ipv6: Consolidate route lookup sequences.

Route lookups follow a general pattern in the ipv6 code wherein we first find the non-IPSEC route, potentially override the flow destination address due to ipv6 options settings, and then finally make an IPSEC search using either xfrm_lookup() or __xfrm_lookup(). __xfrm_lookup() is used when we want to generate a blackhole route if the key manager needs to resolve the IPSEC rules (in this case -EREMOTE is returned and the original 'dst' is left unchanged). Otherwise plain xfrm_lookup() is used and when asynchronous IPSEC resolution is necessary, we simply fail the lookup completely. All of these cases are encapsulated into two routines, ip6_dst_lookup_flow and ip6_sk_dst_lookup_flow. The latter of which handles unconnected UDP datagram sockets. Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2011-03-01 16:19:07 -0500
committer: David S. Miller <davem@davemloft.net> 2011-03-01 16:19:07 -0500
commit: 68d0c6d34d586a893292d4fb633a3bf8c547b222 (patch)
tree: b6d812307621873cf16000171563c1f68b5bc255
parent: 903ab86d195cca295379699299c5fc10beba31c7 (diff)
10 files changed, 142 insertions, 165 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 4a3cd2cd2f5e..1fc5631cf1a2 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -512,12 +512,17 @@ extern void			ip6_flush_pending_frames(struct sock *sk);
 extern int                      ip6_dst_lookup(struct sock *sk,
                                               struct dst_entry **dst,
                                               struct flowi *fl);
+extern struct dst_entry *       ip6_dst_lookup_flow(struct sock *sk,
+                                                    struct flowi *fl,
+                                                    const struct in6_addr *final_dst,
+                                                    bool want_blackhole);
+extern struct dst_entry *       ip6_sk_dst_lookup_flow(struct sock *sk,
+                                                       struct flowi *fl,
+                                                       const struct in6_addr *final_dst,
+                                                       bool want_blackhole);
 extern int                      ip6_dst_blackhole(struct sock *sk,
                                                  struct dst_entry **dst,
                                                  struct flowi *fl);
-extern int                      ip6_sk_dst_lookup(struct sock *sk,
-                                                  struct dst_entry **dst,
-                                                  struct flowi *fl);
 /*
 *      skb processing functions
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 460d545a6509..5efc57f5e605 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -162,15 +162,9 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
                        fl.fl_ip_sport = inet->inet_sport;
                        security_sk_classify_flow(sk, &fl);
-                        err = ip6_dst_lookup(sk, &dst, &fl);
+                        dst = ip6_dst_lookup_flow(sk, &fl, NULL, false);
-                        if (err) {
+                        if (IS_ERR(dst)) {
-                                sk->sk_err_soft = -err;
+                                sk->sk_err_soft = -PTR_ERR(dst);
-                                goto out;
-                        }
-                        err = xfrm_lookup(net, &dst, &fl, sk, 0);
-                        if (err < 0) {
-                                sk->sk_err_soft = -err;
                                goto out;
                        }
                } else
@@ -267,16 +261,12 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req,
        final_p = fl6_update_dst(&fl, opt, &final);
-        err = ip6_dst_lookup(sk, &dst, &fl);
+        dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
-        if (err)
+        if (IS_ERR(dst)) {
-                goto done;
+                err = PTR_ERR(dst);
+                dst = NULL;
-        if (final_p)
-                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0);
-        if (err < 0)
                goto done;
+        }
        skb = dccp_make_response(sk, dst, req);
        if (skb != NULL) {
@@ -338,14 +328,13 @@ static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb)
        security_skb_classify_flow(rxskb, &fl);
        /* sk = NULL, but it is safe for now. RST socket required. */
-        if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) {
+        dst = ip6_dst_lookup_flow(ctl_sk, &fl, NULL, false);
-                if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) {
+        if (!IS_ERR(dst)) {
-                        skb_dst_set(skb, dst);
+                skb_dst_set(skb, dst);
-                        ip6_xmit(ctl_sk, skb, &fl, NULL);
+                ip6_xmit(ctl_sk, skb, &fl, NULL);
-                        DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
+                DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
-                        DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
+                DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
-                        return;
+                return;
-                }
        }
        kfree_skb(skb);
@@ -550,13 +539,8 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
                fl.fl_ip_sport = inet_rsk(req)->loc_port;
                security_sk_classify_flow(sk, &fl);
-                if (ip6_dst_lookup(sk, &dst, &fl))
+                dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
-                        goto out;
+                if (IS_ERR(dst))
-                if (final_p)
-                        ipv6_addr_copy(&fl.fl6_dst, final_p);
-                if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
                        goto out;
        }
@@ -979,19 +963,10 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
        final_p = fl6_update_dst(&fl, np->opt, &final);
-        err = ip6_dst_lookup(sk, &dst, &fl);
+        dst = ip6_dst_lookup_flow(sk, &fl, final_p, true);
-        if (err)
+        if (IS_ERR(dst)) {
+                err = PTR_ERR(dst);
                goto failure;
-        if (final_p)
