netfilter: Pass net into nf_xfrm_me_harder
Instead of calling dev_net on a likley looking network device pass state->net into nf_xfrm_me_harder. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
06198b34a3
commit
c7af6483b9
|
@ -10,7 +10,7 @@
|
|||
unsigned int nf_nat_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
|
||||
unsigned int hooknum, struct sk_buff *skb);
|
||||
|
||||
int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family);
|
||||
int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family);
|
||||
|
||||
static inline int nf_nat_initialized(struct nf_conn *ct,
|
||||
enum nf_nat_manip_type manip)
|
||||
|
|
|
@ -396,7 +396,7 @@ nf_nat_ipv4_out(void *priv, struct sk_buff *skb,
|
|||
(ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
|
||||
ct->tuplehash[dir].tuple.src.u.all !=
|
||||
ct->tuplehash[!dir].tuple.dst.u.all)) {
|
||||
err = nf_xfrm_me_harder(skb, AF_INET);
|
||||
err = nf_xfrm_me_harder(state->net, skb, AF_INET);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
|
@ -440,7 +440,7 @@ nf_nat_ipv4_local_fn(void *priv, struct sk_buff *skb,
|
|||
ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
|
||||
ct->tuplehash[dir].tuple.dst.u.all !=
|
||||
ct->tuplehash[!dir].tuple.src.u.all) {
|
||||
err = nf_xfrm_me_harder(skb, AF_INET);
|
||||
err = nf_xfrm_me_harder(state->net, skb, AF_INET);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
|
|
|
@ -403,7 +403,7 @@ nf_nat_ipv6_out(void *priv, struct sk_buff *skb,
|
|||
(ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
|
||||
ct->tuplehash[dir].tuple.src.u.all !=
|
||||
ct->tuplehash[!dir].tuple.dst.u.all)) {
|
||||
err = nf_xfrm_me_harder(skb, AF_INET6);
|
||||
err = nf_xfrm_me_harder(state->net, skb, AF_INET6);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
|
@ -446,7 +446,7 @@ nf_nat_ipv6_local_fn(void *priv, struct sk_buff *skb,
|
|||
ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMPV6 &&
|
||||
ct->tuplehash[dir].tuple.dst.u.all !=
|
||||
ct->tuplehash[!dir].tuple.src.u.all) {
|
||||
err = nf_xfrm_me_harder(skb, AF_INET6);
|
||||
err = nf_xfrm_me_harder(state->net, skb, AF_INET6);
|
||||
if (err < 0)
|
||||
ret = NF_DROP_ERR(err);
|
||||
}
|
||||
|
|
|
@ -83,7 +83,7 @@ static void __nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl)
|
|||
rcu_read_unlock();
|
||||
}
|
||||
|
||||
int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
|
||||
int nf_xfrm_me_harder(struct net *net, struct sk_buff *skb, unsigned int family)
|
||||
{
|
||||
struct flowi fl;
|
||||
unsigned int hh_len;
|
||||
|
@ -99,7 +99,7 @@ int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family)
|
|||
dst = ((struct xfrm_dst *)dst)->route;
|
||||
dst_hold(dst);
|
||||
|
||||
dst = xfrm_lookup(dev_net(dst->dev), dst, &fl, skb->sk, 0);
|
||||
dst = xfrm_lookup(net, dst, &fl, skb->sk, 0);
|
||||
if (IS_ERR(dst))
|
||||
return PTR_ERR(dst);
|
||||
|
||||
|
|
Loading…
Reference in New Issue