diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-25 20:50:08 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-11-25 20:50:08 -0500 |
| commit | fc34acd36eecdec95171b98ef2516e3d4daa5c41 (patch) | |
| tree | 18df71d4d0046aa7aeecf6a8980276827ad1ba14 /net/xfrm/xfrm_user.c | |
| parent | a6483b790f8efcd8db190c1c0ff93f9d9efe919a (diff) | |
netns xfrm: xfrm_user module in netns
Grab netns either from netlink socket, state or policy.
SA and SPD flush are in init_net for now, this requires little
attention, see below.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_user.c')
| -rw-r--r-- | net/xfrm/xfrm_user.c | 76 |
1 files changed, 45 insertions, 31 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 8b5b01dfb77a..ab8b138e5e2f 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -316,11 +316,12 @@ static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) | |||
| 316 | x->replay_maxdiff = nla_get_u32(rt); | 316 | x->replay_maxdiff = nla_get_u32(rt); |
| 317 | } | 317 | } |
| 318 | 318 | ||
| 319 | static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, | 319 | static struct xfrm_state *xfrm_state_construct(struct net *net, |
| 320 | struct xfrm_usersa_info *p, | ||
| 320 | struct nlattr **attrs, | 321 | struct nlattr **attrs, |
| 321 | int *errp) | 322 | int *errp) |
| 322 | { | 323 | { |
| 323 | struct xfrm_state *x = xfrm_state_alloc(&init_net); | 324 | struct xfrm_state *x = xfrm_state_alloc(net); |
| 324 | int err = -ENOMEM; | 325 | int err = -ENOMEM; |
| 325 | 326 | ||
| 326 | if (!x) | 327 | if (!x) |
| @@ -391,6 +392,7 @@ error_no_put: | |||
| 391 | static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | 392 | static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 392 | struct nlattr **attrs) | 393 | struct nlattr **attrs) |
| 393 | { | 394 | { |
| 395 | struct net *net = sock_net(skb->sk); | ||
| 394 | struct xfrm_usersa_info *p = nlmsg_data(nlh); | 396 | struct xfrm_usersa_info *p = nlmsg_data(nlh); |
| 395 | struct xfrm_state *x; | 397 | struct xfrm_state *x; |
| 396 | int err; | 398 | int err; |
| @@ -403,7 +405,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 403 | if (err) | 405 | if (err) |
| 404 | return err; | 406 | return err; |
| 405 | 407 | ||
| 406 | x = xfrm_state_construct(p, attrs, &err); | 408 | x = xfrm_state_construct(net, p, attrs, &err); |
| 407 | if (!x) | 409 | if (!x) |
| 408 | return err; | 410 | return err; |
| 409 | 411 | ||
| @@ -431,7 +433,8 @@ out: | |||
| 431 | return err; | 433 | return err; |
| 432 | } | 434 | } |
| 433 | 435 | ||
| 434 | static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, | 436 | static struct xfrm_state *xfrm_user_state_lookup(struct net *net, |
| 437 | struct xfrm_usersa_id *p, | ||
| 435 | struct nlattr **attrs, | 438 | struct nlattr **attrs, |
| 436 | int *errp) | 439 | int *errp) |
| 437 | { | 440 | { |
| @@ -440,7 +443,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, | |||
| 440 | 443 | ||
| 441 | if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { | 444 | if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { |
| 442 | err = -ESRCH; | 445 | err = -ESRCH; |
| 443 | x = xfrm_state_lookup(&init_net, &p->daddr, p->spi, p->proto, p->family); | 446 | x = xfrm_state_lookup(net, &p->daddr, p->spi, p->proto, p->family); |
| 444 | } else { | 447 | } else { |
| 445 | xfrm_address_t *saddr = NULL; | 448 | xfrm_address_t *saddr = NULL; |
| 446 | 449 | ||
| @@ -451,7 +454,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, | |||
| 451 | } | 454 | } |
| 452 | 455 | ||
| 453 | err = -ESRCH; | 456 | err = -ESRCH; |
| 454 | x = xfrm_state_lookup_byaddr(&init_net, &p->daddr, saddr, | 457 | x = xfrm_state_lookup_byaddr(net, &p->daddr, saddr, |
| 455 | p->proto, p->family); | 458 | p->proto, p->family); |
| 456 | } | 459 | } |