-                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
-        if (err < 0) {
-                if (err == -EREMOTE)
-                        err = ip6_dst_blackhole(sk, &dst, &fl);
-                if (err < 0)
-                        goto failure;
        }
        if (saddr == NULL) {
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 3194aa909872..a88b2e9d25f1 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -644,9 +644,8 @@ EXPORT_SYMBOL(inet6_unregister_protosw);
 int inet6_sk_rebuild_header(struct sock *sk)
 {
-        int err;
-        struct dst_entry *dst;
        struct ipv6_pinfo *np = inet6_sk(sk);
+        struct dst_entry *dst;
        dst = __sk_dst_check(sk, np->dst_cookie);
@@ -668,17 +667,11 @@ int inet6_sk_rebuild_header(struct sock *sk)
                final_p = fl6_update_dst(&fl, np->opt, &final);
-                err = ip6_dst_lookup(sk, &dst, &fl);
+                dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
-                if (err) {
+                if (IS_ERR(dst)) {
                        sk->sk_route_caps = 0;
-                        return err;
+                        sk->sk_err_soft = -PTR_ERR(dst);
-                }
+                        return PTR_ERR(dst);
-                if (final_p)
-                        ipv6_addr_copy(&fl.fl6_dst, final_p);
-                if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) {
-                        sk->sk_err_soft = -err;
-                        return err;
                }
                __ip6_dst_store(sk, dst, NULL, NULL);
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 320bdb877eed..be3a781c0085 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -162,18 +162,11 @@ ipv4_connected:
        opt = flowlabel ? flowlabel->opt : np->opt;
        final_p = fl6_update_dst(&fl, opt, &final);
-        err = ip6_dst_lookup(sk, &dst, &fl);
+        dst = ip6_dst_lookup_flow(sk, &fl, final_p, true);
-        if (err)
+        err = 0;
+        if (IS_ERR(dst)) {
+                err = PTR_ERR(dst);
                goto out;
-        if (final_p)
-                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
-        if (err < 0) {
-                if (err == -EREMOTE)
-                        err = ip6_dst_blackhole(sk, &dst, &fl);
-                if (err < 0)
-                        goto out;
        }
        /* source address lookup done in ip6_dst_lookup */
diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c
index d144e629d2b4..d687e1397333 100644
--- a/net/ipv6/inet6_connection_sock.c
+++ b/net/ipv6/inet6_connection_sock.c
@@ -74,13 +74,8 @@ struct dst_entry *inet6_csk_route_req(struct sock *sk,
        fl.fl_ip_sport = inet_rsk(req)->loc_port;
        security_req_classify_flow(req, &fl);
-        if (ip6_dst_lookup(sk, &dst, &fl))
+        dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
-                return NULL;
+        if (IS_ERR(dst))
-        if (final_p)
-                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
                return NULL;
        return dst;
@@ -234,21 +229,13 @@ int inet6_csk_xmit(struct sk_buff *skb)
        dst = __inet6_csk_dst_check(sk, np->dst_cookie);
        if (dst == NULL) {
-                int err = ip6_dst_lookup(sk, &dst, &fl);
+                dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
-                if (err) {
-                        sk->sk_err_soft = -err;
-                        kfree_skb(skb);
-                        return err;
-                }
-                if (final_p)
-                        ipv6_addr_copy(&fl.fl6_dst, final_p);
-                if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) {
+                if (IS_ERR(dst)) {
+                        sk->sk_err_soft = -PTR_ERR(dst);
                        sk->sk_route_caps = 0;
                        kfree_skb(skb);
-                        return err;
+                        return PTR_ERR(dst);
                }
                __inet6_csk_dst_store(sk, dst, NULL, NULL);
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 5c618f20523e..28209b2d254d 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1002,29 +1002,87 @@ int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
 EXPORT_SYMBOL_GPL(ip6_dst_lookup);
 /**
- *      ip6_sk_dst_lookup - perform socket cached route lookup on flow
+ *      ip6_dst_lookup_flow - perform route lookup on flow with ipsec
+ *      @sk: socket which provides route info
+ *      @fl: flow to lookup
+ *      @final_dst: final destination address for ipsec lookup
+ *      @want_blackhole: IPSEC blackhole handling desired
+ *
+ *      This function performs a route lookup on the given flow.
+ *
+ *      It returns a valid dst pointer on success, or a pointer encoded
+ *      error code.
+ */
+struct dst_entry *ip6_dst_lookup_flow(struct sock *sk, struct flowi *fl,
+                                      const struct in6_addr *final_dst,
+                                      bool want_blackhole)
+{
+        struct dst_entry *dst = NULL;
+        int err;
+        err = ip6_dst_lookup_tail(sk, &dst, fl);
+        if (err)
+                return ERR_PTR(err);
+        if (final_dst)
+                ipv6_addr_copy(&fl->fl6_dst, final_dst);
+        if (want_blackhole) {
+                err = __xfrm_lookup(sock_net(sk), &dst, fl, sk, XFRM_LOOKUP_WAIT);
+                if (err == -EREMOTE)
+                        err = ip6_dst_blackhole(sk, &dst, fl);
+                if (err)
+                        return ERR_PTR(err);
+        } else {
+                err = xfrm_lookup(sock_net(sk), &dst, fl, sk, 0);
+                if (err)
+                        return ERR_PTR(err);
+        }
+        return dst;
+}
+EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
+/**
+ *      ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
 *      @sk: socket which provides the dst cache and route info
- *      @dst: pointer to dst_entry * for result
 *      @fl: flow to lookup
+ *      @final_dst: final destination address for ipsec lookup
+ *      @want_blackhole: IPSEC blackhole handling desired
 *
 *      This function performs a route lookup on the given flow with the
 *      possibility of using the cached route in the socket if it is valid.
