aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2008-11-25 20:35:18 -0500
committerDavid S. Miller <davem@davemloft.net>2008-11-25 20:35:18 -0500
commit52479b623d3d41df84c499325b6a8c7915413032 (patch)
tree196f303f296b53dc89a05954d9c03226a9b4158b
parentcdcbca7c1f1946758cfacb69bc1c7eeaccb11e2d (diff)
netns xfrm: lookup in netns
Pass netns to xfrm_lookup()/__xfrm_lookup(). For that pass netns to flow_cache_lookup() and resolver callback. Take it from socket or netdevice. Stub DECnet to init_net. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--include/net/dst.h16
-rw-r--r--include/net/flow.h9
-rw-r--r--net/core/flow.c4
-rw-r--r--net/dccp/ipv6.c10
-rw-r--r--net/decnet/dn_route.c6
-rw-r--r--net/ipv4/icmp.c4
-rw-r--r--net/ipv4/netfilter.c4
-rw-r--r--net/ipv4/route.c2
-rw-r--r--net/ipv6/af_inet6.c2
-rw-r--r--net/ipv6/datagram.c3
-rw-r--r--net/ipv6/icmp.c6
-rw-r--r--net/ipv6/inet6_connection_sock.c2
-rw-r--r--net/ipv6/ip6_tunnel.c5
-rw-r--r--net/ipv6/mcast.c4
-rw-r--r--net/ipv6/ndisc.c4
-rw-r--r--net/ipv6/netfilter.c2
-rw-r--r--net/ipv6/netfilter/ip6t_REJECT.c2
-rw-r--r--net/ipv6/raw.c3
-rw-r--r--net/ipv6/syncookies.c2
-rw-r--r--net/ipv6/tcp_ipv6.c11
-rw-r--r--net/ipv6/udp.c3
-rw-r--r--net/xfrm/xfrm_policy.c38
22 files changed, 75 insertions, 67 deletions
diff --git a/include/net/dst.h b/include/net/dst.h
index 6c778799bf10..6be3b082a070 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -291,21 +291,21 @@ enum {
291 291
292struct flowi; 292struct flowi;
293#ifndef CONFIG_XFRM 293#ifndef CONFIG_XFRM
294static inline int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, 294static inline int xfrm_lookup(struct net *net, struct dst_entry **dst_p,
295 struct sock *sk, int flags) 295 struct flowi *fl, struct sock *sk, int flags)
296{ 296{
297 return 0; 297 return 0;
298} 298}
299static inline int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, 299static inline int __xfrm_lookup(struct net *net, struct dst_entry **dst_p,
300 struct sock *sk, int flags) 300 struct flowi *fl, struct sock *sk, int flags)
301{ 301{
302 return 0; 302 return 0;
303} 303}
304#else 304#else
305extern int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, 305extern int xfrm_lookup(struct net *net, struct dst_entry **dst_p,
306 struct sock *sk, int flags); 306 struct flowi *fl, struct sock *sk, int flags);
307extern int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, 307extern int __xfrm_lookup(struct net *net, struct dst_entry **dst_p,
308 struct sock *sk, int flags); 308 struct flowi *fl, struct sock *sk, int flags);
309#endif 309#endif
310#endif 310#endif
311 311
diff --git a/include/net/flow.h b/include/net/flow.h
index b45a5e4fcadd..809970b7dfee 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -84,12 +84,13 @@ struct flowi {
84#define FLOW_DIR_OUT 1 84#define FLOW_DIR_OUT 1
85#define FLOW_DIR_FWD 2 85#define FLOW_DIR_FWD 2
86 86
87struct net;
87struct sock; 88struct sock;
88typedef int (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir, 89typedef int (*flow_resolve_t)(struct net *net, struct flowi *key, u16 family,
89 void **objp, atomic_t **obj_refp); 90 u8 dir, void **objp, atomic_t **obj_refp);
90 91
91extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir, 92extern void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family,
92 flow_resolve_t resolver); 93 u8 dir, flow_resolve_t resolver);
93extern void flow_cache_flush(void); 94extern void flow_cache_flush(void);
94extern atomic_t flow_cache_genid; 95extern atomic_t flow_cache_genid;
95 96
diff --git a/net/core/flow.c b/net/core/flow.c
