diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-25 20:35:18 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-11-25 20:35:18 -0500 |
| commit | 52479b623d3d41df84c499325b6a8c7915413032 (patch) | |
| tree | 196f303f296b53dc89a05954d9c03226a9b4158b /net/xfrm/xfrm_policy.c | |
| parent | cdcbca7c1f1946758cfacb69bc1c7eeaccb11e2d (diff) | |
netns xfrm: lookup in netns
Pass netns to xfrm_lookup()/__xfrm_lookup(). For that pass netns
to flow_cache_lookup() and resolver callback.
Take it from socket or netdevice. Stub DECnet to init_net.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 38 |
1 files changed, 20 insertions, 18 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 6165218fd7c2..7c88a25c7af5 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -940,7 +940,8 @@ static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl, | |||
| 940 | return ret; | 940 | return ret; |
| 941 | } | 941 | } |
| 942 | 942 | ||
| 943 | static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, | 943 | static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type, |
| 944 | struct flowi *fl, | ||
| 944 | u16 family, u8 dir) | 945 | u16 family, u8 dir) |
| 945 | { | 946 | { |
| 946 | int err; | 947 | int err; |
| @@ -956,7 +957,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, | |||
| 956 | return NULL; | 957 | return NULL; |
| 957 | 958 | ||
| 958 | read_lock_bh(&xfrm_policy_lock); | 959 | read_lock_bh(&xfrm_policy_lock); |
| 959 | chain = policy_hash_direct(&init_net, daddr, saddr, family, dir); | 960 | chain = policy_hash_direct(net, daddr, saddr, family, dir); |
| 960 | ret = NULL; | 961 | ret = NULL; |
| 961 | hlist_for_each_entry(pol, entry, chain, bydst) { | 962 | hlist_for_each_entry(pol, entry, chain, bydst) { |
| 962 | err = xfrm_policy_match(pol, fl, type, family, dir); | 963 | err = xfrm_policy_match(pol, fl, type, family, dir); |
| @@ -973,7 +974,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, | |||
| 973 | break; | 974 | break; |
| 974 | } | 975 | } |
| 975 | } | 976 | } |
| 976 | chain = &init_net.xfrm.policy_inexact[dir]; | 977 | chain = &net->xfrm.policy_inexact[dir]; |
| 977 | hlist_for_each_entry(pol, entry, chain, bydst) { | 978 | hlist_for_each_entry(pol, entry, chain, bydst) { |
| 978 | err = xfrm_policy_match(pol, fl, type, family, dir); | 979 | err = xfrm_policy_match(pol, fl, type, family, dir); |
| 979 | if (err) { | 980 | if (err) { |
| @@ -996,14 +997,14 @@ fail: | |||
| 996 | return ret; | 997 | return ret; |
| 997 | } | 998 | } |
| 998 | 999 | ||
| 999 | static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, | 1000 | static int xfrm_policy_lookup(struct net *net, struct flowi *fl, u16 family, |
| 1000 | void **objp, atomic_t **obj_refp) | 1001 | u8 dir, void **objp, atomic_t **obj_refp) |
| 1001 | { | 1002 | { |
| 1002 | struct xfrm_policy *pol; | 1003 | struct xfrm_policy *pol; |
| 1003 | int err = 0; | 1004 | int err = 0; |
| 1004 | 1005 | ||
| 1005 | #ifdef CONFIG_XFRM_SUB_POLICY | 1006 | #ifdef CONFIG_XFRM_SUB_POLICY |
| 1006 | pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir); | 1007 | pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family, dir); |
| 1007 | if (IS_ERR(pol)) { | 1008 | if (IS_ERR(pol)) { |
| 1008 | err = PTR_ERR(pol); | 1009 | err = PTR_ERR(pol); |
| 1009 | pol = NULL; | 1010 | pol = NULL; |
| @@ -1011,7 +1012,7 @@ static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, | |||
| 1011 | if (pol || err) | 1012 | if (pol || err) |
| 1012 | goto end; | 1013 | goto end; |
| 1013 | #endif | 1014 | #endif |
| 1014 | pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir); | 1015 | pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family, dir); |
| 1015 | if (IS_ERR(pol)) { | 1016 | if (IS_ERR(pol)) { |
| 1016 | err = PTR_ERR(pol); | 1017 | err = PTR_ERR(pol); |
| 1017 | pol = NULL; | 1018 | pol = NULL; |
| @@ -1537,7 +1538,7 @@ static int stale_bundle(struct dst_entry *dst); | |||
| 1537 | * At the moment we eat a raw IP route. Mostly to speed up lookups | 1538 | * At the moment we eat a raw IP route. Mostly to speed up lookups |
| 1538 | * on interfaces with disabled IPsec. | 1539 | * on interfaces with disabled IPsec. |
| 1539 | */ | 1540 | */ |
| 1540 | int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | 1541 | int __xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl, |
| 1541 | struct sock *sk, int flags) | 1542 | struct sock *sk, int flags) |
| 1542 | { | 1543 | { |