 *      It will take the socket dst lock when operating on the dst cache.
 *      As a result, this function can only be used in process context.
 *
- *      It returns zero on success, or a standard errno code on error.
+ *      It returns a valid dst pointer on success, or a pointer encoded
+ *      error code.
 */
-int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
+struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi *fl,
+                                         const struct in6_addr *final_dst,
+                                         bool want_blackhole)
 {
-        *dst = NULL;
+        struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
-        if (sk) {
+        int err;
-                *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
-                *dst = ip6_sk_dst_check(sk, *dst, fl);
-        }
-        return ip6_dst_lookup_tail(sk, dst, fl);
+        dst = ip6_sk_dst_check(sk, dst, fl);
+        err = ip6_dst_lookup_tail(sk, &dst, fl);
+        if (err)
+                return ERR_PTR(err);
+        if (final_dst)
+                ipv6_addr_copy(&fl->fl6_dst, final_dst);
+        if (want_blackhole) {
+                err = __xfrm_lookup(sock_net(sk), &dst, fl, sk, XFRM_LOOKUP_WAIT);
+                if (err == -EREMOTE)
+                        err = ip6_dst_blackhole(sk, &dst, fl);
+                if (err)
+                        return ERR_PTR(err);
+        } else {
+                err = xfrm_lookup(sock_net(sk), &dst, fl, sk, 0);
+                if (err)
+                        return ERR_PTR(err);
+        }
+        return dst;
 }
-EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup);
+EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
 static inline int ip6_ufo_append_data(struct sock *sk,
                        int getfrag(void *from, char *to, int offset, int len,
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 364e86683388..dc29b07caf42 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -856,20 +856,11 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
                fl.oif = np->mcast_oif;
        security_sk_classify_flow(sk, &fl);
-        err = ip6_dst_lookup(sk, &dst, &fl);
+        dst = ip6_dst_lookup_flow(sk, &fl, final_p, true);
-        if (err)
+        if (IS_ERR(dst)) {
+                err = PTR_ERR(dst);
                goto out;
-        if (final_p)
-                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
-        if (err < 0) {
-                if (err == -EREMOTE)
-                        err = ip6_dst_blackhole(sk, &dst, &fl);
-                if (err < 0)
-                        goto out;
        }
        if (hlimit < 0) {
                if (ipv6_addr_is_multicast(&fl.fl6_dst))
                        hlimit = np->mcast_hops;
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index 09fd34f0dbf2..0b4cf350631b 100644
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -243,12 +243,9 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
                fl.fl_ip_dport = inet_rsk(req)->rmt_port;
                fl.fl_ip_sport = inet_sk(sk)->inet_sport;
                security_req_classify_flow(req, &fl);
-                if (ip6_dst_lookup(sk, &dst, &fl))
-                        goto out_free;
-                if (final_p)
+                dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
-                        ipv6_addr_copy(&fl.fl6_dst, final_p);
+                if (IS_ERR(dst))
-                if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
                        goto out_free;
        }
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 1d0ab5570904..e59a31c48baf 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -255,18 +255,10 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
        security_sk_classify_flow(sk, &fl);
-        err = ip6_dst_lookup(sk, &dst, &fl);
+        dst = ip6_dst_lookup_flow(sk, &fl, final_p, true);
-        if (err)
+        if (IS_ERR(dst)) {
+                err = PTR_ERR(dst);
                goto failure;
-        if (final_p)
-                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
-        if (err < 0) {
-                if (err == -EREMOTE)
-                        err = ip6_dst_blackhole(sk, &dst, &fl);
-                if (err < 0)
-                        goto failure;
        }
        if (saddr == NULL) {
@@ -385,7 +377,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
        np = inet6_sk(sk);
        if (type == ICMPV6_PKT_TOOBIG) {
-                struct dst_entry *dst = NULL;
+                struct dst_entry *dst;
                if (sock_owned_by_user(sk))
                        goto out;
@@ -413,13 +405,9 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
                        fl.fl_ip_sport = inet->inet_sport;
                        security_skb_classify_flow(skb, &fl);
-                        if ((err = ip6_dst_lookup(sk, &dst, &fl))) {
+                        dst = ip6_dst_lookup_flow(sk, &fl, NULL, false);
