aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDenis V. Lunev <den@openvz.org>2008-01-23 02:50:57 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 18:11:13 -0500
commitdde1bc0e6f86183bc095d0774cd109f4edf66ea2 (patch)
treeb75823ba47c3047e5bf10acf7f3b207b43cb3cce
parentb5921910a1de4ba82add59154976c3dc7352c8c2 (diff)
[NETNS]: Add namespace for ICMP replying code.
All needed API is done, the namespace is available when required from the device on the DST entry from the incoming packet. So, just replace init_net with proper namespace. Other protocols will follow. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/icmp.c21
-rw-r--r--net/ipv4/ip_output.c2
2 files changed, 14 insertions, 9 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 63ffc7d86f98..a7321a82df6d 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -405,7 +405,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
405 .tos = RT_TOS(ip_hdr(skb)->tos) } }, 405 .tos = RT_TOS(ip_hdr(skb)->tos) } },
406 .proto = IPPROTO_ICMP }; 406 .proto = IPPROTO_ICMP };
407 security_skb_classify_flow(skb, &fl); 407 security_skb_classify_flow(skb, &fl);
408 if (ip_route_output_key(&init_net, &rt, &fl)) 408 if (ip_route_output_key(rt->u.dst.dev->nd_net, &rt, &fl))
409 goto out_unlock; 409 goto out_unlock;
410 } 410 }
411 if (icmpv4_xrlim_allow(rt, icmp_param->data.icmph.type, 411 if (icmpv4_xrlim_allow(rt, icmp_param->data.icmph.type,
@@ -437,9 +437,11 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
437 struct ipcm_cookie ipc; 437 struct ipcm_cookie ipc;
438 __be32 saddr; 438 __be32 saddr;
439 u8 tos; 439 u8 tos;
440 struct net *net;
440 441
441 if (!rt) 442 if (!rt)
442 goto out; 443 goto out;
444 net = rt->u.dst.dev->nd_net;
443 445
444 /* 446 /*
445 * Find the original header. It is expected to be valid, of course. 447 * Find the original header. It is expected to be valid, of course.
@@ -515,7 +517,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
515 struct net_device *dev = NULL; 517 struct net_device *dev = NULL;
516 518
517 if (rt->fl.iif && sysctl_icmp_errors_use_inbound_ifaddr) 519 if (rt->fl.iif && sysctl_icmp_errors_use_inbound_ifaddr)
518 dev = dev_get_by_index(&init_net, rt->fl.iif); 520 dev = dev_get_by_index(net, rt->fl.iif);
519 521
520 if (dev) { 522 if (dev) {
521 saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK); 523 saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK);
@@ -569,7 +571,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
569 struct rtable *rt2; 571 struct rtable *rt2;
570 572
571 security_skb_classify_flow(skb_in, &fl); 573 security_skb_classify_flow(skb_in, &fl);
572 if (__ip_route_output_key(&init_net, &rt, &fl)) 574 if (__ip_route_output_key(net, &rt, &fl))
573 goto out_unlock; 575 goto out_unlock;
574 576
575 /* No need to clone since we're just using its address. */ 577 /* No need to clone since we're just using its address. */
@@ -591,14 +593,14 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
591 if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET)) 593 if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET))
592 goto out_unlock; 594 goto out_unlock;
593 595
594 if (inet_addr_type(&init_net, fl.fl4_src) == RTN_LOCAL) 596 if (inet_addr_type(net, fl.fl4_src) == RTN_LOCAL)
595 err = __ip_route_output_key(&init_net, &rt2, &fl); 597 err = __ip_route_output_key(net, &rt2, &fl);
596 else { 598 else {
597 struct flowi fl2 = {}; 599 struct flowi fl2 = {};
598 struct dst_entry *odst; 600 struct dst_entry *odst;
599 601
600 fl2.fl4_dst = fl.fl4_src; 602 fl2.fl4_dst = fl.fl4_src;
601 if (ip_route_output_key(&init_net, &rt2, &fl2)) 603 if (ip_route_output_key(net, &rt2, &fl2))
602 goto out_unlock; 604 goto out_unlock;
603 605
604 /* Ugh! */ 606 /* Ugh! */
@@ -666,6 +668,9 @@ static void icmp_unreach(struct sk_buff *skb)
666 int hash, protocol; 668 int hash, protocol;
667 struct net_protocol *ipprot; 669 struct net_protocol *ipprot;
668 u32 info = 0; 670 u32 info = 0;
671 struct net *net;
672
673 net = skb->dst->dev->nd_net;
669 674
670 /* 675 /*
671 * Incomplete header ? 676 * Incomplete header ?
@@ -696,7 +701,7 @@ static void icmp_unreach(struct sk_buff *skb)
696 "and DF set.\n", 701 "and DF set.\n",
697 NIPQUAD(iph->daddr)); 702 NIPQUAD(iph->daddr));
698 } else { 703 } else {
699 info = ip_rt_frag_needed(&init_net, iph, 704 info = ip_rt_frag_needed(net, iph,
700 ntohs(icmph->un.frag.mtu)); 705 ntohs(icmph->un.frag.mtu));
701 if (!info) 706 if (!info)
702 goto out; 707 goto out;
@@ -734,7 +739,7 @@ static void icmp_unreach(struct sk_buff *skb)
734 */ 739 */
735 740
736 if (!sysctl_icmp_ignore_bogus_error_responses && 741 if (!sysctl_icmp_ignore_bogus_error_responses &&
737 inet_addr_type(&init_net, iph->daddr) == RTN_BROADCAST) { 742 inet_addr_type(net, iph->daddr) == RTN_BROADCAST) {
738 if (net_ratelimit()) 743 if (net_ratelimit())
739 printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP " 744 printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP "
740 "type %u, code %u " 745 "type %u, code %u "
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 1725e0613982..18070ca65771 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1379,7 +1379,7 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, struct ip_reply_arg *ar
1379 .dport = tcp_hdr(skb)->source } }, 1379 .dport = tcp_hdr(skb)->source } },
1380 .proto = sk->sk_protocol }; 1380 .proto = sk->sk_protocol };
1381 security_skb_classify_flow(skb, &fl); 1381 security_skb_classify_flow(skb, &fl);
1382 if (ip_route_output_key(&init_net, &rt, &fl)) 1382 if (ip_route_output_key(sk->sk_net, &rt, &fl))
1383 return; 1383 return;
1384 } 1384 }
1385 1385