aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2008-10-08 05:35:03 -0400
committerPatrick McHardy <kaber@trash.net>2008-10-08 05:35:03 -0400
commitb21f89019399ff75d9c239010e38b840eb6e01e7 (patch)
treef4b2ef9f75e2330b983ba27515a5687f8e923e24
parent400dad39d1c33fe797e47326d87a3f54d0ac5181 (diff)
netfilter: netns: fix {ip,6}_route_me_harder() in netns
Take netns from skb->dst->dev. It should be safe because, they are called from LOCAL_OUT hook where dst is valid (though, I'm not exactly sure about IPVS and queueing packets to userspace). [Patrick: its safe everywhere since they already expect skb->dst to be set] Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat
-rw-r--r--net/ipv4/netfilter.c7
-rw-r--r--net/ipv6/netfilter.c2
2 files changed, 5 insertions, 4 deletions
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 01671ad51ed3..6efdb70b3eb2 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -12,6 +12,7 @@
12/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */ 12/* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
13int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type) 13int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
14{ 14{
15 struct net *net = dev_net(skb->dst->dev);
15 const struct iphdr *iph = ip_hdr(skb); 16 const struct iphdr *iph = ip_hdr(skb);
16 struct rtable *rt; 17 struct rtable *rt;
17 struct flowi fl = {}; 18 struct flowi fl = {};
@@ -19,7 +20,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
19 unsigned int hh_len; 20 unsigned int hh_len;
20 unsigned int type; 21 unsigned int type;
21 22
22 type = inet_addr_type(&init_net, iph->saddr); 23 type = inet_addr_type(net, iph->saddr);
23 if (skb->sk && inet_sk(skb->sk)->transparent) 24 if (skb->sk && inet_sk(skb->sk)->transparent)
24 type = RTN_LOCAL; 25 type = RTN_LOCAL;
25 if (addr_type == RTN_UNSPEC) 26 if (addr_type == RTN_UNSPEC)
@@ -36,7 +37,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
36 fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0; 37 fl.oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
37 fl.mark = skb->mark; 38 fl.mark = skb->mark;
38 fl.flags = skb->sk ? inet_sk_flowi_flags(skb->sk) : 0; 39 fl.flags = skb->sk ? inet_sk_flowi_flags(skb->sk) : 0;
39 if (ip_route_output_key(&init_net, &rt, &fl) != 0) 40 if (ip_route_output_key(net, &rt, &fl) != 0)
40 return -1; 41 return -1;
41 42
42 /* Drop old route. */ 43 /* Drop old route. */
@@ -46,7 +47,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
46 /* non-local src, find valid iif to satisfy 47 /* non-local src, find valid iif to satisfy
47 * rp-filter when calling ip_route_input. */ 48 * rp-filter when calling ip_route_input. */
48 fl.nl_u.ip4_u.daddr = iph->saddr; 49 fl.nl_u.ip4_u.daddr = iph->saddr;
49 if (ip_route_output_key(&init_net, &rt, &fl) != 0) 50 if (ip_route_output_key(net, &rt, &fl) != 0)
50 return -1; 51 return -1;
51 52
52 odst = skb->dst; 53 odst = skb->dst;
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 8c6c5e71f210..4cb4844a3220 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -23,7 +23,7 @@ int ip6_route_me_harder(struct sk_buff *skb)
23 .saddr = iph->saddr, } }, 23 .saddr = iph->saddr, } },
24 }; 24 };
25 25
26 dst = ip6_route_output(&init_net, skb->sk, &fl); 26 dst = ip6_route_output(dev_net(skb->dst->dev), skb->sk, &fl);
27 27
28#ifdef CONFIG_XFRM 28#ifdef CONFIG_XFRM
29 if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && 29 if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-27 21:22:50 -0500