-                                sk->sk_err_soft = -err;
+                        if (IS_ERR(dst)) {
-                                goto out;
+                                sk->sk_err_soft = -PTR_ERR(dst);
-                        }
-                        if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
-                                sk->sk_err_soft = -err;
                                goto out;
                        }
@@ -496,7 +484,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
        struct in6_addr * final_p, final;
        struct flowi fl;
        struct dst_entry *dst;
-        int err = -1;
+        int err;
        memset(&fl, 0, sizeof(fl));
        fl.proto = IPPROTO_TCP;
@@ -512,15 +500,13 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
        opt = np->opt;
        final_p = fl6_update_dst(&fl, opt, &final);
-        err = ip6_dst_lookup(sk, &dst, &fl);
+        dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
-        if (err)
+        if (IS_ERR(dst)) {
+                err = PTR_ERR(dst);
                goto done;
-        if (final_p)
+        }
-                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
-                goto done;
        skb = tcp_make_synack(sk, dst, req, rvp);
+        err = -ENOMEM;
        if (skb) {
                __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
@@ -1079,15 +1065,14 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
         * Underlying function will use this to retrieve the network
         * namespace
         */
-        if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) {
+        dst = ip6_dst_lookup_flow(ctl_sk, &fl, NULL, false);
-                if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) {
+        if (!IS_ERR(dst)) {
-                        skb_dst_set(buff, dst);
+                skb_dst_set(buff, dst);
-                        ip6_xmit(ctl_sk, buff, &fl, NULL);
+                ip6_xmit(ctl_sk, buff, &fl, NULL);
-                        TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
+                TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
-                        if (rst)
+                if (rst)
-                                TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
+                        TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
-                        return;
+                return;
-                }
        }
        kfree_skb(buff);
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index a419a787eb69..d86d7f67a597 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1125,18 +1125,11 @@ do_udp_sendmsg:
        security_sk_classify_flow(sk, &fl);
-        err = ip6_sk_dst_lookup(sk, &dst, &fl);
+        dst = ip6_sk_dst_lookup_flow(sk, &fl, final_p, true);
-        if (err)
+        if (IS_ERR(dst)) {
+                err = PTR_ERR(dst);
+                dst = NULL;
                goto out;
-        if (final_p)
-                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
-        if (err < 0) {
-                if (err == -EREMOTE)
-                        err = ip6_dst_blackhole(sk, &dst, &fl);
-                if (err < 0)
-                        goto out;
        }
        if (hlimit < 0) {
author	David S. Miller <davem@davemloft.net>	2011-03-01 16:19:07 -0500
committer	David S. Miller <davem@davemloft.net>	2011-03-01 16:19:07 -0500
commit	68d0c6d34d586a893292d4fb633a3bf8c547b222 (patch)
tree	b6d812307621873cf16000171563c1f68b5bc255
parent	903ab86d195cca295379699299c5fc10beba31c7 (diff)

diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 4a3cd2cd2f5e..1fc5631cf1a2 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h
@@ -512,12 +512,17 @@ extern void ip6_flush_pending_frames(struct sock *sk);
512	extern int ip6_dst_lookup(struct sock *sk,	512	extern int ip6_dst_lookup(struct sock *sk,
513	struct dst_entry **dst,	513	struct dst_entry **dst,
514	struct flowi *fl);	514	struct flowi *fl);
		515	extern struct dst_entry * ip6_dst_lookup_flow(struct sock *sk,
		516	struct flowi *fl,
		517	const struct in6_addr *final_dst,
		518	bool want_blackhole);
		519	extern struct dst_entry * ip6_sk_dst_lookup_flow(struct sock *sk,
		520	struct flowi *fl,
		521	const struct in6_addr *final_dst,
		522	bool want_blackhole);
515	extern int ip6_dst_blackhole(struct sock *sk,	523	extern int ip6_dst_blackhole(struct sock *sk,
516	struct dst_entry **dst,	524	struct dst_entry **dst,
517	struct flowi *fl);	525	struct flowi *fl);
518	extern int ip6_sk_dst_lookup(struct sock *sk,
519	struct dst_entry **dst,
520	struct flowi *fl);
521		526
522	/*	527	/*
523	* skb processing functions	528	* skb processing functions


diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c index 460d545a6509..5efc57f5e605 100644 --- a/net/dccp/ipv6.c +++ b/net/dccp/ipv6.c
@@ -162,15 +162,9 @@ static void dccp_v6_err(struct sk_buff skb, struct inet6_skb_parm opt,
