From: "Eric W. Biederman" <ebiederm@xmission.com>
To: David Miller <davem@davemloft.net>
Cc: <netdev@vger.kernel.org>,
netfilter-devel@vger.kernel.org,
Stephen Hemminger <stephen@networkplumber.org>,
Juanjo Ciarlante <jjciarla@raiz.uncu.edu.ar>,
Wensong Zhang <wensong@linux-vs.org>,
Simon Horman <horms@verge.net.au>, Julian Anastasov <ja@ssi.bg>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Patrick McHardy <kaber@trash.net>,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
Jamal Hadi Salim <jhs@mojatatu.com>,
Steffen Klassert <steffen.klassert@secunet.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH net-next 10/43] x_tables: Use par->net instead of computing from the passed net devices
Date: Wed, 17 Jun 2015 10:28:19 -0500 [thread overview]
Message-ID: <1434554932-4552-10-git-send-email-ebiederm@xmission.com> (raw)
In-Reply-To: <87r3pae5hn.fsf@x220.int.ebiederm.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
net/bridge/netfilter/ebt_log.c | 2 +-
net/bridge/netfilter/ebt_nflog.c | 2 +-
net/ipv4/netfilter/ipt_SYNPROXY.c | 2 +-
net/ipv4/netfilter/ipt_rpfilter.c | 5 ++---
net/ipv6/netfilter/ip6t_REJECT.c | 2 +-
net/ipv6/netfilter/ip6t_SYNPROXY.c | 2 +-
net/ipv6/netfilter/ip6t_rpfilter.c | 6 +++---
net/netfilter/ipset/ip_set_core.c | 9 +++------
net/netfilter/xt_LOG.c | 2 +-
net/netfilter/xt_NFLOG.c | 2 +-
net/netfilter/xt_TCPMSS.c | 2 +-
net/netfilter/xt_TEE.c | 24 ++++--------------------
net/netfilter/xt_TPROXY.c | 24 ++++++++++++------------
net/netfilter/xt_addrtype.c | 4 ++--
net/netfilter/xt_connlimit.c | 2 +-
net/netfilter/xt_osf.c | 2 +-
net/netfilter/xt_recent.c | 2 +-
net/netfilter/xt_socket.c | 14 ++++++++------
18 files changed, 45 insertions(+), 63 deletions(-)
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 17f2e4bc2a29..0ad639a96142 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -180,7 +180,7 @@ ebt_log_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ebt_log_info *info = par->targinfo;
struct nf_loginfo li;
- struct net *net = dev_net(par->in ? par->in : par->out);
+ struct net *net = par->net;
li.type = NF_LOG_TYPE_LOG;
li.u.log.level = info->loglevel;
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
index 59ac7952010d..54816150608e 100644
--- a/net/bridge/netfilter/ebt_nflog.c
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -24,7 +24,7 @@ ebt_nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ebt_nflog_info *info = par->targinfo;
struct nf_loginfo li;
- struct net *net = dev_net(par->in ? par->in : par->out);
+ struct net *net = par->net;
li.type = NF_LOG_TYPE_ULOG;
li.u.ulog.copy_len = info->len;
diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index 0b3eff1a85a2..d7e0cae197af 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -257,7 +257,7 @@ static unsigned int
synproxy_tg4(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_synproxy_info *info = par->targinfo;
- struct synproxy_net *snet = synproxy_pernet(dev_net(par->in));
+ struct synproxy_net *snet = synproxy_pernet(par->net);
struct synproxy_options opts = {};
struct tcphdr *th, _th;
diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c
index 4bfaedf9b34e..f04e951a2bbe 100644
--- a/net/ipv4/netfilter/ipt_rpfilter.c
+++ b/net/ipv4/netfilter/ipt_rpfilter.c
@@ -32,12 +32,11 @@ static __be32 rpfilter_get_saddr(__be32 addr)
return addr;
}
-static bool rpfilter_lookup_reverse(struct flowi4 *fl4,
+static bool rpfilter_lookup_reverse(struct net *net, struct flowi4 *fl4,
const struct net_device *dev, u8 flags)
{
struct fib_result res;
bool dev_match;