index d323388dd1ba..96015871ecea 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -165,7 +165,7 @@ static int flow_key_compare(struct flowi *key1, struct flowi *key2)
165 return 0; 165 return 0;
166} 166}
167 167
168void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir, 168void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
169 flow_resolve_t resolver) 169 flow_resolve_t resolver)
170{ 170{
171 struct flow_cache_entry *fle, **head; 171 struct flow_cache_entry *fle, **head;
@@ -225,7 +225,7 @@ nocache:
225 void *obj; 225 void *obj;
226 atomic_t *obj_ref; 226 atomic_t *obj_ref;
227 227
228 err = resolver(key, family, dir, &obj, &obj_ref); 228 err = resolver(net, key, family, dir, &obj, &obj_ref);
229 229
230 if (fle && !err) { 230 if (fle && !err) {
231 fle->genid = atomic_read(&flow_cache_genid); 231 fle->genid = atomic_read(&flow_cache_genid);
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index f033e845bb07..b963f35c65f6 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -168,7 +168,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
168 goto out; 168 goto out;
169 } 169 }
170 170
171 err = xfrm_lookup(&dst, &fl, sk, 0); 171 err = xfrm_lookup(net, &dst, &fl, sk, 0);
172 if (err < 0) { 172 if (err < 0) {
173 sk->sk_err_soft = -err; 173 sk->sk_err_soft = -err;
174 goto out; 174 goto out;
@@ -279,7 +279,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req)
279 if (final_p) 279 if (final_p)
280 ipv6_addr_copy(&fl.fl6_dst, final_p); 280 ipv6_addr_copy(&fl.fl6_dst, final_p);
281 281
282 err = xfrm_lookup(&dst, &fl, sk, 0); 282 err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0);
283 if (err < 0) 283 if (err < 0)
284 goto done; 284 goto done;
285 285
@@ -343,7 +343,7 @@ static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb)
343 343
344 /* sk = NULL, but it is safe for now. RST socket required. */ 344 /* sk = NULL, but it is safe for now. RST socket required. */
345 if (!ip6_dst_lookup(ctl_sk, &skb->dst, &fl)) { 345 if (!ip6_dst_lookup(ctl_sk, &skb->dst, &fl)) {
346 if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) { 346 if (xfrm_lookup(net, &skb->dst, &fl, NULL, 0) >= 0) {
347 ip6_xmit(ctl_sk, skb, &fl, NULL, 0); 347 ip6_xmit(ctl_sk, skb, &fl, NULL, 0);
348 DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS); 348 DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
349 DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS); 349 DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
@@ -569,7 +569,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
569 if (final_p) 569 if (final_p)
570 ipv6_addr_copy(&fl.fl6_dst, final_p); 570 ipv6_addr_copy(&fl.fl6_dst, final_p);
571 571
572 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) 572 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
573 goto out; 573 goto out;
574 } 574 }
575 575
@@ -1004,7 +1004,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
1004 if (final_p) 1004 if (final_p)
1005 ipv6_addr_copy(&fl.fl6_dst, final_p); 1005 ipv6_addr_copy(&fl.fl6_dst, final_p);
1006 1006
1007 err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT); 1007 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
1008 if (err < 0) { 1008 if (err < 0) {
1009 if (err == -EREMOTE) 1009 if (err == -EREMOTE)
1010 err = ip6_dst_blackhole(sk, &dst, &fl); 1010 err = ip6_dst_blackhole(sk, &dst, &fl);
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index 768df000523b..eeaa3d819f9c 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -1184,7 +1184,7 @@ static int dn_route_output_key(struct dst_entry **pprt, struct flowi *flp, int f
1184 1184
1185 err = __dn_route_output_key(pprt, flp, flags); 1185 err = __dn_route_output_key(pprt, flp, flags);