| 457 | 460 | ||
| @@ -464,6 +467,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, | |||
| 464 | static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | 467 | static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 465 | struct nlattr **attrs) | 468 | struct nlattr **attrs) |
| 466 | { | 469 | { |
| 470 | struct net *net = sock_net(skb->sk); | ||
| 467 | struct xfrm_state *x; | 471 | struct xfrm_state *x; |
| 468 | int err = -ESRCH; | 472 | int err = -ESRCH; |
| 469 | struct km_event c; | 473 | struct km_event c; |
| @@ -472,7 +476,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 472 | u32 sessionid = NETLINK_CB(skb).sessionid; | 476 | u32 sessionid = NETLINK_CB(skb).sessionid; |
| 473 | u32 sid = NETLINK_CB(skb).sid; | 477 | u32 sid = NETLINK_CB(skb).sid; |
| 474 | 478 | ||
| 475 | x = xfrm_user_state_lookup(p, attrs, &err); | 479 | x = xfrm_user_state_lookup(net, p, attrs, &err); |
| 476 | if (x == NULL) | 480 | if (x == NULL) |
| 477 | return err; | 481 | return err; |
| 478 | 482 | ||
| @@ -615,6 +619,7 @@ static int xfrm_dump_sa_done(struct netlink_callback *cb) | |||
| 615 | 619 | ||
| 616 | static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) | 620 | static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) |
| 617 | { | 621 | { |
| 622 | struct net *net = sock_net(skb->sk); | ||
| 618 | struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; | 623 | struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; |
| 619 | struct xfrm_dump_info info; | 624 | struct xfrm_dump_info info; |
| 620 | 625 | ||
| @@ -631,7 +636,7 @@ static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) | |||
| 631 | xfrm_state_walk_init(walk, 0); | 636 | xfrm_state_walk_init(walk, 0); |
| 632 | } | 637 | } |
| 633 | 638 | ||
| 634 | (void) xfrm_state_walk(&init_net, walk, dump_one_state, &info); | 639 | (void) xfrm_state_walk(net, walk, dump_one_state, &info); |
| 635 | 640 | ||
| 636 | return skb->len; | 641 | return skb->len; |
| 637 | } | 642 | } |
| @@ -776,13 +781,13 @@ static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 776 | static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | 781 | static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 777 | struct nlattr **attrs) | 782 | struct nlattr **attrs) |
| 778 | { | 783 | { |
| 779 | struct net *net = &init_net; | 784 | struct net *net = sock_net(skb->sk); |
| 780 | struct xfrm_usersa_id *p = nlmsg_data(nlh); | 785 | struct xfrm_usersa_id *p = nlmsg_data(nlh); |
| 781 | struct xfrm_state *x; | 786 | struct xfrm_state *x; |
| 782 | struct sk_buff *resp_skb; | 787 | struct sk_buff *resp_skb; |
| 783 | int err = -ESRCH; | 788 | int err = -ESRCH; |
| 784 | 789 | ||
| 785 | x = xfrm_user_state_lookup(p, attrs, &err); | 790 | x = xfrm_user_state_lookup(net, p, attrs, &err); |
| 786 | if (x == NULL) | 791 | if (x == NULL) |
| 787 | goto out_noput; | 792 | goto out_noput; |
| 788 | 793 | ||
| @@ -823,7 +828,7 @@ static int verify_userspi_info(struct xfrm_userspi_info *p) | |||
| 823 | static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, | 828 | static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 824 | struct nlattr **attrs) | 829 | struct nlattr **attrs) |
| 825 | { | 830 | { |
| 826 | struct net *net = &init_net; | 831 | struct net *net = sock_net(skb->sk); |
| 827 | struct xfrm_state *x; | 832 | struct xfrm_state *x; |
| 828 | struct xfrm_userspi_info *p; | 833 | struct xfrm_userspi_info *p; |
| 829 | struct sk_buff *resp_skb; | 834 | struct sk_buff *resp_skb; |
| @@ -1082,9 +1087,9 @@ static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_i | |||
| 1082 | p->share = XFRM_SHARE_ANY; /* XXX xp->share */ | 1087 | p->share = XFRM_SHARE_ANY; /* XXX xp->share */ |
| 1083 | } | 1088 | } |
| 1084 | 1089 | ||
