netfilter: Pass struct net into the netfilter hooks

Pass a network namespace parameter into the netfilter hooks. At the call site of the netfilter hooks the path a packet is taking through the network stack is well known which allows the network namespace to be easily and reliabily. This allows the replacement of magic code like "dev_net(state->in?:state->out)" that appears at the start of most netfilter hooks with "state->net". In almost all cases the network namespace passed in is derived from the first network device passed in, guaranteeing those paths will not see any changes in practice. The exceptions are: xfrm/xfrm_output.c:xfrm_output_resume() xs_net(skb_dst(skb)->xfrm) ipvs/ip_vs_xmit.c:ip_vs_nat_send_or_cont() ip_vs_conn_net(cp) ipvs/ip_vs_xmit.c:ip_vs_send_or_cont() ip_vs_conn_net(cp) ipv4/raw.c:raw_send_hdrinc() sock_net(sk) ipv6/ip6_output.c:ip6_xmit() sock_net(sk) ipv6/ndisc.c:ndisc_send_skb() dev_net(skb->dev) not dev_net(dst->dev) ipv6/raw.c:raw6_send_hdrinc() sock_net(sk) br_netfilter_hooks.c:br_nf_pre_routing_finish() dev_net(skb->dev) before skb->dev is set to nf_bridge->physindev In all cases these exceptions seem to be a better expression for the network namespace the packet is being processed in then the historic "dev_net(in?in:out)". I am documenting them in case something odd pops up and someone starts trying to track down what happened. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric W. Biederman <ebiederm@xmission.com> 2015-09-15 21:04:16 -0400
committer: David S. Miller <davem@davemloft.net> 2015-09-17 20:18:37 -0400
commit: 29a26a56803855a79dbd028cd61abee56237d6e5 (patch)
tree: 89fb3a95216d44417577e218a967ede09d676922 /net/decnet
parent: 04eb44890e5bb3cc855e5c0f18a05eb7311364b7 (diff)
3 files changed, 23 insertions, 20 deletions
diff --git a/net/decnet/dn_neigh.c b/net/decnet/dn_neigh.c
index 4507b188fc51..305ab2fe25cd 100644
--- a/net/decnet/dn_neigh.c
+++ b/net/decnet/dn_neigh.c
@@ -246,8 +246,9 @@ static int dn_long_output(struct neighbour *neigh, struct sock *sk,
        skb_reset_network_header(skb);
-        return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, sk, skb,
+        return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING,
-                       NULL, neigh->dev, dn_neigh_output_packet);
+                       &init_net, sk, skb, NULL, neigh->dev,
+                       dn_neigh_output_packet);
 }
 /*
@@ -286,8 +287,9 @@ static int dn_short_output(struct neighbour *neigh, struct sock *sk,
        skb_reset_network_header(skb);
-        return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, sk, skb,
+        return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING,
-                       NULL, neigh->dev, dn_neigh_output_packet);
+                       &init_net, sk, skb, NULL, neigh->dev,
+                       dn_neigh_output_packet);
 }
 /*
@@ -327,8 +329,9 @@ static int dn_phase3_output(struct neighbour *neigh, struct sock *sk,
        skb_reset_network_header(skb);
-        return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, sk, skb,
+        return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING,
-                       NULL, neigh->dev, dn_neigh_output_packet);
+                       &init_net, sk, skb, NULL, neigh->dev,
+                       dn_neigh_output_packet);
 }
 int dn_to_neigh_output(struct sock *sk, struct sk_buff *skb)
diff --git a/net/decnet/dn_nsp_in.c b/net/decnet/dn_nsp_in.c
index a321eac9fd0c..e7b0605ca34a 100644
--- a/net/decnet/dn_nsp_in.c
+++ b/net/decnet/dn_nsp_in.c
@@ -814,8 +814,8 @@ free_out:
 int dn_nsp_rx(struct sk_buff *skb)
 {
-        return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN, NULL, skb,
+        return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN,
-                       skb->dev, NULL,
+                       &init_net, NULL, skb, skb->dev, NULL,
                       dn_nsp_rx_packet);
 }
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index 03227ffd19ce..fefcd2e85ef9 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -573,8 +573,8 @@ static int dn_route_rx_long(struct sk_buff *skb)
        ptr++;
        cb->hops = *ptr++; /* Visit Count */
-        return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, NULL, skb,
+        return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING,
-                       skb->dev, NULL,
+                       &init_net, NULL, skb, skb->dev, NULL,
                       dn_route_rx_packet);
 drop_it:
@@ -601,8 +601,8 @@ static int dn_route_rx_short(struct sk_buff *skb)
        ptr += 2;
        cb->hops = *ptr & 0x3f;
-        return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, NULL, skb,
+        return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING,
-                       skb->dev, NULL,
+                       &init_net, NULL, skb, skb->dev, NULL,
                       dn_route_rx_packet);
 drop_it:
@@ -706,22 +706,22 @@ int dn_route_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type
                switch (flags & DN_RT_CNTL_MSK) {
                case DN_RT_PKT_HELO:
                        return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO,
-                                       NULL, skb, skb->dev, NULL,
+                                       &init_net, NULL, skb, skb->dev, NULL,
                                       dn_route_ptp_hello);
                case DN_RT_PKT_L1RT:
                case DN_RT_PKT_L2RT:
                        return NF_HOOK(NFPROTO_DECNET, NF_DN_ROUTE,
-                                       NULL, skb, skb->dev, NULL,
+                                       &init_net, NULL, skb, skb->dev, NULL,
                                       dn_route_discard);
                case DN_RT_PKT_ERTH:
                        return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO,
-                                       NULL, skb, skb->dev, NULL,
+                                       &init_net, NULL, skb, skb->dev, NULL,
                                       dn_neigh_router_hello);
                case DN_RT_PKT_EEDH:
                        return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO,
-                                       NULL, skb, skb->dev, NULL,
+                                       &init_net, NULL, skb, skb->dev, NULL,
                                       dn_neigh_endnode_hello);
                }
        } else {
@@ -770,8 +770,8 @@ static int dn_output(struct sock *sk, struct sk_buff *skb)
        cb->rt_flags |= DN_RT_F_IE;
        cb->hops = 0;
-        return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_OUT, sk, skb,
+        return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_OUT,
-                       NULL, dev,
+                       &init_net, sk, skb, NULL, dev,
                       dn_to_neigh_output);
 error:
@@ -819,8 +819,8 @@ static int dn_forward(struct sk_buff *skb)
        if (rt->rt_flags & RTCF_DOREDIRECT)
                cb->rt_flags |= DN_RT_F_IE;
-        return NF_HOOK(NFPROTO_DECNET, NF_DN_FORWARD, NULL, skb,
+        return NF_HOOK(NFPROTO_DECNET, NF_DN_FORWARD,
-                       dev, skb->dev,
+                       &init_net, NULL, skb, dev, skb->dev,
                       dn_to_neigh_output);
 drop:
author	Eric W. Biederman <ebiederm@xmission.com>	2015-09-15 21:04:16 -0400
committer	David S. Miller <davem@davemloft.net>	2015-09-17 20:18:37 -0400
commit	29a26a56803855a79dbd028cd61abee56237d6e5 (patch)
tree	89fb3a95216d44417577e218a967ede09d676922 /net/decnet
parent	04eb44890e5bb3cc855e5c0f18a05eb7311364b7 (diff)