1186 if (err == 0 && flp->proto) { 1186 if (err == 0 && flp->proto) {
1187 err = xfrm_lookup(pprt, flp, NULL, 0); 1187 err = xfrm_lookup(&init_net, pprt, flp, NULL, 0);
1188 } 1188 }
1189 return err; 1189 return err;
1190} 1190}
@@ -1195,8 +1195,8 @@ int dn_route_output_sock(struct dst_entry **pprt, struct flowi *fl, struct sock
1195 1195
1196 err = __dn_route_output_key(pprt, fl, flags & MSG_TRYHARD); 1196 err = __dn_route_output_key(pprt, fl, flags & MSG_TRYHARD);
1197 if (err == 0 && fl->proto) { 1197 if (err == 0 && fl->proto) {
1198 err = xfrm_lookup(pprt, fl, sk, (flags & MSG_DONTWAIT) ? 1198 err = xfrm_lookup(&init_net, pprt, fl, sk,
1199 0 : XFRM_LOOKUP_WAIT); 1199 (flags & MSG_DONTWAIT) ? 0 : XFRM_LOOKUP_WAIT);
1200 } 1200 }
1201 return err; 1201 return err;
1202} 1202}
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 7b88be9803b1..705b33b184a3 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -562,7 +562,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
562 /* No need to clone since we're just using its address. */ 562 /* No need to clone since we're just using its address. */
563 rt2 = rt; 563 rt2 = rt;
564 564
565 err = xfrm_lookup((struct dst_entry **)&rt, &fl, NULL, 0); 565 err = xfrm_lookup(net, (struct dst_entry **)&rt, &fl, NULL, 0);
566 switch (err) { 566 switch (err) {
567 case 0: 567 case 0:
568 if (rt != rt2) 568 if (rt != rt2)
@@ -601,7 +601,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
601 if (err) 601 if (err)
602 goto relookup_failed; 602 goto relookup_failed;
603 603
604 err = xfrm_lookup((struct dst_entry **)&rt2, &fl, NULL, 604 err = xfrm_lookup(net, (struct dst_entry **)&rt2, &fl, NULL,
605 XFRM_LOOKUP_ICMP); 605 XFRM_LOOKUP_ICMP);
606 switch (err) { 606 switch (err) {
607 case 0: 607 case 0:
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 6efdb70b3eb2..c99eecf89da5 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -66,7 +66,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
66#ifdef CONFIG_XFRM 66#ifdef CONFIG_XFRM
67 if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && 67 if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
68 xfrm_decode_session(skb, &fl, AF_INET) == 0) 68 xfrm_decode_session(skb, &fl, AF_INET) == 0)
69 if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0)) 69 if (xfrm_lookup(net, &skb->dst, &fl, skb->sk, 0))
70 return -1; 70 return -1;
71#endif 71#endif
72 72
@@ -97,7 +97,7 @@ int ip_xfrm_me_harder(struct sk_buff *skb)
97 dst = ((struct xfrm_dst *)dst)->route; 97 dst = ((struct xfrm_dst *)dst)->route;
98 dst_hold(dst); 98 dst_hold(dst);
99 99
100 if (xfrm_lookup(&dst, &fl, skb->sk, 0) < 0) 100 if (xfrm_lookup(dev_net(dst->dev), &dst, &fl, skb->sk, 0) < 0)
101 return -1; 101 return -1;
102 102
103 dst_release(skb->dst); 103 dst_release(skb->dst);
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 4e6959c29819..77bfba975959 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2761,7 +2761,7 @@ int ip_route_output_flow(struct net *net, struct rtable **rp, struct flowi *flp,
2761 flp->fl4_src = (*rp)->rt_src; 2761 flp->fl4_src = (*rp)->rt_src;
2762 if (!flp->fl4_dst) 2762 if (!flp->fl4_dst)
2763 flp->fl4_dst = (*rp)->rt_dst; 2763 flp->fl4_dst = (*rp)->rt_dst;
2764 err = __xfrm_lookup((struct dst_entry **)rp, flp, sk, 2764 err = __xfrm_lookup(net, (struct dst_entry **)rp, flp, sk,
2765 flags ? XFRM_LOOKUP_WAIT : 0); 2765 flags ? XFRM_LOOKUP_WAIT : 0);
2766 if (err == -EREMOTE) 2766 if (err == -EREMOTE)
2767 err = ipv4_dst_blackhole(net, rp, flp); 2767 err = ipv4_dst_blackhole(net, rp, flp);
