diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:02 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:02 -0400 |
commit | e10aad9998e463df8e25ec749538faf3324dd31b (patch) | |
tree | 713fc7842695820ff55d74bc34abc72141359231 /net/ipv6 | |
parent | 7dd1b8dad84c9561fe8949ed5db4de15aee877eb (diff) |
netfilter: netns: ip6t_REJECT in netns for real
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6t_REJECT.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c index 672ad9ff3e27..f1a9fce1ec95 100644 --- a/net/ipv6/netfilter/ip6t_REJECT.c +++ b/net/ipv6/netfilter/ip6t_REJECT.c | |||
@@ -35,7 +35,7 @@ MODULE_DESCRIPTION("Xtables: packet \"rejection\" target for IPv6"); | |||
35 | MODULE_LICENSE("GPL"); | 35 | MODULE_LICENSE("GPL"); |
36 | 36 | ||
37 | /* Send RST reply */ | 37 | /* Send RST reply */ |
38 | static void send_reset(struct sk_buff *oldskb) | 38 | static void send_reset(struct net *net, struct sk_buff *oldskb) |
39 | { | 39 | { |
40 | struct sk_buff *nskb; | 40 | struct sk_buff *nskb; |
41 | struct tcphdr otcph, *tcph; | 41 | struct tcphdr otcph, *tcph; |
@@ -94,7 +94,7 @@ static void send_reset(struct sk_buff *oldskb) | |||
94 | fl.fl_ip_sport = otcph.dest; | 94 | fl.fl_ip_sport = otcph.dest; |
95 | fl.fl_ip_dport = otcph.source; | 95 | fl.fl_ip_dport = otcph.source; |
96 | security_skb_classify_flow(oldskb, &fl); | 96 | security_skb_classify_flow(oldskb, &fl); |
97 | dst = ip6_route_output(&init_net, NULL, &fl); | 97 | dst = ip6_route_output(net, NULL, &fl); |
98 | if (dst == NULL) | 98 | if (dst == NULL) |
99 | return; | 99 | return; |
100 | if (dst->error || xfrm_lookup(&dst, &fl, NULL, 0)) | 100 | if (dst->error || xfrm_lookup(&dst, &fl, NULL, 0)) |
@@ -163,10 +163,11 @@ static void send_reset(struct sk_buff *oldskb) | |||
163 | } | 163 | } |
164 | 164 | ||
165 | static inline void | 165 | static inline void |
166 | send_unreach(struct sk_buff *skb_in, unsigned char code, unsigned int hooknum) | 166 | send_unreach(struct net *net, struct sk_buff *skb_in, unsigned char code, |
167 | unsigned int hooknum) | ||
167 | { | 168 | { |
168 | if (hooknum == NF_INET_LOCAL_OUT && skb_in->dev == NULL) | 169 | if (hooknum == NF_INET_LOCAL_OUT && skb_in->dev == NULL) |
169 | skb_in->dev = init_net.loopback_dev; | 170 | skb_in->dev = net->loopback_dev; |
170 | 171 | ||
171 | icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); | 172 | icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0, NULL); |
172 | } | 173 | } |
@@ -177,6 +178,7 @@ reject_tg6(struct sk_buff *skb, const struct net_device *in, | |||
177 | const struct xt_target *target, const void *targinfo) | 178 | const struct xt_target *target, const void *targinfo) |
178 | { | 179 | { |
179 | const struct ip6t_reject_info *reject = targinfo; | 180 | const struct ip6t_reject_info *reject = targinfo; |
181 | struct net *net = dev_net(in ? in : out); | ||
180 | 182 | ||
181 | pr_debug("%s: medium point\n", __func__); | 183 | pr_debug("%s: medium point\n", __func__); |
182 | /* WARNING: This code causes reentry within ip6tables. | 184 | /* WARNING: This code causes reentry within ip6tables. |
@@ -184,25 +186,25 @@ reject_tg6(struct sk_buff *skb, const struct net_device *in, | |||
184 | must return an absolute verdict. --RR */ | 186 | must return an absolute verdict. --RR */ |
185 | switch (reject->with) { | 187 | switch (reject->with) { |
186 | case IP6T_ICMP6_NO_ROUTE: | 188 | case IP6T_ICMP6_NO_ROUTE: |
187 | send_unreach(skb, ICMPV6_NOROUTE, hooknum); | 189 | send_unreach(net, skb, ICMPV6_NOROUTE, hooknum); |
188 | break; | 190 | break; |
189 | case IP6T_ICMP6_ADM_PROHIBITED: | 191 | case IP6T_ICMP6_ADM_PROHIBITED: |
190 | send_unreach(skb, ICMPV6_ADM_PROHIBITED, hooknum); | 192 | send_unreach(net, skb, ICMPV6_ADM_PROHIBITED, hooknum); |
191 | break; | 193 | break; |
192 | case IP6T_ICMP6_NOT_NEIGHBOUR: | 194 | case IP6T_ICMP6_NOT_NEIGHBOUR: |
193 | send_unreach(skb, ICMPV6_NOT_NEIGHBOUR, hooknum); | 195 | send_unreach(net, skb, ICMPV6_NOT_NEIGHBOUR, hooknum); |
194 | break; | 196 | break; |
195 | case IP6T_ICMP6_ADDR_UNREACH: | 197 | case IP6T_ICMP6_ADDR_UNREACH: |
196 | send_unreach(skb, ICMPV6_ADDR_UNREACH, hooknum); | 198 | send_unreach(net, skb, ICMPV6_ADDR_UNREACH, hooknum); |
197 | break; | 199 | break; |
198 | case IP6T_ICMP6_PORT_UNREACH: | 200 | case IP6T_ICMP6_PORT_UNREACH: |
199 | send_unreach(skb, ICMPV6_PORT_UNREACH, hooknum); | 201 | send_unreach(net, skb, ICMPV6_PORT_UNREACH, hooknum); |
200 | break; | 202 | break; |
201 | case IP6T_ICMP6_ECHOREPLY: | 203 | case IP6T_ICMP6_ECHOREPLY: |
202 | /* Do nothing */ | 204 | /* Do nothing */ |
203 | break; | 205 | break; |
204 | case IP6T_TCP_RESET: | 206 | case IP6T_TCP_RESET: |
205 | send_reset(skb); | 207 | send_reset(net, skb); |
206 | break; | 208 | break; |
207 | default: | 209 | default: |
208 | if (net_ratelimit()) | 210 | if (net_ratelimit()) |