| 1085 | static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) | 1090 | static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) |
| 1086 | { | 1091 | { |
| 1087 | struct xfrm_policy *xp = xfrm_policy_alloc(&init_net, GFP_KERNEL); | 1092 | struct xfrm_policy *xp = xfrm_policy_alloc(net, GFP_KERNEL); |
| 1088 | int err; | 1093 | int err; |
| 1089 | 1094 | ||
| 1090 | if (!xp) { | 1095 | if (!xp) { |
| @@ -1114,6 +1119,7 @@ static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, | |||
| 1114 | static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | 1119 | static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 1115 | struct nlattr **attrs) | 1120 | struct nlattr **attrs) |
| 1116 | { | 1121 | { |
| 1122 | struct net *net = sock_net(skb->sk); | ||
| 1117 | struct xfrm_userpolicy_info *p = nlmsg_data(nlh); | 1123 | struct xfrm_userpolicy_info *p = nlmsg_data(nlh); |
| 1118 | struct xfrm_policy *xp; | 1124 | struct xfrm_policy *xp; |
| 1119 | struct km_event c; | 1125 | struct km_event c; |
| @@ -1130,7 +1136,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1130 | if (err) | 1136 | if (err) |
| 1131 | return err; | 1137 | return err; |
| 1132 | 1138 | ||
| 1133 | xp = xfrm_policy_construct(p, attrs, &err); | 1139 | xp = xfrm_policy_construct(net, p, attrs, &err); |
| 1134 | if (!xp) | 1140 | if (!xp) |
| 1135 | return err; | 1141 | return err; |
| 1136 | 1142 | ||
| @@ -1267,6 +1273,7 @@ static int xfrm_dump_policy_done(struct netlink_callback *cb) | |||
| 1267 | 1273 | ||
| 1268 | static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) | 1274 | static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) |
| 1269 | { | 1275 | { |
| 1276 | struct net *net = sock_net(skb->sk); | ||
| 1270 | struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; | 1277 | struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; |
| 1271 | struct xfrm_dump_info info; | 1278 | struct xfrm_dump_info info; |
| 1272 | 1279 | ||
| @@ -1283,7 +1290,7 @@ static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) | |||
| 1283 | xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); | 1290 | xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); |
| 1284 | } | 1291 | } |
| 1285 | 1292 | ||
| 1286 | (void) xfrm_policy_walk(&init_net, walk, dump_one_policy, &info); | 1293 | (void) xfrm_policy_walk(net, walk, dump_one_policy, &info); |
| 1287 | 1294 | ||
| 1288 | return skb->len; | 1295 | return skb->len; |
| 1289 | } | 1296 | } |
| @@ -1315,7 +1322,7 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, | |||
| 1315 | static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | 1322 | static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 1316 | struct nlattr **attrs) | 1323 | struct nlattr **attrs) |
| 1317 | { | 1324 | { |
| 1318 | struct net *net = &init_net; | 1325 | struct net *net = sock_net(skb->sk); |
| 1319 | struct xfrm_policy *xp; | 1326 | struct xfrm_policy *xp; |
| 1320 | struct xfrm_userpolicy_id *p; | 1327 | struct xfrm_userpolicy_id *p; |
| 1321 | u8 type = XFRM_POLICY_TYPE_MAIN; | 1328 | u8 type = XFRM_POLICY_TYPE_MAIN; |
| @@ -1395,6 +1402,7 @@ out: | |||
| 1395 | static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | 1402 | static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 1396 | struct nlattr **attrs) | 1403 | struct nlattr **attrs) |
| 1397 | { | 1404 | { |
| 1405 | struct net *net = sock_net(skb->sk); | ||
| 1398 | struct km_event c; | 1406 | struct km_event c; |
| 1399 | struct xfrm_usersa_flush *p = nlmsg_data(nlh); | 1407 | struct xfrm_usersa_flush *p = nlmsg_data(nlh); |
| 1400 | struct xfrm_audit audit_info; | 1408 | struct xfrm_audit audit_info; |
| @@ -1403,7 +1411,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1403 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1411 | audit_info.loginuid = NETLINK_CB(skb).loginuid; |