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 01edac888510..437b750b98fd 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -637,7 +637,7 @@ int inet6_sk_rebuild_header(struct sock *sk)
637 if (final_p) 637 if (final_p)
638 ipv6_addr_copy(&fl.fl6_dst, final_p); 638 ipv6_addr_copy(&fl.fl6_dst, final_p);
639 639
640 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { 640 if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) {
641 sk->sk_err_soft = -err; 641 sk->sk_err_soft = -err;
642 return err; 642 return err;
643 } 643 }
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index e44deb8d4df2..e2bdc6d83a43 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -175,7 +175,8 @@ ipv4_connected:
175 if (final_p) 175 if (final_p)
176 ipv6_addr_copy(&fl.fl6_dst, final_p); 176 ipv6_addr_copy(&fl.fl6_dst, final_p);
177 177
178 if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { 178 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
179 if (err < 0) {
179 if (err == -EREMOTE) 180 if (err == -EREMOTE)
180 err = ip6_dst_blackhole(sk, &dst, &fl); 181 err = ip6_dst_blackhole(sk, &dst, &fl);
181 if (err < 0) 182 if (err < 0)
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index a77b8d103804..4f433847d95f 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -427,7 +427,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
427 /* No need to clone since we're just using its address. */ 427 /* No need to clone since we're just using its address. */
428 dst2 = dst; 428 dst2 = dst;
429 429
430 err = xfrm_lookup(&dst, &fl, sk, 0); 430 err = xfrm_lookup(net, &dst, &fl, sk, 0);
431 switch (err) { 431 switch (err) {
432 case 0: 432 case 0:
433 if (dst != dst2) 433 if (dst != dst2)
@@ -446,7 +446,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
446 if (ip6_dst_lookup(sk, &dst2, &fl)) 446 if (ip6_dst_lookup(sk, &dst2, &fl))
447 goto relookup_failed; 447 goto relookup_failed;
448 448
449 err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP); 449 err = xfrm_lookup(net, &dst2, &fl, sk, XFRM_LOOKUP_ICMP);
450 switch (err) { 450 switch (err) {
451 case 0: 451 case 0:
452 dst_release(dst); 452 dst_release(dst);
@@ -552,7 +552,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
552 err = ip6_dst_lookup(sk, &dst, &fl); 552 err = ip6_dst_lookup(sk, &dst, &fl);
553 if (err) 553 if (err)
554 goto out; 554 goto out;
555 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) 555 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0)
556 goto out; 556 goto out;
557 557
558 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 558 if (ipv6_addr_is_multicast(&fl.fl6_dst))
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index 16d43f20b32f..3c3732d50c1a 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -219,7 +219,7 @@ int inet6_csk_xmit(struct sk_buff *skb, int ipfragok)
219 if (final_p) 219 if (final_p)
220 ipv6_addr_copy(&fl.fl6_dst, final_p); 220 ipv6_addr_copy(&fl.fl6_dst, final_p);
221 221
222 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { 222 if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) {
223 sk->sk_route_caps = 0; 223 sk->sk_route_caps = 0;
224 kfree_skb(skb); 224 kfree_skb(skb);
225 return err; 225 return err;
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index ef249ab5c93c..58e2b0d93758 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -846,6 +846,7 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
846 int encap_limit, 846 int encap_limit,
847 __u32 *pmtu) 847 __u32 *pmtu)
848{ 848{
849 struct net *net = dev_net(dev);
849 struct ip6_tnl *t = netdev_priv(dev); 850 struct ip6_tnl *t = netdev_priv(dev);