- struct net *net = dev_net(dev);
int ret __maybe_unused;
if (fib_lookup(net, fl4, &res))
@@ -98,7 +97,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
flow.flowi4_tos = RT_TOS(iph->tos);
flow.flowi4_scope = RT_SCOPE_UNIVERSE;
- return rpfilter_lookup_reverse(&flow, par->in, info->flags) ^ invert;
+ return rpfilter_lookup_reverse(par->net, &flow, par->in, info->flags) ^ invert;
}
static int rpfilter_check(const struct xt_mtchk_param *par)
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 12331efd49cf..683e26ff6f71 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -40,7 +40,7 @@ static unsigned int
reject_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ip6t_reject_info *reject = par->targinfo;
- struct net *net = dev_net((par->in != NULL) ? par->in : par->out);
+ struct net *net = par->net;
pr_debug("%s: medium point\n", __func__);
switch (reject->with) {
diff --git a/net/ipv6/netfilter/ip6t_SYNPROXY.c b/net/ipv6/netfilter/ip6t_SYNPROXY.c
index 72fbf3499e40..41ce1d4018e2 100644
--- a/net/ipv6/netfilter/ip6t_SYNPROXY.c
+++ b/net/ipv6/netfilter/ip6t_SYNPROXY.c
@@ -272,7 +272,7 @@ static unsigned int
synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_synproxy_info *info = par->targinfo;
- struct synproxy_net *snet = synproxy_pernet(dev_net(par->in));
+ struct synproxy_net *snet = synproxy_pernet(par->net);
struct synproxy_options opts = {};
struct tcphdr *th, _th;
diff --git a/net/ipv6/netfilter/ip6t_rpfilter.c b/net/ipv6/netfilter/ip6t_rpfilter.c
index 790e0c6b19e1..1ee1b25df096 100644
--- a/net/ipv6/netfilter/ip6t_rpfilter.c
+++ b/net/ipv6/netfilter/ip6t_rpfilter.c
@@ -26,7 +26,7 @@ static bool rpfilter_addr_unicast(const struct in6_addr *addr)
return addr_type & IPV6_ADDR_UNICAST;
}
-static bool rpfilter_lookup_reverse6(const struct sk_buff *skb,
+static bool rpfilter_lookup_reverse6(struct net *net, const struct sk_buff *skb,
const struct net_device *dev, u8 flags)
{
struct rt6_info *rt;
@@ -53,7 +53,7 @@ static bool rpfilter_lookup_reverse6(const struct sk_buff *skb,
lookup_flags |= RT6_LOOKUP_F_IFACE;
}
- rt = (void *) ip6_route_lookup(dev_net(dev), &fl6, lookup_flags);
+ rt = (void *) ip6_route_lookup(net, &fl6, lookup_flags);
if (rt->dst.error)
goto out;
@@ -93,7 +93,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
if (unlikely(saddrtype == IPV6_ADDR_ANY))
return true ^ invert; /* not routable: forward path will drop it */
- return rpfilter_lookup_reverse6(skb, par->in, info->flags) ^ invert;
+ return rpfilter_lookup_reverse6(par->net, skb, par->in, info->flags) ^ invert;
}
static int rpfilter_check(const struct xt_mtchk_param *par)
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 338b4047776f..69ab9c2634e1 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -519,8 +519,7 @@ int
ip_set_test(ip_set_id_t index, const struct sk_buff *skb,
const struct xt_action_param *par, struct ip_set_adt_opt *opt)
{
- struct ip_set *set = ip_set_rcu_get(
- dev_net(par->in ? par->in : par->out), index);
+ struct ip_set *set = ip_set_rcu_get(par->net, index);
int ret = 0;
BUG_ON(!set);
@@ -558,8 +557,7 @@ int
ip_set_add(ip_set_id_t index, const struct sk_buff *skb,
const struct xt_action_param *par, struct ip_set_adt_opt *opt)
{
- struct ip_set *set = ip_set_rcu_get(
- dev_net(par->in ? par->in : par->out), index);
+ struct ip_set *set = ip_set_rcu_get(par->net, index);
int ret;
BUG_ON(!set);
@@ -581,8 +579,7 @@ int
ip_set_del(ip_set_id_t index, const struct sk_buff *skb,
const struct xt_action_param *par, struct ip_set_adt_opt *opt)
{
- struct ip_set *set = ip_set_rcu_get(
