netfilter: xt_connlimit: netns support

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

1 files changed, 5 insertions, 3 deletions

diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index 8103bef78e44..0d9d18ea2b09 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -90,7 +90,8 @@ same_source_net(const union nf_inet_addr *addr,
         }
 }
 
-static int count_them(struct xt_connlimit_data *data,
+static int count_them(struct net *net,
+                      struct xt_connlimit_data *data,
                       const struct nf_conntrack_tuple *tuple,
                       const union nf_inet_addr *addr,
                       const union nf_inet_addr *mask,
@@ -113,7 +114,7 @@ static int count_them(struct xt_connlimit_data *data,
 
         /* check the saved connections */
         list_for_each_entry_safe(conn, tmp, hash, list) {
-                found    = nf_conntrack_find_get(&init_net, &conn->tuple);
+                found    = nf_conntrack_find_get(net, &conn->tuple);
                 found_ct = NULL;
 
                 if (found != NULL)
@@ -171,6 +172,7 @@ static int count_them(struct xt_connlimit_data *data,
 static bool
 connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
 {
+        struct net *net = dev_net(par->in ? par->in : par->out);
         const struct xt_connlimit_info *info = par->matchinfo;
         union nf_inet_addr addr;
         struct nf_conntrack_tuple tuple;
@@ -195,7 +197,7 @@ connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
         }
 
         spin_lock_bh(&info->data->lock);
-        connections = count_them(info->data, tuple_ptr, &addr,
+        connections = count_them(net, info->data, tuple_ptr, &addr,
                                  &info->mask, par->family);
         spin_unlock_bh(&info->data->lock);