850 struct net_device_stats *stats = &t->dev->stats; 851 struct net_device_stats *stats = &t->dev->stats;
851 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 852 struct ipv6hdr *ipv6h = ipv6_hdr(skb);
@@ -861,9 +862,9 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
861 if ((dst = ip6_tnl_dst_check(t)) != NULL) 862 if ((dst = ip6_tnl_dst_check(t)) != NULL)
862 dst_hold(dst); 863 dst_hold(dst);
863 else { 864 else {
864 dst = ip6_route_output(dev_net(dev), NULL, fl); 865 dst = ip6_route_output(net, NULL, fl);
865 866
866 if (dst->error || xfrm_lookup(&dst, fl, NULL, 0) < 0) 867 if (dst->error || xfrm_lookup(net, &dst, fl, NULL, 0) < 0)
867 goto tx_err_link_failure; 868 goto tx_err_link_failure;
868 } 869 }
869 870
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 870a1d64605a..0f3896032830 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1466,7 +1466,7 @@ static void mld_sendpack(struct sk_buff *skb)
1466 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, 1466 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
1467 skb->dev->ifindex); 1467 skb->dev->ifindex);
1468 1468
1469 err = xfrm_lookup(&skb->dst, &fl, NULL, 0); 1469 err = xfrm_lookup(net, &skb->dst, &fl, NULL, 0);
1470 if (err) 1470 if (err)
1471 goto err_out; 1471 goto err_out;
1472 1472
@@ -1831,7 +1831,7 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
1831 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, 1831 &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
1832 skb->dev->ifindex); 1832 skb->dev->ifindex);
1833 1833
1834 err = xfrm_lookup(&skb->dst, &fl, NULL, 0); 1834 err = xfrm_lookup(net, &skb->dst, &fl, NULL, 0);
1835 if (err) 1835 if (err)
1836 goto err_out; 1836 goto err_out;
1837 1837
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index af6705f03b5c..e4acc212345e 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -524,7 +524,7 @@ void ndisc_send_skb(struct sk_buff *skb,
524 return; 524 return;
525 } 525 }
526 526
527 err = xfrm_lookup(&dst, &fl, NULL, 0); 527 err = xfrm_lookup(net, &dst, &fl, NULL, 0);
528 if (err < 0) { 528 if (err < 0) {
529 kfree_skb(skb); 529 kfree_skb(skb);
530 return; 530 return;
@@ -1524,7 +1524,7 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1524 if (dst == NULL) 1524 if (dst == NULL)
1525 return; 1525 return;
1526 1526
1527 err = xfrm_lookup(&dst, &fl, NULL, 0); 1527 err = xfrm_lookup(net, &dst, &fl, NULL, 0);
1528 if (err) 1528 if (err)
1529 return; 1529 return;
1530 1530
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index fd5b3a4e3329..627e21db65df 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -29,7 +29,7 @@ int ip6_route_me_harder(struct sk_buff *skb)
29#ifdef CONFIG_XFRM 29#ifdef CONFIG_XFRM
30 if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && 30 if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&
31 xfrm_decode_session(skb, &fl, AF_INET6) == 0) 31 xfrm_decode_session(skb, &fl, AF_INET6) == 0)
32 if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0)) 32 if (xfrm_lookup(net, &skb->dst, &fl, skb->sk, 0))
33 return -1; 33 return -1;
34#endif 34#endif
35 35
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 0981b4ccb8b1..5a2d0a41694a 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -97,7 +97,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
97 dst = ip6_route_output(net, NULL, &fl); 97 dst = ip6_route_output(net, NULL, &fl);
98 if (dst == NULL) 98 if (dst == NULL)
99 return; 99 return;
100 if (dst->error || xfrm_lookup(&dst, &fl, NULL, 0)) 100 if (dst->error || xfrm_lookup(net, &dst, &fl, NULL, 0))
101 return; 101 return;
102 102