162	fl.fl_ip_sport = inet->inet_sport;	162	fl.fl_ip_sport = inet->inet_sport;
163	security_sk_classify_flow(sk, &fl);	163	security_sk_classify_flow(sk, &fl);
164		164
165	err = ip6_dst_lookup(sk, &dst, &fl);	165	dst = ip6_dst_lookup_flow(sk, &fl, NULL, false);
166	if (err) {	166	if (IS_ERR(dst)) {
167	sk->sk_err_soft = -err;	167	sk->sk_err_soft = -PTR_ERR(dst);
168	goto out;
169	}
170
171	err = xfrm_lookup(net, &dst, &fl, sk, 0);
172	if (err < 0) {
173	sk->sk_err_soft = -err;
174	goto out;	168	goto out;
175	}	169	}
176	} else	170	} else
@@ -267,16 +261,12 @@ static int dccp_v6_send_response(struct sock sk, struct request_sock req,
267		261
268	final_p = fl6_update_dst(&fl, opt, &final);	262	final_p = fl6_update_dst(&fl, opt, &final);
269		263
270	err = ip6_dst_lookup(sk, &dst, &fl);	264	dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
271	if (err)	265	if (IS_ERR(dst)) {
272	goto done;	266	err = PTR_ERR(dst);
273		267	dst = NULL;
274	if (final_p)
275	ipv6_addr_copy(&fl.fl6_dst, final_p);
276
277	err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0);
278	if (err < 0)
279	goto done;	268	goto done;
		269	}
280		270
281	skb = dccp_make_response(sk, dst, req);	271	skb = dccp_make_response(sk, dst, req);
282	if (skb != NULL) {	272	if (skb != NULL) {
@@ -338,14 +328,13 @@ static void dccp_v6_ctl_send_reset(struct sock sk, struct sk_buff rxskb)
338	security_skb_classify_flow(rxskb, &fl);	328	security_skb_classify_flow(rxskb, &fl);
339		329
340	/* sk = NULL, but it is safe for now. RST socket required. */	330	/* sk = NULL, but it is safe for now. RST socket required. */
341	if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) {	331	dst = ip6_dst_lookup_flow(ctl_sk, &fl, NULL, false);
342	if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) {	332	if (!IS_ERR(dst)) {
343	skb_dst_set(skb, dst);	333	skb_dst_set(skb, dst);
344	ip6_xmit(ctl_sk, skb, &fl, NULL);	334	ip6_xmit(ctl_sk, skb, &fl, NULL);
345	DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);	335	DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
346	DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);	336	DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
347	return;	337	return;
348	}
349	}	338	}
350		339
351	kfree_skb(skb);	340	kfree_skb(skb);
@@ -550,13 +539,8 @@ static struct sock dccp_v6_request_recv_sock(struct sock sk,
550	fl.fl_ip_sport = inet_rsk(req)->loc_port;	539	fl.fl_ip_sport = inet_rsk(req)->loc_port;
551	security_sk_classify_flow(sk, &fl);	540	security_sk_classify_flow(sk, &fl);
552		541
553	if (ip6_dst_lookup(sk, &dst, &fl))	542	dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
554	goto out;	543	if (IS_ERR(dst))
555
556	if (final_p)
557	ipv6_addr_copy(&fl.fl6_dst, final_p);
558
559	if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
560	goto out;	544	goto out;
561	}	545	}
562		546
@@ -979,19 +963,10 @@ static int dccp_v6_connect(struct sock sk, struct sockaddr uaddr,
979		963
980	final_p = fl6_update_dst(&fl, np->opt, &final);	964	final_p = fl6_update_dst(&fl, np->opt, &final);
981		965
982	err = ip6_dst_lookup(sk, &dst, &fl);	966	dst = ip6_dst_lookup_flow(sk, &fl, final_p, true);
983	if (err)	967	if (IS_ERR(dst)) {
		968	err = PTR_ERR(dst);
984	goto failure;	969	goto failure;
985
986	if (final_p)
987	ipv6_addr_copy(&fl.fl6_dst, final_p);
988
989	err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
990	if (err < 0) {
991	if (err == -EREMOTE)
992	err = ip6_dst_blackhole(sk, &dst, &fl);
993	if (err < 0)
994	goto failure;
995	}	970	}
996		971
997	if (saddr == NULL) {	972	if (saddr == NULL) {


diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 3194aa909872..a88b2e9d25f1 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c
@@ -644,9 +644,8 @@ EXPORT_SYMBOL(inet6_unregister_protosw);
644		644
645	int inet6_sk_rebuild_header(struct sock *sk)	645	int inet6_sk_rebuild_header(struct sock *sk)
646	{	646	{
647	int err;
648	struct dst_entry *dst;
649	struct ipv6_pinfo *np = inet6_sk(sk);	647	struct ipv6_pinfo *np = inet6_sk(sk);
		648	struct dst_entry *dst;
650		649
651	dst = __sk_dst_check(sk, np->dst_cookie);	650	dst = __sk_dst_check(sk, np->dst_cookie);
652		651
@@ -668,17 +667,11 @@ int inet6_sk_rebuild_header(struct sock *sk)
668		667
669	final_p = fl6_update_dst(&fl, np->opt, &final);	668	final_p = fl6_update_dst(&fl, np->opt, &final);
670		669
671	err = ip6_dst_lookup(sk, &dst, &fl);	670	dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
672	if (err) {	671	if (IS_ERR(dst)) {
673	sk->sk_route_caps = 0;	672	sk->sk_route_caps = 0;
674	return err;	673	sk->sk_err_soft = -PTR_ERR(dst);
675	}	674	return PTR_ERR(dst);
676	if (final_p)
677	ipv6_addr_copy(&fl.fl6_dst, final_p);
678
679	if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) {
680	sk->sk_err_soft = -err;
681	return err;
682	}	675	}
683		676
684	__ip6_dst_store(sk, dst, NULL, NULL);	677	__ip6_dst_store(sk, dst, NULL, NULL);


diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index 320bdb877eed..be3a781c0085 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c
