diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2015-09-15 21:04:18 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2015-09-17 20:18:37 -0400 |
| commit | 0c4b51f0054ce85c0ec578ab818f0631834573eb (patch) | |
| tree | 73e729f58fbaf6420e0f390e36aa936ddaa219ef /net/ipv6 | |
| parent | 9dff2c966a0a79a4222553a851f17e679fc28a43 (diff) | |
netfilter: Pass net into okfn
This is immediately motivated by the bridge code that chains functions that
call into netfilter. Without passing net into the okfns the bridge code would
need to guess about the best expression for the network namespace to process
packets in.
As net is frequently one of the first things computed in continuation functions
after netfilter has done it's job passing in the desired network namespace is in
many cases a code simplification.
To support this change the function dst_output_okfn is introduced to
simplify passing dst_output as an okfn. For the moment dst_output_okfn
just silently drops the struct net.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/ip6_input.c | 5 | ||||
| -rw-r--r-- | net/ipv6/ip6_output.c | 7 | ||||
| -rw-r--r-- | net/ipv6/ip6mr.c | 3 | ||||
| -rw-r--r-- | net/ipv6/mcast.c | 4 | ||||
| -rw-r--r-- | net/ipv6/ndisc.c | 2 | ||||
| -rw-r--r-- | net/ipv6/output_core.c | 2 | ||||
| -rw-r--r-- | net/ipv6/raw.c | 2 | ||||
| -rw-r--r-- | net/ipv6/xfrm6_output.c | 2 |
8 files changed, 13 insertions, 14 deletions
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c index 583cf959c23d..9075acf081dd 100644 --- a/net/ipv6/ip6_input.c +++ b/net/ipv6/ip6_input.c | |||
| @@ -47,7 +47,7 @@ | |||
| 47 | #include <net/inet_ecn.h> | 47 | #include <net/inet_ecn.h> |
| 48 | #include <net/dst_metadata.h> | 48 | #include <net/dst_metadata.h> |
| 49 | 49 | ||
| 50 | int ip6_rcv_finish(struct sock *sk, struct sk_buff *skb) | 50 | int ip6_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb) |
| 51 | { | 51 | { |
| 52 | if (sysctl_ip_early_demux && !skb_dst(skb) && skb->sk == NULL) { | 52 | if (sysctl_ip_early_demux && !skb_dst(skb) && skb->sk == NULL) { |
| 53 | const struct inet6_protocol *ipprot; | 53 | const struct inet6_protocol *ipprot; |
| @@ -199,9 +199,8 @@ drop: | |||
| 199 | */ | 199 | */ |
| 200 | 200 | ||
| 201 | 201 | ||
| 202 | static int ip6_input_finish(struct sock *sk, struct sk_buff *skb) | 202 | static int ip6_input_finish(struct net *net, struct sock *sk, struct sk_buff *skb) |
| 203 | { | 203 | { |
| 204 | struct net *net = dev_net(skb_dst(skb)->dev); | ||
| 205 | const struct inet6_protocol *ipprot; | 204 | const struct inet6_protocol *ipprot; |
| 206 | struct inet6_dev *idev; | 205 | struct inet6_dev *idev; |
| 207 | unsigned int nhoff; | 206 | unsigned int nhoff; |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 96e76ddd4a44..d8d68e81d123 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
| @@ -121,7 +121,7 @@ static int ip6_finish_output2(struct sock *sk, struct sk_buff *skb) | |||
| 121 | return -EINVAL; | 121 | return -EINVAL; |
| 122 | } | 122 | } |
| 123 | 123 | ||
| 124 | static int ip6_finish_output(struct sock *sk, struct sk_buff *skb) | 124 | static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb) |
| 125 | { | 125 | { |
| 126 | if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || | 126 | if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || |
| 127 | dst_allfrag(skb_dst(skb)) || | 127 | dst_allfrag(skb_dst(skb)) || |
| @@ -225,7 +225,7 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, | |||
| 225 | IPSTATS_MIB_OUT, skb->len); | 225 | IPSTATS_MIB_OUT, skb->len); |
| 226 | return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, | 226 | return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, |
| 227 | net, sk, skb, NULL, dst->dev, | 227 | net, sk, skb, NULL, dst->dev, |
| 228 | dst_output); | 228 | dst_output_okfn); |
| 229 | } | 229 | } |
| 230 | 230 | ||
| 231 | skb->dev = dst->dev; | 231 | skb->dev = dst->dev; |
| @@ -317,7 +317,8 @@ static int ip6_forward_proxy_check(struct sk_buff *skb) | |||
| 317 | return 0; | 317 | return 0; |
| 318 | } | 318 | } |
| 319 | 319 | ||
| 320 | static inline int ip6_forward_finish(struct sock *sk, struct sk_buff *skb) | 320 | static inline int ip6_forward_finish(struct net *net, struct sock *sk, |
| 321 | struct sk_buff *skb) | ||
| 321 | { | 322 | { |
| 322 | skb_sender_cpu_clear(skb); | 323 | skb_sender_cpu_clear(skb); |
| 323 | return dst_output(sk, skb); | 324 | return dst_output(sk, skb); |
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c index e830942b2090..5e5d16e7ce85 100644 --- a/net/ipv6/ip6mr.c +++ b/net/ipv6/ip6mr.c | |||
| @@ -1985,9 +1985,8 @@ int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg) | |||
| 1985 | } | 1985 | } |
| 1986 | #endif | 1986 | #endif |
| 1987 | 1987 | ||