- dev_net(par->in ? par->in : par->out), index);
+ struct ip_set *set = ip_set_rcu_get(par->net, index);
int ret = 0;
BUG_ON(!set);
diff --git a/net/netfilter/xt_LOG.c b/net/netfilter/xt_LOG.c
index c13b79440ede..1763ab82bcd7 100644
--- a/net/netfilter/xt_LOG.c
+++ b/net/netfilter/xt_LOG.c
@@ -33,7 +33,7 @@ log_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_log_info *loginfo = par->targinfo;
struct nf_loginfo li;
- struct net *net = dev_net(par->in ? par->in : par->out);
+ struct net *net = par->net;
li.type = NF_LOG_TYPE_LOG;
li.u.log.level = loginfo->level;
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index fb7497c928a0..a1fa2c800cb9 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -26,7 +26,7 @@ nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_nflog_info *info = par->targinfo;
struct nf_loginfo li;
- struct net *net = dev_net(par->in ? par->in : par->out);
+ struct net *net = par->net;
li.type = NF_LOG_TYPE_ULOG;
li.u.ulog.copy_len = info->len;
diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 8c3190e2fc6a..ff655cb057ae 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -108,7 +108,7 @@ tcpmss_mangle_packet(struct sk_buff *skb,
return -1;
if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
- struct net *net = dev_net(par->in ? par->in : par->out);
+ struct net *net = par->net;
unsigned int in_mtu = tcpmss_reverse_mtu(net, skb, family);
if (dst_mtu(skb_dst(skb)) <= minlen) {
diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
index a747eb475b68..34bb6f69e8df 100644
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -39,25 +39,10 @@ struct xt_tee_priv {
static const union nf_inet_addr tee_zero_address;
static DEFINE_PER_CPU(bool, tee_active);
-static struct net *pick_net(struct sk_buff *skb)
-{
-#ifdef CONFIG_NET_NS
- const struct dst_entry *dst;
-
- if (skb->dev != NULL)
- return dev_net(skb->dev);
- dst = skb_dst(skb);
- if (dst != NULL && dst->dev != NULL)
- return dev_net(dst->dev);
-#endif
- return &init_net;
-}
-
static bool
-tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
+tee_tg_route4(struct net *net, struct sk_buff *skb, const struct xt_tee_tginfo *info)
{
const struct iphdr *iph = ip_hdr(skb);
- struct net *net = pick_net(skb);
struct rtable *rt;
struct flowi4 fl4;
@@ -124,7 +109,7 @@ tee_tg4(struct sk_buff *skb, const struct xt_action_param *par)
--iph->ttl;
ip_send_check(iph);
- if (tee_tg_route4(skb, info)) {
+ if (tee_tg_route4(par->net, skb, info)) {
__this_cpu_write(tee_active, true);
ip_local_out(skb);
__this_cpu_write(tee_active, false);
@@ -136,10 +121,9 @@ tee_tg4(struct sk_buff *skb, const struct xt_action_param *par)
#if IS_ENABLED(CONFIG_IPV6)
static bool
-tee_tg_route6(struct sk_buff *skb, const struct xt_tee_tginfo *info)
+tee_tg_route6(struct net *net, struct sk_buff *skb, const struct xt_tee_tginfo *info)
{
const struct ipv6hdr *iph = ipv6_hdr(skb);
- struct net *net = pick_net(skb);
struct dst_entry *dst;
struct flowi6 fl6;
@@ -187,7 +171,7 @@ tee_tg6(struct sk_buff *skb, const struct xt_action_param *par)
struct ipv6hdr *iph = ipv6_hdr(skb);
--iph->hop_limit;
}
- if (tee_tg_route6(skb, info)) {
+ if (tee_tg_route6(par->net, skb, info)) {
__this_cpu_write(tee_active, true);
ip6_local_out(skb);
__this_cpu_write(tee_active, false);
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c
index cca96cec1b68..ee061340b3c3 100644
--- a/net/netfilter/xt_TPROXY.c
+++ b/net/netfilter/xt_TPROXY.c
@@ -250,8 +250,8 @@ nf_tproxy_get_sock_v6(struct net *net, const u8 protocol,
* no such listener is found, or NULL if the TCP header is incomplete.
