aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Miller <davem@davemloft.net>2015-04-05 22:19:04 -0400
committerDavid S. Miller <davem@davemloft.net>2015-04-07 15:25:55 -0400
commit7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab (patch)
tree3e11ed0f186ea6066a3f7efecb88d85bc732ee51
parent1c984f8a5df085bcf35364a8a870bd4db4da4ed3 (diff)
netfilter: Pass socket pointer down through okfn().
On the output paths in particular, we have to sometimes deal with two socket contexts. First, and usually skb->sk, is the local socket that generated the frame. And second, is potentially the socket used to control a tunneling socket, such as one the encapsulates using UDP. We do not want to disassociate skb->sk when encapsulating in order to fix this, because that would break socket memory accounting. The most extreme case where this can cause huge problems is an AF_PACKET socket transmitting over a vxlan device. We hit code paths doing checks that assume they are dealing with an ipv4 socket, but are actually operating upon the AF_PACKET one. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--include/linux/netdevice.h14
-rw-r--r--include/linux/netfilter.h62
-rw-r--r--include/linux/netfilter_bridge.h2
-rw-r--r--include/net/dn_neigh.h6
-rw-r--r--include/net/ip.h3
-rw-r--r--include/net/ip6_route.h3
-rw-r--r--include/net/ipv6.h2
-rw-r--r--include/net/xfrm.h8
-rw-r--r--net/bridge/br_forward.c13
-rw-r--r--net/bridge/br_input.c16
-rw-r--r--net/bridge/br_multicast.c3
-rw-r--r--net/bridge/br_netfilter.c56
-rw-r--r--net/bridge/br_private.h6
-rw-r--r--net/bridge/br_stp_bpdu.c5
-rw-r--r--net/core/dev.c10
-rw-r--r--net/decnet/dn_neigh.c35
-rw-r--r--net/decnet/dn_nsp_in.c5
-rw-r--r--net/decnet/dn_route.c26
-rw-r--r--net/ipv4/arp.c10
-rw-r--r--net/ipv4/ip_forward.c8
-rw-r--r--net/ipv4/ip_input.c10
-rw-r--r--net/ipv4/ip_output.c45
-rw-r--r--net/ipv4/ipmr.c7
-rw-r--r--net/ipv4/raw.c4
-rw-r--r--net/ipv4/xfrm4_input.c5
-rw-r--r--net/ipv4/xfrm4_output.c12
-rw-r--r--net/ipv6/ip6_input.c11
-rw-r--r--net/ipv6/ip6_output.c33
-rw-r--r--net/ipv6/ip6mr.c7
-rw-r--r--net/ipv6/mcast.c9
-rw-r--r--net/ipv6/ndisc.c5
-rw-r--r--net/ipv6/netfilter/nf_defrag_ipv6_hooks.c2
-rw-r--r--net/ipv6/output_core.c4
-rw-r--r--net/ipv6/raw.c4
-rw-r--r--net/ipv6/xfrm6_input.c3
-rw-r--r--net/ipv6/xfrm6_output.c15
-rw-r--r--net/netfilter/ipvs/ip_vs_xmit.c8
-rw-r--r--net/netfilter/nf_queue.c2
-rw-r--r--net/xfrm/xfrm_output.c16
39 files changed, 277 insertions, 218 deletions
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 41bf58a2b936..45823db2efb0 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -2165,8 +2165,12 @@ int dev_open(struct net_device *dev);
2165int dev_close(struct net_device *dev); 2165int dev_close(struct net_device *dev);
2166int dev_close_many(struct list_head *head, bool unlink); 2166int dev_close_many(struct list_head *head, bool unlink);
2167void dev_disable_lro(struct net_device *dev); 2167void dev_disable_lro(struct net_device *dev);
2168int dev_loopback_xmit(struct sk_buff *newskb); 2168int dev_loopback_xmit(struct sock *sk, struct sk_buff *newskb);
2169int dev_queue_xmit(struct sk_buff *skb); 2169int dev_queue_xmit_sk(struct sock *sk, struct sk_buff *skb);
2170static inline int dev_queue_xmit(struct sk_buff *skb)
2171{
2172 return dev_queue_xmit_sk(skb->sk, skb);
2173}
2170int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv); 2174int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv);
2171int register_netdevice(struct net_device *dev); 2175int register_netdevice(struct net_device *dev);
2172void unregister_netdevice_queue(struct net_device *dev, struct list_head *head); 2176void unregister_netdevice_queue(struct net_device *dev, struct list_head *head);
@@ -2927,7 +2931,11 @@ static inline void dev_consume_skb_any(struct sk_buff *skb)
2927 2931
2928int netif_rx(struct sk_buff *skb); 2932int netif_rx(struct sk_buff *skb);
2929int netif_rx_ni(struct sk_buff *skb); 2933int netif_rx_ni(struct sk_buff *skb);
2930int netif_receive_skb(struct sk_buff *skb); 2934int netif_receive_skb_sk(struct sock *sk, struct sk_buff *skb);
2935static inline int netif_receive_skb(struct sk_buff *skb)
2936{
2937 return netif_receive_skb_sk(skb->sk, skb);
2938}
2931gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb); 2939gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb);
2932void napi_gro_flush(struct napi_struct *napi, bool flush_old); 2940void napi_gro_flush(struct napi_struct *napi, bool flush_old);
2933struct sk_buff *napi_get_frags(struct napi_struct *napi); 2941struct sk_buff *napi_get_frags(struct napi_struct *napi);
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index f8f58fab2402..63560d0a8dfe 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -54,7 +54,7 @@ struct nf_hook_state {
54 struct net_device *in; 54 struct net_device *in;
55 struct net_device *out; 55 struct net_device *out;
56 struct sock *sk; 56 struct sock *sk;
57 int (*okfn)(struct sk_buff *); 57 int (*okfn)(struct sock *, struct sk_buff *);
58}; 58};
59 59
60static inline void nf_hook_state_init(struct nf_hook_state *p, 60static inline void nf_hook_state_init(struct nf_hook_state *p,
@@ -63,7 +63,7 @@ static inline void nf_hook_state_init(struct nf_hook_state *p,
63 struct net_device *indev, 63 struct net_device *indev,
64 struct net_device *outdev, 64 struct net_device *outdev,
65 struct sock *sk, 65 struct sock *sk,
66 int (*okfn)(struct sk_buff *)) 66 int (*okfn)(struct sock *, struct sk_buff *))
67{ 67{
68 p->hook = hook; 68 p->hook = hook;
69 p->thresh = thresh; 69 p->thresh = thresh;
@@ -156,26 +156,29 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state);
156 * value indicates the packet has been consumed by the hook. 156 * value indicates the packet has been consumed by the hook.
157 */ 157 */
158static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, 158static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
159 struct sock *sk,
159 struct sk_buff *skb, 160 struct sk_buff *skb,
160 struct net_device *indev, 161 struct net_device *indev,
161 struct net_device *outdev, 162 struct net_device *outdev,
162 int (*okfn)(struct sk_buff *), int thresh) 163 int (*okfn)(struct sock *, struct sk_buff *),
164 int thresh)
163{ 165{
164 if (nf_hooks_active(pf, hook)) { 166 if (nf_hooks_active(pf, hook)) {
165 struct nf_hook_state state; 167 struct nf_hook_state state;
166 168
167 nf_hook_state_init(&state, hook, thresh, pf, 169 nf_hook_state_init(&state, hook, thresh, pf,
168 indev, outdev, NULL, okfn); 170 indev, outdev, sk, okfn);
169 return nf_hook_slow(skb, &state); 171 return nf_hook_slow(skb, &state);
170 } 172 }
171 return 1; 173 return 1;
172} 174}
173 175
174static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb, 176static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sock *sk,
175 struct net_device *indev, struct net_device *outdev, 177 struct sk_buff *skb, struct net_device *indev,
176 int (*okfn)(struct sk_buff *)) 178 struct net_device *outdev,
179 int (*okfn)(struct sock *, struct sk_buff *))
177{ 180{
178 return nf_hook_thresh(pf, hook, skb, indev, outdev, okfn, INT_MIN); 181 return nf_hook_thresh(pf, hook, sk, skb, indev, outdev, okfn, INT_MIN);
179} 182}
180 183
181/* Activate hook; either okfn or kfree_skb called, unless a hook 184/* Activate hook; either okfn or kfree_skb called, unless a hook
@@ -196,35 +199,36 @@ static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb,
196*/ 199*/
197 200
198static inline int 201static inline int
199NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct sk_buff *skb, 202NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct sock *sk,
200 struct net_device *in, struct net_device *out, 203 struct sk_buff *skb, struct net_device *in,
201 int (*okfn)(struct sk_buff *), int thresh) 204 struct net_device *out,
205 int (*okfn)(struct sock *, struct sk_buff *), int thresh)
202{ 206{
203 int ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, thresh); 207 int ret = nf_hook_thresh(pf, hook, sk, skb, in, out, okfn, thresh);
204 if (ret == 1) 208 if (ret == 1)
205 ret = okfn(skb); 209 ret = okfn(sk, skb);
206 return ret; 210 return ret;
207} 211}
208 212
209static inline int 213static inline int
210NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sk_buff *skb, 214NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sock *sk,
211 struct net_device *in, struct net_device *out, 215 struct sk_buff *skb, struct net_device *in, struct net_device *out,
212 int (*okfn)(struct sk_buff *), bool cond) 216 int (*okfn)(struct sock *, struct sk_buff *), bool cond)
213{ 217{
214 int ret; 218 int ret;
215 219
216 if (!cond || 220 if (!cond ||
217 ((ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN)) == 1)) 221 ((ret = nf_hook_thresh(pf, hook, sk, skb, in, out, okfn, INT_MIN)) == 1))
218 ret = okfn(skb); 222 ret = okfn(sk, skb);
219 return ret; 223 return ret;
220} 224}
221 225
222static inline int 226static inline int
223NF_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb, 227NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb,
224 struct net_device *in, struct net_device *out, 228 struct net_device *in, struct net_device *out,
225 int (*okfn)(struct sk_buff *)) 229 int (*okfn)(struct sock *, struct sk_buff *))
226{ 230{
227 return NF_HOOK_THRESH(pf, hook, skb, in, out, okfn, INT_MIN); 231 return NF_HOOK_THRESH(pf, hook, sk, skb, in, out, okfn, INT_MIN);
228} 232}
229 233
230/* Call setsockopt() */ 234/* Call setsockopt() */
@@ -324,19 +328,21 @@ nf_nat_decode_session(struct sk_buff *skb, struct flowi *fl, u_int8_t family)
324} 328}
325 329
326#else /* !CONFIG_NETFILTER */ 330#else /* !CONFIG_NETFILTER */
327#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) 331#define NF_HOOK(pf, hook, sk, skb, indev, outdev, okfn) (okfn)(sk, skb)
328#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) (okfn)(skb) 332#define NF_HOOK_COND(pf, hook, sk, skb, indev, outdev, okfn, cond) (okfn)(sk, skb)
329static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, 333static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook,
334 struct sock *sk,
330 struct sk_buff *skb, 335 struct sk_buff *skb,
331 struct net_device *indev, 336 struct net_device *indev,
332 struct net_device *outdev, 337 struct net_device *outdev,
333 int (*okfn)(struct sk_buff *), int thresh) 338 int (*okfn)(struct sock *sk, struct sk_buff *), int thresh)
334{ 339{
335 return okfn(skb); 340 return okfn(sk, skb);
336} 341}
337static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb, 342static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sock *sk,
338 struct net_device *indev, struct net_device *outdev, 343 struct sk_buff *skb, struct net_device *indev,
339 int (*okfn)(struct sk_buff *)) 344 struct net_device *outdev,
345 int (*okfn)(struct sock *, struct sk_buff *))
340{ 346{
341 return 1; 347 return 1;
342} 348}
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index 2734977199ca..5fc0a0fe244b 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -30,7 +30,7 @@ static inline unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb)
30 return 0; 30 return 0;
31} 31}
32 32
33int br_handle_frame_finish(struct sk_buff *skb); 33int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb);
34 34
35static inline void br_drop_fake_rtable(struct sk_buff *skb) 35static inline void br_drop_fake_rtable(struct sk_buff *skb)
36{ 36{
diff --git a/include/net/dn_neigh.h b/include/net/dn_neigh.h
index 0f26aa707e62..d0424269313f 100644
--- a/include/net/dn_neigh.h
+++ b/include/net/dn_neigh.h
@@ -18,11 +18,11 @@ struct dn_neigh {
18 18
19void dn_neigh_init(void); 19void dn_neigh_init(void);
20void dn_neigh_cleanup(void); 20void dn_neigh_cleanup(void);
21int dn_neigh_router_hello(struct sk_buff *skb); 21int dn_neigh_router_hello(struct sock *sk, struct sk_buff *skb);
22int dn_neigh_endnode_hello(struct sk_buff *skb); 22int dn_neigh_endnode_hello(struct sock *sk, struct sk_buff *skb);
23void dn_neigh_pointopoint_hello(struct sk_buff *skb); 23void dn_neigh_pointopoint_hello(struct sk_buff *skb);
24int dn_neigh_elist(struct net_device *dev, unsigned char *ptr, int n); 24int dn_neigh_elist(struct net_device *dev, unsigned char *ptr, int n);
25int dn_to_neigh_output(struct sk_buff *skb); 25int dn_to_neigh_output(struct sock *sk, struct sk_buff *skb);
26 26
27extern struct neigh_table dn_neigh_table; 27extern struct neigh_table dn_neigh_table;
28 28
diff --git a/include/net/ip.h b/include/net/ip.h
index 69cd9cb8400c..d14af7edd197 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -108,7 +108,8 @@ int ip_local_deliver(struct sk_buff *skb);
