diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-25 20:59:27 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-11-25 20:59:27 -0500 |
commit | 4fb236bac9fc7d51e2267866de6d4c30e549d2f8 (patch) | |
tree | e3d024fe85be93a81553a910f556b818c8a85496 | |
parent | 7013ec30e0e2bc5b1e602e19a4e0668f9b7c0a72 (diff) |
netns xfrm: AH/ESP in netns!
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/ah4.c | 4 | ||||
-rw-r--r-- | net/ipv4/esp4.c | 4 | ||||
-rw-r--r-- | net/ipv6/ah6.c | 3 | ||||
-rw-r--r-- | net/ipv6/esp6.c | 3 |
4 files changed, 10 insertions, 4 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index 750426b0a276..e878e494296e 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
@@ -201,6 +201,7 @@ out: | |||
201 | 201 | ||
202 | static void ah4_err(struct sk_buff *skb, u32 info) | 202 | static void ah4_err(struct sk_buff *skb, u32 info) |
203 | { | 203 | { |
204 | struct net *net = dev_net(skb->dev); | ||
204 | struct iphdr *iph = (struct iphdr *)skb->data; | 205 | struct iphdr *iph = (struct iphdr *)skb->data; |
205 | struct ip_auth_hdr *ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2)); | 206 | struct ip_auth_hdr *ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2)); |
206 | struct xfrm_state *x; | 207 | struct xfrm_state *x; |
@@ -209,7 +210,7 @@ static void ah4_err(struct sk_buff *skb, u32 info) | |||
209 | icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) | 210 | icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) |
210 | return; | 211 | return; |
211 | 212 | ||
212 | x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET); | 213 | x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET); |
213 | if (!x) | 214 | if (!x) |
214 | return; | 215 | return; |
215 | printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n", | 216 | printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n", |
@@ -314,6 +315,7 @@ static struct net_protocol ah4_protocol = { | |||
314 | .handler = xfrm4_rcv, | 315 | .handler = xfrm4_rcv, |
315 | .err_handler = ah4_err, | 316 | .err_handler = ah4_err, |
316 | .no_policy = 1, | 317 | .no_policy = 1, |
318 | .netns_ok = 1, | ||
317 | }; | 319 | }; |
318 | 320 | ||
319 | static int __init ah4_init(void) | 321 | static int __init ah4_init(void) |
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 35950128aa94..18bb383ea393 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -413,6 +413,7 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) | |||
413 | 413 | ||
414 | static void esp4_err(struct sk_buff *skb, u32 info) | 414 | static void esp4_err(struct sk_buff *skb, u32 info) |
415 | { | 415 | { |
416 | struct net *net = dev_net(skb->dev); | ||
416 | struct iphdr *iph = (struct iphdr *)skb->data; | 417 | struct iphdr *iph = (struct iphdr *)skb->data; |
417 | struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2)); | 418 | struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2)); |
418 | struct xfrm_state *x; | 419 | struct xfrm_state *x; |
@@ -421,7 +422,7 @@ static void esp4_err(struct sk_buff *skb, u32 info) | |||
421 | icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) | 422 | icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) |
422 | return; | 423 | return; |
423 | 424 | ||
424 | x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET); | 425 | x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET); |
425 | if (!x) | 426 | if (!x) |
426 | return; | 427 | return; |
427 | NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n", | 428 | NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n", |
@@ -618,6 +619,7 @@ static struct net_protocol esp4_protocol = { | |||
618 | .handler = xfrm4_rcv, | 619 | .handler = xfrm4_rcv, |
619 | .err_handler = esp4_err, | 620 | .err_handler = esp4_err, |
620 | .no_policy = 1, | 621 | .no_policy = 1, |
622 | .netns_ok = 1, | ||
621 | }; | 623 | }; |
622 | 624 | ||
623 | static int __init esp4_init(void) | 625 | static int __init esp4_init(void) |
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index 6ae014b86b69..52449f7a1b71 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
@@ -407,6 +407,7 @@ out: | |||
407 | static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | 407 | static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
408 | int type, int code, int offset, __be32 info) | 408 | int type, int code, int offset, __be32 info) |
409 | { | 409 | { |
410 | struct net *net = dev_net(skb->dev); | ||
410 | struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; | 411 | struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; |
411 | struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+offset); | 412 | struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+offset); |
412 | struct xfrm_state *x; | 413 | struct xfrm_state *x; |
@@ -415,7 +416,7 @@ static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
415 | type != ICMPV6_PKT_TOOBIG) | 416 | type != ICMPV6_PKT_TOOBIG) |
416 | return; | 417 | return; |
417 | 418 | ||
418 | x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET6); | 419 | x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET6); |
419 | if (!x) | 420 | if (!x) |
420 | return; | 421 | return; |
421 | 422 | ||
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index 68f2af8c15c0..c2f250150db1 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
@@ -356,6 +356,7 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu) | |||
356 | static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | 356 | static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
357 | int type, int code, int offset, __be32 info) | 357 | int type, int code, int offset, __be32 info) |
358 | { | 358 | { |
359 | struct net *net = dev_net(skb->dev); | ||
359 | struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; | 360 | struct ipv6hdr *iph = (struct ipv6hdr*)skb->data; |
360 | struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset); | 361 | struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset); |
361 | struct xfrm_state *x; | 362 | struct xfrm_state *x; |
@@ -364,7 +365,7 @@ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
364 | type != ICMPV6_PKT_TOOBIG) | 365 | type != ICMPV6_PKT_TOOBIG) |
365 | return; | 366 | return; |
366 | 367 | ||
367 | x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET6); | 368 | x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET6); |
368 | if (!x) | 369 | if (!x) |
369 | return; | 370 | return; |
370 | printk(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%pI6\n", | 371 | printk(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%pI6\n", |