diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:04 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:04 -0400 |
| commit | a702a65fc1376fc1f6757ec2a6960348af3f1876 (patch) | |
| tree | 4d44e147a76b35228a4535c9cc446c1d1bf0dddd /net/ipv6 | |
| parent | 63c9a26264be108b52de087724673f8664570e34 (diff) | |
netfilter: netns nf_conntrack: pass netns pointer to nf_conntrack_in()
It's deducible from skb->dev or skb->dst->dev, but we know netns at
the moment of call, so pass it down and use for finding and creating
conntracks.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 85050c072abd..e91db16611d9 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
| @@ -211,11 +211,10 @@ static unsigned int ipv6_defrag(unsigned int hooknum, | |||
| 211 | return NF_STOLEN; | 211 | return NF_STOLEN; |
| 212 | } | 212 | } |
| 213 | 213 | ||
| 214 | static unsigned int ipv6_conntrack_in(unsigned int hooknum, | 214 | static unsigned int __ipv6_conntrack_in(struct net *net, |
| 215 | struct sk_buff *skb, | 215 | unsigned int hooknum, |
| 216 | const struct net_device *in, | 216 | struct sk_buff *skb, |
| 217 | const struct net_device *out, | 217 | int (*okfn)(struct sk_buff *)) |
| 218 | int (*okfn)(struct sk_buff *)) | ||
| 219 | { | 218 | { |
| 220 | struct sk_buff *reasm = skb->nfct_reasm; | 219 | struct sk_buff *reasm = skb->nfct_reasm; |
| 221 | 220 | ||
| @@ -225,7 +224,7 @@ static unsigned int ipv6_conntrack_in(unsigned int hooknum, | |||
| 225 | if (!reasm->nfct) { | 224 | if (!reasm->nfct) { |
| 226 | unsigned int ret; | 225 | unsigned int ret; |
| 227 | 226 | ||
| 228 | ret = nf_conntrack_in(PF_INET6, hooknum, reasm); | 227 | ret = nf_conntrack_in(net, PF_INET6, hooknum, reasm); |
| 229 | if (ret != NF_ACCEPT) | 228 | if (ret != NF_ACCEPT) |
| 230 | return ret; | 229 | return ret; |
| 231 | } | 230 | } |
| @@ -235,7 +234,16 @@ static unsigned int ipv6_conntrack_in(unsigned int hooknum, | |||
| 235 | return NF_ACCEPT; | 234 | return NF_ACCEPT; |
| 236 | } | 235 | } |
| 237 | 236 | ||
| 238 | return nf_conntrack_in(PF_INET6, hooknum, skb); | 237 | return nf_conntrack_in(net, PF_INET6, hooknum, skb); |
| 238 | } | ||
| 239 | |||
| 240 | static unsigned int ipv6_conntrack_in(unsigned int hooknum, | ||
| 241 | struct sk_buff *skb, | ||
| 242 | const struct net_device *in, | ||
| 243 | const struct net_device *out, | ||
| 244 | int (*okfn)(struct sk_buff *)) | ||
| 245 | { | ||
| 246 | return __ipv6_conntrack_in(dev_net(in), hooknum, skb, okfn); | ||
| 239 | } | 247 | } |
| 240 | 248 | ||
| 241 | static unsigned int ipv6_conntrack_local(unsigned int hooknum, | 249 | static unsigned int ipv6_conntrack_local(unsigned int hooknum, |
| @@ -250,7 +258,7 @@ static unsigned int ipv6_conntrack_local(unsigned int hooknum, | |||
| 250 | printk("ipv6_conntrack_local: packet too short\n"); | 258 | printk("ipv6_conntrack_local: packet too short\n"); |
| 251 | return NF_ACCEPT; | 259 | return NF_ACCEPT; |
| 252 | } | 260 | } |
| 253 | return ipv6_conntrack_in(hooknum, skb, in, out, okfn); | 261 | return __ipv6_conntrack_in(dev_net(out), hooknum, skb, okfn); |
| 254 | } | 262 | } |
| 255 | 263 | ||
| 256 | static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = { | 264 | static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = { |