diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-25 20:30:50 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-11-25 20:30:50 -0500 |
commit | 221df1ed33c9284fc7a6f6e47ca7f8d5f3665d43 (patch) | |
tree | 1961ab9f9061b595e10449a24e7275d91f422de2 /net | |
parent | 0e6024519b4da2d9413b97be1de8122d5709ccc1 (diff) |
netns xfrm: state lookup in netns
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/ah4.c | 2 | ||||
-rw-r--r-- | net/ipv4/esp4.c | 2 | ||||
-rw-r--r-- | net/ipv4/ipcomp.c | 4 | ||||
-rw-r--r-- | net/ipv6/ah6.c | 2 | ||||
-rw-r--r-- | net/ipv6/esp6.c | 2 | ||||
-rw-r--r-- | net/ipv6/ipcomp6.c | 4 | ||||
-rw-r--r-- | net/ipv6/xfrm6_input.c | 2 | ||||
-rw-r--r-- | net/key/af_key.c | 2 | ||||
-rw-r--r-- | net/xfrm/xfrm_input.c | 2 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 34 | ||||
-rw-r--r-- | net/xfrm/xfrm_user.c | 12 |
11 files changed, 36 insertions, 32 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index 992ecd8662e2..750426b0a276 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c | |||
@@ -209,7 +209,7 @@ static void ah4_err(struct sk_buff *skb, u32 info) | |||
209 | icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) | 209 | icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) |
210 | return; | 210 | return; |
211 | 211 | ||
212 | x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET); | 212 | x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET); |
213 | if (!x) | 213 | if (!x) |
214 | return; | 214 | return; |
215 | printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n", | 215 | printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n", |
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c index 95a9c65003f8..35950128aa94 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c | |||
@@ -421,7 +421,7 @@ static void esp4_err(struct sk_buff *skb, u32 info) | |||
421 | icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) | 421 | icmp_hdr(skb)->code != ICMP_FRAG_NEEDED) |
422 | return; | 422 | return; |
423 | 423 | ||
424 | x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET); | 424 | x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET); |
425 | if (!x) | 425 | if (!x) |
426 | return; | 426 | return; |
427 | NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n", | 427 | NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n", |
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index 0a35f1b6f22c..3262ce06294c 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c | |||
@@ -35,7 +35,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info) | |||
35 | return; | 35 | return; |
36 | 36 | ||
37 | spi = htonl(ntohs(ipch->cpi)); | 37 | spi = htonl(ntohs(ipch->cpi)); |
38 | x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, | 38 | x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, |
39 | spi, IPPROTO_COMP, AF_INET); | 39 | spi, IPPROTO_COMP, AF_INET); |
40 | if (!x) | 40 | if (!x) |
41 | return; | 41 | return; |
@@ -85,7 +85,7 @@ static int ipcomp_tunnel_attach(struct xfrm_state *x) | |||
85 | int err = 0; | 85 | int err = 0; |
86 | struct xfrm_state *t; | 86 | struct xfrm_state *t; |
87 | 87 | ||
88 | t = xfrm_state_lookup((xfrm_address_t *)&x->id.daddr.a4, | 88 | t = xfrm_state_lookup(&init_net, (xfrm_address_t *)&x->id.daddr.a4, |
89 | x->props.saddr.a4, IPPROTO_IPIP, AF_INET); | 89 | x->props.saddr.a4, IPPROTO_IPIP, AF_INET); |
90 | if (!t) { | 90 | if (!t) { |
91 | t = ipcomp_tunnel_create(x); | 91 | t = ipcomp_tunnel_create(x); |
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index 13e330d89178..6ae014b86b69 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c | |||
@@ -415,7 +415,7 @@ static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
415 | type != ICMPV6_PKT_TOOBIG) | 415 | type != ICMPV6_PKT_TOOBIG) |
416 | return; | 416 | return; |
417 | 417 | ||
418 | x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET6); | 418 | x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET6); |
419 | if (!x) | 419 | if (!x) |
420 | return; | 420 | return; |
421 | 421 | ||
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c index c02a6308defe..68f2af8c15c0 100644 --- a/net/ipv6/esp6.c +++ b/net/ipv6/esp6.c | |||
@@ -364,7 +364,7 @@ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
364 | type != ICMPV6_PKT_TOOBIG) | 364 | type != ICMPV6_PKT_TOOBIG) |
365 | return; | 365 | return; |
366 | 366 | ||
367 | x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET6); | 367 | x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET6); |
368 | if (!x) | 368 | if (!x) |
369 | return; | 369 | return; |
370 | printk(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%pI6\n", | 370 | printk(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%pI6\n", |
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c index c369638e208a..3a0b3be7ece5 100644 --- a/net/ipv6/ipcomp6.c +++ b/net/ipv6/ipcomp6.c | |||
@@ -63,7 +63,7 @@ static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |||
63 | return; | 63 | return; |
64 | 64 | ||
65 | spi = htonl(ntohs(ipcomph->cpi)); | 65 | spi = htonl(ntohs(ipcomph->cpi)); |
66 | x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi, IPPROTO_COMP, AF_INET6); | 66 | x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, spi, IPPROTO_COMP, AF_INET6); |
67 | if (!x) | 67 | if (!x) |
68 | return; | 68 | return; |
69 | 69 | ||
@@ -114,7 +114,7 @@ static int ipcomp6_tunnel_attach(struct xfrm_state *x) | |||
114 | 114 | ||
115 | spi = xfrm6_tunnel_spi_lookup((xfrm_address_t *)&x->props.saddr); | 115 | spi = xfrm6_tunnel_spi_lookup((xfrm_address_t *)&x->props.saddr); |
116 | if (spi) | 116 | if (spi) |
117 | t = xfrm_state_lookup((xfrm_address_t *)&x->id.daddr, | 117 | t = xfrm_state_lookup(&init_net, (xfrm_address_t *)&x->id.daddr, |
118 | spi, IPPROTO_IPV6, AF_INET6); | 118 | spi, IPPROTO_IPV6, AF_INET6); |
119 | if (!t) { | 119 | if (!t) { |
120 | t = ipcomp6_tunnel_create(x); | 120 | t = ipcomp6_tunnel_create(x); |
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index a71c7ddcb41e..b69766a77743 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c | |||
@@ -100,7 +100,7 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr, | |||
100 | break; | 100 | break; |
101 | } | 101 | } |
102 | 102 | ||
103 | x = xfrm_state_lookup_byaddr(dst, src, proto, AF_INET6); | 103 | x = xfrm_state_lookup_byaddr(&init_net, dst, src, proto, AF_INET6); |
104 | if (!x) | 104 | if (!x) |
105 | continue; | 105 | continue; |
106 | 106 | ||
diff --git a/net/key/af_key.c b/net/key/af_key.c index e5d595a60921..449a5d03e283 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c | |||
@@ -683,7 +683,7 @@ static struct xfrm_state *pfkey_xfrm_state_lookup(struct sadb_msg *hdr, void ** | |||
683 | if (!xaddr) | 683 | if (!xaddr) |
684 | return NULL; | 684 | return NULL; |
685 | 685 | ||
686 | return xfrm_state_lookup(xaddr, sa->sadb_sa_spi, proto, family); | 686 | return xfrm_state_lookup(&init_net, xaddr, sa->sadb_sa_spi, proto, family); |
687 | } | 687 | } |
688 | 688 | ||
689 | #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1))) | 689 | #define PFKEY_ALIGN8(a) (1 + (((a) - 1) | (8 - 1))) |
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 75279402ccf4..c08a93e98a36 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
@@ -151,7 +151,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
151 | goto drop; | 151 | goto drop; |
152 | } | 152 | } |
153 | 153 | ||
154 | x = xfrm_state_lookup(daddr, spi, nexthdr, family); | 154 | x = xfrm_state_lookup(&init_net, daddr, spi, nexthdr, family); |
155 | if (x == NULL) { | 155 | if (x == NULL) { |
156 | XFRM_INC_STATS(LINUX_MIB_XFRMINNOSTATES); | 156 | XFRM_INC_STATS(LINUX_MIB_XFRMINNOSTATES); |
157 | xfrm_audit_state_notfound(skb, family, spi, seq); | 157 | xfrm_audit_state_notfound(skb, family, spi, seq); |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 5f4c5340ba30..afde47498cdc 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -670,13 +670,13 @@ xfrm_init_tempsel(struct xfrm_state *x, struct flowi *fl, | |||
670 | return 0; | 670 | return 0; |
671 | } | 671 | } |
672 | 672 | ||
673 | static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family) | 673 | static struct xfrm_state *__xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, unsigned short family) |
674 | { | 674 | { |
675 | unsigned int h = xfrm_spi_hash(&init_net, daddr, spi, proto, family); | 675 | unsigned int h = xfrm_spi_hash(net, daddr, spi, proto, family); |
676 | struct xfrm_state *x; | 676 | struct xfrm_state *x; |
677 | struct hlist_node *entry; | 677 | struct hlist_node *entry; |
678 | 678 | ||
679 | hlist_for_each_entry(x, entry, init_net.xfrm.state_byspi+h, byspi) { | 679 | hlist_for_each_entry(x, entry, net->xfrm.state_byspi+h, byspi) { |
680 | if (x->props.family != family || | 680 | if (x->props.family != family || |
681 | x->id.spi != spi || | 681 | x->id.spi != spi || |
682 | x->id.proto != proto) | 682 | x->id.proto != proto) |
@@ -702,13 +702,13 @@ static struct xfrm_state *__xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, | |||
702 | return NULL; | 702 | return NULL; |
703 | } | 703 | } |
704 | 704 | ||
705 | static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family) | 705 | static struct xfrm_state *__xfrm_state_lookup_byaddr(struct net *net, xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family) |
706 | { | 706 | { |
707 | unsigned int h = xfrm_src_hash(&init_net, daddr, saddr, family); | 707 | unsigned int h = xfrm_src_hash(net, daddr, saddr, family); |
708 | struct xfrm_state *x; | 708 | struct xfrm_state *x; |
709 | struct hlist_node *entry; | 709 | struct hlist_node *entry; |
710 | 710 | ||
711 | hlist_for_each_entry(x, entry, init_net.xfrm.state_bysrc+h, bysrc) { | 711 | hlist_for_each_entry(x, entry, net->xfrm.state_bysrc+h, bysrc) { |
712 | if (x->props.family != family || | 712 | if (x->props.family != family || |
713 | x->id.proto != proto) | 713 | x->id.proto != proto) |
714 | continue; | 714 | continue; |
@@ -740,11 +740,13 @@ static struct xfrm_state *__xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm | |||
740 | static inline struct xfrm_state * | 740 | static inline struct xfrm_state * |
741 | __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family) | 741 | __xfrm_state_locate(struct xfrm_state *x, int use_spi, int family) |
742 | { | 742 | { |
743 | struct net *net = xs_net(x); | ||
744 | |||
743 | if (use_spi) | 745 | if (use_spi) |
744 | return __xfrm_state_lookup(&x->id.daddr, x->id.spi, | 746 | return __xfrm_state_lookup(net, &x->id.daddr, x->id.spi, |
745 | x->id.proto, family); | 747 | x->id.proto, family); |
746 | else | 748 | else |
747 | return __xfrm_state_lookup_byaddr(&x->id.daddr, | 749 | return __xfrm_state_lookup_byaddr(net, &x->id.daddr, |
748 | &x->props.saddr, | 750 | &x->props.saddr, |
749 | x->id.proto, family); | 751 | x->id.proto, family); |
750 | } | 752 | } |
@@ -818,7 +820,7 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, | |||
818 | x = best; | 820 | x = best; |
819 | if (!x && !error && !acquire_in_progress) { | 821 | if (!x && !error && !acquire_in_progress) { |
820 | if (tmpl->id.spi && | 822 | if (tmpl->id.spi && |
821 | (x0 = __xfrm_state_lookup(daddr, tmpl->id.spi, | 823 | (x0 = __xfrm_state_lookup(&init_net, daddr, tmpl->id.spi, |
822 | tmpl->id.proto, family)) != NULL) { | 824 | tmpl->id.proto, family)) != NULL) { |
823 | to_put = x0; | 825 | to_put = x0; |
824 | error = -EEXIST; | 826 | error = -EEXIST; |
@@ -1361,26 +1363,27 @@ int xfrm_state_check_expire(struct xfrm_state *x) | |||
1361 | EXPORT_SYMBOL(xfrm_state_check_expire); | 1363 | EXPORT_SYMBOL(xfrm_state_check_expire); |
1362 | 1364 | ||
1363 | struct xfrm_state * | 1365 | struct xfrm_state * |
1364 | xfrm_state_lookup(xfrm_address_t *daddr, __be32 spi, u8 proto, | 1366 | xfrm_state_lookup(struct net *net, xfrm_address_t *daddr, __be32 spi, u8 proto, |
1365 | unsigned short family) | 1367 | unsigned short family) |
1366 | { | 1368 | { |
1367 | struct xfrm_state *x; | 1369 | struct xfrm_state *x; |
1368 | 1370 | ||
1369 | spin_lock_bh(&xfrm_state_lock); | 1371 | spin_lock_bh(&xfrm_state_lock); |
1370 | x = __xfrm_state_lookup(daddr, spi, proto, family); | 1372 | x = __xfrm_state_lookup(net, daddr, spi, proto, family); |
1371 | spin_unlock_bh(&xfrm_state_lock); | 1373 | spin_unlock_bh(&xfrm_state_lock); |
1372 | return x; | 1374 | return x; |
1373 | } | 1375 | } |
1374 | EXPORT_SYMBOL(xfrm_state_lookup); | 1376 | EXPORT_SYMBOL(xfrm_state_lookup); |
1375 | 1377 | ||
1376 | struct xfrm_state * | 1378 | struct xfrm_state * |
1377 | xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, | 1379 | xfrm_state_lookup_byaddr(struct net *net, |
1380 | xfrm_address_t *daddr, xfrm_address_t *saddr, | ||
1378 | u8 proto, unsigned short family) | 1381 | u8 proto, unsigned short family) |
1379 | { | 1382 | { |
1380 | struct xfrm_state *x; | 1383 | struct xfrm_state *x; |
1381 | 1384 | ||
1382 | spin_lock_bh(&xfrm_state_lock); | 1385 | spin_lock_bh(&xfrm_state_lock); |
1383 | x = __xfrm_state_lookup_byaddr(daddr, saddr, proto, family); | 1386 | x = __xfrm_state_lookup_byaddr(net, daddr, saddr, proto, family); |
1384 | spin_unlock_bh(&xfrm_state_lock); | 1387 | spin_unlock_bh(&xfrm_state_lock); |
1385 | return x; | 1388 | return x; |
1386 | } | 1389 | } |
@@ -1486,6 +1489,7 @@ EXPORT_SYMBOL(xfrm_get_acqseq); | |||
1486 | 1489 | ||
1487 | int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) | 1490 | int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) |
1488 | { | 1491 | { |
1492 | struct net *net = xs_net(x); | ||
1489 | unsigned int h; | 1493 | unsigned int h; |
1490 | struct xfrm_state *x0; | 1494 | struct xfrm_state *x0; |
1491 | int err = -ENOENT; | 1495 | int err = -ENOENT; |
@@ -1503,7 +1507,7 @@ int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) | |||
1503 | err = -ENOENT; | 1507 | err = -ENOENT; |
1504 | 1508 | ||
1505 | if (minspi == maxspi) { | 1509 | if (minspi == maxspi) { |
1506 | x0 = xfrm_state_lookup(&x->id.daddr, minspi, x->id.proto, x->props.family); | 1510 | x0 = xfrm_state_lookup(net, &x->id.daddr, minspi, x->id.proto, x->props.family); |
1507 | if (x0) { | 1511 | if (x0) { |
1508 | xfrm_state_put(x0); | 1512 | xfrm_state_put(x0); |
1509 | goto unlock; | 1513 | goto unlock; |
@@ -1513,7 +1517,7 @@ int xfrm_alloc_spi(struct xfrm_state *x, u32 low, u32 high) | |||
1513 | u32 spi = 0; | 1517 | u32 spi = 0; |
1514 | for (h=0; h<high-low+1; h++) { | 1518 | for (h=0; h<high-low+1; h++) { |
1515 | spi = low + net_random()%(high-low+1); | 1519 | spi = low + net_random()%(high-low+1); |
1516 | x0 = xfrm_state_lookup(&x->id.daddr, htonl(spi), x->id.proto, x->props.family); | 1520 | x0 = xfrm_state_lookup(net, &x->id.daddr, htonl(spi), x->id.proto, x->props.family); |
1517 | if (x0 == NULL) { | 1521 | if (x0 == NULL) { |
1518 | x->id.spi = htonl(spi); | 1522 | x->id.spi = htonl(spi); |
1519 | break; | 1523 | break; |
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 49a7e897ba96..e02ef3361190 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -440,7 +440,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, | |||
440 | 440 | ||
441 | if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { | 441 | if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { |
442 | err = -ESRCH; | 442 | err = -ESRCH; |
443 | x = xfrm_state_lookup(&p->daddr, p->spi, p->proto, p->family); | 443 | x = xfrm_state_lookup(&init_net, &p->daddr, p->spi, p->proto, p->family); |
444 | } else { | 444 | } else { |
445 | xfrm_address_t *saddr = NULL; | 445 | xfrm_address_t *saddr = NULL; |
446 | 446 | ||
@@ -451,8 +451,8 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, | |||
451 | } | 451 | } |
452 | 452 | ||
453 | err = -ESRCH; | 453 | err = -ESRCH; |
454 | x = xfrm_state_lookup_byaddr(&p->daddr, saddr, p->proto, | 454 | x = xfrm_state_lookup_byaddr(&init_net, &p->daddr, saddr, |
455 | p->family); | 455 | p->proto, p->family); |
456 | } | 456 | } |
457 | 457 | ||
458 | out: | 458 | out: |
@@ -1468,7 +1468,7 @@ static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1468 | if (r_skb == NULL) | 1468 | if (r_skb == NULL) |
1469 | return -ENOMEM; | 1469 | return -ENOMEM; |
1470 | 1470 | ||
1471 | x = xfrm_state_lookup(&id->daddr, id->spi, id->proto, id->family); | 1471 | x = xfrm_state_lookup(&init_net, &id->daddr, id->spi, id->proto, id->family); |
1472 | if (x == NULL) { | 1472 | if (x == NULL) { |
1473 | kfree_skb(r_skb); | 1473 | kfree_skb(r_skb); |
1474 | return -ESRCH; | 1474 | return -ESRCH; |
@@ -1509,7 +1509,7 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1509 | if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) | 1509 | if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) |
1510 | return err; | 1510 | return err; |
1511 | 1511 | ||
1512 | x = xfrm_state_lookup(&p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); | 1512 | x = xfrm_state_lookup(&init_net, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); |
1513 | if (x == NULL) | 1513 | if (x == NULL) |
1514 | return -ESRCH; | 1514 | return -ESRCH; |
1515 | 1515 | ||
@@ -1628,7 +1628,7 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1628 | struct xfrm_user_expire *ue = nlmsg_data(nlh); | 1628 | struct xfrm_user_expire *ue = nlmsg_data(nlh); |
1629 | struct xfrm_usersa_info *p = &ue->state; | 1629 | struct xfrm_usersa_info *p = &ue->state; |
1630 | 1630 | ||
1631 | x = xfrm_state_lookup(&p->id.daddr, p->id.spi, p->id.proto, p->family); | 1631 | x = xfrm_state_lookup(&init_net, &p->id.daddr, p->id.spi, p->id.proto, p->family); |
1632 | 1632 | ||
1633 | err = -ENOENT; | 1633 | err = -ENOENT; |
1634 | if (x == NULL) | 1634 | if (x == NULL) |