| 1988 | static inline int ip6mr_forward2_finish(struct sock *sk, struct sk_buff *skb) | 1988 | static inline int ip6mr_forward2_finish(struct net *net, struct sock *sk, struct sk_buff *skb) |
| 1989 | { | 1989 | { |
| 1990 | struct net *net = dev_net(skb_dst(skb)->dev); | ||
| 1991 | IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)), | 1990 | IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)), |
| 1992 | IPSTATS_MIB_OUTFORWDATAGRAMS); | 1991 | IPSTATS_MIB_OUTFORWDATAGRAMS); |
| 1993 | IP6_ADD_STATS_BH(net, ip6_dst_idev(skb_dst(skb)), | 1992 | IP6_ADD_STATS_BH(net, ip6_dst_idev(skb_dst(skb)), |
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c index 124338a39e29..a8bf57ca74d3 100644 --- a/net/ipv6/mcast.c +++ b/net/ipv6/mcast.c | |||
| @@ -1646,7 +1646,7 @@ static void mld_sendpack(struct sk_buff *skb) | |||
| 1646 | 1646 | ||
| 1647 | err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, | 1647 | err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, |
| 1648 | net, net->ipv6.igmp_sk, skb, NULL, skb->dev, | 1648 | net, net->ipv6.igmp_sk, skb, NULL, skb->dev, |
| 1649 | dst_output); | 1649 | dst_output_okfn); |
| 1650 | out: | 1650 | out: |
| 1651 | if (!err) { | 1651 | if (!err) { |
| 1652 | ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT); | 1652 | ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT); |
| @@ -2010,7 +2010,7 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) | |||
| 2010 | skb_dst_set(skb, dst); | 2010 | skb_dst_set(skb, dst); |
| 2011 | err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, | 2011 | err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, |
| 2012 | net, sk, skb, NULL, skb->dev, | 2012 | net, sk, skb, NULL, skb->dev, |
| 2013 | dst_output); | 2013 | dst_output_okfn); |
| 2014 | out: | 2014 | out: |
| 2015 | if (!err) { | 2015 | if (!err) { |
| 2016 | ICMP6MSGOUT_INC_STATS(net, idev, type); | 2016 | ICMP6MSGOUT_INC_STATS(net, idev, type); |
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index dd2b08d7c8d1..dde5a1e5875a 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c | |||
| @@ -465,7 +465,7 @@ static void ndisc_send_skb(struct sk_buff *skb, | |||
| 465 | 465 | ||
| 466 | err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, | 466 | err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, |
| 467 | net, sk, skb, NULL, dst->dev, | 467 | net, sk, skb, NULL, dst->dev, |
| 468 | dst_output); | 468 | dst_output_okfn); |
| 469 | if (!err) { | 469 | if (!err) { |
| 470 | ICMP6MSGOUT_INC_STATS(net, idev, type); | 470 | ICMP6MSGOUT_INC_STATS(net, idev, type); |
| 471 | ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); | 471 | ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); |
diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c index 9cc9127fb5e7..e77102c4f804 100644 --- a/net/ipv6/output_core.c +++ b/net/ipv6/output_core.c | |||
| @@ -151,7 +151,7 @@ static int __ip6_local_out_sk(struct sock *sk, struct sk_buff *skb) | |||
| 151 | 151 | ||
| 152 | return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, | 152 | return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, |
| 153 | net, sk, skb, NULL, skb_dst(skb)->dev, | 153 | net, sk, skb, NULL, skb_dst(skb)->dev, |
| 154 | dst_output); | 154 | dst_output_okfn); |
| 155 | } | 155 | } |
| 156 | 156 | ||
| 157 | int __ip6_local_out(struct sk_buff *skb) | 157 | int __ip6_local_out(struct sk_buff *skb) |
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index dc65ec198f7c..fec0151522a2 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c | |||
| @@ -655,7 +655,7 @@ static int rawv6_send_hdrinc(struct sock *sk, struct msghdr *msg, int length, | |||
| 655 | 655 | ||
| 656 | IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len); | 656 | IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len); |
| 657 | err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, sk, skb, | 657 | err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, sk, skb, |
| 658 | NULL, rt->dst.dev, dst_output); | 658 | NULL, rt->dst.dev, dst_output_okfn); |
| 659 | if (err > 0) | 659 | if (err > 0) |
| 660 | err = net_xmit_errno(err); | 660 | err = net_xmit_errno(err); |
| 661 | if (err) | 661 | if (err) |
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c index 431ae2c22234..68a996f8a044 100644 --- a/net/ipv6/xfrm6_output.c +++ b/net/ipv6/xfrm6_output.c | |||
| @@ -131,7 +131,7 @@ int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb) | |||
| 131 | return xfrm_output(sk, skb); | 131 | return xfrm_output(sk, skb); |
| 132 | } | 132 | } |
| 133 | 133 | ||
| 134 | static int __xfrm6_output(struct sock *sk, struct sk_buff *skb) | 134 | static int __xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb) |
| 135 | { | 135 | { |
| 136 | struct dst_entry *dst = skb_dst(skb); | 136 | struct dst_entry *dst = skb_dst(skb); |
| 137 | struct xfrm_state *x = dst->xfrm; | 137 | struct xfrm_state *x = dst->xfrm; |