diff options
author | Denis V. Lunev <den@openvz.org> | 2008-01-23 02:50:57 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 18:11:13 -0500 |
commit | dde1bc0e6f86183bc095d0774cd109f4edf66ea2 (patch) | |
tree | b75823ba47c3047e5bf10acf7f3b207b43cb3cce | |
parent | b5921910a1de4ba82add59154976c3dc7352c8c2 (diff) |
[NETNS]: Add namespace for ICMP replying code.
All needed API is done, the namespace is available when required from
the device on the DST entry from the incoming packet. So, just replace
init_net with proper namespace.
Other protocols will follow.
Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/icmp.c | 21 | ||||
-rw-r--r-- | net/ipv4/ip_output.c | 2 |
2 files changed, 14 insertions, 9 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 63ffc7d86f98..a7321a82df6d 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c | |||
@@ -405,7 +405,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) | |||
405 | .tos = RT_TOS(ip_hdr(skb)->tos) } }, | 405 | .tos = RT_TOS(ip_hdr(skb)->tos) } }, |
406 | .proto = IPPROTO_ICMP }; | 406 | .proto = IPPROTO_ICMP }; |
407 | security_skb_classify_flow(skb, &fl); | 407 | security_skb_classify_flow(skb, &fl); |
408 | if (ip_route_output_key(&init_net, &rt, &fl)) | 408 | if (ip_route_output_key(rt->u.dst.dev->nd_net, &rt, &fl)) |
409 | goto out_unlock; | 409 | goto out_unlock; |
410 | } | 410 | } |
411 | if (icmpv4_xrlim_allow(rt, icmp_param->data.icmph.type, | 411 | if (icmpv4_xrlim_allow(rt, icmp_param->data.icmph.type, |
@@ -437,9 +437,11 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) | |||
437 | struct ipcm_cookie ipc; | 437 | struct ipcm_cookie ipc; |
438 | __be32 saddr; | 438 | __be32 saddr; |
439 | u8 tos; | 439 | u8 tos; |
440 | struct net *net; | ||
440 | 441 | ||
441 | if (!rt) | 442 | if (!rt) |
442 | goto out; | 443 | goto out; |
444 | net = rt->u.dst.dev->nd_net; | ||
443 | 445 | ||
444 | /* | 446 | /* |
445 | * Find the original header. It is expected to be valid, of course. | 447 | * Find the original header. It is expected to be valid, of course. |
@@ -515,7 +517,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) | |||
515 | struct net_device *dev = NULL; | 517 | struct net_device *dev = NULL; |
516 | 518 | ||
517 | if (rt->fl.iif && sysctl_icmp_errors_use_inbound_ifaddr) | 519 | if (rt->fl.iif && sysctl_icmp_errors_use_inbound_ifaddr) |
518 | dev = dev_get_by_index(&init_net, rt->fl.iif); | 520 | dev = dev_get_by_index(net, rt->fl.iif); |
519 | 521 | ||
520 | if (dev) { | 522 | if (dev) { |
521 | saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK); | 523 | saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK); |
@@ -569,7 +571,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) | |||
569 | struct rtable *rt2; | 571 | struct rtable *rt2; |
570 | 572 | ||
571 | security_skb_classify_flow(skb_in, &fl); | 573 | security_skb_classify_flow(skb_in, &fl); |
572 | if (__ip_route_output_key(&init_net, &rt, &fl)) | 574 | if (__ip_route_output_key(net, &rt, &fl)) |
573 | goto out_unlock; | 575 | goto out_unlock; |
574 | 576 | ||
575 | /* No need to clone since we're just using its address. */ | 577 | /* No need to clone since we're just using its address. */ |
@@ -591,14 +593,14 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) | |||
591 | if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET)) | 593 | if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET)) |
592 | goto out_unlock; | 594 | goto out_unlock; |
593 | 595 | ||
594 | if (inet_addr_type(&init_net, fl.fl4_src) == RTN_LOCAL) | 596 | if (inet_addr_type(net, fl.fl4_src) == RTN_LOCAL) |
595 | err = __ip_route_output_key(&init_net, &rt2, &fl); | 597 | err = __ip_route_output_key(net, &rt2, &fl); |
596 | else { | 598 | else { |
597 | struct flowi fl2 = {}; | 599 | struct flowi fl2 = {}; |
598 | struct dst_entry *odst; | 600 | struct dst_entry *odst; |
599 | 601 | ||
600 | fl2.fl4_dst = fl.fl4_src; | 602 | fl2.fl4_dst = fl.fl4_src; |
601 | if (ip_route_output_key(&init_net, &rt2, &fl2)) | 603 | if (ip_route_output_key(net, &rt2, &fl2)) |
602 | goto out_unlock; | 604 | goto out_unlock; |
603 | 605 | ||
604 | /* Ugh! */ | 606 | /* Ugh! */ |
@@ -666,6 +668,9 @@ static void icmp_unreach(struct sk_buff *skb) | |||
666 | int hash, protocol; | 668 | int hash, protocol; |
667 | struct net_protocol *ipprot; | 669 | struct net_protocol *ipprot; |
668 | u32 info = 0; | 670 | u32 info = 0; |
671 | struct net *net; | ||
672 | |||
673 | net = skb->dst->dev->nd_net; | ||
669 | 674 | ||
670 | /* | 675 | /* |
671 | * Incomplete header ? | 676 | * Incomplete header ? |
@@ -696,7 +701,7 @@ static void icmp_unreach(struct sk_buff *skb) | |||
696 | "and DF set.\n", | 701 | "and DF set.\n", |
697 | NIPQUAD(iph->daddr)); | 702 | NIPQUAD(iph->daddr)); |
698 | } else { | 703 | } else { |
699 | info = ip_rt_frag_needed(&init_net, iph, | 704 | info = ip_rt_frag_needed(net, iph, |
700 | ntohs(icmph->un.frag.mtu)); | 705 | ntohs(icmph->un.frag.mtu)); |
701 | if (!info) | 706 | if (!info) |
702 | goto out; | 707 | goto out; |
@@ -734,7 +739,7 @@ static void icmp_unreach(struct sk_buff *skb) | |||
734 | */ | 739 | */ |
735 | 740 | ||
736 | if (!sysctl_icmp_ignore_bogus_error_responses && | 741 | if (!sysctl_icmp_ignore_bogus_error_responses && |
737 | inet_addr_type(&init_net, iph->daddr) == RTN_BROADCAST) { | 742 | inet_addr_type(net, iph->daddr) == RTN_BROADCAST) { |
738 | if (net_ratelimit()) | 743 | if (net_ratelimit()) |
739 | printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP " | 744 | printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP " |
740 | "type %u, code %u " | 745 | "type %u, code %u " |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 1725e0613982..18070ca65771 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
@@ -1379,7 +1379,7 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, struct ip_reply_arg *ar | |||
1379 | .dport = tcp_hdr(skb)->source } }, | 1379 | .dport = tcp_hdr(skb)->source } }, |
1380 | .proto = sk->sk_protocol }; | 1380 | .proto = sk->sk_protocol }; |
1381 | security_skb_classify_flow(skb, &fl); | 1381 | security_skb_classify_flow(skb, &fl); |
1382 | if (ip_route_output_key(&init_net, &rt, &fl)) | 1382 | if (ip_route_output_key(sk->sk_net, &rt, &fl)) |
1383 | return; | 1383 | return; |
1384 | } | 1384 | } |
1385 | 1385 | ||