From: Alexey Dobriyan <adobriyan@gmail.com>
Date: Wed, 8 Oct 2008 09:35:10 +0000 (+0200)
Subject: netfilter: netns nat: fix ipt_MASQUERADE in netns
X-Git-Tag: v2.6.28-rc1~717^2~109^2~40
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b8b8063e0d0835fb44c88d9fded2be31c9a1757e;p=profile%2Fivi%2Fkernel-x86-ivi.git

netfilter: netns nat: fix ipt_MASQUERADE in netns

First, allow entry in notifier hook.
Second, start conntrack cleanup in netns to which netdevice belongs.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---

diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 5e1c817..65c811b 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -119,9 +119,7 @@ static int masq_device_event(struct notifier_block *this,
 			     void *ptr)
 {
 	const struct net_device *dev = ptr;
-
-	if (!net_eq(dev_net(dev), &init_net))
-		return NOTIFY_DONE;
+	struct net *net = dev_net(dev);
 
 	if (event == NETDEV_DOWN) {
 		/* Device was downed.  Search entire table for
@@ -129,7 +127,7 @@ static int masq_device_event(struct notifier_block *this,
 		   and forget them. */
 		NF_CT_ASSERT(dev->ifindex != 0);
 
-		nf_ct_iterate_cleanup(&init_net, device_cmp,
+		nf_ct_iterate_cleanup(net, device_cmp,
 				      (void *)(long)dev->ifindex);
 	}