108int ip_mr_input(struct sk_buff *skb); 108int ip_mr_input(struct sk_buff *skb);
109int ip_output(struct sock *sk, struct sk_buff *skb); 109int ip_output(struct sock *sk, struct sk_buff *skb);
110int ip_mc_output(struct sock *sk, struct sk_buff *skb); 110int ip_mc_output(struct sock *sk, struct sk_buff *skb);
111int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 111int ip_fragment(struct sock *sk, struct sk_buff *skb,
112 int (*output)(struct sock *, struct sk_buff *));
112int ip_do_nat(struct sk_buff *skb); 113int ip_do_nat(struct sk_buff *skb);
113void ip_send_check(struct iphdr *ip); 114void ip_send_check(struct iphdr *ip);
114int __ip_local_out(struct sk_buff *skb); 115int __ip_local_out(struct sk_buff *skb);
diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
index eda131d179d9..5e192068e6cb 100644
--- a/include/net/ip6_route.h
+++ b/include/net/ip6_route.h
@@ -170,7 +170,8 @@ static inline bool ipv6_anycast_destination(const struct sk_buff *skb)
170 return rt->rt6i_flags & RTF_ANYCAST; 170 return rt->rt6i_flags & RTF_ANYCAST;
171} 171}
172 172
173int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 173int ip6_fragment(struct sock *sk, struct sk_buff *skb,
174 int (*output)(struct sock *, struct sk_buff *));
174 175
175static inline int ip6_skb_dst_mtu(struct sk_buff *skb) 176static inline int ip6_skb_dst_mtu(struct sk_buff *skb)
176{ 177{
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 65142e6af440..b6ae959824ff 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -769,7 +769,7 @@ static inline u8 ip6_tclass(__be32 flowinfo)
769int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, 769int ipv6_rcv(struct sk_buff *skb, struct net_device *dev,
770 struct packet_type *pt, struct net_device *orig_dev); 770 struct packet_type *pt, struct net_device *orig_dev);
771 771
772int ip6_rcv_finish(struct sk_buff *skb); 772int ip6_rcv_finish(struct sock *sk, struct sk_buff *skb);
773 773
774/* 774/*
775 * upper-layer output functions 775 * upper-layer output functions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 461f83539493..36ac102c97c7 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -332,7 +332,7 @@ struct xfrm_state_afinfo {
332 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n); 332 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
333 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n); 333 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
334 int (*output)(struct sock *sk, struct sk_buff *skb); 334 int (*output)(struct sock *sk, struct sk_buff *skb);
335 int (*output_finish)(struct sk_buff *skb); 335 int (*output_finish)(struct sock *sk, struct sk_buff *skb);
336 int (*extract_input)(struct xfrm_state *x, 336 int (*extract_input)(struct xfrm_state *x,
337 struct sk_buff *skb); 337 struct sk_buff *skb);
338 int (*extract_output)(struct xfrm_state *x, 338 int (*extract_output)(struct xfrm_state *x,
@@ -1503,7 +1503,7 @@ int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
1503int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type); 1503int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type);
1504int xfrm_input_resume(struct sk_buff *skb, int nexthdr); 1504int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
1505int xfrm_output_resume(struct sk_buff *skb, int err); 1505int xfrm_output_resume(struct sk_buff *skb, int err);
1506int xfrm_output(struct sk_buff *skb); 1506int xfrm_output(struct sock *sk, struct sk_buff *skb);
1507int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1507int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1508void xfrm_local_error(struct sk_buff *skb, int mtu); 1508void xfrm_local_error(struct sk_buff *skb, int mtu);
1509int xfrm4_extract_header(struct sk_buff *skb); 1509int xfrm4_extract_header(struct sk_buff *skb);
@@ -1524,7 +1524,7 @@ static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
1524int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1524int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1525int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb); 1525int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1526int xfrm4_output(struct sock *sk, struct sk_buff *skb); 1526int xfrm4_output(struct sock *sk, struct sk_buff *skb);
1527int xfrm4_output_finish(struct sk_buff *skb); 1527int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb);
1528int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err); 1528int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err);
1529int xfrm4_protocol_register(struct xfrm4_protocol *handler, unsigned char protocol); 1529int xfrm4_protocol_register(struct xfrm4_protocol *handler, unsigned char protocol);
1530int xfrm4_protocol_deregister(struct xfrm4_protocol *handler, unsigned char protocol); 1530int xfrm4_protocol_deregister(struct xfrm4_protocol *handler, unsigned char protocol);
@@ -1549,7 +1549,7 @@ __be32 xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr);
1549int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1549int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);
1550int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb); 1550int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
1551int xfrm6_output(struct sock *sk, struct sk_buff *skb); 1551int xfrm6_output(struct sock *sk, struct sk_buff *skb);
1552int xfrm6_output_finish(struct sk_buff *skb); 1552int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb);
1553int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb, 1553int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
1554 u8 **prevhdr); 1554 u8 **prevhdr);
1555 1555
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index 3304a5442331..e97572b5d2cc 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -35,7 +35,7 @@ static inline int should_deliver(const struct net_bridge_port *p,
35 p->state == BR_STATE_FORWARDING; 35 p->state == BR_STATE_FORWARDING;
36} 36}
37 37
38int br_dev_queue_push_xmit(struct sk_buff *skb) 38int br_dev_queue_push_xmit(struct sock *sk, struct sk_buff *skb)
39{ 39{
40 if (!is_skb_forwardable(skb->dev, skb)) { 40 if (!is_skb_forwardable(skb->dev, skb)) {
41 kfree_skb(skb); 41 kfree_skb(skb);
@@ -49,9 +49,10 @@ int br_dev_queue_push_xmit(struct sk_buff *skb)
49} 49}
50EXPORT_SYMBOL_GPL(br_dev_queue_push_xmit); 50EXPORT_SYMBOL_GPL(br_dev_queue_push_xmit);
51 51
52int br_forward_finish(struct sk_buff *skb) 52int br_forward_finish(struct sock *sk, struct sk_buff *skb)
53{ 53{
54 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, 54 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, sk, skb,
55 NULL, skb->dev,
55 br_dev_queue_push_xmit); 56 br_dev_queue_push_xmit);
56 57
57} 58}
@@ -75,7 +76,8 @@ static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
75 return; 76 return;
76 } 77 }
77 78
78 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 79 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, NULL, skb,
80 NULL, skb->dev,
79 br_forward_finish); 81 br_forward_finish);
80} 82}
81 83
@@ -96,7 +98,8 @@ static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb)
96 skb->dev = to->dev; 98 skb->dev = to->dev;
97 skb_forward_csum(skb); 99 skb_forward_csum(skb);
98 100
99 NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, 101 NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, NULL, skb,
102 indev, skb->dev,
100 br_forward_finish); 103 br_forward_finish);
101} 104}
102 105
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 052c5ebbc947..f921a5dce22d 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -55,8 +55,9 @@ static int br_pass_frame_up(struct sk_buff *skb)
55 if (!skb) 55 if (!skb)
56 return NET_RX_DROP; 56 return NET_RX_DROP;
57 57
58 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL, 58 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, NULL, skb,
59 netif_receive_skb); 59 indev, NULL,
60 netif_receive_skb_sk);
60} 61}
61 62
62static void br_do_proxy_arp(struct sk_buff *skb, struct net_bridge *br, 63static void br_do_proxy_arp(struct sk_buff *skb, struct net_bridge *br,
@@ -119,7 +120,7 @@ static void br_do_proxy_arp(struct sk_buff *skb, struct net_bridge *br,
119} 120}
120 121
121/* note: already called with rcu_read_lock */ 122/* note: already called with rcu_read_lock */
122int br_handle_frame_finish(struct sk_buff *skb) 123int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb)
123{ 124{
124 const unsigned char *dest = eth_hdr(skb)->h_dest; 125 const unsigned char *dest = eth_hdr(skb)->h_dest;
125 struct net_bridge_port *p = br_port_get_rcu(skb->dev); 126 struct net_bridge_port *p = br_port_get_rcu(skb->dev);
@@ -207,7 +208,7 @@ drop:
207EXPORT_SYMBOL_GPL(br_handle_frame_finish); 208EXPORT_SYMBOL_GPL(br_handle_frame_finish);
208 209
209/* note: already called with rcu_read_lock */ 210/* note: already called with rcu_read_lock */
210static int br_handle_local_finish(struct sk_buff *skb) 211static int br_handle_local_finish(struct sock *sk, struct sk_buff *skb)
211{ 212{
212 struct net_bridge_port *p = br_port_get_rcu(skb->dev); 213 struct net_bridge_port *p = br_port_get_rcu(skb->dev);
213 u16 vid = 0; 214 u16 vid = 0;
@@ -277,8 +278,8 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
277 } 278 }
278 279
279 /* Deliver packet to local host only */ 280 /* Deliver packet to local host only */
280 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 281 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, NULL, skb,
281 NULL, br_handle_local_finish)) { 282 skb->dev, NULL, br_handle_local_finish)) {
282 return RX_HANDLER_CONSUMED; /* consumed by filter */ 283 return RX_HANDLER_CONSUMED; /* consumed by filter */
283 } else { 284 } else {
284 *pskb = skb; 285 *pskb = skb;
@@ -302,7 +303,8 @@ forward:
302 if (ether_addr_equal(p->br->dev->dev_addr, dest)) 303 if (ether_addr_equal(p->br->dev->dev_addr, dest))
303 skb->pkt_type = PACKET_HOST; 304 skb->pkt_type = PACKET_HOST;
304 305
305 NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 306 NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, NULL, skb,
307 skb->dev, NULL,
306 br_handle_frame_finish); 308 br_handle_frame_finish);
307 break; 309 break;
308 default: 310 default:
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index c465876c7861..4b6722f8f179 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -814,7 +814,8 @@ static void __br_multicast_send_query(struct net_bridge *br,
814 814
815 if (port) { 815 if (port) {
816 skb->dev = port->dev; 816 skb->dev = port->dev;
817 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 817 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, NULL, skb,
818 NULL, skb->dev,
818 br_dev_queue_push_xmit); 819 br_dev_queue_push_xmit);
819 } else { 820 } else {
820 br_multicast_select_own_querier(br, ip, skb); 821 br_multicast_select_own_querier(br, ip, skb);
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 7527e94dd5dc..acd31c9f2116 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -261,7 +261,7 @@ static void nf_bridge_update_protocol(struct sk_buff *skb)
261/* PF_BRIDGE/PRE_ROUTING *********************************************/ 261/* PF_BRIDGE/PRE_ROUTING *********************************************/
262/* Undo the changes made for ip6tables PREROUTING and continue the 262/* Undo the changes made for ip6tables PREROUTING and continue the
263 * bridge PRE_ROUTING hook. */ 263 * bridge PRE_ROUTING hook. */
264static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) 264static int br_nf_pre_routing_finish_ipv6(struct sock *sk, struct sk_buff *skb)
265{ 265{
266 struct nf_bridge_info *nf_bridge = skb->nf_bridge; 266 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
267 struct rtable *rt; 267 struct rtable *rt;
@@ -282,7 +282,8 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
282 skb->dev = nf_bridge->physindev; 282 skb->dev = nf_bridge->physindev;
283 nf_bridge_update_protocol(skb); 283 nf_bridge_update_protocol(skb);
284 nf_bridge_push_encap_header(skb); 284 nf_bridge_push_encap_header(skb);
285 NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 285 NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, sk, skb,
286 skb->dev, NULL,
286 br_handle_frame_finish, 1); 287 br_handle_frame_finish, 1);
287 288
288 return 0; 289 return 0;
@@ -293,7 +294,7 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
293 * don't, we use the neighbour framework to find out. In both cases, we make 294 * don't, we use the neighbour framework to find out. In both cases, we make
294 * sure that br_handle_frame_finish() is called afterwards. 295 * sure that br_handle_frame_finish() is called afterwards.
