diff options
author | David S. Miller <davem@davemloft.net> | 2015-04-07 15:29:30 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-04-07 15:29:30 -0400 |
commit | e0e8db2f89bac4529fa12dde2595d6295e313952 (patch) | |
tree | 8cfacda45a2b3d12a3831511199a13d33f245890 /net/ipv4/xfrm4_output.c | |
parent | a3786a5ff7551d03029219f93306106d0a6bdf55 (diff) | |
parent | 79b16aadea32cce077acbe9e229fcb58a7801687 (diff) |
Merge branch 'udp_tunnel_sk'
Prevent UDP tunnels from operating on garbage socket
So this should do the rest of the work such that when we encapsulate
into a UDP tunnel, the output path works on the UDP tunnel's socket
rather than skb->sk.
Part of this work is based upon changes done by Jiri Pirko some time
ago.
Basically the first step is to pass the socket through the nf_hook
okfn(), and then next we do the same for the UDP tunnel xmit routines.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/xfrm4_output.c')
-rw-r--r-- | net/ipv4/xfrm4_output.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c index dab73813cb92..2878dbfffeb7 100644 --- a/net/ipv4/xfrm4_output.c +++ b/net/ipv4/xfrm4_output.c | |||
@@ -69,7 +69,7 @@ int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb) | |||
69 | } | 69 | } |
70 | EXPORT_SYMBOL(xfrm4_prepare_output); | 70 | EXPORT_SYMBOL(xfrm4_prepare_output); |
71 | 71 | ||
72 | int xfrm4_output_finish(struct sk_buff *skb) | 72 | int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb) |
73 | { | 73 | { |
74 | memset(IPCB(skb), 0, sizeof(*IPCB(skb))); | 74 | memset(IPCB(skb), 0, sizeof(*IPCB(skb))); |
75 | 75 | ||
@@ -77,26 +77,26 @@ int xfrm4_output_finish(struct sk_buff *skb) | |||
77 | IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED; | 77 | IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED; |
78 | #endif | 78 | #endif |
79 | 79 | ||
80 | return xfrm_output(skb); | 80 | return xfrm_output(sk, skb); |
81 | } | 81 | } |
82 | 82 | ||
83 | static int __xfrm4_output(struct sk_buff *skb) | 83 | static int __xfrm4_output(struct sock *sk, struct sk_buff *skb) |
84 | { | 84 | { |
85 | struct xfrm_state *x = skb_dst(skb)->xfrm; | 85 | struct xfrm_state *x = skb_dst(skb)->xfrm; |
86 | 86 | ||
87 | #ifdef CONFIG_NETFILTER | 87 | #ifdef CONFIG_NETFILTER |
88 | if (!x) { | 88 | if (!x) { |
89 | IPCB(skb)->flags |= IPSKB_REROUTED; | 89 | IPCB(skb)->flags |= IPSKB_REROUTED; |
90 | return dst_output(skb); | 90 | return dst_output_sk(sk, skb); |
91 | } | 91 | } |
92 | #endif | 92 | #endif |
93 | 93 | ||
94 | return x->outer_mode->afinfo->output_finish(skb); | 94 | return x->outer_mode->afinfo->output_finish(sk, skb); |
95 | } | 95 | } |
96 | 96 | ||
97 | int xfrm4_output(struct sock *sk, struct sk_buff *skb) | 97 | int xfrm4_output(struct sock *sk, struct sk_buff *skb) |
98 | { | 98 | { |
99 | return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, | 99 | return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, sk, skb, |
100 | NULL, skb_dst(skb)->dev, __xfrm4_output, | 100 | NULL, skb_dst(skb)->dev, __xfrm4_output, |
101 | !(IPCB(skb)->flags & IPSKB_REROUTED)); | 101 | !(IPCB(skb)->flags & IPSKB_REROUTED)); |
102 | } | 102 | } |