@@ -162,18 +162,11 @@ ipv4_connected:
162	opt = flowlabel ? flowlabel->opt : np->opt;	162	opt = flowlabel ? flowlabel->opt : np->opt;
163	final_p = fl6_update_dst(&fl, opt, &final);	163	final_p = fl6_update_dst(&fl, opt, &final);
164		164
165	err = ip6_dst_lookup(sk, &dst, &fl);	165	dst = ip6_dst_lookup_flow(sk, &fl, final_p, true);
166	if (err)	166	err = 0;
		167	if (IS_ERR(dst)) {
		168	err = PTR_ERR(dst);
167	goto out;	169	goto out;
168	if (final_p)
169	ipv6_addr_copy(&fl.fl6_dst, final_p);
170
171	err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
172	if (err < 0) {
173	if (err == -EREMOTE)
174	err = ip6_dst_blackhole(sk, &dst, &fl);
175	if (err < 0)
176	goto out;
177	}	170	}
178		171
179	/* source address lookup done in ip6_dst_lookup */	172	/* source address lookup done in ip6_dst_lookup */


diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c index d144e629d2b4..d687e1397333 100644 --- a/net/ipv6/inet6_connection_sock.c +++ b/net/ipv6/inet6_connection_sock.c
@@ -74,13 +74,8 @@ struct dst_entry inet6_csk_route_req(struct sock sk,
74	fl.fl_ip_sport = inet_rsk(req)->loc_port;	74	fl.fl_ip_sport = inet_rsk(req)->loc_port;
75	security_req_classify_flow(req, &fl);	75	security_req_classify_flow(req, &fl);
76		76
77	if (ip6_dst_lookup(sk, &dst, &fl))	77	dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
78	return NULL;	78	if (IS_ERR(dst))
79
80	if (final_p)
81	ipv6_addr_copy(&fl.fl6_dst, final_p);
82
83	if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
84	return NULL;	79	return NULL;
85		80
86	return dst;	81	return dst;
@@ -234,21 +229,13 @@ int inet6_csk_xmit(struct sk_buff *skb)
234	dst = __inet6_csk_dst_check(sk, np->dst_cookie);	229	dst = __inet6_csk_dst_check(sk, np->dst_cookie);
235		230
236	if (dst == NULL) {	231	if (dst == NULL) {
237	int err = ip6_dst_lookup(sk, &dst, &fl);	232	dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
238
239	if (err) {
240	sk->sk_err_soft = -err;
241	kfree_skb(skb);
242	return err;
243	}
244
245	if (final_p)
246	ipv6_addr_copy(&fl.fl6_dst, final_p);
247		233
248	if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) {	234	if (IS_ERR(dst)) {
		235	sk->sk_err_soft = -PTR_ERR(dst);
249	sk->sk_route_caps = 0;	236	sk->sk_route_caps = 0;
250	kfree_skb(skb);	237	kfree_skb(skb);
251	return err;	238	return PTR_ERR(dst);
252	}	239	}
253		240
254	__inet6_csk_dst_store(sk, dst, NULL, NULL);	241	__inet6_csk_dst_store(sk, dst, NULL, NULL);


diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 5c618f20523e..28209b2d254d 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c
@@ -1002,29 +1002,87 @@ int ip6_dst_lookup(struct sock sk, struct dst_entry dst, struct flowi fl)
1002	EXPORT_SYMBOL_GPL(ip6_dst_lookup);	1002	EXPORT_SYMBOL_GPL(ip6_dst_lookup);
1003		1003
1004	/**	1004	/**
1005	* ip6_sk_dst_lookup - perform socket cached route lookup on flow	1005	* ip6_dst_lookup_flow - perform route lookup on flow with ipsec
		1006	* @sk: socket which provides route info
		1007	* @fl: flow to lookup
		1008	* @final_dst: final destination address for ipsec lookup
		1009	* @want_blackhole: IPSEC blackhole handling desired
		1010	*
		1011	* This function performs a route lookup on the given flow.
		1012	*
		1013	* It returns a valid dst pointer on success, or a pointer encoded
		1014	* error code.
		1015	*/
		1016	struct dst_entry ip6_dst_lookup_flow(struct sock sk, struct flowi *fl,
		1017	const struct in6_addr *final_dst,
		1018	bool want_blackhole)
		1019	{
		1020	struct dst_entry *dst = NULL;
		1021	int err;
		1022
		1023	err = ip6_dst_lookup_tail(sk, &dst, fl);
		1024	if (err)
		1025	return ERR_PTR(err);
		1026	if (final_dst)
		1027	ipv6_addr_copy(&fl->fl6_dst, final_dst);
		1028	if (want_blackhole) {
		1029	err = __xfrm_lookup(sock_net(sk), &dst, fl, sk, XFRM_LOOKUP_WAIT);
		1030	if (err == -EREMOTE)
		1031	err = ip6_dst_blackhole(sk, &dst, fl);
		1032	if (err)
		1033	return ERR_PTR(err);
		1034	} else {
		1035	err = xfrm_lookup(sock_net(sk), &dst, fl, sk, 0);
		1036	if (err)
		1037	return ERR_PTR(err);
		1038	}
		1039	return dst;
		1040	}
		1041	EXPORT_SYMBOL_GPL(ip6_dst_lookup_flow);
		1042
		1043	/**
		1044	* ip6_sk_dst_lookup_flow - perform socket cached route lookup on flow
1006	* @sk: socket which provides the dst cache and route info	1045	* @sk: socket which provides the dst cache and route info
1007	* @dst: pointer to dst_entry * for result
1008	* @fl: flow to lookup	1046	* @fl: flow to lookup
		1047	* @final_dst: final destination address for ipsec lookup
		1048	* @want_blackhole: IPSEC blackhole handling desired
1009	*	1049	*
1010	* This function performs a route lookup on the given flow with the	1050	* This function performs a route lookup on the given flow with the
1011	* possibility of using the cached route in the socket if it is valid.	1051	* possibility of using the cached route in the socket if it is valid.
1012	* It will take the socket dst lock when operating on the dst cache.	1052	* It will take the socket dst lock when operating on the dst cache.