295 */ 296 */
296static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) 297static int br_nf_pre_routing_finish_bridge(struct sock *sk, struct sk_buff *skb)
297{ 298{
298 struct nf_bridge_info *nf_bridge = skb->nf_bridge; 299 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
299 struct neighbour *neigh; 300 struct neighbour *neigh;
@@ -310,7 +311,7 @@ static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb)
310 if (neigh->hh.hh_len) { 311 if (neigh->hh.hh_len) {
311 neigh_hh_bridge(&neigh->hh, skb); 312 neigh_hh_bridge(&neigh->hh, skb);
312 skb->dev = nf_bridge->physindev; 313 skb->dev = nf_bridge->physindev;
313 ret = br_handle_frame_finish(skb); 314 ret = br_handle_frame_finish(sk, skb);
314 } else { 315 } else {
315 /* the neighbour function below overwrites the complete 316 /* the neighbour function below overwrites the complete
316 * MAC header, so we save the Ethernet source address and 317 * MAC header, so we save the Ethernet source address and
@@ -387,7 +388,7 @@ static bool dnat_took_place(const struct sk_buff *skb)
387 * device, we proceed as if ip_route_input() succeeded. If it differs from the 388 * device, we proceed as if ip_route_input() succeeded. If it differs from the
388 * logical bridge port or if ip_route_output_key() fails we drop the packet. 389 * logical bridge port or if ip_route_output_key() fails we drop the packet.
389 */ 390 */
390static int br_nf_pre_routing_finish(struct sk_buff *skb) 391static int br_nf_pre_routing_finish(struct sock *sk, struct sk_buff *skb)
391{ 392{
392 struct net_device *dev = skb->dev; 393 struct net_device *dev = skb->dev;
393 struct iphdr *iph = ip_hdr(skb); 394 struct iphdr *iph = ip_hdr(skb);
@@ -440,7 +441,7 @@ bridged_dnat:
440 nf_bridge_push_encap_header(skb); 441 nf_bridge_push_encap_header(skb);
441 NF_HOOK_THRESH(NFPROTO_BRIDGE, 442 NF_HOOK_THRESH(NFPROTO_BRIDGE,
442 NF_BR_PRE_ROUTING, 443 NF_BR_PRE_ROUTING,
443 skb, skb->dev, NULL, 444 sk, skb, skb->dev, NULL,
444 br_nf_pre_routing_finish_bridge, 445 br_nf_pre_routing_finish_bridge,
445 1); 446 1);
446 return 0; 447 return 0;
@@ -460,7 +461,8 @@ bridged_dnat:
460 skb->dev = nf_bridge->physindev; 461 skb->dev = nf_bridge->physindev;
461 nf_bridge_update_protocol(skb); 462 nf_bridge_update_protocol(skb);
462 nf_bridge_push_encap_header(skb); 463 nf_bridge_push_encap_header(skb);
463 NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 464 NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, sk, skb,
465 skb->dev, NULL,
464 br_handle_frame_finish, 1); 466 br_handle_frame_finish, 1);
465 467
466 return 0; 468 return 0;
@@ -596,7 +598,8 @@ static unsigned int br_nf_pre_routing_ipv6(const struct nf_hook_ops *ops,
596 return NF_DROP; 598 return NF_DROP;
597 599
598 skb->protocol = htons(ETH_P_IPV6); 600 skb->protocol = htons(ETH_P_IPV6);
599 NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, 601 NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, state->sk, skb,
602 skb->dev, NULL,
600 br_nf_pre_routing_finish_ipv6); 603 br_nf_pre_routing_finish_ipv6);
601 604
602 return NF_STOLEN; 605 return NF_STOLEN;
@@ -651,7 +654,8 @@ static unsigned int br_nf_pre_routing(const struct nf_hook_ops *ops,
651 654
652 skb->protocol = htons(ETH_P_IP); 655 skb->protocol = htons(ETH_P_IP);
653 656
654 NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, 657 NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, state->sk, skb,
658 skb->dev, NULL,
655 br_nf_pre_routing_finish); 659 br_nf_pre_routing_finish);
656 660
657 return NF_STOLEN; 661 return NF_STOLEN;
@@ -674,7 +678,7 @@ static unsigned int br_nf_local_in(const struct nf_hook_ops *ops,
674} 678}
675 679
676/* PF_BRIDGE/FORWARD *************************************************/ 680/* PF_BRIDGE/FORWARD *************************************************/
677static int br_nf_forward_finish(struct sk_buff *skb) 681static int br_nf_forward_finish(struct sock *sk, struct sk_buff *skb)
678{ 682{
679 struct nf_bridge_info *nf_bridge = skb->nf_bridge; 683 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
680 struct net_device *in; 684 struct net_device *in;
@@ -691,8 +695,8 @@ static int br_nf_forward_finish(struct sk_buff *skb)
691 } 695 }
692 nf_bridge_push_encap_header(skb); 696 nf_bridge_push_encap_header(skb);
693 697
694 NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, in, 698 NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_FORWARD, sk, skb,
695 skb->dev, br_forward_finish, 1); 699 in, skb->dev, br_forward_finish, 1);
696 return 0; 700 return 0;
697} 701}
698 702
@@ -746,7 +750,8 @@ static unsigned int br_nf_forward_ip(const struct nf_hook_ops *ops,
746 else 750 else
747 skb->protocol = htons(ETH_P_IPV6); 751 skb->protocol = htons(ETH_P_IPV6);
748 752
749 NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, state->in), 753 NF_HOOK(pf, NF_INET_FORWARD, NULL, skb,
754 brnf_get_logical_dev(skb, state->in),
750 parent, br_nf_forward_finish); 755 parent, br_nf_forward_finish);
751 756
752 return NF_STOLEN; 757 return NF_STOLEN;
@@ -780,8 +785,8 @@ static unsigned int br_nf_forward_arp(const struct nf_hook_ops *ops,
780 return NF_ACCEPT; 785 return NF_ACCEPT;
781 } 786 }
782 *d = state->in; 787 *d = state->in;
783 NF_HOOK(NFPROTO_ARP, NF_ARP_FORWARD, skb, state->in, 788 NF_HOOK(NFPROTO_ARP, NF_ARP_FORWARD, state->sk, skb,
784 state->out, br_nf_forward_finish); 789 state->in, state->out, br_nf_forward_finish);
785 790
786 return NF_STOLEN; 791 return NF_STOLEN;
787} 792}
@@ -804,24 +809,24 @@ static bool nf_bridge_copy_header(struct sk_buff *skb)
804 return true; 809 return true;
805} 810}
806 811
807static int br_nf_push_frag_xmit(struct sk_buff *skb) 812static int br_nf_push_frag_xmit(struct sock *sk, struct sk_buff *skb)
808{ 813{
809 if (!nf_bridge_copy_header(skb)) { 814 if (!nf_bridge_copy_header(skb)) {
810 kfree_skb(skb); 815 kfree_skb(skb);
811 return 0; 816 return 0;
812 } 817 }
813 818
814 return br_dev_queue_push_xmit(skb); 819 return br_dev_queue_push_xmit(sk, skb);
815} 820}
816 821
817static int br_nf_dev_queue_xmit(struct sk_buff *skb) 822static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb)
818{ 823{
819 int ret; 824 int ret;
820 int frag_max_size; 825 int frag_max_size;
821 unsigned int mtu_reserved; 826 unsigned int mtu_reserved;
822 827
823 if (skb_is_gso(skb) || skb->protocol != htons(ETH_P_IP)) 828 if (skb_is_gso(skb) || skb->protocol != htons(ETH_P_IP))
824 return br_dev_queue_push_xmit(skb); 829 return br_dev_queue_push_xmit(sk, skb);
825 830
826 mtu_reserved = nf_bridge_mtu_reduction(skb); 831 mtu_reserved = nf_bridge_mtu_reduction(skb);
827 /* This is wrong! We should preserve the original fragment 832 /* This is wrong! We should preserve the original fragment
@@ -833,16 +838,16 @@ static int br_nf_dev_queue_xmit(struct sk_buff *skb)
833 /* Drop invalid packet */ 838 /* Drop invalid packet */
834 return NF_DROP; 839 return NF_DROP;
835 IPCB(skb)->frag_max_size = frag_max_size; 840 IPCB(skb)->frag_max_size = frag_max_size;
836 ret = ip_fragment(skb, br_nf_push_frag_xmit); 841 ret = ip_fragment(sk, skb, br_nf_push_frag_xmit);
837 } else 842 } else
838 ret = br_dev_queue_push_xmit(skb); 843 ret = br_dev_queue_push_xmit(sk, skb);
839 844
840 return ret; 845 return ret;
841} 846}
842#else 847#else
843static int br_nf_dev_queue_xmit(struct sk_buff *skb) 848static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb)
844{ 849{
845 return br_dev_queue_push_xmit(skb); 850 return br_dev_queue_push_xmit(sk, skb);
846} 851}
847#endif 852#endif
848 853
@@ -887,7 +892,8 @@ static unsigned int br_nf_post_routing(const struct nf_hook_ops *ops,
887 else 892 else
888 skb->protocol = htons(ETH_P_IPV6); 893 skb->protocol = htons(ETH_P_IPV6);
889 894
890 NF_HOOK(pf, NF_INET_POST_ROUTING, skb, NULL, realoutdev, 895 NF_HOOK(pf, NF_INET_POST_ROUTING, state->sk, skb,
896 NULL, realoutdev,
891 br_nf_dev_queue_xmit); 897 br_nf_dev_queue_xmit);
892 898
893 return NF_STOLEN; 899 return NF_STOLEN;
@@ -927,7 +933,7 @@ static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb)