| 1543 | struct xfrm_policy *policy; | 1544 | struct xfrm_policy *policy; |
| @@ -1575,10 +1576,10 @@ restart: | |||
| 1575 | if (!policy) { | 1576 | if (!policy) { |
| 1576 | /* To accelerate a bit... */ | 1577 | /* To accelerate a bit... */ |
| 1577 | if ((dst_orig->flags & DST_NOXFRM) || | 1578 | if ((dst_orig->flags & DST_NOXFRM) || |
| 1578 | !init_net.xfrm.policy_count[XFRM_POLICY_OUT]) | 1579 | !net->xfrm.policy_count[XFRM_POLICY_OUT]) |
| 1579 | goto nopol; | 1580 | goto nopol; |
| 1580 | 1581 | ||
| 1581 | policy = flow_cache_lookup(fl, dst_orig->ops->family, | 1582 | policy = flow_cache_lookup(net, fl, dst_orig->ops->family, |
| 1582 | dir, xfrm_policy_lookup); | 1583 | dir, xfrm_policy_lookup); |
| 1583 | err = PTR_ERR(policy); | 1584 | err = PTR_ERR(policy); |
| 1584 | if (IS_ERR(policy)) { | 1585 | if (IS_ERR(policy)) { |
| @@ -1635,7 +1636,8 @@ restart: | |||
| 1635 | 1636 | ||
| 1636 | #ifdef CONFIG_XFRM_SUB_POLICY | 1637 | #ifdef CONFIG_XFRM_SUB_POLICY |
| 1637 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { | 1638 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { |
| 1638 | pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, | 1639 | pols[1] = xfrm_policy_lookup_bytype(net, |
| 1640 | XFRM_POLICY_TYPE_MAIN, | ||
| 1639 | fl, family, | 1641 | fl, family, |
| 1640 | XFRM_POLICY_OUT); | 1642 | XFRM_POLICY_OUT); |
| 1641 | if (pols[1]) { | 1643 | if (pols[1]) { |
| @@ -1683,11 +1685,11 @@ restart: | |||
| 1683 | if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) { | 1685 | if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) { |
| 1684 | DECLARE_WAITQUEUE(wait, current); | 1686 | DECLARE_WAITQUEUE(wait, current); |
| 1685 | 1687 | ||
| 1686 | add_wait_queue(&init_net.xfrm.km_waitq, &wait); | 1688 | add_wait_queue(&net->xfrm.km_waitq, &wait); |
| 1687 | set_current_state(TASK_INTERRUPTIBLE); | 1689 | set_current_state(TASK_INTERRUPTIBLE); |
| 1688 | schedule(); | 1690 | schedule(); |
| 1689 | set_current_state(TASK_RUNNING); | 1691 | set_current_state(TASK_RUNNING); |
| 1690 | remove_wait_queue(&init_net.xfrm.km_waitq, &wait); | 1692 | remove_wait_queue(&net->xfrm.km_waitq, &wait); |
| 1691 | 1693 | ||
| 1692 | nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family); | 1694 | nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family); |
| 1693 | 1695 | ||
| @@ -1781,10 +1783,10 @@ nopol: | |||
| 1781 | } | 1783 | } |
| 1782 | EXPORT_SYMBOL(__xfrm_lookup); | 1784 | EXPORT_SYMBOL(__xfrm_lookup); |
| 1783 | 1785 | ||
| 1784 | int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, | 1786 | int xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl, |
| 1785 | struct sock *sk, int flags) | 1787 | struct sock *sk, int flags) |
| 1786 | { | 1788 | { |
| 1787 | int err = __xfrm_lookup(dst_p, fl, sk, flags); | 1789 | int err = __xfrm_lookup(net, dst_p, fl, sk, flags); |
| 1788 | 1790 | ||
| 1789 | if (err == -EREMOTE) { | 1791 | if (err == -EREMOTE) { |
| 1790 | dst_release(*dst_p); | 1792 | dst_release(*dst_p); |
| @@ -1936,7 +1938,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
| 1936 | } | 1938 | } |
| 1937 | 1939 | ||
| 1938 | if (!pol) | 1940 | if (!pol) |
| 1939 | pol = flow_cache_lookup(&fl, family, fl_dir, | 1941 | pol = flow_cache_lookup(&init_net, &fl, family, fl_dir, |
| 1940 | xfrm_policy_lookup); | 1942 | xfrm_policy_lookup); |
| 1941 | 1943 | ||
| 1942 | if (IS_ERR(pol)) { | 1944 | if (IS_ERR(pol)) { |
| @@ -1959,7 +1961,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, | |||
| 1959 | npols ++; | 1961 | npols ++; |
| 1960 | #ifdef CONFIG_XFRM_SUB_POLICY | 1962 | #ifdef CONFIG_XFRM_SUB_POLICY |
| 1961 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { | 1963 | if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { |
| 1962 | pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, | 1964 | pols[1] = xfrm_policy_lookup_bytype(&init_net, XFRM_POLICY_TYPE_MAIN, |
| 1963 | &fl, family, | 1965 | &fl, family, |
| 1964 | XFRM_POLICY_IN); | 1966 | XFRM_POLICY_IN); |
| 1965 | if (pols[1]) { | 1967 | if (pols[1]) { |
| @@ -2049,7 +2051,7 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family) | |||
| 2049 | return 0; | 2051 | return 0; |
| 2050 | } | 2052 | } |
| 2051 | 2053 | ||
| 2052 | return xfrm_lookup(&skb->dst, &fl, NULL, 0) == 0; | 2054 | return xfrm_lookup(&init_net, &skb->dst, &fl, NULL, 0) == 0; |
| 2053 | } | 2055 | } |
| 2054 | EXPORT_SYMBOL(__xfrm_route_forward); | 2056 | EXPORT_SYMBOL(__xfrm_route_forward); |
| 2055 | 2057 | ||