diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-25 20:35:18 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-11-25 20:35:18 -0500 |
commit | 52479b623d3d41df84c499325b6a8c7915413032 (patch) | |
tree | 196f303f296b53dc89a05954d9c03226a9b4158b /net/xfrm/xfrm_policy.c | |
parent | cdcbca7c1f1946758cfacb69bc1c7eeaccb11e2d (diff) |
netns xfrm: lookup in netns
Pass netns to xfrm_lookup()/__xfrm_lookup(). For that pass netns
to flow_cache_lookup() and resolver callback.
Take it from socket or netdevice. Stub DECnet to init_net.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
-rw-r--r-- | net/xfrm/xfrm_policy.c | 38 |
1 files changed, 20 insertions, 18 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 6165218fd7c2..7c88a25c7af5 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -940,7 +940,8 @@ static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl, | |||
940 | return ret; | 940 | return ret; |
941 | } | 941 | } |
942 | 942 | ||
943 | static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, | 943 | static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type, |
944 | struct flowi *fl, | ||
944 | u16 family, u8 dir) | 945 | u16 family, u8 dir) |
945 | { | 946 | { |
946 | int err; | 947 | int err; |
@@ -956,7 +957,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, | |||
956 | return NULL; | 957 | return NULL; |
957 | 958 | ||
958 | read_lock_bh(&xfrm_policy_lock); | 959 | read_lock_bh(&xfrm_policy_lock); |
959 | chain = policy_hash_direct(&init_net, daddr, saddr, family, dir); | 960 | chain = policy_hash_direct(net, daddr, saddr, family, dir); |
960 | ret = NULL; | 961 | ret = NULL; |
961 | hlist_for_each_entry(pol, entry, chain, bydst) { | 962 | hlist_for_each_entry(pol, entry, chain, bydst) { |
962 | err = xfrm_policy_match(pol, fl, type, family, dir); | 963 | err = xfrm_policy_match(pol, fl, type, family, dir); |
@@ -973,7 +974,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, | |||
973 | break; | 974 | break; |
974 | } | 975 | } |
975 | } | 976 | } |
976 | chain = &init_net.xfrm.policy_inexact[dir]; | 977 | chain = &net->xfrm.policy_inexact[dir]; |
977 | hlist_for_each_entry(pol, entry, chain, bydst) { | 978 | hlist_for_each_entry(pol, entry, chain, bydst) { |
978 | err = xfrm_policy_match(pol, fl, type, family, dir); | 979 | err = xfrm_policy_match(pol, fl, type, family, dir); |
979 | if (err) { | 980 | if (err) { |
@@ -996,14 +997,14 @@ fail: | |||
996 | return ret; | 997 | return ret; |
997 | } | 998 | } |
998 | 999 | ||
999 | static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, | 1000 | static int xfrm_policy_lookup(struct net *net, struct flowi *fl, u16 family, |
1000 | void **objp, atomic_t **obj_refp) | 1001 | u8 dir, void **objp, atomic_t **obj_refp) |
1001 | { | 1002 | { |
1002 | struct xfrm_policy *pol; | 1003 | struct xfrm_policy *pol; |
1003 | int err = 0; | 1004 | int err = 0; |
1004 | 1005 | ||
1005 | #ifdef CONFIG_XFRM_SUB_POLICY | 1006 | #ifdef CONFIG_XFRM_SUB_POLICY |
1006 | pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir); | 1007 | pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family, dir); |
1007 | if (IS_ERR(pol)) { | 1008 | if (IS_ERR(pol)) { |
1008 | err = PTR_ERR(pol); | 1009 | err = PTR_ERR(pol); |
1009 | pol = NULL; | 1010 | pol = NULL; |
@@ -1011,7 +1012,7 @@ static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, | |||
1011 | if (pol || err) | 1012 | if (pol || err) |
1012 | goto end; | 1013 | goto end; |
1013 | #endif | 1014 | #endif |
1014 | pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir); | 1015 | pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family, dir); |
1015 | if (IS_ERR(pol)) { | 1016 | if (IS_ERR(pol)) { |
1016 | err = PTR_ERR(pol); | 1017 | err = PTR_ERR(pol); |
1017 | pol = NULL; | 1018 | pol = NULL; |
@@ -1537,7 +1538,7 @@ static int stale_bundle(struct dst_entry *dst); | |||
1537 | * At the moment we eat a raw IP route. Mostly to speed up lookups | 1538 | * At the moment we eat a raw IP route. Mostly to speed up lookups |
1538 | * on interfaces with disabled IPsec. | 1539 | * on interfaces with disabled IPsec. |
1539 | */ | 1540 | */ |
1540 | int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | 1541 | int __xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl, |
1541 | struct sock *sk, int flags) | 1542 | struct sock *sk, int flags) |