927 skb_copy_to_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN), 933 skb_copy_to_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN),
928 skb->nf_bridge->data, ETH_HLEN-ETH_ALEN); 934 skb->nf_bridge->data, ETH_HLEN-ETH_ALEN);
929 skb->dev = nf_bridge->physindev; 935 skb->dev = nf_bridge->physindev;
930 br_handle_frame_finish(skb); 936 br_handle_frame_finish(NULL, skb);
931} 937}
932 938
933static int br_nf_dev_xmit(struct sk_buff *skb) 939static int br_nf_dev_xmit(struct sk_buff *skb)
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index b46fa0c5b8ec..6ca0251cb478 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -410,10 +410,10 @@ int br_fdb_external_learn_del(struct net_bridge *br, struct net_bridge_port *p,
410 410
411/* br_forward.c */ 411/* br_forward.c */
412void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb); 412void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb);
413int br_dev_queue_push_xmit(struct sk_buff *skb); 413int br_dev_queue_push_xmit(struct sock *sk, struct sk_buff *skb);
414void br_forward(const struct net_bridge_port *to, 414void br_forward(const struct net_bridge_port *to,
415 struct sk_buff *skb, struct sk_buff *skb0); 415 struct sk_buff *skb, struct sk_buff *skb0);
416int br_forward_finish(struct sk_buff *skb); 416int br_forward_finish(struct sock *sk, struct sk_buff *skb);
417void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb, bool unicast); 417void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb, bool unicast);
418void br_flood_forward(struct net_bridge *br, struct sk_buff *skb, 418void br_flood_forward(struct net_bridge *br, struct sk_buff *skb,
419 struct sk_buff *skb2, bool unicast); 419 struct sk_buff *skb2, bool unicast);
@@ -431,7 +431,7 @@ void br_port_flags_change(struct net_bridge_port *port, unsigned long mask);
431void br_manage_promisc(struct net_bridge *br); 431void br_manage_promisc(struct net_bridge *br);
432 432
433/* br_input.c */ 433/* br_input.c */
434int br_handle_frame_finish(struct sk_buff *skb); 434int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb);
435rx_handler_result_t br_handle_frame(struct sk_buff **pskb); 435rx_handler_result_t br_handle_frame(struct sk_buff **pskb);
436 436
437static inline bool br_rx_handler_check_rcu(const struct net_device *dev) 437static inline bool br_rx_handler_check_rcu(const struct net_device *dev)
diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c
index bdb459d21ad8..534fc4cd263e 100644
--- a/net/bridge/br_stp_bpdu.c
+++ b/net/bridge/br_stp_bpdu.c
@@ -54,8 +54,9 @@ static void br_send_bpdu(struct net_bridge_port *p,
54 54
55 skb_reset_mac_header(skb); 55 skb_reset_mac_header(skb);
56 56
57 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 57 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, NULL, skb,
58 dev_queue_xmit); 58 NULL, skb->dev,
59 dev_queue_xmit_sk);
59} 60}
60 61
61static inline void br_set_ticks(unsigned char *dest, int j) 62static inline void br_set_ticks(unsigned char *dest, int j)
diff --git a/net/core/dev.c b/net/core/dev.c
index 3b3965288f52..b2775f06c710 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2879,7 +2879,7 @@ EXPORT_SYMBOL(xmit_recursion);
2879 * dev_loopback_xmit - loop back @skb 2879 * dev_loopback_xmit - loop back @skb
2880 * @skb: buffer to transmit 2880 * @skb: buffer to transmit
2881 */ 2881 */
2882int dev_loopback_xmit(struct sk_buff *skb) 2882int dev_loopback_xmit(struct sock *sk, struct sk_buff *skb)
2883{ 2883{
2884 skb_reset_mac_header(skb); 2884 skb_reset_mac_header(skb);
2885 __skb_pull(skb, skb_network_offset(skb)); 2885 __skb_pull(skb, skb_network_offset(skb));
@@ -3017,11 +3017,11 @@ out:
3017 return rc; 3017 return rc;
3018} 3018}
3019 3019
3020int dev_queue_xmit(struct sk_buff *skb) 3020int dev_queue_xmit_sk(struct sock *sk, struct sk_buff *skb)
3021{ 3021{
3022 return __dev_queue_xmit(skb, NULL); 3022 return __dev_queue_xmit(skb, NULL);
3023} 3023}
3024EXPORT_SYMBOL(dev_queue_xmit); 3024EXPORT_SYMBOL(dev_queue_xmit_sk);
3025 3025
3026int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv) 3026int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv)
3027{ 3027{
@@ -3853,13 +3853,13 @@ static int netif_receive_skb_internal(struct sk_buff *skb)
3853 * NET_RX_SUCCESS: no congestion 3853 * NET_RX_SUCCESS: no congestion
3854 * NET_RX_DROP: packet was dropped 3854 * NET_RX_DROP: packet was dropped
3855 */ 3855 */
3856int netif_receive_skb(struct sk_buff *skb) 3856int netif_receive_skb_sk(struct sock *sk, struct sk_buff *skb)
3857{ 3857{
3858 trace_netif_receive_skb_entry(skb); 3858 trace_netif_receive_skb_entry(skb);
3859 3859
3860 return netif_receive_skb_internal(skb); 3860 return netif_receive_skb_internal(skb);
3861} 3861}
3862EXPORT_SYMBOL(netif_receive_skb); 3862EXPORT_SYMBOL(netif_receive_skb_sk);
3863 3863
3864/* Network device is going away, flush any packets still pending 3864/* Network device is going away, flush any packets still pending
3865 * Called with irqs disabled. 3865 * Called with irqs disabled.
diff --git a/net/decnet/dn_neigh.c b/net/decnet/dn_neigh.c
index be1f08cdad29..4507b188fc51 100644
--- a/net/decnet/dn_neigh.c
+++ b/net/decnet/dn_neigh.c
@@ -194,7 +194,7 @@ static int dn_neigh_output(struct neighbour *neigh, struct sk_buff *skb)
194 return err; 194 return err;
195} 195}
196 196
197static int dn_neigh_output_packet(struct sk_buff *skb) 197static int dn_neigh_output_packet(struct sock *sk, struct sk_buff *skb)
198{ 198{
199 struct dst_entry *dst = skb_dst(skb); 199 struct dst_entry *dst = skb_dst(skb);
200 struct dn_route *rt = (struct dn_route *)dst; 200 struct dn_route *rt = (struct dn_route *)dst;
@@ -206,7 +206,8 @@ static int dn_neigh_output_packet(struct sk_buff *skb)
206/* 206/*
207 * For talking to broadcast devices: Ethernet & PPP 207 * For talking to broadcast devices: Ethernet & PPP
208 */ 208 */
209static int dn_long_output(struct neighbour *neigh, struct sk_buff *skb) 209static int dn_long_output(struct neighbour *neigh, struct sock *sk,
210 struct sk_buff *skb)
210{ 211{
211 struct net_device *dev = neigh->dev; 212 struct net_device *dev = neigh->dev;
212 int headroom = dev->hard_header_len + sizeof(struct dn_long_packet) + 3; 213 int headroom = dev->hard_header_len + sizeof(struct dn_long_packet) + 3;
@@ -245,14 +246,15 @@ static int dn_long_output(struct neighbour *neigh, struct sk_buff *skb)
245 246
246 skb_reset_network_header(skb); 247 skb_reset_network_header(skb);
247 248
248 return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, skb, NULL, 249 return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, sk, skb,
249 neigh->dev, dn_neigh_output_packet); 250 NULL, neigh->dev, dn_neigh_output_packet);
250} 251}
251 252
252/* 253/*
253 * For talking to pointopoint and multidrop devices: DDCMP and X.25 254 * For talking to pointopoint and multidrop devices: DDCMP and X.25
254 */ 255 */
255static int dn_short_output(struct neighbour *neigh, struct sk_buff *skb) 256static int dn_short_output(struct neighbour *neigh, struct sock *sk,
257 struct sk_buff *skb)
256{ 258{
257 struct net_device *dev = neigh->dev; 259 struct net_device *dev = neigh->dev;
258 int headroom = dev->hard_header_len + sizeof(struct dn_short_packet) + 2; 260 int headroom = dev->hard_header_len + sizeof(struct dn_short_packet) + 2;
@@ -284,8 +286,8 @@ static int dn_short_output(struct neighbour *neigh, struct sk_buff *skb)
284 286
285 skb_reset_network_header(skb); 287 skb_reset_network_header(skb);
286 288
287 return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, skb, NULL, 289 return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, sk, skb,
288 neigh->dev, dn_neigh_output_packet); 290 NULL, neigh->dev, dn_neigh_output_packet);
289} 291}
290 292
291/* 293/*
@@ -293,7 +295,8 @@ static int dn_short_output(struct neighbour *neigh, struct sk_buff *skb)
293 * Phase 3 output is the same as short output, execpt that 295 * Phase 3 output is the same as short output, execpt that
294 * it clears the area bits before transmission. 296 * it clears the area bits before transmission.