*/
static struct sock *
-tproxy_handle_time_wait4(struct sk_buff *skb, __be32 laddr, __be16 lport,
- struct sock *sk)
+tproxy_handle_time_wait4(struct net *net, struct sk_buff *skb,
+ __be32 laddr, __be16 lport, struct sock *sk)
{
const struct iphdr *iph = ip_hdr(skb);
struct tcphdr _hdr, *hp;
@@ -267,7 +267,7 @@ tproxy_handle_time_wait4(struct sk_buff *skb, __be32 laddr, __be16 lport,
* to a listener socket if there's one */
struct sock *sk2;
- sk2 = nf_tproxy_get_sock_v4(dev_net(skb->dev), iph->protocol,
+ sk2 = nf_tproxy_get_sock_v4(net, iph->protocol,
iph->saddr, laddr ? laddr : iph->daddr,
hp->source, lport ? lport : hp->dest,
skb->dev, NFT_LOOKUP_LISTENER);
@@ -291,7 +291,7 @@ nf_tproxy_assign_sock(struct sk_buff *skb, struct sock *sk)
}
static unsigned int
-tproxy_tg4(struct sk_buff *skb, __be32 laddr, __be16 lport,
+tproxy_tg4(struct net *net, struct sk_buff *skb, __be32 laddr, __be16 lport,
u_int32_t mark_mask, u_int32_t mark_value)
{
const struct iphdr *iph = ip_hdr(skb);
@@ -306,7 +306,7 @@ tproxy_tg4(struct sk_buff *skb, __be32 laddr, __be16 lport,
* addresses, this happens if the redirect already happened
* and the current packet belongs to an already established
* connection */
- sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), iph->protocol,
+ sk = nf_tproxy_get_sock_v4(net, iph->protocol,
iph->saddr, iph->daddr,
hp->source, hp->dest,
skb->dev, NFT_LOOKUP_ESTABLISHED);
@@ -318,11 +318,11 @@ tproxy_tg4(struct sk_buff *skb, __be32 laddr, __be16 lport,
/* UDP has no TCP_TIME_WAIT state, so we never enter here */
if (sk && sk->sk_state == TCP_TIME_WAIT)
/* reopening a TIME_WAIT connection needs special handling */
- sk = tproxy_handle_time_wait4(skb, laddr, lport, sk);
+ sk = tproxy_handle_time_wait4(net, skb, laddr, lport, sk);
else if (!sk)
/* no, there's no established connection, check if
* there's a listener on the redirected addr/port */
- sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), iph->protocol,
+ sk = nf_tproxy_get_sock_v4(net, iph->protocol,
iph->saddr, laddr,
hp->source, lport,
skb->dev, NFT_LOOKUP_LISTENER);
@@ -352,7 +352,7 @@ tproxy_tg4_v0(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_tproxy_target_info *tgi = par->targinfo;
- return tproxy_tg4(skb, tgi->laddr, tgi->lport, tgi->mark_mask, tgi->mark_value);
+ return tproxy_tg4(par->net, skb, tgi->laddr, tgi->lport, tgi->mark_mask, tgi->mark_value);
}
static unsigned int
@@ -360,7 +360,7 @@ tproxy_tg4_v1(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_tproxy_target_info_v1 *tgi = par->targinfo;
- return tproxy_tg4(skb, tgi->laddr.ip, tgi->lport, tgi->mark_mask, tgi->mark_value);
+ return tproxy_tg4(par->net, skb, tgi->laddr.ip, tgi->lport, tgi->mark_mask, tgi->mark_value);
}
#ifdef XT_TPROXY_HAVE_IPV6
@@ -430,7 +430,7 @@ tproxy_handle_time_wait6(struct sk_buff *skb, int tproto, int thoff,
* to a listener socket if there's one */
struct sock *sk2;
- sk2 = nf_tproxy_get_sock_v6(dev_net(skb->dev), tproto,
+ sk2 = nf_tproxy_get_sock_v6(par->net, tproto,
&iph->saddr,
tproxy_laddr6(skb, &tgi->laddr.in6, &iph->daddr),
hp->source,
@@ -474,7 +474,7 @@ tproxy_tg6_v1(struct sk_buff *skb, const struct xt_action_param *par)
* addresses, this happens if the redirect already happened
* and the current packet belongs to an already established
* connection */
- sk = nf_tproxy_get_sock_v6(dev_net(skb->dev), tproto,
+ sk = nf_tproxy_get_sock_v6(par->net, tproto,
&iph->saddr, &iph->daddr,
hp->source, hp->dest,
par->in, NFT_LOOKUP_ESTABLISHED);
@@ -489,7 +489,7 @@ tproxy_tg6_v1(struct sk_buff *skb, const struct xt_action_param *par)
else if (!sk)
/* no there's no established connection, check if
* there's a listener on the redirected addr/port */
- sk = nf_tproxy_get_sock_v6(dev_net(skb->dev), tproto,
+ sk = nf_tproxy_get_sock_v6(par->net, tproto,
&iph->saddr, laddr,
hp->source, lport,
par->in, NFT_LOOKUP_LISTENER);
diff --git a/net/netfilter/xt_addrtype.c b/net/netfilter/xt_addrtype.c
index 5b4743cc0436..11d6091991a4 100644
--- a/net/netfilter/xt_addrtype.c
+++ b/net/netfilter/xt_addrtype.c
@@ -125,7 +125,7 @@ static inline bool match_type(struct net *net, const struct net_device *dev,
static bool
addrtype_mt_v0(const struct sk_buff *skb, struct xt_action_param *par)
{
- struct net *net = dev_net(par->in ? par->in : par->out);
+ struct net *net = par->net;
const struct xt_addrtype_info *info = par->matchinfo;
const struct iphdr *iph = ip_hdr(skb);
bool ret = true;
@@ -143,7 +143,7 @@ addrtype_mt_v0(const struct sk_buff *skb, struct xt_action_param *par)
static bool
addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
{
- struct net *net = dev_net(par->in ? par->in : par->out);
+ struct net *net = par->net;
const struct xt_addrtype_info_v1 *info = par->matchinfo;
const struct iphdr *iph;
const struct net_device *dev = NULL;
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 29ba6218a820..d150f3af4b42 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -316,7 +316,7 @@ static int count_them(struct net *net,
static bool
connlimit_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
- struct net *net = dev_net(par->in ? par->in : par->out);
+ struct net *net = par->net;
const struct xt_connlimit_info *info = par->matchinfo;
union nf_inet_addr addr;
struct nf_conntrack_tuple tuple;
diff --git a/net/netfilter/xt_osf.c b/net/netfilter/xt_osf.c
index 0778855ea5e7..df8801e02a32 100644
--- a/net/netfilter/xt_osf.c
+++ b/net/netfilter/xt_osf.c
@@ -200,7 +200,7 @@ xt_osf_match_packet(const struct sk_buff *skb, struct xt_action_param *p)
unsigned char opts[MAX_IPOPTLEN];
const struct xt_osf_finger *kf;
const struct xt_osf_user_finger *f;
- struct net *net = dev_net(p->in ? p->in : p->out);
+ struct net *net = p->net;
if (!info)
return false;
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index 45e1b30e4fb2..d725a27743a1 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -237,7 +237,7 @@ static void recent_table_flush(struct recent_table *t)
static bool
recent_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
- struct net *net = dev_net(par->in ? par->in : par->out);
+ struct net *net = par->net;
struct recent_net *recent_net = recent_pernet(net);
const struct xt_recent_mtinfo_v1 *info = par->matchinfo;
struct recent_table *t;
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index e092cb046326..ec24ebf30922 100644
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -143,7 +143,8 @@ static bool xt_socket_sk_is_transparent(struct sock *sk)
}
}
-static struct sock *xt_socket_lookup_slow_v4(const struct sk_buff *skb,
+static struct sock *xt_socket_lookup_slow_v4(struct net *net,
+ const struct sk_buff *skb,
const struct net_device *indev)
{
const struct iphdr *iph = ip_hdr(skb);
@@ -197,7 +198,7 @@ static struct sock *xt_socket_lookup_slow_v4(const struct sk_buff *skb,
}
#endif
- return xt_socket_get_sock_v4(dev_net(skb->dev), protocol, saddr, daddr,
+ return xt_socket_get_sock_v4(net, protocol, saddr, daddr,
sport, dport, indev);
}
@@ -208,7 +209,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
struct sock *sk = skb->sk;
if (!sk)
- sk = xt_socket_lookup_slow_v4(skb, par->in);
+ sk = xt_socket_lookup_slow_v4(par->net, skb, par->in);
if (sk) {
bool wildcard;
bool transparent = true;
@@ -330,7 +331,8 @@ xt_socket_get_sock_v6(struct net *net, const u8 protocol,
return NULL;
}
-static struct sock *xt_socket_lookup_slow_v6(const struct sk_buff *skb,
+static struct sock *xt_socket_lookup_slow_v6(struct net *net,
+ const struct sk_buff *skb,
const struct net_device *indev)
{
__be16 uninitialized_var(dport), uninitialized_var(sport);
@@ -366,7 +368,7 @@ static struct sock *xt_socket_lookup_slow_v6(const struct sk_buff *skb,
return NULL;
}
- return xt_socket_get_sock_v6(dev_net(skb->dev), tproto, saddr, daddr,
+ return xt_socket_get_sock_v6(net, tproto, saddr, daddr,
sport, dport, indev);
}
@@ -377,7 +379,7 @@ socket_mt6_v1_v2(const struct sk_buff *skb, struct xt_action_param *par)
struct sock *sk = skb->sk;
if (!sk)
- sk = xt_socket_lookup_slow_v6(skb, par->in);
+ sk = xt_socket_lookup_slow_v6(par->net, skb, par->in);
if (sk) {
bool wildcard;
bool transparent = true;
--
2.2.1
next prev parent reply other threads:[~2015-06-17 15:28 UTC|newest]
Thread overview: 90+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-15 3:07 [PATCH net-next 00/15] Simplify netfilter and network namespaces Eric W. Biederman