1013	* As a result, this function can only be used in process context.	1053	* As a result, this function can only be used in process context.
1014	*	1054	*
1015	* It returns zero on success, or a standard errno code on error.	1055	* It returns a valid dst pointer on success, or a pointer encoded
		1056	* error code.
1016	*/	1057	*/
1017	int ip6_sk_dst_lookup(struct sock sk, struct dst_entry dst, struct flowi fl)	1058	struct dst_entry ip6_sk_dst_lookup_flow(struct sock sk, struct flowi *fl,
		1059	const struct in6_addr *final_dst,
		1060	bool want_blackhole)
1018	{	1061	{
1019	*dst = NULL;	1062	struct dst_entry *dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1020	if (sk) {	1063	int err;
1021	*dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
1022	dst = ip6_sk_dst_check(sk, dst, fl);
1023	}
1024		1064
1025	return ip6_dst_lookup_tail(sk, dst, fl);	1065	dst = ip6_sk_dst_check(sk, dst, fl);
		1066
		1067	err = ip6_dst_lookup_tail(sk, &dst, fl);
		1068	if (err)
		1069	return ERR_PTR(err);
		1070	if (final_dst)
		1071	ipv6_addr_copy(&fl->fl6_dst, final_dst);
		1072	if (want_blackhole) {
		1073	err = __xfrm_lookup(sock_net(sk), &dst, fl, sk, XFRM_LOOKUP_WAIT);
		1074	if (err == -EREMOTE)
		1075	err = ip6_dst_blackhole(sk, &dst, fl);
		1076	if (err)
		1077	return ERR_PTR(err);
		1078	} else {
		1079	err = xfrm_lookup(sock_net(sk), &dst, fl, sk, 0);
		1080	if (err)
		1081	return ERR_PTR(err);
		1082	}
		1083	return dst;
1026	}	1084	}
1027	EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup);	1085	EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup_flow);
1028		1086
1029	static inline int ip6_ufo_append_data(struct sock *sk,	1087	static inline int ip6_ufo_append_data(struct sock *sk,
1030	int getfrag(void from, char to, int offset, int len,	1088	int getfrag(void from, char to, int offset, int len,


diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c index 364e86683388..dc29b07caf42 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c
@@ -856,20 +856,11 @@ static int rawv6_sendmsg(struct kiocb iocb, struct sock sk,
856	fl.oif = np->mcast_oif;	856	fl.oif = np->mcast_oif;
857	security_sk_classify_flow(sk, &fl);	857	security_sk_classify_flow(sk, &fl);
858		858
859	err = ip6_dst_lookup(sk, &dst, &fl);	859	dst = ip6_dst_lookup_flow(sk, &fl, final_p, true);
860	if (err)	860	if (IS_ERR(dst)) {
		861	err = PTR_ERR(dst);
861	goto out;	862	goto out;
862	if (final_p)
863	ipv6_addr_copy(&fl.fl6_dst, final_p);
864
865	err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
866	if (err < 0) {
867	if (err == -EREMOTE)
868	err = ip6_dst_blackhole(sk, &dst, &fl);
869	if (err < 0)
870	goto out;
871	}	863	}
872
873	if (hlimit < 0) {	864	if (hlimit < 0) {
874	if (ipv6_addr_is_multicast(&fl.fl6_dst))	865	if (ipv6_addr_is_multicast(&fl.fl6_dst))
875	hlimit = np->mcast_hops;	866	hlimit = np->mcast_hops;


diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c index 09fd34f0dbf2..0b4cf350631b 100644 --- a/net/ipv6/syncookies.c +++ b/net/ipv6/syncookies.c
@@ -243,12 +243,9 @@ struct sock cookie_v6_check(struct sock sk, struct sk_buff *skb)
243	fl.fl_ip_dport = inet_rsk(req)->rmt_port;	243	fl.fl_ip_dport = inet_rsk(req)->rmt_port;
244	fl.fl_ip_sport = inet_sk(sk)->inet_sport;	244	fl.fl_ip_sport = inet_sk(sk)->inet_sport;
245	security_req_classify_flow(req, &fl);	245	security_req_classify_flow(req, &fl);
246	if (ip6_dst_lookup(sk, &dst, &fl))
247	goto out_free;
248		246
249	if (final_p)	247	dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
250	ipv6_addr_copy(&fl.fl6_dst, final_p);	248	if (IS_ERR(dst))
251	if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
252	goto out_free;	249	goto out_free;
253	}	250	}
254		251


diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index 1d0ab5570904..e59a31c48baf 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c
@@ -255,18 +255,10 @@ static int tcp_v6_connect(struct sock sk, struct sockaddr uaddr,
255		255
256	security_sk_classify_flow(sk, &fl);	256	security_sk_classify_flow(sk, &fl);
257		257
258	err = ip6_dst_lookup(sk, &dst, &fl);	258	dst = ip6_dst_lookup_flow(sk, &fl, final_p, true);
259	if (err)	259	if (IS_ERR(dst)) {
		260	err = PTR_ERR(dst);
260	goto failure;	261	goto failure;
261	if (final_p)
262	ipv6_addr_copy(&fl.fl6_dst, final_p);
263