295 */ 297 */
296static int dn_phase3_output(struct neighbour *neigh, struct sk_buff *skb) 298static int dn_phase3_output(struct neighbour *neigh, struct sock *sk,
299 struct sk_buff *skb)
297{ 300{
298 struct net_device *dev = neigh->dev; 301 struct net_device *dev = neigh->dev;
299 int headroom = dev->hard_header_len + sizeof(struct dn_short_packet) + 2; 302 int headroom = dev->hard_header_len + sizeof(struct dn_short_packet) + 2;
@@ -324,11 +327,11 @@ static int dn_phase3_output(struct neighbour *neigh, struct sk_buff *skb)
324 327
325 skb_reset_network_header(skb); 328 skb_reset_network_header(skb);
326 329
327 return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, skb, NULL, 330 return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, sk, skb,
328 neigh->dev, dn_neigh_output_packet); 331 NULL, neigh->dev, dn_neigh_output_packet);
329} 332}
330 333
331int dn_to_neigh_output(struct sk_buff *skb) 334int dn_to_neigh_output(struct sock *sk, struct sk_buff *skb)
332{ 335{
333 struct dst_entry *dst = skb_dst(skb); 336 struct dst_entry *dst = skb_dst(skb);
334 struct dn_route *rt = (struct dn_route *) dst; 337 struct dn_route *rt = (struct dn_route *) dst;
@@ -347,11 +350,11 @@ int dn_to_neigh_output(struct sk_buff *skb)
347 rcu_read_unlock(); 350 rcu_read_unlock();
348 351
349 if (dn->flags & DN_NDFLAG_P3) 352 if (dn->flags & DN_NDFLAG_P3)
350 return dn_phase3_output(neigh, skb); 353 return dn_phase3_output(neigh, sk, skb);
351 if (use_long) 354 if (use_long)
352 return dn_long_output(neigh, skb); 355 return dn_long_output(neigh, sk, skb);
353 else 356 else
354 return dn_short_output(neigh, skb); 357 return dn_short_output(neigh, sk, skb);
355} 358}
356 359
357/* 360/*
@@ -372,7 +375,7 @@ void dn_neigh_pointopoint_hello(struct sk_buff *skb)
372/* 375/*
373 * Ethernet router hello message received 376 * Ethernet router hello message received
374 */ 377 */
375int dn_neigh_router_hello(struct sk_buff *skb) 378int dn_neigh_router_hello(struct sock *sk, struct sk_buff *skb)
376{ 379{
377 struct rtnode_hello_message *msg = (struct rtnode_hello_message *)skb->data; 380 struct rtnode_hello_message *msg = (struct rtnode_hello_message *)skb->data;
378 381
@@ -434,7 +437,7 @@ int dn_neigh_router_hello(struct sk_buff *skb)
434/* 437/*
435 * Endnode hello message received 438 * Endnode hello message received
436 */ 439 */
437int dn_neigh_endnode_hello(struct sk_buff *skb) 440int dn_neigh_endnode_hello(struct sock *sk, struct sk_buff *skb)
438{ 441{
439 struct endnode_hello_message *msg = (struct endnode_hello_message *)skb->data; 442 struct endnode_hello_message *msg = (struct endnode_hello_message *)skb->data;
440 struct neighbour *neigh; 443 struct neighbour *neigh;
diff --git a/net/decnet/dn_nsp_in.c b/net/decnet/dn_nsp_in.c
index fe5f01485d33..a321eac9fd0c 100644
--- a/net/decnet/dn_nsp_in.c
+++ b/net/decnet/dn_nsp_in.c
@@ -714,7 +714,7 @@ out:
714 return ret; 714 return ret;
715} 715}
716 716
717static int dn_nsp_rx_packet(struct sk_buff *skb) 717static int dn_nsp_rx_packet(struct sock *sk2, struct sk_buff *skb)
718{ 718{
719 struct dn_skb_cb *cb = DN_SKB_CB(skb); 719 struct dn_skb_cb *cb = DN_SKB_CB(skb);
720 struct sock *sk = NULL; 720 struct sock *sk = NULL;
@@ -814,7 +814,8 @@ free_out:
814 814
815int dn_nsp_rx(struct sk_buff *skb) 815int dn_nsp_rx(struct sk_buff *skb)
816{ 816{
817 return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN, skb, skb->dev, NULL, 817 return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN, NULL, skb,
818 skb->dev, NULL,
818 dn_nsp_rx_packet); 819 dn_nsp_rx_packet);
819} 820}
820 821
diff --git a/net/decnet/dn_route.c b/net/decnet/dn_route.c
index 9ab0c4ba297f..03227ffd19ce 100644
--- a/net/decnet/dn_route.c
+++ b/net/decnet/dn_route.c
@@ -512,7 +512,7 @@ static int dn_return_long(struct sk_buff *skb)
512 * 512 *
513 * Returns: result of input function if route is found, error code otherwise 513 * Returns: result of input function if route is found, error code otherwise
514 */ 514 */
515static int dn_route_rx_packet(struct sk_buff *skb) 515static int dn_route_rx_packet(struct sock *sk, struct sk_buff *skb)
516{ 516{
517 struct dn_skb_cb *cb; 517 struct dn_skb_cb *cb;
518 int err; 518 int err;
@@ -573,7 +573,8 @@ static int dn_route_rx_long(struct sk_buff *skb)
573 ptr++; 573 ptr++;
574 cb->hops = *ptr++; /* Visit Count */ 574 cb->hops = *ptr++; /* Visit Count */
575 575
576 return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, skb, skb->dev, NULL, 576 return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, NULL, skb,
577 skb->dev, NULL,
577 dn_route_rx_packet); 578 dn_route_rx_packet);
578 579
579drop_it: 580drop_it:
@@ -600,7 +601,8 @@ static int dn_route_rx_short(struct sk_buff *skb)
600 ptr += 2; 601 ptr += 2;
601 cb->hops = *ptr & 0x3f; 602 cb->hops = *ptr & 0x3f;
602 603
603 return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, skb, skb->dev, NULL, 604 return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, NULL, skb,
605 skb->dev, NULL,
604 dn_route_rx_packet); 606 dn_route_rx_packet);
605 607
606drop_it: 608drop_it:
@@ -608,7 +610,7 @@ drop_it:
608 return NET_RX_DROP; 610 return NET_RX_DROP;
609} 611}
610 612
611static int dn_route_discard(struct sk_buff *skb) 613static int dn_route_discard(struct sock *sk, struct sk_buff *skb)
612{ 614{
613 /* 615 /*
614 * I know we drop the packet here, but thats considered success in 616 * I know we drop the packet here, but thats considered success in
@@ -618,7 +620,7 @@ static int dn_route_discard(struct sk_buff *skb)
618 return NET_RX_SUCCESS; 620 return NET_RX_SUCCESS;
619} 621}
620 622
621static int dn_route_ptp_hello(struct sk_buff *skb) 623static int dn_route_ptp_hello(struct sock *sk, struct sk_buff *skb)
622{ 624{
623 dn_dev_hello(skb); 625 dn_dev_hello(skb);
624 dn_neigh_pointopoint_hello(skb); 626 dn_neigh_pointopoint_hello(skb);
@@ -704,22 +706,22 @@ int dn_route_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type
704 switch (flags & DN_RT_CNTL_MSK) { 706 switch (flags & DN_RT_CNTL_MSK) {
705 case DN_RT_PKT_HELO: 707 case DN_RT_PKT_HELO:
706 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO, 708 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO,
707 skb, skb->dev, NULL, 709 NULL, skb, skb->dev, NULL,
708 dn_route_ptp_hello); 710 dn_route_ptp_hello);
709 711
710 case DN_RT_PKT_L1RT: 712 case DN_RT_PKT_L1RT:
711 case DN_RT_PKT_L2RT: 713 case DN_RT_PKT_L2RT:
712 return NF_HOOK(NFPROTO_DECNET, NF_DN_ROUTE, 714 return NF_HOOK(NFPROTO_DECNET, NF_DN_ROUTE,
713 skb, skb->dev, NULL, 715 NULL, skb, skb->dev, NULL,
714 dn_route_discard); 716 dn_route_discard);
715 case DN_RT_PKT_ERTH: 717 case DN_RT_PKT_ERTH:
716 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO, 718 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO,
717 skb, skb->dev, NULL, 719 NULL, skb, skb->dev, NULL,
718 dn_neigh_router_hello); 720 dn_neigh_router_hello);
719 721
720 case DN_RT_PKT_EEDH: 722 case DN_RT_PKT_EEDH:
721 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO, 723 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO,
722 skb, skb->dev, NULL, 724 NULL, skb, skb->dev, NULL,
723 dn_neigh_endnode_hello); 725 dn_neigh_endnode_hello);
724 } 726 }
725 } else { 727 } else {
@@ -768,7 +770,8 @@ static int dn_output(struct sock *sk, struct sk_buff *skb)
768 cb->rt_flags |= DN_RT_F_IE; 770 cb->rt_flags |= DN_RT_F_IE;
769 cb->hops = 0; 771 cb->hops = 0;
770 772
771 return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_OUT, skb, NULL, dev, 773 return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_OUT, sk, skb,
774 NULL, dev,
772 dn_to_neigh_output); 775 dn_to_neigh_output);
773 776
774error: 777error:
@@ -816,7 +819,8 @@ static int dn_forward(struct sk_buff *skb)
816 if (rt->rt_flags & RTCF_DOREDIRECT) 819 if (rt->rt_flags & RTCF_DOREDIRECT)
817 cb->rt_flags |= DN_RT_F_IE; 820 cb->rt_flags |= DN_RT_F_IE;
818 821
819 return NF_HOOK(NFPROTO_DECNET, NF_DN_FORWARD, skb, dev, skb->dev, 822 return NF_HOOK(NFPROTO_DECNET, NF_DN_FORWARD, NULL, skb,
823 dev, skb->dev,
820 dn_to_neigh_output); 824 dn_to_neigh_output);
821 825
822drop: 826drop:
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index c6e67aa46c32..933a92820d26 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -591,7 +591,8 @@ EXPORT_SYMBOL(arp_create);
591void arp_xmit(struct sk_buff *skb) 591void arp_xmit(struct sk_buff *skb)
592{ 592{
593 /* Send it off, maybe filter it using firewalling first. */ 593 /* Send it off, maybe filter it using firewalling first. */
594 NF_HOOK(NFPROTO_ARP, NF_ARP_OUT, skb, NULL, skb->dev, dev_queue_xmit); 594 NF_HOOK(NFPROTO_ARP, NF_ARP_OUT, NULL, skb,
595 NULL, skb->dev, dev_queue_xmit_sk);
595} 596}
596EXPORT_SYMBOL(arp_xmit); 597EXPORT_SYMBOL(arp_xmit);
597 598
@@ -625,7 +626,7 @@ EXPORT_SYMBOL(arp_send);
625 * Process an arp request. 626 * Process an arp request.
626 */ 627 */
627 628
628static int arp_process(struct sk_buff *skb) 629static int arp_process(struct sock *sk, struct sk_buff *skb)
629{ 630{
630 struct net_device *dev = skb->dev; 631 struct net_device *dev = skb->dev;
631 struct in_device *in_dev = __in_dev_get_rcu(dev); 632 struct in_device *in_dev = __in_dev_get_rcu(dev);
@@ -846,7 +847,7 @@ out:
846 847
847static void parp_redo(struct sk_buff *skb) 848static void parp_redo(struct sk_buff *skb)
848{ 849{
849 arp_process(skb); 850 arp_process(NULL, skb);
850} 851}
851 852
852 853
@@ -879,7 +880,8 @@ static int arp_rcv(struct sk_buff *skb, struct net_device *dev,
879 880
880 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 881 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
881 882
882 return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); 883 return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, NULL, skb,
884 dev, NULL, arp_process);
883 885
884consumeskb: 886consumeskb:
885 consume_skb(skb); 887 consume_skb(skb);
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index d9bc28ac5d1b..939992c456f3 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -57,7 +57,7 @@ static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
57} 57}
58 58
59 59
60static int ip_forward_finish(struct sk_buff *skb) 60static int ip_forward_finish(struct sock *sk, struct sk_buff *skb)
61{ 61{
62 struct ip_options *opt = &(IPCB(skb)->opt); 62 struct ip_options *opt = &(IPCB(skb)->opt);
63 63
@@ -68,7 +68,7 @@ static int ip_forward_finish(struct sk_buff *skb)
68 ip_forward_options(skb); 68 ip_forward_options(skb);
69 69
70 skb_sender_cpu_clear(skb); 70 skb_sender_cpu_clear(skb);
71 return dst_output(skb); 71 return dst_output_sk(sk, skb);
72} 72}
73 73
74int ip_forward(struct sk_buff *skb) 74int ip_forward(struct sk_buff *skb)
@@ -136,8 +136,8 @@ int ip_forward(struct sk_buff *skb)
136 136
137 skb->priority = rt_tos2priority(iph->tos); 137 skb->priority = rt_tos2priority(iph->tos);
138 138
139 return NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, skb, skb->dev, 139 return NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, NULL, skb,
140 rt->dst.dev, ip_forward_finish); 140 skb->dev, rt->dst.dev, ip_forward_finish);
141 141
142sr_failed: 142sr_failed:
143 /* 143 /*
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 2e0410ed8f16..2db4c8773c1b 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -187,7 +187,7 @@ bool ip_call_ra_chain(struct sk_buff *skb)
187 return false; 187 return false;
188} 188}
189 189
190static int ip_local_deliver_finish(struct sk_buff *skb) 190static int ip_local_deliver_finish(struct sock *sk, struct sk_buff *skb)
191{ 191{
192 struct net *net = dev_net(skb->dev); 192 struct net *net = dev_net(skb->dev);
193 193
@@ -253,7 +253,8 @@ int ip_local_deliver(struct sk_buff *skb)
253 return 0; 253 return 0;
254 } 254 }
255 255
256 return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN, skb, skb->dev, NULL, 256 return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN, NULL, skb,
257 skb->dev, NULL,
257 ip_local_deliver_finish); 258 ip_local_deliver_finish);
258} 259}
259 260
@@ -309,7 +310,7 @@ drop:
309int sysctl_ip_early_demux __read_mostly = 1; 310int sysctl_ip_early_demux __read_mostly = 1;
310EXPORT_SYMBOL(sysctl_ip_early_demux); 311EXPORT_SYMBOL(sysctl_ip_early_demux);
311 312
312static int ip_rcv_finish(struct sk_buff *skb) 313static int ip_rcv_finish(struct sock *sk, struct sk_buff *skb)
313{ 314{
314 const struct iphdr *iph = ip_hdr(skb); 315 const struct iphdr *iph = ip_hdr(skb);
315 struct rtable *rt; 316 struct rtable *rt;
@@ -451,7 +452,8 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
451 /* Must drop socket now because of tproxy. */ 452 /* Must drop socket now because of tproxy. */
452 skb_orphan(skb); 453 skb_orphan(skb);
453 454
454 return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, dev, NULL, 455 return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, NULL, skb,
456 dev, NULL,
455 ip_rcv_finish); 457 ip_rcv_finish);
456 458
457csum_error: 459csum_error:
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 26f6f7956168..5da4d15262fd 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -91,14 +91,19 @@ void ip_send_check(struct iphdr *iph)
91} 91}
92EXPORT_SYMBOL(ip_send_check); 92EXPORT_SYMBOL(ip_send_check);
93 93
94int __ip_local_out(struct sk_buff *skb) 94int __ip_local_out_sk(struct sock *sk, struct sk_buff *skb)
95{ 95{
96 struct iphdr *iph = ip_hdr(skb); 96 struct iphdr *iph = ip_hdr(skb);
97 97
98 iph->tot_len = htons(skb->len); 98 iph->tot_len = htons(skb->len);
99 ip_send_check(iph); 99 ip_send_check(iph);
100 return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, skb, NULL, 100 return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, sk, skb, NULL,
101 skb_dst(skb)->dev, dst_output); 101 skb_dst(skb)->dev, dst_output_sk);
102}
103
104int __ip_local_out(struct sk_buff *skb)
105{
106 return __ip_local_out_sk(skb->sk, skb);
102} 107}
103 108
104int ip_local_out_sk(struct sock *sk, struct sk_buff *skb) 109int ip_local_out_sk(struct sock *sk, struct sk_buff *skb)
@@ -163,7 +168,7 @@ int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk,
163} 168}
164EXPORT_SYMBOL_GPL(ip_build_and_send_pkt); 169EXPORT_SYMBOL_GPL(ip_build_and_send_pkt);
165 170
166static inline int ip_finish_output2(struct sk_buff *skb) 171static inline int ip_finish_output2(struct sock *sk, struct sk_buff *skb)
167{ 172{
168 struct dst_entry *dst = skb_dst(skb); 173 struct dst_entry *dst = skb_dst(skb);
169 struct rtable *rt = (struct rtable *)dst; 174 struct rtable *rt = (struct rtable *)dst;
@@ -211,7 +216,7 @@ static inline int ip_finish_output2(struct sk_buff *skb)
211 return -EINVAL; 216 return -EINVAL;
212} 217}
213 218
214static int ip_finish_output_gso(struct sk_buff *skb) 219static int ip_finish_output_gso(struct sock *sk, struct sk_buff *skb)
215{ 220{
216 netdev_features_t features; 221 netdev_features_t features;
217 struct sk_buff *segs; 222 struct sk_buff *segs;
@@ -220,7 +225,7 @@ static int ip_finish_output_gso(struct sk_buff *skb)
220 /* common case: locally created skb or seglen is <= mtu */ 225 /* common case: locally created skb or seglen is <= mtu */
221 if (((IPCB(skb)->flags & IPSKB_FORWARDED) == 0) || 226 if (((IPCB(skb)->flags & IPSKB_FORWARDED) == 0) ||
222 skb_gso_network_seglen(skb) <= ip_skb_dst_mtu(skb)) 227 skb_gso_network_seglen(skb) <= ip_skb_dst_mtu(skb))
223 return ip_finish_output2(skb); 228 return ip_finish_output2(sk, skb);
224 229
225 /* Slowpath - GSO segment length is exceeding the dst MTU. 230 /* Slowpath - GSO segment length is exceeding the dst MTU.
226 * 231 *
@@ -243,7 +248,7 @@ static int ip_finish_output_gso(struct sk_buff *skb)
243 int err; 248 int err;
244 249
245 segs->next = NULL; 250 segs->next = NULL;
246 err = ip_fragment(segs, ip_finish_output2); 251 err = ip_fragment(sk, segs, ip_finish_output2);
247 252
248 if (err && ret == 0) 253 if (err && ret == 0)
249 ret = err; 254 ret = err;
@@ -253,22 +258,22 @@ static int ip_finish_output_gso(struct sk_buff *skb)
253 return ret; 258 return ret;
254} 259}
255 260
256static int ip_finish_output(struct sk_buff *skb) 261static int ip_finish_output(struct sock *sk, struct sk_buff *skb)
257{ 262{
258#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM) 263#if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
259 /* Policy lookup after SNAT yielded a new policy */ 264 /* Policy lookup after SNAT yielded a new policy */
260 if (skb_dst(skb)->xfrm) { 265 if (skb_dst(skb)->xfrm) {
261 IPCB(skb)->flags |= IPSKB_REROUTED; 266 IPCB(skb)->flags |= IPSKB_REROUTED;
262 return dst_output(skb); 267 return dst_output_sk(sk, skb);
263 } 268 }
264#endif 269#endif
265 if (skb_is_gso(skb)) 270 if (skb_is_gso(skb))
266 return ip_finish_output_gso(skb); 271 return ip_finish_output_gso(sk, skb);
267 272
268 if (skb->len > ip_skb_dst_mtu(skb)) 273 if (skb->len > ip_skb_dst_mtu(skb))
269 return ip_fragment(skb, ip_finish_output2); 274 return ip_fragment(sk, skb, ip_finish_output2);
270 275
271 return ip_finish_output2(skb); 276 return ip_finish_output2(sk, skb);
272} 277}
273 278
274int ip_mc_output(struct sock *sk, struct sk_buff *skb) 279int ip_mc_output(struct sock *sk, struct sk_buff *skb)
@@ -307,7 +312,7 @@ int ip_mc_output(struct sock *sk, struct sk_buff *skb)
307 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 312 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
308 if (newskb) 313 if (newskb)
309 NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING, 314 NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING,
310 newskb, NULL, newskb->dev, 315 sk, newskb, NULL, newskb->dev,
311 dev_loopback_xmit); 316 dev_loopback_xmit);
312 } 317 }
313 318
@@ -322,11 +327,11 @@ int ip_mc_output(struct sock *sk, struct sk_buff *skb)
322 if (rt->rt_flags&RTCF_BROADCAST) { 327 if (rt->rt_flags&RTCF_BROADCAST) {
323 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 328 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
324 if (newskb) 329 if (newskb)
325 NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING, newskb, 330 NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING, sk, newskb,
326 NULL, newskb->dev, dev_loopback_xmit); 331 NULL, newskb->dev, dev_loopback_xmit);
327 } 332 }
328 333
329 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, NULL, 334 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, sk, skb, NULL,
330 skb->dev, ip_finish_output, 335 skb->dev, ip_finish_output,
331 !(IPCB(skb)->flags & IPSKB_REROUTED)); 336 !(IPCB(skb)->flags & IPSKB_REROUTED));
332} 337}
@@ -340,7 +345,8 @@ int ip_output(struct sock *sk, struct sk_buff *skb)
340 skb->dev = dev; 345 skb->dev = dev;
341 skb->protocol = htons(ETH_P_IP); 346 skb->protocol = htons(ETH_P_IP);
342 347
343 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, NULL, dev, 348 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, sk, skb,
349 NULL, dev,
344 ip_finish_output, 350 ip_finish_output,
345 !(IPCB(skb)->flags & IPSKB_REROUTED)); 351 !(IPCB(skb)->flags & IPSKB_REROUTED));
346} 352}
@@ -480,7 +486,8 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
480 * single device frame, and queue such a frame for sending. 486 * single device frame, and queue such a frame for sending.
481 */ 487 */
482 488
483int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 489int ip_fragment(struct sock *sk, struct sk_buff *skb,
490 int (*output)(struct sock *, struct sk_buff *))
484{ 491{
485 struct iphdr *iph; 492 struct iphdr *iph;
486 int ptr; 493 int ptr;
@@ -593,7 +600,7 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
593 ip_send_check(iph); 600 ip_send_check(iph);
594 } 601 }
595 602
596 err = output(skb); 603 err = output(sk, skb);
597 604
598 if (!err) 605 if (!err)
599 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES); 606 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES);
@@ -730,7 +737,7 @@ slow_path:
730 737
731 ip_send_check(iph); 738 ip_send_check(iph);
732 739
733 err = output(skb2); 740 err = output(sk, skb2);
734 if (err) 741 if (err)
735 goto fail; 742 goto fail;
736 743
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 5f17d0e78071..3a2c0162c3ba 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1679,7 +1679,7 @@ static void ip_encap(struct net *net, struct sk_buff *skb,
1679 nf_reset(skb); 1679 nf_reset(skb);
1680} 1680}
1681 1681
1682static inline int ipmr_forward_finish(struct sk_buff *skb) 1682static inline int ipmr_forward_finish(struct sock *sk, struct sk_buff *skb)
1683{ 1683{
1684 struct ip_options *opt = &(IPCB(skb)->opt); 1684 struct ip_options *opt = &(IPCB(skb)->opt);
1685 1685
@@ -1689,7 +1689,7 @@ static inline int ipmr_forward_finish(struct sk_buff *skb)
1689 if (unlikely(opt->optlen)) 1689 if (unlikely(opt->optlen))
1690 ip_forward_options(skb); 1690 ip_forward_options(skb);
1691 1691
1692 return dst_output(skb); 1692 return dst_output_sk(sk, skb);
1693} 1693}
1694 1694
1695/* 1695/*
@@ -1788,7 +1788,8 @@ static void ipmr_queue_xmit(struct net *net, struct mr_table *mrt,
1788 * not mrouter) cannot join to more than one interface - it will 1788 * not mrouter) cannot join to more than one interface - it will
1789 * result in receiving multiple packets. 1789 * result in receiving multiple packets.