| 1404 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | 1412 | audit_info.sessionid = NETLINK_CB(skb).sessionid; |
| 1405 | audit_info.secid = NETLINK_CB(skb).sid; | 1413 | audit_info.secid = NETLINK_CB(skb).sid; |
| 1406 | err = xfrm_state_flush(&init_net, p->proto, &audit_info); | 1414 | err = xfrm_state_flush(net, p->proto, &audit_info); |
| 1407 | if (err) | 1415 | if (err) |
| 1408 | return err; | 1416 | return err; |
| 1409 | c.data.proto = p->proto; | 1417 | c.data.proto = p->proto; |
| @@ -1462,7 +1470,7 @@ nla_put_failure: | |||
| 1462 | static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | 1470 | static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 1463 | struct nlattr **attrs) | 1471 | struct nlattr **attrs) |
| 1464 | { | 1472 | { |
| 1465 | struct net *net = &init_net; | 1473 | struct net *net = sock_net(skb->sk); |
| 1466 | struct xfrm_state *x; | 1474 | struct xfrm_state *x; |
| 1467 | struct sk_buff *r_skb; | 1475 | struct sk_buff *r_skb; |
| 1468 | int err; | 1476 | int err; |
| @@ -1501,6 +1509,7 @@ static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1501 | static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | 1509 | static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 1502 | struct nlattr **attrs) | 1510 | struct nlattr **attrs) |
| 1503 | { | 1511 | { |
| 1512 | struct net *net = sock_net(skb->sk); | ||
| 1504 | struct xfrm_state *x; | 1513 | struct xfrm_state *x; |
| 1505 | struct km_event c; | 1514 | struct km_event c; |
| 1506 | int err = - EINVAL; | 1515 | int err = - EINVAL; |
| @@ -1515,7 +1524,7 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1515 | if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) | 1524 | if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) |
| 1516 | return err; | 1525 | return err; |
| 1517 | 1526 | ||
| 1518 | x = xfrm_state_lookup(&init_net, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); | 1527 | x = xfrm_state_lookup(net, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); |
| 1519 | if (x == NULL) | 1528 | if (x == NULL) |
| 1520 | return -ESRCH; | 1529 | return -ESRCH; |
| 1521 | 1530 | ||
| @@ -1540,6 +1549,7 @@ out: | |||
| 1540 | static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | 1549 | static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 1541 | struct nlattr **attrs) | 1550 | struct nlattr **attrs) |
| 1542 | { | 1551 | { |
| 1552 | struct net *net = sock_net(skb->sk); | ||
| 1543 | struct km_event c; | 1553 | struct km_event c; |
| 1544 | u8 type = XFRM_POLICY_TYPE_MAIN; | 1554 | u8 type = XFRM_POLICY_TYPE_MAIN; |
| 1545 | int err; | 1555 | int err; |
| @@ -1552,7 +1562,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1552 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1562 | audit_info.loginuid = NETLINK_CB(skb).loginuid; |
| 1553 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | 1563 | audit_info.sessionid = NETLINK_CB(skb).sessionid; |
| 1554 | audit_info.secid = NETLINK_CB(skb).sid; | 1564 | audit_info.secid = NETLINK_CB(skb).sid; |
| 1555 | err = xfrm_policy_flush(&init_net, type, &audit_info); | 1565 | err = xfrm_policy_flush(net, type, &audit_info); |
| 1556 | if (err) | 1566 | if (err) |
| 1557 | return err; | 1567 | return err; |
| 1558 | c.data.type = type; | 1568 | c.data.type = type; |
| @@ -1566,6 +1576,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1566 | static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | 1576 | static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 1567 | struct nlattr **attrs) | 1577 | struct nlattr **attrs) |
| 1568 | { | 1578 | { |
| 1579 | struct net *net = sock_net(skb->sk); | ||
| 1569 | struct xfrm_policy *xp; | 1580 | struct xfrm_policy *xp; |
| 1570 | struct xfrm_user_polexpire *up = nlmsg_data(nlh); | 1581 | struct xfrm_user_polexpire *up = nlmsg_data(nlh); |
| 1571 | struct xfrm_userpolicy_info *p = &up->pol; | 1582 | struct xfrm_userpolicy_info *p = &up->pol; |
| @@ -1577,7 +1588,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1577 | return err; | 1588 | return err; |
| 1578 | 1589 | ||
| 1579 | if (p->index) | 1590 | if (p->index) |
| 1580 | xp = xfrm_policy_byid(&init_net, type, p->dir, p->index, 0, &err); | 1591 | xp = xfrm_policy_byid(net, type, p->dir, p->index, 0, &err); |
| 1581 | else { | 1592 | else { |
| 1582 | struct nlattr *rt = attrs[XFRMA_SEC_CTX]; | 1593 | struct nlattr *rt = attrs[XFRMA_SEC_CTX]; |
| 1583 | struct xfrm_sec_ctx *ctx; | 1594 | struct xfrm_sec_ctx *ctx; |
| @@ -1594,7 +1605,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1594 | if (err) | 1605 | if (err) |
| 1595 | return err; | 1606 | return err; |
| 1596 | } | 1607 | } |
| 1597 | xp = xfrm_policy_bysel_ctx(&init_net, type, p->dir, &p->sel, ctx, 0, &err); | 1608 | xp = xfrm_policy_bysel_ctx(net, type, p->dir, &p->sel, ctx, 0, &err); |
| 1598 | security_xfrm_policy_free(ctx); | 1609 | security_xfrm_policy_free(ctx); |
| 1599 | } | 1610 | } |
| 1600 | if (xp == NULL) | 1611 | if (xp == NULL) |
| @@ -1629,12 +1640,13 @@ out: | |||
| 1629 | static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | 1640 | static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 1630 | struct nlattr **attrs) | 1641 | struct nlattr **attrs) |
| 1631 | { | 1642 | { |
| 1643 | struct net *net = sock_net(skb->sk); | ||
| 1632 | struct xfrm_state *x; | 1644 | struct xfrm_state *x; |
| 1633 | int err; | 1645 | int err; |
| 1634 | struct xfrm_user_expire *ue = nlmsg_data(nlh); | 1646 | struct xfrm_user_expire *ue = nlmsg_data(nlh); |
| 1635 | struct xfrm_usersa_info *p = &ue->state; | 1647 | struct xfrm_usersa_info *p = &ue->state; |
| 1636 | 1648 | ||
| 1637 | x = xfrm_state_lookup(&init_net, &p->id.daddr, p->id.spi, p->id.proto, p->family); | 1649 | x = xfrm_state_lookup(net, &p->id.daddr, p->id.spi, p->id.proto, p->family); |
| 1638 | 1650 | ||
| 1639 | err = -ENOENT; | 1651 | err = -ENOENT; |
| 1640 | if (x == NULL) | 1652 | if (x == NULL) |
| @@ -1663,13 +1675,14 @@ out: | |||
| 1663 | static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, | 1675 | static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, |
| 1664 | struct nlattr **attrs) | 1676 | struct nlattr **attrs) |
| 1665 | { | 1677 | { |
| 1678 | struct net *net = sock_net(skb->sk); | ||
| 1666 | struct xfrm_policy *xp; | 1679 | struct xfrm_policy *xp; |
| 1667 | struct xfrm_user_tmpl *ut; | 1680 | struct xfrm_user_tmpl *ut; |
| 1668 | int i; | 1681 | int i; |
| 1669 | struct nlattr *rt = attrs[XFRMA_TMPL]; | 1682 | struct nlattr *rt = attrs[XFRMA_TMPL]; |
| 1670 | 1683 | ||
| 1671 | struct xfrm_user_acquire *ua = nlmsg_data(nlh); | 1684 | struct xfrm_user_acquire *ua = nlmsg_data(nlh); |
| 1672 | struct xfrm_state *x = xfrm_state_alloc(&init_net); | 1685 | struct xfrm_state *x = xfrm_state_alloc(net); |
| 1673 | int err = -ENOMEM; | 1686 | int err = -ENOMEM; |
| 1674 | 1687 | ||
| 1675 | if (!x) | 1688 | if (!x) |
| @@ -1683,7 +1696,7 @@ static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
| 1683 | } | 1696 | } |
| 1684 | 1697 | ||
| 1685 | /* build an XP */ | 1698 | /* build an XP */ |
| 1686 | xp = xfrm_policy_construct(&ua->policy, attrs, &err); | 1699 | xp = xfrm_policy_construct(net, &ua->policy, attrs, &err); |
| 1687 | if (!xp) { | 1700 | if (!xp) { |
| 1688 | kfree(x); | 1701 | kfree(x); |
| 1689 | return err; | 1702 | return err; |
| @@ -2041,7 +2054,7 @@ static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_eve | |||
| 2041 | 2054 | ||
| 2042 | static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) | 2055 | static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) |