264	err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
265	if (err < 0) {
266	if (err == -EREMOTE)
267	err = ip6_dst_blackhole(sk, &dst, &fl);
268	if (err < 0)
269	goto failure;
270	}	262	}
271		263
272	if (saddr == NULL) {	264	if (saddr == NULL) {
@@ -385,7 +377,7 @@ static void tcp_v6_err(struct sk_buff skb, struct inet6_skb_parm opt,
385	np = inet6_sk(sk);	377	np = inet6_sk(sk);
386		378
387	if (type == ICMPV6_PKT_TOOBIG) {	379	if (type == ICMPV6_PKT_TOOBIG) {
388	struct dst_entry *dst = NULL;	380	struct dst_entry *dst;
389		381
390	if (sock_owned_by_user(sk))	382	if (sock_owned_by_user(sk))
391	goto out;	383	goto out;
@@ -413,13 +405,9 @@ static void tcp_v6_err(struct sk_buff skb, struct inet6_skb_parm opt,
413	fl.fl_ip_sport = inet->inet_sport;	405	fl.fl_ip_sport = inet->inet_sport;
414	security_skb_classify_flow(skb, &fl);	406	security_skb_classify_flow(skb, &fl);
415		407
416	if ((err = ip6_dst_lookup(sk, &dst, &fl))) {	408	dst = ip6_dst_lookup_flow(sk, &fl, NULL, false);
417	sk->sk_err_soft = -err;	409	if (IS_ERR(dst)) {
418	goto out;	410	sk->sk_err_soft = -PTR_ERR(dst);
419	}
420
421	if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
422	sk->sk_err_soft = -err;
423	goto out;	411	goto out;
424	}	412	}
425		413
@@ -496,7 +484,7 @@ static int tcp_v6_send_synack(struct sock sk, struct request_sock req,
496	struct in6_addr * final_p, final;	484	struct in6_addr * final_p, final;
497	struct flowi fl;	485	struct flowi fl;
498	struct dst_entry *dst;	486	struct dst_entry *dst;
499	int err = -1;	487	int err;
500		488
501	memset(&fl, 0, sizeof(fl));	489	memset(&fl, 0, sizeof(fl));
502	fl.proto = IPPROTO_TCP;	490	fl.proto = IPPROTO_TCP;
@@ -512,15 +500,13 @@ static int tcp_v6_send_synack(struct sock sk, struct request_sock req,
512	opt = np->opt;	500	opt = np->opt;
513	final_p = fl6_update_dst(&fl, opt, &final);	501	final_p = fl6_update_dst(&fl, opt, &final);
514		502
515	err = ip6_dst_lookup(sk, &dst, &fl);	503	dst = ip6_dst_lookup_flow(sk, &fl, final_p, false);
516	if (err)	504	if (IS_ERR(dst)) {
		505	err = PTR_ERR(dst);
517	goto done;	506	goto done;
518	if (final_p)	507	}
519	ipv6_addr_copy(&fl.fl6_dst, final_p);
520	if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
521	goto done;
522
523	skb = tcp_make_synack(sk, dst, req, rvp);	508	skb = tcp_make_synack(sk, dst, req, rvp);
		509	err = -ENOMEM;
524	if (skb) {	510	if (skb) {
525	__tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);	511	__tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
526		512
@@ -1079,15 +1065,14 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
1079	* Underlying function will use this to retrieve the network	1065	* Underlying function will use this to retrieve the network
1080	* namespace	1066	* namespace
1081	*/	1067	*/
1082	if (!ip6_dst_lookup(ctl_sk, &dst, &fl)) {	1068	dst = ip6_dst_lookup_flow(ctl_sk, &fl, NULL, false);
1083	if (xfrm_lookup(net, &dst, &fl, NULL, 0) >= 0) {	1069	if (!IS_ERR(dst)) {
1084	skb_dst_set(buff, dst);	1070	skb_dst_set(buff, dst);
1085	ip6_xmit(ctl_sk, buff, &fl, NULL);	1071	ip6_xmit(ctl_sk, buff, &fl, NULL);
1086	TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);	1072	TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
1087	if (rst)	1073	if (rst)
1088	TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);	1074	TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
1089	return;	1075	return;
1090	}
1091	}	1076	}
1092		1077
1093	kfree_skb(buff);	1078	kfree_skb(buff);


diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index a419a787eb69..d86d7f67a597 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c
@@ -1125,18 +1125,11 @@ do_udp_sendmsg:
1125		1125
1126	security_sk_classify_flow(sk, &fl);	1126	security_sk_classify_flow(sk, &fl);
1127		1127
1128	err = ip6_sk_dst_lookup(sk, &dst, &fl);	1128	dst = ip6_sk_dst_lookup_flow(sk, &fl, final_p, true);
1129	if (err)	1129	if (IS_ERR(dst)) {
		1130	err = PTR_ERR(dst);
		1131	dst = NULL;
1130	goto out;	1132	goto out;
1131	if (final_p)
1132	ipv6_addr_copy(&fl.fl6_dst, final_p);
1133
1134	err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
1135	if (err < 0) {
1136	if (err == -EREMOTE)
1137	err = ip6_dst_blackhole(sk, &dst, &fl);
1138	if (err < 0)
1139	goto out;
1140	}	1133	}
1141		1134
1142	if (hlimit < 0) {	1135	if (hlimit < 0) {