netfilter: xt_TCPMSS: lookup route from proper net namespace

Otherwise the pmtu will be incorrect.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 5 insertions, 3 deletions

diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
index 62776de8293c..e762de5ee89b 100644
--- a/net/netfilter/xt_TCPMSS.c
+++ b/net/netfilter/xt_TCPMSS.c
@@ -43,7 +43,8 @@ optlen(const u_int8_t *opt, unsigned int offset)
                 return opt[offset+1];
 }
 
-static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
+static u_int32_t tcpmss_reverse_mtu(struct net *net,
+                                    const struct sk_buff *skb,
                                     unsigned int family)
 {
         struct flowi fl;
@@ -64,7 +65,7 @@ static u_int32_t tcpmss_reverse_mtu(const struct sk_buff *skb,
         rcu_read_lock();
         ai = nf_get_afinfo(family);
         if (ai != NULL)
-                ai->route(&init_net, (struct dst_entry **)&rt, &fl, false);
+                ai->route(net, (struct dst_entry **)&rt, &fl, false);
         rcu_read_unlock();
 
         if (rt != NULL) {
@@ -107,7 +108,8 @@ tcpmss_mangle_packet(struct sk_buff *skb,
                 return -1;
 
         if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
-                unsigned int in_mtu = tcpmss_reverse_mtu(skb, family);
+                struct net *net = dev_net(par->in ? par->in : par->out);
+                unsigned int in_mtu = tcpmss_reverse_mtu(net, skb, family);
 
                 if (dst_mtu(skb_dst(skb)) <= minlen) {
                         net_err_ratelimited("unknown or invalid path-MTU (%u)\n",