| 2043 | { | 2056 | { |
| 2044 | struct net *net = &init_net; | 2057 | struct net *net = xs_net(x); |
| 2045 | struct sk_buff *skb; | 2058 | struct sk_buff *skb; |
| 2046 | 2059 | ||
| 2047 | skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); | 2060 | skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); |
| @@ -2056,7 +2069,7 @@ static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) | |||
| 2056 | 2069 | ||
| 2057 | static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) | 2070 | static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) |
| 2058 | { | 2071 | { |
| 2059 | struct net *net = &init_net; | 2072 | struct net *net = xs_net(x); |
| 2060 | struct sk_buff *skb; | 2073 | struct sk_buff *skb; |
| 2061 | 2074 | ||
| 2062 | skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); | 2075 | skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); |
| @@ -2122,7 +2135,7 @@ static inline size_t xfrm_sa_len(struct xfrm_state *x) | |||
| 2122 | 2135 | ||
| 2123 | static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) | 2136 | static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) |
| 2124 | { | 2137 | { |
| 2125 | struct net *net = &init_net; | 2138 | struct net *net = xs_net(x); |
| 2126 | struct xfrm_usersa_info *p; | 2139 | struct xfrm_usersa_info *p; |
| 2127 | struct xfrm_usersa_id *id; | 2140 | struct xfrm_usersa_id *id; |
| 2128 | struct nlmsghdr *nlh; | 2141 | struct nlmsghdr *nlh; |
| @@ -2266,6 +2279,7 @@ static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, | |||
| 2266 | static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, | 2279 | static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, |
| 2267 | u8 *data, int len, int *dir) | 2280 | u8 *data, int len, int *dir) |
| 2268 | { | 2281 | { |
| 2282 | struct net *net = sock_net(sk); | ||
| 2269 | struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; | 2283 | struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; |
| 2270 | struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); | 2284 | struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); |
| 2271 | struct xfrm_policy *xp; | 2285 | struct xfrm_policy *xp; |
| @@ -2304,7 +2318,7 @@ static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, | |||
| 2304 | if (p->dir > XFRM_POLICY_OUT) | 2318 | if (p->dir > XFRM_POLICY_OUT) |
| 2305 | return NULL; | 2319 | return NULL; |
| 2306 | 2320 | ||
| 2307 | xp = xfrm_policy_alloc(&init_net, GFP_KERNEL); | 2321 | xp = xfrm_policy_alloc(net, GFP_KERNEL); |
| 2308 | if (xp == NULL) { | 2322 | if (xp == NULL) { |
| 2309 | *dir = -ENOBUFS; | 2323 | *dir = -ENOBUFS; |
| 2310 | return NULL; | 2324 | return NULL; |
| @@ -2357,7 +2371,7 @@ nlmsg_failure: | |||
| 2357 | 2371 | ||
| 2358 | static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) | 2372 | static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) |
| 2359 | { | 2373 | { |
| 2360 | struct net *net = &init_net; | 2374 | struct net *net = xp_net(xp); |
| 2361 | struct sk_buff *skb; | 2375 | struct sk_buff *skb; |
| 2362 | 2376 | ||
| 2363 | skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); | 2377 | skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); |
| @@ -2372,7 +2386,7 @@ static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_eve | |||
| 2372 | 2386 | ||
| 2373 | static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) | 2387 | static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) |
| 2374 | { | 2388 | { |
| 2375 | struct net *net = &init_net; | 2389 | struct net *net = xp_net(xp); |
| 2376 | struct xfrm_userpolicy_info *p; | 2390 | struct xfrm_userpolicy_info *p; |
| 2377 | struct xfrm_userpolicy_id *id; | 2391 | struct xfrm_userpolicy_id *id; |
| 2378 | struct nlmsghdr *nlh; | 2392 | struct nlmsghdr *nlh; |