2015-06-15 3:12 ` [PATCH net-next 01/15] netfilter: Kill unused copies of RCV_SKB_FAIL Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 02/15] netfilter: Pass struct net into the netfilter hooks Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 03/15] netfilter: Use nf_hook_state.net Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 04/15] ebtables: Simplify the arguments to ebt_do_table Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 05/15] inet netfilter: Remove hook from ip6t_do_table, arp_do_table, ipt_do_table Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 06/15] inet netfilter: Prefer state->hook to ops->hooknum Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 07/15] nftables: kill nft_pktinfo.ops Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 08/15] tc: Simplify em_ipset_match Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 09/15] x_tables: Pass struct net in xt_action_param Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 10/15] x_tables: Use par->net instead of computing from the passed net devices Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 11/15] nftables: Pass struct net in nft_pktinfo Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 12/15] nf_tables: Use pkt->net instead of computing net from the passed net_devices Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 13/15] nf_conntrack: Add a struct net parameter to l4_pkt_to_tuple Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 14/15] ipv4: Pass struct net into ip_defrag and ip_check_defrag Eric W. Biederman
2015-06-15 3:13 ` [PATCH net-next 15/15] ipv6: Pass struct net into nf_ct_frag6_gather Eric W. Biederman
2015-06-15 7:06 ` [PATCH net-next 00/15] Simplify netfilter and network namespaces Pablo Neira Ayuso
2015-06-15 15:06 ` Eric W. Biederman
2015-06-15 15:20 ` Pablo Neira Ayuso
2015-06-16 0:10 ` David Miller
2015-06-16 0:26 ` Eric W. Biederman
2015-06-16 2:14 ` David Miller
2015-06-16 10:32 ` Pablo Neira Ayuso
2015-06-16 21:00 ` Eric W. Biederman
2015-06-17 15:09 ` [PATCH net-next 00/43] Simplify netfilter and network namespaces (take 2) Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 01/43] netfilter: Kill unused copies of RCV_SKB_FAIL Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 02/43] netfilter: Pass struct net into the netfilter hooks Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 03/43] netfilter: Use nf_hook_state.net Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 04/43] ebtables: Simplify the arguments to ebt_do_table Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 05/43] inet netfilter: Remove hook from ip6t_do_table, arp_do_table, ipt_do_table Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 06/43] inet netfilter: Prefer state->hook to ops->hooknum Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 07/43] nftables: kill nft_pktinfo.ops Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 08/43] tc: Simplify em_ipset_match Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 09/43] x_tables: Pass struct net in xt_action_param Eric W. Biederman
2015-06-17 15:28 ` Eric W. Biederman [this message]
2015-06-17 15:28 ` [PATCH net-next 11/43] nftables: Pass struct net in nft_pktinfo Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 12/43] nf_tables: Use pkt->net instead of computing net from the passed net_devices Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 13/43] nf_conntrack: Add a struct net parameter to l4_pkt_to_tuple Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 14/43] ipv4: Pass struct net into ip_defrag and ip_check_defrag Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 15/43] ipv6: Pass struct net into nf_ct_frag6_gather Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 16/43] net: include missing headers in net/net_namespace.h Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 17/43] netfilter: use forward declaration instead of including linux/proc_fs.h Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 18/43] netfilter: don't pull include/linux/netfilter.h from netns headers Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 19/43] ipvs: Read hooknum from state rather than ops->hooknum Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 20/43] netfilter: Pass priv instead of nf_hook_ops to netfilter hooks Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 21/43] netfilter: Add a network namespace Kconfig conflict Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 22/43] netfilter: Add a struct net parameter to