1790 */ 1790 */
1791 NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, skb, skb->dev, dev, 1791 NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, NULL, skb,
1792 skb->dev, dev,
1792 ipmr_forward_finish); 1793 ipmr_forward_finish);
1793 return; 1794 return;
1794 1795
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 6d0fa8fb8af0..c0bb648fb2f9 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -412,8 +412,8 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4,
412 icmp_out_count(net, ((struct icmphdr *) 412 icmp_out_count(net, ((struct icmphdr *)
413 skb_transport_header(skb))->type); 413 skb_transport_header(skb))->type);
414 414
415 err = NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, skb, NULL, 415 err = NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, sk, skb,
416 rt->dst.dev, dst_output); 416 NULL, rt->dst.dev, dst_output_sk);
417 if (err > 0) 417 if (err > 0)
418 err = net_xmit_errno(err); 418 err = net_xmit_errno(err);
419 if (err) 419 if (err)
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index cac7468db0a1..60b032f58ccc 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -22,7 +22,7 @@ int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb)
22 return xfrm4_extract_header(skb); 22 return xfrm4_extract_header(skb);
23} 23}
24 24
25static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb) 25static inline int xfrm4_rcv_encap_finish(struct sock *sk, struct sk_buff *skb)
26{ 26{
27 if (!skb_dst(skb)) { 27 if (!skb_dst(skb)) {
28 const struct iphdr *iph = ip_hdr(skb); 28 const struct iphdr *iph = ip_hdr(skb);
@@ -52,7 +52,8 @@ int xfrm4_transport_finish(struct sk_buff *skb, int async)
52 iph->tot_len = htons(skb->len); 52 iph->tot_len = htons(skb->len);
53 ip_send_check(iph); 53 ip_send_check(iph);
54 54
55 NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, 55 NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, NULL, skb,
56 skb->dev, NULL,
56 xfrm4_rcv_encap_finish); 57 xfrm4_rcv_encap_finish);
57 return 0; 58 return 0;
58} 59}
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index dab73813cb92..2878dbfffeb7 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -69,7 +69,7 @@ int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
69} 69}
70EXPORT_SYMBOL(xfrm4_prepare_output); 70EXPORT_SYMBOL(xfrm4_prepare_output);
71 71
72int xfrm4_output_finish(struct sk_buff *skb) 72int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb)
73{ 73{
74 memset(IPCB(skb), 0, sizeof(*IPCB(skb))); 74 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
75 75
@@ -77,26 +77,26 @@ int xfrm4_output_finish(struct sk_buff *skb)
77 IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED; 77 IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED;
78#endif 78#endif
79 79
80 return xfrm_output(skb); 80 return xfrm_output(sk, skb);
81} 81}
82 82
83static int __xfrm4_output(struct sk_buff *skb) 83static int __xfrm4_output(struct sock *sk, struct sk_buff *skb)
84{ 84{
85 struct xfrm_state *x = skb_dst(skb)->xfrm; 85 struct xfrm_state *x = skb_dst(skb)->xfrm;
86 86
87#ifdef CONFIG_NETFILTER 87#ifdef CONFIG_NETFILTER
88 if (!x) { 88 if (!x) {
89 IPCB(skb)->flags |= IPSKB_REROUTED; 89 IPCB(skb)->flags |= IPSKB_REROUTED;
90 return dst_output(skb); 90 return dst_output_sk(sk, skb);
91 } 91 }
92#endif 92#endif
93 93
94 return x->outer_mode->afinfo->output_finish(skb); 94 return x->outer_mode->afinfo->output_finish(sk, skb);
95} 95}
96 96
97int xfrm4_output(struct sock *sk, struct sk_buff *skb) 97int xfrm4_output(struct sock *sk, struct sk_buff *skb)
98{ 98{
99 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, 99 return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, sk, skb,
100 NULL, skb_dst(skb)->dev, __xfrm4_output, 100 NULL, skb_dst(skb)->dev, __xfrm4_output,
101 !(IPCB(skb)->flags & IPSKB_REROUTED)); 101 !(IPCB(skb)->flags & IPSKB_REROUTED));
102} 102}
diff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
index fb97f7f8d4ed..f2e464eba5ef 100644
--- a/net/ipv6/ip6_input.c
+++ b/net/ipv6/ip6_input.c
@@ -46,8 +46,7 @@
46#include <net/xfrm.h> 46#include <net/xfrm.h>
47#include <net/inet_ecn.h> 47#include <net/inet_ecn.h>
48 48
49 49int ip6_rcv_finish(struct sock *sk, struct sk_buff *skb)
50int ip6_rcv_finish(struct sk_buff *skb)
51{ 50{
52 if (sysctl_ip_early_demux && !skb_dst(skb) && skb->sk == NULL) { 51 if (sysctl_ip_early_demux && !skb_dst(skb) && skb->sk == NULL) {
53 const struct inet6_protocol *ipprot; 52 const struct inet6_protocol *ipprot;
@@ -183,7 +182,8 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
183 /* Must drop socket now because of tproxy. */ 182 /* Must drop socket now because of tproxy. */
184 skb_orphan(skb); 183 skb_orphan(skb);
185 184
186 return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, dev, NULL, 185 return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, NULL, skb,
186 dev, NULL,
187 ip6_rcv_finish); 187 ip6_rcv_finish);
188err: 188err:
189 IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INHDRERRORS); 189 IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INHDRERRORS);
@@ -198,7 +198,7 @@ drop:
198 */ 198 */
199 199
200 200
201static int ip6_input_finish(struct sk_buff *skb) 201static int ip6_input_finish(struct sock *sk, struct sk_buff *skb)
202{ 202{
203 struct net *net = dev_net(skb_dst(skb)->dev); 203 struct net *net = dev_net(skb_dst(skb)->dev);
204 const struct inet6_protocol *ipprot; 204 const struct inet6_protocol *ipprot;
@@ -277,7 +277,8 @@ discard:
277 277
278int ip6_input(struct sk_buff *skb) 278int ip6_input(struct sk_buff *skb)
279{ 279{
280 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_IN, skb, skb->dev, NULL, 280 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_IN, NULL, skb,
281 skb->dev, NULL,
281 ip6_input_finish); 282 ip6_input_finish);
282} 283}
283 284
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 654f245aa930..7fde1f265c90 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -56,7 +56,7 @@
56#include <net/checksum.h> 56#include <net/checksum.h>
57#include <linux/mroute6.h> 57#include <linux/mroute6.h>
58 58
59static int ip6_finish_output2(struct sk_buff *skb) 59static int ip6_finish_output2(struct sock *sk, struct sk_buff *skb)
60{ 60{
61 struct dst_entry *dst = skb_dst(skb); 61 struct dst_entry *dst = skb_dst(skb);
62 struct net_device *dev = dst->dev; 62 struct net_device *dev = dst->dev;
@@ -70,7 +70,7 @@ static int ip6_finish_output2(struct sk_buff *skb)
70 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { 70 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
71 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 71 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
72 72
73 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) && 73 if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) &&
74 ((mroute6_socket(dev_net(dev), skb) && 74 ((mroute6_socket(dev_net(dev), skb) &&
75 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || 75 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
76 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, 76 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
@@ -82,7 +82,7 @@ static int ip6_finish_output2(struct sk_buff *skb)
82 */ 82 */
83 if (newskb) 83 if (newskb)
84 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, 84 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
85 newskb, NULL, newskb->dev, 85 sk, newskb, NULL, newskb->dev,
86 dev_loopback_xmit); 86 dev_loopback_xmit);
87 87
88 if (ipv6_hdr(skb)->hop_limit == 0) { 88 if (ipv6_hdr(skb)->hop_limit == 0) {
@@ -122,14 +122,14 @@ static int ip6_finish_output2(struct sk_buff *skb)
122 return -EINVAL; 122 return -EINVAL;
123} 123}
124 124
125static int ip6_finish_output(struct sk_buff *skb) 125static int ip6_finish_output(struct sock *sk, struct sk_buff *skb)
126{ 126{
127 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 127 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) ||
128 dst_allfrag(skb_dst(skb)) || 128 dst_allfrag(skb_dst(skb)) ||
129 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size)) 129 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size))
130 return ip6_fragment(skb, ip6_finish_output2); 130 return ip6_fragment(sk, skb, ip6_finish_output2);
131 else 131 else
132 return ip6_finish_output2(skb); 132 return ip6_finish_output2(sk, skb);
133} 133}
134 134
135int ip6_output(struct sock *sk, struct sk_buff *skb) 135int ip6_output(struct sock *sk, struct sk_buff *skb)
@@ -143,7 +143,8 @@ int ip6_output(struct sock *sk, struct sk_buff *skb)
143 return 0; 143 return 0;
144 } 144 }
145 145
146 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev, 146 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, sk, skb,
147 NULL, dev,
147 ip6_finish_output, 148 ip6_finish_output,
148 !(IP6CB(skb)->flags & IP6SKB_REROUTED)); 149 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
149} 150}
@@ -223,8 +224,8 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
223 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) { 224 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
224 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)), 225 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)),
225 IPSTATS_MIB_OUT, skb->len); 226 IPSTATS_MIB_OUT, skb->len);
226 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 227 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb,
227 dst->dev, dst_output); 228 NULL, dst->dev, dst_output_sk);
228 } 229 }
229 230
230 skb->dev = dst->dev; 231 skb->dev = dst->dev;
@@ -316,10 +317,10 @@ static int ip6_forward_proxy_check(struct sk_buff *skb)
316 return 0; 317 return 0;
317} 318}
318 319
319static inline int ip6_forward_finish(struct sk_buff *skb) 320static inline int ip6_forward_finish(struct sock *sk, struct sk_buff *skb)
320{ 321{
321 skb_sender_cpu_clear(skb); 322 skb_sender_cpu_clear(skb);
322 return dst_output(skb); 323 return dst_output_sk(sk, skb);
323} 324}
324 325
325static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst) 326static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst)
@@ -511,7 +512,8 @@ int ip6_forward(struct sk_buff *skb)
511 512
512 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); 513 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS);
513 IP6_ADD_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); 514 IP6_ADD_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len);
514 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev, 515 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, NULL, skb,
516 skb->dev, dst->dev,
515 ip6_forward_finish); 517 ip6_forward_finish);
516 518
517error: 519error:
@@ -538,7 +540,8 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from)
538 skb_copy_secmark(to, from); 540 skb_copy_secmark(to, from);
539} 541}
540 542
541int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 543int ip6_fragment(struct sock *sk, struct sk_buff *skb,
544 int (*output)(struct sock *, struct sk_buff *))
542{ 545{
543 struct sk_buff *frag; 546 struct sk_buff *frag;
544 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb); 547 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb);
@@ -667,7 +670,7 @@ int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
667 ip6_copy_metadata(frag, skb); 670 ip6_copy_metadata(frag, skb);
668 } 671 }
669 672
670 err = output(skb); 673 err = output(sk, skb);
671 if (!err) 674 if (!err)
672 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 675 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst),
673 IPSTATS_MIB_FRAGCREATES); 676 IPSTATS_MIB_FRAGCREATES);
@@ -800,7 +803,7 @@ slow_path:
800 /* 803 /*
801 * Put this fragment into the sending queue. 804 * Put this fragment into the sending queue.
