash[!dir].tuple.dst.u.all)) {
-                       err = nf_xfrm_me_harder(skb, AF_INET6);
+                       err = nf_xfrm_me_harder(state->net, skb, AF_INET6);
                         if (err < 0)
                                 ret = NF_DROP_ERR(err);
                 }
@@ -446,7 +446,7 @@ nf_nat_ipv6_local_fn(void *priv, struct sk_buff *skb,
                          ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
                          ct->tuplehash[dir].tuple.dst.u.all !=
                          ct->tuplehash[!dir].tuple.src.u.all) {
-                       err = nf_xfrm_me_harder(skb, AF_INET6);
+                       err = nf_xfrm_me_harder(state->net, skb, AF_INET6);
                         if (err < 0)
                                 ret = NF_DROP_ERR(err);
                 }
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c

index 5113dfd..06a9f45 100644 (file)
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -83,7 +83,7 @@ out:
         rcu_read_unlock();
  }
  
-int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
+int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family)
  {
         struct flowi fl;
         unsigned int hh_len;
@@ -99,7 +99,7 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
                 dst = ((struct xfrm_dst *)dst)->route;
         dst_hold(dst);
  
-       dst = xfrm_lookup(dev_net(dst->dev), dst, &fl, skb->sk, 0);
+       dst = xfrm_lookup(net, dst, &fl, skb->sk, 0);
         if (IS_ERR(dst))
                 return PTR_ERR(dst);
author	Eric W. Biederman <ebiederm@xmission.com>
	Fri, 18 Sep 2015 19:33:07 +0000 (14:33 -0500)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 18 Sep 2015 20:00:22 +0000 (22:00 +0200)
include/net/netfilter/nf_nat_core.h		patch \| blob \| history
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c		patch \| blob \| history
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c		patch \| blob \| history
net/netfilter/nf_nat_core.c		patch \| blob \| history