nf_register_hook[s] Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 23/43] netfilter: Add a struct net parameter to nf_unregister_hook[s] Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 24/43] netfilter: Make the netfilter hooks per network namespace Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 25/43] netfilter: Make nf_hook_ops just a parameter structure Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 26/43] netfitler: Remove spurios included of netfilter.h Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 27/43] x_tables: Add magical hook registration in the common case Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 28/43] x_tables: Where possible convert to the new hook registration method Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 29/43] x_tables: Kill xt_[un]hook_link Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 30/43] x_tables: Update ip?table_nat to register their hooks in all network namespaces Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 31/43] netfilter: nf_tables: adapt it to pernet hooks Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 32/43] netfilter: ipt_CLUSTERIP: adapt it to support " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 33/43] netfilter: ebtables: adapt the filter and nat table to " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 34/43] netfilter: bridge: adapt it " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 35/43] ipvs: Register netfilter hooks in all network namespaces Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 36/43] netfilter: nf_conntract: " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 37/43] netfilter: nf_defrag: " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 38/43] netfilter: synproxy: " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 39/43] selinux: adapt it to pernet hooks Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 40/43] smack: " Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 41/43] netfilter: Remove the network namespace Kconfig conflict Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 42/43] netfilter bridge: Make the sysctl knobs per network namespace Eric W. Biederman
2015-06-17 15:28 ` [PATCH net-next 43/43] netfilter: Skip unnecessary calls to synchronize_net Eric W. Biederman
2015-06-17 17:20 ` Patrick McHardy
2015-06-17 20:32 ` Eric W. Biederman
2015-06-18 15:49 ` [PATCH net-next 00/43] Simplify netfilter and network namespaces (take 2) Andreas Schultz
2015-06-18 19:40 ` Pablo Neira Ayuso
2015-07-10 23:11 ` [PATCH -next 0/6] Per network namespace netfilter chains Eric W. Biederman
2015-07-10 23:12 ` [PATCH -next 1/6] netfilter: nf_queue: Don't recompute the hook_list head Eric W. Biederman
2015-07-10 23:13 ` [PATCH -next 2/6] netfilter: kill nf_hooks_active Eric W. Biederman
2015-07-10 23:13 ` [PATCH -next 3/6] netfilter: Simply the tests for enabling and disabling the ingress queue hook Eric W. Biederman
2015-07-10 23:14 ` [PATCH -next 4/6] netfilter: Factor out the hook list selection from nf_register_hook Eric W. Biederman
2015-07-10 23:15 ` [PATCH -next 5/6] netfilter: Per network namespace netfilter hooks Eric W. Biederman
2015-07-15 19:00 ` Pablo Neira Ayuso
2015-07-15 20:22 ` Eric W. Biederman
2015-07-10 23:15 ` [PATCH -next 6/6] netfilter: nftables: Only run the nftables chains in the proper netns Eric W. Biederman
2015-07-15 17:20 ` [PATCH -next 0/6] Per network namespace netfilter chains Pablo Neira Ayuso
2015-07-15 20:05 ` Eric W. Biederman
2015-07-16 11:01 ` Pablo Neira Ayuso
2015-06-17 19:38 ` [PATCH net-next 00/15] Simplify netfilter and network namespaces Julian Anastasov
2015-06-17 20:55 ` Eric W. Biederman
2015-06-17 22:01 ` Julian Anastasov
2015-06-18 14:45 ` Eric W. Biederman
2015-06-18 19:21 ` Julian Anastasov
2015-06-19 14:24 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1434554932-4552-10-git-send-email-ebiederm@xmission.com \
--to=ebiederm@xmission.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=horms@verge.net.au \
--cc=ja@ssi.bg \
--cc=jhs@mojatatu.com \
--cc=jjciarla@raiz.uncu.edu.ar \
--cc=kaber@trash.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=steffen.klassert@secunet.com \
--cc=stephen@networkplumber.org \
--cc=wensong@linux-vs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.