103 hh_len = (dst->dev->hard_header_len + 15)&~15; 103 hh_len = (dst->dev->hard_header_len + 15)&~15;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 2ba04d41dc25..61f6827e5906 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -860,7 +860,8 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
860 if (final_p) 860 if (final_p)
861 ipv6_addr_copy(&fl.fl6_dst, final_p); 861 ipv6_addr_copy(&fl.fl6_dst, final_p);
862 862
863 if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { 863 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
864 if (err < 0) {
864 if (err == -EREMOTE) 865 if (err == -EREMOTE)
865 err = ip6_dst_blackhole(sk, &dst, &fl); 866 err = ip6_dst_blackhole(sk, &dst, &fl);
866 if (err < 0) 867 if (err < 0)
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index 676c80b5b14b..711175e0571f 100644
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -259,7 +259,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
259 259
260 if (final_p) 260 if (final_p)
261 ipv6_addr_copy(&fl.fl6_dst, final_p); 261 ipv6_addr_copy(&fl.fl6_dst, final_p);
262 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) 262 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
263 goto out_free; 263 goto out_free;
264 } 264 }
265 265
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index a5d750acd793..f259c9671f3e 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -260,7 +260,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
260 if (final_p) 260 if (final_p)
261 ipv6_addr_copy(&fl.fl6_dst, final_p); 261 ipv6_addr_copy(&fl.fl6_dst, final_p);
262 262
263 if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { 263 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
264 if (err < 0) {
264 if (err == -EREMOTE) 265 if (err == -EREMOTE)
265 err = ip6_dst_blackhole(sk, &dst, &fl); 266 err = ip6_dst_blackhole(sk, &dst, &fl);
266 if (err < 0) 267 if (err < 0)
@@ -390,7 +391,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
390 goto out; 391 goto out;
391 } 392 }
392 393
393 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { 394 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
394 sk->sk_err_soft = -err; 395 sk->sk_err_soft = -err;
395 goto out; 396 goto out;
396 } 397 }
@@ -492,7 +493,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
492 goto done; 493 goto done;
493 if (final_p) 494 if (final_p)
494 ipv6_addr_copy(&fl.fl6_dst, final_p); 495 ipv6_addr_copy(&fl.fl6_dst, final_p);
495 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) 496 if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
496 goto done; 497 goto done;
497 498
498 skb = tcp_make_synack(sk, dst, req); 499 skb = tcp_make_synack(sk, dst, req);
@@ -1018,7 +1019,7 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
1018 * namespace 1019 * namespace
1019 */ 1020 */
1020 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) { 1021 if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
1021 if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { 1022 if (xfrm_lookup(net, &buff->dst, &fl, NULL, 0) >= 0) {
1022 ip6_xmit(ctl_sk, buff, &fl, NULL, 0); 1023 ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
1023 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); 1024 TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1024 if (rst) 1025 if (rst)
@@ -1316,7 +1317,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
1316 if (final_p) 1317 if (final_p)
1317 ipv6_addr_copy(&fl.fl6_dst, final_p); 1318 ipv6_addr_copy(&fl.fl6_dst, final_p);
1318 1319
1319 if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) 1320 if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
1320 goto out; 1321 goto out;
1321 } 1322 }
1322 1323