802 */ 805 */
803 err = output(frag); 806 err = output(sk, frag);
804 if (err) 807 if (err)
805 goto fail; 808 goto fail;
806 809
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 8493a22e74eb..74ceb73c1c9a 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -1986,13 +1986,13 @@ int ip6mr_compat_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
1986} 1986}
1987#endif 1987#endif
1988 1988
1989static inline int ip6mr_forward2_finish(struct sk_buff *skb) 1989static inline int ip6mr_forward2_finish(struct sock *sk, struct sk_buff *skb)
1990{ 1990{
1991 IP6_INC_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)), 1991 IP6_INC_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)),
1992 IPSTATS_MIB_OUTFORWDATAGRAMS); 1992 IPSTATS_MIB_OUTFORWDATAGRAMS);
1993 IP6_ADD_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)), 1993 IP6_ADD_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)),
1994 IPSTATS_MIB_OUTOCTETS, skb->len); 1994 IPSTATS_MIB_OUTOCTETS, skb->len);
1995 return dst_output(skb); 1995 return dst_output_sk(sk, skb);
1996} 1996}
1997 1997
1998/* 1998/*
@@ -2064,7 +2064,8 @@ static int ip6mr_forward2(struct net *net, struct mr6_table *mrt,
2064 2064
2065 IP6CB(skb)->flags |= IP6SKB_FORWARDED; 2065 IP6CB(skb)->flags |= IP6SKB_FORWARDED;
2066 2066
2067 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dev, 2067 return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, NULL, skb,
2068 skb->dev, dev,
2068 ip6mr_forward2_finish); 2069 ip6mr_forward2_finish);
2069 2070
2070out_free: 2071out_free:
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index fac1f27e428e..083b2927fc67 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1644,8 +1644,9 @@ static void mld_sendpack(struct sk_buff *skb)
1644 1644
1645 payload_len = skb->len; 1645 payload_len = skb->len;
1646 1646
1647 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev, 1647 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
1648 dst_output); 1648 net->ipv6.igmp_sk, skb, NULL, skb->dev,
1649 dst_output_sk);
1649out: 1650out:
1650 if (!err) { 1651 if (!err) {
1651 ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT); 1652 ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT);
@@ -2007,8 +2008,8 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
2007 } 2008 }
2008 2009
2009 skb_dst_set(skb, dst); 2010 skb_dst_set(skb, dst);
2010 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev, 2011 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb,
2011 dst_output); 2012 NULL, skb->dev, dst_output_sk);
2012out: 2013out:
2013 if (!err) { 2014 if (!err) {
2014 ICMP6MSGOUT_INC_STATS(net, idev, type); 2015 ICMP6MSGOUT_INC_STATS(net, idev, type);
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 71fde6cafb35..96f153c0846b 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -463,8 +463,9 @@ static void ndisc_send_skb(struct sk_buff *skb,
463 idev = __in6_dev_get(dst->dev); 463 idev = __in6_dev_get(dst->dev);
464 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 464 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
465 465
466 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 466 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb,
467 dst_output); 467 NULL, dst->dev,
468 dst_output_sk);
468 if (!err) { 469 if (!err) {
469 ICMP6MSGOUT_INC_STATS(net, idev, type); 470 ICMP6MSGOUT_INC_STATS(net, idev, type);
470 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 471 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
index e2b882056751..a45db0b4785c 100644
--- a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
+++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
@@ -75,7 +75,7 @@ static unsigned int ipv6_defrag(const struct nf_hook_ops *ops,
75 75
76 nf_ct_frag6_consume_orig(reasm); 76 nf_ct_frag6_consume_orig(reasm);
77 77
78 NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, reasm, 78 NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, state->sk, reasm,
79 state->in, state->out, 79 state->in, state->out,
80 state->okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1); 80 state->okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1);
81 81
diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c
index 4016a6ef9d61..7d1131dc29fe 100644
--- a/net/ipv6/output_core.c
+++ b/net/ipv6/output_core.c
@@ -146,8 +146,8 @@ int __ip6_local_out(struct sk_buff *skb)
146 ipv6_hdr(skb)->payload_len = htons(len); 146 ipv6_hdr(skb)->payload_len = htons(len);
147 IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); 147 IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
148 148
149 return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 149 return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb->sk, skb,
150 skb_dst(skb)->dev, dst_output); 150 NULL, skb_dst(skb)->dev, dst_output_sk);
151} 151}
152EXPORT_SYMBOL_GPL(__ip6_local_out); 152EXPORT_SYMBOL_GPL(__ip6_local_out);
153 153
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 79ccdb4c1b33..8072bd4139b7 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -652,8 +652,8 @@ static int rawv6_send_hdrinc(struct sock *sk, struct msghdr *msg, int length,
652 goto error_fault; 652 goto error_fault;
653 653
654 IP6_UPD_PO_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len); 654 IP6_UPD_PO_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
655 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 655 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb,
656 rt->dst.dev, dst_output); 656 NULL, rt->dst.dev, dst_output_sk);
657 if (err > 0) 657 if (err > 0)
658 err = net_xmit_errno(err); 658 err = net_xmit_errno(err);
659 if (err) 659 if (err)
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c
index f48fbe4d16f5..74bd17882a2f 100644
--- a/net/ipv6/xfrm6_input.c
+++ b/net/ipv6/xfrm6_input.c
@@ -42,7 +42,8 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async)
42 ipv6_hdr(skb)->payload_len = htons(skb->len); 42 ipv6_hdr(skb)->payload_len = htons(skb->len);
43 __skb_push(skb, skb->data - skb_network_header(skb)); 43 __skb_push(skb, skb->data - skb_network_header(skb));
44 44
45 NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, 45 NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, NULL, skb,
46 skb->dev, NULL,
46 ip6_rcv_finish); 47 ip6_rcv_finish);
47 return -1; 48 return -1;
48} 49}
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 010f8bd2d577..09c76a7b474d 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -120,7 +120,7 @@ int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
120} 120}
121EXPORT_SYMBOL(xfrm6_prepare_output); 121EXPORT_SYMBOL(xfrm6_prepare_output);
122 122
123int xfrm6_output_finish(struct sk_buff *skb) 123int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb)
124{ 124{
125 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb))); 125 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
126 126
@@ -128,10 +128,10 @@ int xfrm6_output_finish(struct sk_buff *skb)
128 IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED; 128 IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED;
129#endif 129#endif
130 130
131 return xfrm_output(skb); 131 return xfrm_output(sk, skb);
132} 132}
133 133
134static int __xfrm6_output(struct sk_buff *skb) 134static int __xfrm6_output(struct sock *sk, struct sk_buff *skb)
135{ 135{
136 struct dst_entry *dst = skb_dst(skb); 136 struct dst_entry *dst = skb_dst(skb);
137 struct xfrm_state *x = dst->xfrm; 137 struct xfrm_state *x = dst->xfrm;
@@ -140,7 +140,7 @@ static int __xfrm6_output(struct sk_buff *skb)
140#ifdef CONFIG_NETFILTER 140#ifdef CONFIG_NETFILTER
141 if (!x) { 141 if (!x) {
142 IP6CB(skb)->flags |= IP6SKB_REROUTED; 142 IP6CB(skb)->flags |= IP6SKB_REROUTED;
143 return dst_output(skb); 143 return dst_output_sk(sk, skb);
144 } 144 }
145#endif 145#endif
146 146
@@ -160,14 +160,15 @@ static int __xfrm6_output(struct sk_buff *skb)
160 if (x->props.mode == XFRM_MODE_TUNNEL && 160 if (x->props.mode == XFRM_MODE_TUNNEL &&
161 ((skb->len > mtu && !skb_is_gso(skb)) || 161 ((skb->len > mtu && !skb_is_gso(skb)) ||
162 dst_allfrag(skb_dst(skb)))) { 162 dst_allfrag(skb_dst(skb)))) {
163 return ip6_fragment(skb, x->outer_mode->afinfo->output_finish); 163 return ip6_fragment(sk, skb,
164 x->outer_mode->afinfo->output_finish);
164 } 165 }
165 return x->outer_mode->afinfo->output_finish(skb); 166 return x->outer_mode->afinfo->output_finish(sk, skb);
166} 167}
167 168
168int xfrm6_output(struct sock *sk, struct sk_buff *skb) 169int xfrm6_output(struct sock *sk, struct sk_buff *skb)
169{ 170{
170 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, 171 return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, sk, skb,
171 NULL, skb_dst(skb)->dev, __xfrm6_output, 172 NULL, skb_dst(skb)->dev, __xfrm6_output,
172 !(IP6CB(skb)->flags & IP6SKB_REROUTED)); 173 !(IP6CB(skb)->flags & IP6SKB_REROUTED));
173} 174}
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index bf02932b7188..19986ec5f21a 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -536,8 +536,8 @@ static inline int ip_vs_nat_send_or_cont(int pf, struct sk_buff *skb,
536 ip_vs_update_conntrack(skb, cp, 1); 536 ip_vs_update_conntrack(skb, cp, 1);
537 if (!local) { 537 if (!local) {
538 skb_forward_csum(skb); 538 skb_forward_csum(skb);
539 NF_HOOK(pf, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev, 539 NF_HOOK(pf, NF_INET_LOCAL_OUT, NULL, skb,
540 dst_output); 540 NULL, skb_dst(skb)->dev, dst_output_sk);
541 } else 541 } else
542 ret = NF_ACCEPT; 542 ret = NF_ACCEPT;
543 return ret; 543 return ret;
@@ -554,8 +554,8 @@ static inline int ip_vs_send_or_cont(int pf, struct sk_buff *skb,
554 ip_vs_notrack(skb); 554 ip_vs_notrack(skb);
555 if (!local) { 555 if (!local) {
556 skb_forward_csum(skb); 556 skb_forward_csum(skb);
557 NF_HOOK(pf, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev, 557 NF_HOOK(pf, NF_INET_LOCAL_OUT, NULL, skb,
558 dst_output); 558 NULL, skb_dst(skb)->dev, dst_output_sk);
559 } else 559 } else
560 ret = NF_ACCEPT; 560 ret = NF_ACCEPT;
561 return ret; 561 return ret;
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index c4a706678f88..3f3ac57b2998 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -202,7 +202,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
202 case NF_ACCEPT: 202 case NF_ACCEPT:
203 case NF_STOP: 203 case NF_STOP:
204 local_bh_disable(); 204 local_bh_disable();
205 entry->state.okfn(skb); 205 entry->state.okfn(entry->state.sk, skb);
206 local_bh_enable(); 206 local_bh_enable();
207 break; 207 break;
208 case NF_QUEUE: 208 case NF_QUEUE:
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 7c532856b398..fbcedbe33190 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -19,7 +19,7 @@
19#include <net/dst.h> 19#include <net/dst.h>
20#include <net/xfrm.h> 20#include <net/xfrm.h>
21 21
22static int xfrm_output2(struct sk_buff *skb); 22static int xfrm_output2(struct sock *sk, struct sk_buff *skb);
23 23
24static int xfrm_skb_check_space(struct sk_buff *skb) 24static int xfrm_skb_check_space(struct sk_buff *skb)
25{ 25{
@@ -130,7 +130,7 @@ int xfrm_output_resume(struct sk_buff *skb, int err)
130 return dst_output(skb); 130 return dst_output(skb);
131 131
132 err = nf_hook(skb_dst(skb)->ops->family, 132 err = nf_hook(skb_dst(skb)->ops->family,
133 NF_INET_POST_ROUTING, skb, 133 NF_INET_POST_ROUTING, skb->sk, skb,
134 NULL, skb_dst(skb)->dev, xfrm_output2); 134 NULL, skb_dst(skb)->dev, xfrm_output2);
135 if (unlikely(err != 1)) 135 if (unlikely(err != 1))
136 goto out; 136 goto out;
@@ -144,12 +144,12 @@ out:
144} 144}
145EXPORT_SYMBOL_GPL(xfrm_output_resume); 145EXPORT_SYMBOL_GPL(xfrm_output_resume);
146 146
147static int xfrm_output2(struct sk_buff *skb) 147static int xfrm_output2(struct sock *sk, struct sk_buff *skb)
148{ 148{
149 return xfrm_output_resume(skb, 1); 149 return xfrm_output_resume(skb, 1);
150} 150}
151 151
152static int xfrm_output_gso(struct sk_buff *skb) 152static int xfrm_output_gso(struct sock *sk, struct sk_buff *skb)
153{ 153{
154 struct sk_buff *segs; 154 struct sk_buff *segs;
155 155
@@ -165,7 +165,7 @@ static int xfrm_output_gso(struct sk_buff *skb)
165 int err; 165 int err;
166 166
167 segs->next = NULL; 167 segs->next = NULL;
168 err = xfrm_output2(segs); 168 err = xfrm_output2(sk, segs);
169 169
170 if (unlikely(err)) { 170 if (unlikely(err)) {
171 kfree_skb_list(nskb); 171 kfree_skb_list(nskb);
@@ -178,13 +178,13 @@ static int xfrm_output_gso(struct sk_buff *skb)
178 return 0; 178 return 0;
179} 179}
180 180
181int xfrm_output(struct sk_buff *skb) 181int xfrm_output(struct sock *sk, struct sk_buff *skb)
182{ 182{
183 struct net *net = dev_net(skb_dst(skb)->dev); 183 struct net *net = dev_net(skb_dst(skb)->dev);
184 int err; 184 int err;
185 185
186 if (skb_is_gso(skb)) 186 if (skb_is_gso(skb))
187 return xfrm_output_gso(skb); 187 return xfrm_output_gso(sk, skb);
188 188
189 if (skb->ip_summed == CHECKSUM_PARTIAL) { 189 if (skb->ip_summed == CHECKSUM_PARTIAL) {
190 err = skb_checksum_help(skb); 190 err = skb_checksum_help(skb);
@@ -195,7 +195,7 @@ int xfrm_output(struct sk_buff *skb)
195 } 195 }
196 } 196 }
197 197
198 return xfrm_output2(skb); 198 return xfrm_output2(sk, skb);
199} 199}
200EXPORT_SYMBOL_GPL(xfrm_output); 200EXPORT_SYMBOL_GPL(xfrm_output);
201 201
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-09 23:08:54 -0500