1542 | { | 1543 | { |
1543 | struct xfrm_policy *policy; | 1544 | struct xfrm_policy *policy; |
@@ -1575,10 +1576,10 @@ restart: | |||
1575 | if (!policy) { | 1576 | if (!policy) { |
1576 | /* To accelerate a bit... */ | 1577 | /* To accelerate a bit... */ |
1577 | if ((dst_orig->flags & DST_NOXFRM) || | 1578 | if ((dst_orig->flags & DST_NOXFRM) || |
1578 | !init_net.xfrm.policy_count[XFRM_POLICY_OUT]) | 1579 | !net->xfrm.policy_count[XFRM_POLICY_OUT]) |
1579 | goto nopol; | 1580 | goto nopol; |
1580 | 1581 | ||
1581 | policy = flow_cache_lookup(fl, dst_orig->ops->family, | 1582 | policy = flow_cache_lookup(net, fl, dst_orig->ops->family, |
1582 | dir, xfrm_policy_lookup); | 1583 | dir, xfrm_policy_lookup); |
1583 | err = PTR_ERR(policy); | 1584 | err = PTR_ERR(policy); |
1584 | if (IS_ERR(policy)) { | 1585 | if (IS_ERR(policy)) { |
@@ -1635,7 +1636,8 @@ restart: | |||
1635 | 1636 | ||
1636 | #ifdef CONFIG_XFRM_SUB_POLICY | 1637 | #ifdef CONFIG_XFRM_SUB_POLICY |
1637 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { | 1638 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { |
1638 | pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, | 1639 | pols[1] = xfrm_policy_lookup_bytype(net, |
1640 | XFRM_POLICY_TYPE_MAIN, | ||
1639 | fl, family, | 1641 | fl, family, |
1640 | XFRM_POLICY_OUT); | 1642 | XFRM_POLICY_OUT); |
1641 | if (pols[1]) { | 1643 | if (pols[1]) { |
@@ -1683,11 +1685,11 @@ restart: | |||
1683 | if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) { | 1685 | if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) { |
1684 | DECLARE_WAITQUEUE(wait, current); | 1686 | DECLARE_WAITQUEUE(wait, current); |
1685 | 1687 | ||
1686 | add_wait_queue(&init_net.xfrm.km_waitq, &wait); | 1688 | add_wait_queue(&net->xfrm.km_waitq, &wait); |
1687 | set_current_state(TASK_INTERRUPTIBLE); | 1689 | set_current_state(TASK_INTERRUPTIBLE); |
1688 | schedule(); | 1690 | schedule(); |
1689 | set_current_state(TASK_RUNNING); | 1691 | set_current_state(TASK_RUNNING); |
1690 | remove_wait_queue(&init_net.xfrm.km_waitq, &wait); | 1692 | remove_wait_queue(&net->xfrm.km_waitq, &wait); |
1691 | 1693 | ||
1692 | nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family); | 1694 | nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family); |
1693 | 1695 | ||
@@ -1781,10 +1783,10 @@ nopol: | |||
1781 | } | 1783 | } |
1782 | EXPORT_SYMBOL(__xfrm_lookup); | 1784 | EXPORT_SYMBOL(__xfrm_lookup); |
1783 | 1785 | ||
1784 | int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | 1786 | int xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl, |
1785 | struct sock *sk, int flags) | 1787 | struct sock *sk, int flags) |
1786 | { | 1788 | { |
1787 | int err = __xfrm_lookup(dst_p, fl, sk, flags); | 1789 | int err = __xfrm_lookup(net, dst_p, fl, sk, flags); |
1788 | 1790 | ||
1789 | if (err == -EREMOTE) { | 1791 | if (err == -EREMOTE) { |
1790 | dst_release(*dst_p); | 1792 | dst_release(*dst_p); |
@@ -1936,7 +1938,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
1936 | } | 1938 | } |
1937 | 1939 | ||
1938 | if (!pol) | 1940 | if (!pol) |
1939 | pol = flow_cache_lookup(&fl, family, fl_dir, | 1941 | pol = flow_cache_lookup(&init_net, &fl, family, fl_dir, |
1940 | xfrm_policy_lookup); | 1942 | xfrm_policy_lookup); |
1941 | 1943 | ||
1942 | if (IS_ERR(pol)) { | 1944 | if (IS_ERR(pol)) { |
@@ -1959,7 +1961,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
1959 | npols ++; | 1961 | npols ++; |
1960 | #ifdef CONFIG_XFRM_SUB_POLICY | 1962 | #ifdef CONFIG_XFRM_SUB_POLICY |
1961 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { | 1963 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { |
1962 | pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, | 1964 | pols[1] = xfrm_policy_lookup_bytype(&init_net, XFRM_POLICY_TYPE_MAIN, |
1963 | &fl, family, | 1965 | &fl, family, |
1964 | XFRM_POLICY_IN); | 1966 | XFRM_POLICY_IN); |
1965 | if (pols[1]) { | 1967 | if (pols[1]) { |
@@ -2049,7 +2051,7 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family) | |||
2049 | return 0; | 2051 | return 0; |
2050 | } | 2052 | } |
2051 | 2053 | ||
2052 | return xfrm_lookup(&skb->dst, &fl, NULL, 0) == 0; | 2054 | return xfrm_lookup(&init_net, &skb->dst, &fl, NULL, 0) == 0; |
2053 | } | 2055 | } |
2054 | EXPORT_SYMBOL(__xfrm_route_forward); | 2056 | EXPORT_SYMBOL(__xfrm_route_forward); |
2055 | 2057 | ||