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index fd2d9ad4a8a3..38390dd19636 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -849,7 +849,8 @@ do_udp_sendmsg:
849 if (final_p) 849 if (final_p)
850 ipv6_addr_copy(&fl.fl6_dst, final_p); 850 ipv6_addr_copy(&fl.fl6_dst, final_p);
851 851
852 if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { 852 err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
853 if (err < 0) {
853 if (err == -EREMOTE) 854 if (err == -EREMOTE)
854 err = ip6_dst_blackhole(sk, &dst, &fl); 855 err = ip6_dst_blackhole(sk, &dst, &fl);
855 if (err < 0) 856 if (err < 0)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 6165218fd7c2..7c88a25c7af5 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -940,7 +940,8 @@ static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl,
940 return ret; 940 return ret;
941} 941}
942 942
943static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, 943static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type,
944 struct flowi *fl,
944 u16 family, u8 dir) 945 u16 family, u8 dir)
945{ 946{
946 int err; 947 int err;
@@ -956,7 +957,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
956 return NULL; 957 return NULL;
957 958
958 read_lock_bh(&xfrm_policy_lock); 959 read_lock_bh(&xfrm_policy_lock);
959 chain = policy_hash_direct(&init_net, daddr, saddr, family, dir); 960 chain = policy_hash_direct(net, daddr, saddr, family, dir);
960 ret = NULL; 961 ret = NULL;
961 hlist_for_each_entry(pol, entry, chain, bydst) { 962 hlist_for_each_entry(pol, entry, chain, bydst) {
962 err = xfrm_policy_match(pol, fl, type, family, dir); 963 err = xfrm_policy_match(pol, fl, type, family, dir);
@@ -973,7 +974,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
973 break; 974 break;
974 } 975 }
975 } 976 }
976 chain = &init_net.xfrm.policy_inexact[dir]; 977 chain = &net->xfrm.policy_inexact[dir];
977 hlist_for_each_entry(pol, entry, chain, bydst) { 978 hlist_for_each_entry(pol, entry, chain, bydst) {
978 err = xfrm_policy_match(pol, fl, type, family, dir); 979 err = xfrm_policy_match(pol, fl, type, family, dir);
979 if (err) { 980 if (err) {
@@ -996,14 +997,14 @@ fail:
996 return ret; 997 return ret;
997} 998}
998 999
999static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, 1000static int xfrm_policy_lookup(struct net *net, struct flowi *fl, u16 family,
1000 void **objp, atomic_t **obj_refp) 1001 u8 dir, void **objp, atomic_t **obj_refp)
1001{ 1002{
1002 struct xfrm_policy *pol; 1003 struct xfrm_policy *pol;
1003 int err = 0; 1004 int err = 0;
1004 1005
1005#ifdef CONFIG_XFRM_SUB_POLICY 1006#ifdef CONFIG_XFRM_SUB_POLICY
1006 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir); 1007 pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family, dir);
1007 if (IS_ERR(pol)) { 1008 if (IS_ERR(pol)) {
1008 err = PTR_ERR(pol); 1009 err = PTR_ERR(pol);
1009 pol = NULL; 1010 pol = NULL;
@@ -1011,7 +1012,7 @@ static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir,
1011 if (pol || err) 1012 if (pol || err)
1012 goto end; 1013 goto end;
1013#endif 1014#endif
1014 pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir); 1015 pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family, dir);
1015 if (IS_ERR(pol)) { 1016 if (IS_ERR(pol)) {
1016 err = PTR_ERR(pol); 1017 err = PTR_ERR(pol);
1017 pol = NULL; 1018 pol = NULL;
@@ -1537,7 +1538,7 @@ static int stale_bundle(struct dst_entry *dst);
1537 * At the moment we eat a raw IP route. Mostly to speed up lookups 1538 * At the moment we eat a raw IP route. Mostly to speed up lookups
1538 * on interfaces with disabled IPsec. 1539 * on interfaces with disabled IPsec.
1539 */ 1540 */
1540int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, 1541int __xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl,
1541 struct sock *sk, int flags) 1542 struct sock *sk, int flags)
1542{ 1543{
1543 struct xfrm_policy *policy; 1544 struct xfrm_policy *policy;
@@ -1575,10 +1576,10 @@ restart:
1575 if (!policy) { 1576 if (!policy) {
1576 /* To accelerate a bit... */ 1577 /* To accelerate a bit... */
1577 if ((dst_orig->flags & DST_NOXFRM) || 1578 if ((dst_orig->flags & DST_NOXFRM) ||
1578 !init_net.xfrm.policy_count[XFRM_POLICY_OUT]) 1579 !net->xfrm.policy_count[XFRM_POLICY_OUT])
1579 goto nopol; 1580 goto nopol;
1580 1581
1581 policy = flow_cache_lookup(fl, dst_orig->ops->family, 1582 policy = flow_cache_lookup(net, fl, dst_orig->ops->family,
1582 dir, xfrm_policy_lookup); 1583 dir, xfrm_policy_lookup);
1583 err = PTR_ERR(policy); 1584 err = PTR_ERR(policy);
1584 if (IS_ERR(policy)) { 1585 if (IS_ERR(policy)) {
@@ -1635,7 +1636,8 @@ restart:
1635 1636
1636#ifdef CONFIG_XFRM_SUB_POLICY 1637#ifdef CONFIG_XFRM_SUB_POLICY
1637 if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { 1638 if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) {
1638 pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, 1639 pols[1] = xfrm_policy_lookup_bytype(net,
1640 XFRM_POLICY_TYPE_MAIN,
1639 fl, family, 1641 fl, family,
1640 XFRM_POLICY_OUT); 1642 XFRM_POLICY_OUT);
1641 if (pols[1]) { 1643 if (pols[1]) {
@@ -1683,11 +1685,11 @@ restart:
1683 if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) { 1685 if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) {
1684 DECLARE_WAITQUEUE(wait, current); 1686 DECLARE_WAITQUEUE(wait, current);
1685 1687
1686 add_wait_queue(&init_net.xfrm.km_waitq, &wait); 1688 add_wait_queue(&net->xfrm.km_waitq, &wait);
1687 set_current_state(TASK_INTERRUPTIBLE); 1689 set_current_state(TASK_INTERRUPTIBLE);
1688 schedule(); 1690 schedule();
1689 set_current_state(TASK_RUNNING); 1691 set_current_state(TASK_RUNNING);
1690 remove_wait_queue(&init_net.xfrm.km_waitq, &wait); 1692 remove_wait_queue(&net->xfrm.km_waitq, &wait);
1691 1693
1692 nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family); 1694 nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family);
1693 1695
@@ -1781,10 +1783,10 @@ nopol:
1781} 1783}
1782EXPORT_SYMBOL(__xfrm_lookup); 1784EXPORT_SYMBOL(__xfrm_lookup);
1783 1785
1784int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, 1786int xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl,
1785 struct sock *sk, int flags) 1787 struct sock *sk, int flags)
1786{ 1788{
1787 int err = __xfrm_lookup(dst_p, fl, sk, flags); 1789 int err = __xfrm_lookup(net, dst_p, fl, sk, flags);
1788 1790
1789 if (err == -EREMOTE) { 1791 if (err == -EREMOTE) {
1790 dst_release(*dst_p); 1792 dst_release(*dst_p);
@@ -1936,7 +1938,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
1936 } 1938 }
1937 1939
1938 if (!pol) 1940 if (!pol)
1939 pol = flow_cache_lookup(&fl, family, fl_dir, 1941 pol = flow_cache_lookup(&init_net, &fl, family, fl_dir,
1940 xfrm_policy_lookup); 1942 xfrm_policy_lookup);
1941 1943
1942 if (IS_ERR(pol)) { 1944 if (IS_ERR(pol)) {
@@ -1959,7 +1961,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
1959 npols ++; 1961 npols ++;
1960#ifdef CONFIG_XFRM_SUB_POLICY 1962#ifdef CONFIG_XFRM_SUB_POLICY
1961 if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { 1963 if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) {
1962 pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, 1964 pols[1] = xfrm_policy_lookup_bytype(&init_net, XFRM_POLICY_TYPE_MAIN,
1963 &fl, family, 1965 &fl, family,
1964 XFRM_POLICY_IN); 1966 XFRM_POLICY_IN);
1965 if (pols[1]) { 1967 if (pols[1]) {
@@ -2049,7 +2051,7 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
2049 return 0; 2051 return 0;
2050 } 2052 }
2051 2053
2052 return xfrm_lookup(&skb->dst, &fl, NULL, 0) == 0; 2054 return xfrm_lookup(&init_net, &skb->dst, &fl, NULL, 0) == 0;
2053} 2055}
2054EXPORT_SYMBOL(__xfrm_route_forward); 2056EXPORT_SYMBOL(__xfrm_route_forward);
2055 2057
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-12 09:10:09 -0500